Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 3 Firewall troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 3-9
Rule(s) : if-match acl 3001
Table 3-3 Description of the output information of the display traffic classifier command
Main field Description
User Defined Classifier
Information
Information about the traffic classification defined
by the user
Classifier The name of the traffic classification
Operator The relationship of rules for matching the classes
Rule(s) The matching rules
display acl
[Nortel] display acl 3001
Advanced ACL 3001, 3 rules
Acl's step is 5
rule 5 permit ip source 10.1.1.1 0
rule 10 permit ip source 10.1.1.2 0
rule 15 deny ip
The preceding display shows the ACL settings as follows:
z
The default step length is 5.
z
Rule 5 allows the access of the device with the source IP address 10.1.1.1.
z
Rule 10 allows the access of the device with the source IP address 10.1.1.2.
z
Rule 15 refuses all device access.
From the preceding configuration information, you can conclude that the ACL rule 3001
allows only the access of the devices with the source IP addresses 10.1.1.1 and 10.1.1.2
display traffic policy interface
[Nortel] display traffic policy interface Ethernet 1/0/0
Direction: Inbound
Interface: Ethernet1/0/0
policy: carrem
Classifier: carrem2
Behavior: carrem2
Committed Access Rate:
CIR 6000 (kbps), CBS 98304 (bit), PIR 0 (kbps), PBS 0 (bit)
Green Action:pass
Yellow Action: remark
Red Action: discard
Conformed: 310047196/19843037864 (Packets/Bytes)
Exceeded : 2798/179072 (Packets/Bytes)