No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
QoS Compatible Commands

QoS Compatible Commands

car cir (CPCAR view) (upgrade-compatible command)

Function

Using the car cir command, you can set the committed access rate (CAR) parameters of CPCAR, including the committed information rate (CIR) and committed burst size (CBS).

Using the undo car command, you can cancel the configuration.

By default, CPCAR parameters of host packets sent to the CPU of the main control board of the device are listed in Table 19-17; CPCAR parameters of host packets sent to the CPU of the Line Processing Unit (LPU) of the device are listed in Table 19-18.
Table 19-17  CPCAR parameters of host packets sent to the CPU of the main control board of the device

Type of Host Packets

CIR (kbit/s)

CBS (bytes)

ARP-miss, LDT, Unknown-packet

64

10000

ARP Request, ARP Reply, Smart-Link, LACP, LLDP, DLDP, VRRP, PIM, MPLS RSVP, MPLS TTL-Expired, TTL-Expired, MPLS Ping, NTP, FTP, SNMP, RADIUS, HWTACACS

128

16000

MPLS OAM, RIP, ICMP, SSH, Telnet, BPDU Tunnel, RRPP, UDP Helper

256

32000

STP, ISIS, DHCP Client, DHCP Server, IGMP, OSPF, BGP, BFD, MPLS LDP, TCP, Unkown-multicast

512

64000

FIB-hit

1024

128000

Table 19-18  CPCAR parameters of host packets sent to the CPU of the LPU of the device

Type of Host Packets

CIR (kbit/s)

CBS (bytes)

ARP Request, ARP Reply, Smart-Link, LACP, LLDP, DLDP, VRRP, MPLS OAM, PIM, MPLS RSVP, TTL-Expired, MPLS Ping, NTP, RADIUS, HWTACACS, ARP-miss, LDT, Unknown-packet, Unknown-multicast

64

10000

STP, IGMP, RIP, MPLS TTL-Expired, SSH, Telnet, SNMP, FIB-hit, BPDU Tunnel, RRPP, UDP Helper

128

16000

ISIS, OSPF, BGP, BFD, MPLS LDP, TCP

256

32000

DHCP Client, DHCP Server

512

64000

ICMP

192

24000

Format

car cir cir-value [ cbs cbs-value ]

undo car

Parameters

Parameter

Description

Value

cir-value

Specifies the CIR.

The value is an integer that ranges from 64 to 4294967295, in kbit/s.

cbs-value

Specifies the CBS.

The value is an integer that ranges from 10000 to 4294967295, in bytes.

The default value is 188 times greater than the CIR.

Views

CPCAR view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Set the CIR and CBS of ARP Request host packets sent to the CPU of the LPU in slot 6 to 10000 kbit/s and 500000 bytes.

<HUAWEI> system-view
[HUAWEI] cpcar arp-request slot 6
[HUAWEI-cpcar-arp-request-slot-6] car cir 10000 cbs 500000

cpcar (upgrade-compatible command)

Function

Using the cpcar command, you can enter the CPCAR view of a certain type of host packets.

Format

cpcar host-packet-type [ slot slot-id ]

Parameters

Parameter

Description

Value

host-packet-type

Specifies the type of host packets.

