Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access list

Is it possible to provide a user a filtered output from the access-list command .

The problem is we manage a customer router and we don't allow the customer to run the show ip access-list command as it contains our access-list too. The customer insists on having this command available..is there any option to provide him a clean output of this command.

His main goal is to see the number of hits per access-list.

Any help would be surely appreciated

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: Access list

Sam

As far as I know the only way to see the hitcount/matches is with the show access-list command. You could perhaps get close to that by adding the log option to the customer access list (but not your access list). Then the customer could see in syslog the activity of their access list. I would not recommend this approach but it is the closest that I can think of to giving you what you are asking about.

HTH

Rick

3 REPLIES

Re: Access list

Hi,

on a PIX or router you can see the hitcounts of the ACL with:

#show access-list

on the PIX they are called "hitcounts" and on the router "matches"

You can also turn on debugging and logging to see what traffic passes by ... and is blocked

If you find this post usefull

please don't forget to rate this

#########################################

#Iwan Hoogendoorn

#########################################

Community Member

Re: Access list

Iwan:

We don't allow the customer to run show access-list we moved this command to level 15.

so now how he can see the matches ? is there any other command can do that (debugging is not allowed too).

Hall of Fame Super Gold

Re: Access list

Sam

As far as I know the only way to see the hitcount/matches is with the show access-list command. You could perhaps get close to that by adding the log option to the customer access list (but not your access list). Then the customer could see in syslog the activity of their access list. I would not recommend this approach but it is the closest that I can think of to giving you what you are asking about.

HTH

Rick

133
Views
0
Helpful
3
Replies
CreatePlease to create content