Monitoring Secure CLACL Configurations

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x Policy Management Configuration Guide > Monitoring Packet Mirroring > Monitoring Secure CLACL Configurations
Monitoring Secure CLACL Configurations

Purpose

Display information about only secure CLACL configurations. This command and the output are visible only to authorized users—the mirror-enable command must be enabled prior to using this command. Use the brief or detail keywords with the show secure classifier-list command to display different levels of information.

Action

To display a list of secure CLACLs
host1#show secure classifier-list
                         Classifier Control List Table
                         ---------- ------- ---- -----
Secure IP secClassA.1 ip any any
Secure IP secClassB.1 ip any not 10.10.10.1 255.255.255.255
Secure IP secClass25.1 user-packet-class 8 source-route-class 100 ip
192.168.44.103 255.255.255.255 any 
Displays details of each secure CLACL
host1#show secure classifier-list secClass25 detailed
                         Classifier Control List Table
                         ---------- ------- ---- -----
Secure IP Classifier Control List secClass25
   Reference count:      0
   Entry count:          1
   Classifier-List secClass25 Entry 1
      User Packet Class:          8
      Source Route Class:         100
      Protocol:                   ip
      Not Protocol:               false
      Source IP Address:          192.168.44.103
      Source IP WildcardMask:     255.255.255.255
      Not Source Ip Address:      false
      Destination IP Address:     0.0.0.0
      Destination IP WildcardMask:255.255.255.255
      Not Destination Ip Address: false 
Meaning

Table 57 lists show secure classifier-list command output fields.

Table 57: show secure classifier-list Output Fields

Field Name

Field Description

Reference count

Number of times the CLACL is referenced by policies

Entry count

Number of entries in the classifier list

Classifier-List

Name of the classifier list

Entry

Entry number of the classifier list rule

Color

Packet color to match: green, yellow, or red

Protocol

Protocol type

Not Protocol

If true, matches any protocol except the preceding protocol; if false, matches the preceding protocol

Source IP Address

Address of the network or host from which the packet is sent

Source IP WildcardMask

Mask that indicates addresses to be matched when specific bits are set

Not Source Ip Address

If true, matches any source IP address and mask except the preceding source IP address and mask; if false, matches the preceding source IP address and mask

Destination IP Address

Number of the network or host from which the packet is sent

Destination IP WildcardMask

Mask that indicates addresses to be matched when specific bits are set

Not Destination Ip Address

If true, matches any destination IP address and mask except the preceding destination IP address and mask; if false, matches the preceding destination IP address and mask

Traffic Class

Name of the traffic class to match

User Packet Class

User packet value to match

DS Field

DS field value to match

TOS Byte

ToS value to match

Precedence

Precedence value to match

User Priority bits

User priority bits value to match

Traffic Class Field

Traffic class field value to match

EXP Bits

MPLS EXP bit value to match

EXP Mask

Mask applied to EXP bits before matching

DE Bit

Frame Relay DE bit value to match

Destination Route Class

Route class used to classify packets based on the packet's destination address

Source Route Class

Route class used to classify packets based on the packet's source address

Local

If true, matches packets destined to a local interface; if false, matches packets that are traversing the router

Related Topics

show secure classifier-list command

Field Name	Field Description
Reference count	Number of times the CLACL is referenced by policies
Entry count	Number of entries in the classifier list
Classifier-List	Name of the classifier list
Entry	Entry number of the classifier list rule
Color	Packet color to match: green, yellow, or red
Protocol	Protocol type
Not Protocol	If true, matches any protocol except the preceding protocol; if false, matches the preceding protocol
Source IP Address	Address of the network or host from which the packet is sent
Source IP WildcardMask	Mask that indicates addresses to be matched when specific bits are set
Not Source Ip Address	If true, matches any source IP address and mask except the preceding source IP address and mask; if false, matches the preceding source IP address and mask
Destination IP Address	Number of the network or host from which the packet is sent
Destination IP WildcardMask	Mask that indicates addresses to be matched when specific bits are set
Not Destination Ip Address	If true, matches any destination IP address and mask except the preceding destination IP address and mask; if false, matches the preceding destination IP address and mask
Traffic Class	Name of the traffic class to match
User Packet Class	User packet value to match
DS Field	DS field value to match
TOS Byte	ToS value to match
Precedence	Precedence value to match
User Priority bits	User priority bits value to match
Traffic Class Field	Traffic class field value to match
EXP Bits	MPLS EXP bit value to match
EXP Mask	Mask applied to EXP bits before matching
DE Bit	Frame Relay DE bit value to match
Destination Route Class	Route class used to classify packets based on the packet's destination address
Source Route Class	Route class used to classify packets based on the packet's source address
Local	If true, matches packets destined to a local interface; if false, matches packets that are traversing the router

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]