Resetting ACE hit counters to zero

  • Using the clear statistics command (see Monitoring static ACL usage)

  • Removing an ACL from an interface zeros the ACL's ACE counters for that interface only.

  • For a given ACL, either of the following actions clear the ACE counters to zero for all interfaces to which the ACL is assigned:

    • Adding or removing a permit or deny ACE in the ACL.

    • Rebooting the switch.

The following example shows a sample of performance monitoring output for an IPv4 ACL assigned as a VACL.

IPv4 ACL performance monitoring output

Switch# show statistics aclv4 102 vlan 20 vlan-in

 HitCounts for ACL 102

  Total

(1)  10 permit icmp 10.10.20.3 0.0.0.0 10.10.20.2 0.0.0.0 8
(2)  20 deny icmp 10.10.20.3 0.0.0.0 10.10.20.1 0.0.0.0 8 log
(2)  30 deny icmp 10.10.20.2 0.0.0.0 10.10.20.3 0.0.0.0 8 log
(1)  40 deny icmp 10.10.20.2 0.0.0.0 10.10.20.1 0.0.0.0 8 log
(10)  50 deny tcp 10.10.20.2 0.0.0.255 10.10.20.3 0.0.0.255 eq 23 log
(27)  60 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

The following example shows a sample of performance monitoring output for an IPv6 ACL assigned as a VACL.

IPv6 ACL performance monitoring output

Switch# show statistics aclv6 V6-02 vlan 20 vlan-in

 HitCounts for ACL V6-02

  Total

(5)   10 permit icmp ::/0 fe80::20:2/128 128
(4)   20 permit icmp ::/0 fe80::20:3/128 128
(136) 30 permit tcp fe80::20:1/128 ::/0 eq 23
(2)   40 deny icmp ::/0 fe80::20:1/128 128
(10)  50 deny tcp ::/0 ::/0 eq 23
(8)   60 deny icmp ::/0 ::/0 133
(155) 70 permit ipv6 ::/0 ::/0

The following example uses the counter activity to demonstrate using clear statistics to reset the counters to zero.

Resetting ACE hit counters to zero

Switch# show statistics aclv6 V6-02 vlan 20 vlan-in

 HitCounts for ACL V6-02

  Total

(5)   10 permit icmp ::/0 fe80::20:2/128 128
(4)   20 permit icmp ::/0 fe80::20:3/128 128
(136) 30 permit tcp fe80::20:1/128 ::/0 eq 23
(2)   40 deny icmp ::/0 fe80::20:1/128 128
(10)  50 deny tcp ::/0 ::/0 eq 23
(8)   60 deny icmp ::/0 ::/0 133
(155) 70 permit ipv6 ::/0 ::/0

Switch# clear statistics aclv6 V6-02 vlan 20 <vlan-in|vlan-out>
Switch# show statistics aclv6 V6-02 vlan 20 <vlan-in|vlan-out>

 HitCounts for ACL V6-02

  Total
(0)   10 permit icmp ::/0 fe80::20:2/128 128
(0)   20 permit icmp ::/0 fe80::20:3/128 128
(0)   30 permit tcp fe80::20:1/128 ::/0 eq 23
(0)   40 deny icmp ::/0 fe80::20:1/128 128
(0)   50 deny tcp ::/0 ::/0 eq 23
(0)   60 deny icmp ::/0 ::/0 133
(0)   70 permit ipv6 ::/0 ::/0