show access-list hitcounts control-plane

Syntax

show access-list hitcounts [{ip|ipv6} <ACL-NAME>] control-plane vrf <VRF-NAME> [vsx-peer]

Description

Shows the hit count of the number of times an ACL (applied to the Control Plane) has matched a packet for ACEs with the count keyword. For ACEs without the count keyword, a dash is shown in place of a hit count.

Command context

Operator (>) or Manager (#)

Parameters

ip|ipv6

Specifies the ACL type: ip for IPv4, or ipv6 for IPv6.

<ACL-NAME>

Specifies the ACL name.

vrf <VRF-NAME>

Specifies the VRF name.

[vsx-peer]

Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed. This parameter is available on switches that support VSX.

Authority

Operators or Administrators or local user group members with execution rights for this command. Operators can execute this command from the operator context (>) only.

Usage

  • ACL hit counts are aggregated across all VRFs to which the ACL is applied to on ingress.
  • Accumulated hit counts for an applied ACL are cleared upon any modification of the ACL.

Examples

Showing the hit counts for an IPv4 ACL applied to the Control Plane mgmt VRF:

switch# show access-list hitcounts ip My_ipv4_ACL control-plane vrf mgmt
Statistics for ACL My_ipv4_ACL (ipv4):
VRF mgmt* (control-plane):
           Hit Count  Configuration
                   -  10 permit udp any 172.16.1.0/255.255.255.0
                   -  20 permit tcp 172.16.2.0/255.255.0.0 gt 1023 any
                   -  30 permit tcp 172.26.1.0/255.255.255.0 any syn ack dscp 10
                   8  40 deny any any any count
* access-list statistics are shared among each combination of
  context type (interface, VLAN, VRF) and direction (in, out, control-plane).
  use 'access-list TYPE NAME copy' to create a uniquely-named access-list.