threshold-monitor acl
Configures monitoring the utilization
of finite user configurable ACL resources like MAC ACL, IP ACL, and IPv6 ACL.
The current values of ternary content-addressable memory (TCAM)
occupied by these ACLs are compared against the available hardware resources
in a configured hardware profile. An alarm is raised every time the
consumed resources crosses the configured high threshold level indicating a
high utilization and also when, the utilization, subsequently, falls below the
configured low threshold limit, indicating that the utilization has reached
safer levels.
The alarm for low threshold is generated only in the case that
an alarm for crossing the high threshold is already generated.
Syntax
threshold monitor acl
[
mac-in
|
mac-out
|
ip-in
|
ip-out
|
ipv6-in
|
ipv6-out
]
threshold-monitor acl ip-in
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
threshold-monitor acl
ip-out
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
threshold-monitor acl
ipv6-in
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
threshold-monitor acl
ipv6-out
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
threshold-monitor acl
mac-in
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
threshold-monitor acl
mac-out
{
[
high-limit
value-in-percentage
|
low-limit
value-in-percentage
|
[
actions
[
all
|
none
|
raslog
|
snmp
]
]
]
}
no threshold-monitor acl
ip-in
{
high-limit
|
low-limit
|
actions
}
no threshold-monitor acl
ip-out
{
high-limit
|
low-limit
|
actions
}
no threshold-monitor acl
ipv6-in
{
high-limit
|
low-limit
|
actions
}
no threshold-monitor acl
ipv6-out
{
high-limit
|
low-limit
|
actions
}
no threshold-monitor acl
mac-in
{
high-limit
|
low-limit
|
actions
}
no threshold-monitor acl
mac-out
{
high-limit
|
low-limit
|
actions
}
Parameters
-
high-limit
value-in-percentage
- Specifies the high usage
limit as a percentage (%) of available TCAM resources that will trigger the
configured action. The range is 10%-100%. The default value is 90%.
-
low-limit
value-in-percentage
- Specifies the low usage limit
as a percentage (%) of available TCAM resources that will trigger the
configured action. The range is 10%-99%. The default value is 70%.
-
actions
- Specifies the action to be
taken when a threshold is crossed. The values supported are
all, none, raslog, and
snmp.
Default action is all.
-
all
- RASLOG and SNMP
trap will be sent when the threshold is crossed. This is the
default configuration.
-
none
- No action will
be taken when the threshold is crossed.
-
raslog
- Only RASLOG will
be sent when the threshold is crossed.
-
snmp
- Only SNMP traps
will be sent when the threshold is crossed.
Modes
Global Configuration Mode
Usage Guidelines
The no form of
this command will reset the values to default.
The low-limit threshold value cannot be equal to or
higher than the value configured for the high-limit
threshold value.
Monitoring of IPv6 Egress ACL is only supported on SLX 9740 and Extreme 8820. It is supported through a new
TCAM profile ipv6-optimised.
Examples
The following example configures the lower and higher
threshold monitoring values for the IPv4 Ingress utilization.
SLX# configure terminal
SLX (config)# threshold-monitor acl ip-in high-limit 95 low-limit 50 action all
SLX (config)#
The following example resets the configured ACL IPv4 ingress
utilization threshold monitoring values to their defaults.
SLX# configure terminal
SLX (config)# no threshold-monitor acl ip-in high-limit
SLX (config)# no threshold-monitor acl ip-in low-limit
SLX (config)# no threshold-monitor acl ip-in action
