topic RE: Viewing SNMP ACL Policy counters, is it possible? in ExtremeSwitching (EXOS/Switch Engine) https://community.extremenetworks.com/t5/extremeswitching-exos-switch/viewing-snmp-acl-policy-counters-is-it-possible/m-p/20730#M1308 I am going to demonstrate using telnet access-profile, snmp should be the same.<BR /> <BR /> 1. create dynamic ACL<BR /> <BR /> create access-list telnet_acl " source-address 192.168.100.101/32 ; destination-address 10.67.72.85/32 ; protocol tcp ; destination-port 23 ;" " permit ;" application "Cli"<BR /> <BR /> 2. Add ACL to telnet access-profile<BR /> <BR /> configure telnet access-profile add "telnet_acl" first<BR /> <BR /> 3. You should see the hit count when permit/deny<BR /> <BR /> * X460-24t.35 # show access-list counter process telnet================================================================================<BR /> Access-list Permit Packets Deny Packets <BR /> ================================================================================<BR /> telnet_acl 1 0<BR /> ================================================================================<BR /> Total Rules : 1<BR /> <BR /> SNMP should be the same using snmp access-profile<BR /> <BR /> Managing ACL Rules for SNMPBefore you can assign an ACL rule to SNMP, you must create a dynamic ACL rule as described in ACLs.<BR /> Managing the Switch<BR /> <BR /> • To add or delete a rule for SNMP access, use the following command:<BR /> configure snmp access-profile [ access_profile {readonly | readwrite} | [[add<BR /> rule ] [first | [[before | after] previous_rule]]] | delete rule | none ]<BR /> • To display the access-list permit and deny statistics for an application, use the following command:<BR /> show access-list counters process [snmp | telnet | ssh2 | http]<BR /> <BR /> Sat, 11 Jun 2016 18:41:00 GMT Edward_Tsui 2016-06-11T18:41:00Z Viewing SNMP ACL Policy counters, is it possible? https://community.extremenetworks.com/t5/extremeswitching-exos-switch/viewing-snmp-acl-policy-counters-is-it-possible/m-p/20729#M1307 Is it possible to see the counters in an SNMP policy?<BR /> <BR /> I have a policy that looks like this:<BR /> entry e1 { if { source-address 172.16.5.211/32; } then { permit; count prtg; }} entry e2 { if { source-address 10.22.0.49/32; } then { permit; count rocnms; }}<BR /> entry e3 { if { source-address 10.21.12.49/32; } then { permit; count bsanms; }} entry e4 { if { source-address 172.16.5.226/32; } then { permit; count nmslinux; }} entry denyall { if { } then { deny; count denyall; }} Pretty simple, but if I do a 'show access-list counter process snmp' I get this:<BR /> ================================================================================ Access-list Permit Packets Deny Packets<BR /> ================================================================================<BR /> ================================================================================<BR /> Total Rules : 0The policy is working as expected, but I can't see the counters. There was one thread from two years ago that said this may be expected behavior, but no alternative was given to seeing the counters. I'd really like to know if anything else is trying to probe my cores via SNMP.<BR /> <BR /> Sat, 11 Jun 2016 12:05:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/viewing-snmp-acl-policy-counters-is-it-possible/m-p/20729#M1307 Ron_Prague 2016-06-11T12:05:00Z RE: Viewing SNMP ACL Policy counters, is it possible? https://community.extremenetworks.com/t5/extremeswitching-exos-switch/viewing-snmp-acl-policy-counters-is-it-possible/m-p/20730#M1308 I am going to demonstrate using telnet access-profile, snmp should be the same.<BR /> <BR /> 1. create dynamic ACL<BR /> <BR /> create access-list telnet_acl " source-address 192.168.100.101/32 ; destination-address 10.67.72.85/32 ; protocol tcp ; destination-port 23 ;" " permit ;" application "Cli"<BR /> <BR /> 2. Add ACL to telnet access-profile<BR /> <BR /> configure telnet access-profile add "telnet_acl" first<BR /> <BR /> 3. You should see the hit count when permit/deny<BR /> <BR /> * X460-24t.35 # show access-list counter process telnet================================================================================<BR /> Access-list Permit Packets Deny Packets <BR /> ================================================================================<BR /> telnet_acl 1 0<BR /> ================================================================================<BR /> Total Rules : 1<BR /> <BR /> SNMP should be the same using snmp access-profile<BR /> <BR /> Managing ACL Rules for SNMPBefore you can assign an ACL rule to SNMP, you must create a dynamic ACL rule as described in ACLs.<BR /> Managing the Switch<BR /> <BR /> • To add or delete a rule for SNMP access, use the following command:<BR /> configure snmp access-profile [ access_profile {readonly | readwrite} | [[add<BR /> rule ] [first | [[before | after] previous_rule]]] | delete rule | none ]<BR /> • To display the access-list permit and deny statistics for an application, use the following command:<BR /> show access-list counters process [snmp | telnet | ssh2 | http]<BR /> <BR /> Sat, 11 Jun 2016 18:41:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/viewing-snmp-acl-policy-counters-is-it-possible/m-p/20730#M1308 Edward_Tsui 2016-06-11T18:41:00Z