Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series

471

472

473

474

475

476

477

478

479

480

476 Security ACL Commands

NN47250-100 (Version 02.51)

L4 global : True

No rules : False

Non-IP rules : False

Root in first : True

Static default action : False

No per-user (MAC) mapping : True

Out mapping : False

In mapping : True

No VLAN or PORT mapping : False

No VPORT mapping : True

Table 73 explains the fields in the show security acl resource-usage output.

Table 1: show security acl resource-usage Output

Field Description

Number of rules Number of security ACEs currently mapped to ports or VLANs.

Number of leaf nodes Number of security ACL data entries stored in the rule tree.

Stored rule count Number of security ACEs stored in the rule tree.

Leaf chain count Number of chained security ACL data entries stored in the rule tree.

Longest leaf chain Longest chain of security ACL data entries stored in the rule tree.

Number of non-leaf

nodes

Number of nodes with no data entries stored in the rule tree.

Uncompressed Rule

Count

Number of security ACEs stored in the rule tree, including duplicates—

ACEs in ACLs applied to multiple ports, virtual ports, or VLANs.

Maximum node depth Number of data elements in the rule tree, from the root to the furthest data

entry (leaf).

Sub-chain count Sum of action types represented in all security ACL data entries.

PSCBs in primary

memory

Number of pattern search control blocks (PSCBs) stored in primary node

memory.

PSCBs in secondary

memory

Number of PSCBs stored in secondary node memory.

Leaves in primary Number of security ACL data entries stored in primary leaf memory.

Leaves in secondary Number of ACL data entries stored in secondary leaf memory.

Sum node depth Total number of security ACL data entries.

Fragmentation control

Control value for handling fragmented IP packets.

Note: The current WSS Software version filters only the first packet of a

fragmented IP packet and passes the remaining fragments.

UC switchdest Control value for handling fragmented IP packets.

Note: The current WSS Software version filters only the first packet of a

fragmented IP packet and passes the remaining fragments.