Operation Manual
Security ACL Commands
Security ACL Commands
15 – 401
● set mac-user attr on page 9-178
● set mac-usergroup attr on page 9-182
● set security acl on page 15-395
● set user attr on page 9-186
● set usergroup on page 9-188
● show security acl map on page 15-405
set security acl hit-sample-rate
Specifies the time interval, in seconds, that the packet counter for each security ACL is sampled
for display. The counter counts the number of packets filtered by the security ACL—or “hits.”
Syntax
set security acl hit-sample-rate seconds
Defaults
By default, the hits are not sampled.
Access
Enabled.
History
Usage
To view counter results for a particular ACL, use the show security acl info acl-name
command. To view the hits for all security ACLs, use the show security acl hits command.
Examples
The first command sets MSS to sample ACL hits every 15 seconds. The second and third
commands display the results. The results show that 916 packets matching security acl_153 were
sent since the ACL was mapped.
MX# set security acl hit-sample-rate 15
MX# show security acl info acl_153
ACL information for acl_153
set security acl ip acl_153 (hits #3 916)
---------------------------------------------------------
1. permit IP source IP 20.1.1.1 0.0.0.0 destination IP any enable-hits
MX# show security acl hits
ACL hit counters
Index Counter ACL-name
----- -------------------- -----------
1 0 acl_2
2 0 acl_175
3 916 acl_153
See Also
● show security acl hits on page 15-403
● show security acl info on page 15-404
seconds Number of seconds between samples. A sample rate of 0 (zero) disables the sample
process.
Version 1.0 Command introduced
Version 4.1 Syntax changed from hit-sample-rate seconds to set security acl hit-sample-rate
seconds, to allow the command to be saved in the configuration file.