The type of host packets for which the device can perform traffic policing is as follows: Address Resolution Protocol (ARP)-miss, ARP Reply, ARP Request, Bidirectional Forwarding Detection (BFD), Border Gateway Protocol (BGP), Bridge Protocol Data Unit (BPDU)-Tunnel, Dynamic Host Configuration Protocol (DHCP) Client, DHCP Server, Device Link Detection Protocol (DLDP), FIB-Hit, File Transfer Protocol (FTP), HUAWEI Terminal Access Controller Access Control System (HWTACACS), Internet Control Message Protocol (ICMP), Internet Group Management Protocol (IGMP), Intermedia System-to-Intermedia System (IS-IS), Link Aggregation Control Protocol (LACP), LDT, Link Layer Discovery Protocol (LLDP), Multiprotocol Label Switching Protocol (MPLS) Link Distribution Protocol (LDP), MPLS Operation, Administration and Maintenance (OAM), MPLS-Ping, MPLS Resource Reservation Protocol (RSVP), MPLS TTL-expired, Network Time Protocol (NTP), Open Shortest Path First (OSPF), Protocol Independent Multicast (PIM), Remote Authentication Dial In User Service (RADIUS), Routing Information Protocol (RIP), Rapid Ring Protection Protocol (RRPP), Smart Link, Simple Network Management Protocol (SNMP), Secure Shell(SSH), Spanning Tree Protocol (STP), Transfer Control Protocol(TCP), Telnet, TTL-expired, UDP helper, and Unknown-multicast, Unknown-packet and Virtual Router Redundancy Protocol (VRRP).

slot-id

Specifies the slot number of the LPU.

The value is an integer and is related to the model of the device:

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The LPU needs to send certain packets, for example, routing protocol packets, user login and logout control packets, and exception and error packets, to the CPU of the LPU or the main control board for processing. These packets are called host packets.

If the traffic of host packets of a certain type transmitted on the main control board or the LPU is heavy, you can configure CPCAR. In this manner, the impact on the device resulted from heavy traffic of host packets of this type can be prevented and the system can run normally.

NOTE:

If the device is configured with an FSU:

  • You must use the capcar bfd command to configure CPCAR for BFD packets.
  • You must use the capcar mpls-oam command to configure CPCAR for MPLS OAM packets.

Example

# Enter the CPCAR view of the ARP Request host packets sent to the CPU of the LPU in slot 6.

<HUAWEI> system-view
[HUAWEI] cpcar arp-request slot 6
[HUAWEI-cpcar-arp-request-slot-6]

count (upgrade-compatible command)

Function

Using the count command, you can enable the function of counting packets that match traffic classification rules.

By default, the counting function is disabled.

Format

count

Parameters

None

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

When there are many traffic classification rules on the switch, you can run the count command to count the specific traffic. The counting start time is the time when the policy is applied.

Currently, the switch counts packets rather than bytes.

Example

# Configure the traffic policy p1 so that the switch counts packets that flow through GigabitEthernet 1/0/1. After a period of time, the switch displays the traffic statistics.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match any
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] count
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound
[HUAWEI-GigabitEthernet1/0/1] display traffic policy interface gigabitethernet 1/0/1
  Interface: GigabitEthernet1/0/1
 
  Direction: Inbound
 
  Policy: p1
   Classifier: c1
     Rule(s) : if-match any
     Behavior: b1
      Count
        Matched : 10 (Packets)

drop (upgrade-compatible command)

Function

Using the drop command, you can configure the device to discard host packets with abnormal IDs.

Format

drop

Parameters

None

Views

CPCAR view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Configure the device to discard ARP packets with an abnormal ID.

<HUAWEI> system-view
[HUAWEI] cpcar bfd
[HUAWEI-cpcar-bfd] drop

if-match acl (upgrade-compatible command)

Function

The if-match acl command configures a matching rule in a traffic classifier based on an Access Control List (ACL).

Format

if-match [ match-id ] acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

acl-number

Specifies the number of an ACL.

The value is an integer that ranges from 2000 to 5999.
  • ACLs numbered 2000 to 2999 are basic ACLs, which are used to classify all packets.
  • ACLs numbered 3000 to 3999 are advanced ACLs, which are used to classify Layer 3 information about the packets.
  • ACLs numbered 4000 to 4999 are layer 2 ACLs, which are used to classify packets based on the source MAC address, destination MAC address, and packet type.
  • ACLs numbered 5000 to 5999 are user-defined ACLs.

acl-name

Specifies an ACL name.

The value is a string of 1 to 32 case-sensitive characters without spaces. The name starts with a letter (case sensitive) and can contain letters, digits, and symbols such as the number sign (#), percentage symbol (%), and hyphen (-).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To classify packets based on the interface, source IP address, destination IP address, protocol over IP, source and destination TCP port numbers, ICMP type and code, and source and destination MAC addresses, reference an ACL. You must first define an ACL and configure rules in the ACL. Then run the if-match acl command to configure a matching rule for traffic classification based on the ACL so that packets matching the same rule are processed in the same manner.

Prerequisites

The following operations must have been performed:
  • Create an ACL and configure rules in the ACL.

  • Create a traffic classifier using the traffic classifier command.

Precautions

Regardless of whether the relationship between rules in the traffic classifier is AND or OR, if an ACL contains multiple rules, the packet that matches only one ACL rule matches the ACL.

You can configure only the user-defined ACL (the user-defined ACL number ranges from 5000 to 5999) or configure the user-defined ACL and other matching rules in a traffic classifier where the relationship between rules is AND. When the user-defined ACL and other matching rules are configured, the user-defined ACL can be used only with the if-match vlan-id, if-match inbound-interface, orif-match outbound-interface command.

You can configure multiple ACL rules in a traffic classifier to match different types of packets. A traffic classifier allows a maximum of 256 if-match rules.

Example

# Define a matching rule for the traffic classifier c1: ACL 2046 is used to match packets.

<HUAWEI> system-view
[HUAWEI] acl 2046
[HUAWEI-acl4-basic-2046] rule permit source any
[HUAWEI-acl4-basic-2046] quit
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 acl 2046

if-match ipv6 acl (upgrade-compatible command)

Function

The if-match ipv6 acl command configures a matching rule in a traffic classifier based on an Access Control List (ACL).

By default, a matching rule based on an ACL is not configured in a traffic classifier.

Format

if-match [ match-id ] ipv6 acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

ipv6

Indicates that IPv6 ACLs are matched. If this parameter is not specified, IPv4 ACLs are matched.

-

acl-number

Specifies the number of an ACL.

The value is an integer that ranges from 2000 to 3999.
  • ACLs numbered 2000 to 2999 are basic ACLs, which are used to classify all packets.
  • ACLs numbered 3000 to 3999 are advanced ACLs, which are used to classify Layer 3 information about the packets.
acl-name

Specifies an ACL name.

The value is a string of 1 to 32 case-sensitive characters without spaces. The name starts with a letter (case-sensitive) and can contain letters, digits, and symbols such as the number sign (#), percentage symbol (%), and hyphen (-).

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To classify packets based on the interface, source IP address, destination IP address, protocol over IP, source and destination TCP port numbers, ICMP type and code, and source and destination MAC addresses, reference an ACL. You must first define an ACL and configure rules in the ACL. Then run the if-match acl command to configure a matching rule for traffic classification based on the ACL so that packets matching the same rule are processed in the same manner.

Prerequisites

The following operations must have been performed:
  • Create an ACL and configure rules in the ACL.

  • Create a traffic classifier using the traffic classifier command.

Precautions

Regardless of whether the relationship between rules in the traffic classifier is AND or OR, if an ACL contains multiple rules, the packet that matches only one ACL rule matches the ACL.

You can configure only the user-defined ACL (the user-defined ACL number ranges from 5000 to 5999) or configure the user-defined ACL and other matching rules in a traffic classifier where the relationship between rules is AND. When the user-defined ACL and other matching rules are configured, the user-defined ACL can be used only with the if-match vlan-id, if-match inbound-interface, or if-match outbound-interface command.

You can configure multiple ACL rules in a traffic classifier to match different types of packets. A traffic classifier allows a maximum of 256 if-match rules.

Example

# Define a matching rule for the traffic classifier c1: ipv6 ACL 2046 is used to match packets.

<HUAWEI> system-view
[HUAWEI] acl 2046
[HUAWEI-acl4-basic-2046] rule permit source any
[HUAWEI-acl4-basic-2046] quit
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 ipv6 acl 2046

if-match any (upgrade-compatible command)

Function

The if-match any command configures a matching rule for classifying all data packets in a traffic classifier.

