Use the Access Control List Statistics page to display the statistical information about the packets forwarded or discarded by the port that matches the configured rules within an ACL (Access Control List). Each ACL rule is configured to match one or more aspects of traffic on the network. When a packet matches the conditions in a rule, the counter associated with the rule gets incremented, until it reaches the rollover value of the counter. ACL counters do not interact with DiffServ policies or Policy-based Routing counters.
To access this page, click
in the navigation menu.Use the buttons to perform the following tasks:
Field | Description |
---|---|
ACL Type | The type of ACL. The ACL type determines the criteria
that can be used to match packets. The type also determines which attributes
can be applied to matching traffic. IPv4 ACLs classify Layer 3 and Layer 4 IPv4
traffic, IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic, and MAC ACLs
classify Layer 2 traffic. The ACL types are as follows:
|
ACL Identifier | A list of ACL IDs that exist on the system for a given ACL type. To view the rule(s) within an ACL, you must select the ID of the ACL from the list. The ACL rules are not displayed when option All is selected. Option All lets you clear the hit count for an ACL type. |
Sequence Number | The number that indicates the position of a rule within the ACL. |
Action | The action to take when a packet or frame matches the
criteria in the rule:
|
Match Conditions | The criteria used to determine whether a packet or frame matches the ACL rule. |
Rule Attributes | Each action — beyond the basic Permit and Deny actions — to perform on the traffic that matches the rule. |
Hit Count | Indicates the number of packets that match the configured rule in an ACL. If a rule is configured without rate limit, then the hit count is the number of matched packets forwarded or discarded by the port. If a rule is configured with rate limit, then if the sent traffic rate exceeds the configured rate, the hit count displays the matched packet count equal to the sent rate, despite packets getting dropped beyond the configured limit. If the sent traffic rate is less than the configured rate, the hit count displays only the matched packet count. |