Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
412
Views
0
Helpful
6
Replies

Cisco 7k acl and hit count....

mbaars
Level 1
Level 1

ā€Ž02-28-2023 01:46 AM

Hi All,

Seeing a strange access-list hitcount issue on Nexxus 7k running 7.3(5).

Within an access-list there are some acl entries not showing any matches. For an acl entry without matches it would say '[match=0]' but for some lines this is omitted. Any ideas? Is there some logging restriction on the maximum of acl entries or a bug that i should be aware of? We have a lot of acl's on this Nexxus 7k that need to be analysed and unused entries removed.

Example

N7K-01# sh access-list vlan22-in

IP access list vlan99-in
statistics per-entry
<omitted>
1700 permit ip 10.101.22.0/24 10.101.5.0/24 [match=300150756]
1710 permit ip 10.101.22.0/25 10.247.0.0/16 [match=0]
1720 permit ip 10.101.22.22/32 52.239.137.36/32 <<<<<< no match/hitcounter
1730 permit ip 10.101.22.105/32 10.101.3.0/24 <<<<<< no match/hitcounter
1740 permit ip 10.101.22.0/25 10.111.96.0/24 <<<<<< no match/hitcounter
1750 permit ip 10.101.22.0/25 10.111.97.0/24 <<<<<< no match/hitcounter

 

 

 

 

 

 

 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž02-28-2023 11:38 AM

Do you have any traffic that matches the ACL?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mbaars
Level 1
Level 1
In response to balaji.bandi

ā€Ž02-28-2023 10:50 PM

Good question

I am assuming there is matching traffic.

But even so, without matching traffic i would expect '[match=0]' to be included when viewing the acl?

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mbaars

ā€Ž03-01-2023 04:49 PM

I am assuming there is matching traffic.  - need confirmation or create another ACL you known device and test it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž02-28-2023 03:34 PM

statistics <<- add this command under the ACL again, and share the result 

0 Helpful

mbaars
Level 1
Level 1
In response to MHM Cisco World

ā€Ž02-28-2023 10:51 PM

I removed ' statistics per-entry' under the acl and added it again but the result is still the same....

0 Helpful

MHM Cisco World
VIP
VIP
In response to mbaars

ā€Ž03-01-2023 03:10 AM - edited ā€Ž03-01-2023 04:55 PM

I check the ciscolive slides 
the PACL with statistics per-entry show match for all line 

Screenshot (333).png

the RACL with statistics per-entry show match only for traffic hit the line other line dont show match if there is no traffic hit the line

 

Screenshot (334).png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card