How to get ACL hit count on hardware based ACL's? - Page 3

pietro manicioto · ‎04-29-2024

Good morning all,

I have created some large ACL's strictly for the task of triggering hit counts for static routes to tell me if the routes are even used any longer (for future cleanup purposes)

I am not getting any hit counts (Cisco 9604R) and have researched this is common for ACL's on L3 switches as they are processed in hardware vs software.

Is the answer to get the hit counts as simple as adding the log command at the end of each ACE, or is there a better way? (The total ACE count between both ACL's is almost 600, so I would like to avoid blowing my buffer up as well as syslog server with these if I can just simply see the hit count. )

pietro manicioto · ‎05-03-2024

Do you have a URL to review? I have not heard of this before.

Joseph W. Doherty · ‎05-03-2024

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/ios_acl_support.html#71949

Again, this doc isn't for your platform, but a feature you might check into.

wallacewebste-r60 · ‎05-03-2024

@pietro manicioto Cintas Partner Connect wrote:
Good morning all,
I have created some large ACL's strictly for the task of triggering hit counts for static routes to tell me if the routes are even used any longer (for future cleanup purposes)
I am not getting any hit counts (Cisco 9604R) and have researched this is common for ACL's on L3 switches as they are processed in hardware vs software.
Is the answer to get the hit counts as simple as adding the log command at the end of each ACE, or is there a better way? (The total ACE count between both ACL's is almost 600, so I would like to avoid blowing my buffer up as well as syslog server with these if I can just simply see the hit count. )

I have this problem too.