About the problem that the number of entries in the ACL of the Huawei 5700 vswitch is 0, disable weiacl
For a stream policy, you can add a count action to count packets matching the ACL. The matched in the display acl displays statistics on packets matching the master CPU, rather than the statistical count of the stream policy. Therefore, when a large number of packets matching the ACL are passed, the count of the command display acl is always 0. Some packets that match the ACL do not necessarily match the master CPU. Therefore, these packets are not counted.
Solution:
Statistic enable must be enabled under traffic behavior
Enable the traffic policy under the corresponding vlan in the acl entry
Test the number of ACLs in vlan 315:
1. traffic Configuration
Traffic classifier DB1 operator and
If-match ACLs DB-permit1
Traffic classifier DB2 operator and
If-match ACLs DB-deny1
Traffic classifier DB3 operator and
#
Traffic behavior deny
Deny
Statistic enable
Traffic behavior permit
Permit
Statistic enable
#
---------------------------------------------------------------------------
The difference between permit and deny on traffic behavior.
Permit indicates that the data is allowed according to the acl DB rules. If the database permits this permission, it is forbidden.
However, if deny is used, permit or deny in DB rules are discarded and not forwarded.
----------------------------------------------------------------------------
Traffic policy DB
Classifier DB1 behavior permit
Classifier DB2 behavior deny
2. enable policy in vlan 315
Vlan 315
Traffic-policy DB outbound
3. view the number of ACLs
Display traffic policy statistics vlan 315 outbound