Display acl, Display traffic policy interface – Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

3 Firewall troubleshooting

Rule(s) : if-match ac l 3001

Table 3-3 Description of the output information of the display traffic classifier command

Main field

Description

User Defined Classifier
Information

Information about the traffic classification defined
by the user

Classifier

The name of the traffic classification

Operator

The relationship of rules for matching the classes

Rule(s)

The matching rules

display acl

[Nortel] display acl 3001

Advanced ACL 3001, 3 rules

Acl's step is 5

rule 5 permi^t ip source 1 0 . 1 . 1 . 1 0

rule 10 permi^t ip source 1 0 . 1 . 1 . 2 0

rule 15 deny ip

The preceding display shows the ACL settings as follows:

•

The default step length is 5.

•

Rule 5 allows the access of the device with the source IP address 10.1.1.1.

•

Rule 10 allows the access of the device with the source IP address 10.1.1.2.

•

Rule 15 refuses all device access.

From the preceding configuration information, you can conclude that the ACL rule 3001
allows only the access of the devices with the source IP addresses 10.1.1.1 and 10.1.1.2

display traffic policy interface

[Nortel] display traffic policy interface Ethernet 1/0/0

Direction: Inbound

Interface: Ethernet1/0/0

policy: carrem

Classifier: carrem2

Behavior: carrem2

Committed Access Rate:

CIR 6000 (kbps), CBS 98304 ( b i ^ t ) , P I R 0 (kbps), PBS 0 (bi^t)

Green Actien:pass

Yellow Action: remark

Red Action: discard

Conformed: 310047196/19843037864 (Packets/Bytes)

Exceeded : 2798/179072 (Packets/Bytes)

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

3-9