RE: [fw-wiz] Cisco acls

MHawkins_at_TULLIB.COM
Date: 03/31/05 

To: Luke.Butcher@alphawest.com.au, stursa@mailer.fsu.edu
Date: Wed, 30 Mar 2005 18:00:57 -0500

IOS versions from 12.1 and under sometimes (depending on the platform) won't
show any hits at all on ACL entries.

12.2 and up shows hits on both routing policy acl's and interface acl's.

Mike Hawkins

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Luke Butcher
Sent: Tuesday, March 29, 2005 5:29 PM
To: Scott Stursa
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Cisco acls

 
From: Scott Stursa
Sent: Friday, 25 March 2005 4:54 AM

>> On Tue, 15 Mar 2005, Luke Butcher wrote:

>> Not sure about a lint checker and router ACLs unfortunately don't
show a hit count like PIX ones.

> Yes they do.

> The only place I've seen "missed" hits are on switches doing VLAN
switching. Although the initial handshake will
> generate hits, once it goes into switching mode the ACL will never see
the packets. The difference is clear if you
> have an ACL which begins with "permit tcp any any established"; on a
non-switched interface this line will show the > greatest number of hits
in the ACL, on a switched one it will show the lowest.

Sorry I meant in the way a PIX displays 'hitcnt=' right next to the line
when you do a show access-list. This makes it very easy to tell what
lines are being used and which ones aren't.

Regards,
Luke Butcher
Network/Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------
The information contained in this email is confidential and may also contain
privileged information. Sender does not waive confidentiality or legal
privilege. If you are not the intended recipient please notify the sender
immediately; you should not retain this message or disclose its content to
anyone.
Internet communications are not secure or error free and the sender does not
accept any liability for the content of the email. Although emails are
routinely screened for viruses, the sender does not accept responsibility
for any damage caused. Replies to this email may be monitored.
For more information about the Collins Stewart Tullett group of companies
please visit the following web site: www.cstplc.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
--------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: [fw-wiz] Cisco acls
    ... The only place I've seen "missed" hits are on switches doing VLAN ... into switching mode the ACL will never see the packets. ... ACL logging is rate limited; only a percentage of the matches will be ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Cisco acls
    ... show a hit count like PIX ones. ... > generate hits, once it goes into switching mode the ACL will never see ... in the ACL, on a switched one it will show the lowest. ...
    (Firewall-Wizards)
  • Re: Outlook Express 6 & replying to a majordomo list
    ... > I recently changed my list configuration such that if a person hits ... > "reply" to one of our emails the address for the list, not the sender ... For a reply OE will use the Reply To header if it is there and otherwise the ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Easy way to pass a sender to a subroutine? Maybe I didnt word that right...
    ... I want the up button to increment til it hits 9, ... ChangeRange that does the work. ... if sender is up1button or sender is down1button then.... ...
    (microsoft.public.dotnet.languages.vb)