Displaying and maintaining acls – H3C Technologies H3C SecBlade NetStream Cards User Manual

Page 151

Advertising
background image

136

CAUTION:

If you are using the host device to generate comprehensive log data for the ACL matching packets, also
follow these guidelines:

Do not assign the packet filtering enabled port to VLAN 1.

Configure the port that connects the device to the card as a trunk port, and remove the port from all but
VLAN 1.

2.

Configuring a SecBlade NetStream card to generate comprehensive log data for the ACL
matching packets

If your use the SecBlade NetStream card on the distributed or distributed IRF member device, to generate

comprehensive log data for the ACL matching packets. Configure the interface that connects the card to

the device to periodically output IPv4 packet filtering logs. The log data includes the destination IP

address, source IP address, destination port, source port, protocol number, filtering action, and the
number of matching packets.
Follow these steps to configure a card to generate comprehensive log data for the ACL matching packets:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter Layer 2 Ethernet interface view

interface interface-type
interface-number

Configure the port as a trunk port

port link-type trunk

Required
The default link type of a port is
access.

Assign the port to all VLANs

port trunk permit vlan all

Required
By default, a trunk port is in VLAN 1.

Enable the IPv4 packet filtering
logging function

packet-filter logging enable

Required
Disabled by default.

Exit to system view

quit

Set the interval for generating and
outputting IPv4 packet filtering logs

packet-filter logging-interval
interval

Optional
The default interval is 10 seconds.

Displaying and maintaining ACLs

To do...

Use the command…

Remarks

Display configuration and match
statistics for one or all IPv4 ACLs

display acl { acl-number | all | name
acl-name }

Available in any view

Display information about the IPv4
ACL acceleration feature

display acl accelerate { acl-number | all } [ |
{ begin | exclude | include }

regular-expression ]

Available in any view

Clear statistics for one or all IPv4
ACLs

reset acl counter { acl-number | all | name
acl-name }

Available in user view

Advertising
This manual is related to the following products:

H3C S10500 Series Switches, H3C S7500E Series Switches, H3C S6800 Series Switches, H3C S6300 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5820V2 Series Switches, H3C S5830 Series Switches, H3C S5830V2 Series Switches, H3C S3600V2 Series Switches, H3C S3100V2 Series Switches

Popular Brands
Popular manuals