Configuring a Traffic Classifier
Pre-configuration Tasks
Configure link layer attributes of interfaces to ensure that the interfaces work properly.
Configure an ACL if an ACL needs to be used to classify traffic.
Configuration Process
Non-conflicting rules can be configured in a traffic classifier.
Procedure
Run:
system-viewThe system view is displayed.
Run:
traffic classifier classifier-name [ operator { and | or } ]
A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.
and is the logical operator between the rules in the traffic classifier, which means that:If the traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.
If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only when they match all the rules in the classifier.
By default, the relationship between rules in a traffic classifier is AND.
- Configure matching rules according to the following table.
Matching Rule
Command
Remarks
Outer VLAN ID
if-match vlan-id start-vlan-id [ to end-vlan-id ] -
802.1p priority in VLAN packets
if-match 8021p 8021p-value &<1-8> If you enter multiple 802.1p priority values in one command, a packet matches the traffic classifier as long as it matches any one of the 802.1p priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
Destination MAC address
if-match destination-mac mac-address [ mac-address-mask ] -
Source MAC address
if-match source-mac mac-address [ mac-address-mask ] -
Protocol type field in the Ethernet frame header
if-match l2-protocol { arp | ip | mpls | rarp | protocol-value } -
All packets
if-match any After the if-match any command is run, only the matching rule configured using this command takes effect, and the other matching rules in the same traffic classifier will become ineffective.
DSCP priority in IP packets
if-match dscp dscp-value &<1-8>
If you enter multiple DSCP values in one command, a packet matches the traffic classifier as long as it matches any one of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
If the relationship between rules in a traffic classifier is AND, the if-match dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.
IP precedence in IP packets
if-match ip-precedence ip-precedence-value &<1-8> The if-match dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.
If you enter multiple IP precedence values in one command, a packet matches the traffic classifier as long as it matches any one of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
Layer 3 protocol type
if-match protocol { ip | ipv6 } -
SYN Flag in the TCP packet
if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }
-
Inbound interface
if-match inbound-interface interface-type interface-number A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.
ACL rule
if-match acl { acl-number | acl-name } - When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.
- If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
ACL6 rule
if-match ipv6 acl { acl-number | acl-name } Before specifying an ACL6 in a matching rule, configure the ACL6.
Run:
quitExit from the traffic classifier view.
