Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4248FB-ON /S4248FBL-ON
1471147214731474147514761477147814791480
By default, the interval is set to 5 minutes and logs are created every 5 minutes. During this interval, the system continues to
examine the packets against the configured ACL rule and permits or denies traffic, but logging is halted temporarily. This value is
configurable, and the range is from 1 to 10 minutes.
For example, if you have configured a threshold value of 20 and an interval of 10 minutes, after an initial packet match is logged,
the 20th packet that matches the ACE is logged. The system then waits for the interval period of 10 minutes to elapse, during
which time no logging occurs. Once the interval period elapses, the 20th packet that matches the ACE is logged again.
Control-plane management ACL logging
Control-plane management ACL logging is used to monitor the packets that ingress from the management interface, and drop or
forward packets that match certain conditions. OS10 creates a log message that includes additional information about the
packet, when a matching packet hits a log-enabled ACE. This feature is applicable only for control-plane ACLs applied on the
management interface in the inbound direction.
By default, this feature limits the number of logged packets per ACL rule at the rate of two packets per minute and a burst size
of two packets. Use the logging access-list mgmt rate and logging access-list mgmt burst commands to
reconfigure the logging rate and burst size of a control-plane ACL applied on the management interface. Use the show
control-plane logging command to view the configured burst size and logging rate for control-plane management ACL.
ACL commands
clear ip access-list counters
Clears ACL counters for a specific access-list.
Syntax
clear ip access-list counters [access-list-name]
Parameters access-list-name (Optional) Enter the name of the IP access-list to clear counters. A maximum
of 140 characters.
Default Not configured
Command Mode EXEC
Usage
Information
If you do not enter an access-list name, all IPv6 access-list counters clear. The counter counts the
number of packets that match each permit or deny statement in an access-list. To get a more recent
count of packets matching an access list, clear the counters to start at zero. To view access-list
information, use the show access-lists command.
Example
OS10# clear ip access-list counters
Supported
Releases
10.2.0E or later
clear ipv6 access-list counters
Clears IPv6 access-list counters for a specific access-list.
Syntax
clear ipv6 access-list counters [access-list-name]
Parameters access-list-name (Optional) Enter the name of the IPv6 access-list to clear counters. A maximum
of 140 characters.
Default Not configured
Command Mode EXEC
Usage
Information
If you do not enter an access-list name, all IPv6 access-list counters clear. The counter counts the
number of packets that match each permit or deny statement in an access list. To get a more recent
count of packets matching an access list, clear the counters to start at zero. To view access-list
information, use the show access-lists command.
Access Control Lists 1475