No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
PBR Configuration Commands

PBR Configuration Commands

NOTE:

The CE6810LI does not support IPv4 or IPv6 Layer 3 forwarding. After the IPv4 or IPv6 function is enabled on an interface of the CE6810LI, the configured IPv4 or IPv6 address can only be used to manage the switch.

ip routing ignore-mac

Function

The ip routing ignore-mac command configures the device to ignore the destination MAC address of packets. This configuration allows the device to forward the packets whose destination MAC address is not the local Layer 3 interface's MAC address according to routes.

The undo ip routing ignore-mac command restores the default configuration.

By default, the device is not configured to ignore the destination MAC address of packets.

NOTE:

The CE6870EI does not support this command.

Format

ip routing ignore-mac

undo ip routing ignore-mac

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

During network maintenance, traffic is often mirrored and then redirected to a specific device for analysis. In most cases, a device forwards only packets whose destination MAC address is the local Layer 3 interface's MAC address according to routes, and forwards other packets at Layer 2 or discards other packets. If necessary, the device can also forward other packets at Layer 3 after it is configured to ignore the destination MAC address of packets.

Precautions

  • After the ip routing ignore-mac command is executed to ignore packet destination MAC addresses, the switch still performs Layer 3 forwarding even if the destination MAC address of a received packet is not the MAC address of the local Layer 3 interface, but the switch does not perform URPF check.
  • This function is often used in traffic mirroring scenarios and is not recommended in other scenarios.

Example

# Configure the device to ignore the destination MAC address of packets.

<HUAWEI> system-view
[~HUAWEI] ip routing ignore-mac

redirect load-balance

Function

The redirect load-balance command configures an action of redirecting packets to multiple next hop IP addresses in a traffic behavior.

The undo redirect command deletes the redirection configuration.

By default, an action of redirecting packets to multiple next hop IP addresses is not configured in a traffic behavior.

Format

redirect load-balance [ vpn-instance vpn-instance-name ] nexthop { ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

redirect ipv6 load-balance [ vpn-instance vpn-instance-name ] nexthop { ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ]

undo redirect

undo redirect load-balance [ vpn-instance vpn-instance-name ] nexthop { ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

undo redirect ipv6 load-balance [ vpn-instance vpn-instance-name ] nexthop { ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ]

Parameters

Parameter

Description

Value

vpn-instance vpn-instance-name

Specifies the name of a VPN instance.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.The VPN must already exist.

ipv6

Specifies the IPv6 addresses of multiple next hops to which a route is redirected.

-

nexthop

Redirects packets to next hops.

-

ip-address

Specifies a next hop IP address.

The value is in dotted decimal notation, in X.X.X.X format.

ipv6-address

Specifies a next hop IPv6 address. This address cannot be the link-local type.

The value is a 32-digit hexadecimal number, in X:X:X:X:X:X:X:X format.

track nqa

Specifies an NQA test instance.

-

admin-name

Specifies the administrator name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

test-name

Specifies the name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

reaction

Cancels redirection.

-

probe-failtimes fail-times

Specifies the maximum number of link detection failures in an NQA test instance.

The value is an integer that ranges from 1 to 15. The default value is 1.

fail-action discard

Indicates that packets are forcibly discarded if all next hops are unreachable.

-

low-precedence

Specifies the low priority of the PBR.

-

source vpn-instance vpn-instance-name

Specifies the name of a source VPN instance.

The VPN must already exist.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The redirect load-balance command allows you to specify a maximum of 16 next hop IP addresses using the ip-address parameter for multiple times. If multiple next hop IP addresses are specified, the device redirects packets through equal-cost routes in load balancing mode.

If the outbound interface corresponding to a next hop IP address becomes Down or a route changes, the device switches traffic to the outbound interface corresponding to an available next hop. If the specified next hops are unavailable, the device forwards the packets to the original destination.

If an NQA test instance is configured to detect the link for the redirection next hop IP address and the number of NQA link detection failures is larger than or equal to the configured maximum value, the current next hop will be cancelled. If multiple next hops work in load balancing mode, this next hop will not participate in load balancing and the remaining reachable next hops perform load balancing.

PBR is implemented based on the redirect action configured in a traffic behavior and takes effect only on incoming packets of interfaces. By default, a device forwards packets to the next hop found in its routing table. If PBR is configured, the device forwards packets to the next hop specified by PBR. After you specify the low-precedence parameter, the device forwards packets matching PBR to the next hop/outbound interface of the specific route in its routing table. When the specific route becomes invalid, the device forwards packets to the next hop/outbound interface specified by PBR. When both the next hop of the specific route and next hop specified by PBR become invalid, and the routing table has default routes, the device continues forwarding packets according to the matching default route.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing redirection to a next hop IP address.

Precautions

  • A traffic policy containing the redirection action can be only used globally, on an interface, or in a VLAN in the inbound direction.

  • The redirect load-balance command allows a maximum of 16 next hop IP addresses. If the device has no ARP entry matching the specified next hop IP address, the redirect ip-multihop command can be used but redirection does not take effect. The device still forwards packets to the original destination until the device has the corresponding ARP entry.

  • The redirected IP address cannot be the IP address of the device.

  • This action only takes effect in Layer 3 forwarding on the CE6870EI.

  • The CE6880EI does not support IPv6–based PBR, and the CE5810EI, and CE6880EI do not support low-precedence parameter.

Example

# Configure two next hop IP addresses in the traffic behavior b1: 10.1.42.1 and 10.1.1.2.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] redirect load-balance nexthop 10.1.42.1 10.1.1.2
Related Topics

redirect nexthop

Function

The redirect nexthop command configures an action of redirecting packets to a next hop IP address in a traffic behavior.

The undo redirect command deletes the redirection configuration.

By default, an action of redirecting packets to a next hop IP address is not configured in a traffic behavior.

Format

redirect [ vpn-instance vpn-instance-name ] nexthop { ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

redirect ipv6 [ vpn-instance vpn-instance-name ] nexthop { ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ]

undo redirect [ vpn-instance vpn-instance-name ] nexthop { ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

undo redirect ipv6 [ vpn-instance vpn-instance-name ] nexthop { ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] } &<1-16> [ fail-action discard ]

undo redirect

Parameters

Parameter

Description

Value

vpn-instance vpn-instance-name

Specifies the name of a VPN instance.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

The VPN must already exist.

ip-address

Specifies a next hop IP address.

The value is in dotted decimal notation and in X.X.X.X format.

ipv6-addresss

Specifies a next hop IPv6 address. The address type cannot be link-local.

The value is a 32-digit hexadecimal number, in X:X:X:X:X:X:X:X format.

track nqa

Specifies an NQA test instance.

-

admin-name

Specifies the administrator name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

test-name

Specifies the name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

reaction

Cancels redirection.

-

probe-failtimes fail-times

Specifies the maximum number of link detection failures in an NQA test instance.

The value is an integer that ranges from 1 to 15. The default value is 1.

fail-action discard

If all next hops are unreachable, packets are forcibly discarded.

-

low-precedence

Specify the low priority of the PBR.

-

source vpn-instance vpn-instance-name

Specifies the name of a source VPN instance.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.The VPN must already exist.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The redirect nexthop command allows you to specify a maximum of 16 next hop IP addresses using the ip-address parameter for multiple times. If multiple next hop IP addresses are configured, the device redirects packets in active/standby mode. The device determines the primary path and backup paths according to the sequence in which next hop IP addresses were configured. The next hop IP address that was configured first has the highest priority and this next hop is used as the primary path. Other next hops are used as backup paths. When the primary link becomes Down, a next hop with higher priority is used as the primary link.

If an NQA test instance is configured to detect the link for the redirection next hop IP address and the number of NQA link detection failures is larger than or equal to the configured maximum value, the current next hop will be cancelled. If multiple next hops work in active/standby mode, traffic will be automatically switched to the reachable next hop.

PBR is implemented based on the redirect action configured in a traffic behavior and takes effect only on incoming packets of interfaces. By default, a device forwards packets to the next hop found in its routing table. If PBR is configured, the device forwards packets to the next hop specified by PBR. After you specify the low-precedence parameter, the device forwards packets matching PBR to the next hop/outbound interface of the specific route in its routing table. When the specific route becomes invalid, the device forwards packets to the next hop/outbound interface specified by PBR. When both the next hop of the specific route and next hop specified by PBR become invalid, and the routing table has default routes, the device continues forwarding packets according to the matching default route.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing redirection to a next hop IP address.

Precautions

  • A traffic policy containing the redirection action can be only used globally, on an interface, or in a VLAN in the inbound direction.

  • If no ARP entry matches the next hop address on the device, the device triggers ARP learning. If the ARP entry cannot be learned, redirection does not take effect and packets are forwarded along the original forwarding path.

  • The redirected IP address cannot be the IP address of the device.

  • This action only takes effect in Layer 3 forwarding on the CE6870EI.

  • The CE6880EI does not support IPv6–based PBR, and the CE5810EI, and CE6880EI do not support low-precedence parameter.

Example

# Redirect packets to next hop 10.0.0.1 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] redirect nexthop 10.0.0.1
Related Topics

redirect remote

Function

The redirect remote command creates the action to redirect packets to the remote next hop in a traffic behavior.

The undo redirect remote command cancels the redirection configuration.

By default, no action is created to redirect packets to the remote next hop.

Format

redirect remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

undo redirect remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] [ low-precedence [ source vpn-instance vpn-instance-name ] ]

undo redirect

Parameters

Parameter

Description

Value

vpn-instance vpn-instance-name

Specifies a VPN instance name.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

The VPN must already exist.

ip-address

Specifies the IP address of the remote next hop.

The value is in dotted decimal notation, in the format X.X.X.X.

track nqa

Specifies an NQA test instance.

-

admin-name

Specifies the administrator name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

test-name

Specifies the name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

reaction

Cancels redirection.

-

probe-failtimes fail-times

Specifies the maximum number of link detection failures in an NQA test instance.

The value is an integer that ranges from 1 to 15. The default value is 1.

exact

Redirects packets to the remote next hop accurately.

-

low-precedence

Specifies the low priority of the PBR.

-

source vpn-instance vpn-instance-name

Specifies the name of a source VPN instance.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.The VPN must already exist.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To redirect packets to the IP address of the indirectly-connected next hop, run the redirect remote command. When ip-address specifies the IP address of the indirectly-connected next hop for redirection, the device examines the IP routing table. If the IP routing table contains a route to the IP address, the device forwards the packets according to the route.

When ip-address matches multiple routes in the IP routing table, the device selects the optimal route according to the longest match rule.

If an NQA test instance is specified to detect the link for the redirection next hop IP address and the number of NQA link detection failures is larger than or equal to the configured maximum value, the current next hop will be cancelled.

When exact is specified, the device redirects packets only when the IP routing table contains the 32-bit host route matching ip-address. For example, when redirect remote 10.1.1.1 exact is configured, the IP routing table of the device must contain a route to 10.1.1.1/32; otherwise, the device cannot redirect packets.

PBR is implemented based on the redirect action configured in a traffic behavior and takes effect only on incoming packets of interfaces. By default, a device forwards packets to the next hop found in its routing table. If PBR is configured, the device forwards packets to the next hop specified by PBR. After you specify the low-precedence parameter, the device forwards packets matching PBR to the next hop/outbound interface of the specific route in its routing table. When the specific route becomes invalid, the device forwards packets to the next hop/outbound interface specified by PBR. When both the next hop of the specific route and next hop specified by PBR become invalid, and the routing table has default routes, the device continues forwarding packets according to the matching default route.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing redirection to a next hop IP address.

Precautions

  • A traffic policy containing the redirection action can be only used globally, on an interface, or in a VLAN in the inbound direction.

  • This action only takes effect in Layer 3 forwarding on the CE6870EI.

  • The CE5810EI, and CE6880EI do not support low-precedence parameter.

Example

# Configure the action to redirect packets to the remote next hop 10.0.0.1 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] redirect remote 10.0.0.1
Related Topics

traffic-redirect nexthop

Function

The traffic-redirect nexthop command redirects packets to a specified next-hop IP address.

The undo traffic-redirect nexthop command cancels redirecting packets to a specified next-hop IP address.

By default, no packets are redirected to a next-hop IP address.

Format

System view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] global [ slot slot-id ] inbound

traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] global [ slot slot-id ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] global [ slot slot-id ] inbound

undo traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] global [ slot slot-id ] inbound

Interface view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

undo traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

VLAN view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

undo traffic-redirect ipv6 acl { { basic-acl | acl-name } | { advanced-acl | acl-name } } [ vpn-instance vpn-instance-name ] nexthop ipv6-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

Qos Group view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * [ vpn-instance vpn-instance-name ] nexthop ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ fail-action discard ] inbound

NOTE:

The CE6880EI does not support this command.

Parameters

Parameter

Description

Value

ipv6

Redirects the packets matching a specified ACL6.

-

acl basic-acl

Redirects the packets matching a specified basic ACL.

The value is an integer that ranges from 2000 to 2999.

acl advanced-acl

Redirects the packets matching a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl l2-acl

Redirects the packets matching a specified Layer 2 ACL.

The value is an integer that ranges from 4000 to 4999.

acl acl-name

Redirects the packets matching a specified named ACL.

The acl-name must already exist.

vpn-instance vpn-instance-name

Specifies a VPN instance name.

The VPN must already exist.

ip-address

Specifies a next-hop IP address.

The value is in dotted decimal notation, in the format X.X.X.X.

ipv6-addresss

Specifies a next hop IPv6 address.

The value is a 32-digit hexadecimal number, in X:X:X:X:X:X:X:X format.

track nqa

Specifies an NQA test instance.

-

admin-name

Specifies the administrator name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

test-name

Specifies the name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

reaction

Cancels redirection.

-

probe-failtimes fail-times

Specifies the maximum number of link detection failures in an NQA test instance.

The value is an integer that ranges from 1 to 15. The default value is 1.

fail-action discard

Discards packets if the configured next-hop IP address is unreachable.

-

global

Applies a specified traffic policy globally.

-

slot slot-id

Specifies a slot ID.

The value is an integer or a string of characters. You can enter a question mark (?) and select a value from the displayed value range.

inbound

Configures redirection in inbound direction of an interface.

-

Views

System view, interface view, port group view, VLAN view, QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-redirect nexthop command is executed, the device redirects packets that match the specified ACL.

If an NQA test instance is configured to detect the link for the specified next-hop IP address, the current next hop will be cancelled when the number of NQA link detection failures is larger than or equal to the configured maximum value.

Prerequisites

An ACL has been created using the acl (system view) command.

Precautions

  • If ACL-based simplified traffic policies are configured in the system view, VLAN view, and interface view using the traffic-redirect nexthop command, the precedence of these policies is: interface view > VLAN view > system view.

  • If the device fails to learn the ARP entry that matches the configured next-hop IP address, the device triggers ARP learning. If the device still fails to learn the ARP entry, packets are forwarded along the previous forwarding path without being redirected.

  • The specified next-hop IP address cannot be the IP address of the device.

  • This action only takes effect in Layer 3 forwarding on the CE6870EI.

Example

# In the global inbound direction, redirect packets that match ACL 3001 to the next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] traffic-redirect acl 3001 nexthop 10.1.1.1 global inbound
# In inbound direction of 10GE1/0/1, redirect packets that match ACL 3001 to the next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] traffic-redirect acl 3001 nexthop 10.1.1.1 inbound
# In inbound direction of a VLAN, redirect packets that match ACL 3001 to the next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] traffic-redirect acl 3001 nexthop 10.1.1.1 inbound
# Add 10GE1/0/1 and 10GE1/0/2 to a QoS group and redirect incoming packets that match ACL 3001 in the QoS group to the next-hop address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] qos group huawei 
[*HUAWEI-qos-group-huawei] group-member interface 10ge 1/0/1 to 10ge 1/0/2
[*HUAWEI-qos-group-huawei] traffic-redirect acl 3001 nexthop 10.1.1.1 inbound
Related Topics

traffic-redirect remote

Function

The traffic-redirect remote command redirects packets to a specified remote next-hop IP address.

The undo traffic-redirect remote command cancels redirecting packets to a specified remote next-hop IP address.

By default, packets are not redirected to a remote next hop.

Format

System view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] global [ slot slot-id ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] global [ slot slot-id ] inbound

Interface view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

VLAN view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

Qos Group view:

traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

undo traffic-redirect acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * remote [ vpn-instance vpn-instance-name ] ip-address [ track nqa admin-name test-name [ reaction probe-failtimes fail-times ] ] [ exact ] inbound

NOTE:

The CE6880EI does not support this command.

Parameters

Parameter

Description

Value

acl basic-acl

Redirects the packets matching a specified basic ACL.

The value is an integer that ranges from 2000 to 2999.

acl advanced-acl

Redirects the packets matching a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl l2-acl

Redirects the packets matching a specified Layer 2 ACL.

The value is an integer that ranges from 4000 to 4999.

acl acl-name

Redirects the packets matching a specified named ACL.

The acl-name must already exist.

vpn-instance vpn-instance-name

Specifies a VPN instance name.

The VPN must already exist.

ip-address

Specifies a next-hop IP address.

The value is in dotted decimal notation, in the format X.X.X.X.

track nqa

Specifies an NQA test instance.

-

admin-name

Specifies the administrator name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

test-name

Specifies the name of an NQA test instance.

The value is a string of 1 to 32 case-sensitive characters.

reaction

Cancels redirection.

-

probe-failtimes fail-times

Specifies the maximum number of link detection failures in an NQA test instance.

The value is an integer that ranges from 1 to 15. The default value is 1.

exact

Redirects packets to a remote next-hop IP address accurately.

-

global

Applies a specified traffic policy globally.

-

slot slot-id

Specifies a slot ID.

The value is an integer or a string of characters. You can enter a question mark (?) and select a value from the displayed value range.

inbound

Configures redirection in inbound direction of an interface.

-

Views

System view, interface view, port group view, VLAN view, QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To redirect packets to the IP address of the indirectly-connected next hop, run the traffic-redirect remote command. When an IP address of the indirectly-connected next hop is configured for redirection, the device looks up the IP routing table. If the IP routing table contains a route to the IP address, the device forwards the packets according to the route.

When the IP address matches multiple routes in the IP routing table, the device selects the optimal route based on the longest match rule.

If an NQA test instance is configured to detect the link for the specified next-hop IP address, the current next hop will be cancelled when the number of NQA link detection failures is larger than or equal to the configured maximum value.

When exact is specified, the device redirects packets only when the IP routing table contains the 32-bit host route matching the configured IP address. For example, when traffic-redirect acl 3001 remote 192.168.1.1 exact inbound is configured, the IP routing table of the device must contain a route to 192.168.1.1/32; otherwise, the device cannot redirect packets.

Prerequisites

An ACL has been created using the acl (system view) command.

Precautions

  • If ACL-based simplified traffic policies are configured in the system view, VLAN view, and interface view using the traffic-redirect remote command, the precedence of these policies is: interface view > VLAN view > system view.

  • This action only takes effect in Layer 3 forwarding on the CE6870EI.

Example

# In the global inbound direction, redirect packets that match ACL 3001 to the remote next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] traffic-redirect acl 3001 remote 10.1.1.1 global inbound
# In inbound direction of 10GE1/0/1, redirect packets that match ACL 3001 to the remote next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] traffic-redirect acl 3001 remote 10.1.1.1 inbound
# In inbound direction of a VLAN, redirect packets that match ACL 3001 to the remote next-hop IP address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] traffic-redirect acl 3001 remote 10.1.1.1 inbound
# Add 10GE1/0/1 and 10GE1/0/2 to a QoS group and redirect incoming packets that match ACL 3001 in the QoS group to the next-hop address 10.1.1.1.
<HUAWEI> system-view
[~HUAWEI] qos group huawei 
[*HUAWEI-qos-group-huawei] group-member interface 10ge 1/0/1 to 10ge 1/0/2
[*HUAWEI-qos-group-huawei] traffic-redirect acl 3001 remote 10.1.1.1 inbound
Related Topics
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 52451

Downloads: 339

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next