beautypg.com

Enabling and disabling ipv6 acl accounting on br – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 232

background image

214

Multi-Service IronWare Security Configuration Guide

53-1003035-02

ACL accounting

4

You can enable ACL accounting at the filter level by adding an enable-accounting keyword in
each clause of an IPv6 ACL for which you want to gather statistics.

IPv6 ACL rate limiting and IPv6 deny logging are not supported.

CAM resources are shared on the devices between Layer 2, IPv4, and IPv6 ACL accounting.
This limits the number of ACL accounting instances available on the system.

For inbound ACL accounting, you can bind a Layer 2, IPv4, and IPv6 ACL accounting to the
same port. Refer to “Configuration considerations for dual inbound ACLS on Brocade NetIron
CES and Brocade NetIron CER devices” and “ACL Accounting interactions between L2 ACLs and
IP ACLs” for further information.

For outbound ACL accounting, you can bind an IPv4 and IPv6 ACL accounting to the same port.
However, Layer 2 ACL accounting does not coexist with either IPv4 or IPv6 ACL accounting on
the same port.

The port-level configuration to enable or disable the counters is not applicable.

For detailed information about ACL accounting considerations for Brocade NetIron CES 2000 and
Brocade NetIron CER 2000 devices, refer to “ACL accounting”.

Enabling and disabling IPv6 ACL accounting on Brocade NetIron CES
2000 and Brocade NetIron CER 2000 devices

By default, the ACL accounting is disabled on the Brocade NetIron CES 2000 and Brocade NetIron
CER 2000 devices. You can enable the ACL accounting explicitly in each clause of an IPv6 ACL for
which you want to gather statistics by including the keyword enable-accounting immediately after
the permit or deny keyword. To enable ACL accounting, enter the following command:

Brocade(config)# ipv6 access-list netw permit enable-accounting ip any any

Syntax: [no] ipv6 access-list acl name permit | deny enable-accounting

The acl name variable defines the name of the IPv6 ACL. The acl name can contain up to 199
characters and numbers, but cannot begin with a number and cannot include any spaces or
quotation marks.

The permit keyword indicates that enabling IPv6 ACL accounting will be permitted for the clauses
that match a policy in the access list.

The deny keyword indicates that enabling IPv6 ACL accounting will be denied for the clauses that
match a policy in the access list.

The enable-accounting keyword enables the IPv6 ACL accounting.

The no option is used to turn off the previously enabled IPv6 ACL accounting.

NOTE

The rules of action merging and counter precedence must be considered to determine which action
to take and which accounting to count while binding multiple ACL accountings to the same port.

See also other documents in the category Brocade Computer Accessories: