Cisco WS-C6506 Software Manual page 480

Configuring ACL Statistics
Enabling ACL Statistics on a Per-VLAN Basis
Enter the set security acl map acl-name {vlan/mod_port} [statistics enable | disable] command to
enable the ACL statistics on a per-VLAN basis.
In the per-VLAN mode, label sharing is disabled. For example, if you have an ACL that is mapped to
Note
10 VLANs and you enable per-VLAN statistics on one of the VLANs, you will have nine VLANs sharing a
label. The VLAN on which you enabled VLAN statistics will have a different label, but this does not imply
that statistics are enabled. If the ACL that you mapped does not have the statistics enabled (either per-ACE
or per-ACL), you will not see any statistical information except for the ARP packets.
If the per-VLAN statistics are enabled on a VLAN, the subsequent maps that are configured on the same
VLAN will also have the per-VLAN statistics enabled. If the per-VLAN statistics are disabled on a
VLAN, the previous maps that are configured on the same VLAN will also have the per-VLAN statistics
disabled.
For example, if you enter the set security acl map ip1 1 statistics enable command followed by the set
security acl map mac1 1 command, the mac1 ACL will also have the per-VLAN statistics enabled.
If you enter the set security acl map ip1 1 statistics enable command followed by the set security acl
map mac1 1 statistics disable command, the ip1 ACL will also have the per-VLAN statistics disabled.
To enable the ACL statistics on a per-VLAN basis, perform these tasks in privileged mode:
Task
Enable the ACL statistics on a
per-VLAN basis.
Display the configuration.
This example shows how to enable the ACL statistics on a per-VLAN basis:
Console> (enable) set security acl map ACL1 1 statistics enable
Mapping in progress.
ACL ACL1 successfully mapped to VLAN 1.
Console> (enable)
Console> (enable) show security acl info ACL1
set security acl ip ACL1 statistics
---------------------------------------------------
arp permit
1. permit ip any any
Console> (enable)
Enabling ACL Statistics on a Per-ACE Basis
Enter the set security acl ip/mac acl_name ... [statistics] command to enable the ACL statistics on a
per-ACE basis. This option allows you to collect the statistics for the configured ACEs even if the ACL
statistics are not enabled. This command is effective only after you enter the commit command to
commit all ACEs to NVRAM.
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
15-84
Command
set security acl map acl-name {vlan/mod_port} [statistics
enable | disable]
show security acl
Chapter 15 Configuring Access Control
OL-8978-04