Cisco 7604 Configuration Guide - Page 248
show access-list test, Show the optimized access list range 2 through 5
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 248 highlights
Access List Group Optimization Chapter 13 Identifying Traffic with Access Lists access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0 access-list test line 4 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0) 0xde9a7aec access-list test line 4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0) 0xa4246eba access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c access-list test line 6 extended permit tcp 10.1.1.0 255.255.255.0 any (hitcnt=0) 0xd07a176b access-list test line 7 extended permit icmp any any (hitcnt=0) 0xb422e9c2 access-list test line 10 extended permit tcp any host 10.10.10.5 (hitcnt=0) 0xaa819def Show the optimized access list in detail: hostname(config)# show access-list test optimization detail access-list test; 13 elements before optimization 7 elements after optimization Reduction rate = 46% SUBSET rules : 2 ADJACENT rules : 5 access-list test line 1 extended permit tcp host 10.1.1.6 host 10.1.1.20 eq www (hitcnt=0) 0x00000000 [Merged to 6: SUBSET] access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0 [(3)] access-list test line 3 extended permit tcp any host 10.1.1.90 eq ftp (hitcnt=0) 0x00000000 [Merged to 2: ADJACENT] access-list test line 4 extended permit tcp any object-group dns-servers eq domain 0xb4b0751d access-list test line 4.1 extended permit tcp any host 10.10.10.5 eq domain (hitcnt=0) 0x00000000 [Merged to 9: SUBSET] access-list test line 4.2 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0) 0xde9a7aec [(4.3)] access-list test line 4.3 extended permit tcp any host 10.10.10.7 eq domain (hitcnt=0) 0x00000000 [Merged to 4.2: ADJACENT] access-list test line 4.4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0) 0xa4246eba [(4.5)] access-list test line 4.5 extended permit tcp any host 10.10.10.9 eq domain (hitcnt=0) 0x00000000 [Merged to 4.4: ADJACENT] access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c [(8.1,8.2)] access-list test line 6 extended permit tcp 10.1.1.0 255.255.255.0 any (hitcnt=0) 0xd07a176b [(1)] access-list test line 7 extended permit icmp any any (hitcnt=0) 0xb422e9c2 access-list test line 8.1 extended permit udp any any lt domain (hitcnt=0) 0x00000000 [Merged to 5: ADJACENT] access-list test line 8.2 extended permit udp any any gt domain (hitcnt=0) 0x00000000 [Merged to 5: ADJACENT] access-list test line 9 extended permit tcp any host 10.10.10.5 (hitcnt=0) 0xaa819def [(4.1)] Note Some rule information may change when merged. Rule 2 was modified because it was merged with rule 3. In order to view the original non-optimized rule 2, the user should refer to the non-optimized (original) access-list (for example, using the show access-list test command). Show the optimized access list range 2 through 5: hostname(config)# show access-list test optimization range 2 5 access-list test; 13 elements before optimization 7 elements after optimization Reduction rate = 46% access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0 access-list test line 4 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0) 0xde9a7aec access-list test line 4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0) 0xa4246eba access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c Show the optimized access list range 6 through 9 in detail: hostname(config)# show access-list test optimization detail range 6 9 access-list test; 13 elements before optimization 13-22 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01