Comware

 View Only

  • 1.  Enable ACL hit count Comware7 ?

    Posted Mar 23, 2016 01:56 AM

    HI, I've enable info-center

    On my acl rules I have tried both logging and logging counting 

    I can see the below in my buffer

    %Mar 23 05:16:54:144 2016 HP-5900-Stack ACL/6/PFILTER_STATIS_INFO: -Slot=2; Ten-GigabitEthernet2/0/46 (outbound): Packet-filter 3200 rule 1260 deny ip destination X.X.X.X 0 logging 8 packet(s).

    But when I run

    dis acl number 3200

    No hits are showing, what am I missing here ?



  • 2.  RE: Enable ACL hit count Comware7 ?

    Posted Mar 23, 2016 03:46 AM

    On Cisco equipment I ran into this as well.
    It seems like acl hit count will only increment for ACLs applied to control plane  (like snmp /telnet http access of switch) but not when applied to data plane. 



  • 3.  RE: Enable ACL hit count Comware7 ?

    Posted Mar 23, 2016 07:38 AM

    HI, Thanks for the reply,

    I was thinking the same except...

    The log show the hit count per a 5 minute interval so why can't I see it on the ACL

    %Mar 23 05:16:54:144 2016 HP-5900-Stack ACL/6/PFILTER_STATIS_INFO: -Slot=2; Ten-GigabitEthernet2/0/46 (outbound): Packet-filter 3200 rule 1260 deny ip destination X.X.X.X 0 logging 8 packet(s).

    Regards, Daniel

     



  • 4.  RE: Enable ACL hit count Comware7 ?

    Posted Jun 11, 2018 05:16 PM

    It seems on Comware v7, you need to use this command instead:

    display packet-filter statistics interface <inteface type> >interface ID> {inbound | outbound}



  • 5.  RE: Enable ACL hit count Comware7 ?

    Posted Mar 06, 2019 07:39 PM

    It doesn't show if the acl is being hit.  Any configs that we need to add on the VLAN interface for this to work?

     

    <switch>disp version
    HP Comware Software, Version 7.1.045, Release 2311P01

    <switch>display packet-filter verbose int vlan6 outbound
    Interface: Vlan-interface6
    Out-bound policy:
    ACL 3006
    rule 1 permit tcp destination 10.128.6.0 0.0.0.255 established logging
    rule 3 permit tcp source 10.128.7.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
    rule 4 permit tcp source 10.130.7.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
    rule 5 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 22
    rule 7 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 443
    rule 9 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 3389
    rule 10 permit tcp source 10.8.0.0 0.3.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 445
    rule 15 permit tcp source 10.128.0.0 0.0.255.255 destination 10.128.6.0 0.0.0.255 destination-port eq 443
    rule 16 permit tcp source 10.128.17.0 0.0.0.255 destination 10.128.6.0 0.0.0.255 destination-port eq 8443
    rule 20 permit ip source 10.128.9.0 0.0.0.255 destination 10.128.6.0 0.0.0.255



Related Content