09-24-2019 04:35 PM
Hello,
Our company has so many ACL in the edge router. When I run "show access-lists", I found some ACL include the number of the hit count in the end(61234 matches) and some do not. So the ACL does not include the hit count is unused ACL?
Can I delete it?
Thanks,
Solved! Go to Solution.
09-24-2019 05:25 PM
yes correct, they are the redundant rule. better take a backup config. clean up few rules at a time, so any issue you can put them back, ( i know it does not make any sense, but this what happened real world.)
09-24-2019 05:31 PM
Hi @Yiwei ,
Each time a packet matches a line in your ACL, the match counter increases by one.
https://learningnetwork.cisco.com/thread/6505
Eliminating a line from an ACL or even an entire ACL is a topic that must be studied in depth, as it can have negative consequences on your network.
For example, there are ACLs that are used for NAT or for VPN.
I suggest you make a recision of your ACLs to determine the function of each one and thus be able to decide if you can eliminate one.
Regards
09-24-2019 05:25 PM
yes correct, they are the redundant rule. better take a backup config. clean up few rules at a time, so any issue you can put them back, ( i know it does not make any sense, but this what happened real world.)
09-24-2019 05:31 PM
Hi @Yiwei ,
Each time a packet matches a line in your ACL, the match counter increases by one.
https://learningnetwork.cisco.com/thread/6505
Eliminating a line from an ACL or even an entire ACL is a topic that must be studied in depth, as it can have negative consequences on your network.
For example, there are ACLs that are used for NAT or for VPN.
I suggest you make a recision of your ACLs to determine the function of each one and thus be able to decide if you can eliminate one.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide