I want to clear unused acl rules using hit counts to identify what acls are in use. The problem is when I do show access-list any acl using an object group splits into several lines, showing an acl for each member of the group with the same line number. Thats all fine but the hit counts show 0. does that mean the acl is not used or is a feature fault?
My guess is that you are working on an ASA, if so it's ok that it splits into several lines since it depends on what you have on the object-groups, for instance if it has several subnets then it needs to shows a line for each subnet and if all show 0 then that means no traffic has hit that rule.
My guess is that you are working on an ASA, if so it's ok that it splits into several lines since it depends on what you have on the object-groups, for instance if it has several subnets then it needs to shows a line for each subnet and if all show 0 then that means no traffic has hit that rule.
Yes it is an ASA. I understand why it splits the acl, just didnt know why there were no hits.
I tried a packet tracer and could see it increment the hits on the acl.
thanks for clearing that up for me.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
