Is there a difference (in commands for viewing) with how an ASR router shows the hits on an ACL compred to an ISR such as 3725 or other ISR model?
Have a senario where an ASR is not showing the hits on an ACL, but when labbed up using an ISR model is shows hits on the ACL.
Using the commands "sh ip access-list xxx" and "sh access-list" on both the ASR and ISR to look for hits. The ISR shows hits, but not the ASR.
The reason is ASR router is a hardware switching based platform compared to other routers
like 7200,7300, 3800 etc..which are software switching based platforms.
For hardware switched packets, ACL counters will not report any value. If we need to see the matches or
the actual packet details, you may want to put in a 'log' keyword and force the packets to hit the CPU.
we have to be careful if we have huge subnets permitted or denied in the ACL.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: