display acl resource

Function

The display acl resource command displays information about ACL resources.

Format

display acl resource [ slot slot-id ]

Parameters

Parameter	Description	Value
slot slot-id	This parameter specifies the slot ID if stacking is not configured. This parameter specifies the stack ID if stacking is enabled.	The value is an integer. The value range depends on the configuration of a device.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

ACL resources are related to hardware chips. The following are types of ACL resources:

ACL entries: Each ACL entry stores an ACL rule.
Meter/Car: a traffic control table used to limit the traffic rate. The meter/car must be used with ACL entries.
Counter: a traffic counter table used to collect traffic statistics. The counter must be used with ACL entries.

If ACL configuration fails, all the ACL resources on the device may have been used up. You can run the display acl resource command to check whether there are available ACL resources (including ACL4 and ACL6).

Precautions

After ACL is applied to the S2720-EI, S5720-LI, S5720S-LI, S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI, the ACL resources are applied to both incoming and outgoing traffic. For example, if a traffic policy is applied to only the incoming traffic, the Outbound-ACL value and Inbound-ACL value in the display acl resource command output are the same.
On the S5720-EI, S6720-EI, and S6720S-EI, ACL resources are divided in slice mode. On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, and S5735-S-I, ACL resources are divided in block mode. Each slice and block contains a certain number of ACL resources. Different types of services apply for different slices or blocks when ACLs are applied. When ACL resource insufficiency is displayed while ACL resources are applied to a service, but the Free field shows there are still free ACL resources, this indicates that ACL resources in the slice or block occupied by the service are insufficient, and new slices or blocks cannot be obtained. The free resources in the Free field are ACL resources in the slice or block occupied by other services.

Example

# Display information about ACL resources in slot 0 (S6720-LI is used as an example).

<HUAWEI> display acl resource slot 0
Slot  0
XGigabitEthernet0/0/1 to XGigabitEthernet0/0/24
40GE0/0/1
40GE0/0/2
                     Vlan-ACL    Inbound-ACL    Outbound-ACL   Reserved-ACL
---------------------------------------------------------------------------
  Rule Used                0           30            30        124
  Rule Free              512         2018          2018        388
  Rule Total             512         2048          2048        512

  Meter Used               0            0             0          0
  Meter Free               0         1536          2048          0
  Meter Total              0         1536          2048          0

  Counter Used             0            0             0          0
  Counter Free             0         1536          2048          0
  Counter Total            0         1536          2048          0
---------------------------------------------------------------------------

# Display information about ACL resources in slot 0 (S5720-HI is used as an example).

<HUAWEI> display acl resource slot 0
Slot  0
GigabitEthernet0/0/1 to GigabitEthernet0/0/48
XGigabitEthernet0/0/1 to XGigabitEthernet0/0/4
                    Used          Free         Total
-----------------------------------------------------------------------------
  ACL Unallocated   -             -            20480
  ACL Allocated     147           365          511
    Vlan    ACL     1             -            -
    Sec     ACL     146           -            -

  EXT Unallocated   -             -            8192
  EXT Allocated     0             0            0

  Car               260           32508        32768
  Counter           144           65392        65536
-----------------------------------------------------------------------------

# Display information about ACL resources in slot 0 (S5720-EI is used as an example).

<HUAWEI> display acl resource slot 0
Slot  0
GigabitEthernet0/0/1 to GigabitEthernet0/0/48
XGigabitEthernet0/0/1 to XGigabitEthernet0/0/4
                   Used          Free         Total
----------------------------------------------------------------------------
  VACL Slice       1             3            4      
  VACL             8             2040         2048

  IACL Slice       11            1            12   
  IACL Unallocated -             -            3072
  IACL Allocated   -             -            1024
    Srv    ACL     10            502          512
    Sec    ACL     348           164          512

  EACL Slice       0             4            4  
  EACL Unallocated -             -            1024
  EACL Allocated   -             -            0

  Ingress Meter    36            4060         4096
  Egress  Meter    0             1024         1024
  Ingress Counter  155           3941         4096
  Egress  Counter  0             1024         1024

  Ingress UDF      0             8            8
----------------------------------------------------------------------------

# Display information about ACL resources in slot 0 (S5735-S is used as an example).

<HUAWEI> display acl resource slot 0
Slot  0                                                                                                                             
GigabitEthernet0/0/1 to GigabitEthernet0/0/16                                                                                       
                       Used          Free         Total                                                                             
-----------------------------------------------------------------------------                                                       
  VACL Block           2             -            -                                                                                 
  IACL Block           25            -            -                                                                                 
  EACL Block           3             -            -                                                                                 
  Block                30            2            32                                                                                
  ACL Unallocated      -             -            256                                                                               
  ACL Allocated        2370          1470         3840                                                                              
    Ingress L2ACL      2049          127          2176                                                                              
    Sec     VACL       4             252          256                                                                               
    Sec     IACL       240           784          1024                                                                              
    Sec     EACL       77            307          384                                                                               

  Car                  44            468          512                                                                               
-----------------------------------------------------------------------------

**Table 1** Description of the **display acl resource** command output
Item	Description
Slot	Stack ID.
GigabitEthernet 0/0/1 to GigabitEthernet 0/0/x XGigabitEthernet 0/0/1 to XGigabitEthernet 0/0/x	Interface to which an ACL is applied.
Vlan-ACL	Inbound ACL resources delivered before Layer 2 forwarding process starts. For the services related to VLAN translation, for example, VLAN mapping (configured by using the port vlan-mapping vlan map-vlan command) and VLAN stacking (configured by using the port vlan-stacking command), the device delivers Vlan-ACL resources. When a traffic policy is applied to the inbound direction and bound to a traffic behavior containing a VLAN-related action (except remark 8021p), for example, if the action in a traffic behavior is to remark the VLAN tag on VLAN packets (configured by using the remark vlan-id command), the device delivers Vlan-ACL resources. This applies to the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S.
Inbound-ACL	Inbound ACL resources delivered after Layer 3 forwarding process is complete. Generally, the device delivers Inbound-ACL resources in either of the following situations: The ACL is applied to a service irrelevant to direction, for example, a user group. The traffic policy is applied to the inbound direction and contains a traffic behavior irrelevant to VLAN.
Outbound-ACL	ACL resources in outbound direction. The device delivers Outbound-ACL resources when the traffic policy applied to the outbound direction contains a traffic behavior which is not mirroring to observe-port. If the traffic behavior contained in the traffic policy is mirroring to observe-port, the device delivers Inbound-ACL resources.
Reserved-ACL	ACL resources reserved for CPCAR.
Rule Used	Number of used ACL rules.
Rule Free	Number of free ACL rules.
Rule Total	Total number of ACL rules.
Meter Used	Number of used rate limiting resources.
Meter Free	Number of idle rate limiting resources.
Meter Total	Total number of rate limiting resources.
Counter Used	Number of used counters.
Counter Free	Number of free counters.
Counter Total	Total number of counters, including those for collecting statistics on traffic policies, VLAN traffic, VLANIF interface traffic, and packets sent to the CPU.
Car	Traffic monitoring resources.
Counter	Traffic statistics collection resources.
Used	Number of used resources.
Free	Number of free resources.
Total	Total number of resources.
ACL Unallocated	Unallocated common ACL resources.
ACL Allocated	Number of ACL resources: Vlan ACL: ACL resources used by VLAN. Ingress ACL: Resources used by inbound traffic policy, ACL-based simplified traffic policy, and IPSG. Egress ACL: Resources used by outbound traffic policy and ACL-based simplified traffic policy. Ingress UCL: Resources used by traffic from user terminals to switch. Egress UCL: Resources used by traffic from switch to user terminals. Srv ACL: Resources used by inbound and outbound iPCA and voice VLAN. Sec ACL: Inbound secure ACL resources.
EXT Unallocated	Unallocated extended ACL resources.
EXT Allocated	Number of extended ACL resources: Ingress ACL: Resources used by inbound traffic policy and ACL-based simplified traffic policy. Egress ACL: Resources used by outbound traffic policy and ACL-based simplified traffic policy.
VACL Slice	Inbound slice resources delivered before Layer 2 forwarding process starts.
VACL	Inbound ACL resources delivered before Layer 2 forwarding process starts.
IACL Slice	Inbound slice resources.
IACL Unallocated	Unallocated inbound ACL resources.
IACL Allocated	Inbound ACL resources are allocated, including: L2 ACL: ACL resources of L2 type. IPv4 ACL: ACL resources of IPv4 type. IPv6 ACL: ACL resources of IPv6 type. L2IPv4 ACL: ACL resources of L2 IPv4 type. L2IPv6 ACL: ACL resources of L2 IPv6 type. UDF ACL: user-defined ACL resources. Srv ACL: ACL resources of service type. Sec ACL: ACL resources of security type. Ext ACL: extended ACL resources.
EACL Slice	Outbound slice resources.
EACL Unallocated	Unallocated outbound ACL resources.
EACL Allocated	Outbound ACL resources are allocated, including: L2 ACL: ACL resources of L2 type. IPv4 ACL: ACL resources of IPv4 type. IPv6 ACL: ACL resources of IPv6 type. L2IPv4 ACL: ACL resources of L2 IPv4 type. L2IPv6 ACL: ACL resources of L2 IPv6 type. UDF ACL: user-defined ACL resources. Srv ACL: ACL resources of service type. Ext ACL: extended ACL resources.
Ingress Meter	Inbound rate limiting resources.
Egress Meter	Outbound rate limiting resources.
Ingress Counter	Inbound statistics collection resources.
Egress Counter	Outbound statistics collection resources.
Ingress UDF	Inbound user-defined ACL resources.
VACL Block	Inbound block resources delivered before Layer 2 forwarding process starts.
IACL Block	Inbound block resources.
EACL Block	Outbound block resources.
Block	Total number of block resources.