1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Switch
  5. ServerIron ADX 12.4.00a
  6. Security manual

Configuring Acl Packet And Flow Counters - Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual

Version 12.4.00a
Hide thumbs
Table of Contents

Advertisement

2
Enabling strict TCP or UDP mode for flow-based ACLs
Syntax: [no] ip strict-acl-udp
This command configures the device to compare all UDP packets against the configured ACLs
before forwarding them.
To disable the strict ACL mode and return to the default ACL behavior, enter the following
command.
ServerIronADX(config)# no ip strict-acl-udp
NOTE
Enter the ip rebind-acl command at the global CONFIG level of the CLI to place the ip strict-acl-udp
or no ip strict-acl-udp command into effect.

Configuring ACL packet and flow counters

You can configure counters for packets and flows that match entries in an ACL. Using the CLI, you
can display the contents of the counters and clear them:
The ACL flow and packet counters are incremented differently depending on whether packets are
handled by the Management Processor (MP), and whether they are permit or deny flows.
The Management Processor (MP) handles flows as follows.
For flows handled by the Management Processor:
By default the ACL packet and flow counters are disabled. To activate them, enter the following
command.
ServerIronADX(config)# enable-acl-counter
Syntax: [no] enable-acl-counter
Once the ACL packet and flow counters are enabled, you can disable them with the no form of the
enable-acl-counter command. Disabling and then re-enabling the ACL packet and flow counters
resets them to zero.
To display the packet and flow counters for ACL 100.
78
The ACL packet counter feature provides an accurate count of packets matching individual ACL
entries.
The ACL flow counter feature provides an approximate count of flows matching individual ACL
entries. This feature can be used for troubleshooting purposes to provide an indication of flow
activity against an ACL. Each time the Brocade device receives the first packet of a flow
matching an entry in an ACL list, the flow counter for that ACL entry is incremented by one. If a
flow lasts longer than two minutes, the flow counter for the ACL entry is incremented again.
NOTE
The ACL flow counter feature is designed to monitor the general volume of flow activity for an
ACL. It is not intended to be used for accounting purposes.
For permit flows, only flows are counted. If a permit flow lasts longer than two minutes, the flow
counter is incremented again.
For deny flows, only packets are counted.
ServerIron ADX Security Guide
53-1002440-03

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00a

Related Content for Brocade Communications Systems ServerIron ADX 12.4.00a

This manual is also suitable for:

Serveriron adx 1000Serveriron adx 4000Serveriron adx 8000Serveriron adx 10000

Table of Contents