beautypg.com

Acl accounting, Log example – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 175

background image

Multi-Service IronWare Security Configuration Guide

157

53-1003035-02

ACL accounting

3

Log example

The following examples display typical log entries where the ACL Deny Logging feature is
configured.

[IPv4 Inbound ACL]

Dec 16 12:12:29:I:list 102 denied tcp 10.10.10.1(1024)(Ethernet 3/1

0000.0000.0010) - 10.20.20.1(1025), 27298224 event(s)

[L2 MAC ACL]

Dec 16 12:12:29:I: MAC ACL 400 denied 1 packets on port 3/16 [SA:0000.0000.0020,

DA:0000.0000.0010, Type:IPV4-L5, VLAN:1]

ACL accounting

Multi-Service devices monitor the number of times an ACL is used to filter incoming or outgoing
traffic on an interface. The show access-list accounting command displays the number of “hits” or
how many times ACL filters permitted or denied packets that matched the conditions of the filters.

NOTE

ACL accounting does not tabulate nor display the number of implicit denials by an ACL.

Counters, stored in hardware, keep track of the number of times an ACL filter is used.

The counters that are displayed on the ACL accounting report are:

1s – Number of hits during the last second. This counter is updated every second.

1m – Number of hits during the last minute. This counter is updated every one minute.

5m – Number of hits during the last five minutes. This counter is updated every five minutes.

ac – Accumulated total number of hits. This counter begins when an ACL is bound to an
interface and is updated every one minute. This total is updated until it is cleared.
The accumulated total is updated every minute. For example, a minute after an ACL is bound to
a port, it receives 10 hits per second and continues to receive 10 hits per second. After one
minute, the accumulated total hits is 600. After 10 minutes, there will be 6000 hits.

The counters can be cleared when the device is rebooted, when an ACL is bound to or unbound
from an interface, or by entering a clear access-list command.

Enabling and disabling ACL accounting on Brocade NetIron XMR and
Brocade MLX series devices

ACL accounting is not automatically enabled on Brocade NetIron XMR and Brocade MLX series
devices. Before you can collect ACL accounting statistics, you must enter the following command.

Brocade (config)# enable-acl-counter

Syntax: [no] enable-acl-counter

NOTE

Enabling or disabling ACL accounting affects the gathering of statistics from all ACL types (Layer-2,
IPv4 and IPv6).

See also other documents in the category Brocade Computer Accessories: