cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
3
Replies

Access list

samehattia
Level 1
Level 1

Is it possible to provide a user a filtered output from the access-list command .

The problem is we manage a customer router and we don't allow the customer to run the show ip access-list command as it contains our access-list too. The customer insists on having this command available..is there any option to provide him a clean output of this command.

His main goal is to see the number of hits per access-list.

Any help would be surely appreciated

1 Accepted Solution

Accepted Solutions

Sam

As far as I know the only way to see the hitcount/matches is with the show access-list command. You could perhaps get close to that by adding the log option to the customer access list (but not your access list). Then the customer could see in syslog the activity of their access list. I would not recommend this approach but it is the closest that I can think of to giving you what you are asking about.

HTH

Rick

HTH

Rick

View solution in original post

3 Replies 3

Hi,

on a PIX or router you can see the hitcounts of the ACL with:

#show access-list

on the PIX they are called "hitcounts" and on the router "matches"

You can also turn on debugging and logging to see what traffic passes by ... and is blocked

If you find this post usefull

please don't forget to rate this

#########################################

#Iwan Hoogendoorn

#########################################

Iwan:

We don't allow the customer to run show access-list we moved this command to level 15.

so now how he can see the matches ? is there any other command can do that (debugging is not allowed too).

Sam

As far as I know the only way to see the hitcount/matches is with the show access-list command. You could perhaps get close to that by adding the log option to the customer access list (but not your access list). Then the customer could see in syslog the activity of their access list. I would not recommend this approach but it is the closest that I can think of to giving you what you are asking about.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: