Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
119
53-1002601-01
Displaying ACL information
Syntax: show access-list hw-usage on | off
Syntax: show access-list access-list-id | all
By default, hardware usage statistics are disabled. To disable hardware usage statistics after is has
been enabled, use the show access-list hw-usage off command.
been enabled, use the show access-list hw-usage off command.
The access-list-id variable is a valid ACL name or number.
Displaying ACL information
To display the number of entries used by each ACL, enter the following command.
Syntax: show access-list ACL-num | ACL-name | all
The Rule cam use field lists the number of CAM entries used by the ACL or entry. The number of
CAM entries listed for the ACL itself is the total of the CAM entries used by the ACL entries.
CAM entries listed for the ACL itself is the total of the CAM entries used by the ACL entries.
For flow-based ACLs, the Total flows and Flows fields list the number of Layer 4 session table flows
in use for the ACL.
in use for the ACL.
The Total packets and Packets fields apply only to flow-based ACLs.
Troubleshooting ACLs
Use the following methods to troubleshoot access control lists (ACLs):
•
To display the number of Layer 4 CAM entries being used by each ACL, enter the show
access-list ACL-num | ACL-name | all command. Refer to
access-list ACL-num | ACL-name | all command. Refer to
•
To determine whether the issue is specific to fragmentation, remove the Layer 4 information
(TCP or UDP application ports) from the ACL, then reapply the ACL.
(TCP or UDP application ports) from the ACL, then reapply the ACL.
If you are using another feature that requires ACLs, either use the same ACL entries for filtering and
for the other feature, or change to flow-based ACLs.
for the other feature, or change to flow-based ACLs.
Policy Based Routing
Policy-Based Routing (PBR) allows you to use ACLs and route maps to selectively modify and route
IP packets in hardware. The ACLs classify the traffic. Route maps that match on the ACLs set
routing attributes for the traffic.
IP packets in hardware. The ACLs classify the traffic. Route maps that match on the ACLs set
routing attributes for the traffic.
A PBR policy specifies the next hop for traffic that matches the policy. Using standard ACLs with
PBR, you can route IP packets based on their source IP address. With extended ACLs, you can route
IP packets based on all of the clauses in the extended ACL.
PBR, you can route IP packets based on their source IP address. With extended ACLs, you can route
IP packets based on all of the clauses in the extended ACL.
Brocade# show ip access-lists
Extended IP access list 100: 1 entry
deny ip any any
deny ip any any