Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual download pdf (Page 108)

96 ServerIron ADX NAT64 Configuration Guide

53-1002444-02

Troubleshooting rule-based ACLs

DRAFT: BROCADE CONFIDENTIAL

Troubleshooting rule-based ACLs

Use the following methods to troubleshoot a rule-based ACL:

• To display the number of Layer 4 CAM entries being used by each ACL, enter the show

access-list all command. Refer to “Displaying the number of Layer 4 CAM entries” on page 64.

• To view the types of packets being received on an interface, enable ACL statistics using the

enable-acl-counter command, reapply the ACLs by entering the ip rebind-acl all command, then

display the statistics by entering the show ip acl-traffic command.

• To determine whether an ACL entry is correctly matching packets, add the log option to the ACL

entry, then reapply the ACL. This forces the device to send packets that match the ACL entry to

the CPU for processing. The log option also generates a syslog entry for packets that are

permitted or denied by the ACL entry.

• To determine whether the issue is specific to fragmentation, remove the Layer 4 information

(TCP or UDP application ports) from the ACL, then reapply the ACL.

If you are using another feature that requires ACLs, either use the same ACL entries for filtering and

for the other feature, or change to flow-based ACLs.

1 2 ... 103 104 105 106 107 108 109 110 111 112 113 ... 148 149

No comments

Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 108