Displaying And Clearing Acl Counters; Example Acl Rule Entries - Extreme Networks ExtremeWare XOS Guide Manual

To display which interfaces have ACLs configured, and which ACL is on which interface, use the
following command:
show access-list {any | ports <portlist> | vlan <vlanname>} {ingress | egress}

Displaying and Clearing ACL Counters

To display the ACL counters, use the following command:
show access-list counter {<countername>} {any | ports <portlist> | vlan <vlanname>}
{ingress | egress}
To clear the access list counters, use the following command:
clear access-list {dynamic} counter {<countername>} {any | ports <portlist> | vlan
<vlanname>} {ingress | egress}

Example ACL Rule Entries

The following entry accepts all the UDP packets from the 10.203.134.0/24 subnet that are destined for
the host 140.158.18.16, with source port 190 and a destination port in the range of 1200 to 1250:
entry udpacl {
if {
source-address 10.203.134.0/24;
destination-address 140.158.18.16/32;
protocol udp;
source-port 190;
destination-port
} then {
permit;
}
}
The following rule entry accepts TCP packets from the 10.203.134.0/24 subnet with a source port larger
than 190 and ACK & SYN bits set and also increments the counter tcpcnt. The packets will be forwarded
using QoS profile QP3. This example will only work with the BlackDiamond 10K, since the match
condition source-port > 190 alone will create more than 118 rules in the hardware:
entry tcpacl {
if {
source-address 10.203.134.0/24;
protocol TCP;
source-port > 190;
tcp-flags syn_ack;
} then {
permit;
count tcpcnt ;
qosprofile qp3;
}
}
The following example denies ICMP echo request (ping) packets originating from the 10.203.134.0/24
subnet, and increments the counter icmpcnt:
ExtremeWare XOS 11.3 Concepts Guide
1200 - 1250;
Applying ACL Policy Files
273