No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MQC Configuration Commands

MQC Configuration Commands

classifier behavior

Function

The classifier behavior command binds a traffic behavior to a traffic classifier in a traffic policy.

The undo classifier behavior command unbinds a traffic behavior from a traffic classifier in a traffic policy.

By default, no traffic classifier or traffic behavior is bound to a traffic policy.

Format

classifier classifier-name behavior behavior-name [ precedence precedence-value ]

undo classifier classifier-name [ behavior behavior-name [ precedence precedence-value ] ]

Parameters

Parameter

Description

Value

classifier-name

Specifies the name of a traffic classifier.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

behavior-name

Specifies the name of a traffic behavior.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

precedence precedence-value

Specifies the priority of a traffic classifier.

The value is an integer that ranges from 0 to 65535. A smaller value represents a higher priority.

If precedence-value is not specified, the system allocates a priority to the traffic classifier. The allocated priority value is as follows:

Allocated priority value = [(max-precedence + 5)/5] x 5

where

max-precedence specifies the largest priority value of a traffic classifier.

Views

Traffic policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To take an action for packets of a certain type, use a traffic classifier to group the packets into one class and use a traffic behavior to define an action. Then associate the traffic classifier with the traffic behavior and bind them to a traffic policy.

Prerequisites

Precautions

  • When a traffic policy that is bound to a traffic classifier and a traffic behavior is applied to the system, an interface, or a VLAN, you can directly change the binding between the traffic classifier and the traffic behavior.

  • Traffic policies can use the same traffic behavior.

  • In a traffic policy, one traffic classifier can be bound to only one traffic behavior; each traffic policy supports a maximum of 512 pairs of traffic classifiers and traffic behaviors.

Example

# Bind the traffic classifier c1 to the traffic behavior b1 in the traffic policy p1, and apply the traffic policy to 10GE1/0/1 in the inbound direction.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match any
[*HUAWEI-classifier-c1] quit
[*HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark 8021p 2
[*HUAWEI-behavior-b1] quit
[*HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy p1 inbound
[*HUAWEI-10GE1/0/1] quit

# Bind the traffic classifier c1 to the new traffic behavior newb1 in the traffic policy p1 that has been applied to 10GE1/0/1 in the inbound direction.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior newb1
[*HUAWEI-trafficpolicy-p1] quit

display qos port-group

Function

The display qos port-group command displays the QoS interface group configuration.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

display qos port-group [ group-id ]

Parameters

Parameter

Description

Value

group-id

Specifies the ID of a QoS interface group.

The value is an integer that ranges from 1 to 128.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display qos port-group command to check whether the QoS interface group configuration is correct. If group-id is not specified, the configurations of all QoS interface groups are displayed.

Example

# Display the configurations of all QoS interface groups.

<HUAWEI> system-view
[~HUAWEI] display qos port-group
  GroupId    MemberPorts                                                        
  ----------------------------------------------------------------------------- 
        1    10GE4/0/1.1           Vbdif1                                       
  ----------------------------------------------------------------------------- 
Table 17-1  Description of the display qos port-group command output

Item

Description

GroupId

ID of the QoS interface group.

MemberPorts

Member interface of the QoS interface group.

Related Topics

display system tcam fail-record

Function

The display system tcam fail-record command displays TCAM delivery failures.

Format

display system tcam fail-record [ slot slot-id ]

Parameters

Parameter

Description

Value

slot slot-id

Specifies a slot ID.

If this parameter is not specified, information about all TCAM delivery failures is displayed.

The value is an integer. The value must be the slot ID of a running interface card.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When services fail to be delivered, the TCAM resource management module records delivery failures, including modules that deliver services, delivery time, and cause. You can run this command to view the causes of TCAM delivery failures.

Example

# Display the causes of TCAM delivery failures in slot 1.

<HUAWEI> system-view
[~HUAWEI] display system tcam fail-record slot 1
-----------------------------------------------------------------------------------                                                 
Slot  Chip Time                Service                  ErrInfo                                                                     
-----------------------------------------------------------------------------------                                                 
1     1    2016-03-24 06:40:11 Traffic Policy VLAN      Group resource full                                                         
-----------------------------------------------------------------------------------                                                 
Total: 1                                                                  
Table 17-2  Description of the display system tcam fail-record command output

Item

Description

Slot

ID of the slot that delivers TCAM.

Chip

ID of the chip that delivers TCAM.

Time

TCAM delivery time.

Service

TCAM delivery services.

ErrInfo

Cause of a TCAM delivery failure.

Total

Total number of TCAM delivery times.

display system tcam match-rules

Function

The display system tcam match-rules command displays matched entries.

Format

Models excluding the CE6870EI and CE6880EI:

display system tcam match-rules slot slot-id [ [ ingress | egress | group group-id ] | [ delay-time time-value ] ] *

For CE6870EI switches:

display system tcam match-rules slot slot-id [ [ ingress | egress | group group-id ] | [ chip chip-id ] ] *

For CE6880EI switches:

display system tcam match-rules slot slot-id chip chip-id index index-id

Parameters

Parameter

Description

Value

slot slot-id

Specifies the stack ID of the device.

The value is an integer. You can enter a question mark (?) and select a value from the displayed value range.

ingress

Specifies the inbound direction.

-

egress

Specifies the outbound direction.

-

group group-id

Specifies a group ID.

The value is an integer that ranges from 1 to 4294967295.

delay-time time-value

Specifies a delay.

The value is an integer that ranges from 1 to 10, in milliseconds. The default value is 1.

chip chip-id

Specifies the chip ID.

The value is an integer. It must be the slot ID of a running chip.

index index-id

Specifies the index of the rule EntryID.

  • 0: queries matching information about the EntryIDs from 0 to 4096.
  • 1: queries matching information about the EntryIDs from 4097 to 8192.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view matched entries. If ingress, egress, group group-id, delay-time time-value, and chip chip-id are not specified, all matched entries in a device are displayed.

Example

# Display matched entries on the device.

<HUAWEI> system-view
[~HUAWEI] display system tcam match-rules slot 1
-----------------------------------------------------------------               
ServiceName                  Chip   Stage      GroupID   EntryID                
-----------------------------------------------------------------               
Blacklist                       0   Ingress          2        50                
-----------------------------------------------------------------               
Total: 1                                                                        
Table 17-3  Description of the display system tcam match-rules command output

Item

Description

ServiceName

Name of matched entries.

Chip

Chip ID.

Stage

Direction (ingress or egress).

GroupID

Group ID.

EntryID

Matched entry ID.

Total

Total number of matched entries.

display system tcam service

Function

The display system tcam service command displays IDs of entries that deliver services on the specified chip or in the specified slot.

Format

display system tcam service { cpcar slot slot-id | service-name slot slot-id [ chip chip-id ] }

Parameters

Parameter

Description

Value

cpcar

Specifies the CPCAR service.

-

service-name

Specifies a service type.

This parameter has enumerated values. Select one from the displayed values.

slot slot-id

Specifies the stack ID of the device.

The value is an integer. You can enter a question mark (?) and select a value from the displayed value range.

chip chip-id

Specifies a chip ID.

The value is an integer, and must be the ID of a running chip.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view detailed information about a specified service, including service priority, matched packet statistics, and delivered TCAM entries on chips.

Example

# Display entry IDs of the CPACR service in slot 1. (CE6870EI)

<HUAWEI> display system tcam service cpcar slot 1 
Total: 23                                                                       
--------------------------------------------                                    
PacketType                            Entry                                     
--------------------------------------------                                    
ARP BC                                12540                                     
ARP UC                                12542                                     
CPCARL2 Reserved                      12520                                     
CPCARL3 Reserved                      12519                                     
FIB L3know                            12521                                     
FTP L4Dstport20                       12529                                     
FTP L4Dstport21                       12531                                     
FTP L4Srcport21                       12530                                     
HWTACACS                              12522                                     
ICMP Host                             12536                                     
ICMP Option                           12538                                     
Invalid ARP                           12541                                     
NTP BC                                12534                                     
NTP MC                                12535                                     
Radius L4port1645                     12526                                     
Radius L4port1646                     12525                                     
Radius L4port1812                     12524                                     
Radius L4port1813                     12523                                     
SNMP L4port 1                         12528                                     
SNMP L4port 2                         12527                                     
SSH                                   12532                                     
TELNET                                12533                                     
TTL Expired                           12537                                     
--------------------------------------------                                    

# Display entry IDs of the CPACR service in slot 1. (CE6880EI)

<HUAWEI> display system tcam service cpcar slot 1 
Total: 41                                                                       
--------------------------------------------------------                        
PacketType                         CPEntry    PAEntry                           
--------------------------------------------------------                        
ANN Change                              36          -                           
ANN Timeout                             35          -                           
ARP BC                                  13          3                           
ARP UC                                  12          1                           
FIB L3know                              38          -                           
FIB L3know LPM                          39          -                           
FIB MISS SYN                            40          -                           
FTP L4Dstport20                         20          -                           
FTP L4Dstport21                         18          -                           
FTP L4Srcport21                         19          -                           
HWTACACS                                27          -                           
ICMP Host                               41          -                           
ICMP Host TTL1                          42          -                           
ICMP Option                             43          -                           
IP Path Detect                          80         79                           
L2MISS To CPU                           46          -                           
LLDP                                    76         75                           
MAC Synchronization                     45          -                           
NTP BC                                  15          7                           
NTP MC                                  14          5                           
NTP Srcport BC                          29         11                           
NTP Srcport MC                          28          9                           
Radius L4port1645                       23          -                           
Radius L4port1646                       24          -                           
Radius L4port1812                       25          -                           
Radius L4port1813                       26          -                           
SNMP L4port 1                           21          -                           
SNMP L4port 2                           22          -                           
SNMPv6 L4port 1                         48          -                           
SSH                                     17          -                           
SSHv6                                   47          -                           
SSM                                     37          -                           
STP                                     74         73                           
Stack                                   30          -                           
Stack_Protocol                          31          -                           
TIPC                                    34          -                           
TIPC_255                                33          -                           
TIPC_Message                            32          -                           
TTL Expired                             44          -                           
Telnet                                  16          -                           
VXLAN Path Detect                       78         77                           
--------------------------------------------------------                        

# Display entry IDs of the CPACR service in slot 1. (CE switches excluding CE6870EI and CE6880EI)

<HUAWEI> display system tcam service cpcar slot 1 
Total: 47                                                                       
-----------------------------------------------------------------               
PacketType                                 HitPackets      Entry                
-----------------------------------------------------------------               
ARP BC                                              5          6                
ARP UC                                            218          5                
BGP                                                 7         60                
BGP Srcport                                         1         61                
BGP Srcport TTL1                                    0         59                
BGP TTL1                                            0         58                
DHCP Client BC                                      0         49                
DHCP Client L3relay                                 0         51                
DHCP Server BC                                      0         48                
DHCP Server L3relay                                 0         50                
EOAM 1AG GLB                                        0       1295                
FIB L3know                                          0         30                
FIB L3know LPM                                      0         32                
FTP L4Dstport20                                     0         22                
FTP L4Dstport21                                     0         20                
FTP L4Srcport21                                     0         21                
HWTACACS                                            0         29                
ICMP Host                                           0         13                
ICMP L3know                                         0         11                
ICMP MPING                                          0         12                
ICMP Option                                         0         10                
ICMP TTL1                                           0          9                
Invalid ARP                                         0         33                
LLDP                                            11906         55                
NTP BC                                              0         15                
NTP MC                                              0         14                
NTP Srcport BC                                      0         17                
NTP Srcport MC                                      0         16                
OSPF                                             8733        894                
OSPF TTL1                                           4        896                
OSPF UC                                             0        895                
Radius L4port1645                                   0         25                
Radius L4port1646                                   0         26                
Radius L4port1812                                   0         27                
Radius L4port1813                                   0         28                
SNMP L4port 1                                       0         23                
SNMP L4port 2                                       0         24                
SSH                                                 0         19                
Stack                                               0          7                
TIPC                                                0          8                
TIPC_253                                            0         36                
TIPC_254                                            0         35                
TIPC_255                                            0         34                
TIPC_Message                                        0         37                
TTL Expired                                         0         31                
Telnet                                              0         18                
VXLAN ARP UC                                        0         57                
-----------------------------------------------------------------               
Table 17-4  Description of the display system tcam service command output

Item

Description

PacketType

Service packet type. For example, ARP BC indicates broadcast ARP packets.

HitPackets

Service packet statistics.

Entry

CPEntry

PAEntry

ID of the entry that delivers services.

display system tcam service brief

Function

The display system tcam service brief command displays the group index and rule count occupied by different services.

Format

display system tcam service brief [ slot slot-id ]

Parameters

Parameter

Parameters

Value

slot slot-id

Specifies the stack ID of the device.

The value is an integer. You can enter a question mark (?) and select a value from the displayed value range.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can use this command to view the group index and rule count occupied by different services on a chip on the device.

Example

# Display the group index and rule count occupied by different services on chip 0 on the device. (CE switches excluding CE6870EI and CE6880EI)

<HUAWEI> display system tcam service brief slot 1
Slot: 1                                                                         
------------------------------------------------------------------------------  
 Chip  GroupID    Width      Stage          ServiceName                 Count   
------------------------------------------------------------------------------  
    0        8    Double     Ingress        App-Session                     8   
             8    Double     Ingress        CPCAR Ipv4                     46   
             8    Double     Ingress        ICMP Deny                       1   
             8    Double     Ingress        L2 Protocol Tunnel              1   
             9    Triple     Ingress        CPCAR Ipv6                      1   
            22    Triple     Ingress        Traffic Policy Global           1   
            92    Double     Ingress        QoS CAR                         5   
------------------------------------------------------------------------------  

# Display the group index and rule count occupied by different services on chip 0 on the device. (CE6870EI and CE6880EI)

<HUAWEI> display system tcam service brief slot 1
Slot: 1                                                                         
------------------------------------------------------------------------------  
 Chip  GroupID    Width      Stage          ServiceName                 Count   
       (FEI/FE)                                                                 
------------------------------------------------------------------------------  
    0     2/2     320Bit     Ingress        BPDU Deny                      21   
          2/2     320Bit     Ingress        CPCAR L2                        4   
          2/2     320Bit     Ingress        L2 Protocol Tunnel              1   
          3/3     320Bit     Ingress        App-Session                     2   
          3/3     320Bit     Ingress        CPCAR L3                       19   
------------------------------------------------------------------------------  
Table 17-5  Description of the display system tcam service brief command output

Item

Description

Slot

Device ID.

Chip

Chip number.

GroupID

(FEI/FE)

ID of the group resource used by a service.

  • FEI: ID of the group resource used by a service in the software forwarding table.
  • FE: ID of the group resource used by a service in the hardware forwarding table.

Width

Width of the group resource used by a service.

ServiceName

Names of all services on the chip.

Count

Number of rules for different services.

Stage

Stage of rules.

display traffic behavior

Function

The display traffic behavior command displays the traffic behavior configuration on the device.

Format

display traffic behavior [ behavior-name ]

Parameters

Parameter

Description

Value

behavior-name

Displays the configuration of a specified traffic behavior. If the name of a traffic behavior is not specified, the configuration of all traffic behaviors is displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic behavior command displays the configuration of a specified traffic behavior or all traffic behaviors. The command output helps you check the traffic behavior configuration and locate faults.

Example

# Display configurations of all traffic behaviors on the device. (non-CE6870EI)

<HUAWEI> display traffic behavior
  Traffic Behavior Information:                                                                                                     
    Behavior: b1                                                                                                                    
      Committed Access Rate:                                                                                                        
        CIR 200000 (Kbps), PIR 250000 (Kbps), CBS 25000000 (Bytes), PBS 31250000 (Bytes)                                              
        Color Mode: color blind                                                                                                     
        Conform Action: pass                                                                                                        
        Yellow  Action: pass                                                                                                        
        Exceed  Action: discard                                                                                                     
      Statistics: enable                                                                                                             
      Remark:                                                                                                                       
        Remark dscp af11                                                                                                            
      Redirect:                                                                                                                     
        Redirect cpu                                                                                                                
      Urpf switch: off                                                                                                              
                                                                                                                                    
Total behavior number is 1   

# Display configurations of all traffic behaviors on the device. (CE6870EI)

<HUAWEI> display traffic behavior
  Traffic Behavior Information:                                                                                                     
    Behavior: b1                                                                                                                    
      Committed Access Rate:                                                                                                        
        CIR 200000 (Kbps), PIR 250000 (Kbps), CBS 25000000 (Bytes), PBS 31250000 (Bytes)                                              
        Color Mode: color blind                                                                                                     
      Share car:                                                                                                                    
        Car car1 share                                                                                                              
      Statistics: enable                                                                                                             
      Remark:                                                                                                                       
        Remark dscp af11                                                                                                            
      Redirect:                                                                                                                     
        Redirect cpu                                                                                                                
                                                                                                                                    
Total behavior number is 1 
Table 17-6  Description of the display traffic behavior user-defined command output

Item

Description

Behavior

Traffic behavior name. To create a traffic behavior, run the traffic behavior command.

Committed Access Rate

CAR. To configure an action taken for packets whose rate exceeds the CAR, run the car (traffic behavior view) command.

CIR

Committed information rate (CIR). To set the CIR, run the car (traffic behavior view) command.

PIR

Peak information rate (PIR). To set the PIR, run the car (traffic behavior view) command.

CBS

Committed burst size (CBS). To set the CBS, run the car (traffic behavior view) command.

PBS

Peak burst size (PBS). To set the PBS, run the car (traffic behavior view) command.

Color Mode

Color mode, which can be color-aware or color-blind. To set the color mode, run the car (traffic behavior view) command.

Conform Action

Action taken for packets whose rate is within the CIR. To configure an action taken for packets whose rate is within the CIR, run the car (traffic behavior view) command.

Yellow Action

Action taken for yellow packets. To configure an action taken for yellow packets, run the car (traffic behavior view) command.

Exceed Action

Action taken for packets whose rate exceeds the CIR. To configure an action taken for packets whose rate exceeds the CIR, run the car (traffic behavior view) command.

Share car

Aggregated CAR. To configure aggregated CAR, run the car share command.

Statistics

Whether the traffic statistics function is enabled. To enable the traffic statistics function, run the statistics enable (traffic behavior view) command.

Remark

Re-marking action. To configure re-marking, run the remark command.

Redirect

Redirection action. To configure redirection, run the redirect command.

urpf switch

Whether Unicast Reverse Path Forwarding (URPF) is enabled. To disable URPF, run the ip urpf disable command.

Total behavior number is 1

Total number of created traffic behaviors.

display traffic classifier

Function

The display traffic classifier command displays the traffic classifier configuration on the device.

Format

display traffic classifier [ classifier-name ]

Parameters

Parameter

Description

Value

classifier-name

Displays the configuration of a specified traffic classifier. If the name of a traffic classifier is not specified, the configuration of all traffic classifiers is displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic classifier command displays the configuration of a specified traffic classifier or all traffic classifiers. The command output helps you check the traffic classifier configuration and locate faults.

Example

# Display the configuration of all traffic classifiers on the device.

<HUAWEI> display traffic classifier
  Traffic Classifier Information:  
    Classifier: c1
      Type: AND
      Rule(s):
        if-match vlan 120
                                        
    Classifier: c2
      Type: AND
      Rule(s): 
        if-match vlan 110
             
    Classifier: c3
      Type: AND
      Rule(s):
        if-match vlan 100
             
Total classifier number is 3 
Table 17-7  Description of the display traffic classifier command output

Item

Description

Classifier

Traffic classifier name. To create a traffic classifier, run the traffic classifier command.

Type

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Rule(s)

Rule in a traffic classifier.

Total classifier number is 3 Total number of created traffic classifiers.
Related Topics

display traffic policy

Function

The display traffic policy command displays the traffic policy configuration on the device.

Format

display traffic policy [ policy-name [ classifier classifier-name ] ]

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy. If this parameter is not specified, the configuration of all traffic policies is displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

classifier classifier-name

Specifies the name of a traffic classifier. If the name of a traffic policy is specified but this parameter is not specified, only the traffic policy configuration is displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic policy command displays the configuration of a specified traffic policy or all traffic policies. The command output helps you check the traffic policy configuration and locate faults.

Example

# Display the configuration of the traffic behavior bound to the traffic classifier c1 in the traffic policy p1. (CE switches excluding CE6870EI)

<HUAWEI> display traffic policy p1 classifier c1
  Traffic Policy Information:                                                                                                       
    Policy: p1                                                                                                                      
      Classifier: c1                                                                                                                
        Type: OR                                                                                                                
      Behavior: b1         
        Statistics: enable
        Committed Access Rate:
          CIR 1000 (Kbps), PIR 2000 (Kbps), CBS 125000 (Bytes), PBS 250000 (Bytes)
          Color Mode: color Blind
          Conform Action: pass
          Yellow  Action: pass
          Exceed  Action: discard

# Display the configuration of the traffic behavior bound to the traffic classifier c1 in the traffic policy p1. (CE6870EI)

<HUAWEI> display traffic policy p1 classifier c1
  Traffic Policy Information:                                                                                                       
    Policy: p1                                                                                                                      
      Classifier: c1                                                                                                                
        Type: OR                                                                                                                
      Behavior: b1         
        Statistics: enable
        Committed Access Rate:
          CIR 1000 (Kbps), PIR 2000 (Kbps), CBS 125000 (Bytes), PBS 250000 (Bytes)
          Color Mode: color Blind

# Display the configuration of all traffic policies. (CE switches excluding CE6870EI)

<HUAWEI> display traffic policy
  Traffic Policy Information:  
    Policy: p1
      Classifier: c1
        Type: OR
      Behavior: b1
        Statistics: enable
        Committed Access Rate:
          CIR 1000 (Kbps), PIR 2000 (Kbps), CBS 125000 (Bytes), PBS 250000 (Bytes)
          Color Mode: color Blind
          Conform Action: pass
          Yellow  Action: pass
          Exceed  Action: discard
      Classifier: c2
        Type: OR
      Behavior: b2
        Deny

Total policy number is 1 

# Display the configuration of all traffic policies. (CE6870EI)

<HUAWEI> display traffic policy
  Traffic Policy Information:  
    Policy: p1
      Classifier: c1
        Type: OR
      Behavior: b1
        Statistics: enable
        Committed Access Rate:
          CIR 1000 (Kbps), PIR 2000 (Kbps), CBS 125000 (Bytes), PBS 250000 (Bytes)
          Color Mode: color Blind
      Classifier: c2
        Type: OR
      Behavior: b2
        Deny

Total policy number is 1 
Table 17-8  Description of the display traffic policy command output

Item

Description

Policy

Traffic policy name. To configure a traffic policy, run the traffic policy command.

Classifier

Traffic classifier in a traffic policy. To create a traffic classifier, run the traffic classifier command.

Type

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Behavior

Traffic behavior bound to the traffic classifier. To create a traffic behavior, run the traffic behavior command.

Statistics

Whether the traffic statistics function is enabled. To enable the traffic statistics function, run the statistics enable (traffic behavior view) command.

Committed Access Rate

CAR. To configure CAR, run the car (traffic behavior view) command.

CIR 1000 (Kbps), PIR 2000 (Kbps), CBS 125000 (Bytes), PBS 250000 (Bytes)

Parameters in the QoS CAR profile, including the CIR, PIR, CBS, and PBS. To configure CAR parameters, run the car (traffic behavior view) command.

Color Mode

Color mode, which can be color-aware or color-blind. To configure a color mode, run the car (traffic behavior view) command.

Conform Action

Action taken for packets whose rate is within the CIR. To configure an action taken for packets whose rate is within the CIR, run the car (traffic behavior view) command.

Yellow Action

Action taken for yellow packets. To configure an action taken for yellow packets, run the car (traffic behavior view) command.

Exceed Action

Action taken for packets whose rate exceeds the CIR. To configure an action taken for packets whose rate exceeds the CIR, run the car (traffic behavior view) command.

Deny

Deny action. To configure the deny action, run the deny | permit command.

Total policy number is 1

Total number of created traffic policies.

display traffic-policy statistics

Function

The display traffic-policy statistics command displays statistics on packets matching a traffic policy.

Format

display traffic-policy statistics { global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } [ policy-name ] [ inbound | outbound ] [ { classifier-base | rule-base } [ class classifier-name ] ]

Parameters

Parameter

Description

Value

global

Displays packet statistics in the system to which a traffic policy has been applied.

-

slot slot-id

Displays packet statistics in the system to which a traffic policy has been applied. slot-id specifies the stack ID of the device.

The value is an integer. You can enter a question mark ? and select a value from the displayed value range.

interface interface-type interface-number

Displays packet statistics on an interface to which a traffic policy has been applied.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

vlan vlan-id

Displays packet statistics in a specified VLAN to which a traffic policy has been applied.

The value is an integer that ranges from 1 to 4094.

vpn-instance vpn-instance-name

Displays packet statistics in a specified VPN instance to which a traffic policy has been applied.

NOTE:

The CE6810LI does not support this parameter.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

qos group group-id

Displays packet statistics in a specified QoS group to which a traffic policy has been applied.

The value is a string of 1 to 31 case-sensitive characters without spaces, and must start with a letter.

bridge-domain bd-id

Displays the record of a traffic policy that has been applied in a BD.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

The value is an integer ranging from 1 to 16777215.

policy-name

Displays statistics on packets matching a specified traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Displays packet statistics in the inbound direction to which a traffic policy has been applied.

-

outbound

Displays packet statistics in the outbound direction to which a traffic policy has been applied.

-

classifier-base

Displays statistics on packets matching a specified traffic classifier. If this parameter is specified, statistics on packets matching a traffic classifier in the traffic policy are displayed.

-

rule-base

Displays statistics on packets matching a rule. If this parameter is specified, statistics on packets matching all rules are displayed.

-

class classifier-name

Specifies the name of a traffic classifier. If this parameter is specified, statistics on packets matching the specified traffic classifier or rules in the specified traffic classifier are displayed. If this parameter is not specified, statistics on packets matching all traffic classifiers are displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic-policy statistics command displays packet statistics. The command output helps you check statistics on forwarded and discarded packets after a traffic policy is applied and locate faults.

Precautions

  • If a traffic policy contains many rules, after the reset traffic-policy statistics command has been used, wait for a period and run the display traffic-policy statistics command. If you run the display traffic-policy statistics command immediately, information may be not displayed.

  • When a traffic policy containing many rules and the traffic statistics action is configured and the statistics are being queried based on instances or traffic classifiers, command line execution is interrupted and MIB-based query expires. By default, the timeout of MIB-based query is 5s and only statistics on packets matching the traffic policy within 1024 rules can be queried. When a traffic policy defines more than 1024 rules, the system reads cached data. When a traffic policy defines more than 1024 rules, the timeout of MIB-based query needs to be changed based on the data volume and the cached data is counted.

Example

# Display traffic statistics on 10GE1/0/1 in the inbound direction to which a traffic policy has been applied.

<HUAWEI> display traffic-policy statistics interface 10ge 1/0/1 inbound
Traffic policy: p1, inbound                                                                                                         
--------------------------------------------------------------------------------
 Slot: 1                                                                        
 Item                  Packets                Bytes           pps           bps 
 -------------------------------------------------------------------------------
 Matched                     0                    0             0             0 
  Passed                     0                    0             0             0 
  Dropped                    0                    0             0             0 
   Filter                    0                    0             0             0 
   CAR                       0                    0             0             0 
 -------------------------------------------------------------------------------

# Display statistics on incoming packets matching a rule after the traffic policy is applied to the system.

<HUAWEI> display traffic-policy statistics global inbound rule-base
Traffic policy: p1, inbound                                                     
--------------------------------------------------------------------------------
  Classifier: c1, Behavior: b1                                                  
    Slot: 1                                                                     
    ----------------------------------------------------------------------------
    if-match any                                                                
    Passed Packets                       0, Passed Bytes                       0
    Passed pps                           0, Passed bps                         0
    Dropped Packets                      0, Dropped Bytes                      0
    Dropped pps                          0, Dropped bps                        0
    ----------------------------------------------------------------------------
Table 17-9  Description of the display traffic-policy statistics command output

Item

Description

Traffic policy

Traffic policy that has been applied and direction in which the traffic policy has been applied.

Slot

Device to which the traffic policy is applied.

Item

Statistical item.

Packets

Number of packets.

Bytes

Number of bytes.

pps

Rate of packets, in pps.

bps

Rate of packets, in bit/s.

Matched

Numbers of packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time.

Passed

Numbers of forwarded packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time.

Dropped

Numbers of discarded packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time. The dropped packets include the filtered packets and packets dropped by CAR.

Filter

Number of discarded packets and bytes by the filtering action among the packets matching the traffic classifier. Packet statistics have been collected after the previous statistics were cleared last time.

CAR

Numbers of packets and bytes that match the traffic classification rule and are discarded by CAR. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time. To configure CAR, run the car (traffic behavior view) command.

Classifier

Relationship between rules in the traffic classifier. To create a traffic classifier, run the traffic classifier command.

Behavior

Traffic behavior name. To create a traffic behavior, run the traffic behavior command.

if-match

Matching rule in the traffic classifier.

Passed Packets

Numbers of forwarded packets that match the traffic classifier rules.

Passed Bytes

Numbers of forwarded bytes that match the traffic classifier rules.

Passed pps

Rate of forwarded packets that match traffic classification rules, in pps.

Passed bps

Rate of forwarded packets that match traffic classification rules, in bit/s.

Dropped Packets

Numbers of discarded packets that match the traffic classifier rules.

Dropped Bytes

Numbers of discarded bytes that match the traffic classifier rules.

Dropped pps

Rate of discarded packets that match traffic classification rules, in pps.

Dropped bps

Rate of discarded packets that match traffic classification rules, in bit/s.

display traffic-policy applied-record

Function

The display traffic-policy applied-record command displays traffic policy records.

Format

display traffic-policy applied-record [ policy-name ] [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id ] [ inbound | outbound ]

display traffic-policy applied-record { traffic-filter | traffic-statistics } [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | qos group group-id ] [ inbound | outbound ]

display traffic-policy applied-record traffic-redirect [ [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | qos group group-id ] [ inbound ] ]

Parameters

Parameter

Description

Value

policy-name

Displays the record of a specified traffic policy. If this parameter is not specified, records of all the applied traffic policies are displayed.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

traffic-filter

Displays the record of ACL-based packet filtering.

NOTE:

The CE6880EI does not support this parameter.

-

traffic-redirect

Displays the record of ACL-based redirection.

NOTE:

The CE6880EI does not support this parameter.

-

traffic-statistics

Displays the record of ACL-based traffic statistics.

NOTE:

The CE6880EI does not support this parameter.

NOTE:

The CE6880EI does not support this parameter.

-

global

Displays the record of a traffic policy that has been applied globally.

-

slot slot-id

Displays the record of a traffic policy that has been applied on the device. slot-id specifies the stack ID of the device.

The value is an integer. You can enter a question mark (?) and select a value as prompted.

interface interface-type interface-number

Displays the record of a traffic policy that has been applied to an interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

vlan vlan-id

Displays the record of a traffic policy that has been applied in a VLAN.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

vpn-instance vpn-instance-name

Displays the record of a traffic policy that has been applied in a VPN instance.

NOTE:

The CE6810LI does not support this parameter.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

qos group group-id

Displays the record of a traffic policy that has been applied in a QoS group.

The value is a string of 1 to 31 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

bridge-domain bd-id

Displays the record of a traffic policy that has been applied in a BD.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

The value is an integer ranging from 1 to 16777215.

inbound

Displays the record of a traffic policy that has been applied in the inbound direction.

-

outbound

Displays the record of a traffic policy that has been applied in the outbound direction.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic-policy applied-record command displays a record of an applied traffic policy or records of all applied traffic policies, including the view, port number, direction that the traffic policy/policies is/are applied to, and common causes for an application failure. The command output helps you check traffic policy records and locate faults.

Example

# Display the record of the traffic policy.

<HUAWEI> display traffic-policy applied-record
Total records : 4 
--------------------------------------------------------------------------------     
Policy Type/Name                     Apply Parameter             Slot State          
--------------------------------------------------------------------------------     
traffic-filter     (IPv4) acl 2001   Global inbound                 1 success        
                                                                    2 success        
                                                                    4 fail(4)        
--------------------------------------------------------------------------------     
dsc                                  Global inbound                 1 fail(3)        
                                                                    2 fail(3)        
                                                                    4 fail(3)        
n4                                   10GE4/0/2 inbound              4 fail(4)        
p1                                   10GE4/0/5 inbound              4 fail(4)        
--------------------------------------------------------------------------------      
Fail reason:  
   3 -- The numbers of matched conditions and actions in the traffic policy exceed the limit. 
   4 -- Insufficient ACL resources.  

# Display the record of the traffic policy p1.

<HUAWEI> display traffic-policy applied-record p1
Total records : 1                                          
--------------------------------------------------------------------------------  
Policy Type/Name : p1                                                             
--------------------------------------------------------------------------------  
Apply Parameter                                            Slot       State       
--------------------------------------------------------------------------------  
25GE1/1/6 inbound                                          1          success     
--------------------------------------------------------------------------------     
Table 17-10  Description of the display traffic-policy applied-record command output

Item

Description

Total records

Total number of traffic policy records.

Policy Type/Name

Traffic policy type or name.

Apply Parameter

View and direction to which the traffic policy is applied.

For the ACL-based simplified traffic policy, the bound ACL rule of the application view is also displayed.

Slot

Device to which the traffic policy is applied.

State

View and status of the traffic policy that is applied to the specified device.
  • success: The traffic policy is successfully applied. For details about the service configuration, see the configuration of the traffic classifier and traffic behavior.
  • fail(n): The traffic policy fails to be applied. The value n is the number corresponding to the cause for a failure to apply the traffic policy. For the detailed failure cause corresponding to the code, see Fail reason.
  • offline: No card is installed in the slot or the card fails to be registered.
  • waiting: The traffic policy record is not delivered.
  • processing: The traffic policy application record is being updated or delivered.
  • -: The query expires.

Fail reason

Cause for a failure to apply the traffic to the view and direction of the specified device.

You can use the following methods to check the configuration:
  • When the system displays the message indicating that there are repeated rules, check whether rules in the traffic classifier are incorrect. For example, in the traffic classifier where the relationship between rules is AND, matching fields of the same type are not unique.
  • When the system displays the message indicating that too many fields are matched in the traffic policy, delete some matching rules.
  • When the system displays a message about insufficient resources, delete the configured traffic policies or disable features such as blacklist and protocol association that reference ACLs. If the fault persists, contact technical support personnel.

group-member interface (QoS group view)

Function

The group-member interface command adds specified interfaces to a QoS group.

The undo group-member interface command deletes interfaces from a QoS group.

By default, interfaces are not added to a QoS group.

Format

group-member interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

undo group-member interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

Parameters

Parameter Description Value
interface-type interface-number1 [ to interface-type interface-number2 ]

Specifies interfaces added to a QoS group.

The keyword to specifies an interface range that includes all interfaces between the start and end interfaces.

interface-type can be only the Eth-Trunk, VLANIF interface (only supported by the CE6870EI and CE6880EI), or Ethernet interface (excluding the MEth interface).

Views

QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a QoS group is created, you can add the interfaces to which the same traffic policy or ACL-based simplified traffic policy is applied to the QoS group.

Prerequisites

Precautions

  • If you run the group-member command multiple times, multiple VLANs, source IP addresses, or interfaces are added to the QoS group.

  • A QoS group can only contain members of the same type, for example, members of interface type.

  • The Eth-Trunk and its member interfaces cannot be used as members of a QoS group simultaneously.

  • If to is specified, pay attention to the following points:
    • The start and end interfaces must be of the same type.
    • The interfaces before and after to must have the same attribute, for example, they are both main interfaces, Layer 2 sub-interfaces, or Layer 3 sub-interfaces. If they are both Layer 2 or Layer 3 sub-interfaces, they must be the sub-interfaces of the same main interface. Layer 2 and Layer 3 sub-interfaces can be added to the same port group.
    • If to is not specified, ignore the preceding points.
  • The VLANIF interfaces corresponding to the VLANs used in VXLAN, TRILL, and VLL scenarios cannot be used as members of a QoS group.

Example

# Add 10GE1/0/1 and 10GE1/0/2 to the QoS group qosgroup1.
<HUAWEI> system-view
[~HUAWEI] qos group qosgroup1
[*HUAWEI-qos-group-qosgroup1] group-member interface 10ge 1/0/1 to 10ge 1/0/2
Related Topics

group-member ip (QoS group view)

Function

The group-member ip command adds specified source IP addresses to a QoS group.

The undo group-member ip command deletes source IP addresses from a QoS group.

By default, source IP addresses are not added to a QoS group.

NOTE:

The CE6870EI does not support this command.

Format

group-member ip source ip-address { mask | mask-length }

undo group-member ip source ip-address { mask | mask-length }

Parameters

Parameter Description Value
ip source ip-address

Specifies the source IP address added to the QoS group.

The value is in dotted decimal notation.

mask

Specifies the subnet mask.

The value is in dotted decimal notation.

mask-length

Specifies the mask length.

The value is an integer that ranges from 1 to 32.

Views

QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a QoS group is created, you can add source IP addresses in traffic classifiers bound to the same traffic policy or ACL-based simplified traffic policy to the QoS group.

Precautions

  • If you run the group-member command multiple times, multiple VLANs, source IP addresses, or interfaces are added to the QoS group.

  • A QoS group can only contain members of the same type, for example, members of IP type.

  • When virtualization perception is deployed on the switch based on ACLs and the access-mode active-standby command is used to configure the active/standby mode, source IP addresses cannot be added to a QoS group. When a QoS group where members are source IP addresses exists on the switch, virtualization perception based on ACLs cannot be used and the access-mode active-standby command cannot be used to configure the active/standby mode.

  • A QoS group contains up to 2047 source IP addresses on the CE5850EI, 2048 source IP addresses on the CE6880EI, and 767 source IP addresses on other models.

Example

# Add the IP address of 192.168.1.0/24 to the QoS group qosgroup1.
<HUAWEI> system-view
[~HUAWEI] qos group qosgroup1
[*HUAWEI-qos-group-qosgroup1] group-member ip source 192.168.1.0 24
Related Topics

group-member vlan (QoS group view)

Function

The group-member vlan command adds specified VLANs to a QoS group.

The undo group-member vlan command deletes VLANs from a QoS group.

By default, VLANs are not added to a QoS group.

NOTE:

Only the CE6870EI and CE6880EI support this command.

Format

group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8>

undo group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8>

Parameters

Parameter Description Value
vlan-id1 [ to vlan-id2 ]

Specifies VLANs added to a QoS group.

The keyword to specifies a VLAN range that includes all VLANs between the start and end VLANs.

vlan-id1 and vlan-id2 are integers that range from 1 to 4094. The VLAN cannot be the reserved VLAN configured by the vlan reserved command.

Views

QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a QoS group is created, you can add the VLANs to which the same traffic policy or ACL-based simplified traffic policy is applied to the QoS group.

Prerequisites

VLANs have been created using the vlan command.

Precautions

  • If you run the group-member command multiple times, multiple VLANs, source IP addresses, or interfaces are added to the QoS group.

  • A QoS group can only contain members of the same type, for example, members of VLAN type.

  • The VLANs used in VXLAN, TRILL, and VLL scenarios cannot be used as members of a QoS group.

Example

# Add VLAN 10 to the QoS group qosgroup1.
<HUAWEI> system-view
[~HUAWEI] qos group qosgroup1
[*HUAWEI-qos-group-qosgroup1] group-member vlan 10
Related Topics

group-member (QoS port group view)

Function

The group-member command adds interfaces to a QoS interface group.

The undo group-member command deletes interfaces from a QoS interface group.

By default, no interface is added to a QoS interface group.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

group-member { interface-type interface-number1 [ to interface-type interface-number2 ] }

undo group-member { interface-type interface-number1 [ to interface-type interface-number2 ] }

Parameters

Parameter Description Value
interface-type interface-number1 [ to interface-type interface-number2 ] Specifies interfaces added to a QoS interface group.

The keyword to specifies an interface range that includes all interfaces between these two interfaces.

-

Views

QoS port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a QoS interface group, add interfaces that need to be configured in a batch to the QoS interface group.

Precautions

  • If you run the group-member command multiple times, multiple interfaces are added to the QoS interface group.

  • If to is specified, pay attention to the following points:
    • The start and end interfaces must be of the same type.
    • The start and end interfaces must be located on the same LPU. If several interfaces on multiple LPUs need to be added to the same QoS interface group, run this command or use to multiple times.
    • The interfaces before and after to must have the same attribute, for example, they are both main interfaces, Layer 2 sub-interfaces, or Layer 3 sub-interfaces. If they are both Layer 2 or Layer 3 sub-interfaces, they must be the sub-interfaces of the same main interface. Layer 2 and Layer 3 sub-interfaces can be added to the same port group.
    • If to is not specified, ignore the preceding points.

Example

# Add 10GE1/0/1 and 10GE1/0/2 to QoS interface group 1.
<HUAWEI> system-view
[~HUAWEI] qos port-group 1
[*HUAWEI-qos-port-group-1] group-member 10ge 1/0/1 to 10ge 1/0/2
Related Topics

if-match 8021p

Function

The if-match 8021p command configures a matching rule based on the 802.1p priority of VLAN packets in a traffic classifier.

The undo if-match 8021p command deletes a matching rule based on the 802.1p priority of VLAN packets in a traffic classifier.

By default, a matching rule based on the 802.1p priority of VLAN packets is not configured in a traffic classifier.

Format

if-match 8021p 8021p-value &<1-8>

undo if-match 8021p [ 8021p-value &<1-8> ]

Parameters

Parameter

Description

Value

8021p-value

Specifies the 802.1p priority in VLAN packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority in VLAN packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match 8021p command to classify traffic based on the 802.1p priority in VLAN packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • Regardless of whether the relationship between traffic classification rules is AND or OR, if you enter multiple values of 802.1p priorities, the packet that matches one 802.1p priority matches a rule.
  • Untagged packets cannot be matched based on 802.1p priorities on the CE6870EI.
  • If you run the if-match 8021p command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.
  • After this command is configured, the switch matches only the 802.1p priority in single-tagged packets. To match the 802.1p priority in double-tagged packets, configure a matching rule based on double tags of packets in a traffic policy.

Example

# Configures a matching rule based on the 802.1p priority of 1 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match 8021p 1
Related Topics

if-match acl

Function

The if-match acl command configures a matching rule based on an Access Control List (ACL) in a traffic classifier.

The undo if-match acl command deletes a matching rule based on an ACL.

By default, a matching rule based on an ACL is not configured in a traffic classifier.

Format

if-match acl { acl-number | acl-name }

undo if-match acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

acl-number

Specifies the number of an ACL.

The value is an integer.
  • ACLs numbered 2000 to 2999 are basic ACLs, which are used to classify all packets.
  • ACLs numbered 23000 to 23999 are ARP-based ACLs. ARP-based ACL rules can be defined based on information in ARP packets.
  • ACLs numbered 3000 to 3999 are advanced ACLs, which are used to classify packets based on Layer 3 information.
  • ACLs numbered 4000 to 4999 are Layer 2 ACLs, which are used to classify packets based on the source MAC address, destination MAC address, and packet type.
  • ACLs numbered 5000 to 5999 are user-defined ACLs.

acl-name

Specifies the name of an ACL.

The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To classify packets based on the interface that receives packets, source IP address, destination IP address, protocol over IP, source and destination TCP port numbers, ICMP type and code, and source and destination MAC addresses, ARP packets, reference an ACL in a traffic classifier. You must first define an ACL and configure rules in the ACL, and then run the if-match acl command to configure a matching rule based on the ACL so that the device processes packets matching the same rule in the same manner.

Prerequisites

Create an ACL and configure rules in the ACL.

Precautions

  • Regardless of whether the relationship between rules in a traffic classifier is and or or, if an ACL contains multiple rules, the packet that matches one ACL rule matches the ACL.
  • You can configure multiple ACL rules in a traffic classifier to match different types of packets. A traffic classifier allows a maximum of 2048 if-match rules.
  • The if-match acl command cannot match outer information in VXLAN packets on the device excluding the CE6870EI and CE6880EI. For the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI, to match outer information in VXLAN packets, run the if-match vxlan outer acl command.
  • A traffic policy containing a matching rule that defines the IP fragment and TTL-Expired fields cannot be applied to the outbound direction on the CE6870EI.
  • If a matching rule references an ARP-based ACL, a traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.
  • When the ARP resource allocation mode is set to the extend mode using the arp resource-mode extend command and a traffic policy matching the TCP port, UDP port, or fragment flag is applied to the outbound direction, fragments may be incorrectly matched. Do not configure the extended ARP resource allocation mode and the preceding traffic policy together on the CE6870EI.
  • For the CE6870EI and CE6880EI, the if-match acl command cannot match inner information of VXLAN and TRILL packets.

Example

# Configure a matching rule based on ACL 2046 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] acl 2046
[*HUAWEI-acl4-basic-2046] rule permit source any
[*HUAWEI-acl4-basic-2046] quit
[*HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match acl 2046

if-match any

Function

The if-match any command configures a matching rule based on all data packets in a traffic classifier.

The undo if-match any command deletes a matching rule based on all data packets in a traffic classifier.

By default, a matching rule based on all data packets is not configured in a traffic classifier.

Format

if-match any

undo if-match any

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To process all the data packets in the same manner, run the if-match any command.

Precautions

If if-match any, if-match acl, and if-match ipv6 acl are configured on the device and if-match any is configured first, if-match any takes effect and if-match acl and if-match ipv6 acl are invalid. If if-match acl or if-match ipv6 acl is configured first and packets match ACL rules, if-match acl or if-match ipv6 acl takes effect. If packets do not match ACL rules, if-match any takes effect.

Example

# Configure a matching rule based on all data packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match any
Related Topics

if-match inner-8021p

Function

The if-match inner-8021p command configures a matching rule based on the 802.1p priority in the inner tag of QinQ packets in a traffic classifier.

The undo if-match inner-8021p command deletes a matching rule based on the 802.1p priority in the inner tag of QinQ packets in a traffic classifier.

By default, a matching rule based on the 802.1p priority in the inner tag of QinQ packets is not configured in a traffic classifier.

Format

if-match inner-8021p 8021p-value &<1-8>

undo if-match inner-8021p [ 8021p-value &<1-8> ]

Parameters

Parameter

Description

Value

8021p-value

Specifies the 802.1p priority in the inner tag of QinQ packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of QinQ packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match inner-8021p command to classify packets based on the 802.1p priority in the inner tag of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • The if-match inner-8021p command is valid only for the double-tagged packets.
  • If you enter multiple 802.1p priorities in the inner tags of packets in the command, a packet matches a rule as long as it matches one of the 802.1p priorities in the inner tags of packets, regardless of whether the relationship between traffic classification rules is AND or OR.
  • If you run the if-match inner-8021p command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.

Example

# Configure a matching rule based on the inner 802.1p priority of 1 in QinQ packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match inner-8021p 1
Related Topics

if-match inner-vlan

Function

The if-match inner-vlan command configures a matching rule based on VLAN IDs in the inner and outer tags of QinQ packets in a traffic classifier. You can specify the VLAN ID range in the inner tag.

The undo if-match inner-vlan command deletes a matching rule based on VLAN IDs in the inner and outer tags of QinQ packets in a traffic classifier.

By default, a matching rule based on the VLAN ID in the inner and outer tags of QinQ packets is not configured in a traffic classifier.

Format

if-match inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

undo if-match inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

Parameters

Parameter

Description

Value

inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

Specifies the VLAN ID in the inner tag of a QinQ packet.

  • The value of start-inner-vlan-id is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.
  • The value of end-inner-vlan-id is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

The value of end-inner-vlan-id must be larger than the value of start-inner-vlan-id.

If to end-inner-vlan-id is not specified, only the VLAN ID specified by start-inner-vlan-id is matched.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match inner-vlan command to classify packets based on the VLAN ID in the inner tag of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • The if-match inner-vlan command is valid for only the original double-tagged packets.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.

Example

# Configure a matching rule based on the VLAN ID of 100 in the inner tag of QinQ packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match inner-vlan 100
Related Topics

if-match destination-mac

Function

The if-match destination-mac command configures a matching rule based on the destination MAC address in a traffic classifier.

The undo if-match destination-mac command deletes a matching rule based on the destination MAC address in a traffic classifier.

By default, a matching rule based on the destination MAC address is not configured in a traffic classifier.

Format

if-match destination-mac mac-address [ mac-address-mask ]

undo if-match destination-mac

Parameters

Parameter

Description

Value

mac-address

Specifies the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

mac-address-mask

Specifies the mask of the destination MAC address.

Similar to the mask of the IP address, the value F indicates that the destination MAC address is matched and the value 0 indicates that the destination MAC address is not matched. The mask of the MAC address determines a group of MAC addresses. The device can accurately match certain bits in the destination MAC address using the mask of the MAC address. In practice, you can set these bits to F in the mask of the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match destination-mac command to configure a matching rule based on the destination MAC address in a traffic classifier so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

If you run the if-match destination-mac command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the destination MAC address of 0050-ba27-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match destination-mac 0050-ba27-bed3

# Configure a matching rule based on the destination MAC address of XX50-bXX7-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match destination-mac 0050-b007-bed3 00ff-f00f-ffff

if-match discard

Function

The if-match discard command configures a matching rule based on drop packets in a traffic classifier.

The undo if-match discard command deletes a matching rule based on drop packets in a traffic classifier.

By default, a matching rule based on drop packets is not configured in a traffic classifier.

Format

if-match discard

undo if-match discard

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After packets reach the device, invalid packets are discarded. You can run the if-match discard command to configure the device to match discarded packets, take action for the discarded packets such as traffic statistics and mirroring, and analyze them.

Precautions

  • A traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.
  • On a device excluding the CE6870EI, and CE6880EI, a traffic policy containing this traffic classifier cannot match the following packets:
    • Layer 3 packets that do not match the routing table when the system resource mode is large-route
    • Layer 3 packets that match blackhole routes

Example

# Configure a matching rule based on discarded packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match discard
Related Topics

if-match double-tag

Function

The if-match double-tag command configures a matching rule based on double tags of packets in a traffic classifier.

The undo if-match double-tag command deletes a matching rule based on double tags of packets in a traffic classifier.

By default, a matching rule based on double tags of packets is not configured in a traffic classifier.

Format

if-match double-tag

undo if-match double-tag

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match double-tag command to classify traffic based on double tags so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

A traffic policy containing this matching rule cannot be applied to the outbound direction on the CE6870EI.

Example

# Configure a matching rule based on double tags of packets in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match double-tag
Related Topics

if-match dscp

Function

The if-match dscp command configures a matching rule based on the Differentiated Services Code Point (DSCP) priority of packets in a traffic classifier.

The undo if-match dscp command deletes a matching rule based on the DSCP priority of packets in a traffic classifier.

By default, a matching rule based on the DSCP priority of packets is not configured in a traffic classifier.

Format

if-match [ ipv6 ] dscp dscp-value &<1-8>

undo if-match [ ipv6 ] dscp [ dscp-value &<1-8> ]

Parameters

Parameter

Description

Value

ipv6

Indicates that IPv6 packets are matched. If this parameter is not specified, IPv4 packets are matched.

-

dscp dscp-value

Specifies the DSCP priority.

The value can be a DiffServ code, an integer ranging from 0 to 63, or the name of the DSCP service type such as af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1-cs7, default, and ef.

The values corresponding to service types are as follows:

  • af11: 10
  • af12: 12
  • af13: 14
  • af21: 18
  • af22: 20
  • af23: 22
  • af31: 26
  • af32: 28
  • af33: 30
  • af41: 34
  • af42: 36
  • af43: 38
  • cs1: 8
  • cs2: 16
  • cs3: 24
  • cs4: 32
  • cs5: 40
  • cs6: 48
  • cs7: 56
  • default: 0
  • ef: 46

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match dscp command to classify packets based on the DSCP priority of packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • A traffic policy containing an IPv6 DSCP matching rule cannot be applied to the outbound direction on the CE6870EI.
  • If you enter multiple DSCP priorities in the command, a packet matches a rule as long as it matches one of the DSCP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.
  • In a traffic classifier where the relationship between rules is AND, the if-match dscp and if-match ip-precedence commands cannot be used simultaneously.
  • If you run the if-match dscp command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • if-match ipv6 dscp and if-match dscp cannot be configured in one traffic classifier.

Example

# Configure a matching rule based on the DSCP priority of 1 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match dscp 1

if-match gre

Function

The if-match gre command configures a matching rule based on inner information in GRE packets in a traffic classifier.

The undo if-match gre command deletes a matching rule based on inner information in GRE packets in a traffic classifier.

By default, a matching rule based on inner information in GRE packets is not configured in a traffic classifier.

NOTE:

Only the CE6870EI supports this command.

Format

if-match gre [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number ] *

undo if-match gre [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number ] *

Parameters

Parameter

Description

Value

inner-source-ip source-ip-address

Specifies the inner source IP address in GRE packets.

The value is in dotted decimal notation.

inner-destination-ip destination-ip-address

Specifies the inner destination IP address in GRE packets.

The value is in dotted decimal notation.

mask ip-address-mask

Specifies the mask length of an IP address.

The value is an integer that ranges from 0 to 32.

inner-protocol protocol-number

Specifies the inner protocol number in GRE packets.

The value is an integer that ranges from 0 to 255.

inner-source-port source-port-number

Specifies the inner source port number in GRE packets.

The value is an integer that ranges from 0 to 65535.

inner-destination-port destination-port-number

Specifies the inner destination port number in GRE packets.

The value is an integer that ranges from 0 to 65535.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

GRE encapsulates packets of a protocol into packets of another protocol to transparently transmit packets over GRE tunnels. GRE solves the transmission problem on heterogeneous networks.

You can run the if-match gre command to classify GRE packets inner information in GRE packets so that the device processes GRE packets matching the same traffic classifier in the same manner and provides fine-granular services.

Precautions

  • A traffic policy containing this matching rule takes effect only on the device at the GRE tunnel egress.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If you do not specify any parameter in the command, GRE packets are matched.
  • When a traffic classifier contains this matching rule, only packet filtering, traffic policing, redirection, and traffic statistics collection can be configured in the traffic behavior.

Example

# Configure a matching rule based on the source IP address of 192.168.1.1/24 in GRE packets in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match gre inner-source-ip 192.168.1.1 mask 24
Related Topics

if-match inbound-interface

Function

The if-match inbound-interface command configures a matching rule based on an inbound interface in a traffic classifier.

The undo if-match inbound-interface command deletes a matching rule based on an inbound interface in a traffic classifier.

By default, a matching rule based on an inbound interface is not configured in a traffic classifier.

Format

if-match inbound-interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

undo if-match inbound-interface

Parameters

Parameter

Description

Value

interface-type interface-number1 [ to interface-type interface-number2 ]
Specifies the inbound interface.
  • interface-type specifies the interface type.
  • interface-number1 specifies the number of the first interface.
  • interface-number2 specifies the number of the last interface. interface-number2 and interface-number1 identify a range of interfaces. If interface-number1 and interface-number2 are specified, multiple inbound interfaces can be matched.

If to interface-type interface-number2 is not specified, only the interface specified by interface-number1 is matched. A maximum of eight interfaces can be specified.

The interfaces specified by this command must be installed in the same slot and of the same type. For split interfaces, the interfaces must be split from the same interface.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match inbound-interface command to classify traffic based on an inbound interface so that the device processes packets matching the same traffic classifier in the same manner.

If multiple inbound interfaces are matched, packets on these interfaces can be processed in the same manner. If CAR is performed for multiple inbound interfaces, these interfaces share the bandwidth by aggregated CAR.

Precautions

  • A traffic policy containing the traffic classifier cannot be applied to either the outbound direction or inbound direction of an interface on the switches excluding CE6870EI.
  • A traffic policy containing this matching rule cannot be applied to the inbound direction of an interface on the CE6870EI.
  • A traffic classifier cannot match the inbound and outbound interfaces simultaneously.
  • If you run the if-match inbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • This command can only specify physical interfaces of the same type in the same slot at a time. If the command specifies split interfaces, these interfaces must be split from the same interface.

  • The matched interface cannot be a stack member or an Eth-Trunk member interface.

Example

# Configure a matching rule based on the inbound interface of 10GE1/0/1 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match inbound-interface 10ge 1/0/1
Related Topics

if-match ip-identification

Function

The if-match ip-identification command configures a matching rule based on the IP identifier in a traffic classifier.

The undo if-match ip-identification command deletes a matching rule based on the IP identifier in a traffic classifier.

By default, no matching rule based on the IP identifier is configured in a traffic classifier.

NOTE:

The CE6880EI does not support this command.

Format

if-match ip-identification ip-identification-id [ mask ip-identification-mask ]

undo if-match ip-identification [ ip-identification-id [ mask ip-identification-mask ] ]

Parameters

Parameter

Description

Value

ip-identification-id

Specifies the ID of an IP identifier.

The value is an integer that ranges from 0 to 65535.

mask ip-identification-mask

Specifies the mask length of the IP identifier.

The value ranges from 0x0000 to 0xFFFF in hexadecimal notation, and starts with 0x. The default value is 0xFFFF.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match ip-identification command to classify packets based on the IP identifier in packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • When the traffic classifier contains this matching rule, only packet filtering, traffic statistics collection, redirection, and PBR can be configured in the traffic behavior.
  • If you run the if-match ip-identification command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the IP identifier of 1 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match ip-identification 1
Related Topics

if-match ip-precedence

Function

The if-match ip-precedence command configures a matching rule based on the IP precedence of packets in a traffic classifier.

The undo if-match ip-precedence command deletes a matching rule based on the IP precedence of packets in a traffic classifier.

By default, a matching rule based on the IP precedence of packets is not configured in a traffic classifier.

Format

if-match ip-precedence ip-precedence-value &<1-8>

undo if-match ip-precedence [ ip-precedence-value &<1-8> ]

Parameters

Parameter

Description

Value

ip-precedence-value

Specifies the IP precedence.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match ip-precedence command to classify packets based on the IP precedence so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • After the if-match ip-precedence command is run, IP precedences are listed in ascending order.
  • If you enter multiple IP precedences in the if-match ip-precedence command, a packet matches a rule as long as it matches one of the IP precedences, regardless of whether the relationship between traffic classification rules is AND or OR.
  • In a traffic classifier where the relationship between rules is AND, the if-match dscp and if-match ip-precedence commands cannot be used simultaneously.
  • If you run the if-match ip-precedence command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the IP precedence of 1 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match ip-precedence 1

if-match ipv6 acl

Function

The if-match ipv6 acl command configures a matching rule based on an IPv6 ACL in a traffic classifier.

The undo if-match ipv6 acl command deletes a matching rule based on an IPv6 ACL.

By default, a matching rule based on an IPv6 ACL is not configured in a traffic classifier.

Format

if-match ipv6 acl { acl6-number | acl6-name }

undo if-match ipv6 acl { acl6-number | acl6-name }

Parameters

Parameter

Description

Value

acl6-number

Specifies the number of an IPv6 ACL.

The value is an integer.
  • ACLs numbered 2000 to 2999 are basic IPv6 ACLs, which are used to classify all packets.
  • ACLs numbered 3000 to 3999 are advanced IPv6 ACLs, which are used to classify packets based on Layer 3 information.
acl6-name

Specifies the name of an IPv6 ACL.

The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To classify packets based on the interface that receives packets, source IP address, destination IP address, protocol over IP, source and destination TCP port numbers, ICMP type and code, and source and destination MAC addresses, ARP packets, reference an IPv6 ACL in a traffic classifier. You must first define an IPv6 ACL and configure rules in the IPv6 ACL, and then run the if-match ipv6 acl command to configure a matching rule based on the IPv6 ACL so that the device processes packets matching the same rule in the same manner.

Prerequisites

Create an IPv6 ACL and configure rules in the IPv6 ACL.

Precautions

  • Regardless of whether the relationship between rules in a traffic classifier is and or or, if an IPv6 ACL contains multiple rules, the packet that matches one IPv6 ACL rule matches the IPv6 ACL.
  • You can configure multiple IPv6 ACL rules in a traffic classifier to match different types of packets. A traffic classifier allows a maximum of 2048 if-match rules.
  • A traffic policy containing a matching rule that defines the IP fragment and TTL-Expired fields cannot be applied to the outbound direction on the CE6870EI.
  • When the ARP resource allocation mode is set to the extend mode using the arp resource-mode extend command and a traffic policy matching the TCP port, UDP port, or fragment flag is applied to the outbound direction, fragments may be incorrectly matched. Do not configure the extended ARP resource allocation mode and the preceding traffic policy together on the CE6870EI.
  • For the CE6870EI and CE6880EI, the if-match ipv6 acl command cannot match inner information of VXLAN and TRILL packets.

Example

# Configure a matching rule based on ACL6 2046 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] acl ipv6 2046
[*HUAWEI-acl6-basic-2046] rule permit source any
[*HUAWEI-acl6-basic-2046] quit
[*HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match ipv6 acl 2046

if-match ipv6 nexthop

Function

The if-match ipv6 nexthop command configures a matching rule based on the next hop IPv6 address and outbound interface in a traffic classifier.

The undo if-match ipv6 nexthop command deletes a matching rule based on the next hop IPv6 address and outbound interface in a traffic classifier.

By default, a matching rule based on the next hop IPv6 address and outbound interface is not configured in a traffic classifier.

NOTE:

The CE6810LI does not support this command.

Format

if-match ipv6 nexthop ipv6-address interface interface-type interface-number

undo if-match ipv6 nexthop ipv6-address interface interface-type interface-number

Parameters

Parameter

Description

Value

ipv6-address

Specifies the next hop IPv6 address.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.

interface interface-type interface-number

Specifies the outbound interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

The outbound interface must be a Layer 3 Ethernet interface or VLANIF interface.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match ipv6 nexthop command to classify packets based on the next hop IPv6 address and outbound interface so that the device processes packets with the same next hop IPv6 address and outbound interface in the same manner.

Precautions

  • The outbound interface must be a Layer 3 Ethernet interface or VLANIF interface.
  • When the destination IPv6 address of packets and the matched next hop IPv6 address are on the same network segment, the traffic policy does not take effect.

Example

# Configure a matching rule based on the next hop IPv6 address of fc00::2 and outbound interface of VLANIF 100 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match ipv6 nexthop fc00::2 interface vlanif 100
Related Topics

if-match l2-protocol

Function

The if-match l2-protocol command configures a matching rule based on the Layer 2 protocol type in a traffic classifier.

The undo if-match l2-protocol command deletes a matching rule based on the Layer 2 protocol type in a traffic classifier.

By default, a matching rule based on the Layer 2 protocol type is not configured in a traffic classifier.

Format

if-match l2-protocol { arp | ip | rarp | protocol-value }

undo if-match l2-protocol [ arp | ip | rarp | protocol-value ]

Parameters

Parameter

Description

Value

arp

Indicates that ARP packets are classified.

The value of arp corresponds to 0x0806.

ip

Indicates that IP packets are classified.

The value of ip corresponds to 0x0800.

rarp

Indicates that RARP packets are classified.

The value of rarp corresponds to 0x8035.

protocol-value

Specifies the value of a protocol type.

The value ranges from 0x0000 to 0x05DC and from 0x0600 to 0xFFFF in hexadecimal notation and must start with 0x.

If the value of protocol-value is smaller than or equal to 0x05DC, the Destination Service Access Point (DSAP) and Source Service Access Point (SSAP) fields in the Logical Line Control (LLC) protocol packets are matched.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match l2-protocol command to classify packets based on the Layer 2 protocol type so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • The device supports Layer 2 protocols including ARP, IP, and RARP.
  • If you run the if-match l2-protocol command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • The protocol type of Ethernet frames matching a traffic policy in the outbound direction can only be ARP (0x0806), IP (0x0800), or TRILL (0x22f3) on the CE6870EI.

Example

# Define a matching rule based on the protocol type of ARP in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match l2-protocol arp
Related Topics

if-match mpls

Function

The if-match mpls command configures a matching rule based on inner information in MPLS packets in a traffic classifier.

The undo if-match mpls command deletes a matching rule based on inner information in MPLS packets in a traffic classifier.

By default, a matching rule based on inner information in MPLS packets is not configured in a traffic classifier.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

if-match mpls [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

undo if-match mpls [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

Parameters

Parameter

Description

Value

inner-source-ip source-ip-address

Specifies the inner source IP address of MPLS packets.

The value is in dotted decimal notation.

inner-destination-ip destination-ip-address

Specifies the inner destination IP address of MPLS packets.

The value is in dotted decimal notation.

mask ip-address-mask

Specifies the mask length of an IP address.

The value is an integer that ranges from 0 to 32.

inner-protocol protocol-number

Specifies the inner protocol number of MPLS packets.

The value is an integer that ranges from 0 to 255.

inner-source-port source-port-number

Specifies the inner source port number of MPLS packets.

The value is an integer that ranges from 0 to 65535.

inner-destination-port destination-port-number

Specifies the inner destination port number of MPLS packets.

The value is an integer that ranges from 0 to 65535.

inner-ip-identification inner-ip-identification-id

Specifies the inner IP identifier of MPLS packets.

The value is an integer that ranges from 0 to 65535.

mask inner-ip-identification-mask

Specifies the mask length of the IP identifier.

The value ranges from 0x0000 to 0xFFFF in hexadecimal notation, and starts with 0x.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match mpls command to classify MPLS packets based on inner information in MPLS packets so that the device processes MPLS packets matching the same traffic classifier in the same manner and provides fine-granular services.

Precautions

  • A traffic policy containing this matching rule takes effect only on the device at the MPLS tunnel egress.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If you do not specify any parameter in the command, MPLS packets with the inner IP address being an IPv4 address are matched.
  • If a traffic classifier contains this matching rule, only packet filtering, traffic policing, redirection, and traffic statistics collection can be configured in the traffic behavior on the CE6870EI.

Example

# Configure a matching rule based on the source IP address 192.168.1.1/24 in MPLS packets in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match mpls inner-source-ip 192.168.1.1 mask 24
Related Topics

if-match mpls-exp

Function

The if-match mpls-exp command configures a matching rule based on the EXP priority of MPLS packets in a traffic classifier.

The undo if-match mpls-exp command deletes a matching rule based on the EXP priority of MPLS packets in a traffic classifier.

By default, a matching rule based on the EXP priority of MPLS packets is not configured in a traffic classifier.

NOTE:

Only the CE6870EI supports this command.

Format

if-match mpls-exp exp-value &<1-8>

undo if-match mpls-exp

Parameters

Parameter

Description

Value

exp-value

Specifies the EXP priority of MPLS packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of MPLS packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match mpls-exp command to classify MPLS packets based on the EXP priority so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • If you enter multiple values of EXP priorities in the command, a packet matches the traffic classifier as long as it matches one of the EXP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.
  • A traffic policy containing if-match mpls-exp that is applied to the outbound direction does not take effect.
  • If you run the if-match mpls-exp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the EXP priority of 1 or 4 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match mpls-exp 1 4
Related Topics

if-match mpls transit

Function

The if-match mpls transit command configures a matching rule based on inner information of MPLS packets on the transit node in a traffic classifier.

The undo if-match mpls transit command deletes a matching rule based on inner information of MPLS packets on the transit node in a traffic classifier.

By default, a matching rule based on inner information in MPLS packets on the transit node is not configured in a traffic classifier.

NOTE:

Only the CE6870EI supports this command.

Format

if-match mpls transit { packet-format ip | packet-format mac tag-format none} { inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] } *

if-match mpls transit packet-format mac tag-format single { inner-vlan inner-vlan-id | inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] } *

undo if-match mpls transit { packet-format ip | packet-format mac tag-format none } [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

undo if-match mpls transit packet-format mac tag-format single [ inner-vlan inner-vlan-id | inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-protocol protocol-number | inner-source-port source-port-number | inner-destination-port destination-port-number | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

Parameters

Parameter

Description

Value

packet-format ip

Indicates that inner information of MPLS packets is matched in the format of IP packets.

-

packet-format mac

Indicates that inner information of MPLS packets is matched in the format of Ethernet packets.

-

tag-format none

Indicates that MPLS packets with no inner tags are matched.

-

tag-format single

Indicates that MPLS packets with one inner tag are matched.

-

inner-vlan inner-vlan-id

Indicates that the inner VLAN ID in MPLS packets is matched.

inner-vlan-id is an integer that ranges from 1 to 4094. The VLAN cannot be the reserved VLAN configured by the vlan reserved command.

inner-source-ip source-ip-address

Specifies the inner source IP address of MPLS packets.

The value is in dotted decimal notation.

inner-destination-ip destination-ip-address

Specifies the inner destination IP address of MPLS packets.

The value is in dotted decimal notation.

mask ip-address-mask

Specifies the mask length of an IP address.

The value is an integer that ranges from 0 to 32.

inner-protocol protocol-number

Specifies the inner protocol number of MPLS packets.

The value is an integer that ranges from 0 to 255.

inner-source-port source-port-number

Specifies the inner source port number of MPLS packets.

The value is an integer that ranges from 0 to 65535.

inner-destination-port destination-port-number

Specifies the inner destination port number of MPLS packets.

The value is an integer that ranges from 0 to 65535.

inner-ip-identification inner-ip-identification-id

Specifies the inner IP identifier of MPLS packets.

The value is an integer that ranges from 0 to 65535.

mask inner-ip-identification-mask

Specifies the mask length of the IP identifier.

The value ranges from 0x0000 to 0xFFFF in hexadecimal notation, and starts with 0x.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match mpls transit command to classify MPLS packets based on inner information of MPLS packets on the transit device so that the device processes packets matching the same traffic classifier in the same manner and provides fine-granular services.

Precautions

  • A traffic policy containing this matching rule takes effect only on the transit device of the MPLS tunnel.

Example

# Configure a matching rule based on the inner source IP address of 192.168.1.1/24 in MPLS packets in the format of IP packets on the transit device in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match mpls transit packet-format ip inner-source-ip 192.168.1.1 mask 24
Related Topics

if-match nexthop

Function

The if-match nexthop command configures a matching rule based on the next hop IP address and outbound interface in a traffic classifier.

The undo if-match nexthop command deletes a matching rule based on the next hop IP address and outbound interface in a traffic classifier.

By default, a matching rule based on the next hop IP address and outbound interface is not configured in a traffic classifier.

Format

if-match nexthop ip-address interface interface-type interface-number

undo if-match nexthop ip-address interface interface-type interface-number

Parameters

Parameter

Description

Value

ip-address

Specifies the next hop IP address.

The value is in dotted decimal notation.

interface interface-type interface-number

Specifies the outbound interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

The outbound interface must be a Layer 3 Ethernet interface or VLANIF interface.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match nexthop command to classify packets based on the next hop IP address and outbound interface so that the device processes packets with the same next hop IP address and outbound interface in the same manner.

Precautions

  • The outbound interface must be a Layer 3 Ethernet interface or VLANIF interface.
  • If the destination IP address of packets and the matched next hop IP address are on the same network segment, the traffic policy does not take effect.

Example

# Configure a matching rule based on the next hop IP address of 192.168.1.1 and outbound interface of VLANIF 100 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match nexthop 192.168.1.1 interface vlanif 100
Related Topics

if-match outbound-interface

Function

The if-match outbound-interface command configures a matching rule based on an outbound interface in a traffic classifier.

The undo if-match outbound-interface command deletes a matching rule based on an outbound interface in a traffic classifier.

By default, a matching rule based on an outbound interface is not configured in a traffic classifier.

Format

if-match outbound-interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

undo if-match outbound-interface

Parameters

Parameter

Description

Value

interface-type interface-number1 [ to interface-type interface-number2 ]
Specifies the outbound interface.
  • interface-type specifies the interface type.
  • interface-number1 specifies the number of the first interface.
  • interface-number2 specifies the number of the last interface. interface-number2 and interface-number1 identify a range of interfaces. If interface-number1 and interface-number2 are specified, multiple inbound interfaces can be matched.

If to interface-type interface-number2 is not specified, only the interface specified by interface-number1 is matched. A maximum of eight interfaces can be specified.

The interfaces specified by this command must be installed in the same slot and of the same type. For split interfaces, the interfaces must be split from the same interface.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match outbound-interface command to classify packets based on an outbound interface so that the device processes packets matching the same traffic classifier in the same manner.

If multiple outbound interfaces are matched, packets on these interfaces can be processed in the same manner. If CAR is performed for multiple outbound interfaces, these interfaces share the bandwidth by aggregated CAR.

Precautions

  • A traffic policy containing this matching rule cannot be applied to the outbound direction of an interface.
  • This command can only specify physical interfaces of the same type in the same slot at a time. If the command specifies split interfaces, these interfaces must be split from the same interface.
  • The matched interface cannot be a stack member or an Eth-Trunk member interface.
  • A traffic classifier cannot match the inbound and outbound interfaces simultaneously.
  • If you run the if-match outbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.
  • A traffic policy containing this matching rule takes effect only for known unicast packets forwarded at Layer 2 on the CE6870EI.
  • A traffic policy containing this matching rule takes effect only for known unicast packets forwarded on the switches excluding the CE6870EI.
  • In SVF centralized forwarding mode, a traffic policy containing if-match outbound-interface cannot be applied to a leaf switch in the inbound direction.

    In SVF hybrid forwarding mode, if a traffic policy containing if-match outbound-interface is applied to a leaf switch in the inbound direction, the traffic policy is valid only for locally forwarded traffic (that is, inbound and outbound interfaces of the traffic are located on the same leaf switch).

Example

# Configure a matching rule based on the outbound interface of 10GE1/0/1 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match outbound-interface 10ge 1/0/1
Related Topics

if-match qos-local-id

Function

The if-match qos-local-id command configures a matching rule based on the local ID in a traffic classifier.

The undo if-match qos-local-id command deletes a matching rule based on the local ID in a traffic classifier.

By default, no matching rule based on the local ID is configured in a traffic classifier.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

if-match qos-local-id qos-local-id

undo if-match qos-local-id [ qos-local-id ]

Parameters

Parameter

Description

Value

qos-local-id

Specifies the value of a local ID.

The value is an integer that ranges from 1 to 511.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On the device that encapsulates VXLAN packets, the outbound interface of packets cannot match original packets before VXLAN encapsulation. You can use the local ID so that original packets can be matched on the device that encapsulates VXLAN packets in cascading mode.
  1. On the inbound interface, apply the traffic policy that defines remark qos-local-id to change the local ID of original packets.
  2. On the outbound interface, apply the traffic policy that defines if-match qos-local-id. Then the device provides QoS services for original packets based on the re-marked local ID.

Precautions

  • A traffic policy containing this matching rule cannot be applied to the inbound direction.
  • If you run the if-match qos-local-id command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the local ID of 1 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match qos-local-id 1
Related Topics

if-match source-mac

Function

The if-match source-mac command configures a matching rule based on the source MAC address in a traffic classifier.

The undo if-match source-mac command deletes a matching rule based on the source MAC address in a traffic classifier.

By default, a matching rule based on the source MAC address is not configured in a traffic classifier.

Format

if-match source-mac mac-address [ mac-address-mask ]

undo if-match source-mac

Parameters

Parameter

Description

Value

mac-address

Specifies the source MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

mac-address-mask

Specifies the mask of the source MAC address.

Similar to the mask of the IP address, the mask of the MAC address determines a group of MAC addresses. The device can accurately match certain bits in the source MAC address using the mask of the MAC address. In practice, you can set these bits to F in the mask of the source MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match source-mac command to classify packets based on the source MAC address so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

If you run the if-match source-mac command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the source MAC address of 0050-ba27-bed2 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match source-mac 0050-ba27-bed2

# Configure a matching rule based on the source MAC address of XX50-bXX7-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match source-mac 0050-ba27-bed3 00ff-f00f-ffff

if-match tcp-flag

Function

The if-match tcp-flag command configures a matching rule based on the TCP Flag in the TCP packet header in a traffic classifier.

The undo if-match tcp-flag command deletes a matching rule based on the TCP Flag in the TCP packet header in a traffic classifier.

By default, a matching rule based on the TCP Flag in the TCP packet header is not configured in a traffic classifier.

Format

if-match tcp-flag { tcp-flag-value | { ack | fin | psh | rst | syn | urg }* }

undo if-match tcp-flag

Parameters

Parameter

Description

Value

tcp-flag-value

Specifies the TCP Flag in the TCP packet header.

The value is an integer that ranges from 0 to 63.

ack

Indicates that the TCP Flag type in the TCP packet header is ACK.

-

fin

Indicates that the TCP Flag type in the TCP packet header is FIN.

-

psh

Indicates that the TCP Flag type in the TCP packet header is PSH.

-

rst

Indicates that the TCP Flag type in the TCP packet header is RST.

-

syn

Indicates that the TCP Flag type in the TCP packet header is SYN.

-

urg

Indicates that the TCP Flag type in the TCP packet header is URG.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match tcp-flag command to classify packets based on the TCP Flag in the TCP packet header so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • A traffic policy that contains if-match tcp-flag and is applied to the VLAN view takes effect only for IPv4 packets.
  • If you run the if-match tcp-flag command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the TCP Flag of psh in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match tcp-flag psh
Related Topics

if-match trill acl

Function

The if-match trill acl command configures a matching rule based on the ACL to match inner information in TRILL packets in a traffic classifier.

The undo if-match trill acl command deletes a matching rule based on the ACL to match inner information in TRILL packets in a traffic classifier.

By default, a matching rule based on the ACL to match inner information in TRILL packets is not configured in a traffic classifier.

NOTE:

The CE6880EI, CE6810LI and CE5810EI do not support this command.

Format

if-match trill acl { acl-number | acl-name }

undo if-match trill acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

acl-number

Specifies the number of an ACL.

The value is an integer.
  • ACLs 2000 to 2999 are basic ACLs and can be used by all traffic classifiers.
  • ACLs 3000 to 3999 are advanced ACLs and can be used by only the traffic classifiers based on Layer 3 information of packets.
  • ACLs 4000 to 4999 are Layer 2 ACLs that can define rules based on source and destination MAC addresses and packet type.
acl-name

Specifies an ACL name.

The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can reference a defined ACL in a traffic classifier to classify packets based on inner information in TRILL packets. You must first define an ACL and configure a rule in the ACL. Then run the if-match trill acl command to configure a matching rule based on the ACL to match inner information in TRILL packets in a traffic classifier so that the device processes packets matching the same rule in the same manner.

Prerequisites

Create an ACL and configure a rule.

Precautions

  • A traffic policy containing this matching rule takes effect only on the device at the TRILL tunnel egress.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • On switches excluding the CE6870EI, if a rule contains too much inner information in TRILL packets and a traffic policy containing this rule is applied to the TRILL gateway or DHCP-enabled TRILL device, the traffic policy may fail to be delivered.
  • If a traffic classifier contains this matching rule, only packet filtering and traffic statistics collection can be configured in the traffic behavior.
  • Before defining a matching rule for traffic classification based on an ACL, create the ACL. The ACL can only match the source MAC address, destination MAC address, source IP address, destination IP address, source port number, destination port number, protocol type, and VLAN ID.
  • If an ACL contains multiple rules, a packet that matches one ACL rule matches the ACL, regardless of whether the relationship between rules in a traffic classifier is AND or OR.

Example

# Define a matching rule based on ACL 2046 to match inner information in TRILL packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] acl 2046
[*HUAWEI-acl4-basic-2046] rule permit source any
[*HUAWEI-acl4-basic-2046] quit
[*HUAWEI] traffic classifier c1 
[*HUAWEI-classifier-c1] if-match trill acl 2046

if-match unicast

Function

The if-match unicast command configures a matching rule for Layer 2 known unicast packets in a traffic classifier.

The undo if-match unicast command deletes a matching rule for Layer 2 known unicast packets in a traffic classifier.

By default, a matching rule for Layer 2 known unicast packets is not configured in a traffic classifier.

Format

if-match unicast

undo if-match unicast

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match unicast command to configure a matching rule for Layer 2 known unicast packets so that the device processes Layer 2 known unicast packets matching the same traffic classifier in the same manner.

Precautions

A traffic policy containing this matching rule cannot be applied to the outbound direction.

Example

# Configure a matching rule for Layer 2 known unicast packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match unicast

if-match unknown-unicast

Function

The if-match unknown-unicast command configures a matching rule for Layer 2 unknown unicast packets in a traffic classifier.

The undo if-match unknown-unicast command deletes a matching rule for Layer 2 unknown unicast packets in a traffic classifier.

By default, a matching rule for Layer 2 unknown unicast packets is not configured in a traffic classifier.

Format

if-match unknown-unicast

undo if-match unknown-unicast

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match unknown-unicast command to configure a matching rule for Layer 2 unknown unicast packets so that the device processes Layer 2 unknown unicast packets matching the same traffic classifier in the same manner.

Example

# Configure a matching rule for Layer 2 unknown unicast packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match unknown-unicast

if-match vlan

Function

The if-match vlan command configures a matching rule based on the VLAN ID of packets in a traffic classifier.

The undo if-match vlan command deletes a matching rule based on the VLAN ID of packets in a traffic classifier.

By default, a matching rule based on the VLAN ID of packets is not configured in a traffic classifier.

Format

if-match vlan vlan-id [ inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ] ]

undo if-match vlan vlan-id [ inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ] ]

if-match vlan start-vlan-id [ to end-vlan-id ] [ inner-vlan inner-vlan-id ]

undo if-match vlan start-vlan-id [ to end-vlan-id ] [ inner-vlan inner-vlan-id ]

Parameters

Parameter

Description

Value

start-vlan-id [ to end-vlan-id ]

Specifies the outer VLAN ID.

NOTE:

The CE6870EI does not support this parameter.

  • start-vlan-id specifies the start outer VLAN ID. The value of start-vlan-id is an integer that ranges from 1 to 4094.

  • end-vlan-id specifies the end outer VLAN ID. The value of end-vlan-id is an integer that ranges from 1 to 4094.

end-vlan-id must be larger than start-vlan-id. If to end-vlan-id is not specified, only the VLAN ID specified by start-vlan-id is matched.

inner-vlan inner-vlan-id

Specifies the inner VLAN ID.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

vlan vlan-id

Specifies the outer VLAN ID.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

inner-vlan start-inner-vlan-id [ to end-inner-vlan-id ]

Specifies the VLAN ID in the inner tag of a QinQ packet.

  • The value of start-inner-vlan-id is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.
  • The value of end-inner-vlan-id is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

The value of end-inner-vlan-id must be larger than the value of start-inner-vlan-id.

If to end-inner-vlan-id is not specified, only the VLAN ID specified by start-inner-vlan-id is matched.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match vlan command to classify packets based on the VLAN ID so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

For the CE6870EI:

  • A traffic policy containing an inner VLAN ID matching rule cannot be applied to the outbound direction.
  • Only one outer VLAN ID can be matched at a time and the outer VLAN ID must have been created. If the outer VLAN ID does not exist, the matching traffic policy fails to be applied.
  • This command matches the single tag or inner and outer tags of packets. When a packet enters the dot1q-tunnel interface, the system adds a tag to the packet. If the original packet has only one tag, the inner tag cannot be matched. If the packet has double tags, the original inner and outer tags are matched.

Example

# Configure a matching rule based on VLAN 2 in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1] if-match vlan 2
Related Topics

if-match vxlan

Function

The if-match vxlan command configures a matching rule based on inner information in VXLAN packets in a traffic classifier.

The undo if-match vxlan command deletes a matching rule based on inner information in VXLAN packets in a traffic classifier.

By default, a matching rule based on inner information in VXLAN packets is not configured in a traffic classifier.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

Format

if-match vxlan [ transit ] [ vni vni-id ] [ tag-format { none | single } { inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-source-mac source-mac-address [ mask mac-address-mask ] | inner-protocol { protocol1 | protocol2 [ inner-tcp-flag established ] } | inner-source-port { source-port-number | range port-start port-end } | inner-destination-port { destination-port-number | range port-start port-end } | inner-ethertype { ethernet-type-hex | ip | arp | rarp | mpls } | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] } * ]

if-match vxlan [ transit ] [ vni vni-id ] [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-source-mac source-mac-address [ mask mac-address-mask ] | inner-protocol { protocol1 | protocol2 [ inner-tcp-flag established ] } | inner-source-port { source-port-number | range port-start port-end } | inner-destination-port { destination-port-number | range port-start port-end } | inner-ethertype { ethernet-type-hex | ip | arp | rarp | mpls } | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

undo if-match vxlan [ transit ] [ vni vni-id ] [ tag-format { none | single } { inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-source-mac source-mac-address [ mask mac-address-mask ] | inner-protocol { protocol1 | protocol2 [ inner-tcp-flag established ] } | inner-source-port { source-port-number | range port-start port-end } | inner-destination-port { destination-port-number | range port-start port-end } | inner-ethertype { ethernet-type-hex | ip | arp | rarp | mpls } | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] } * ]

undo if-match vxlan [ transit ] [ vni vni-id ] [ inner-source-ip source-ip-address [ mask ip-address-mask ] | inner-destination-ip destination-ip-address [ mask ip-address-mask ] | inner-source-mac source-mac-address [ mask mac-address-mask ] | inner-protocol { protocol1 | protocol2 [ inner-tcp-flag established ] } | inner-source-port { source-port-number | range port-start port-end } | inner-destination-port { destination-port-number | range port-start port-end } | inner-ethertype { ethernet-type-hex | ip | arp | rarp | mpls } | inner-ip-identification inner-ip-identification-id [ mask inner-ip-identification-mask ] ] *

Parameters

Parameter

Description

Value

transit

Indicates that VXLAN packets of a transmission device are matched.

When transit is not specified, the traffic policy containing this matching rule takes effect on only the device at the VXLAN tunnel egress.

-

vni vni-id

Specifies VNI ID of VXLAN packets.

The value is an integer ranging from 1 to 16000000.

tag-format { none | single }

Indicates whether tagged VXLAN packets are matched.
  • none: Untagged VXLAN packets are matched.
  • single: Single-tagged VXLAN packets are matched.

-

inner-source-ip source-ip-address

Specifies the inner source IP address of VXLAN packets.

The value is in dotted decimal notation.

inner-destination-ip destination-ip-address

Specifies the inner destination IP address of VXLAN packets.

The value is in dotted decimal notation.

mask ip-address-mask

Specifies the mask length of an IP address.

The value is an integer that ranges from 0 to 32.

inner-source-mac source-mac-address

Specifies the inner source MAC address of VXLAN packets.

The value is in H-H-H format. An H is a hexadecimal string of one to four characters.

mask mac-address-mask

Specifies the mask of the source MAC address.

The mask of a MAC address is similar to the mask of an IP address. The value 1 indicates that the bit is matched, and the value 0 indicates that the bit is not matched. The mask determines a group of MAC addresses. You can use the mask of a MAC address to configure the device to accurately match several bits in the MAC address, and set these bits to 1s.

The value is in H-H-H format. An H is a hexadecimal string of one to four characters.

inner-protocol { protocol1 | protocol2 [ inner-tcp-flag established ] }

Specifies the inner protocol number of VXLAN packets.

The value is an integer. protocol1 ranges from 0 to 5 or 7 to 255.protocol2 is 6.

inner-source-port { source-port-number | range port-start port-end }

Specifies the inner source port number of VXLAN packets.

range port-start port-end: source port number range. port-start specifies the start port number. port-end specifies the end port number.

The value is an integer that ranges from 0 to 65535.

inner-destination-port { destination-port-number | range port-start port-end }

Specifies the inner destination port number of VXLAN packets.

range port-start port-end: destination port number range. port-start specifies the start port number. port-end specifies the end port number.

The value is an integer that ranges from 0 to 65535.

inner-ethertype { ethernet-type-hex | ip | arp | rarp | mpls }

Specifies the inner Ethernet frame type of VXLAN packets.
  • ethernet-type-hex: indicates the inner Ethernet frame type.
  • ip: indicates that IP packets are encapsulated in Ethernet frames.
  • arp: indicates that ARP packets are encapsulated in Ethernet frames.
  • rarp: indicates that RARP packets are encapsulated in Ethernet frames.
  • mpls: indicates that MPLS packets are encapsulated in Ethernet frames.
The value of ethernet-type-hex is in hexadecimal notation. The value must start with 0x, and the value ranges from 0x0000 to 0xFFFF.
  • The value 0x0800 corresponds to ip.
  • The value 0x0806 corresponds to arp.
  • The value 0x8035 corresponds to rarp.
  • The value 0x8847 corresponds to mpls.

inner-ip-identification inner-ip-identification-id

NOTE:

The CE6880EI does not support this parameter.

Specifies the inner IP identifier in VXLAN packets.

The value is an integer that ranges from 0 to 65535.

mask inner-ip-identification-mask

Specifies the mask length of the inner IP identifier in VXLAN packets.

The value ranges from 0x000000 to 0xFFFFFF in hexadecimal notation, and starts with 0x.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

VXLAN is network virtualization technology of MAC in UDP, and adds a UDP header and a VXLAN header to Ethernet frames.

You can run the if-match vxlan command to classify VXLAN packets based on inner information so that the device processes packets matching the same traffic classifier in the same manner and provides fine-granular services.

Precautions

  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If no parameter is entered, VXLAN packets with outer IPv4 information are matched.
  • If an ACL contains multiple rules, a packet that matches one ACL rule matches the ACL, regardless of whether the relationship between rules in a traffic classifier is AND or OR.
  • If a traffic classifier contains this matching rule, only flow mirroring, traffic policing, redirection, packet filtering, PBR, and traffic statistics collection can be configured in the traffic behavior.

    At the VXLAN tunnel egress, only the CE6855HI, CE6856HIand CE7855EI support traffic redirection to an interface.

Example

# Configure a matching rule based on the inner source IP address 192.168.1.1/24 in VXLAN packets in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match vxlan inner-source-ip 192.168.1.1 mask 24
Related Topics

if-match vxlan acl

Function

The if-match vxlan acl command creates a matching rule based on inner information in VXLAN packets in an ACL on the IPv4 over IPv4 VXLAN network.

The undo if-match vxlan acl command deletes a matching rule based on an ACL that defines inner information in VXLAN packets on the IPv4 over IPv4 VXLAN network.

By default, a matching rule based on inner information in VXLAN packets in an ACL is not configured on the IPv4 over IPv4 VXLAN network.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

Format

if-match vxlan [ transit ] [ tag-format { none | single } ] acl { acl-number | acl-name }

undo if-match vxlan [ transit ] [ tag-format { none | single } ] acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

transit

Indicates that VXLAN packets of a transmission device are matched.

When transit is not specified, the traffic policy containing this matching rule takes effect on only the device at the VXLAN tunnel egress.

-

tag-format { none | single }

Indicates whether tagged VXLAN packets are matched.
  • none: Untagged VXLAN packets are matched.
  • single: Single-tagged VXLAN packets are matched.

-

acl-number

Specifies the number of an ACL.

The value is an integer.
  • ACLs 2000 to 2999 are basic ACLs and can be used by all traffic classifiers.
  • ACLs 3000 to 3999 are advanced ACLs and can be used by only the traffic classifiers based on Layer 3 information of packets.
  • ACLs 4000 to 4999 are Layer 2 ACLs that can define rules based on source and destination MAC addresses and packet type.
acl-name

Specifies an ACL name.

The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The if-match vxlan acl command creates a matching rule based on inner information in VXLAN packets in an ACL on the IPv4 over IPv4 VXLAN network. You must first define an ACL and configure rules in the ACL, and then run the if-match vxlan acl command to configure a matching rule based on the ACL. This ensures that the device processes packets matching the same rule identically.

Prerequisites

Create an ACL and configure a rule.

Precautions

  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If a traffic classifier contains this matching rule, only flow mirroring, traffic policing, redirection, packet filtering, PBR, and traffic statistics collection can be configured in the traffic behavior.

    At the VXLAN tunnel egress, only the CE6855HI, CE6856HIand CE7855EI support traffic redirection to an interface.

  • If an ACL contains multiple rules, a packet that matches one ACL rule matches the ACL, regardless of whether the relationship between rules in a traffic classifier is AND or OR.
  • To define a matching rule for traffic classification based on an ACL, you must create the ACL first. The ACL can only match the source MAC address, source IP address, destination IP address, source port number, destination port number, protocol type, and TCP flag.

Example

# In the traffic classifier c1, create a matching rule based on inner information in VXLAN packets in ACL 2046 on the IPv4 over IPv4 VXLAN network.

<HUAWEI> system-view
[~HUAWEI] acl 2046
[*HUAWEI-acl4-basic-2046] rule permit source any
[*HUAWEI-acl4-basic-2046] quit
[*HUAWEI] traffic classifier c1 
[*HUAWEI-classifier-c1] if-match vxlan acl 2046

if-match vxlan outer acl

Function

The if-match vxlan outer acl command configures a matching rule based on the ACL to match outer information in VXLAN packets in a traffic classifier.

The undo if-match vxlan outer acl command deletes a matching rule based on the ACL to match outer information in VXLAN packets in a traffic classifier.

By default, a matching rule based on the ACL to match outer information in VXLAN packets is not configured in a traffic classifier.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

if-match vxlan outer acl { acl-number | acl-name }

undo if-match vxlan outer acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

acl-number

Specifies the number of an ACL.

The value is an integer.
  • ACLs 2000 to 2999 are basic ACLs and can be used by all traffic classifiers.
  • ACLs 3000 to 3999 are advanced ACLs and can be used by only the traffic classifiers based on Layer 3 information of packets.
acl-name

Specifies an ACL name.

The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can reference a defined ACL in a traffic classifier to classify packets based on outer information in VXLAN packets. You must first define an ACL and configure a rule in the ACL. Then run the if-match vxlan outer acl command to configure a matching rule based on outer information in VXLAN packets in a traffic classifier so that the device processes packets matching the same rule in the same manner.

Prerequisites

An ACL has been created and rules have been configured.

Precautions

  • A traffic policy containing this matching rule takes effect only on the device at the VXLAN tunnel egress.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If a traffic classifier contains this matching rule, only flow mirroring, traffic policing, redirection, packet filtering, PBR, and traffic statistics collection can be configured in the traffic behavior. Only the CE6855HI, CE6856HIand CE7855EI support traffic redirection to ports.
  • Before defining a matching rule for traffic classification based on an ACL, create the ACL. The ACL can only match the source IP address, destination IP address, protocol type, source port number, and destination port number.
  • If an ACL contains multiple rules, a packet that matches one ACL rule matches the ACL, regardless of whether the relationship between rules in a traffic classifier is AND or OR.

Example

# Define a matching rule based on ACL 2046 to match outer information in VXLAN packets in the traffic classifier c1.

<HUAWEI> system-view
[~HUAWEI] acl 2046
[*HUAWEI-acl4-basic-2046] rule permit source any
[*HUAWEI-acl4-basic-2046] quit
[*HUAWEI] traffic classifier c1 
[*HUAWEI-classifier-c1] if-match vxlan acl 2046

if-match vxlan reserved-value

Function

The if-match vxlan reserved-value command configures a matching rule based on the VXLAN reserved field in a traffic classifier.

The undo if-match vxlan reserved-value command deletes a matching rule based on the VXLAN reserved field in a traffic classifier.

By default, no matching rule based on the VXLAN reserved field is configured in a traffic classifier.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE6880EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

if-match vxlan reserved-value reserved-value

undo if-match vxlan reserved-value [ reserved-value ]

Parameters

Parameter

Description

Value

reserved-value

Specifies the value of the VXLAN reserved field.

The value ranges from 0x000000 to 0xFFFFFF in hexadecimal notation, and starts with 0x.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match vxlan reserved-value command to classify packets based on the VXLAN reserved field so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • A traffic policy containing this matching rule takes effect only on the device at the VXLAN tunnel egress.
  • A traffic policy containing this matching rule cannot be applied to the outbound direction.
  • If a traffic classifier contains this matching rule, only packet filtering, traffic statistics collection, redirection, and PBR can be configured in the traffic behavior.

Example

# Configure a matching rule based on the VXLAN reserved field of 0x8847 in the traffic classifier class1.

<HUAWEI> system-view
[~HUAWEI] traffic classifier class1
[*HUAWEI-classifier-class1] if-match vxlan reserved-value 0x8847
Related Topics

qos group

Function

The qos group command creates a QoS group and displays its view, or directly displays the view of an existing QoS group.

The undo qos group command deletes a QoS group.

By default, no QoS group is configured.

Format

qos group group-name

undo qos group group-name

Parameters

Parameter

Description

Value

group-name

Specifies the name of a QoS group.

The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the same traffic policy or ACL-based simplified traffic policy needs to be applied to multiple VLANs or interfaces or multiple traffic classifiers based on source IP addresses need to be bound to the same traffic policy or ACL-based simplified traffic policy, many ACL resources are consumed. You can add the VLANs, source IP addresses, or interfaces to the same QoS group. In this case, only one ACL resource is consumed, so ACL resources of the device are saved.

Follow-up Procedure

Run the group-member interface (QoS group view), group-member ip (QoS group view), and group-member vlan (QoS group view) commands to add interfaces, source IP addresses, and VLANs to the QoS group, respectively.

Precautions

  • A QoS group can contain only members of the same type, for example, members of interface or VLAN type
  • For the CE6870EI:
    • The VLAN and VLANIF interface corresponding to the same ID cannot be added to different QoS groups
    • The maximum sum of QoS groups is 64.
    • The maximum number of QoS groups with members of physical interfaces and Eth-Trunks is 15.
    • The maximum number of QoS groups with members of VLANs and VLANIF interfaces is 15.
  • For the CE6880EI:
    • When a traffic policy is applied to an interface or a VLAN on the device, the traffic policy cannot be applied to the QoS group to which the interface or VLAN is added. Similarly, when a traffic policy is applied to a QoS group, the traffic policy cannot be applied to interfaces or VLANs of the QoS group.
    • The maximum sum of QoS groups is 128.
    • The maximum number of QoS groups with members of source IP addresses is 63.
  • For models excluding the CE6870EI and CE6880EI:
    • The maximum sum of QoS groups is 128.
    • The maximum number of QoS groups with members of source IP addresses is 63.

Example

# Create a QoS group named qosgroup1 and enter the view of the QoS group qosgroup1.

<HUAWEI> system-view
[~HUAWEI] qos group qosgroup1
[*HUAWEI-qos-group-qosgroup1]

qos port-group

Function

The qos port-group command creates a QoS interface group and displays its view, or directly displays the view of an existing QoS interface group.

The undo qos port-group command deletes a QoS interface group.

By default, no QoS interface group is configured.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this command.

Format

qos port-group group-id

undo qos port-group group-id

Parameters

Parameter

Description

Value

group-id

Specifies the ID of a QoS interface group.

The value is an integer that ranges from 1 to 128.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A QoS interface group contains one or more interfaces, which facilitates batch QoS configurations.

Prerequisites

The device must support VXLAN.

Follow-up Procedure

Run the group-member command to add interfaces to the QoS interface group.

Precautions

The system supports a maximum of 128 QoS interface groups, and each QoS interface group supports a maximum of 64 interfaces.

Example

# Create QoS interface group 1 and enter the view of QoS interface group 1.

<HUAWEI> system-view
[~HUAWEI] qos port-group 1
[*HUAWEI-qos-port-group-1]

remark 8021p

Function

The remark 8021p command configures an action of re-marking the 802.1p priority in VLAN packets in a traffic behavior.

The undo remark 8021p command deletes the configuration.

By default, an action of re-marking the 802.1p priority in VLAN packets is not configured in a traffic behavior.

Format

For CE switches excluding CE6870EI and CE6880EI switches:

remark 8021p { 8021p-value | inner-8021p }

undo remark 8021p [ 8021p-value | inner-8021p ]

For CE6870EI and CE6880EI switches:

remark 8021p 8021p-value

undo remark 8021p [ 8021p-value ]

Parameters

Parameter

Description

Value

8021p-value

Specifies the 802.1p priority in VLAN packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority in VLAN packets.

inner-8021p

Inherits the 802.1p priority in the inner tag.

-

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To provide differentiated services based on the inner 802.1p priority in VLAN packets, run the remark 8021p command to configure the device to re-mark the inner 802.1p priority in VLAN packets in a traffic behavior.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing 802.1p priority re-marking.

Precautions

  • If you run the remark 8021p command in the same traffic behavior view multiple times, only the latest configuration takes effect.
  • For CE6870EI and CE6880EI, the remark 8021p can change only the 802.1p priority of packets but not queues where packets are scheduled. To change the queues where packets are scheduled, run the remark local-precedence command.

    For switches excluding CE6870EI and CE6880EI, the remark 8021p command can change queues where packets are scheduled.

  • For CE6870EI switches, the traffic policy containing remark 8021p cannot be used in the outbound direction.
  • For CE6870EI switches, the remark 8021p command is only valid for Layer 2 packets.
  • For CE6870EI switches, the remark 8021p command is valid for Layer 2 multicast packets forwarded based on MAC addresses, and is invalid for Layer 2 multicast packets forwarded based on IP addresses and Layer 3 multicast packets.
  • For CE switches excluding CE6870EI, when the parameter remark 8021p inner-8021p is specified to configure packets to inherit the inner 802.1p priority, the inherited 802.1p priority has a fixed value of 0 if the packets carry single-layer VLAN tags.

  • For CE6870EI, remark dscp and remark 8021p cannot be configured in a traffic policy simultaneously.

  • remark dscp and remark 8021p can be configured in a traffic policy and take effect simultaneously except the CE6870EI.

  • For CE6870EI, the remark 8021p command cannot be executed together with the undo qos phb marking 8021p disable command.
  • For devices excluding the CE6870EI, when the remark 8021p command and the undo qos phb marking 8021p disable command are configured simultaneously, the remark 8021p command takes effect.
  • On the CE6870EI and CE6875EI, the remark 8021p command configured on Layer 2 sub-interfaces is invalid.

Example

# Re-mark 802.1p priorities of VLAN packets with 4 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark 8021p 4

remark dscp

Function

The remark dscp command configures an action of re-marking the DSCP priority in IP packets in a traffic behavior.

The undo remark dscp command deletes the configuration.

By default, an action of re-marking the DSCP priority in IP packets is not configured in a traffic behavior.

Format

remark dscp { dscp-name | dscp-value }

undo remark dscp [ dscp-name | dscp-value ]

Parameters

Parameter

Description

Value

dscp-name

Specifies the DSCP priority name in IP packets.

The value can be ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or default.

dscp-value

Specifies the DSCP priority in IP packets.

The value is an integer that ranges from 0 to 63. A larger value indicates a higher priority.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To provide differentiated services based on the DSCP priority, run the remark dscp command to configure the device to re-mark the DSCP priority in IP packets in a traffic behavior.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing DSCP priority re-marking.

Precautions

  • For CE6870EI switches, the traffic policy containing remark dscp cannot be used in the outbound direction.
  • For CE6870EI switches, the remark dscp command is only valid for Layer 3 packets.
  • For CE6870EI switches, the remark dscp command is invalid for Layer 2 multicast packets. The remark dscp command is invalid for Layer 3 multicast packets only when the source and destination addresses in the packets belong to the same VLAN.
  • For CE6870EI, remark dscp and remark 8021p cannot be configured in a traffic policy simultaneously.

  • remark dscp and remark 8021p can be configured in a traffic policy and take effect simultaneously except the CE6870EI.

  • If you run the remark dscp command in the same traffic behavior view multiple times, only the latest configuration takes effect.
  • The remark dscp command can only change DSCP priority of packets but not queues where packets are scheduled. To change the queues where packets are scheduled, run the remark local-precedence command.
  • When functioning as a device to terminate a VXLAN tunnel, only the CE6855HI, CE6856HI, and CE7855EI can re-mark the DSCP priority in IP packets.
  • For CE6870EI, the remark dscp command cannot be executed together with the qos phb marking dscp enable command.
  • For devices excluding the CE6870EI, when the remark dscp command and the qos phb marking dscp enable command are configured simultaneously, the remark dscp command takes effect.

Example

# Re-mark the DSCP priority in IP packets with 56 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark dscp 56
Related Topics

remark local-precedence

Function

The remark local-precedence command configures an action of re-marking the internal priority in packets in a traffic behavior.

The undo remark local-precedence command deletes the configuration.

By default, an action of re-marking the internal priority in packets is not configured in a traffic behavior.

Format

remark local-precedence { local-precedence-name | local-precedence-value } [ green | yellow | red ]

undo remark local-precedence [ { local-precedence-name | local-precedence-value } [ green | yellow | red ] ]

Parameters

Parameter

Description

Value

local-precedence-name

Specifies the internal priority name.

The value can be af1, af2, af3, af4, be, cs6, cs7, or ef.

local-precedence-value

Specifies the internal priority value.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.

green

Indicates that the green color corresponds to an internal priority.

-

yellow

Indicates that the yellow color corresponds to an internal priority.

-

red

Indicates that the red color corresponds to an internal priority.

-

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To provide differentiated services based on the internal priority of packets, run the remark local-precedence command to configure the device to re-mark the internal priority of packets so that the device can provide QoS based on the re-marked priority.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing internal priority re-marking.

Precautions

Re-marking the internal priority only affects QoS processing of packets on the device.

When you run the remark local-precedence command in the same traffic behavior view, the following situations may occur:
  • If the command is used to repeatedly re-mark the internal priority and packet color matching the internal priority, the latest configuration takes effect.
  • If the command is used to repeatedly re-mark the internal priority, the latest re-marked internal priority and the original packet color matching the internal priority take effect.

Example

# Re-mark the internal priority of packets with 2 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark local-precedence 2
Related Topics

remark qos-local-id

Function

The remark qos-local-id command configures an action of re-marking the local ID in a traffic behavior.

The undo remark qos-local-id command deletes the configuration.

By default, an action of re-marking the local ID is not configured in a traffic behavior.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI switches support this command.

Format

remark qos-local-id qos-local-id

undo remark qos-local-id [ qos-local-id ]

Parameters

Parameter

Description

Value

qos-local-id

Specifies the value of a local ID.

The value is an integer that ranges from 1 to 511.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On the device that encapsulates VXLAN packets, the outbound interface of packets cannot match original packets before VXLAN encapsulation. You can use the local ID so that original packets can be matched on the device that encapsulates VXLAN packets in cascading mode.
  1. On the inbound interface, apply the traffic policy that defines remark qos-local-id to change the local ID of original packets.
  2. On the outbound interface, apply the traffic policy that defines if-match qos-local-id. Then the device provides QoS services for original packets based on the re-marked local ID.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing local ID re-marking.

Precautions

If you run the remark qos-local-id command in the same traffic behavior view multiple times, only the latest configuration takes effect.

Example

# Re-mark the local ID of packets with 1 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark qos-local-id 1
Related Topics

remark vxlan reserved-value

Function

The remark vxlan reserved-value command configures an action of re-marking the VXLAN reserved field in a traffic behavior.

The undo remark vxlan reserved-value command deletes the configuration.

By default, an action of re-marking the VXLAN reserved field is not configured in a traffic behavior.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

Format

remark vxlan reserved-value reserved-value

undo remark vxlan reserved-value [ reserved-value ]

Parameters

Parameter

Description

Value

reserved-value

Specifies the value of the VXLAN reserved field.

The value ranges from 0x000000 to 0xFFFFFF in hexadecimal notation, and starts with 0x.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To provide differentiated services based on the VXLAN reserved field of packets, run the remark vxlan reserved-value command to configure the device to re-mark the VXLAN reserved field of packets so that the device can provide QoS based on the re-marked VXLAN reserved field.

Follow-up Procedure

Run the traffic policy command to create a traffic policy and run the classifier behavior command in the traffic policy view to bind the traffic classifier to the traffic behavior containing VXLAN reserved field re-marking.

Precautions

  • Traffic policies which define this traffic behavior can only be applied in the outbound direction.
  • If you run the remark vxlan reserved-value command in the same traffic behavior view multiple times, only the latest configuration takes effect.
  • After re-marking the VXLAN reserved field of a packet, the switch performs a bitwise OR operation on the configured value and current value in the packet. For example, if the reserved field is 0x112233 and the remark vxlan reserved-value 0x221111 command is configured, the field value after re-marking is 0x333333.

Example

# Re-mark the VXLAN reserved field of packets with 0x8847 in the traffic behavior b1.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark vxlan reserved-value 0x8847
Related Topics

reset traffic-policy statistics

Function

The reset traffic-policy statistics command clears statistics on packets matching a traffic policy.

Format

reset traffic-policy statistics { global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | vpn-instance vpn-instance-name | qos group group-id | bridge-domain bd-id } [ policy-name ] [ inbound | outbound ] [ classifier-base classifier-name ]

Parameters

Parameter

Description

Value

global

Clears statistics on packets matching a traffic policy in the system.

-

slot slot-id

Clears statistics on packets matching a traffic policy on the device. slot-id specifies the stack ID of the device.

The value is an integer. You can enter a question mark ? and select a value from the displayed value range.

interface interface-type interface-number

Clears statistics on packets matching a traffic policy on a specified interface. If this parameter is not specified, statistics on packets of all interfaces are cleared.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

vlan vlan-id

Clears statistics on packets matching a traffic policy in a specified VLAN.

The value is an integer that ranges from 1 to 4094, except reserved VLAN IDs, which can be configured using the vlan reserved command.

vpn-instance vpn-instance-name

Clears the record of a traffic policy that has been applied in a specified VPN instance.

NOTE:

The CE6810LI does not support this parameter.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

qos group group-id

Clears the record of a traffic policy that has been applied in a specified QoS group.

The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter.

bridge-domain bd-id

Clears the record of a traffic policy that has been applied in a BD.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

The value is an integer ranging from 1 to 16777215.

policy-name

Clears statistics on packets matching a specified traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Clears traffic statistics in the inbound direction.

-

outbound

Clears traffic statistics in the outbound direction.

-

classifier-base classifier-name

Clears statistics on packets matching a specified traffic classifier.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

All views

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Before recollecting statistics, run the reset traffic-policy statistics command to clear existing packet statistics. Then run the display traffic-policy statistics command to view packet statistics.

Precautions

After the reset traffic-policy statistics command is executed, packet statistics are cleared and cannot be restored. Exercise caution when you use the command.

Example

# Clear traffic statistics on 10GE1/0/1 in the inbound direction to which a traffic policy has been applied.

<HUAWEI> reset traffic-policy statistics interface 10ge 1/0/1 inbound

traffic behavior

Function

The traffic behavior command creates a traffic behavior and displays the traffic behavior view, or directly displays the view of an existing traffic behavior.

The undo traffic behavior command deletes a traffic behavior.

By default, no traffic behavior is created in the system.

Format

traffic behavior behavior-name

undo traffic behavior behavior-name

Parameters

Parameter

Description

Value

behavior-name

Specifies the name of a traffic behavior.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A traffic classifier is used to differentiate services and must be associated with a flow control or resource allocation action such as packet filtering, traffic policing, and re-marking. The actions constitute a traffic behavior. The traffic behavior command creates a traffic behavior.

Follow-up Procedure

Configure an action in the traffic behavior view. For example, run the car (traffic behavior view) command to configure the traffic policing action.

Precautions

  • To delete a traffic behavior, unbind the traffic policy containing the traffic behavior from the system, an interface, or a VLAN where the traffic policy is applied and unbind the traffic behavior from the traffic classifier. To modify only actions in a traffic behavior, you do not need to unbind the traffic policy containing the traffic behavior from the system, an interface, or a VLAN.
  • On the device, a maximum of 512 traffic behaviors can be created and multiple traffic actions can be configured in a traffic behavior.

Example

# Create the traffic behavior b1 and enter the traffic behavior view.

<HUAWEI> system-view
[~HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1]

traffic classifier

Function

The traffic classifier command creates a traffic classifier and displays the traffic classifier view, or directly displays the view of an existing traffic classifier.

The undo traffic classifier command deletes a traffic classifier.

By default, no traffic classifier is created in the system.

Format

traffic classifier classifier-name [ type { and | or } ]

undo traffic classifier classifier-name

Parameters

Parameter

Description

Value

classifier-name

Specifies the name of a user-defined traffic classifier.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

type

Specifies the relationship between rules in a traffic classifier. If this parameter is not specified, the relationship between rules is OR by default.

-

and

Indicates that the relationship between rules is AND.

After this parameter is specified, the following situations occur:
  • If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.
  • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

-

or

Indicates that the relationship between rules is OR.

After this parameter is specified, packets match a traffic classifier if the packets match one or more rules.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A traffic classifier classifies traffic of a certain type using matching rules. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior (see traffic behavior) to a traffic policy and apply the traffic policy.

A traffic classifier can be created based on Layer 2 information such as the 802.1p priority in the VLAN ID, 802.1p priority in the inner VLAN ID, VLAN ID, inner VLAN ID, or Layer 2 protocol type, and Layer 3 information such as the DSCP priority or IP priority, or ACLs.

Follow-up Procedure

Define rules in the traffic classifier. For example, run the if-match 8021p command to define rules based on the 802.1p priority in the VLAN tag.

Precautions

  • To delete a traffic classifier, unbind the traffic policy containing the traffic classifier from the system, an interface, or a VLAN where the traffic policy is applied and unbind the traffic classifier from the traffic behavior.
  • On the device, a maximum of 512 traffic classifiers can be created and multiple rules can be configured in a traffic classifier.
  • Non-conflicting rules can be configured in a traffic classifier.

Example

# Create a traffic classifier c1 and enter the traffic classifier view.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1 type and
[*HUAWEI-classifier-c1]

traffic policy

Function

The traffic policy command creates a traffic policy and displays the traffic policy view, or displays the view of an existing traffic policy.

The undo traffic policy command deletes a traffic policy.

By default, no traffic policy is created in the system.

Format

traffic policy policy-name

undo traffic policy policy-name

Parameters

Parameter Description Value
policy-name

Specifies the name of a user-defined traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are obtained based on Layer 2 information, Layer 3 information, or ACLs. To implement differentiated services for service flows of packets, bind a traffic classifier and a traffic behavior to the created traffic policy and apply the traffic policy. You can use the traffic policy command to create a traffic policy. A maximum of 512 traffic policies can be created on the device.

Pre-configuration Tasks

A traffic classifier and a traffic behavior have been created.

Follow-up Procedure

Precautions

  • If the traffic policy that you want to delete has been applied to the system, an interface, or a VLAN, run the undo traffic-policy command to unbind the traffic policy in the corresponding view. Then run the undo traffic policy command in the system view to delete the traffic policy.
  • On the device, a maximum of 512 traffic policies can be created and multiple pairs of traffic classifiers and traffic behaviors can be configured in a traffic policy.

Example

# Create a traffic policy p1, and associate the traffic classifier c1 with the traffic behavior b1 in the traffic policy.

<HUAWEI> system-view
[~HUAWEI] traffic classifier c1
[*HUAWEI-classifier-c1] if-match any
[*HUAWEI-classifier-c1] quit
[*HUAWEI] traffic behavior b1
[*HUAWEI-behavior-b1] remark 8021p 2
[*HUAWEI-behavior-b1] quit
[*HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 

# Delete the traffic policy p1 that has been applied to the inbound indirection on 10GE1/0/1.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo traffic-policy p1 inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] undo traffic policy p1

traffic-policy atomic-update-mode

Function

The traffic-policy atomic-update-mode command enables the device to provide nonstop services during MQC-based traffic classification rule modification.

The undo traffic-policy atomic-update-mode command cancels the configuration.

By default, this function is disabled.

Format

traffic-policy atomic-update-mode

undo traffic-policy atomic-update-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After this command is used, the system first delivers the modified traffic classification rules, and then deletes the old traffic classification rules. This ensures nonstop services, but more resources are consumed.

Precautions

  • When editing or modifying traffic classification rules in a traffic policy on the device that has this function enabled, ensure that the number of remaining ACLs is twice more than the number of chip resources occupied by traffic classification rules in the traffic policy.
  • If there are duplicate traffic classification rules on the CE6855HI, CE6856HI, CE6860EI, CE7855EI, CE8850EI, or CE8860EI that uses the large-acl system resource mode and is configured to provide nonstop services during MQC-based traffic classification rule modification, the MQC-based traffic policy will fail to be delivered or updated.

Example

# Enable the device to provide nonstop services during MQC-based traffic classification rule modification.

<HUAWEI> system-view
[~HUAWEI] traffic-policy atomic-update-mode

traffic-policy (interface view)

Function

The traffic-policy command applies a traffic policy to an interface.

The undo traffic-policy command deletes a traffic policy from an interface.

By default, no traffic policy is applied to an interface.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy policy-name { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a user-defined traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Applies a traffic policy to the inbound direction.

-

outbound

Applies a traffic policy to the outbound direction.

-

Views

interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a created traffic policy to an interface.

Prerequisites

A traffic policy has been created using the traffic policy command, and traffic classifiers and traffic behaviors have been bound to the traffic policy.

Precautions

  • After a traffic policy is applied to an interface, you cannot directly delete the traffic policy. To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.
  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.
  • For CE6870EI switches, this command cannot be configured on member interfaces of an Eth-Trunk.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction on 10GE1/0/1.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy p1 inbound

traffic-policy (VLAN view)

Function

The traffic-policy command applies a traffic policy to a VLAN.

The undo traffic-policy command deletes a traffic policy from a VLAN.

By default, no traffic policy is applied to a VLAN.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy policy-name { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Applies a traffic policy to the inbound direction of a VLAN.

-

outbound

Applies a traffic policy to the outbound direction of a VLAN.

-

Views

VLAN view, VLAN-Range view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a traffic policy to a VLAN.

Prerequisites

A traffic policy has been created using the traffic policy command.

Precautions

  • After a traffic policy is applied to a VLAN, the traffic policy takes effect for packets received and sent in the VLAN.
  • After a traffic policy is applied to a VLAN, you cannot directly delete the traffic policy. To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.
  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction in VLAN 100.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] vlan 100
[*HUAWEI-vlan100] traffic-policy p1 inbound

traffic-policy (VPN instance view)

Function

The traffic-policy command applies a traffic policy to a VPN instance.

The undo traffic-policy command unbinds a traffic policy from a VPN instance.

By default, no traffic policy is applied to a VPN instance.

NOTE:

The CE6810LI does not support this command.

Format

traffic-policy policy-name inbound [ exclude qos port-group group-id ]

undo traffic-policy policy-name inbound [ exclude qos port-group group-id ]

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Applies a traffic policy to a VPN instance in the inbound direction.

-

exclude qos port-group group-id

Indicates that a traffic policy cannot be applied to a specified QoS interface group.

NOTE:

Only the CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6860EI, CE6870EI, CE7850EI, CE7855EI, CE8850EI, and CE8860EI support this parameter.

The value is an integer that ranges from 1 to 128.

Views

VPN instance view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACL rules. To implement differentiated services for service flows of the packets, bind a traffic classifier and a traffic behavior to the created traffic policy and apply the traffic policy. The traffic-policy command applies a traffic policy to a VPN instance.

Prerequisites

A traffic policy has been created by using the traffic policy command.

Precautions

  • After a traffic policy is applied to a VPN instance, the traffic policy takes effect for packets received and sent in the VPN instance.
  • After a traffic policy is applied to a VPN instance, you cannot directly delete the traffic policy or the traffic classifier and traffic behavior in the traffic policy. To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.

  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the VPN instance test in the inbound direction.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] ip vpn-instance test
[*HUAWEI-vpn-instance-test] traffic-policy p1 inbound

traffic-policy (QoS group view)

Function

The traffic-policy command applies a traffic policy to a QoS group.

The undo traffic-policy command deletes a traffic policy from a QoS group.

By default, no traffic policy is applied to a QoS group.

Format

traffic-policy policy-name inbound

undo traffic-policy policy-name inbound

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Applies a traffic policy to the inbound direction of a QoS group.

-

Views

QoS group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACL rules. To implement differentiated services for service flows, bind a traffic classifier and a traffic behavior to the created traffic policy and apply the traffic policy. The traffic-policy command applies a traffic policy to a QoS group.

Prerequisites

A traffic policy has been created by using the traffic policy command.

Precautions

  • After a traffic policy is applied to a QoS group, you cannot directly delete the traffic policy or the traffic classifier and traffic behavior in the traffic policy. To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.

  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction in the QoS group.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] qos group qosgroup1
[*HUAWEI-qos-group-qosgroup1] traffic-policy p1 inbound

traffic-policy (BD view)

Function

The traffic-policy command applies a traffic policy to a bridge domain (BD).

The undo traffic-policy command deletes a traffic policy from a BD.

By default, no traffic policy is applied to a BD.

NOTE:

The CE5810EI, CE5850EI, CE5850HI, CE5855EI, CE6810LI, and CE6810EI do not support this command.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy policy-name { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value is a string of 1 to 31 case-sensitive characters without spaces and question marks, and must start with letters.

inbound

Applies a traffic policy to the inbound direction of a BD.

-

outbound

Applies a traffic policy to the outbound direction of a BD.

-

Views

BD view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACL rules. To implement differentiated services for service flows of the packets, bind a traffic classifier and a traffic behavior to the created traffic policy and apply the traffic policy. The traffic-policy command applies a traffic policy to a BFD.

Prerequisites

A traffic policy has been created by using the traffic policy command.

Precautions

  • After a traffic policy is applied to a BD, the traffic policy takes effect for packets received and sent in the BD.
  • After a traffic policy is applied to a QoS group, you cannot directly delete the traffic policy or the traffic classifier and traffic behavior in the traffic policy. To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.

  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the outbound direction in BD 10.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] bridge-domain 10
[*HUAWEI-bd10] traffic-policy p1 outbound

traffic-policy chip-based-mode

Function

The traffic-policy chip-based-mode enables the device to accurately deliver the traffic policy that is applied to a VLAN, a VLANIF interface, or an Eth-Trunk.

The undo traffic-policy chip-based-mode command cancels the configuration.

By default, the device is not enabled to accurately deliver the traffic policy that is applied to a VLAN, a VLANIF interface, or an Eth-Trunk.

NOTE:

Only the CE6870EI supports this command.

Format

traffic-policy chip-based-mode

undo traffic-policy chip-based-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a traffic policy is applied to a VLAN, a VLANIF interface, or an Eth-Trunk and packets match ACL rules, the traffic policy is delivered to all chips of the device. If there is no corresponding VLAN, VLANIF interface, or Eth-Trunk member interface on some chips, the traffic policy is not delivered.

Precautions

This command is valid for only the new traffic policy. To make this command take effect for existing traffic policies, delete the traffic policies and reconfigure them.

Example

# Enable the device to accurately deliver the traffic policy that is applied to a VLAN, a VLANIF interface, or an Eth-Trunk.

<HUAWEI> system-view
[~HUAWEI] traffic-policy chip-based-mode

traffic-policy fast-mode

Function

The traffic-policy fast-mode command enables fast update of ACLs.

The undo traffic-policy fast-mode command disables fast update of ACLs.

By default, fast update of ACLs is disabled.

NOTE:

Only the CE6870EI supports this command.

Format

traffic-policy fast-mode

undo traffic-policy fast-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

ACL rules take effect slowly in the following situations:

  • The applied traffic policy contains a large number of ACL rules.
  • When traffic policies apply to different objects, they have different priorities. If a low-priority traffic policy takes effect, applying a high-priority traffic policy may cause slow delivery of ACL rules.

You can run the traffic-policy fast-mode command to enable fast update of ACLs to increase the rate in which ACL rules take effect, which ensures service real-time quality.

Precautions

After fast update of ACLs is enabled, changes in a traffic policy that has been applied will cause the traffic policy to be ineffective for a period shorter than 200s. When this occurs, the system needs to collect statistics about packets matching the traffic policy again. To avoid running services, you are advised to enable fast update of ACLs only when you are deploying new services. After completing service configuration, run the undo traffic-policy fast-mode command to disable this function.

Example

# Enable fast update of ACLs.

<HUAWEI> system-view
[~HUAWEI] traffic-policy fast-mode
Warning: This operation will cause instant interruption of CAR, redirect, and remark action services. Continue? [Y/N]:y

traffic-policy global

Function

The traffic-policy global command applies a traffic policy to the system.

The undo traffic-policy global command deletes a traffic policy that is applied to the system.

By default, no traffic policy is applied to the system.

Format

traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

undo traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The name of a traffic policy must already exist.

inbound

Applies a traffic policy to the inbound direction.

-

outbound

Applies a traffic policy to the outbound direction.

-

slot slot-id

Specifies the device where the traffic policy is applied. slot-id specifies the stack ID of the device.

The value is an integer. You can enter a question mark ? and select a value from the displayed value range.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy.

You can use the traffic policy global command to apply a traffic policy to the system.

Prerequisites

A traffic policy has been created using the traffic policy command.

Precautions

  • A traffic policy cannot be applied to the same direction in the system and in the slot simultaneously.
  • The applied traffic policy cannot be deleted. To delete this traffic policy, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.
  • You can change the traffic classification rules, ACL rules, actions defined by the traffic behavior, and relationship between the traffic classifier and traffic behaviors of an applied traffic policy. However, the changes may lead to a failure in delivering the traffic policy. If the traffic policy fails to be delivered, a message indicating the failure cause will be displayed. To view the traffic policy delivery failure cause, run the display traffic-policy applied-record command.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction.

<HUAWEI> system-view
[~HUAWEI] traffic policy p1
[*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[*HUAWEI-trafficpolicy-p1] quit
[*HUAWEI] traffic-policy p1 global inbound

traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode }

Function

The traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode } command configures the device to use the enhanced mode when a traffic policy is applied.

The undo traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode } command cancels the configuration.

By default, the device is not configured to use the enhanced mode when a traffic policy is applied.

NOTE:

Only the CE6870EI supports this command.

Format

traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode }

undo traffic-policy { ipv4-enhance-mode | ipv6-enhance-mode }

Parameters

Parameter Description Value
ipv4-enhance-mode Uses the IPv4 enhanced mode when a traffic policy is applied.

-

ipv6-enhance-mode Uses the IPv6 enhanced mode when a traffic policy is applied.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • By default, a traffic policy containing IPv4 rules is valid only for Layer 3 packets when it is applied to the outbound direction. You can use the traffic-policy ipv4-enhance-mode command to enable the enhanced IPv4 mode on a device when a traffic policy containing IPv4 rules is applied. Then the traffic policy is valid for both Layer 2 and Layer 3 packets when it is applied to the outbound direction.
  • By default, when a traffic policy containing IPv6 rules is applied to the outbound direction, the device uses the loopback mode to forward traffic. All traffic on a port is looped back inside the device before being forwarded. You can use the traffic-policy ipv6-enhance-mode command to enable the enhanced IPv6 mode on a device when a traffic policy containing IPv6 rules is applied. Then traffic is directly forwarded without being looped back inside the device when the traffic policy is applied to the outbound direction.

Precautions

  • This command is valid for only the new traffic policy. To make this command take effect for existing traffic policies, delete the traffic policies and reconfigure them.

  • If the device uses the enhanced mode when a traffic policy is applied, traffic classification rules match only the source IP address, destination IP address, protocol, source port number, destination port number, and TCP flag, and the traffic behavior can only be packet filtering.
  • If the device uses the enhanced mode when a traffic policy is applied, traffic policies applied to the VLAN view take effect for Layer 3 IP packets only.
  • When the device is configured to use the enhanced mode during application of a traffic policy, the ARP resource allocation mode cannot be set to extend. If the ARP resource allocation mode cannot be set to extend, the device cannot be configured to use the enhanced mode during application of a traffic policy.

Example

# Configure the device to use the IPv4 enhanced mode when a traffic policy is applied.

<HUAWEI> system-view
[~HUAWEI] traffic-policy ipv4-enhance-mode

traffic-policy large-acl-mode

Function

The traffic-policy large-acl-mode command enables the device to use the Single mode for resource occupancy when a traffic policy is applied.

The undo traffic-policy large-acl-mode command cancels the configuration.

By default, the device is not enabled to use the Single mode for resource occupancy when a traffic policy is applied.

NOTE:

Only the CE6880EI supports this command.

Format

traffic-policy large-acl-mode

undo traffic-policy large-acl-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When another traffic policy is applied to the device and the device generates an alarm about a failure to apply the traffic policy due to insufficient ACL resources, you can run the traffic-policy large-acl-mode command to configure the Single mode for resource occupancy so that the new traffic policy can be applied successfully.

When the traffic policy is applied:
  • If the length of the matched field does not exceed 80 bits, use the Single mode.
  • If the length of the matched field does not exceed 160 bits, use the Double mode.
  • If the length of the matched field does not exceed 320 bits, use the Quadruple mode.
The Single mode is disabled by default. The system selects the Double or Quadruple mode based on the length of the matched field when a traffic policy is applied.

Precautions

This command is valid for only the new traffic policy. To make this command take effect for existing traffic policies, delete the traffic policies and reconfigure them.

Example

# Enable the device to use the Single mode for resource occupancy when a traffic policy is applied.

<HUAWEI> system-view
[~HUAWEI] traffic-policy large-acl-mode

traffic-policy resource-saving-mode

Function

The traffic-policy resource-saving-mode command configures the device to use the resource saving mode when a traffic policy is applied.

The undo traffic-policy resource-saving-mode command cancels the configuration.

By default, the device is not configured to use the resource saving mode when a traffic policy is applied.

NOTE:

Only the CE6870EI supports this command.

Format

traffic-policy resource-saving-mode

undo traffic-policy resource-saving-mode

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the MQC-enabled device generates an alarm about a failure to apply a traffic policy due to insufficient ACL resources, run the traffic-policy resource-saving-mode command to configure the device to use the resource saving mode. The device then re-allocate ACL resources required by all traffic policies so that another traffic policy can be applied successfully.

Precautions

  • The resource saving mode is valid for only the traffic policy that is applied in the inbound direction (excluding the ACL-based simplified traffic policy).
  • When this command is used, all traffic policies are automatically delivered again. This may cause short service interruption.
  • When this command is used and a traffic policy is applied to the device or the traffic classifier, traffic behavior, or ACL rule in an applied traffic policy changes, all traffic policies are automatically delivered again. This may cause short service interruption.

Example

# Configure the device to use the resource saving mode when a traffic policy is applied.

<HUAWEI> system-view
[~HUAWEI] traffic-policy resource-saving-mode
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 42628

Downloads: 326

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next