I have a Cisco Catalyst 3560e switch, and I'm trying to learn how to work with ACLs. I've created a simple ACL and tested it by sending packets through the switch, and it seems to work. Some documentation indicates that I can see a count of the number of times an ACL is hit. A typical example (taken from a book) is:
PIX# sho access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list Inbound; 15 elements
access-list Inbound permit tcp any host web1. gad. net eq www (hitcnt=42942)
access-list Inbound permit tcp any host web1. gad. net eq ssh (hitcnt=162)
...
If I do the same thing on my switch I don't see the counters:
> sho access-list
Standard IP access list 1
10 deny 10.0.0.2
20 permit any
Are ACL counters supported on this switch? (How would I know, if not? I can't see anything about this in the release notes.) Am I missing some configuration?
Best Answer
If the ACL is being hit you should see counters in
sh access-listsw# sh run | i access-list 2 access-list 2 remark remote management acl access-list 2 permit 192.168.0.0 0.0.255.255 access-list 2 permit 10.11.0.0 0.0.255.255 sw# sh ip access-lists Standard IP access list 2 10 permit 192.168.0.0, wildcard bits 0.0.255.255 (79 matches) 20 permit 10.11.0.0, wildcard bits 0.0.255.255