beautypg.com

Acl accounting, Configuring ipv4 acl accounting, Feature limitations for acl accounting – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 141

background image

ACL accounting

ACL accounting helps to collect usage information for access lists configured on the device. Counters,
stored in hardware, keep track of the number of times an ACL filter is used. ACL accounting provides
statistics for permit rules, deny rules, and implicit rules that help in identifying usage of particular traffic.
ACL accounting is supported on IPv4 ACLs, IPv6 ACLs, and Layer 2 MAC filters and provides
accounting information for inbound ACLs. Accounting on IPv4 ACLs, IPv6 ACLs, and MAC filters are
explained in the corresponding sections of this guide.

Feature limitations for ACL accounting

• Traffic Policer and ACL accounting cannot coexist.
• ACL accounting is not supported on outbound ACLs.
• ACL accounting is not supported on dynamic ACLs.
• ACL accounting is not supported on ICX 6430 devices and the following FastIron SX device series:

SX-FI624HF, SX-FI624C, SX-FI62XG, SX-FIZMRXL6 or their combination.

• On FastIron SXR800 and SXR1600 devices, traffic terminating at the devices will not be accounted.

Configuring IPv4 ACL accounting

Steps to enable, display, and clear IPv4 ACL accounting

On enabling IPv4 ACL accounting for FastIron devices, it will be enabled on all the filters of the ACL
including the implicit rule. You can enable ACL accounting for named and numbered ACLs.

1. To enable ACL accounting for a configured ACL, choose one of the following options.

• For a numbered ACL, use the access list enable accounting command in the global

configuration mode.

• For a named ACL, use the enable accounting command in the ACL configuration mode.

device(config)#access-list 10 enable-accounting

device(config-std-nacl)#enable-accounting

NOTE
When the ACL on which accounting is enabled is shared between multiple interfaces, enable ACL-
PER-PORT-PER-VLAN flag to get statistics at the port level.

2. To display ACL accounting information, use the show access list accounting command. The

accounting statistics is collected every five seconds and is synchronized to standby unit every one
minute.

device#show access-list accounting ve 16 in

IPV4 ACL Accounting Information

devNum[0] => ACL: 10

0: permit any

Hit Count: (1Min) 0 (5Sec) 0

(PktCnt) 0 (ByteCnt) 0

--------------------------------------------------

65535: Implicit Rule deny any any

Hit Count: (1Min) 0 (5Sec) 0

(PktCnt) 0 (ByteCnt) 0

--------------------------------------------------

IPV6 ACL Accounting Information

devNum[0] => ACL: v6

0: permit ipv6 any any

Hit Count: (1Min) 0 (5Sec) 0

(PktCnt) 0 (ByteCnt) 0

ACL accounting

FastIron Ethernet Switch Security Configuration Guide

141

53-1003088-03

See also other documents in the category Brocade Computer Accessories: