Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
How to check detail infor...

How to check detail information about ACL matching?

Created: Nov 29, 2021 14:07:18Latest reply: Nov 30, 2021 03:22:37 483 4 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello, everyone. I need to check detail information about ACL matching on Huawei devices, with source and destination addresses and ports. Like this: 

list 3000 denied tcp

177.43.231.16(45791) -> 192.168.1.10(8080), 1 packet), 1 packet)

 How can I do this?

ACLIPHCIA-DatacomHCIA routing and swi

Like (0) Dislike (0) Favorite(0) Share Report
Previous: High CRC error when connecting to a certain interface in a switch
Next: Can the OSXD22N00 and OMXD30000 be interconnected?
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Nov 30, 2021 03:22:37

Posted by user_4151287 at 2021-11-29 14:32 Posted by chenhui at 2021-11-29 14:32Hi,You can execute the command display acl to review the matchi ...

Well, it's not supported to do that on the router and switch devices yet.

However, if you are using the USG firewall, you can configure the firewall to log the packet discarding logs. Please refer to the example CLI: Example for Outputting Packet Loss Logs to a Third-Party Log Host.

View more
  • x
  • convention:
All Answers
(0) (0)
2#
little_fish
little_fish Admin Created Nov 29, 2021 14:08:03

Hello, friend!
It's nice to meet you in the community.
We're working on getting the right answer for you.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Nov 29, 2021 14:29:26

Hi,

You can execute the command display acl to review the matching results. Please check the example below:

<Huawei> display acl name test

Advanced ACL test 3999, 1 rule, match-order is auto

Acl's step is 5

 rule 5 permit ip destination 10.10.10.1 0 (2 matches)

View more
  • x
  • convention:
(0) (0)
4#
user_4151287
user_4151287 Created Nov 29, 2021 14:32:52

Posted by chenhui at 2021-11-29 14:29Hi,You can execute the command display acl to review the matching results. Please check the example  ...

But I need information about dropped packet (source and dest addresses and ports), and I cannot see it in this output

Like this:

<SwCore759>display log | i 3007
Logging buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 512
Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 3500
Current messages : 512

Sep 21 2017 17:15:44+02:00 SwCore759 %ACLE/4/ACLLOG(l)[0]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(48312) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:27+02:00 SwCore759 %ACLE/4/ACLLOG(l)[6]:Slot=2;Acl 3007 deny GigabitEthernet2/0/32 00e0-4b5b-dfc1 -> ffff-ffff-ffff udp 10.116.78.73(55066) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:24+02:00 SwCore759 %ACLE/4/ACLLOG(l)[8]:Slot=2;Acl 3007 deny GigabitEthernet2/0/29 00e0-4b5b-d6b2 -> ffff-ffff-ffff udp 10.116.78.75(55048) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:22+02:00 SwCore759 %ACLE/4/ACLLOG(l)[9]:Slot=2;Acl 3007 deny GigabitEthernet2/0/31 00e0-4b5b-e059 -> ffff-ffff-ffff udp 10.116.78.72(34856) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:13+02:00 SwCore759 %ACLE/4/ACLLOG(l)[11]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(58832) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:57+02:00 SwCore759 %ACLE/4/ACLLOG(l)[31]:Slot=2;Acl 3007 deny GigabitEthernet2/0/32 00e0-4b5b-dfc1 -> ffff-ffff-ffff udp 10.116.78.73(57574) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:54+02:00 SwCore759 %ACLE/4/ACLLOG(l)[32]:Slot=2;Acl 3007 deny GigabitEthernet2/0/29 00e0-4b5b-d6b2 -> ffff-ffff-ffff udp 10.116.78.75(59760) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:52+02:00 SwCore759 %ACLE/4/ACLLOG(l)[33]:Slot=2;Acl 3007 deny GigabitEthernet2/0/31 00e0-4b5b-e059 -> ffff-ffff-ffff udp 10.116.78.72(34466) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:44+02:00 SwCore759 %ACLE/4/ACLLOG(l)[34]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(43828) -> 255.255.255.255(2153) (1 packet).

View more
  • x
  • convention:
(0) (0)
5#
chenhui
chenhui Admin Created Nov 30, 2021 03:22:37

Posted by user_4151287 at 2021-11-29 14:32 Posted by chenhui at 2021-11-29 14:32Hi,You can execute the command display acl to review the matchi ...

Well, it's not supported to do that on the router and switch devices yet.

However, if you are using the USG firewall, you can configure the firewall to log the packet discarding logs. Please refer to the example CLI: Example for Outputting Packet Loss Logs to a Third-Party Log Host.

View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.