display acl

Function

The display acl command displays information about rules of a specified or all ACLs and packet matching statistics.

Format

display acl { name acl-name | all }

display acl basic-acl-number

display acl advance-acl-number

display acl interface-based-acl-number

display acl ucl-acl-number

display acl mpls-acl-number

display acl numberLink

Parameters

Parameter Description Value
name acl-name

Specifies the name of an ACL.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported. The name must start with a letter or digit, and cannot contain only digits.
all

Displays information about all ACLs.

-
basic-acl-number

Specifies the number of an ACL.

The value is an integer ranging from 2000 to 2999, the number of a basic ACL ranges from 2000 to 2999.
advance-acl-number

Specifies the number of an ACL.

The value is an integer ranging from 3000 to 3999, the number of an advanced ACL ranges from 3000 to 3999.
interface-based-acl-number

Specifies the number of an ACL.

The value is an integer ranging from 1000 to 1999, the number of an interface ACL ranges from 1000 to 1999.
ucl-acl-number

Specifies the number of an ACL.

The value is an integer ranging from 6000 to 9999, the number of a user ACL ranges from 6000 to 9999.
mpls-acl-number

Specifies the number of an ACL.

The value is an integer ranging from 10000 to 10999, the number of an MPLS-based ACL ranges from 10000 to 10999.
numberLink

Specifies the number of an ACL.

The value is an integer ranging from 4000 to 4999, the number of a Layer 2 ACL ranges from 4000 to 4999.

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name Operations
acl read

Usage Guidelines

Usage Scenario

You can run the display acl command for the following purposes:

  • To check details about a configured ACL.
  • To check whether an ACL is deleted using the undo acl command.
  • To check whether an ACL is referenced by a service and packet matching statistics.

Precautions

  • Before collecting ACL statistics in a certain period, run the reset acl counter command to clear historical statistics.
  • Rules in an ACL are displayed in ascending order of rule IDs.
  • This command can display only the matching status of the control packets processed by the CPU, but cannot display the matching status of the forwarded packets.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display rule information and packet matching statistics of an ACL numbered 2001.
<HUAWEI> display acl 2001
Basic ACL 2001, 2 rules, match-order is auto 
ACL's step is 5
 rule 5 permit source 10.1.1.1 0 (2 times matched)
 rule 10 permit source 10.2.1.1 0 (3 times matched)
Table 1 Description of the display acl command output
Item Description
Basic ACL 2001, 2 rules

Type and number of the ACL and number of rules in the ACL.
2 times matched

Number of times an ACL rule is matched. If this ACL is not referenced for any service, there is no matched times displayed.
ACL's step is 5

ACL's step, which is 5 by default.
rule 5 permit source 10.1.1.1 0

Detailed information about an ACL rule.
match-order is auto

ACL rule matching order. There are two ACL rule-matching orders: configuration order (config) and automatic order (auto).

  • config: ACL rules are matched in the order they are configured.

    This mechanism applies only when rule numbers are not specified. If rule numbers are specified, the ACL rules are matched based on the numbers in ascending order.

  • auto: ACL rules are matched based on the depth-first principle.
    • The depth-first principle matches ACL rules based on how precise the rules are.
    • The more matching criteria an ACL rule contains, the more precise the rule is.If two rules have the same precision, they are matched in the order they are configured.
Parent Topic: ACL Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >