[rbak-nsp] hit counts on policy access list
Mariano Juliá
mjuliaq at gmail.com
Thu Nov 18 10:19:45 EST 2010
Hi,
This was a recurrent question from our support guys and we never found
a way to see hits with an access-list.
A workaround is to configure a metering or policing policy that does
not drop traffic, make sure you use the "counters" keyword. Example
config below
To see the matches do "sh circuit counters <slot/port>
[vlan-id|pvc|dlci] <#> detail
--------------------------------------
context cust_context
policy access-list 169
seq 10 permit icmp any host 10.204.234.16 dscp eq af11 class af11_packets
seq 70 permit icmp any host 10.204.234.16 dscp eq af31 class af31_packets
seq 80 permit icmp any host 10.204.234.16 dscp eq af32 class af32_packets
seq 110 permit icmp any host 10.204.234.16 dscp eq cs3 class cs3_packets
seq 120 permit icmp any host 10.204.234.16 dscp eq cs7 class cs7_packets
seq 130 permit icmp any host 10.204.234.16 dscp eq ef class ef_packets
seq 140 permit icmp any host 10.204.234.16 dscp eq df class df_packets
seq 150 permit ip any any class CATCH_ALL_PACKETS
qos policy COUNT_PACKETS policing
rate informational 1000000 time-burst 1700 counters
access-group 169 cust_context
class af11_packets
rate percentage 12 counters
exceed no-action
violate no-action
class af31_packets
rate percentage 12 counters
exceed no-action
violate no-action
class af32_packets
rate percentage 12 counters
exceed no-action
violate no-action
class cs3_packets
rate percentage 12 counters
exceed no-action
violate no-action
class cs7_packets
rate percentage 12 counters
exceed no-action
violate no-action
class ef_packets
rate percentage 12 counters
exceed no-action
violate no-action
class df_packets
rate percentage 12 counters
exceed no-action
violate no-action
class CATCH_ALL_PACKETS
rate percentage 12 counters
exceed no-action
violate no-action
port atm 3/2
atm pvc 0 200 profile 5MB-VBRNRT encapsulation route1483
qos policy policing COUNT_PACKETS
On 18 November 2010 13:59, Richard Clayton <sledge121 at gmail.com> wrote:
> Hello
>
> Is there a command I can run that will show hit counts on access lists, I
> ran 'show policy access-list' but it didn't show hits, I'm not sure if this
> is how the command works or I may just not be matching anything with my
> access list.
>
> Thanks
> Rick
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
More information about the redback-nsp
mailing list