Avaya 882 Manual Do Utilizador
13-18
User Guide for the Avaya P580 and P882 Multiservice Switches, v6.1
Chapter 13
CLI Command
To set the interval for ACL logging, use the following CLI command:
(configure)#
ip acl-logging logging-interval <time-in-seconds>
Optimizing Switch Performance
Overview
* Note: This section provides a detailed discussion of the architecture
and functionality of the Avaya Multiservice switch with respect
to ACLs. This material goes well beyond standard
configuration issues by addressing system performance,
memory management, and optimization.
to ACLs. This material goes well beyond standard
configuration issues by addressing system performance,
memory management, and optimization.
Purpose
The purpose of this section is to explain the configuration options when
using Access Lists. Deploying an Access List affects the use of hardware
and software resources and may impact system performance. An Access
Control List (ACL), also referred to as an Access List, is a tool for
associating rules (permit, deny, prioritize for Quality of Service (QoS)) with
identified IP traffic through the switch. This section will show how to
monitor performance and adjust configurations to optimize performance.
using Access Lists. Deploying an Access List affects the use of hardware
and software resources and may impact system performance. An Access
Control List (ACL), also referred to as an Access List, is a tool for
associating rules (permit, deny, prioritize for Quality of Service (QoS)) with
identified IP traffic through the switch. This section will show how to
monitor performance and adjust configurations to optimize performance.
Terminology
The following terms are used extensively in this section:
■
5-tuple: The five elements that fully describe the criteria of the
ACL rule: Source IP/ Mask, Destination IP/Mask, Protocol, Source
Port, Destination Port. The masks allow the user to specify a narrow
or wide range of matches. All elements are optional, but the Ports
are only valid if TCP or UDP is the selected protocol and can be
expressed as a single port or range of ports. The protocol ID for
TCP and UDP is 6 and 17 respectively.
ACL rule: Source IP/ Mask, Destination IP/Mask, Protocol, Source
Port, Destination Port. The masks allow the user to specify a narrow
or wide range of matches. All elements are optional, but the Ports
are only valid if TCP or UDP is the selected protocol and can be
expressed as a single port or range of ports. The protocol ID for
TCP and UDP is 6 and 17 respectively.
■
Access List/Access Control List (ACL): an ordered list of ACL
Rules.
Rules.
■
ACL Rule: An element of an ACL that identifies traffic based upon
a 5-tuple (condition), and specifies a queue (0-7), permit, or deny
action for packets matching the condition.
a 5-tuple (condition), and specifies a queue (0-7), permit, or deny
action for packets matching the condition.
■
CPU: The general processor for the P580 and P882 that resides on
the Supervisor module. The CPU determines whether to forward or
filter packets. It identifies Flows by resolving IP-to-MAC
addressing and matching ACL Rules. It updates the F-chip’s
forwarding cache for future Fast Pathing of packets that match this
Flow. The process of examining Flows and updating all of the F-
chips’ forwarding caches is called Slow Path.
the Supervisor module. The CPU determines whether to forward or
filter packets. It identifies Flows by resolving IP-to-MAC
addressing and matching ACL Rules. It updates the F-chip’s
forwarding cache for future Fast Pathing of packets that match this
Flow. The process of examining Flows and updating all of the F-
chips’ forwarding caches is called Slow Path.