No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Re-marking of Destination MAC Addresses

Configuring Re-marking of Destination MAC Addresses

Context

The re-marking function enables the switch to change the specified fields of packets according to traffic classification rules. After the re-marking action is configured, the switch still processes outgoing packets based on the original priority but the downstream device processes the packets based on the re-marked priority. You can also configure an action to re-mark the destination MAC address of packets in a traffic behavior so that the downstream device can identify packets and provide differentiated services.

NOTE:

X series cards do not support this configuration.

Procedure

  1. Configure a traffic classifier.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ]

      A traffic classifier is created and the traffic classifier view is displayed, or the existing traffic classifier view is displayed.

      and is the logical operator between the rules in the traffic classifier, which means that:
      • If the traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.

      • If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only when they match all the rules in the classifier.

      The logical operator or means that packets match the traffic classifier as long as they match one of rules in the classifier.

      By default, the relationship between rules in a traffic classifier is OR.

    3. Configure matching rules according to the following table.
      NOTE:

      The if-match ip-precedence and if-match tcp commands are only valid for IPv4 packets.

      X series cards do not support traffic classifiers with advanced ACLs containing the ttl-expired field or user-defined ACLs.

      When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, X series cards do not support add-tag vlan-id vlan-id, remark 8021p [ 8021p-value | inner-8021p ], remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning disable.

      Matching Rule

      Command

      Remarks

      Inner and outer VLAN IDs in QinQ packets

      if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ]

      -

      802.1p priority in VLAN packets

      if-match 8021p 8021p-value &<1-8>

      If you enter multiple 802.1p priority values in one command, a packet matches the traffic classifier as long as it matches any one of the 802.1p priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      Inner 802.1p priority in QinQ packets

      if-match cvlan-8021p 8021p-value &<1-8>

      -

      Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

      if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

      -

      Drop packet

      if-match discard

      A traffic classifier containing this matching rule can only be bound to traffic behaviors containing traffic statistics collection and flow mirroring actions.

      Double tags in QinQ packets

      if-match double-tag

      -

      EXP priority in MPLS packets

      if-match mpls-exp exp-value &<1-8>

      If you enter multiple MPLS EXP priority values in one command, a packet matches the traffic classifier as long as it matches any one of the MPLS EXP priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      SA cards of the S series and X series cards do not support matching of EXP priorities in MPLS packets.

      Destination MAC address

      if-match destination-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

      -

      Source MAC address

      if-match source-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

      -

      Protocol type field in the Ethernet frame header

      if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

      -

      All packets

      if-match any

      -

      DSCP priority in IP packets

      if-match [ ipv6 ] dscp dscp-value &<1-8>

      • If you enter multiple DSCP values in one command, a packet matches the traffic classifier as long as it matches any one of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      • If the relationship between rules in a traffic classifier is AND, the if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

      IP precedence in IP packets

      if-match ip-precedence ip-precedence-value &<1-8>
      • The if-match [ ipv6 ] dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

      • If you enter multiple IP precedence values in one command, a packet matches the traffic classifier as long as it matches any one of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      Layer 3 protocol type

      if-match protocol { ip | ipv6 }

      -

      First Next Header field in the IPv6 packet header

      if-match ipv6 next-header header-number first-next-header

      The ET1D2X12SSA0 card does not support the routes whose prefix length ranges from 64 to 128.

      SYN Flag in the TCP packet

      if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

      -

      Inbound interface

      if-match inbound-interface interface-type interface-number

      A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.

      Outbound interface

      if-match outbound-interface interface-type interface-number

      A traffic policy containing this matching rule cannot be applied to the inbound direction on X series cards.

      The traffic policy containing this matching rule cannot be applied in the interface view.

      ACL rule

      if-match acl { acl-number | acl-name }
      • When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.
      • If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      ACL6 rule

      if-match ipv6 acl { acl-number | acl-name }

      Before specifying an ACL6 in a matching rule, configure the ACL6.

      Flow ID

      if-match flow-id flow-id

      The traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id must be bound to different traffic policies.

      The traffic policy containing if-match flow-id can be only applied to an interface, a VLAN, a card, or the system in the inbound direction.

      X series cards and SA cards of the S series do not support matching of flow IDs.

    4. Run:

      quit

      Exit from the traffic classifier view.

  2. Configure a traffic behavior.
    1. Run:

      traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed.

    2. Run the command to configure the

      Run:

      remark destination-mac mac-address

      An action is configured to re-mark destination MAC addresses of packets. The destination MAC address to be re-marked must be a unicast MAC address.

    3. Run:

      quit

      Exit from the traffic behavior view.

    4. Run:

      quit

      Exit from the system view.

  3. Configure a traffic policy.
    1. Run:

      traffic policy policy-name [ match-order { auto | config } ]

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed. If you do not specify a matching order for traffic classifiers in the traffic policy, the default matching order config is used.

      After a traffic policy is applied, you cannot use the traffic policy command to change the matching order of traffic classifiers in the traffic policy. To change the matching order, delete the traffic policy and create a traffic policy with the required matching order.

      When creating a traffic policy, you can specify the matching order of traffic classifiers in the traffic policy. The traffic classifiers can be matched in automatic order (auto) or configuration order (config):
      • If the matching order is auto, traffic classifiers are matched in descending order of priorities pre-defined in the system: traffic classifiers based on Layer 2 and Layer 3 information, traffic classifiers based on Layer 2 information, and finally traffic classifiers based on Layer 3 information. If a data flow matches multiple traffic classifiers that are associated with conflicting traffic behavior, the traffic behavior associated with the traffic classifier of the highest priority takes effect.
      • If the matching order is config, traffic classifiers are matched in descending order of priorities either manually or dynamically allocated to them. This is determined by the precedence value; a traffic classifier with a smaller precedence value has a higher priority and is matched earlier. If you do not specify precedence-value when creating a traffic classifier, the system allocates a precedence value to the traffic classifier. The allocated value is [(max-precedence + 5)/5] x 5, where max-precedence is the greatest value among existing traffic classifiers.
      NOTE:

      If more than 128 rate limiting ACL rules are configured in the system, traffic policies must be applied to the interface view, VLAN view, and system view in sequence. To update an ACL rule, delete all the associated traffic policies from the interface, VLAN, and system. Then, reconfigure the traffic policies and reapply them to the interface, VLAN, and system.

    2. Run:

      classifier classifier-name behavior behavior-name

      A traffic behavior is bound to a traffic classifier in the traffic policy.

    3. Run:

      quit

      Exit from the traffic policy view.

    4. Run:

      quit

      Exit from the system view.

  4. Apply the traffic policy.
    • Applying a traffic policy to an interface
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        interface interface-type interface-number

        The interface view is displayed.

      3. Run:

        traffic-policy policy-name { inbound }

        A traffic policy is applied to the interface.

    • Applying a traffic policy to a VLAN
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        vlan vlan-id

        The VLAN view is displayed.

      3. Run:

        traffic-policy policy-name { inbound }

        A traffic policy is applied to the VLAN.

        However, the traffic policy does not take effect for packets in VLAN 0.

    • Applying a traffic policy to the system or an LPU
      1. Run:

        system-view

        The system view is displayed.

      2. Run:

        traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]

        A traffic policy is applied to the system or an LPU.

        Only one traffic policy can be applied to the system or LPU in one direction. A traffic policy cannot be applied to the same direction in the system and on the LPU simultaneously.

Checking the Configuration

  • Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration on the device.
  • Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration on the device.
  • Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
  • Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound } [ verbose ] command to check traffic actions and ACL rules associated with the system, a VLAN, or an interface.
  • Run the display traffic policy { interface [ interface-type interface-number ] | vlan [ vlan-id ] | global } [ inbound ] command to check the traffic policy configuration on the device.
  • Run the display traffic-policy applied-record [ policy-name ] command to check the record of the specified traffic policy.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142081

Views: 255686

Downloads: 408

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next