ACL not showing hit count incremented

Unanswered Question

Hi Folks, I need a little help. I have configured an ACL on a 3750 to allow RDP, SSH & TCP 8080 access to a management machine from certain VLAN's. I am able to access the machine but I do not see the ACL hit counts incremented. How do I configure my ACL to show the hit count incrementing.

Thank you in Advance I appreciate it.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 10/12/2009 - 10:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Joseph,

after having defined the ACL, have you applied it somewhere for example:

int vlan 10

ip access-group acl_number


ip access-group acl_name


this may cause you to miss device remote access and control.

so don't do it if you are not sure your ACL is correct.

Be also aware that some multilayer switch platforms are not able to update hint counters for their MLS implementation.

This can be your case: the ACL may be effective but counters are not incremented

Hope to help


Hi Siuseppe,

Thank you for your response, yes the ACL are applied on the VLAN interface.

I apologize for not mentioning that the counters for the other lines on the ACL shows hit counts incremented & some don't increment. I am able to connect to that box using RDP.

Extended IP access list Restrict-Mgmt

10 permit tcp any any established (146 matches)

20 permit tcp host eq 3389

30 permit tcp host eq 443 (9 matches)

50 permit tcp host eq 8080

60 permit udp any eq ntp host

70 permit udp any eq domain host

80 deny ip any host (17131 matches)

90 permit ip any any (515 matches)


interface Vlan100

ip address

ip access-group Restrict-Mgmt out

no ip redirects

no ip proxy-arp


pompeychimes Tue, 10/13/2009 - 17:50
User Badges:
  • Bronze, 100 points or more

Shouldn't you ACL be applied inbound...

interface Vlan100

ip address

ip access-group Restrict-Mgmt in


This Discussion