Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Monitoring Firewall Filter Traffic

    You can use operational mode commands to monitor firewall filter traffic.

    Monitoring Traffic for All Firewall Filters and Policers That Are Configured

    Purpose

    Monitor the number of packets and bytes that matched the firewall filters and monitor the number of packets that exceeded policer rate limits:

    Action

    Use the show firewall operational mode command:

    user@switch> show firewall
    Filter: egress-vlan-watch-employee
Counters:
Name                                                Bytes              Packets
counter-employee-web                                 3348                   27
Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                         	560                   10
Policers:
Name                                              Packets
icmp-connection-policer                                10
tcp-connection-policer                                  0
Filter: ingress-vlan-rogue-block
Filter: ingress-vlan-limit-guest

    Meaning

    The show firewall command displays the names of all firewall filters, counters, and policers that are configured. For each counter that is specified in a filter configuration, the output field shows the byte count and packet count for the term in which the counter is specified. For each policer that is specified in a filter configuration, the output field shows the packet count for packets that exceed the specified rate limits.

    Monitoring Traffic for a Specific Firewall Filter

    Purpose

    Monitor the number of packets and bytes that matched a firewall filter and monitor the number of packets that exceeded policer rate limits.

    Action

    Use the show firewall filter filter-name operational mode command:

    user@switch> show firewall filter ingress-port-limit-tcp-icmp 
    Filter: ingress-port-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                         	560                    10

    Meaning

    The show firewall filter filter-name command limits the display information to the counters and policers that are defined for the specified filter.

    Monitoring Traffic for a Specific Policer

    Purpose

    Monitor the number of packets that exceeded the rate limits of a policer:

    Action

    Use the show firewall policer policer-name operational mode command:

    user@switch> show firewall policer icmp-connection-policer
    Filter: ingress-port-limit-tcp-icmp
Policers:
Name                                              Packets
icmp-connection-policer                                10

    Meaning

    The show firewall policer policer-name command displays the number of packets that exceeded the rate limits for the specified policer.

     

    Related Documentation

     

    Published: 2013-08-15

    Previous Page Next Page