Service Manual
You cannot include IP, TCP, or UDP (Layer 3) filters in an ACL configured with ARP or Ether-type (Layer 2) filters.
Apply Layer 2 ACLs to interfaces in Layer 2 mode.
When the configured maximum threshold is exceeded, generation of logs is stopped. When the interval at which
ACL logs are configured to be recorded expires, the subsequent, fresh interval timer is started and the packet
count for that new interval commences from zero. If ACL logging was stopped previously because the configured
threshold is exceeded, it is re-enabled for this new interval.
If ACL logging is stopped because the configured threshold is exceeded, it is re-enabled after the logging interval
period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs. You
can configure ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable logging for ACLs
that are associated with egress interfaces.
You can activate flow-based monitoring for a monitoring session by entering the flow-based enable
command in the Monitor Session mode. When you enable this capability, traffic with particular flows that are
traversing through the ingress and egress interfaces are examined and, appropriate ACLs can be applied in both
the ingress and egress direction. Flow-based monitoring conserves bandwidth by monitoring only specified traffic
instead all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available
for Layer 2 and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.
This mechanism copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port.
The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters may display
an incorrect value. Configure packet counters with logging instead.
seq
Assign a sequence number to a deny or permit filter in an extended IP access list while creating the filter.
Syntax
seq sequence-number {deny | permit} {source [mask] | any | host ip-address}}
[count [byte] [dscp value] [order] [fragments] [threshold-in-msgs [count]
Parameters
sequence-number Enter a number from 0 to 4294967290. The range is from 0 to 65534.
deny Enter the keyword deny to configure a filter to drop packets meeting this condition.
permit Enter the keyword permit to configure a filter to forward packets meeting this criteria.
source Enter an IP address in dotted decimal format of the network from which the packet was
received.
mask (OPTIONAL) Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when
specified in A.B.C.D format, may be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the filter.
count (OPTIONAL) Enter the keyword count to count packets the filter processes.
byte (OPTIONAL) Enter the keyword byte to count bytes the filter processes.
dscp (OPTIONAL) Enter the keyword dcsp to match to the IP DCSCP values.
order (OPTIONAL) Enter the keyword order to specify the QoS order for the ACL entry. The
range is from 0 to 254 (where 0 is the highest priority and 254 is the lowest; lower-order
numbers have a higher priority). If you do not use the keyword order, the ACLs have
the lowest order by default (
255).
fragments Enter the keyword fragments to use ACLs to control packet fragments.
Access Control Lists (ACL) 237