An ACL byte counter associated with a particular rule, either dynamic or static, shows how many bytes of traffic have matched that ACL rule. You can use ACL byte counters as an alternative to packet counters on the platforms listed for this feature in the Switch Engine v33.1.1 Licensing Guide document..
A new ACL action token has been added to associate a byte counter with an ACL, and a new corresponding token for a packet counter.
Following are the two new tokens:
byte-count byte counter name
packet-count packet counter name
An ACL rule specifying both packet and byte counter is rejected.
Below is an example of an ACL rule that uses a byte counter:
entry CountBytes { if { ethernet-source-address 00:aa:00:00:00:10; } then { byte-count CountBytes; permit; } }
entry CountPacket1 { if { ethernet-source-address 00:aa:00:00:00:10; } then { count CountPacket1; permit; } } entry CountPacket2 { if { ethernet-source-address 00:aa:00:00:00:10; } then { packet-count CountPacket2; permit; } }
The output of the show access-list counter and show access-list dynamic counter commands has been changed to include a new "Byte Count" column in addition to the "Packet Count" column. When a rule utilizes a byte counter, the "Byte Count" field is incremented and the "Packet Count" field stays at zero. If a rule utilizes a packet counter, the "Packet Count" field is incremented and the "Byte Count" field stays at zero.
Note
Byte counters and packet counters cannot be used at the same time in the same rule.