beautypg.com

Displaying accounting statistics for all acls, Acl accounting, Interactions between l2 acls and ip acls – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 177: Acl deny logging and acl accounting

background image

Multi-Service IronWare Security Configuration Guide

159

53-1003035-02

ACL accounting

3

ACL deny logging and ACL accounting

On Brocade NetIron CES and Brocade NetIron CER devices, if ACL deny logging and ACL accounting
are enabled on the same ACL clause deny logging takes precedence and ACL accounting statistics
will not be available for that clause.

ACL Accounting interactions between L2 ACLs and IP ACLs

You can bind dual inbound ACLs (one L2 ACL and one IP ACL) to a single port on a Brocade NetIron
CES and Brocade NetIron CER device. Brocade recommends enabling ACL accounting in only one
of the ACLs bound to the same port. Including ACL-accounting-enabled clauses in both ACLs can
result in anomalous reporting of filtering results.

Displaying accounting statistics for all ACLs

To display a summary of the number of hits in all ACLs on a Multi-Service device, enter the following
command.

The display shows the following information:

Syntax: show access-list accounting brief [ l2 | policy-based-routing | rate-limit ]

The l2 parameter limits the display to Layer 2 ACL accounting information.

The policy-based-routing parameter limits the display to policy based routing accounting
information.

The rate-limit parameter limits the display to rate limiting ACL accounting information.

IPv4 ACL accounting statistics are displayed if no option is specified.

This field...

Displays...

Collecting ACL accounting summary
for interface

Shows for which interfaces the ACL accounting information was collected
and whether or not the collection was successful.

Int

The ID of the interface for which the statistics are being reported.

In ACL

The ID of the ACL used to filter the incoming traffic on the interface.

Total In Hit*

The number of hits from incoming traffic processed by all ACL entries
(filters) in the ACL. A number is shown for each counter.

Out ACL

ID of the ACL used to filter the outgoing traffic on the interface.

Total Out Hit*

The number of hits from incoming traffic processed by all ACL entries
(filters) in the ACL. A number is shown for each counter.

* The Total In Hit and Total Out Hit displays the total number of hits for all the ACL entries (or filters) in an ACL. For

example, if an ACL has five entries and each entry processed matching conditions three times during the last
minute, then the total Hits for the 1m counter is 15.

Brocade (config)#show access-list accounting brief

Collecting ACL accounting summary for VE 1 ... Completed successfully.

ACL Accounting Summary: (ac = accumulated since accounting started)

Int In ACL Total In Hit Out ACL Total Out Hit

VE 1 111 473963(1s)

25540391(1m)

87014178(5m)

112554569(ac)

See also other documents in the category Brocade Computer Accessories: