[x]

ACL commands > display packet-filter

 

 Next

display packet-filter

Use display packet-filter to display whether an ACL has been successfully applied to an interface for packet filtering.

Syntax

In standalone mode:

display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ slot slot-number ] }

In IRF mode:

display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ chassis chassis-number slot slot-number ] }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

global: Specifies all physical interfaces.

interface [ interface-type interface-number ]: Specifies an interface by its type and number. VLAN interfaces are not supported. If no interface is specified, the command displays ACL application information on all interfaces except VLAN interfaces for packet filtering.

interface vlan-interface vlan-interface-number: Specifies a VLAN interface by its number.

vlan [ vlan-id ]: Specifies a VLAN by its ID. If no VLAN is specified, the command displays ACL application information in all VLANs for packet filtering.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

slot slot-number: Specifies a card by its slot number. If no slot is specified, the command displays ACL application information on the main board for packet filtering. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application information for packet filtering on all main boards of the IRF fabric. (In IRF mode.)

Usage guidelines

If neither the inbound keyword nor the outbound keyword is specified, this command displays the ACL application information for both incoming and outgoing packet filtering.

Examples

# Display ACL application information for incoming and outgoing packet filtering in VLAN 2.

<Sysname> display packet-filter vlan 2
VLAN: 2
 In-bound policy:
  ACL 2001
  ACL6 2001
  ACL 4001
  IPv4 default action: Deny
  IPv6 default action: Deny
  MAC default action: Deny
 Out-bound policy:
  ACL6 2001 (Failed)
  IPv6 default action: Deny (Failed)

# Display ACL application information for incoming packet filtering on interfaces GigabitEthernet 3/0/1.

<Sysname> display packet-filter interface gigabitethernet 3/0/1 inbound
Interface: GigabitEthernet3/0/1
 In-bound policy:
  ACL 2001
  ACL6 2002 (Failed)
  ACL 4003 (Failed), Hardware-count (Failed)
  ACL 2004, Hardware-count (Failed)
  IPv4 default action: Deny, Hardware-count

# Display ACL application information for incoming and outgoing packet filtering on all physical interfaces.

<Sysname> display packet-filter global
Global:
 In-bound policy:
  ACL 2001
  ACL6 2001
  ACL 4001
  IPv4 default action: Deny (Failed)
  IPv6 default action: Deny (Failed)
  MAC default action: Deny
 Out-bound policy:
  ACL 4001, Hardware-count
  MAC default action: Deny

Table 3: Command output

Field

Description

Interface

Interface to which the ACL applies.

VLAN

VLAN to which the ACL applies.

Global

ACL application for packet filtering on all physical interfaces.

In-bound policy

ACL used for filtering incoming traffic.

Out-bound policy

ACL used for filtering outgoing traffic.

ACL 2001

IPv4 basic ACL 2001 has been successfully applied.

ACL6 2002 (Failed)

The device has failed to apply IPv6 basic ACL 2002.

Hardware-count

Successfully enables counting ACL rule matches.

Hardware-count (Failed)

The device has failed to enable counting ACL rule matches.

IPv4 default action

Packet filter default action for packets that do not match any IPv4 ACLs:

  • Deny—The default action deny has been successfully applied for packet filtering.

  • Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions.

  • Permit—The default action permit has been successfully applied for packet filtering.

  • Hardware-count—The hardware-count feature has been successfully applied for the default packet filtering action.

  • Hardware-count (Failed)—The device has failed to apply the hardware-count feature for the default packet filtering action.

IPv6 default action

Packet filter default action for packets that do not match any IPv6 ACLs:

  • Deny—The default action deny has been successfully applied for packet filtering.

  • Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions.

  • Permit—The default action permit has been successfully applied for packet filtering.

  • Hardware-count—The hardware-count feature has been successfully applied for the default packet filtering action.

  • Hardware-count (Failed)—The device has failed to apply the hardware-count feature for the default packet filtering action.

MAC default action

Packet filter default action for packets that do not match any Ethernet frame header ACLs:

  • Deny—The default action deny has been successfully applied for packet filtering.

  • Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions.

  • Permit—The default action permit has been successfully applied for packet filtering.

  • Hardware-count—The hardware-count feature has been successfully applied for the default packet filtering action.

  • Hardware-count (Failed)—The device has failed to apply the hardware-count feature for the default packet filtering action.

prev

 

up

 next

display acl hardware-mode 

home

 display packet-filter statistics

© Copyright 2014 Hewlett-Packard Development Company, L.P.