Why is the statistics displayed in the display acl command output 0 after a traffic policy defining an ACL rule and traffic statistics is applied and traffic matches the ACL rule


The display acl command displays statistics on traffic sent to the control plane.
The traffic statistics collection function in traffic policies is used to collect statistics on traffic on the forwarding plane. Statistics on traffic sent to the control plane is not collected.
After a traffic policy defining an ACL rule and traffic statistics is applied and traffic matches the ACL rule, the statistics displayed in the display acl command output is 0.
Run the display traffic-policy statistics command to view statistics on traffic matching a traffic policy applied to an interface.

Other related questions:
After a traffic policy is configured on an S series switch, two more ACL rules are occupied based on the display acl resource command output. Why
Packets sent by an S series switch to the CPU for processing and packets for inter-board communication exist on the switch. To prevent these packets from being affected by the traffic policy, the switch delivers two ACL rules before delivering the traffic policy.

Matching rules of ACL
The display order of ACL rules determines the ACL matching principles. During ACL matching, a look-up is performed from the first rule displayed in the ACL. When one rule matches, the look-up is completed. The earlier a rule is displayed, the easier for it to be matched. The factors that determine the display order are the rule ID and matching methods. Matching methods include matching in configuration order or in automatic order. If the configuration order is used, the matching will be performed according to the order in which the ACL rules are configured. Rule IDs can be set by users, or can be automatically generated by the system based on the step, which is convenient for rule maintenance and insertion of new rules. For example, the default step of ACL is 5. If the user does not set a rule ID, the first rule ID automatically generated by the system is 5. When the user needs to insert a new rule before rule 5, a rule ID smaller than 5 can be set. The new rule now is the first rule. If the automatic order is used, the system automatically generates rule IDs, and ranks the rules with the highest precision to the top of the list. This can be achieved by comparing the length of the wildcard characters of addresses. The shorter the length is, the smaller the assigned NE range is.

ACL configuration on S series switch
An ACL filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. The S series switch supports basic ACL (2000-2999), advanced ACL (3000-3999), Layer 2 ACL (4000-4999), user-defined ACL (5000-5999), USER acl (6000-9999), basic ACL6 (2000-2999), and advanced ACL6 (3000-3999). For more information about the ACL feature supported by S series switches, except S1700, click S1720&S2700&S3700&S5700&S6700&S7700&S9700 Common Operation Guide or S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top