beautypg.com

Displaying acl information – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 143

background image

by the show access-list access-list-id command to determine the hardware usage for an ACL. To
gain more hardware resources, you can modify the ACL rules so that it uses less hardware resource.

To enable and view hardware usage statistics, enter commands such as the following:

device#show access-list hw-usage on

device#show access-list 100

Extended IP access list 100 (hw usage : 2)

deny ip any any (hw usage : 1

The first command enables hardware usage statistics, and the second command displays the hardware
usage for IP access list 100.

NOTE
Hardware usage statistics for ACLs differ for FSX 800 and FSX 1600 devices with one or more SX-
FI48GPP interface modules, compared to devices that do not have this interface module.

The following displays an example of the show output for an FSX 800 device in which an SX-FI48GPP
interface module is installed.

device#show access-list all

Standard IP access list 1 (hw usage (if applied on 24GC modules) : 2) (hw usage (if

applied on 48GC modules) : 2)

permit any (hw usage (if applied on 24GC modules) : 1) (hw usage (if applied on 48GC

modules) : 1)

Extended IP access list 100 (hw usage (if applied on 24GC modules) : 7) (hw usage (if

applied on 48GC modules) : 7)

deny tcp any range newacct src any (hw usage (if applied on 24GC modules) : 6) (hw

usage (if applied on 48GC modules) : 6)

FastIron SX 800 Router#sh mod

Module Status Ports Starting MAC

F1: SX-FISF Switch Fabric active

F2: SX-FISF Switch Fabric active

S1:

S2:

S3: Configured as SX-FI648 48-port 100/1000 Copper

S4: SX-FI648PP 48-port 100/1000 Copper OK 48 0000.0027.7918

S5: SX-FI624C 24-port Gig Copper OK 24 0000.0027.7960

S6:

S7: SX-FI624C 24-port Gig Copper OK 24 0000.0027.7990

S8:

S9: SX-FIZMR6 0-port Management Standby 0

{ Status : OK }

S10: SX-FIZMR6 0-port Management Active 0

Syntax: show access-list hw-usage [ on | off ]

Syntax: show access-list [ access-list-id | all ]

By default, hardware usage statistics are disabled. To disable hardware usage statistics after it has
been enabled, use the show access-list hw-usage off command.

The access-list-id variable is a valid ACL name or number.

Displaying ACL information

To display the number of Layer 4 CAM entries used by each ACL, enter the following command.

device#show access-list all

Extended IP access list 100 (Total flows: N/A, Total packets: N/A, Total rule cam

Displaying ACL information

FastIron Ethernet Switch Security Configuration Guide

143

53-1003088-03

See also other documents in the category Brocade Computer Accessories: