01-04-2008 07:14 AM - edited 03-11-2019 04:43 AM
Hi,
I want to see the hitcount on access-list
that has a remark statement
access-list edn_acl line 20 remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0
this access-list working fine. but i cant see the hitcount as i can see on another acl
access-list edn_acl line 28 extended permit ip host 172.31.205.110 any (hitcnt=5) 0x7807eff6
this is easy to troubleshoot. but now i cant see the hitcount.
Kindly tell me how to see the hitcount.
waiting for reply.
01-04-2008 07:44 AM
Once you add the "remark" keyword, that acl is nothing more than a comment. Therefore it will never be hit and you won't see a hitcount.
01-04-2008 07:50 AM
hi,
u mean to say this acl is not working. and it is useless/unfunction. very strange. Kindly tell me shall i remove the "remark" so that it can start working. If "remark" make the acl useless and unfunction then why cisco give us this option.
01-04-2008 07:46 AM
As the line is an remark the pix won't do anything with it. It's not an active access-list enty so it can't get hitcount.
only way to get hitcount it to remove the remark statement thus making the acl line active.
01-04-2008 07:55 AM
Yes, you can remove the remark or add the same statement without the remark below it.
The option is there so you can do something like this...
access-list edn_acl remark The following line is for something I may not remember so I want to comment it
access-list edn_acl remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0
01-04-2008 08:07 AM
Thanks for the reply,
but i have so many acl on my firewall and it is difficult for me to remember all acl and their ip.
But by adding remark on these acl it make these acl UNFUNCTION.
If i want to make them functining i have to remove the remark.(am i right ??????)
01-04-2008 08:16 AM
Yes.
02-01-2008 07:44 AM
In order to add remarks to a rule, you must make to lines. First line is the remark and second line is the rule, like this:
access-list acl_inbound line 3 remark *Following line allows me to ping server1*
access-list acl_inbound line 4 permit icmp host mypc host server1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide