這里顯示的條目數量為ACE,
ACE是啥?
ACE全稱: access-list entry
ACE指的是ACL條目展開后的數量,
啥叫展開?
示例:
access-list out-in extend permit tcp80&443 host 1.1.1.1 host 2.2.2.2
這種配置是占1條,但是因為包含了2個端口號,所以ASA會將其明細展開,就占了2條明細
這2條的數量就是ACE,實際上ASA的資源消耗也是以ACE數量為依據的
access-list out-in extend permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
access-list out-in extend permit tcp host 1.1.1.1 host 2.2.2.2 eq 443
說完了ACE含義 ,下面就是怎么查看占用的ACE數量
命令:
show access-list <ACL名稱> numeric l
示例:
ASA# sh access-list out-in numeric
access-list out-in; 201490 elements; name hash: 0xf75d8486ASA# sh access-list in-out
access-list in-out; 975421 elements; name hash: 0xab1d0e09
或通過brief命令也能看得到
ASA# sh access-list out-in brief
access-list out-in; 201490 elements; name hash: 0xf75d8486```
hpdl1414驅動)
)
)
)
)
