13-22
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Chapter 13 Identifying Traffic with Access Lists
Access List Group Optimization
access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0
access-list test line 4 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0)
0xde9a7aec
access-list test line 4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0)
0xa4246eba
access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c
access-list test line 6 extended permit tcp 10.1.1.0 255.255.255.0 any (hitcnt=0) 0xd07a176b
access-list test line 7 extended permit icmp any any (hitcnt=0) 0xb422e9c2
access-list test line 10 extended permit tcp any host 10.10.10.5 (hitcnt=0) 0xaa819def
Show the optimized access list in detail:
hostname(config)# show access-list test optimization detail
access-list test;
13 elements before optimization
7 elements after optimization
Reduction rate = 46%
SUBSET rules : 2
ADJACENT rules : 5
access-list test line 1 extended permit tcp host 10.1.1.6 host 10.1.1.20 eq www (hitcnt=0) 0x00000000
[Merged to 6: SUBSET]
access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0
[(3)]
access-list test line 3 extended permit tcp any host 10.1.1.90 eq ftp (hitcnt=0) 0x00000000 [Merged to
2: ADJACENT]
access-list test line 4 extended permit tcp any object-group dns-servers eq domain 0xb4b0751d
access-list test line 4.1 extended permit tcp any host 10.10.10.5 eq domain (hitcnt=0) 0x00000000
[Merged to 9: SUBSET]
access-list test line 4.2 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0)
0xde9a7aec [(4.3)]
access-list test line 4.3 extended permit tcp any host 10.10.10.7 eq domain (hitcnt=0) 0x00000000
[Merged to 4.2: ADJACENT]
access-list test line 4.4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0)
0xa4246eba [(4.5)]
access-list test line 4.5 extended permit tcp any host 10.10.10.9 eq domain (hitcnt=0) 0x00000000
[Merged to 4.4: ADJACENT]
access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c [(8.1,8.2)]
access-list test line 6 extended permit tcp 10.1.1.0 255.255.255.0 any (hitcnt=0) 0xd07a176b [(1)]
access-list test line 7 extended permit icmp any any (hitcnt=0) 0xb422e9c2
access-list test line 8.1 extended permit udp any any lt domain (hitcnt=0) 0x00000000 [Merged to 5:
ADJACENT]
access-list test line 8.2 extended permit udp any any gt domain (hitcnt=0) 0x00000000 [Merged to 5:
ADJACENT]
access-list test line 9 extended permit tcp any host 10.10.10.5 (hitcnt=0) 0xaa819def [(4.1)]
Note
Some rule information may change when merged. Rule 2 was modified because it was merged with rule
3. In order to view the original non-optimized rule 2, the user should refer to the non-optimized (original)
access-list (for example, using the
show access-list test
command).
Show the optimized access list range 2 through 5:
hostname(config)# show access-list test optimization range 2 5
access-list test;
13 elements before optimization
7 elements after optimization
Reduction rate = 46%
access-list test line 2 extended permit tcp any host 10.1.1.90 range ftp ssh (hitcnt=0) 0x9f0b14e0
access-list test line 4 extended permit tcp any 10.10.10.6 255.255.255.254 eq domain (hitcnt=0)
0xde9a7aec
access-list test line 4 extended permit tcp any 10.10.10.8 255.255.255.254 eq domain (hitcnt=0)
0xa4246eba
access-list test line 5 extended permit udp any any (hitcnt=0) 0xbaf2384c
Show the optimized access list range 6 through 9 in detail:
hostname(config)# show access-list test optimization detail range 6 9
access-list test;
13 elements before optimization
Summary of Contents for 6500 - Catalyst Series 10 Gigabit EN Interface Module Expansion
Page 35: ...P A R T 1 Getting Started and General Information ...
Page 36: ......
Page 297: ...P A R T 2 Configuring the Security Policy ...
Page 298: ......
Page 521: ...P A R T 3 System Administration ...
Page 522: ......
Page 613: ...P A R T 4 Reference ...
Page 614: ......