Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM - show access-list show ACL hitcnt=* !?!?!

Hi

I have a FWSM 4.1.3 running A/A and on one of the contexts when I issues "show access-list", has many of the hitcnt=*

This only seems to occur when the ACL references an object-group, that has a name in it.

eg:

name 1.1.1.10 host1

object-group network networks1

network host 1.1.1.1

network host host1

access-list acl1 per ip object-group networks1 any

show access-list

access-list acl1 line 1 permit ip host 1.1.1.1 any (hitcnt=50)

access-list acl1 line 2 permit ip host host1 any (hitcnt=*)

Now, I can sucessfully pass traffic through this on line 2, but the counter doesn't incrememt.

I've checked the bug tracker, which I can't find anything like this related to the code I'm running.


Is this cosmetic???

thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: FWSM - show access-list show ACL hitcnt=* !?!?!

Hi,

You'll see the * when ACL optimization is enabled on the FWSM. The *  indicates that the rule was merged with another rule(s) due to the  optimization, which would make the hitcount for that specific rule  inaccurate on its own.

Federico.

2 REPLIES

Re: FWSM - show access-list show ACL hitcnt=* !?!?!

Hi,

You'll see the * when ACL optimization is enabled on the FWSM. The *  indicates that the rule was merged with another rule(s) due to the  optimization, which would make the hitcount for that specific rule  inaccurate on its own.

Federico.

New Member

Re: FWSM - show access-list show ACL hitcnt=* !?!?!

Nice one Coto!!!

:-)

1797
Views
0
Helpful
2
Replies
CreatePlease login to create content