Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
1
Replies

CISCO 3850 IOS 16.3.6 ACL counters are not shown

Tahir Piracha
Level 1
Level 1

‎04-16-2018 12:06 AM - edited ‎03-08-2019 02:39 PM

Hi,

I have configured Object based ACLs on my Cisco 3850 switch (IOS 16.3.6). sample of two ACLs are show below. actually match hit counts are not shown in any ACLs although all the communication is successful. Please let me know why the ACL counters are now shown?

 

Extended IP access list ADS-WSUS
10 permit ip object-group PPIN-ADS object-group PIN
20 permit ip object-group PPIN-ADS object-group PPIN
30 permit ip object-group PPIN-ADS object-group DMZ
40 permit tcp object-group WSUS object-group BRS eq 445 1556 13720 13724 13782
50 permit tcp object-group WSUS eq 8530 object-group PIN
60 permit tcp object-group WSUS eq 8530 object-group PPIN
70 permit tcp object-group WSUS eq 139 445 object-group ERC
80 permit ip object-group WSUS object-group VUS
90 permit ip object-group WSUS object-group NAC
100 permit tcp object-group WSUS eq 445 1556 13720 13724 13782 object-group BRS
110 permit ip object-group WSUS object-group DMZ
120 permit udp object-group WSUS object-group NTP-SERVER eq ntp
130 permit icmp any any

Extended IP access list BRS
10 permit ip object-group BRS object-group DMZ
20 permit tcp object-group BRS object-group PIN eq 445 1556 13720 13724 13782
30 permit tcp object-group BRS object-group PPIN eq 445 1556 13720 13724 13782
40 permit tcp object-group BRS eq 445 1556 13720 13724 13782 object-group PIN
50 permit tcp object-group BRS eq 445 1556 13720 13724 13782 object-group PPIN
60 permit tcp object-group BRS eq 445 1556 13720 13724 13782 object-group DMZ
70 permit ip object-group BRS object-group PPIN-ADS
80 permit tcp object-group BRS object-group WSUS eq 8530
90 permit tcp object-group BRS eq 139 445 object-group ERC
100 permit ip object-group BRS object-group NAC
110 permit tcp object-group BRS object-group FS eq 445
120 permit ip object-group BRS object-group VUS
130 permit udp object-group BRS object-group NTP-SERVER eq ntp
135 permit tcp object-group BRS object-group PIN eq 3389
140 permit icmp any any

 

Labels:
0 Helpful
1 Reply 1

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎04-25-2018 07:06 AM

Helos Thair,

 

Can you try with this command?

 

show ipv4 access-list (acl name) hardware ingress location 0/0/CPU0

 

---Do not forget to rate/mark useful answers.---

 

Best Regards,

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card