Firewall(config)# show access-list outside_access brief
access-list outside_access; 4861 elements; name hash: 0xee117655
967e628c 00000000 000169b3 5a32b670
6aa60a42 19e2de04 00000934 5a328670
0c7e87a2 19e2de04 000004b3 5a32865d
eb14c577 00000000 0000ec03 5a32b675
My guess would be to check if the ACL is consistent on multiple devices.
Quote from: SimonV on December 14, 2017, 01:37:10 PM
My guess would be to check if the ACL is consistent on multiple devices.
... most folks would check the ACL config... or use a firewall config manager...
Quote from: deanwebb on December 14, 2017, 01:44:38 PM
Quote from: SimonV on December 14, 2017, 01:37:10 PM
My guess would be to check if the ACL is consistent on multiple devices.
... most folks would check the ACL config... or use a firewall config manager...
I imagine a hash would be more useful for an ACL with hundreds or thousands of lines.
Quote from: SimonV on December 15, 2017, 02:33:09 AM
Quote from: deanwebb on December 14, 2017, 01:44:38 PM
Quote from: SimonV on December 14, 2017, 01:37:10 PM
My guess would be to check if the ACL is consistent on multiple devices.
... most folks would check the ACL config... or use a firewall config manager...
I imagine a hash would be more useful for an ACL with hundreds or thousands of lines.
yes, that is how the ASA works, hashes the ACL and compares the hash value to some hash value on the packet.
that's not the question though.
Oh, I thought it gave you a hash of the ACL itself, which could be compared across devices to check consistency.
Nevermind me then :-X
Maybe it's for debugging?
Automation?