I've installed and ACL on one of my vlan in 3750 and not seeing matches exactly like what I've wanted. I've also make some search regarding this issue and apparently this is due to that 3750/3560 is using fast-switching and not packet switching. My questions are:
1. Does my ACL work?
2. How do I know that?
3. Is there a command to check match/hit ACL in 3750/3560?
Yes, you are right. You will not see the counter increasing from the "show access-list" output. The only way to see if the access-list is being hit is from the logging.
Please also be advised how the logging works (snipet from the doc provided earlier):
The first packet that triggers the ACL causes a logging message right away, and subsequent packets are collected over 5-minute intervals before they appear or logged. The logging message includes the access list number, whether the packet was permitted or denied, the source IP address of the packet, and the number of packets from that source permitted or denied in the prior 5-minute interval.<\quote>
Hope that makes sense.