Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
0
Helpful
2
Replies

Cleanup the unused ACL

Go to solution
Yiwei
Level 1
Level 1

‎09-24-2019 04:35 PM

Hello, 

 

Our company has so many ACL in the edge router.  When I run "show access-lists", I found some ACL include the number of the hit count in the end(61234 matches) and some do not. So the ACL does not include the hit count is unused ACL?

Can I delete it?

 

Thanks,

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2019 05:25 PM

yes correct, they are the redundant rule. better take a backup config. clean up few rules at a time, so any issue you can put them back, ( i know it does not make any sense, but this what happened real world.)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-24-2019 05:31 PM

Hi @Yiwei ,

 

Each time a packet matches a line in your ACL, the match counter increases by one.

https://learningnetwork.cisco.com/thread/6505

 

Eliminating a line from an ACL or even an entire ACL is a topic that must be studied in depth, as it can have negative consequences on your network.

For example, there are ACLs that are used for NAT or for VPN.

I suggest you make a recision of your ACLs to determine the function of each one and thus be able to decide if you can eliminate one.

 

Regards

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2019 05:25 PM

yes correct, they are the redundant rule. better take a backup config. clean up few rules at a time, so any issue you can put them back, ( i know it does not make any sense, but this what happened real world.)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-24-2019 05:31 PM

Hi @Yiwei ,

 

Each time a packet matches a line in your ACL, the match counter increases by one.

https://learningnetwork.cisco.com/thread/6505

 

Eliminating a line from an ACL or even an entire ACL is a topic that must be studied in depth, as it can have negative consequences on your network.

For example, there are ACLs that are used for NAT or for VPN.

I suggest you make a recision of your ACLs to determine the function of each one and thus be able to decide if you can eliminate one.

 

Regards

 

0 Helpful
Customers Also Viewed These Support Documents