• Download PDFs
• Verifying That Firewall Filters Are Operational  

• Related Topics
• Configuring Firewall Filters (CLI Procedure)
• Configuring Firewall Filters (J-Web Procedure)
• Configuring Policers to Control Traffic Rates (CLI Procedure)
• Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX-series Switches
• Monitoring Firewall Filter Traffic

Verifying That Firewall Filters Are Operational

Purpose

After you configure and apply firewall filters to ports, VLANs, or Layer 3 interfaces, you can perform the following task to verify that the firewall filters configured on EX-series switches are working properly.

Action

Use the operational mode command to verify that the firewall filters on the switch are working properly:

Filter: egress-vlan-watch-employee
Counters:
Name                                                Bytes              Packets
counter-employee-web                                    0                    0
Filter: ingress-port-voip-class-limit-tcp-icmp
Counters:
Name                                                Bytes              Packets
icmp-counter                                            0                    0
Policers:
Name                                              Packets
icmp-connection-policer                                 0
tcp-connection-policer                                  0
Filter: ingress-vlan-rogue-block
Filter: ingress-vlan-limit-guest

Meaning

The show firewall command displays the names of all firewall filters, policers, and counters that are configured on the switch. For each counter that is specified in a filter configuration, the output field shows the byte count and packet count for the term in which the counter is specified. For each policer that is specified in a filter configuration, the output field shows the packet count for packets that exceed the specified rate limits.