No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ACL-based Simplified Traffic Policy Commands

ACL-based Simplified Traffic Policy Commands

display traffic-filter applied-record

Function

The display traffic-filter applied-record command displays the record about ACL-based packet filtering.

Format

display traffic-filter applied-record

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display traffic-filter applied-record command displays the record about ACL-based packet filtering. The command output helps you check the ACL-based packet filtering configuration and locate faults.

Example

# Display the record about ACL-based packet filtering.

<Huawei> display traffic-filter applied-record
-----------------------------------------------------------                     
Interface                   Direction  AppliedRecord                            
-----------------------------------------------------------                     
GigabitEthernet0/0/1        inbound    acl 2000 
GigabitEthernet0/0/1        outbound   acl 3000         
-----------------------------------------------------------                     
Table 15-19  Description of the display traffic-filter applied-record command output

Item

Description

Interface

Interface to which ACL-based packet filtering is applied.

Direction

Direction in which ACL-based packet filtering is configured:
  • inbound: ACL-based packet filtering is configured in the inbound direction.

  • outbound: ACL-based packet filtering is configured in the outbound direction.

AppliedRecord

Record about ACL-based packet filtering.

display traffic-filter statistics

Function

The display traffic-filter statistics command displays statistics on ACL-based packet filtering on an interface.

Format

display traffic-filter statistics interface interface-type interface-number { inbound | outbound } [ verbose rule-base ]

display traffic-filter statistics interface virtual-template vt-number virtual-access va-number { inbound | outbound } [ verbose rule-base ]

Parameters

Parameter

Description

Value

interface interface-type interface-number

Displays statistics on packet filtering on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

virtual-template vt-number virtual-access va-number

Specifies the number of a virtual template interface.

Displays statistics on packet filtering on a specified virtual interface.
  • virtual-template vt-number specifies the number of a virtual template interface. The value is an integer that ranges from 0 to 1023.
  • virtual-access va-number specifies the number of a virtual access interface. The value is an integer that ranges from 0 to 1023.

-

inbound

Displays statistics on packet filtering in the inbound direction.

-

outbound

Displays statistics on packet filtering in the outbound direction.

-

verbose rule-base

Displays statistics on packets that are filtered based on ACL rules.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To view statistics on ACL-based packet filtering, run the display traffic-filter statistics command.

Prerequisites

ACL-based packet filtering has been configured using the traffic-filter (interface view) command.

Example

# Display statistics on outgoing packets that are filtered based on ACL on GE0/0/1.

<Huawei> display traffic-filter statistics interface gigabitethernet 0/0/1 outbound
-----------------------------------------------------------
  *interface GigabitEthernet0/0/1 outbound 
  Matched: 5,617(Packets) Passed: 0(Packets)  Dropped: 5,617(Packets) 

# Display statistics on outgoing packets that are filtered based on ACL rules on GE0/0/1.

<Huawei> display traffic-filter statistics interface gigabitethernet 0/0/1 outbound verbose rule-base
-----------------------------------------------------------                                                                         
  *interface GigabitEthernet0/0/1 outbound
 rule 5 permit icmp                                                                                                                 
  Passed Packet                         0,Passed Bytes                         0                                                    
  Dropped Packet                        0,Dropped Bytes                        0   
Table 15-20  Description of the display traffic-filter statistics command output

Item

Description

interface GigabitEthernet0/0/1 outbound

Packets matching the ACL rule are filtered in the outbound direction on GigabitEthernet0/0/1.

To filter packets based on an ACL, run the traffic-filter (interface view) command.

Matched

Number of packets matching ACL rules.

Passed

Number of forwarded packets matching ACL rules.

Dropped

Number of discarded packets matching ACL rules.

rule 5 permit icmp

Matched ACL rules.

Passed Packet

Number of forwarded packets matching ACL rules.

Passed Bytes

Number of forwarded bytes matching ACL rules.

Dropped Packet

Number of discarded packets matching ACL rules.

Dropped Bytes

Number of discarded bytes matching ACL rules.

reset traffic-filter statistics

Function

The reset traffic-filter statistics command clears statistics on ACL-based packet filtering on an interface.

Format

reset traffic-filter statistics interface interface-type interface-number { inbound | outbound }

reset traffic-filter statistics interface virtual-template vt-number virtual-access va-number { inbound | outbound }

Parameters

Parameter

Description

Value

interface interface-type interface-number

Clears statistics on packet filtering on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

virtual-template vt-number virtual-access va-number
Clears statistics on packet filtering on a specified virtual interface.
  • virtual-template vt-number specifies the number of a virtual template interface. The value is an integer that ranges from 0 to 1023.
  • virtual-access va-number specifies the number of a virtual access interface. The value is an integer that ranges from 0 to 1023.

-

inbound

Clears statistics on packet filtering in the inbound direction.

-

outbound

Clears statistics on packet filtering in the outbound direction.

-

Views

All views

Default Level

2: Configuration level

Usage Guidelines

Before recollecting statistics on ACL-based packet filtering on an interface, run the reset traffic-filter statistics command to clear the existing statistics. Wait for a period, and run the display traffic-filter statistics command to view the statistics on ACL-based packet filtering.

Example

# Clear statistics on ACL-based packet filtering on GE0/0/1.

<Huawei> reset traffic-filter statistics interface gigabitethernet 0/0/1 inbound

traffic-filter (interface view)

Function

The traffic-filter command applies an ACL to an interface to filter packets on the interface.

The undo traffic-filter command cancels the configuration.

By default, no ACL is applied to an interface to filter packets on the interface.

Format

traffic-filter { inbound | outbound } { acl | ipv6 acl } { acl-number | name acl-name }

undo traffic-filter { inbound | outbound } [ ipv6 acl ]

NOTE:

The AR510 series do not support ipv6 acl.

Parameters

Parameter

Description

Value

inbound

Configures ACL-based packet filtering in the inbound direction on an interface.

-

outbound

Configures ACL-based packet filtering in the outbound direction on an interface.

-

acl

Filters packets based on the IPv4 ACL.

-

ipv6 acl

Filters packets based on the IPv6 ACL.

-

acl-number

Specifies the number of an ACL.

The IPv4 ACL number ranges from 2000 to 4999, and the IPv6 ACL number ranges from 2000 to 3999.
  • The value of a basic ACL/ACL6 ranges from 2000 to 2999.
  • The value of an advanced ACL/ACL6 ranges from 3000 to 3999.
  • The value of a Layer 2 ACL ranges from 4000 to 4999.

name acl-name

Filters packets based on a specified named ACL. acl-name specifies the name of the ACL.

The value must be the name of an existing ACL.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-filter command is executed on an interface, the device filters packets matching ACL rules:

  • If the action in an ACL rule is deny, the device discards packets matching the rule.
  • If the action in an ACL rule is permit, the device forwards packets matching the rule.
  • If no rule is matched, packets are allowed to pass through.

Precautions

ACL-based packet filtering can be configured on the WAN interface and logical interface that provides Layer 3 functions.

NOTE:

When traffic-filter command is used on loopback interface, there has the following limitations:

  • Layer 2 ACLs cannot be used.
  • If the basic ACL based on the fragment flag is used, traffic-filter does not take effect.
  • If the advanced ACL based on gre, igmp, ipinip, and ospf is used, traffic-filter does not take effect.

If packets match an ACL rule with the deny action and a traffic policy (configured using the traffic-policy (interface view)) command simultaneously on an interface, the traffic policy does not take effect for the packets.

You can specify an empty ACL (ACL number) in this command, and configure this ACL later.

You can apply only one ACL in one direction on an interface to filter packets. Before modifying the ACL referenced by the traffic-filter command, run the undo traffic-filter command to cancel packet filtering based on this ACL.

Example

# On the Eth0/0/1, configure packet filtering based on the ACL that permits packets with source IP address 192.168.0.2/32.

<Huawei> system-view
[Huawei] acl 3000
[Huawei-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0
[Huawei-acl-adv-3000] quit
[Huawei] interface ethernet 0/0/1
[Huawei-Ethernet0/0/1] traffic-filter inbound acl 3000
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90183

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next