Re: Enable ACL hit count Comware7 ?

drolfe · ‎03-22-2016

HI, I've enable info-center

On my acl rules I have tried both logging and logging counting

I can see the below in my buffer

%Mar 23 05:16:54:144 2016 HP-5900-Stack ACL/6/PFILTER_STATIS_INFO: -Slot=2; Ten-GigabitEthernet2/0/46 (outbound): Packet-filter 3200 rule 1260 deny ip destination X.X.X.X 0 logging 8 packet(s).

But when I run

dis acl number 3200

No hits are showing, what am I missing here ?

16again · ‎03-23-2016

On Cisco equipment I ran into this as well.
It seems like acl hit count will only increment for ACLs applied to control plane (like snmp /telnet http access of switch) but not when applied to data plane.

drolfe · ‎03-23-2016

HI, Thanks for the reply,

I was thinking the same except...

The log show the hit count per a 5 minute interval so why can't I see it on the ACL

%Mar 23 05:16:54:144 2016 HP-5900-Stack ACL/6/PFILTER_STATIS_INFO: -Slot=2; Ten-GigabitEthernet2/0/46 (outbound): Packet-filter 3200 rule 1260 deny ip destination X.X.X.X 0 logging 8 packet(s).

Regards, Daniel

aroman · ‎06-11-2018

It seems on Comware v7, you need to use this command instead:

display packet-filter statistics interface <inteface type> >interface ID> {inbound | outbound}

reybilan · ‎03-06-2019

It doesn't show if the acl is being hit. Any configs that we need to add on the VLAN interface for this to work?

<switch>disp version
HP Comware Software, Version 7.1.045, Release 2311P01

<switch>display packet-filter verbose int vlan6 outbound
Interface: Vlan-interface6
Out-bound policy:
ACL 3006
rule 1 permit tcp destination 10.128.6.0 0.0.0.255 established logging
rule 3 permit tcp source 10.128.7.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
rule 4 permit tcp source 10.130.7.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
rule 5 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 22
rule 7 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 443
rule 9 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
rule 10 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 445
rule 15 permit tcp source 10.128.0.0 0.0.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 443
rule 16 permit tcp source 10.128.17.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 8443
rule 20 permit ip source 10.128.9.0 0.0.0.255 destination 10.128.6.0 0.0.0.255

rey bilan

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Enable ACL hit count Comware7 ?

Enable ACL hit count Comware7 ?