Monitoring Firewall Filter Traffic
You can monitor firewall filter traffic on EX Series switches.
Monitoring Traffic for All Firewall Filters and Policers That Are Configured on the Switch
Purpose
Perform the following task to monitor the number of packets and bytes that matched the firewall filters and monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch> show firewall Filter: egress-vlan-watch-employee Counters: Name Bytes Packets counter-employee-web 3348 27 Filter: ingress-port-voip-class-limit-tcp-icmp Counters: Name Bytes Packets icmp-counter 4100 49 Policers: Name Packets icmp-connection-policer 0 tcp-connection-policer 0 Filter: ingress-vlan-rogue-block Filter: ingress-vlan-limit-guest
Meaning
The show firewall
command displays the names of all firewall filters, policers, and counters that are configured on the switch.
The output fields show byte and packet counts for counters and packet count for policers.
Monitoring Traffic for a Specific Firewall Filter
Purpose
Perform the following task to monitor the number of packets and bytes that matched a firewall filter and monitor the number of packets that exceeded the policer rate limits.
Action
Use the operational mode command:
user@switch> show firewall filter ingress-vlan-rogue-block Filter: ingress-vlan-rogue-block Counters: Name Bytes Packets rogue-counter 2308 20
Meaning
The show firewall filter filter-name
command displays the name of the firewall filter, the
packet and byte count for all counters configured with the filter, and the packet count for all policers configured with the filter.
Monitoring Traffic for a Specific Policer
Purpose
Perform the following task to monitor the number of packets that exceeded policer rate limits:
Action
Use the operational mode command:
user@switch> show policer tcp-connection-policer Filter: ingress-port-voip-class-limit-tcp-icmp Policers: Name Packets tcp-connection-policer 0
Meaning
The show policer policer-name
command displays the name of the firewall filter that specifies
the policer-action and displays the number of packets that exceeded rate limits for the specified filter.