No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Service Chain Configuration Commands

Service Chain Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

traffic-filter inbound (tunnel interface view)

Function

The traffic-filter inbound command applies an ACL to a tunnel interface to filter packets in the inbound direction.

The undo traffic-filter inbound command cancels the configuration.

By default, no ACL is applied to a tunnel interface to filter packets in the inbound direction.

Format

traffic-filter inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] }

undo traffic-filter inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] }

Parameters

Parameter

Description

Value

acl adv-acl

Filters packets based on a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl ucl-group-acl

Filters packets based on a specified user-defined ACL.

The value is an integer that ranges from 6000 to 9999.

acl name acl-name

Filters packets based on a specified named ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces and must begin with a letter.

rule rule-id

Filters packets based on a specified ACL rule.

NOTE:

If filters packets based on a specified named ACL with the type of the user-defined ACL, the rule rule-id parameter cannot be configured.

The value is an integer that ranges from 0 to 4294967294.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-filter inbound command is executed on a tunnel interface, the device filters packets matching ACL rules:

  • If the action in an ACL rule is deny, the device discards packets matching the rule.
  • If the action in an ACL rule is permit, the device forwards packets matching the rule.
  • If no rule is matched, packets are allowed to pass through.

Prerequisites

The acl (system view) or acl name command has been executed to create an ACL.

To filter packets based on a specified user-defined ACL, run the ucl-group command to classify users before creating an ACL.

Precautions

If the traffic-filter (system view) and traffic-filter inbound (tunnel interface view) commands are used simultaneously, the traffic-filter inbound (tunnel interface view) command takes effect.

NOTE:

When the deny action is defined in the ACL rule associated with the traffic-filter inbound command, the ACL rule can only be associated with the traffic-statistic inbound (tunnel interface view) or traffic-statistic (system view) command. If the ACL rule is associated with other simplified traffic policies, the simplified traffic policies do not take effect.

When the permit action is defined in the ACL rule associated with the traffic-filter inbound command, the ACL rule can be associated with other simplified traffic policies.

After the traffic-filter inbound command is executed on a tunnel interface, the source IP address, destination IP address, and tunnel protocol type of the tunnel interface cannot be changed.

Example

# In the inbound direction on Tunnel 1, configure packet filtering based on the advanced ACL that permits packets with source IP address 192.168.0.2/32.

<HUAWEI> system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0.0.0.0
[HUAWEI-acl-adv-3000] quit
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] traffic-filter inbound acl 3000

traffic-redirect inbound (system view)

Function

The traffic-redirect inbound command configures ACL-based traffic redirection to a tunnel interface globally.

The undo traffic-redirect inbound command cancels the configuration.

By default, ACL-based traffic redirection to a tunnel interface is not configured globally.

Format

traffic-redirect inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] } interface tunnel interface-number [ force ]

undo traffic-redirect inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] }

Parameters

Parameter

Description

Value

acl adv-acl

Redirects packets based on a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl ucl-group-acl

Redirects packets based on a specified user-defined ACL.

The value is an integer that ranges from 6000 to 9999.

acl name acl-name

Redirects packets based on a specified named ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces and must begin with a letter.

rule rule-id

Redirects packets based on a specified ACL rule.

NOTE:

If you specify a user-defined named ACL to redirect packets, the rule rule-id parameter cannot be configured.

The value is an integer that ranges from 0 to 4294967294.

interface tunnel interface-number

Redirects packets to a specified tunnel interface.

-

force

Configures the device to discard packets when the protocol status of the tunnel interface to which packets are redirected is Down or the tunnel interface has no matching ARP entry. If this parameter is not specified, the device forwards packets according to the routing table.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a service chain scenario, services need to be forwarded between a core switch and multiple devices in the service chain device zone, forming a service chain. A core switch connects to the service chain device zone through a GRE tunnel. Therefore, you can establish a service chain by redirecting packets that will be received by the core switch or devices in the service chain device zone to a specified GRE tunnel, through which the packets are forwarded to the remote device.

Prerequisites

The acl (system view) or acl name command has been executed to create an ACL.

To redirect packets based on a specified user-defined ACL, run the ucl-group command to classify users before creating an ACL.

Precautions

If the traffic-redirect inbound (tunnel interface view) and traffic-redirect inbound (system view) commands are used simultaneously, the traffic-redirect inbound (tunnel interface view) command takes effect.

NOTE:

When the traffic-redirect inbound (system view) command is used together with the traffic-filter inbound (tunnel interface view) or traffic-filter (system view) command, and the same ACL rule is associated with these commands:

  • If the deny action is configured in the ACL rule, the traffic-redirect inbound (system view) command does not take effect.
  • If the permit action is configured in the ACL rule, the command that is executed first takes effect.

After the traffic-redirect inbound command is executed, the source IP address, destination IP address, and tunneling protocol type of the tunnel interface to which packets are redirected cannot be changed.

Example

# Redirect packets with source IP address 192.168.0.2/32 to Tunnel 1 based on an advanced ACL.

<HUAWEI> system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0.0.0.0
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic-redirect inbound acl 3000 interface tunnel 1

traffic-redirect inbound (tunnel interface view)

Function

The traffic-redirect inbound command applies an ACL to a tunnel interface to redirect packets in the inbound direction.

The undo traffic-redirect inbound command cancels the configuration.

By default, no ACL is applied to a tunnel interface to redirect packets in the inbound direction.

Format

traffic-redirect inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] } interface tunnel interface-number [ force ]

undo traffic-redirect inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] }

Parameters

Parameter

Description

Value

acl adv-acl

Redirects packets based on a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl ucl-group-acl

Redirects packets based on a specified user-defined ACL.

The value is an integer that ranges from 6000 to 9999.

acl name acl-name

Redirects packets based on a specified named ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces and must begin with a letter.

rule rule-id

Redirects packets based on a specified ACL rule.

NOTE:

If you specify a user-defined named ACL to redirect packets, the rule rule-id parameter cannot be configured.

The value is an integer that ranges from 0 to 4294967294.

interface tunnel interface-number

Redirects packets to a specified tunnel interface.

-

force

Configures the device to discard packets when the protocol status of the tunnel interface to which packets are redirected is Down or the tunnel interface has no matching ARP entry. If this parameter is not specified, the device forwards packets according to the routing table.

-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a service chain scenario, services need to be forwarded between a core switch and multiple devices in the service chain device zone, forming a service chain. A core switch connects to the service chain device zone through a GRE tunnel. Therefore, you can establish a service chain by redirecting packets received by the core switch or devices in the service chain device zone from a GRE tunnel to another specified GRE tunnel, through which the packets are forwarded to the remote device.

Prerequisites

The acl (system view) or acl name command has been executed to create an ACL.

To redirect packets based on a specified user-defined ACL, run the ucl-group command to classify users before creating an ACL.

Precautions

If the traffic-redirect inbound (system view) and traffic-redirect inbound (tunnel interface view) commands are used simultaneously, the traffic-redirect inbound (tunnel interface view) command takes effect.

NOTE:

When the traffic-redirect inbound (tunnel interface view) command is used together with the traffic-filter inbound (tunnel interface view) or traffic-filter (system view) command, and the same ACL rule is associated with these commands:

  • If the deny action is configured in the ACL rule, the traffic-redirect inbound (tunnel interface view) command does not take effect.
  • If the permit action is configured in the ACL rule, the command that is executed first takes effect.

After the traffic-redirect inbound command is executed on a tunnel interface, the source IP addresses, destination IP addresses, and tunneling protocol types of this tunnel interface and the tunnel interface to which packets are redirected cannot be changed.

Example

# Redirect incoming packets with source IP address 192.168.0.2/32 from Tunnel 1 to Tunnel 2 based on an advanced ACL.

<HUAWEI> system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0.0.0.0
[HUAWEI-acl-adv-3000] quit
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] traffic-redirect inbound acl 3000 interface tunnel 2

traffic-statistic inbound (tunnel interface view)

Function

The traffic-statistic inbound command configures ACL-based traffic statistics on a tunnel interface in the inbound direction.

The undo traffic-statistic inbound command cancels ACL-based traffic statistics on a tunnel interface in the inbound direction.

By default, ACL-based traffic statistics is not configured on a tunnel interface in the inbound direction.

Format

traffic-statistic inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] } [ by-bytes ]

undo traffic-statistic inbound acl { adv-acl [ rule rule-id ] | ucl-group-acl | name acl-name [ rule rule-id ] }

Parameters

Parameter

Description

Value

acl adv-acl

Collects traffic statistics based on a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

acl ucl-group-acl

Collects traffic statistics based on a specified user-defined ACL.

The value is an integer that ranges from 6000 to 9999.

acl name acl-name

Collects traffic statistics based on a specified named ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces and must begin with a letter.

rule rule-id

Collects traffic statistics based on a specified ACL rule.

NOTE:

If collects traffic statistics based on a specified named ACL with the type of the user-defined ACL, the rule rule-id parameter cannot be configured.

The value is an integer that ranges from 0 to 4294967294.

by-bytes

Collects traffic statistics based on the number of bytes. If this parameter is not specified, traffic statistics are collected based on the number of packets.

-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Prerequisites

The acl (system view) or acl name command has been executed to create an ACL.

To collect packet statistics based on a specified user-defined ACL, run the ucl-group command to classify users before creating an ACL.

Precautions

If the traffic-statistic (system view) and traffic-statistic inbound (tunnel interface view) commands are used simultaneously, the traffic-statistic inbound (tunnel interface view) command takes effect.

An ACL can be associated with the traffic-statistic inbound command to collect statistics about packets matching the ACL regardless of whether the action in an ACL rule is permit or deny. When the deny action is configured in the ACL rule, packets are not filtered.

After the traffic-statistic inbound command is executed on a tunnel interface, the source IP address, destination IP address, and tunnel protocol type of the tunnel interface cannot be changed.

Example

# Collect statistics about packets matching rule 5 in advanced ACL 3000 on Tunnel 1 in the inbound direction.

<HUAWEI> system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0.0.0.0
[HUAWEI-acl-adv-3000] quit
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] traffic-statistic inbound acl 3000 rule 5
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 28495

Downloads: 109

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next