By default, a matching rule for classifying all data packets is not configured in a traffic classifier.

Format

if-match [ match-id ] any

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To process all the data packets in the same manner, run the if-match any command.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match any command is valid for all data packets but is invalid for the control packets sent to the CPU, such as Bridge Protocol Data Units (BPDUs) in the Spanning Tree Protocol (STP).

Example

# Define a matching rule for the traffic classifier c1: All data packets are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 any

if-match cvlan-8021p (upgrade-compatible command)

Function

The if-match cvlan-8021p command configures a matching rule in a traffic classifier based on the 802.1p priority in the inner tag of QinQ packets.

Format

if-match [ match-id ] cvlan-8021p 8021p-value &<1-8>

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

8021p-value

Specifies the 802.1p priority in the inner tag of QinQ packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of QinQ packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match cvlan-8021p command to classify packets based on the 802.1p priority in the inner tag of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match cvlan-8021p command is valid for only the double-tagged packets.

If you enter multiple 802.1p priorities in the inner tags of packets in the command, a packet matches a rule if it matches one of the 802.1p priorities in the inner tags of packets, regardless of whether the relationship between traffic classification rules is AND or OR.

If you run the if-match cvlan-8021p command multiple times in the same traffic classifier view, only the latest configuration takes effect.

Example

# Define the matching rule in traffic classifier c1 to match QinQ packets with the inner 802.1p priority of 1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 cvlan-8021p 1

if-match cvlan-id (upgrade-compatible command)

Function

The if-match cvlan-id command configures a matching rule in a traffic classifier based on VLAN IDs in the inner and outer tags of QinQ packets. You can specify a VLAN ID range in the inner tag.

By default, a matching rule based on the VLAN ID in the inner and outer tags of QinQ packets is not configured in a traffic classifier.

Format

if-match [ match-id ] cvlan-id start-cvlan-id [ to end-cvlan-id ] [ vlan-id vlan-id ]

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

start-cvlan-id [ to end-cvlan-id ]

Specifies the VLAN ID in the inner tag of a QinQ packet.
  • start-cvlan-id specifies the start VLAN ID in the inner tag. The value is an integer that ranges from 1 to 4094.

  • end-cvlan-id specifies the end VLAN ID in the inner tag. The value is an integer that ranges from 1 to 4094.

The value of end-cvlan-id must be larger than the value of start-cvlan-id.

If to end-cvlan-id is not specified, only the VLAN ID specified by start-cvlan-id is matched.

-

vlan-id vlan-id

Specifies the VLAN ID in the outer tag of a QinQ packet.

If this parameter is not specified, only the VLAN ID in the inner tag of a QinQ packet is matched.

The value is an integer that ranges from 1 to 4094.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match cvlan-id command to classify packets based on the VLAN ID in the inner tag of QinQ packets or VLAN IDs in inner and outer tags of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match cvlan-id command is valid for only the double-tagged packets.

Example

# Define a matching rule for the traffic classifier c1: QinQ packets with the VLAN ID of 100 in the inner tag are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match cvlan-id 100

# Define a matching rule for the traffic classifier c1: QinQ packets with the inner VLAN ID in the range of 100 to 200 and outer VLAN ID 300 are matched.

[HUAWEI-classifier-c1] if-match 1 cvlan-id 100 to 200 vlan-id 300

if-match destination-mac (upgrade-compatible command)

Function

The if-match destination-mac command configures a matching rule in a traffic classifier based on the destination MAC address.

By default, a matching rule based on the destination MAC address is not configured in a traffic classifier.

Format

if-match [ match-id ] destination-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

mac-address

Specifies the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

[ mac-address-mask ] mac-address-mask

Specifies the mask of the destination MAC address.

