Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
Purpose
Action
Meaning
Monitoring Traffic for a Specific Firewall Filter
Purpose
Action
Meaning
Monitoring Traffic for a Specific Policer
Purpose
Action
Copyright © 2010, Juniper Networks, Inc.
Perform the following task to monitor the number of packets and bytes that matched
the firewall filters and monitor the number of packets that exceeded policer rate limits:
Use the operational mode command:
user@switch> show firewall
Filter: egress-vlan-watch-employee
Counters:
Name
counter-employee-web
Filter: ingress-port-voip-class-limit-tcp-icmp
Counters:
Name
icmp-counter
Policers:
Name
icmp-connection-policer
tcp-connection-policer
Filter: ingress-vlan-rogue-block
Filter: ingress-vlan-limit-guest
The
command displays the names of all firewall filters, policers, and
show firewall
counters that are configured on the switch. The output fields show byte and packet
counts for counters and packet count for policers.
Perform the following task to monitor the number of packets and bytes that matched a
firewall filter and monitor the number of packets that exceeded the policer rate limits.
Use the operational mode command:
user@switch> show firewall filter ingress-vlan-rogue-block
Filter: ingress-vlan-rogue-block
Counters:
Name
rogue-counter
The
show firewall filter filter-name
the packet and byte count for all counters configured with the filter, and the packet count
for all policers configured with the filter.
Perform the following task to monitor the number of packets that exceeded policer rate
limits:
Use the operational mode command:
user@switch> show policer tcp-connection-policer
Filter: ingress-port-voip-class-limit-tcp-icmp
Policers:
Chapter 103: Verifying Firewall Filter Configuration
Bytes
3348
Bytes
4100
Packets
0
0
Bytes
2308
command displays the name of the firewall filter,
Packets
27
Packets
49
Packets
20
3085