https://community.cisco.com/t5/network-security/acl-hits/m-p/2412546#M309710 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is this some ACL on a router or a firewall? </P><P></P><P>Is there a typo in the network/IP in the ACL? Post says 172.18.0.0 and the ACL 172.180.0.0?</P><P></P><P>I would presume that since your first rule specifies <STRONG>"any"</STRONG> as the source address it then matches all the connections from the 172.18.0.0/xx (or 172.180.0.0) subnet and because of this the new rule below it doesnt get any hitcounts. That is if you are lookking for ACL hits towards 10.114.172.10</P><P></P><P>First thing would be to determine if there is a typo in the ACL and after that insert the rule with the correct subnet at the top. Then again the only affect this would have is that you would see the hitcounts from this certain source network while nothing else would change with regards to the ACL behaviour.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 04 Nov 2013 09:08:41 GMT Jouni Forss 2013-11-04T09:08:41Z https://community.cisco.com/t5/network-security/acl-hits/m-p/2412545#M309706 <P>hi i have a question this acl is accessed by only 172.18.0.0 subnet so i created another acl placed at the bottom of this acl.</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; any&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.114.172.10&nbsp;&nbsp; ip&nbsp;&nbsp;&nbsp;&nbsp; permit </P><P></P><P>172.180.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.114.172.10&nbsp;&nbsp; ip&nbsp;&nbsp;&nbsp;&nbsp; permit</P><P></P><P>The above acl is getting hits but the second one is not getting hits. I have enabled both rules. do i need 2 change order or disable the 1st rule please give your suggestions. </P> Tue, 12 Mar 2019 02:59:44 GMT https://community.cisco.com/t5/network-security/acl-hits/m-p/2412545#M309706 nishanthjavvadi1 2019-03-12T02:59:44Z https://community.cisco.com/t5/network-security/acl-hits/m-p/2412546#M309710 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is this some ACL on a router or a firewall? </P><P></P><P>Is there a typo in the network/IP in the ACL? Post says 172.18.0.0 and the ACL 172.180.0.0?</P><P></P><P>I would presume that since your first rule specifies <STRONG>"any"</STRONG> as the source address it then matches all the connections from the 172.18.0.0/xx (or 172.180.0.0) subnet and because of this the new rule below it doesnt get any hitcounts. That is if you are lookking for ACL hits towards 10.114.172.10</P><P></P><P>First thing would be to determine if there is a typo in the ACL and after that insert the rule with the correct subnet at the top. Then again the only affect this would have is that you would see the hitcounts from this certain source network while nothing else would change with regards to the ACL behaviour.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 04 Nov 2013 09:08:41 GMT https://community.cisco.com/t5/network-security/acl-hits/m-p/2412546#M309710 Jouni Forss 2013-11-04T09:08:41Z https://community.cisco.com/t5/network-security/acl-hits/m-p/2412547#M309712 <HTML><HEAD></HEAD><BODY><P>I agree with Jouni.&nbsp; The first entry matches any source destined for the address 10.114.172.10.&nbsp; So technically you would not need the second command.</P><P></P><P>If you want to see matches on the <STRONG>172.180.0.0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 10.114.172.10&nbsp;&nbsp; ip&nbsp;&nbsp;&nbsp;&nbsp; permit</STRONG> statement then that needs to be placed above the first rule.</P></BODY></HTML> Mon, 04 Nov 2013 09:36:32 GMT https://community.cisco.com/t5/network-security/acl-hits/m-p/2412547#M309712 Marius Gunnerud 2013-11-04T09:36:32Z