show access-list hitcounts

Syntax

show access-list hitcounts {ip|ipv6|mac} <ACL-NAME> [interface
<ID> [{in|out}]] [vsx-peer]

Description

Shows the number of times an ACL has matched a packet/frame. The command applies to ACEs with the count keyword in the specified ACL. If an entry does not have the count keyword enabled, it will show the dash character instead of a hit count.

Command context

Operator (>) or Manager (#)

Parameters

ip|ipv6|mac

Specifies an ACL type to display information for (ip for IPv4, ipv6 for IPv6 or mac for MAC ACL).

<ACL-NAME>

Specifies an ACL to display information for.

interface <ID>

Specifies an interface to display information for.

in|out

Selects in to view information for inbound (ingress) traffic or out to view information for outbound (egress) traffic.

[vsx-peer]

Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.

Authority

Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.

Examples

Displaying the hit counts:

switch# show access-list hitcounts ip MY_ACL interface 1/1/1
Statistics for ACL MY_ACL (ipv4):
interface 1/1/1* (in):
           Hit Count  Configuration
                   -  10 permit udp any 172.16.1.0/24
                   -  20 permit tcp 172.16.2.0/16 gt 1023 any
                   -  30 permit tcp 172.26.1.0/24 any syn ack dscp 10
                   0  40 deny any any any count
* access-list statistics are shared among all applied interfaces
  use 'access-list TYPE NAME copy' to create a uniquely-named access-list