cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

137
Views
0
Helpful
3
Replies
mickyq
Beginner

clearing access lists

Hi Guys

I want to clear unused acl rules using hit counts to identify what acls are in use. The problem is when I do show access-list any acl using an object group splits into several lines, showing an acl for each member of the group with the same line number. Thats all fine but the hit counts show 0. does that mean the acl is not used or is a feature fault?

thanks

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
johnlloyd_13
Engager

hi,

yes, the ACL is NOT used when hit count is 0.

i believe you can get a hit or increment it if you perform a packet tracer.

View solution in original post

mariano.alfonso
Beginner

Hi Michael,

 

My guess is that you are working on an ASA, if so it's ok that it splits into several lines since it depends on what you have on the object-groups, for instance if it has several subnets then it needs to shows a line for each subnet and if all show 0 then that means no traffic has hit that rule.

 

Best Regards,

View solution in original post

3 REPLIES 3
johnlloyd_13
Engager

hi,

yes, the ACL is NOT used when hit count is 0.

i believe you can get a hit or increment it if you perform a packet tracer.

View solution in original post

mariano.alfonso
Beginner

Hi Michael,

 

My guess is that you are working on an ASA, if so it's ok that it splits into several lines since it depends on what you have on the object-groups, for instance if it has several subnets then it needs to shows a line for each subnet and if all show 0 then that means no traffic has hit that rule.

 

Best Regards,

View solution in original post

mickyq
Beginner

Thanks guys.

Yes it is an ASA. I understand why it splits the acl, just didnt know why there were no hits.

I tried a packet tracer and could see it increment the hits on the acl. 

 

thanks for clearing that up for me.

Content for Community-Ad