Solved: Re: FWSM - show access-list show ACL hitcnt=* !?!?!

golly_wog · ‎10-21-2010

Hi

I have a FWSM 4.1.3 running A/A and on one of the contexts when I issues "show access-list", has many of the hitcnt=*

This only seems to occur when the ACL references an object-group, that has a name in it.

eg:

name 1.1.1.10 host1

object-group network networks1

network host 1.1.1.1

network host host1

access-list acl1 per ip object-group networks1 any

show access-list

access-list acl1 line 1 permit ip host 1.1.1.1 any (hitcnt=50)

access-list acl1 line 2 permit ip host host1 any (hitcnt=*)

Now, I can sucessfully pass traffic through this on line 2, but the counter doesn't incrememt.

I've checked the bug tracker, which I can't find anything like this related to the code I'm running.

Is this cosmetic???

thank you.

Federico Coto Fajardo · ‎10-21-2010

Hi,

You'll see the * when ACL optimization is enabled on the FWSM. The * indicates that the rule was merged with another rule(s) due to the optimization, which would make the hitcount for that specific rule inaccurate on its own.

Federico.

View solution in original post

Federico Coto Fajardo · ‎10-21-2010

Hi,

You'll see the * when ACL optimization is enabled on the FWSM. The * indicates that the rule was merged with another rule(s) due to the optimization, which would make the hitcount for that specific rule inaccurate on its own.

Federico.

golly_wog · ‎10-21-2010

Nice one Coto!!!

:-)