I have used object-groups for a long time on the firewalls ASA, wiht in a access-list. On the firewalls the access-list will break down the object-group and show the hit counts per line. Now for a change we went ahead and put a object group on one of our routers, to reduse the size of the acces-list and eaiser coding. but the router does not expanded the access-list out like the firewall. The hit counters only show agaist the single line of the acl not each item in the object-group of a single acl line. Is there a way to expand the access-list to show the many-items in the object-group to see the hit count per item in the object group?
i have using a 3925.
example of one the issues:
20 deny ip object-group obj-block-address any log (1792293 matches)
it is keeping track on a per line track. But since i am using object groups to make the access-list smaller, it is not counting per item in the object. there is roughly about 40 - 50 address in obj-block-address.