How to display ACL counters attached to snmp?

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
I have created an ACL called acl167.pol that has a few IP addresses permited to access the switch via snmp readonly. Here is the ACL:

entry e1 { if { source-address 1xx.72.68.38/32; } then { permit; count e1; }}
entry e2 { if { source-address 1xx.72.200.158/32; } then { permit; count e2; }}
entry e3 { if { source-address 1xx.72.200.194/32; } then { permit; count e3; }}
entry e4 { if { source-address 1xx.72.43.0 mask; } then { permit; count e4; }}
entry denyall { if { } then { deny; count denyall; }}

I apply it to snmp here:

configure snmp access-profile acl167 readonly

Now, I'd like to see if the counters are incrementing but I can't figure out how to do that. Here are a couple more commands to show:

Eng_lab_8810A.39 # ls
-rw-rw-rw- 1 root 0 398 Feb 24 13:45 acl167.pol
-rw-rw-rw- 1 root 0 370165 Feb 24 13:32 primary.cfg
drwxrwxrwx 2 root 0 0 Feb 13 18:27 vmt
-rw-rw-rw- 1 root 0 6605 Feb 19 08:40 voice_subnet_restriction.pol

The other ACL is attached to a vlan and it is the only one that shows up when I do a:

Eng_lab_8810A.42 # sh access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
voice_subnet_restriction voice990 * ingress
denyallcntr 188456

Eng_lab_8810A.43 #

Any idea how I can show the counters for acl167.pol?
Photo of Jim Keeffe

Jim Keeffe

  • 390 Points 250 badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of Ron Huygens

Ron Huygens, Employee

  • 3,360 Points 3k badge 2x thumb
Official Response
Hi Jim,

To see the counters from an access-profile you need to get the counters for that specific process. The normal counters do apply to the port or vlan statistics.

To display the snmp process counter statistics, use the "show access-list counters process snmp" command.

The permit or deny counters are updated accordingly, regardless of whether the rule is
configured to add counters.