Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 96
- Page / 149
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
84 ServerIron ADX NAT64 Configuration Guide
53-1002444-02
ACL logging
5
DRAFT: BROCADE CONFIDENTIAL
In this example, the two-line message at the bottom is the first entry, which the software
immediately generates the first time an ACL entry permits or denies a packet. In this case, an entry
in ACL 101 denied a packet. The packet was a TCP packet from host 209.157.22.198 and was
destined for TCP port 80 (HTTP) on host 198.99.4.69.
When the software places the first entry in the log, the software also starts the five-minute timer for
subsequent log entries. Thus, five minutes after the first log entry, the software generates another
log entry and SNMP trap for denied packets.
In this example, the software generates the second log entry five minutes later.
The time stamp for the third entry is much later than the time stamps for the first two entries. In
this case, no ACLs denied packets for a very long time. In fact, since no ACLs denied packets during
the five-minute interval following the second entry, the software stopped the ACL log timer. The
software generated the third entry as soon as the ACL denied a packet. The software restarted the
five-minute ACL log timer at the same time. As long as at least one ACL entry permits or denies a
packet, the timer continues to generate new log entries and SNMP traps every five minutes.
You can also configure the maximum number of ACL-related log entries that can be added to the
system log over a one-minute period. For example, to limit the device to 100 ACL-related syslog
entries per minute.
ServerIronADX(config)# max-acl-log-num 100
Syntax: [no] max-acl-log-num <num>
You can specify a number between 0 through 4096. The default is 256. Specifying 0 disables all
ACL logging.
Displaying ACL statistics for flow-based ACLs
To display ACL statistics for flow-based ACLs, enter the following command.
ServerIronADX(config)# show ip acl-traffic
ICMP inbound packets received 400
ICMP inbound packets permitted 200
ICMP inbound packets denied 200
Syntax: show ip acl-traffic
The command lists a separate set of statistics for each of the following IP protocols:
• ICMP
ServerIronADX(config)# show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Buffer logging: level ACDMEINW, 38 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
I=informational N=notification W=warning
Log Buffer (50 entries):
21d07h02m40s:warning:list 101 denied tcp 209.157.22.191(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 1 event(s)
00d07h03m30s:warning:list 101 denied tcp 209.157.22.26(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 1 event(s)
00d06h58m30s:warning:list 101 denied tcp 209.157.22.198(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 1 event(s)
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 9
- Command syntax conventions 10
- Notice to the reader 11
- Related publications 11
- Getting technical help 11
- NAT64 and NAT46 Overview 13
- Stateless NAT46 translation 14
- Protocol support 15
- NAT64 fragmentation support 17
- References 18
- Stateful NAT64 Configuration 19
- Operation of stateful NAT64 20
- 53-1002444-02 23
- Enabling connection logging 28
- Displaying NAT64 information 31
- Displaying NAT64 translations 32
- Displaying NAT64 statistics 33
- Displaying NAT64 resources 37
- Stateless NAT64 Configuration 39
- Operation of stateless NAT64 40
- High availability for NAT64 52
- Clearing NAT64 information 53
- Stateless NAT46 Configuration 55
- Operation of stateless NAT46 56
- High availability for NAT46 67
- Displaying NAT46 information 68
- Clearing NAT46 information 69
- Access Control Lists 71
- Rule-based ACLs 72
- Default ACL action 74
- ACL IDs and entries 74
- Configuring rule-based ACLs 77
- Modifying rule-based ACLs 85
- Reordering ACLs 86
- Applying ACLs to interfaces 87
- Adding comments to named ACLs 89
- ACL logging 94
- Displaying ACL log entries 95
- Clearing the ACL statistics 97
- Throttling the fragment rate 98
- DRAFT: BROCADE CONFIDENTIAL 100
- Enabling strict TCP mode 101
- Enabling strict UDP mode 102
- ACLs and ICMP 103
- Numbered ACLs 104
- Named ACLs 105
- • Enable the strict TCP mode 107
- IPv6 Access Control Lists 109
- Configuration notes 110
- Processing of IPv6 ACLs 110
- Configuring IPv6 ACLs 111
- IPv6 ACL syntax 114
- Syntax Description 116
- Displaying IPv6 ACLs 118
- Logging IPv6 ACLs 119
- Network Address Translation 121
- Configuring NAT 122
- Configuring static NAT 123
- Configuring dynamic NAT 123
- Enabling IP NAT 124
- NAT configuration examples 125
- IP NAT with VIP overlap 129
- Translation timeouts 130
- Stateless static IP NAT 132
- IP NAT redundancy 133
- Displaying NAT information 144
- Displaying NAT translation 147
- Displaying VRRPE information 148
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(16 pages)
(82 pages)© 2020, manymanuals.com. All rights reserved. | 1.840 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals