Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
8
Helpful
7
Replies

access-list hitcount

wasiimcisco
Level 1
Level 1

‎01-04-2008 07:14 AM - edited ‎03-11-2019 04:43 AM

Hi,

I want to see the hitcount on access-list

that has a remark statement

access-list edn_acl line 20 remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0

this access-list working fine. but i cant see the hitcount as i can see on another acl

access-list edn_acl line 28 extended permit ip host 172.31.205.110 any (hitcnt=5) 0x7807eff6

this is easy to troubleshoot. but now i cant see the hitcount.

Kindly tell me how to see the hitcount.

waiting for reply.

Labels:
0 Helpful
7 Replies 7

acomiskey
Level 10
Level 10

‎01-04-2008 07:44 AM

Once you add the "remark" keyword, that acl is nothing more than a comment. Therefore it will never be hit and you won't see a hitcount.

0 Helpful

wasiimcisco
Level 1
Level 1
In response to acomiskey

‎01-04-2008 07:50 AM

hi,

u mean to say this acl is not working. and it is useless/unfunction. very strange. Kindly tell me shall i remove the "remark" so that it can start working. If "remark" make the acl useless and unfunction then why cisco give us this option.

0 Helpful

r.sneekes
Level 1
Level 1

‎01-04-2008 07:46 AM

As the line is an remark the pix won't do anything with it. It's not an active access-list enty so it can't get hitcount.

only way to get hitcount it to remove the remark statement thus making the acl line active.

0 Helpful

acomiskey
Level 10
Level 10
In response to r.sneekes

‎01-04-2008 07:55 AM

Yes, you can remove the remark or add the same statement without the remark below it.

The option is there so you can do something like this...

access-list edn_acl remark The following line is for something I may not remember so I want to comment it

access-list edn_acl remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0

wasiimcisco
Level 1
Level 1
In response to acomiskey

‎01-04-2008 08:07 AM

Thanks for the reply,

but i have so many acl on my firewall and it is difficult for me to remember all acl and their ip.

But by adding remark on these acl it make these acl UNFUNCTION.

If i want to make them functining i have to remove the remark.(am i right ??????)

0 Helpful

keith.skinner
Level 1
Level 1
In response to acomiskey

‎02-01-2008 07:44 AM

In order to add remarks to a rule, you must make to lines. First line is the remark and second line is the rule, like this:

access-list acl_inbound line 3 remark *Following line allows me to ping server1*

access-list acl_inbound line 4 permit icmp host mypc host server1

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card