beautypg.com

Acl accounting – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 105

background image

Multi-Service IronWare Security Configuration Guide

87

53-1003035-02

ACL accounting

2

ACL accounting

Multi-Service devices may be configured to monitor the number of times an ACL is used to filter
incoming or outgoing traffic on an interface. The show access-list accounting command displays
the number of “hits” or how many times ACL filters permitted or denied packets that matched the
conditions of the filters. For more detailed information about ACL accounting, please refer to “ACL
accounting”.

Enabling and disabling ACL accounting on Brocade NetIron XMR and
Brocade MLX series devices

ACL accounting is disabled by default on Brocade NetIron XMR and Brocade MLX series devices. To
enable ACL accounting, enter the following command in global configuration mode:

Brocade(config)# enable-acl-counter

Syntax: [no] enable-acl-counter

NOTE

Enabling or disabling ACL accounting affects the gathering of statistics from all ACL types (Layer-2,
IPv4 and IPv6).

When ACL accounting is enabled, use the accounting-no-sort command to present the access-list
entries in the configured order when displaying ACL accounting data.

Brocade(config)# acl-policy

Brocade(config-acl-policy)# accounting-no-sort

Syntax: [no] accounting-no-sort

The [no] version of the accounting-no-sort command displays the access-list entries in sorted order
based on the number of ACL hits.

ACL accounting on Brocade NetIron CES and Brocade NetIron CER
devices

The following special considerations affect how ACL accounting is configured on Brocade NetIron
CES and Brocade NetIron CER devices.

On Brocade NetIron CES and Brocade NetIron CER devices you enable ACL accounting at the
filter level by adding an enable-accounting keyword in each clause of an ACL for which you want
to gather statistics.

CAM resources are shared on Brocade NetIron CES and Brocade NetIron CER devices between
ACL accounting and ACL rate-limiting. This limits the number of ACL accounting instances
available on the system.

If ACL deny logging and ACL accounting are enabled on the same ACL clause, deny logging
takes precedence and ACL accounting statistics will not be available for that clause.

You can bind both an inbound L2 ACL and an inbound IP ACL to the same port on Brocade
NetIron CES and Brocade NetIron CER devices. Refer to “Configuration considerations for dual
inbound ACLS on Brocade NetIron CES and Brocade NetIron CER devices” and “ACL Accounting
interactions between L2 ACLs and IP ACLs” for further information.

See also other documents in the category Brocade Computer Accessories: