06-14-2010 03:14 AM - edited 03-11-2019 10:58 AM
Please help me understand the asterix (*) symbol seen in below rule (highlighted) besides the hitcnt keyword.
access-list server_input_in line 34 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=*)
Hitcnt should show certain numeric no's based on how frequent the rules are used. But i have never seen this rule getting a hitcnt even
though so far there is no issue with this particular access.
It will be difficult to check once a problem arises.
Thanks for valuable inputs!
Solved! Go to Solution.
06-14-2010 10:17 PM
From the access-list you have shown, they look like they are duplicate of each other :
access-list server_input_in line 34 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=*)
access-list server_input_in line 40 extended permit tcp host 192.168.100.1 host 192.168.300.4 range ftp ssh (hitcnt=0) 0x3d141072 [(50)]
access-list server_input_in line 42 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=0) 0x00000000 [Merged to 48: ADJACENT]
Line 34 will be matched first, so that has the * on it.
"hit count=*" has been explained previously.
Optimization should not cause any issue with the service.
You will need to check for logs, and or do packet captures to troubleshoot further any issues with your failing services that uses this flow.
Regards,
06-14-2010 02:39 PM
On the FWSM, the * in the hitcount field implies that the particular ACE is a redundant ACE which got optimized (probably merged into some other ACE ) as part of acl optimization. 'show access-list optimization detail' will tell you to which ACE did the redundant one got merged to. It is expected to see the * in the hitcount field when acl optimization is enabled.
I hope it helps.
PK
06-14-2010 08:34 PM
Thanks a lot for your great help.This was something i never knew of, I found the following for this:
access-list server_input_in line 40 extended permit tcp host 192.168.100.1 host 192.168.300.4 range ftp ssh (hitcnt=0) 0x3d141072 [(50)]
access-list server_input_in line 42 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=0) 0x00000000 [Merged to 48: ADJACENT]
These lines dont show any hits as of now. Does it mean the optimised ones wont show any hits or is it so since there may not be any traffic
at this point.Also does this kind of optimisation cause any issues with services.
I am having problems with accessing these above services and that is when i noticed the * in counts, which prompted to query this.
Appreciate your assistance!
06-14-2010 10:17 PM
From the access-list you have shown, they look like they are duplicate of each other :
access-list server_input_in line 34 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=*)
access-list server_input_in line 40 extended permit tcp host 192.168.100.1 host 192.168.300.4 range ftp ssh (hitcnt=0) 0x3d141072 [(50)]
access-list server_input_in line 42 extended permit tcp host 192.168.100.1 host 192.168.300.4 eq ssh (hitcnt=0) 0x00000000 [Merged to 48: ADJACENT]
Line 34 will be matched first, so that has the * on it.
"hit count=*" has been explained previously.
Optimization should not cause any issue with the service.
You will need to check for logs, and or do packet captures to troubleshoot further any issues with your failing services that uses this flow.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide