Cisco 10005 Installationsanleitung PDF herunterladen (Seite 34)

Cisco 10000 Series Router Performance Routing Engine Installation

OL-3971-03

Analyzing and Troubleshooting Packets

The Parallel eXpress Forwarding (PXF) engine of the Performance Routing Engine (PRE) is responsible

for processing and forwarding packets. As processing occurs, PXF counters increment to reflect the

internal behavior of the PRE. The router collects this statistical information from the counters and

appropriately displays it when you enter specific show pxf cpu commands. The output from these

commands is useful in analyzing and troubleshooting denied and logged packets.

To correctly interpret packet statistics, it is important that you understand the behavior of the router

during packet and access list processing, and the counters that provide the statistical data. This section

briefly describes access list processing, some PXF counters and their behavior, and some of the

commands you can use to display statistical information. This section is based on ESR-PRE2 with

differences noted for ESR-PRE and ESR-PRE1.

Access Control Lists

The Cisco 10000 series router provides traffic filtering capabilities using access control lists (ACLs).

Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the

router's interfaces. Using ACLs, you can do such things as restrict the contents of routing updates,

provide traffic flow control, and provide security for your network.

The Cisco 10000 series router supports the following ACL types and features:

• Standard and extended ACLs

• Named and numbered ACLs

• Turbo-ACLs

• Per-user ACLs

• IP receive ACLs

• Time-based ACLs

The access-list command is used to configure an ACL. For example, the following configuration creates

ACL 108:

access-list 108 permit udp any host 10.68.1.10 range 0 5000 log

access-list 108 permit udp host 10.1.1.10 range 0 5000 any log

After creating an ACL, it is applied to an interface using the ip access-group command. The router

executes the ACL from top to bottom, denying or permitting packets as directed by the access-list entries

(ACEs). When the log keyword is specified in an ACE, the router sends packet information to the

console.

The last line of an ACL is an implicit deny statement that appears to the router as:

deny any any

This statement causes the router to deny any packets remaining after processing the ACEs of the access

list. The implicit deny statement does not include the log keyword; therefore, the router does not send

packet information to the console for those packets denied by the implicit deny statement.

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 45 46

Keine Kommentare

Cisco 10005 Installationsanleitung Seite 34