Extreme Networks ExtremeWare XOS Guide Manual page 264

Access Lists (ACLs)
Action Modifiers
Additional actions can also be specified, independent of whether the packet is dropped or forwarded.
These additional actions are called action modifiers. Not all action modifiers are available on all
switches, and not all are available for both ingress and egress ACLs. The action modifiers are:
●
count <countername>
—logs the packet header
●
log
—logs the packet header in hex format
●
log-raw
●
meter <metername>
Summit X450 switches only)
—sends a copy of the packet to the monitor (mirror) port (ingress only)
●
mirror
●
mirror-cpu
●
qosprofile <qosprofilename>—
●
redirect <ipv4 addr>
only)
●
replace-dscp
(BlackDiamond 10K ingress only)
●
replace-dot1p
(BlackDiamond 10K ingress only)
To count packets: When the ACL entry match conditions are met, the specified counter is incremented.
The counter value can be displayed by the command:
show access-list counter {<countername>} {any | ports <portlist> | vlan <vlanname>}
{ingress | egress}
To log packets: Packets are logged only when they go to the CPU, so packets in the fastpath are not
automatically logged. You must use both the
modifier if you want to log both slowpath and fastpath packets that match the ACL rule entry.
Additionally, KERN:INFO messages are not logged by default. You must configure the EMS target to
log these messages. See
EMS.
To meter packets: BlackDiamond 8800 Family and Summit X450 Only—For the BlackDiamond 8800
family and Summit X450 switches, the
an ACL meter. See the section,
on page 271 for more information.
To mirror packets: You must enable port-mirroring on your switch. See the section,
Mirroring" on page
an error message if port-mirroring is not enabled.
To redirect packets: BlackDiamond 10K Only—Packets are forwarded to the IPv4 address specified,
without modifying the IP header. The IPv4 address must be in the IP ARP cache, otherwise the packet is
forwarded normally. Only fast path traffic can be redirected.
You may want to create a static ARP entry for the redirection IP address, so that there will always be a
cache entry.
To replace DSCP or 802.1p fields: BlackDiamond 10K Ingress Only—Specify a QoS profile for matching
packets. The field values are replaced with the value associated with that profile. In the following
264
—increments the counter named in the action modifier (ingress only)
—takes action depending on the traffic rate (BlackDiamond 8800 family and
—mirrors a copy of the packet to the CPU in order to log it
forwards the packet to the specified QoS profile (ingress only)
—forwards the packet to the specified IPv4 address (BlackDiamond 10K
—replace the packet's DSCP field with the value from the associated QoS profile
—replace the packet's 802.1p field with the value from the associated QoS profile
Chapter 8, "Status Monitoring and
meter <metername>
"ACL Metering—BlackDiamond 8800 Family and Summit X450 Only"
130. If you attempt to apply a policy that requires port-mirroring, you will receive
action modifier and the
mirror-cpu
Statistics", for information about configuring
action modifier associates a rule entry with
or
log log-raw
"Switch Port
ExtremeWare XOS 11.3 Concepts Guide
action