Solved: Re: cleaning up ACLs on the ASA firewall

tokis · ‎06-22-2023

how do i display access-list on the ASA firewall with no hitcounts only?

we have thousands of ACL and wanted to do a cleanup.
I cant remember something like show access-list | b/i/e xxxxxx

Rob Ingram · ‎06-23-2023

@tokis use show access-list | include hitcnt=0

ASA# show access-list | inc hitcnt=0
access-list OUTSIDE_IN line 1 extended permit icmp any any unreachable (hitcnt=0) 0xec6c9a23
access-list OUTSIDE_IN line 2 extended permit icmp any any time-exceeded (hitcnt=0) 0x00c3b80d
access-list OUTSIDE_IN line 3 extended permit icmp any any echo-reply (hitcnt=0) 0xc857b49e

View solution in original post

MHM Cisco World · ‎06-22-2023

Show run access-list

This command help you

tokis · ‎06-22-2023

Hi that doesnt show the hitcounts of that ACL

Rob Ingram · ‎06-23-2023

@tokis use show access-list | include hitcnt=0

ASA# show access-list | inc hitcnt=0
access-list OUTSIDE_IN line 1 extended permit icmp any any unreachable (hitcnt=0) 0xec6c9a23
access-list OUTSIDE_IN line 2 extended permit icmp any any time-exceeded (hitcnt=0) 0x00c3b80d
access-list OUTSIDE_IN line 3 extended permit icmp any any echo-reply (hitcnt=0) 0xc857b49e

MHM Cisco World · ‎06-23-2023

either using gerp or using include hitcnt=0 as @Rob Ingram mention
both same result only display the ACL with 0 hitcnt