Elements
The
network above consists of 4 routers and 1 switch representing a LAN segment.
The
192.168.4.0/24 prefix is our concern, which we will make our calculations in
regards to.
Configuration
All of the devices will operate in AS 1 with updates advertised
out of the interfaces operating only
R1#sh run int s0/0
interface Serial0/0
ip address 10.1.13.1
255.255.255.0
R2#sh
run int f0/0
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
speed 100
duplex
full
R1#sh
run | sec router eigrp
router
eigrp 1
network 10.1.12.1 0.0.0.0
network 10.1.13.1 0.0.0.0
no auto-summary
R2#sh
run int f0/0
interface
FastEthernet0/0
ip address 10.1.12.2 255.255.255.0
speed 100
full-duplex
R2#sh
run int f0/1
interface
FastEthernet0/1
ip address 10.1.24.2 255.255.255.0
speed 100
full-duplex
R2#sh
run | sec router eigrp
router
eigrp 1
network 10.1.12.2 0.0.0.0
network 10.1.24.2 0.0.0.0
no auto-summary
R3#sh
run int s0/0
interface
Serial0/0
ip address 10.1.13.3 255.255.255.0
no fair-queue
clock rate 2000000
R3#sh
run int s0/1
interface
Serial0/1
ip address 10.1.34.3 255.255.255.0
clock rate 2000000
R3#sh
run | sec router eigrp
router
eigrp 1
network 10.1.13.3 0.0.0.0
network 10.1.34.3 0.0.0.0
no auto-summary
R4#sh
run int f0/1
!
interface
FastEthernet0/1
ip address 192.168.4.4 255.255.255.0
speed 100
full-duplex
R4#sh
run int s0/0
interface
Serial0/0
ip address 10.1.34.4 255.255.255.0
clock rate 2000000
R4#sh
run | sec router eigrp
router
eigrp 1
network 10.1.24.4 0.0.0.0
network 10.1.34.4 0.0.0.0
network 192.168.4.4 0.0.0.0
no auto-summary
Verification
R1#sh
ip eigrp neighbors
IP-EIGRP
neighbors for process 1
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec)
(ms) Cnt Num
1 10.1.13.3 Se0/0 13 00:03:03 12
200 0 13
0 10.1.12.2 Fa0/0 13 00:04:45 16
200 0 16
R2#sh
ip eigrp neighbors
IP-EIGRP
neighbors for process 1
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
1 10.1.24.4 Fa0/1 10 00:04:00 19
200 0 8
0 10.1.12.1 Fa0/0 10 00:04:55 425
2550 0 15
R3#sh
ip eigrp neighbors
IP-EIGRP
neighbors for process 1
H Address Interface Hold Uptime SRTT
RTO Q Seq
(sec) (ms) Cnt Num
1 10.1.34.4 Se0/1 10 00:02:49 11
200 0 11
0 10.1.13.1 Se0/0 14 00:03:21 12
200 0 16
R4#sh
ip eigrp neighbors
IP-EIGRP
neighbors for process 1
H Address Interface Hold Uptime
SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.1.34.3 Se0/0 11 00:02:57 18
200 0 14
0 10.1.24.2 Fa0/0 13 00:04:17 661 3966 0 17
Now, as our entire neighbor ships are up, let us check the
topology table of R1 to check the 192.168.4.0/24 prefix
R1#sh
ip eigrp topology
IP-EIGRP
Topology Table for AS(1)/ID(10.1.13.1)
Codes:
P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P
10.1.13.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0
P
10.1.12.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/0
P
10.1.24.0/24, 1 successors, FD is 307200
via 10.1.12.2 (307200/281600),
FastEthernet0/0
P
10.1.34.0/24, 1 successors, FD is 2221056
via 10.1.12.2 (2221056/2195456),
FastEthernet0/0
via 10.1.13.3 (2681856/2169856),
Serial0/0
P
192.168.4.0/24, 1 successors, FD is 309760
via 10.1.12.2 (309760/284160), FastEthernet0/0
You can see that the prefix 192.168.4.0/24 has one
entry in the topology table which is due to the fact that the advertised
distance of the feasible successor is greater than the feasible distance of the
successor, to check for the specific route of concern and list all the options:
R1#sh
ip eigrp topology 192.168.4.0 255.255.255.0
IP-EIGRP
(AS 1): Topology entry for 192.168.4.0/24
State is Passive, Query origin flag is 1, 1
Successor(s), FD is 309760
Routing Descriptor Blocks:
10.1.12.2 (FastEthernet0/0),
from 10.1.12.2, Send flag is 0x0
Composite metric is (309760/284160), Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 2100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
10.1.13.3 (Serial0/0),
from 10.1.13.3, Send flag is 0x0
Composite metric is (2684416/2172416), Route is Internal
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 40100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Now,
in the first entry, we are learning the prefix from F0/0 (R2), let us check how
the (FD/AD) output was calculated
As we
did not modify any K values, everything refers to the default, i.e. K1=K3=1
Which
means, we will apply the equation below
So, let us check the BW and Delay values for the links
in the path
R4#sh
int f0/1 | inc BW
MTU 1500 bytes, BW 100000 Kbit, DLY 100
usec,
R2#sh
int f0/1 | inc BW
MTU 1500 bytes, BW 10000 Kbit, DLY 1000
usec,
So:
∑ Delay = 100 + 1000 = 1100 usec
BW = Least BW on the path = 10000 Kbit/s
Metric = (110 + 1000) * 256 = 284160 = AD
Now, let us calculate the FD:
R1#sh
int f0/0 | inc BW
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
∑ Delay = 1100 + 1000 = 2100
Metric = (210 + 1000) * 256 = 309760 = FD
This is the same as (309760/284160)
We will make the same for the other path; which is
through the Serial connections
R3#sh
int s0/1 | inc BW
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
R1#sh
int s0/0 | inc BW
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
AD = (10000000/1544 + (100 + 20000)/10) * 256 = 2172416
FD = (10000000/1544 + (100 + 20000 + 20000)/10) * 256 =
2684416
This is the same as (2684416/2172416)
As can be seen that 2172416 > 309760 and that’s why
the feasible successor is not shown in the topology table when issuing the show
ip eigrp topology command
For the ease of calculations, we will rely only on
delay in our coming metric calculations and for that we have to configure the
eigrp process to depend only on the K3 value
R1(config)#router
eigrp 1
R1(config-router)#metric
weights ?
<0-8>
Type Of Service (Only TOS 0 supported)
R1(config-router)#metric
weights 0 0 0 1 0 0
You will notice that the neighbor ships will go down
due to the fact that the weights are from the parameters that the neighbors
have to agree on
*Mar 1 01:46:47.111: %DUAL-5-NBRCHANGE:
IP-EIGRP(0) 1: Neighbor 10.1.12.2 (FastEthernet0/0) is down: metric changed
*Mar 1 01:46:47.115: %DUAL-5-NBRCHANGE:
IP-EIGRP(0) 1: Neighbor 10.1.13.3 (Serial0/0) is down: metric changed
*Mar 1 01:46:48.843: %DUAL-5-NBRCHANGE: IP-EIGRP(0)
1: Neighbor 10.1.13.3 (Serial0/0) is down: K-value mismatch
*Mar 1 01:46:49.611: %DUAL-5-NBRCHANGE:
IP-EIGRP(0) 1: Neighbor 10.1.12.2 (FastEthernet0/0) is down: K-value mismatch
*Mar 1 01:46:53.351: %DUAL-5-NBRCHANGE:
IP-EIGRP(0) 1: Neighbor 10.1.13.3 (Serial0/0) is down: Interface Goodbye
received
*Mar 1 01:46:53.971: %DUAL-5-NBRCHANGE:
IP-EIGRP(0) 1: Neighbor 10.1.12.2 (FastEthernet0/0) is down: K-value
mismatch
So, applying the commands on all routers in the AS will
restore the relations
Now, let us check the R1’s topology table again
R1#sh
ip eigrp topology
IP-EIGRP
Topology Table for AS(1)/ID(10.1.13.1)
Codes:
