Related Documentation
- EX Series
- Configuring Firewall Filters (CLI Procedure)
- Configuring Firewall Filters (J-Web Procedure)
- Configuring Policers to Control Traffic Rates (CLI Procedure)
- Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series Switches
- Verifying That Firewall Filters Are Operational
Monitoring Firewall Filter Traffic
You can monitor firewall filter traffic on EX Series switches.
- Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
- Monitoring Traffic for a Specific Firewall Filter
- Monitoring Traffic for a Specific Policer
Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
Purpose
Perform the following task to monitor the number of packets and bytes that matched the firewall filters and monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch>
show firewall
Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 3348 27 Filter: ingress-port-voip-class-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 4100 49 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
Meaning
The show firewall command displays the names of all firewall filters, policers, and counters that are configured on the switch. The output fields show byte and packet counts for counters and packet count for policers.
Monitoring Traffic for a Specific Firewall Filter
Purpose
Perform the following task to monitor the number of packets and bytes that matched a firewall filter and monitor the number of packets that exceeded the policer rate limits.
Action
Use the operational mode command:
user@switch> show firewall filter ingress-vlan-rogue-block Filter: ingress-vlan-rogue-block Counters: Name Bytes Packets rogue-counter 2308 20
Meaning
The show firewall filter filter-name command displays the name of the firewall filter, the packet and byte count for all counters configured with the filter, and the packet count for all policers configured with the filter.
Monitoring Traffic for a Specific Policer
Purpose
Perform the following task to monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch>
show policer tcp-connection-policer Filter: ingress-port-voip-class-limit-tcp-icmp Policers: Name Packets tcp-connection-policer 0
Meaning
The show policer policer-name command displays the name of the firewall filter that specifies the policer-action and displays the number of packets that exceeded rate limits for the specified filter.
Related Documentation
- EX Series
- Configuring Firewall Filters (CLI Procedure)
- Configuring Firewall Filters (J-Web Procedure)
- Configuring Policers to Control Traffic Rates (CLI Procedure)
- Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series Switches
- Verifying That Firewall Filters Are Operational
