Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 94
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
82 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
ACL logging
5
DRAFT: BROCADE CONFIDENTIAL
Enter the include <keyword> display only those lines containing text that match the keyword. For
example, if you enter “include Permit”, any line containing the word “permit” is included in the
display.
Displaying ACL bindings
To view which ACLs (IPv4 and IPv6) are bound to which interfaces, enter the show access-list
command using the bindings keyword such as that shown in the following example.
ServerIronADX# show access-list bindings
Access-list binding configuration:
!
interface ethernet 2
ip access-group 2 in
ipv6 traffic-filter acl1 in
!
interface ve 2
ip access-group 111 in
ipv6 traffic-filter acl2 out
Syntax: show access-list bindings
ACL logging
You may want the software to log entries for ACLs in the syslog. This section present the how
logging is processed by rule-based ACLs.
Rule-based ACLs do not support the log option. Even when rule-based ACLs are enabled, if an ACL
entry has the log option, traffic that matches that ACL is sent to the CPU for processing. Depending
on how many entries have the log option and how often packets match those entries, ACL
performance can be affected.
If your configuration already contains ACLs that you want to use with rule-based ACLs, but some of
the ACLs contain the log option, the software changes the ACL mode to flow-based for the traffic
flows that match the ACL. Changing the mode to flow-based enables the device to send the
matching flows to the CPU for processing. This is required because the CPU is needed to generate
the syslog message.
You can globally disable ACL logging without the need to remove the log option from each ACL
entry. When you globally disable ACL logging, the ACL entries remain unchanged but the log option
is ignored and the ACL can use the rule-based ACL mode. This enables you to use the ACLs in the
rule-based ACL mode. You also can configure the device to copy traffic that is denied by a
rule-based ACL to an interface. This option allows you to monitor the denied traffic without sending
the traffic to the CPU.
To globally disable ACL logging, enter the following command at the global CONFIG level of the CLI.
ServerIronADX(config)# ip access-list disable-log-to-cpu
Syntax: [no] ip access-list disable-log-to-cpu
To re-enable ACL logging, enter the following command.
ServerIronADX(config)# no ip access-list disable-log-to-cpu
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 1.960 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals