Licensing Requirements and Limitations for ACL-based Simplified Traffic Policies

Involved Network Elements

Other network elements are not required.

Licensing Requirements

The ACL-based simplified traffic policy is a basic feature of a switch and is not under license control.

Version Requirements

Table 9-1 describes the products and versions supporting the ACL-based simplified traffic policy.

To know details about software mappings, see Hardware Query Tool.

Feature Limitations

• During configuration of an ACL-based simplified traffic policy:

  • If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.

  • If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.

• If traffic-limit, traffic-redirect , traffic-remark, traffic-statistic, or traffic-mirror is configured, the switch performs actions defined in the simplified traffic policy for packets, regardless of whether the packets match the permit or deny rule in the ACL. To filter out packets matching the deny rule, you must also configure traffic-filter or traffic-secure.

• When multiple ACL-based simplified traffic policies are configured on an interface, in a VLAN, or in the system and the ACL referenced by one ACL-based simplified traffic policy changes, all ACL-based simplified traffic policies will become invalid temporarily.
• If the traffic-redirect (interface view) or traffic-redirect (system view) command is executed to redirect traffic to an interface, you are advised to use ACL rules to match Layer 2 traffic.
• Outbound ACL-based packet filtering, traffic policing, re-marking, or traffic statistics on an interface does not take effect on the switch in the following situations:
  • Outbound ACL-based packet filtering, traffic policing, re-marking, or traffic statistics is configured, and the ACL is based on VLAN IDs.
  • VLAN mapping is also configured on the interface, and the mapped VLAN ID is the same as the VLAN ID in the ACL.

• If an MQC-based traffic policy and an ACL-based simplified traffic policy matching the same ACL are applied to the same object, the ACL-based simplified traffic policy takes effect.

• The packets destined for the local switch are sent to the CPU. After functions related to some protocols such as BGP, OSPF, and LACP are enabled, packets of these protocols are also sent to the CPU. If packets sent to the CPU match both CPCAR and the ACL rule defined in the simplified traffic policy, but the actions to be taken conflict with each other, the ACL-based simplified traffic policy takes effect.