cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
530
Views
0
Helpful
5
Replies

Confirming if access-lists are working!

Mohit Chauhan
Level 1
Level 1

hi firends,

i had this small query, i am sure it would be fairly simple for anyone using ACL qute often to advise me.

if we have access-list created but not applied to an interface, and do "sho access-lists", it will still show me hit-counts? this is normal right.

the only thing is that rule is not be actioned.

Example below:

Router#sho access-lists

Extended IP access list 101

    10 permit ip 10.0.0.0 0.0.0.255 any

Extended IP access list 150

    10 permit ip host 10.0.0.160 any (4424 matches)

    20 permit ip host 10.0.0.15 any (3635 matches)

    30 permit ip host 10.0.0.11 any (97680 matches)

    40 permit ip host 10.0.0.10 any (2271613 matches)

    50 permit ip host 10.0.0.251 any (1 match)

    60 permit ip host 10.0.0.171 any (174 matches)

    70 permit ip host 10.0.0.124 any (10084 matches)

    80 permit ip host 10.0.0.183 any (5195 matches)

    90 permit ip host 10.0.0.172 any (34856 matches)

    100 permit ip host 10.0.0.186 any (6623 matches)

Pleae correct me if i am wrong.

Thanks!

Regards.

2 Accepted Solutions

Accepted Solutions

counter in bracket means ACL is Hit for sure.

if its not applied at this time, may be earlier it was applied, Hit counter will remain unless you reboot the firewall or delete/create ACL again.

View solution in original post

I agree with Ahmad-

You should check if these counters are incresing as i said should not increase if not appilied to interface.

View solution in original post

5 Replies 5

ajay chauhan
Level 7
Level 7

If ACL is not applied to interface it wont increase hit counts.

Hi ajay

So the matches in the bracket in the output above would mean hits right?

Sent from Cisco Technical Support iPhone App

counter in bracket means ACL is Hit for sure.

if its not applied at this time, may be earlier it was applied, Hit counter will remain unless you reboot the firewall or delete/create ACL again.

I agree with Ahmad-

You should check if these counters are incresing as i said should not increase if not appilied to interface.

Thanks guys, it was indeed a good help. There was no access-list applied to any interface, it was just used for NAT. Stupid me i didnt notice that.

Cheers!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: