Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACL Hits

hi i have a question this acl is accessed by only subnet so i created another acl placed at the bottom of this acl.

     any     ip     permit   ip     permit

The above acl is getting hits but the second one is not getting hits. I have enabled both rules. do i need 2 change order or disable the 1st rule please give your suggestions.

Super Bronze

ACL Hits


Is this some ACL on a router or a firewall?

Is there a typo in the network/IP in the ACL? Post says and the ACL

I would presume that since your first rule specifies "any" as the source address it then matches all the connections from the (or subnet and because of this the new rule below it doesnt get any hitcounts. That is if you are lookking for ACL hits towards

First thing would be to determine if there is a typo in the ACL and after that insert the rule with the correct subnet at the top. Then again the only affect this would have is that you would see the hitcounts from this certain source network while nothing else would change with regards to the ACL behaviour.

- Jouni

VIP Green

ACL Hits

I agree with Jouni.  The first entry matches any source destined for the address  So technically you would not need the second command.

If you want to see matches on the   ip     permit statement then that needs to be placed above the first rule.


Please remember to rate and select a correct answer
CreatePlease to create content