Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

hit counts against object group objects

When the command "sho access-list" is performed, it allows the admin to see what hit counts have occured against each line within an Access-list statement. However it does not show a hit count with reference to object groups in the ACL.

How can one display the hit counts for the items in the object group(s)?

Thanks

1 REPLY
New Member

Re: hit counts against object group objects

sh run access-list "name" will display the the access-list as it exists in the config.

sh access-list "name" will display the full access list including the exploded object-groups and includes the line number they correspond to in the ACL.

For example, if line 13 has an object group in it... when you do sh access-l "name" you will see multiple instance of "line 13" with a "hitcnt=X" at the end of each object group entry.

Like such:

access-list outside_acl line 13 extended permit tcp object-group XXX_Ent_Monitoring object-group Ent_Monitoring eq 17000 0xd22e53d4

access-list outside_acl line 13 extended permit tcp host 10.182.31.60 host 172.19.6.91 eq 17000 (hitcnt=0) 0xf48c6831

access-list outside_acl line 13 extended permit tcp host 10.182.31.60 host 172.19.6.92 eq 17000 (hitcnt=0) 0x569de0fe

access-list outside_acl line 13 extended permit tcp host 10.183.31.60 host 172.19.6.91 eq 17000 (hitcnt=0) 0xaece0fd5

access-list outside_acl line 13 extended permit tcp host 10.183.31.60 host 172.19.6.92 eq 17000 (hitcnt=0) 0xa22933b1

access-list outside_acl line 13 extended permit tcp host 10.184.31.60 host 172.19.6.91 eq 17000 (hitcnt=0) 0x34463c69

access-list outside_acl line 13 extended permit tcp host 10.184.31.60 host 172.19.6.92 eq 17000 (hitcnt=0) 0x09b103ca

access-list outside_acl line 13 extended permit tcp host 10.181.31.60 host 172.19.6.91 eq 17000 (hitcnt=0) 0xc1f77cfb

access-list outside_acl line 13 extended permit tcp host 10.181.31.60 host 172.19.6.92 eq 17000 (hitcnt=0) 0xc97881bb

access-list outside_acl line 13 extended permit tcp host 10.186.31.14 host 172.19.6.91 eq 17000 (hitcnt=0) 0xf52becd4

access-list outside_acl line 13 extended permit tcp host 10.186.31.14 host 172.19.6.92 eq 17000 (hitcnt=0) 0x6fa023ee

access-list outside_acl line 13 extended permit tcp host 10.186.31.17 host 172.19.6.91 eq 17000 (hitcnt=0) 0x23efa629

access-list outside_acl line 13 extended permit tcp host 10.186.31.17 host 172.19.6.92 eq 17000 (hitcnt=0) 0xf1cae94e

450
Views
0
Helpful
1
Replies
CreatePlease to create content