Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
2
Replies

ACL Hitcount and object-groups

John Blakley
VIP Alumni
VIP Alumni

‎11-30-2011 07:59 AM - edited ‎03-11-2019 02:57 PM

I need to get all base ACLs that have a hit count of 0. The problem is that I have object-groups in my acl that get broken down. The problem is that I need the base rule and not 1500 subrules under that. Is there a way that I can get that from the cli? The ASDM allows for it.

access-list INSIDE line 39 extended permit object-group Testports object-group Test-Object object-group GroupA 0x11324546

  access-list INSIDE line 39 extended permit icmp 192.x.x.x 255.255.0.0 host 6.6.6.6 (hitcnt=0) 0xa61ef158

  access-list INSIDE line 39 extended permit icmp 192.x.x.x 255.255.0.0 host 5.5.5.5 (hitcnt=0) 0xf75794aa

  access-list INSIDE line 39 extended permit icmp 192.x.x.x 255.255.0.0 host 4.4.4.4 (hitcnt=0) 0x73e6b2e7

I need only the first line, and only the first line if any of the subentries have a hitcount of 0. Any ideas?

Thanks!

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-30-2011 08:20 PM

I dont think I understand your problem... what is it that you need to do? Erase entries on the ACL that has object groups? If that is the case, you may need to erase the network/host inside of the Object so the line gets erased.

Mike

Mike
0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Maykol Rojas

‎12-01-2011 05:03 AM

I think what he's wanting to do is get a hitcount from an object-group and not a hit count from the individual network-objects within an object group?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card