P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P
10.1.13.0/24, 1 successors, FD is 512000
via Connected, Serial0/0
P
10.1.12.0/24, 1 successors, FD is 25600
via Connected, FastEthernet0/0
P
10.1.24.0/24, 1 successors, FD is 51200
via 10.1.12.2 (51200/25600),
FastEthernet0/0
P
10.1.34.0/24, 1 successors, FD is 563200
via 10.1.12.2 (563200/537600),
FastEthernet0/0
via 10.1.13.3 (1024000/512000),
Serial0/0
P
192.168.4.0/24, 1 successors, FD is 53760
via 10.1.12.2 (53760/28160),
FastEthernet0/0
R1#sh
ip eigrp topology 192.168.4.0 255.255.255.0
IP-EIGRP
(AS 1): Topology entry for 192.168.4.0/24
State is Passive, Query origin flag is 1, 1
Successor(s), FD is 53760
Routing Descriptor Blocks:
10.1.12.2 (FastEthernet0/0), from
10.1.12.2, Send flag is 0x0
Composite metric is (53760/28160),
Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 2100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
10.1.13.3 (Serial0/0), from 10.1.13.3,
Send flag is 0x0
Composite metric is (1026560/514560),
Route is Internal
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 40100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
AD (Suc) = (1100/10) * 256 = 28160
FD (Suc) = (2100/10) * 256 = 53760
AD (F) = (20100/10) * 256 = 514560
FD (F) = (40100/10) * 256 = 1026560
Again 514560 > 53760 which means the feasible
successor will not be shown in the show ip eigrp topology command output;
so let us try to modify the delay on the serial connection between R3 and R4
If we chose the value to be for example 200 (configured
under the interfaces) , that will make the AD Feasible = FD Successor which
also will be considered not valid condition , so we will choose a value a
little bit smaller , we will configure it to be 190
R3(config)#int
s0/1
R3(config-if)#delay
200
R4(config)#int
s0/0
R4(config-if)#delay
200
R1#sh
ip eigrp topology
IP-EIGRP
Topology Table for AS(1)/ID(10.1.13.1)
Codes:
P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P
10.1.13.0/24, 1 successors, FD is 512000
via Connected, Serial0/0
P
10.1.12.0/24, 1 successors, FD is 25600
via Connected, FastEthernet0/0
P
10.1.24.0/24, 1 successors, FD is 51200
via 10.1.12.2 (51200/25600),
FastEthernet0/0
P
10.1.34.0/24, 1 successors, FD is 102400
via 10.1.12.2 (102400/76800),
FastEthernet0/0
via 10.1.13.3 (563200/51200), Serial0/0
P
192.168.4.0/24, 1 successors, FD is 53760
via 10.1.12.2 (53760/28160),
FastEthernet0/0
R1#sh
ip eigrp topology 192.168.4.0 255.255.255.0
IP-EIGRP
(AS 1): Topology entry for 192.168.4.0/24
State is Passive, Query origin flag is 1, 1
Successor(s), FD is 53760
Routing Descriptor Blocks:
10.1.12.2 (FastEthernet0/0), from 10.1.12.2,
Send flag is 0x0
Composite metric is (53760/28160), Route
is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 2100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
10.1.13.3 (Serial0/0), from 10.1.13.3, Send
flag is 0x0
Composite metric is (565760/53760), Route
is Internal
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 22100 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
R3(config-if)#int
s0/1
R3(config-if)#delay
190
R4(config)#int
s0/0
R4(config-if)#delay
190
R1#sh
ip eigrp topology
IP-EIGRP
Topology Table for AS(1)/ID(10.1.13.1)
Codes:
P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P
10.1.13.0/24, 1 successors, FD is 512000
via Connected, Serial0/0
P
10.1.12.0/24, 1 successors, FD is 25600
via Connected, FastEthernet0/0
P
10.1.24.0/24, 1 successors, FD is 51200
via 10.1.12.2 (51200/25600),
FastEthernet0/0
P
10.1.34.0/24, 1 successors, FD is 99840
via 10.1.12.2 (99840/74240),
FastEthernet0/0
via 10.1.13.3 (560640/48640), Serial0/0
P
192.168.4.0/24, 1 successors, FD is 53760
via 10.1.12.2 (53760/28160),
FastEthernet0/0
via 10.1.13.3 (563200/51200), Serial0/0
Now, the two paths are there, let us check the IP
routing table which is supposed to hold only the best route
R1#sh
ip route eigrp
D 192.168.4.0/24 [90/53760] via 10.1.12.2,
00:00:12, FastEthernet0/0
10.0.0.0/24 is subnetted, 4 subnets
D 10.1.24.0 [90/51200] via 10.1.12.2,
00:00:12, FastEthernet0/0
D 10.1.34.0 [90/99840] via 10.1.12.2,
00:00:12, FastEthernet0/0
Next, we will configure variance to allow for unequal
cost balancing, the value of variance ranges from 1 to 128, but the allowed
paths are 16
The importance of the variance value lies in its effect
to calculations and whether this route will be installed in the routing table
or yes
Let us check this with calculations first assuming
variance of 2
2 * 53760 = 107520
563200 is the FD of the feasible successor
563200 > 107520 so the route will not be installed
in the routing table, let us try
R1(config)#router
eigrp 1
R1(config-router)#variance
2
R1#sh
ip route eigrp | inc 192.168.4.0
D 192.168.4.0/24 [90/53760] via 10.1.12.2,
00:00:20, FastEthernet0/0
So, why do not we choose a higher value for the variance,
let us make it 11
11 * 53760 = 591360
563200 < 591360
R1(config)#router
eigrp 1
R1(config-router)#variance
11
R1#sh
ip route eigrp
D 192.168.4.0/24 [90/563200] via 10.1.13.3,
00:01:29, Serial0/0
[90/53760]
via 10.1.12.2, 00:01:29, FastEthernet0/0
10.0.0.0/24 is subnetted, 4 subnets
D 10.1.24.0 [90/51200] via 10.1.12.2,
00:01:29, FastEthernet0/0
D 10.1.34.0 [90/560640] via 10.1.13.3,
00:01:29, Serial0/0
[90/99840] via 10.1.12.2,
00:01:29, FastEthernet0/0
Now we can see that both are in the routing table and
variance is working now, i.e. unequal cost balancing is functioning
Let us check the routing table for the 192.168.4.0/24
prefix
R1#sh
ip route 192.168.4.0
Routing
entry for 192.168.4.0/24
Known via "eigrp 1", distance 90,
metric 53760, type internal
Redistributing via eigrp 1
Last update from 10.1.13.3 on Serial0/0,
00:03:13 ago
Routing Descriptor Blocks:
10.1.13.3, from 10.1.13.3, 00:03:13 ago,
via Serial0/0
Route metric is 563200, traffic share
count is 23
Total delay is 22000 microseconds,
minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500
bytes
Loading 1/255, Hops 2
* 10.1.12.2, from 10.1.12.2, 00:03:13 ago,
via FastEthernet0/0
Route metric is 53760, traffic share
count is 240
Total delay is 2100 microseconds, minimum
bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500
bytes
Loading 1/255, Hops 2
As we can see from the output above that traffic share
count for both routes are 23, 240 respectively, and the preferred path is still
via F0/0 interface
Ok, now after we have checked that everything is
working, we want to manipulate the traffic count share on the links, we want
the ratio to be 1:5, i.e. for every 6 packets, 1 will cross the first path via
S0/0 interface, and 5 will cross the other link through F0/0 interface, let us
start calculating
We have to achieve the below equation:
FD (Suc) * 5 = (X + 200) * 256
200 is the ∑ Delay (190 + 10) which holds for the AD of
R3 to R1
