Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

301

302

303

304

305

306

307

308

309

310

Chapter 13. ACLs | 305

NETGEAR 8800 User Manual

Counting Packets and Bytes

When the ACL entry match conditions are met, the specified counter is incremented. The

counter value can be displayed by the command:

show access-list counter {<countername>} {any | ports <portlist> | vlan

<vlanname>} {ingress | egress}

Users of NETGEAR 8800 switches can use ACL byte counters as an alternative to ACL

packet counters.

NETGEAR 8800 switches support only ACL packet counters and return an error similar to the

following when the “byte-count” token is used in an ACL rule.

(debug) BD-8806.8 # conf access-list add "aaa" last ports 1:1

Error: Slot 1 does not support ACL byte counters

Note: On NETGEAR 8800 switches, the maximum number of packets that

can be counted with token packet-count or count is 4,294,967,296.

Logging Packets

Packets are logged only when they go to the CPU, so packets in the fastpath are not

automatically logged. You must use both the

mirror-cpu action modifier and the log or

log-raw action modifier if you want to log both slowpath and fastpath packets that match the

ACL rule entry. Additionally, Kern.Info messages are not logged by default. You must

configure an EMS filter to log these messages, for example,

configure log filter

DefaultFilter add event kern.info

. See Chapter 8, Status Monitoring and Statistics for

information about configuring EMS.

Metering Packets

The meter <metername> action modifier associates a rule entry with an ACL meter. See the

section,

QoS Profiles on page 369 for more information.

Mirroring Packets

You must enable port-mirroring on your switch. For information, see Mirroring on page 138. If

you attempt to apply a policy that requires port-mirroring, you will receive an error message if

port-mirroring is not enabled.

On the NETGEAR 8800 switches, mirroring can be configured on the same port as egress

ACLs. Mirroring can send packets to port x and you can install your rule at egress port x, and

the rule should match your mirrored traffic.

Redirecting Packets

Packets are forwarded to the IPv4 address specified, without modifying the IP header (except

the TTL is decremented and the IP checksum is updated). The IPv4 address must be in the