display packet-filter
Use display packet-filter to display whether an ACL has been successfully applied to an interface for packet filtering.
Syntax
In standalone mode:
display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ slot slot-number ] }
In IRF mode:
display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ chassis chassis-number slot slot-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
global: Specifies all physical interfaces.
interface [ interface-type interface-number ]: Specifies an interface by its type and number. VLAN interfaces are not supported. If no interface is specified, the command displays ACL application information on all interfaces except VLAN interfaces for packet filtering.
interface vlan-interface vlan-interface-number: Specifies a VLAN interface by its number.
vlan [ vlan-id ]: Specifies a VLAN by its ID. If no VLAN is specified, the command displays ACL application information in all VLANs for packet filtering.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
slot slot-number: Specifies a card by its slot number. If no slot is specified, the command displays ACL application information on the main board for packet filtering. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application information for packet filtering on all main boards of the IRF fabric. (In IRF mode.)
Usage guidelines
If neither the inbound keyword nor the outbound keyword is specified, this command displays the ACL application information for both incoming and outgoing packet filtering.
Examples
# Display ACL application information for incoming and outgoing packet filtering in VLAN 2.
<Sysname> display packet-filter vlan 2 VLAN: 2 In-bound policy: ACL 2001 ACL6 2001 ACL 4001 IPv4 default action: Deny IPv6 default action: Deny MAC default action: Deny Out-bound policy: ACL6 2001 (Failed) IPv6 default action: Deny (Failed)
# Display ACL application information for incoming packet filtering on interfaces GigabitEthernet 3/0/1.
<Sysname> display packet-filter interface gigabitethernet 3/0/1 inbound Interface: GigabitEthernet3/0/1 In-bound policy: ACL 2001 ACL6 2002 (Failed) ACL 4003 (Failed), Hardware-count (Failed) ACL 2004, Hardware-count (Failed) IPv4 default action: Deny, Hardware-count
# Display ACL application information for incoming and outgoing packet filtering on all physical interfaces.
<Sysname> display packet-filter global Global: In-bound policy: ACL 2001 ACL6 2001 ACL 4001 IPv4 default action: Deny (Failed) IPv6 default action: Deny (Failed) MAC default action: Deny Out-bound policy: ACL 4001, Hardware-count MAC default action: Deny
Table 3: Command output
Field | Description |
---|---|
Interface | Interface to which the ACL applies. |
VLAN | VLAN to which the ACL applies. |
Global | ACL application for packet filtering on all physical interfaces. |
In-bound policy | ACL used for filtering incoming traffic. |
Out-bound policy | ACL used for filtering outgoing traffic. |
ACL 2001 | IPv4 basic ACL 2001 has been successfully applied. |
ACL6 2002 (Failed) | The device has failed to apply IPv6 basic ACL 2002. |
Hardware-count | Successfully enables counting ACL rule matches. |
Hardware-count (Failed) | The device has failed to enable counting ACL rule matches. |
IPv4 default action | Packet filter default action for packets that do not match any IPv4 ACLs:
|
IPv6 default action | Packet filter default action for packets that do not match any IPv6 ACLs:
|
MAC default action | Packet filter default action for packets that do not match any Ethernet frame header ACLs:
|