show access-list hitcounts
Syntax
show access-list hitcounts {ip|ipv6|mac} <ACL-NAME> [interface
<ID> [{in|out}]] [vsx-peer]
Description
Shows the number of times an ACL has matched a packet/frame. The command applies to ACEs with the
count
keyword in the specified ACL. If an entry does not have the
count
keyword enabled, it will show the dash character instead of a hit count.
Command context
Operator (>
) or Manager (#
)
Parameters
ip|ipv6|mac
Specifies an ACL type to display information for (
ip
for IPv4,ipv6
for IPv6 ormac
for MAC ACL).<ACL-NAME>
Specifies an ACL to display information for.
interface <ID>
Specifies an interface to display information for.
in|out
Selects
in
to view information for inbound (ingress) traffic orout
to view information for outbound (egress) traffic.[vsx-peer]
Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.
Authority
Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.
Examples
Displaying the hit counts:
switch# show access-list hitcounts ip MY_ACL interface 1/1/1 Statistics for ACL MY_ACL (ipv4): interface 1/1/1* (in): Hit Count Configuration - 10 permit udp any 172.16.1.0/24 - 20 permit tcp 172.16.2.0/16 gt 1023 any - 30 permit tcp 172.26.1.0/24 any syn ack dscp 10 0 40 deny any any any count * access-list statistics are shared among all applied interfaces use 'access-list TYPE NAME copy' to create a uniquely-named access-list