Administrator Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000

301

302

303

304

305

306

307

308

309

310

Parameters

log (OPTIONAL) Enter the keyword log to enable the triggering

of ACL log messages.

threshold-in

msgs count

(OPTIONAL) Enter the threshold-in-msgs keyword

followed by a value to indicate the maximum number of ACL

logs that can be generated, exceeding which the generation

of ACL logs is terminated. with the seq, permit, or deny

commands. You can enter a threshold in the range of 1-100.

interval

minutes

(OPTIONAL) Enter the keyword interval followed by the

time period in minutes at which ACL logs must be generated.

You can enter an interval in the range of 1-10 minutes.

monitor (OPTIONAL) Enter the keyword monitor when the rule is

describing the traffic that you want to monitor and the ACL

in which you are creating the rule is applied to the monitored

interface.

Defaults By default, 10 ACL logs are generated if you do not specify the threshold explicitly.

The default frequency at which ACL logs are generated is 5 minutes. By default,

flow-based monitoring is not enabled.

Command

Modes

CONFIGURATION-EXTENDED-ACCESS-LIST

Command

History

Version 9.3.0.0 Added support for logging of ACLs on the S4810, S4820T,

Z9000, and MXL 10/40GbE Switch IO Module platforms.

Version 9.4(0.0) Added support for flow-based monitoring on the S4810,

S4820T, S6000, Z9000, and MXL 10/40GbE Switch IO

Module platforms.

Usage

Information

When the configured maximum threshold is exceeded, generation of logs is

stopped. When the interval at which ACL logs are configured to be recorded

expires, the subsequent, fresh interval timer is started and the packet count for that

new interval commences from zero. If ACL logging was stopped previously

because the configured threshold is exceeded, it is reenabled for this new interval.

If ACL logging is stopped because the configured threshold is exceeded, it is

reenabled after the logging interval period elapses. ACL logging is supported for

standard and extended IPv4 ACLs, standard and extended IPv6 ACLs, and standard

and extended MAC ACLs. You can configure ACL logging only on ACLs that are

applied to ingress interfaces; you cannot enable logging for ACLs that are

associated with egress interfaces.

You can activate flow-based monitoring for a monitoring session by entering the

flow-based enable command in the Monitor Session mode. When you enable this

capability, traffic with particular flows that are traversing through the ingress and

egress interfaces are examined and, appropriate ACLs can be applied in both the

ingress and egress direction. Flow-based monitoring conserves bandwidth by

monitoring only specified traffic instead all traffic on the interface. This feature is

particularly useful when looking for malicious traffic. It is available for Layer 2 and

Access Control Lists (ACL)

303