access-list hitcount

Unanswered Question
Jan 4th, 2008
User Badges:

Hi,


I want to see the hitcount on access-list

that has a remark statement

access-list edn_acl line 20 remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0


this access-list working fine. but i cant see the hitcount as i can see on another acl


access-list edn_acl line 28 extended permit ip host 172.31.205.110 any (hitcnt=5) 0x7807eff6


this is easy to troubleshoot. but now i cant see the hitcount.


Kindly tell me how to see the hitcount.


waiting for reply.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
acomiskey Fri, 01/04/2008 - 07:44
User Badges:
  • Green, 3000 points or more

Once you add the "remark" keyword, that acl is nothing more than a comment. Therefore it will never be hit and you won't see a hitcount.

wasiimcisco Fri, 01/04/2008 - 07:50
User Badges:

hi,


u mean to say this acl is not working. and it is useless/unfunction. very strange. Kindly tell me shall i remove the "remark" so that it can start working. If "remark" make the acl useless and unfunction then why cisco give us this option.

r.sneekes Fri, 01/04/2008 - 07:46
User Badges:

As the line is an remark the pix won't do anything with it. It's not an active access-list enty so it can't get hitcount.


only way to get hitcount it to remove the remark statement thus making the acl line active.

acomiskey Fri, 01/04/2008 - 07:55
User Badges:
  • Green, 3000 points or more

Yes, you can remove the remark or add the same statement without the remark below it.


The option is there so you can do something like this...


access-list edn_acl remark The following line is for something I may not remember so I want to comment it

access-list edn_acl remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0

wasiimcisco Fri, 01/04/2008 - 08:07
User Badges:

Thanks for the reply,


but i have so many acl on my firewall and it is difficult for me to remember all acl and their ip.


But by adding remark on these acl it make these acl UNFUNCTION.


If i want to make them functining i have to remove the remark.(am i right ??????)

Actions

This Discussion