Access-List Not Showing All Hit Matches – Troubleshooting Tips

access-controlaclciscocisco-catalystlogging

I have access-lists in place. When i use the show ip access-list command, some of access-lists show counters (hit counts), and some don't. If I change the rule from permit to deny, interesting traffic is denied and counters will appear, but when I change to permit again the counters won't increase, although there is the traffic which is allowed with same sequence number.

Best Answer

If the platform is Cisco Catalyst as reflected in the tags for the question, that may be the case. Some platforms reflect only punted (soft-switched) packets in the "show ip access-list [...]" output, while others reflect none. For example, for Catalyst 6500 and Sup720 You'd need to use show tcam int x/y acl in|out protocol, while for other Catalyst platforms You'd usually be able to see aggregated statistics for ASIC or whole box via show access-list hardware counters.

Best Answer

Related Solutions

Cisco – Why does Cisco ios save and display access list entries out of order

Cisco – What do the parentheses “()” after objects mean in Cisco ASA ACLs

Related Topic