Foundry Configuration Guide for the FESX, FSX, and FWSX
15 8 © Foundry Networks, Inc. December 2005
Enabling ACL Counting
Use the procedures in this section to configure ACL counting. Before configuring this feature, see what to
consider in “Configuration Notes and Feature Limitations” on page 15-2.
To enable ACL counting on an X-Series device, first create a traffic policy, then reference the traffic policy in an
extended ACL entry. Lastly, bind the ACL to an interface. The ACL counting policy becomes effective on ports to
which the ACLs are bound.
You also can enable ACL counting when you create a traffic policy for rate limiting. See “Enabling ACL Counting
with Rate Limiting Traffic Policies” on page 15-8.
To implement the ACL counting feature, perform the following steps:
1. Create a traffic policy. Enter a command such as the following:
FESX424 Switch(config)# traffic-policy TPD5 count
2. Create an extended ACL entry or modify an existing extended ACL entry that references the traffic policy
definition. For example:
FESX424 Switch(config)# access-list 101 permit ip host 210.10.12.2 any traffic-
policy TPD5
3. Bind the ACL to an interface.
FESX424 Switch(config)# int e 4
FESX424 Switch(config-if-e4)# ip access-group 101 in
FESX424 Switch(config-if-e4)# exit
The above commands configure an ACL counting policy and apply it to port e4. Port e4 counts the number of
packets and the number of bytes on the port that were permitted or denied by ACL filters.
Syntax: [no] traffic-policy <TPD name> count
Syntax: access-list <num> permit | deny.... traffic policy <TPD name>
Syntax: [no] ip access-group <num> in | out
NOTES:
For brevity, some parameters were omitted from the above access-list syntax. For the complete CLI syntax, see
the Foundry Switch and Router Command Line Interface Reference.
The software allows you to add a reference to a non-existent TPD in an ACL statement and to bind that ACL to an
interface. The software does not issue a warning or error message for non-existent TPDs.
Use the no form of the command to delete a traffic policy definition. Note that you cannot delete a traffic policy
definition if it is currently in use on a port. To delete a traffic policy, first unbind the associated ACL.
<TPD name> is the name of the traffic policy definition. This value can be 8 alphanumeric characters or less.
Enabling ACL Counting with Rate Limiting Traffic Policies
The configuration example in the section “Enabling ACL Counting” shows how to enable ACL counting without
having to configure parameters for rate limiting. You also can enable ACL counting while defining a rate limiting
traffic policy, as illustrated in the following configuration examples.
EXAMPLE:
To enable ACL counting while defining traffic policies for fixed rate limiting, enter commands such as the following
at the Global CONFIG Level of the CLI:
FESX424 Switch(config)# traffic-policy TPD1 rate-limit fixed 1000 count exceed-
action drop
FESX424 Switch(config)# traffic-policy TPD2 rate-limit fixed 10000 exceed-action
drop count
To Next Page
Loading...
Need help?
General
