Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1841184218431844184518461847184818491850
FastIron Configuration Guide 1783
53-1002494-02
ACL statistics and rate limit counting
Enabling ACL statistics
NOTE
ACL statistics and ACL counting are used interchangeably throughout this chapter and mean the
same thing.
NOTE
The FastIron WS does not support the use of traffic policies for ACL statistics only. However, these
models do support the use of traffic policies for ACL statistics together with rate limiting traffic
policies. Refer to “Enabling ACL statistics with rate limiting traffic policies on page 1784.
Use the procedures in this section to configure ACL statistics. Before configuring ACL statistics, see
what to consider in “Configuration notes and feature limitations for traffic policies” on page 1774.
To enable ACL statistics on a FastIron X Series device, first create a traffic policy, and then
reference the traffic policy in an extended ACL entry. Lastly, bind the ACL to an interface. The ACL
counting policy becomes effective on ports to which the ACLs are bound.
You also can enable ACL statistics when you create a traffic policy for rate limiting. Refer to
“Enabling ACL statistics with rate limiting traffic policies” on page 1784.
Complete the following steps to implement the ACL statistics feature.
1. Create a traffic policy. Enter a command such as the following.
Brocade(config)#traffic-policy TPD5 count
2. Create an extended ACL entry or modify an existing extended ACL entry that references the
traffic policy definition. Enter a command such as the following.
Brocade(config)#access-list 101 permit ip host 210.10.12.2 any traffic-policy
TPD5
3. Bind the ACL to an interface. Enter commands such as the following.
Brocade(config)#interface ethernet 4
Brocade(config-if-e4)#ip access-group 101 in
Brocade(config-if-e4)#exit
The previous commands configure an ACL counting policy and apply it to port e4. Port e4 counts
the number of packets and the number of bytes on the port that were permitted or denied by ACL
filters.
Syntax: [no] traffic-policy <TPD name> count
Syntax: access-list <num> permit | deny.... traffic policy <TPD name>
Syntax: [no] ip access-group <num> in
NOTE
For brevity, some parameters were omitted from the access-list syntax.
The software allows you to add a reference to a non-existent TPD in an ACL statement and to bind
that ACL to an interface. The software does not issue a warning or error message for non-existent
TPDs.
Use the no form of the command to delete a traffic policy definition. Note that you cannot delete a
traffic policy definition if it is currently in use on a port. To delete a traffic policy, first unbind the
associated ACL.