Displaying acl bindings, Troubleshooting acls – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

48

Brocade Virtual ADX Security Guide

53-1003250-01

Displaying ACL bindings

2

Displaying ACL bindings

You can display which ACLs (IPv4 and IPv6) are bound to which interfaces as shown in the
following.

Virtual ADX #show access-list bindings

Access-list binding configuration:

!

interface ethernet 2

ip access-group 2 in

ipv6 traffic-filter acl1 in

Syntax: show access-list bindings

Troubleshooting ACLs

Use the following methods to troubleshoot an ACL:

•

To view the types of packets being received on an interface, enable ACL statistics using the
enable-acl-counter command, reapply the ACLs by entering the ip rebind-acl all command, then
display the statistics by entering the show ip acl-traffic command.

•

To determine whether an ACL entry is correctly matching packets, add the log option to the ACL
entry, then reapply the ACL. The log option generates a Syslog entry for packets that are denied
by the ACL entry.

•

To determine whether the issue is specific to fragmentation, remove the Layer 4 information
(TCP or UDP application ports) from the ACL, then reapply the ACL.

If you are using another feature that requires ACLs, use the same ACL entries for filtering and for
the other feature.