No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Packet Filtering Firewall Fails Because of Invalid ACL Configuration

Packet Filtering Firewall Fails Because of Invalid ACL Configuration

Common Causes

This fault is commonly caused by one of the following:

  • An incorrect ACL number is referenced.

  • The ACL rules are incorrect.

Troubleshooting Flowchart

Figure 22-6 shows the troubleshooting flowchart.

Figure 22-6  Troubleshooting flowchart for a packet filtering firewall failure

Troubleshooting Procedure


Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide technical support personnel.


  1. Check that the ACL referenced by the packet filtering firewall is configured correctly.

    Run the display firewall interzone command to view the referenced ACL number and direction in which the ACL is applied. Multiple ACLs may exist on the firewall. Ensure that the correct ACL is referenced.

    • If the ACL number or direction is incorrect, run the undo packet-filter { acl-number | default { deny | permit }} { inbound | outbound } command in the interzone view to disable packet filtering. Then run the packet-filter { acl-number | default { deny | permit }} { inbound | outbound } command to reconfigure the packet filtering function.

    • If the ACL number and direction are correct, run the display acl command to check the configuration of ACL rules. If the ACL rules are incorrect, modify them. If the ACL rules are correct, go to 2.

  2. Collect the following information and contact technical support personnel:

    • Results of the preceding troubleshooting procedure

    • Configuration files, log files, and alarm files of the switches

Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 448287

Downloads: 4305

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next