SR6600系列路由器某些业务,例如:nat、aspf、firewall等都是会创建会话,所以ACL在会话老化前只能匹配一次。
在firewall packet-filter 里面,通过display acl acl-number看到的现象是:同一个流只有一次统计。可以通过display firewall-statistics all查看具体的配置。另外,每个业务都有自己的统计命令,建议通过具体业务的统计命令查看统计信息
dis firewall-statistics all
Firewall is disable at slot 0, default filtering method is 'permit'.
Firewall is enable at slot 3, default filtering method is 'permit'.
Interface: GigabitEthernet3/2/0
In-bound Policy: acl 3999
From 2010-12-28 17:34:38 to 2010-12-28 17:35:07
5 packets, 6728 bytes, 1% permitted,
0 packets, 0 bytes, 0% denied,
1243182 packets, 555606511 bytes, 99% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 1243187 packets, 555613239 bytes, 100% permitted,
Totally 0 packets, 0 bytes, 0% denied.
Interface: GigabitEthernet3/2/0
Out-bound Policy: acl 3999
From 2010-12-28 17:34:38 to 2010-12-28 17:35:07
1 packets, 8128 bytes, 1% permitted,
0 packets, 0 bytes, 0% denied,
1582733 packets, 1 Gb 361598852 bytes, 99% permitted default,
0 packets, 0 bytes, 0% denied default,
Totally 1582734 packets, 1 Gb 361606980 bytes, 100% permitted,
Totally 0 packets, 0 bytes, 0% denied.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作