Firewall Wizards mailing list archives

RE: Cisco acls

From: "Luke Butcher" <Luke.Butcher () alphawest com au>
Date: Wed, 30 Mar 2005 08:29:19 +1000

 
From: Scott Stursa
Sent: Friday, 25 March 2005 4:54 AM

On Tue, 15 Mar 2005, Luke Butcher wrote:

Not sure about a lint checker and router ACLs unfortunately don't

show a hit count like PIX ones.

Yes they do.

The only place I've seen "missed" hits are on switches doing VLAN

switching. Although the initial handshake will

generate hits, once it goes into switching mode the ACL will never see

the packets. The difference is clear if you

have an ACL which begins with "permit tcp any any established"; on a

non-switched interface this line will show the > greatest number of hits
in the ACL, on a switched one it will show the lowest.

Sorry I meant in the way a PIX displays 'hitcnt=' right next to the line
when you do a show access-list. This makes it very easy to tell what
lines are being used and which ones aren't.

Regards,
Luke Butcher
Network/Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Cisco acls, (continued)
- - Re: Cisco acls Luca Berra (Mar 07)
- RE: Cisco acls Luke Butcher (Mar 06)
- RE: Cisco acls Luke Butcher (Mar 07)
  - RE: Cisco acls Andrew Yourtchenko (Mar 12)
- RE: Cisco acls MHawkins (Mar 07)
  - RE: Cisco acls Scott Stursa (Mar 12)
- Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 24)
  - RE: Cisco acls Scott Stursa (Mar 24)
- Fwd: Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 30)
- RE: Cisco acls MHawkins (Mar 31)