Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL Hit Count Expiration

Is there a way to configure an ACL to automatically expire and delete itself after a set amount of time of not being hit. For example:

Say I configure a specific rule permiting a specific user using a static IP address to traverse Network A and hit an application on Server X located on Network B. Six months later I forget about said user and he or she moves to another department and no longer needs access with that IP address to that server. Is there a way to configure that rule to automatically drop off if the hit count remains at 0 for longer than X amount of days?



You can have time based

You can have time based access-list if you want to have the access-list or rule created for a certain period... But i am not sure if we have option to get automatic delete of the un-used ACL by its own.... and i do not think so we have that option.




New Member

There is no such option of

There is no such dynamic option of deleting an ACL of not being hit by packets for a specific source/destination for a specified period of time.


The only option you got is to use time-based ACL and set the time that you want for that source/destination traffic. Time-based ACL is as flexible as water. You can set it to use recurring time or absolute time, which is your case.

Firewall(config)# time-range Temp_Worker

Firewall(config-time-range)# absolute [start hh:mm day month year] [end hh:mm day month year]


Hope this helps.