Similar to the mask of the IP address, the value F indicates that the destination MAC address is matched and the value 0 indicates that the destination MAC address is not matched. The mask of the MAC address determines a group of MAC addresses. By using the mask of the MAC address, you can accurately match certain bits in the destination MAC address. In practice, you can set these bits to F in the mask of the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The value cannot be 0-0-0.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match destination-mac command to configure a matching rule in a traffic classifier based on the destination MAC address so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you run the if-match destination-mac command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier c1: Packets with the destination MAC address XX50-bXX7-bed3 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 destination-mac 0050-b007-bed3 mac-address-mask 00ff-f00f-ffff

if-match double-tag (upgrade-compatible command)

Function

The if-match double-tag command configures a matching rule in a traffic classifier based on double tags in packets.

By default, a matching rule based on double tags in packets is not configured in a traffic classifier.

Format

if-match [ match-id ] double-tag

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match double-tag command to classify traffic based on double tags and process packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Example

# Define a matching rule for the traffic classifier class1: Packets that carry double tags are classified according to their VLAN tags.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 double-tag

if-match dscp (upgrade-compatible command)

Function

The if-match dscp command configures a matching rule in a traffic classifier based on the Differentiated Services Code Point (DSCP) priority in packets.

By default, a matching rule based on the DSCP priority is not configured in a traffic classifier.

Format

if-match [ match-id ] [ ipv6 ] dscp dscp-value &<1-8>

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

ipv6

Indicates that IPv6 packets are matched. If this parameter is not specified, IPv4 packets are matched.

-

dscp dscp-value

Specifies the DSCP priority.

The value can be a DiffServ code, an integer ranging from 0 to 63, or name of the DSCP service type such as af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1-cs7, default, and ef.

The values corresponding to service types are as follows:

  • af11: 10
  • af12: 12
  • af13: 14
  • af21: 18
  • af22: 20
  • af23: 22
  • af31: 26
  • af32: 28
  • af33: 30
  • af41: 34
  • af42: 36
  • af43: 38
  • cs1: 8
  • cs2: 16
  • cs3: 24
  • cs4: 32
  • cs5: 40
  • cs6: 48
  • cs7: 56
  • default: 0
  • ef: 46

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match dscp command to configure a matching rule in a traffic classifier based on the DSCP priority in packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you enter multiple DSCP priorities in the command, a packet matches a rule as longs as it matches one of the DSCP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.

In a traffic classifier where the relationship between rules is AND, the if-match dscp and if-match ip-precedence commands cannot be used simultaneously.

If you run the if-match dscp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier class1: Packets with DSCP priority 1 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 dscp 1

if-match inbound-interface (upgrade-compatible command)

Function

The if-match inbound-interface command configures a matching rule in a traffic classifier based on an inbound interface.

By default, a matching rule based on an inbound interface is not configured in a traffic classifier.

Format

if-match [ match-id ] inbound-interface interface-type interface-number

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

interface-type interface-number

Specifies the type and number of an inbound interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match inbound-interface command to classify traffic based on an inbound interface so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

It is recommended that a traffic policy containing if-match inbound-interface be not applied to an interface.

If you run the if-match inbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier class1: Packets received on inbound interface GE1/0/1 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 inbound-interface gigabitethernet 1/0/1

if-match ip-precedence (upgrade-compatible command)

Function

The if-match ip-precedence command configures a matching rule in a traffic classifier based on the IP precedence in packets.

By default, a matching rule based on the IP precedence in packets is not configured in a traffic classifier.

Format

if-match [ match-id ] ip-precedence ip-precedence-value &<1-8>

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

ip-precedence-value

Specifies the IP precedence.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match ip-precedence command to configure a matching rule in a traffic classifier based on the IP precedence in packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

After the if-match ip-precedence command is run, IP precedences are listed in ascending order.

If you enter multiple IP precedences in the command, a packet matches a rule if it matches one of the IP precedence, regardless of whether the relationship between traffic classification rules is AND or OR.

In a traffic classifier where the relationship between rules is AND, the if-match dscp and if-match ip-precedence commands cannot be used simultaneously.

