Access Control List Statistics

Use the Access Control List Statistics page to display the statistical information about the packets forwarded or discarded by the port that matches the configured rules within an ACL (Access Control List). Each ACL rule is configured to match one or more aspects of traffic on the network. When a packet matches the conditions in a rule, the counter associated with the rule gets incremented, until it reaches the rollover value of the counter. ACL counters do not interact with DiffServ policies or Policy-based Routing counters.

To access this page, click QoS > Access Control Lists > Statistics in the navigation menu.

Use the buttons to perform the following tasks:

To clear the hit count for one or more configured rules within an ACL, select the rule entry and click Clear Rule Counter. You must confirm the action before the hit count is cleared for the selected rule(s).
To clear the hit count for an ACL, select the ACL ID from the ACL Identifier menu and click Clear ACL Counters. You must confirm the action before the hit count is cleared for the selected ACL.
To clear the hit count for an ACL type, select the type from the ACL Type menu and select All from the ACL Identifier menu and then click Clear ACL Counters. You must confirm the action before the hit count is cleared for the selected ACL type.

Access Control List Statistics Fields

Field	Description
ACL Type	The type of ACL. The ACL type determines the criteria that can be used to match packets. The type also determines which attributes can be applied to matching traffic. IPv4 ACLs classify Layer 3 and Layer 4 IPv4 traffic, IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic, and MAC ACLs classify Layer 2 traffic. The ACL types are as follows: IPv4 Standard: Match criteria is based on the source address of the IPv4 packets. IPv4 Extended: Match criteria can be based on the source and destination addresses, source and destination Layer 4 ports, and protocol type of the IPv4 packets. IPv4 Named: Match criteria is the same as IPv4 Extended ACLs, but the ACL ID can be an alphanumeric name instead of a number. IPv6 Named: Match criteria can be based on information including the source and destination IPv6 addresses, source and destination Layer 4 ports, and protocol type within the IPv6 packets. Extended MAC: Match criteria can be based on the source and destination MAC addresses, 802.1p user priority, VLAN ID, and EtherType value within the Ethernet frames.
ACL Identifier	A list of ACL IDs that exist on the system for a given ACL type. To view the rule(s) within an ACL, you must select the ID of the ACL from the list. The ACL rules are not displayed when option All is selected. Option All lets you clear the hit count for an ACL type.
Sequence Number	The number that indicates the position of a rule within the ACL.
Action	The action to take when a packet or frame matches the criteria in the rule: Permit: The packet or frame is forwarded. Deny: The packet or frame is dropped.
Match Conditions	The criteria used to determine whether a packet or frame matches the ACL rule.
Rule Attributes	Each action — beyond the basic Permit and Deny actions — to perform on the traffic that matches the rule.
Hit Count	Indicates the number of packets that match the configured rule in an ACL. If a rule is configured without rate limit, then the hit count is the number of matched packets forwarded or discarded by the port. If a rule is configured with rate limit, then if the sent traffic rate exceeds the configured rate, the hit count displays the matched packet count equal to the sent rate, despite packets getting dropped beyond the configured limit. If the sent traffic rate is less than the configured rate, the hit count displays only the matched packet count.

Published October 2018prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback