Firewall Wizards mailing list archives
RE: Cisco acls
From: MHawkins () TULLIB COM
Date: Wed, 30 Mar 2005 18:00:57 -0500
IOS versions from 12.1 and under sometimes (depending on the platform) won't show any hits at all on ACL entries. 12.2 and up shows hits on both routing policy acl's and interface acl's. Mike Hawkins -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Luke Butcher Sent: Tuesday, March 29, 2005 5:29 PM To: Scott Stursa Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Cisco acls From: Scott Stursa Sent: Friday, 25 March 2005 4:54 AM
On Tue, 15 Mar 2005, Luke Butcher wrote:
Not sure about a lint checker and router ACLs unfortunately don't
show a hit count like PIX ones.
Yes they do.
The only place I've seen "missed" hits are on switches doing VLAN
switching. Although the initial handshake will
generate hits, once it goes into switching mode the ACL will never see
the packets. The difference is clear if you
have an ACL which begins with "permit tcp any any established"; on a
non-switched interface this line will show the > greatest number of hits in the ACL, on a switched one it will show the lowest. Sorry I meant in the way a PIX displays 'hitcnt=' right next to the line when you do a show access-list. This makes it very easy to tell what lines are being used and which ones aren't. Regards, Luke Butcher Network/Security Consultant _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. For more information about the Collins Stewart Tullett group of companies please visit the following web site: www.cstplc.com ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Cisco acls, (continued)
- RE: Cisco acls Luke Butcher (Mar 06)
- RE: Cisco acls Luke Butcher (Mar 07)
- RE: Cisco acls Andrew Yourtchenko (Mar 12)
- RE: Cisco acls MHawkins (Mar 07)
- RE: Cisco acls Scott Stursa (Mar 12)
- Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 24)
- RE: Cisco acls Scott Stursa (Mar 24)
- Fwd: Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 30)
- RE: Cisco acls MHawkins (Mar 31)