Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
5
Helpful
4
Replies

Counters in ACL lines

Go to solution
sSiDs
Level 1
Level 1

‎05-28-2021 06:50 AM

Good day team!

I have read this thread https://community.cisco.com/t5/switching/acl-not-showing-matches/td-p/997343

That matches couldn't be visible.

But... i did not find any information about  - does syntax or rules with tcp\udp\ip should be somehow lifehacked written to see the matches.

I have splunk installed and could see it there, but in our fast reality better be watch in second that traffic passing through the ACL line

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sSiDs
Level 1
Level 1
In response to Giuseppe Larosa

‎05-28-2021 10:16 AM

as i thought))

 

platform is c9300-48P

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-28-2021 06:55 AM

Not sure what is the issue, the example provide allow syslog ACL to allow.

 

what are you looking ? ACL Logs to Splunk ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
sSiDs
Level 1
Level 1
In response to balaji.bandi

‎05-28-2021 07:06 AM

I see logs in Splunk, i have configured looging host

 

what i want to see  - it is (matches) at the and of ACL line

 

here is an example:

Extended IP access list Lan97
5 permit icmp 192.168.97.0 0.0.0.255 any
10 permit tcp 192.168.97.0 0.0.0.255 host 192.168.1.100 eq smtp
20 permit udp any any eq bootpc
30 permit udp any any eq bootps (57 matches)
50 permit ip 192.168.97.0 0.0.0.255 any (8240 matches)
70 permit tcp 10.0.0.0 0.255.255.255 192.168.97.0 0.0.0.255 established
100 deny ip any 192.168.0.0 0.0.255.255 (9960 matches)
110 deny ip any 172.16.0.0 0.0.255.255 (235 matches)
120 deny ip any 10.0.0.0 0.255.255.255 (3 matches)

how to know does matches will be visible or not when adding line?)

Or it is up to switch to decide where to process ACL  - hw or sw? write?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to sSiDs

‎05-28-2021 09:59 AM

Hello @sSiDs ,

>>

how to know does matches will be visible or not when adding line?)

Or it is up to switch to decide where to process ACL - hw or sw? write?

 

it is a question of platform hardware and in some case of IOS version if you will be able to see hit counts per ACL line or not.

You can try and see the results. But there is not a way to write ACL statements that will cause the hit count to be updated or not.

 

Hope to help

Giuseppe

 

 

 

Go to solution
sSiDs
Level 1
Level 1
In response to Giuseppe Larosa

‎05-28-2021 10:16 AM

as i thought))

 

platform is c9300-48P

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card