KB.15.15

Example 8 ACL performance monitioring

Figure 10-47 shows a sample of performance monitoring output for an IPv6 ACL assigned as a

VACL.

Figure 210 IPv6 ACL performance monitoring output

Figure 211 IPv4 ACL assigned as a VACL performance monitoring output

ACE counter operation

For a given ACE in an assigned ACL, the counter increments by 1 each time the switch detects a

packet that matches the criteria in that ACE, and maintains a running total of the matches since

the last counter reset. For example, in ACL line 10 below, there has been a total of 37 matches

on the ACE since the last time the ACL’s counters were reset.

Total ( 37) 10 permit icmp ::/0 fe80::20:2/128 128

NOTE: This ACL monitoring feature does not include hits on the “implicit deny” that is included

at the end of all ACLs.

Resetting ACE Hit counters to zero

Using the clear statistics command (page 10-118):

• Removing an ACL from an interface zeros the ACL’s ACE counters for that interface only.

• For a given ACL, either of the following actions clear the ACE counters to zero for all interfaces

to which the ACL is assigned.

◦ adding or removing a permit or deny ACE in the ACL

◦ rebooting the switch

Using 297