X is supposed to be the value which will be configured
as the delay under the interfaces: R1 S0/0 and R3 S0/0
X = ((53760 * 5) / 256) – 200 = 850
So that’s the value which will be configured as the
delay under the interfaces
R1(config)#int
s0/0
R1(config-if)#delay
850
R3(config)#int
s0/0
R3(config-if)#delay
850
Checking R1’s routing table for the 192.168.4.0/24
prefix
R1#show
ip route 192.168.4.0
Routing
entry for 192.168.4.0/24
Known via "eigrp 1", distance 90,
metric 53760, type internal
Redistributing via eigrp 1
Last update from 10.1.13.3 on Serial0/0,
00:00:05 ago
Routing Descriptor Blocks:
10.1.13.3, from 10.1.13.3, 00:00:05 ago,
via Serial0/0
Route metric is 268800, traffic
share count is 1
Total delay is 10500 microseconds,
minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500
bytes
Loading 1/255, Hops 2
* 10.1.12.2, from 10.1.12.2, 00:00:05 ago,
via FastEthernet0/0
Route metric is 53760, traffic share
count is 5
Total delay is 2100 microseconds, minimum
bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500
bytes
Loading 1/255, Hops 2
And we got it, but how to make sure of it?
We have to disable distribution CEF and make the traffic
load balanced per packet
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int
f0/0
R1(config-if)#no
ip route-cache
R1(config-if)#ip
load-sharing per-packet
R1(config-if)#int
s0/0
R1(config-if)#no
ip route-cache
R1(config-if)#ip
load-sharing per-packet
Then we will configure access-list on both R2 and R3
and apply it inbound
R2(config)#access-list
100 permit icmp any host 192.168.4.4 log
R2(config)#access-list
100 permit ip any any
R2(config)#int
f0/0
R2(config-if)#ip
access-group 100 in
R3(config)#access-list
100 permit icmp any host 192.168.4.4 log
R3(config)#access-list
100 permit ip any any
R3(config)#int
s0/0
R3(config-if)#ip
access-group 100 in
Note: Do not forget the
second line of the access-list 100, otherwise everything will be denied due to
the explicit deny which will yields to down the eigrp neigborships
Let us now generate ICMP traffic from R1 to 192.168.4.4
interfaces located on R4
R1#ping
192.168.4.4 repeat 600
Type
escape sequence to abort.
Sending
600, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (600/600),
round-trip min/avg/max = 4/7/12 ms
R2#sh
access-lists
Extended
IP access list 100
10 permit icmp any host 192.168.4.4 log (500 matches)
20 permit ip any any (18 matches)
R3#sh
access-lists
Extended
IP access list 100
10 permit icmp any host 192.168.4.4 log (100 matches)
20 permit ip any any (39 matches)
And that’s it; we achieved the desired traffic count
share and checked it as well
Additional Verification
Suppose
that we want the traffic share count to be 5:2
So,
we will have to apply the below equation
FD (Suc) * 5 = (X + 200) * 256 * 2
X = ((53760 * 5)/ (256 * 2)) – 200 = 325
R1(config)#int
s0/0
R1(config-if)#delay
325
R3(config)#interface
Serial0/0
R3(config-if)#delay
325
R3#clear
access-list counters
R1#ping
192.168.4.4 repeat 700
Type
escape sequence to abort.
Sending
700, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success
rate is 100 percent (700/700), round-trip min/avg/max = 4/7/12 ms
R2#sh
access-lists
Extended
IP access list 100
10 permit icmp any host 192.168.4.4 log (500 matches)
20 permit ip any any (21 matches)
R3#sh
access-lists
Extended
IP access list 100
10 permit icmp any host 192.168.4.4 log (200 matches)
20 permit ip any any (21 matches)