beautypg.com

Acl rate-limiting and acl accounting – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 176

background image

158

Multi-Service IronWare Security Configuration Guide

53-1003035-02

ACL accounting

3

ACL accounting on Brocade NetIron CES and Brocade NetIron CER
devices

The following special considerations affect how ACL accounting is configured on Brocade NetIron
CES and Brocade NetIron CER devices.

Enabling ACL accounting on Brocade NetIron CES and Brocade NetIron CER
devices

On Brocade NetIron CES and Brocade NetIron CER devices you enable ACL accounting explicitly in
each clause of an ACL for which you want to gather statistics. Enable ACL accounting in an
individual filter by including the keyword enable-accounting immediately after the permit or deny
keyword.

To create an ACL filter clause with ACL accounting enabled, enter a command such as the following
at the global CONFIG level of the CLI.

Brocade(config)# access-list 100 permit enable-accounting ip any any

The example above will add a permit clause to ACL 100 with accounting enabled.

Syntax: [no] access-list num|name permit|deny enable-accounting

NOTE

ACL accounting on Brocade NetIron CES and Brocade NetIron CER devices is applicable only on the
outbound counter, not the inbound counter.

ACL rate-limiting and ACL accounting

CAM resources are shared on Brocade NetIron CES and Brocade NetIron CER devices between ACL
accounting and ACL rate-limiting. This limits the number of ACL accounting instances available on
the system.

To check the availability of ACL accounting and ACL rate-limiting resources, use the show resource
command.

Brocade# show resource

. . .

[I cntr/mtrs(1)] 2048(size), 1982(free), 03.22%(used), 0(failed)

[O cntr/mtrs(1)] 2048(size), 1984(free), 03.12%(used), 0(failed)

. . .

The above example shows only the output related to ACL rate-limiting and ACL accounting
resources, and indicates that 3.22% of input resources and 3.12% of output resources have been
used.

NOTE

On a Brocade NetIron CES or Brocade NetIron CER device, each outbound ACL clause has 2 clauses
in the ternary content addressable memory (TCAM). The additional clause is for virtual ports that
correspond to the physical ports. Accordingly any outbound ACL requests two separate TCAM
indices. For a full TCAM, this results in 2 failure counts.

See also other documents in the category Brocade Computer Accessories: