display packet-filter statistics
Use display packet-filter statistics to display match statistics and default action statistics of ACLs for packet filtering.
Syntax
display packet-filter statistics { global | interface interface-type interface-number | vlan vlan-id } { inbound | outbound } [ default | [ ipv6 ] { acl-number | name acl-name } ] [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
global: Displays the statistics of all physical interfaces.
interface interface-type interface-number: Displays the statistics of an interface specified by its type and number.
vlan vlan-id: Displays the statistics of a VLAN specified by its ID.
inbound: Displays the statistics in the inbound direction.
outbound: Displays the statistics in the outbound direction.
default: Displays the default action statistics for packet filtering.
acl-number: Specifies the number of an ACL:
2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified.
4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
5000 to 5999 for user-defined ACLs. This entry is not displayed if the ipv6 keyword is specified.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL. If you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL.
brief: Displays brief statistics.
Usage guidelines
When none of default, acl-number, and name acl-name is specified, this command displays match statistics and default action statistics of all ACLs for packet filtering.
If the ipv6 keyword is not specified, all ACLs refer to all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
If the ipv6 keyword is specified, all ACLs refer to all IPv6 basic and IPv6 advanced ACLs.
Examples
# Display match statistics and default action statistics of all ACLs (including IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs) for incoming packet filtering on GigabitEthernet 3/0/1.
<Sysname> display packet-filter statistics interface gigabitethernet 3/0/1 inbound Interface: GigabitEthernet3/0/1 In-bound policy: ACL 2001, Hardware-count From 2011-06-04 10:25:21 to 2011-06-04 10:35:57 rule 0 permit source 2.2.2.2 0 (2 packets) rule 5 permit source 1.1.1.1 0 (Failed) rule 10 permit vpn-instance test (No resource) Totally 2 packets permitted, 0 packets denied Totally 100% permitted, 0% denied ACL 2002 (Failed) ACL 4000 From 2011-06-04 10:25:34 to 2011-06-04 10:35:57 rule 0 permit ACL ipv6 2000 IPv4 default action: Deny, Hardware-count From 2011-06-04 10:25:21 to 2011-06-04 10:35:57 Totally 7 packets IPv6 default action: Deny, Hardware-count From 2011-06-04 10:25:41 to 2011-06-04 10:35:57 Totally 0 packets MAC default action: Deny, Hardware-count From 2011-06-04 10:25:34 to 2011-06-04 10:35:57 Totally 0 packets
# Display statistics of IPv4 advanced ACL 3000 for incoming packet filtering in VLAN 2.
<Sysname> display packet-filter statistics vlan 2 inbound 3000 VLAN: 2 In-bound policy: ACL 3000, Hardware-count (Failed) From 2011-06-04 10:25:34 to 2011-06-04 10:35:57 rule 0 permit source 2.2.2.2 0 rule 5 permit source 1.1.1.1 0 counting (2 packets) rule 10 permit vpn-instance test (Failed)
Table 4: Command output
Field | Description |
|---|---|
Interface | Interface to which the ACL applies. |
VLAN | VLAN to which the ACL applies. |
In-bound policy | ACL used for filtering incoming traffic. |
Out-bound policy | ACL used for filtering outgoing traffic. |
ACL 2001 | IPv4 basic ACL 2001 has been successfully applied. |
ACL 2002 (Failed) | The device has failed to apply IPv4 basic ACL 2002. |
Hardware-count | Successfully enables counting ACL rule matches. |
Hardware-count (Failed) | The device has failed to enable counting ACL rule matches. |
From 2011-06-04 10:25:21 to 2011-06-04 10:35:57 | Start time and end time of the statistics. |
2 packets | Two packets matched the rule. This field is not displayed when no packets matched the rule. |
No resource | Resource is not enough for counting matches for the rule. In accumulated packet filtering ACL statistics, this field is displayed for a rule when resource is not enough for counting matches for the rule in one application. |
rule 5 permit source 1.1.1.1 0 (Failed) | The device has failed to apply rule 5. |
Totally 2 packets permitted, 0 packets denied | Number of packets permitted and denied by the ACL. |
Totally 100% permitted, 0% denied | Ratios of permitted and denied packets to all packets. |
IPv4 default action | Packet filter default action for packets that do not match any IPv4 ACLs:
|
IPv6 default action | Packet filter default action for packets that do not match any IPv6 ACLs:
|
MAC default action | Packet filter default action for packets that do not match any Ethernet frame header ACLs:
|
Totally 7 packets | The default action has been executed for seven times. |
Related commands
reset packet-filter statistics