Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access-list hitcount

Hi,

I want to see the hitcount on access-list

that has a remark statement

access-list edn_acl line 20 remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0

this access-list working fine. but i cant see the hitcount as i can see on another acl

access-list edn_acl line 28 extended permit ip host 172.31.205.110 any (hitcnt=5) 0x7807eff6

this is easy to troubleshoot. but now i cant see the hitcount.

Kindly tell me how to see the hitcount.

waiting for reply.

7 REPLIES
Green

Re: access-list hitcount

Once you add the "remark" keyword, that acl is nothing more than a comment. Therefore it will never be hit and you won't see a hitcount.

New Member

Re: access-list hitcount

hi,

u mean to say this acl is not working. and it is useless/unfunction. very strange. Kindly tell me shall i remove the "remark" so that it can start working. If "remark" make the acl useless and unfunction then why cisco give us this option.

New Member

Re: access-list hitcount

As the line is an remark the pix won't do anything with it. It's not an active access-list enty so it can't get hitcount.

only way to get hitcount it to remove the remark statement thus making the acl line active.

Green

Re: access-list hitcount

Yes, you can remove the remark or add the same statement without the remark below it.

The option is there so you can do something like this...

access-list edn_acl remark The following line is for something I may not remember so I want to comment it

access-list edn_acl remark RA_ACL extended permit ip 172.28.37.0 255.255.255.0 172.28.64.0 255.255.255.0

New Member

Re: access-list hitcount

Thanks for the reply,

but i have so many acl on my firewall and it is difficult for me to remember all acl and their ip.

But by adding remark on these acl it make these acl UNFUNCTION.

If i want to make them functining i have to remove the remark.(am i right ??????)

Green

Re: access-list hitcount

Yes.

New Member

Re: access-list hitcount

In order to add remarks to a rule, you must make to lines. First line is the remark and second line is the rule, like this:

access-list acl_inbound line 3 remark *Following line allows me to ping server1*

access-list acl_inbound line 4 permit icmp host mypc host server1

275
Views
8
Helpful
7
Replies
CreatePlease login to create content