cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2082
Views
1
Helpful
7
Replies

clear pix acl counters

ozgurg
Level 1
Level 1

does anybody know how to clear pix acl counters?

clear access-list counters does not work for pix.

1 Accepted Solution

Accepted Solutions

kcook
Level 1
Level 1

config t

clear access-list acl-id-here counters

You have to do the command in configuration mode.

View solution in original post

7 Replies 7

jmia
Level 7
Level 7

Hi -

Try this:

clear access-list "access-list name" counters

Hope this helps --

hello,

i have pix 6.2.2 and

clear access-list x counters

does not work.

Hi -

Now that's strange as I actually tried on a Lab pix running IOS 6.2.2 with cmd 'clear access-list 'acl-name' counters

Anyway you could remove the acl's from the pix onto a text-editor, and issue a 'no access-list ' as the first line of your acl on the text-editor and then in config mode paste back onto the pix, do a 'write memory' and do 'clear xlate' and this should clear ALL hit counters for the acl in question.

Best to use 'hyperterminal' to do the above.

Thanks --

Hi -

Sorry forgot to say on my other post - don't forget the access-group cmd, i.e. if you remove the inside acls then remove also the access-group cmd for the inside interface as well.

Thanks --

That advice will kill his traffic.

Also "no access-list " isn't a command.

I think you meant "no access-list ", but anyway putting that at the top of a set of access-list commands with the same id, then pasting it all in, is not a good idea. I've seen the pix lose the next few access-list commands while it processes the "no access-list". Then your access-list is different than you intended.

If you want to replace the ACL, enter the new one then change the access-group command.

Clearing the ACL counters needs to be done in config mode.

kcook
Level 1
Level 1

config t

clear access-list acl-id-here counters

You have to do the command in configuration mode.

Hello,

This is a question to for 'kcook', can you tell me why 'no access-list is not a command? and also, why it will 'kill' as you say?? I'm confused.. you must know something that I don't !! Please feel free to explain...

Thanks - Jay

Review Cisco Networking for a $25 gift card