Displaying acl information, Troubleshooting acls – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 960

Advertising
background image

926

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Displaying ACL information

If the ACL contains filters with Layer 4 source or destination port ranges and the ACL is not
attached to any port or VLAN, then the minimum and maximum number of estimated TCAM
usage per filter is displayed in ‘x or y’ format where ‘x’ is the minimum number and ‘y’ is the
maximum number of estimated TCAM entries.

Whenever the ACL is attached to a different VLAN (on the same or another port), the TCAM
usage count is incremented to reflect the current usage. The following shows an example of
the show access-list command output before an ACL is attached to a port.

TurboIron(config-if-e10000-2-vlan-2)#show acc 111

Extended IP access list 111 (hw usage : 3 or up to 13)

permit tcp any range 10 40 any (hw usage : 1 or 5)

permit tcp any range 10 60 any (hw usage : 1 or 7)

The following shows an example show access-list command output after an ACL is attached to a
port.

TurboIron(config-if-e10000-2)#show access-list 111

Extended IP access list 111 (hw usage : 3)

permit tcp any range 10 40 any (hw usage : 1)

permit tcp any range 10 60 any (hw usage : 1)

Displaying ACL information

To display the number of Layer 4 CAM entries used by each ACL, enter the following command.

Syntax: show access-list <ACL-num> | <ACL-name> | all

The Rule cam use field lists the number of CAM entries used by the ACL or entry. The number of
CAM entries listed for the ACL itself is the total of the CAM entries used by the ACL entries.

For flow-based ACLs, the Total flows and Flows fields list the number of Layer 4 session table flows
in use for the ACL.

The Total packets and Packets fields apply only to flow-based ACLs.

Troubleshooting ACLs

Use the following methods to troubleshoot ACLs:

To display the number of Layer 4 CAM entries being used by each ACL, enter the show
access-list <ACL-num> | <ACL-name> | all command. Refer to

“Displaying ACL information”

on page 926.

To determine whether the issue is specific to fragmentation, remove the Layer 4 information
(TCP or UDP application ports) from the ACL, then reapply the ACL.

TurboIron#show access-list all

Extended IP access list 100 (Total flows: N/A, Total packets: N/A, Total rule cam

use: 3)

permit udp host 192.168.2.169 any (Flows: N/A, Packets: N/A, Rule cam use: 1)

permit icmp any any (Flows: N/A, Packets: N/A, Rule cam use: 1)

deny ip any any (Flows: N/A, Packets: N/A, Rule cam use: 1)

Advertising
Popular Brands
Popular manuals