Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

84

ServerIron ADX Security Guide

53-1002440-03

2

•

To view the types of packets being received on an interface, enable ACL statistics using the
enable-acl-counter command, reapply the ACLs by entering the ip rebind-acl all command, then
display the statistics by entering the show ip acl-traffic command.

•

To determine whether an ACL entry is correctly matching packets, add the log option to the ACL
entry, then reapply the ACL. This forces the device to send packets that match the ACL entry to
the CPU for processing. The log option also generates a Syslog entry for packets that are
permitted or denied by the ACL entry.

•

To determine whether the issue is specific to fragmentation, remove the Layer 4 information
(TCP or UDP application ports) from the ACL, then reapply the ACL.

If you are using another feature that requires ACLs, either use the same ACL entries for filtering and
for the other feature, or change to flow-based ACLs.