beautypg.com

Displaying and maintaining acls – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 151

background image

136

CAUTION:

If you are using the host device to generate comprehensive log data for the ACL matching packets, also
follow these guidelines:

Do not assign the packet filtering enabled port to VLAN 1.

Configure the port that connects the device to the card as a trunk port, and remove the port from all but
VLAN 1.

2.

Configuring a SecBlade NetStream card to generate comprehensive log data for the ACL
matching packets

If your use the SecBlade NetStream card on the distributed or distributed IRF member device, to generate

comprehensive log data for the ACL matching packets. Configure the interface that connects the card to

the device to periodically output IPv4 packet filtering logs. The log data includes the destination IP

address, source IP address, destination port, source port, protocol number, filtering action, and the
number of matching packets.
Follow these steps to configure a card to generate comprehensive log data for the ACL matching packets:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter Layer 2 Ethernet interface view

interface interface-type
interface-number

Configure the port as a trunk port

port link-type trunk

Required
The default link type of a port is
access.

Assign the port to all VLANs

port trunk permit vlan all

Required
By default, a trunk port is in VLAN 1.

Enable the IPv4 packet filtering
logging function

packet-filter logging enable

Required
Disabled by default.

Exit to system view

quit

Set the interval for generating and
outputting IPv4 packet filtering logs

packet-filter logging-interval
interval

Optional
The default interval is 10 seconds.

Displaying and maintaining ACLs

To do...

Use the command…

Remarks

Display configuration and match
statistics for one or all IPv4 ACLs

display acl { acl-number | all | name
acl-name }

Available in any view

Display information about the IPv4
ACL acceleration feature

display acl accelerate { acl-number | all } [ |
{ begin | exclude | include }

regular-expression ]

Available in any view

Clear statistics for one or all IPv4
ACLs

reset acl counter { acl-number | all | name
acl-name }

Available in user view

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: