这里显示的条目数量为ACE,
ACE是啥?
ACE全称: access-list entry
ACE指的是ACL条目展开后的数量,
啥叫展开?
示例:
access-list out-in extend permit tcp80&443 host 1.1.1.1 host 2.2.2.2
这种配置是占1条,但是因为包含了2个端口号,所以ASA会将其明细展开,就占了2条明细
这2条的数量就是ACE,实际上ASA的资源消耗也是以ACE数量为依据的
access-list out-in extend permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
access-list out-in extend permit tcp host 1.1.1.1 host 2.2.2.2 eq 443
说完了ACE含义 ,下面就是怎么查看占用的ACE数量
命令:
show access-list <ACL名称> numeric l
示例:
ASA# sh access-list out-in numeric
access-list out-in; 201490 elements; name hash: 0xf75d8486ASA# sh access-list in-out
access-list in-out; 975421 elements; name hash: 0xab1d0e09
或通过brief命令也能看得到
ASA# sh access-list out-in brief
access-list out-in; 201490 elements; name hash: 0xf75d8486```
hpdl1414驱动)
)
)
)
)
