No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring MQC

Configuring MQC

This section describes how to configure MQC.

Configuring a Traffic Classifier

Pre-configuration Tasks
Before configuring a traffic classifier, complete the following tasks:
  • Configuring link layer attributes of interfaces to ensure that the interfaces work properly

  • Configuring an ACL if the ACL needs to be used to classify traffic

Configuration Process

The rules that do not conflict can be configured in a traffic classifier.

Procedure
  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    traffic classifier classifier-name [ type { and | or } ]

    A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.

    and indicates that rules are ANDed with each other.
    • If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.

    • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

    or indicates that rules are ORed with each other. Packets match a traffic classifier as long as packets match one rule of the traffic classifier.

    By default, the relationship between rules in a traffic classifier is OR.

  3. Run the following commands as required.

    Matching Rule

    Command

    Remarks

    Inner VLAN IDs in QinQ packets

    if-match inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

    -

    802.1p priority in VLAN packets

    if-match 8021p 8021p-value &<1-8>

    Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of 802.1p priorities, the packet that matches one 802.1p priority matches the traffic classifier.

    Inner 802.1p priority in QinQ packets

    if-match inner-8021p 8021p-value &<1-8>

    -

    Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

    if-match vlan start-vlan-id [ to end-vlan-id ] [ inner-vlan inner-vlan-id ] or if-match vlan vlan-id [ inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ] ]

    -

    Drop packet

    if-match discard

    -

    Double tags in QinQ packets

    if-match double-tag

    -

    Destination MAC address

    if-match destination-mac mac-address [ mac-address-mask ]

    -

    Source MAC address

    if-match source-mac mac-address [ mac-address-mask ]

    -

    Protocol type field encapsulated in the Ethernet frame header

    if-match l2-protocol { arp | ip | rarp | protocol-value }

    -

    All packets

    if-match any

    -

    DSCP priority in IP packets

    if-match [ ipv6 ] dscp dscp-value &<1-8>

    • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of DSCP priorities, the packet that matches one DSCP priority matches the traffic classifier.

    • If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

    IP precedence in IP packets

    if-match ip-precedence ip-precedence-value &<1-8>

    • The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

    • Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if you enter multiple values of IP priorities, the packet that matches one IP priority matches the traffic classifier.

    SYN Flag in the TCP packet header

    if-match tcp-flag { tcp-flag-value | { ack | fin | psh | rst | syn | urg }* }

    -

    Outbound interface

    if-match outbound-interface interface-type interface-number

    The traffic policy containing this matching rule cannot be applied to the outbound direction.

    ACL rule

    if-match acl { acl-number | acl-name }

    NOTE:

    When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.

    Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if an ACL defines many rules, the packet that matches a single ACL rule matches the ACL.

    ACL6 rule

    if-match ipv6 acl { acl-number | acl-name }

    NOTE:

    When an ACL6 is used to define a traffic classification rule, it is recommended that the ACL6 be configured first.

    -

  4. Run:

    commit

    The configuration is committed.

  5. Run:

    quit

    The traffic classifier view is quitted.

Configuring a Traffic Behavior

Pre-configuration Tasks
Before configuring a traffic behavior, complete the following tasks:
  • Configuring link layer attributes of interfaces to ensure that the interfaces work properly

Background

The device supports actions including packet filtering, priority re-marking, redirection, traffic policing, and traffic statistics.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    traffic behavior behavior-name

    A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.

  3. Define actions in the traffic behavior. You can configure actions that do not conflict in a traffic behavior.

    Action

    Command

    Remarks

    Packet filtering

    deny | permit

    -

    Priority re-marking by MQC

    remark 8021p { 8021p-value | inner-8021p }

    remark dscp { dscp-name | dscp-value }

    remark local-precedence { local-precedence-name | local-precedence-value } [ green | yellow | red ]

    • In a traffic policy, different priorities cannot be re-marked.

    • remark dscp is valid for packets forwarded at Layer 3.
    • remark 8021p is valid for packets forwarded at Layer 2.

    Redirection

    redirect cpu

    redirect interface interface-type interface-number

    The traffic policy containing redirection cannot be used in the outbound direction.

    Traffic policing by MQC

    car cir cir-value [ kbps | mbps | gbps ] [ pir pir-value [ kbps | mbps | gbps ] ] [ cbs cbs-value [ bytes | kbytes | mbytes ] pbs pbs-value [ bytes | kbytes | mbytes ] ] [ share ] [ mode { color-blind | color-aware } ] [ green pass [ service-class class color color-value ] | yellow { discard | pass [ service-class class color color-value ] } | red { discard | pass [ service-class class color color-value ] } ]*

    -

    Hierarchical traffic policing

    car car-name share

    The traffic policy containing car share cannot be used in the outbound direction.

    Flow mirroring by MQC

    mirroring observe-port observe-port-index

    The traffic policy containing mirroring observe-port cannot be used in the outbound direction.

    Disabling URPF

    ip urpf disable

    The traffic policy containing ip urpf disable cannot be used in the outbound direction.

    Unicast PBR

    redirect [ vpn-instance vpn-instance-name ] nexthop ip-address &<1-16>

    redirect ipv6 [ vpn-instance vpn-instance-name ] nexthop ipv6-address &<1-16>

    redirect load-balance [ vpn-instance vpn-instance-name ] nexthop ip-address &<1-10>

    redirect ipv6 load-balance [ vpn-instance vpn-instance-name ] nexthop ipv6-address &<1-10>

    The traffic policy containing unicast PBR cannot be used in the outbound direction.

    Disabling MAC address learning

    mac-address learning disable

    The traffic policy containing mac-address learning disable cannot be used in the outbound direction.

    VLAN mapping

    vlan-mapping { vlan vlan-id | inner-vlan inner-vlan-id }

    -

    QinQ by MQC

    vlan-stacking vlan vlan-id

    The traffic policy containing vlan stacking cannot be used in the outbound direction.

    Traffic statistics

    statistics enable

    -

  4. Run:

    commit

    The configuration is committed.

  5. Run:

    quit

    The traffic behavior view is quitted.

Configuring a Traffic Policy

Pre-configuration Tasks
Before configuring a traffic policy, complete the following tasks:
Procedure
  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    traffic policy policy-name

    A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

  3. Run:

    classifier classifier-name behavior behavior-name [ precedence precedence-value ]

    A traffic behavior is bound to a traffic classifier in a traffic policy.

  4. Run:

    commit

    The configuration is committed.

  5. Run:

    quit

    The traffic policy view is quitted.

Applying the Traffic Policy

Pre-configuration Tasks
Before configuring a traffic policy, complete the following task:
Procedure
  • Applying a traffic policy to an interface
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. Run:

      traffic-policy policy-name { inbound | outbound }

      A traffic policy is applied to the interface.

    4. Run:

      commit

      The configuration is committed.

  • Applying a traffic policy to a VLAN
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vlan vlan-id

      The VLAN view is displayed.

    3. Run:

      traffic-policy policy-name { inbound | outbound }

      A traffic policy is applied to the VLAN.

      After a traffic policy is applied, the system performs traffic policing for the packets that belong to a VLAN and match traffic classification rules in the inbound or outbound direction.

    4. Run:

      commit

      The configuration is committed.

  • Applying a traffic policy to the system
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

      A traffic policy is applied to the system.

    3. Run:

      commit

      The configuration is committed.

Checking the Configuration

Procedure
  • Run the display traffic classifier [ classifier-name ] command to check the traffic classifier configuration on the device.
  • Run the display traffic behavior [ behavior-name ] command to check the traffic behavior configuration on the device.
  • Run the display traffic policy [ policy-name [ classifier classifier-name ] ] command to check the traffic policy configuration on the device.

  • Run the display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id ] [ inbound | outbound ] command to check the record of the specified traffic policy.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 59692

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next