Displaying acl information, Troubleshooting acls, Policy based routing – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 139

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

119

53-1002601-01

Displaying ACL information

Syntax: show access-list hw-usage on | off

Syntax: show access-list access-list-id | all

By default, hardware usage statistics are disabled. To disable hardware usage statistics after is has
been enabled, use the show access-list hw-usage off command.

The access-list-id variable is a valid ACL name or number.

Displaying ACL information

To display the number of entries used by each ACL, enter the following command.

Syntax: show access-list ACL-num | ACL-name | all

The Rule cam use field lists the number of CAM entries used by the ACL or entry. The number of
CAM entries listed for the ACL itself is the total of the CAM entries used by the ACL entries.

For flow-based ACLs, the Total flows and Flows fields list the number of Layer 4 session table flows
in use for the ACL.

The Total packets and Packets fields apply only to flow-based ACLs.

Troubleshooting ACLs

Use the following methods to troubleshoot access control lists (ACLs):

To display the number of Layer 4 CAM entries being used by each ACL, enter the show
access-list ACL-num | ACL-name | all command. Refer to

“Displaying ACL information”

on

page 119.

To determine whether the issue is specific to fragmentation, remove the Layer 4 information
(TCP or UDP application ports) from the ACL, then reapply the ACL.

If you are using another feature that requires ACLs, either use the same ACL entries for filtering and
for the other feature, or change to flow-based ACLs.

Policy Based Routing

Policy-Based Routing (PBR) allows you to use ACLs and route maps to selectively modify and route
IP packets in hardware. The ACLs classify the traffic. Route maps that match on the ACLs set
routing attributes for the traffic.

A PBR policy specifies the next hop for traffic that matches the policy. Using standard ACLs with
PBR, you can route IP packets based on their source IP address. With extended ACLs, you can route
IP packets based on all of the clauses in the extended ACL.

Brocade# show ip access-lists

Extended IP access list 100: 1 entry
deny ip any any

Advertising
Popular Brands
Popular manuals