476Security ACL Commands

L4 global

: True

No rules

: False

Non-IP rules

: False

Root in first

: True

Static default action

: False

No per-user (MAC) mapping : True

Out mapping

: False

In mapping

: True

No VLAN or PORT mapping

: False

No VPORT mapping

: True

Table 73 explains the fields in the show security acl resource-usageoutput.

Table 1: show security acl resource-usage Output

Field

Description

 

 

Number of rules

Number of security ACEs currently mapped to ports or VLANs.

 

 

Number of leaf nodes

Number of security ACL data entries stored in the rule tree.

 

 

Stored rule count

Number of security ACEs stored in the rule tree.

 

 

Leaf chain count

Number of chained security ACL data entries stored in the rule tree.

 

 

Longest leaf chain

Longest chain of security ACL data entries stored in the rule tree.

 

 

Number of non-leaf

Number of nodes with no data entries stored in the rule tree.

nodes

 

 

 

Uncompressed Rule

Number of security ACEs stored in the rule tree, including duplicates—

Count

ACEs in ACLs applied to multiple ports, virtual ports, or VLANs.

 

 

Maximum node depth

Number of data elements in the rule tree, from the root to the furthest data

 

entry (leaf).

 

 

Sub-chain count

Sum of action types represented in all security ACL data entries.

 

 

PSCBs in primary

Number of pattern search control blocks (PSCBs) stored in primary node

memory

memory.

 

 

PSCBs in secondary

Number of PSCBs stored in secondary node memory.

memory

 

 

 

Leaves in primary

Number of security ACL data entries stored in primary leaf memory.

 

 

Leaves in secondary

Number of ACL data entries stored in secondary leaf memory.

 

 

Sum node depth

Total number of security ACL data entries.

 

 

Fragmentation control

Control value for handling fragmented IP packets.

 

Note: The current WSS Software version filters only the first packet of a

 

fragmented IP packet and passes the remaining fragments.

 

 

UC switchdest

Control value for handling fragmented IP packets.

 

Note: The current WSS Software version filters only the first packet of a

 

fragmented IP packet and passes the remaining fragments.

 

 

NN47250-100 (Version 02.51)

Page 476
Image 476
Nortel Networks 2300 Series manual Show security acl resource-usage Output