NOTE:

The if-match ip-precedence command only takes effect for IPv4 packets.

If you run the if-match ip-precedence command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule in the traffic classifier class1: Packets with IP precedence 1 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 ip-precedence 1

if-match ipv6 next-header (upgrade-compatible command)

Function

The if-match ipv6 next-header command configures a matching rule in a traffic classifier based on the first Next Header field in an IPv6 packet header.

By default, a matching rule based on the first Next Header field in an IPv6 packet header is not configured in a traffic classifier.

Format

if-match [ match-id ] ipv6 next-header header-number first-next-header

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

header-number

Specifies the value of the Next Header field in an IPv6 packet header.

The value is an integer that ranges from 0 to 255.

first-next-header

Specifies the first Next Header field in an IPv6 packet header.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the if-match ipv6 next-header command to classify IPv6 packets according to the first Next Header field in IPv6 packet headers. Packets of the same class are processed in the same way.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you run the if-match ipv6 next-header command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define the matching rule of the traffic classifier c1 to match IPv6 packets with the value of the first Next Header field in IPv6 packet headers being 20.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 ipv6 next-header 20 first-next-header

if-match l2-protocol (upgrade-compatible command)

Function

The if-match l2-protocol command configures a matching rule in a traffic classifier based on the Layer 2 protocol type.

By default, a matching rule based on the Layer 2 protocol type is not configured in a traffic classifier.

Format

if-match [ match-id ] l2-protocol { arp | ip | mpls | rarp | protocol-value }

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

arp

Classifies ARP packets.

The value of arp corresponds to 0x0806.

ip

Classifies IP packets.

The value of ip corresponds to 0x0800.

mpls

Classifies MPLS packets.

The value of mpls corresponds to 0x8847.

rarp

Classifies RARP packets.

The value of rarp corresponds to 0x8035.

protocol-value

Specifies the value of a protocol type.

The value ranges from 0x0000 to 0xFFFF in hexadecimal notation and must start with 0x.

If the value of protocol-value is smaller than 0x0600, the Destination Service Access Point (DSAP) and Source Service Access Point (SSAP) fields in the Logical Line Control (LLC) protocol packets are matched.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match l2-protocol command to classify traffic based on the Layer 2 protocol type so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The device supports Layer 2 protocols including ARP, IP, MPLS, and RARP.

If you run the if-match l2-protocol command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule in the traffic classifier c1: Packets with the protocol type being ARP are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 l2-protocol arp

if-match mpls-exp (upgrade-compatible command)

Function

The if-match mpls-exp command configures a matching rule in a traffic classifier based on the EXP priority in MPLS packets.

By default, a matching rule based on the EXP priority in MPLS packets is not configured in a traffic classifier.

Format

if-match [ match-id ] mpls-exp exp-value &<1-8>

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

exp-value

Specifies the EXP priority of MPLS packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of MPLS packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match mpls-exp command to configure a matching rule in a traffic classifier based on the EXP priority in MPLS packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you enter multiple values of EXP priorities in the command, a packet matches the traffic classifier as long as it matches one of the EXP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.

If a traffic classifier in a traffic policy contains if-match mpls-exp, the traffic policy does not take effect in the outbound direction.

If you run the if-match mpls-exp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier class1: Packets with MPLS EXP 1 or 4 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 mpls-exp 1 4

if-match outbound-interface (upgrade-compatible command)

Function

The if-match outbound-interface command configures a matching rule in a traffic classifier based on an outbound interface.

By default, a matching rule based on an outbound interface is not configured in a traffic classifier.

Format

if-match [ match-id ] outbound-interface interface-type interface-number

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

interface-type interface-number

Specifies the type and number of an outbound interface.
  • interface-type specifies the type of the interface.
  • interface-number specifies the number of the interface.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match outbound-interface command to classify traffic based on an outbound interface and process packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

It is recommended that a traffic policy containing if-match outbound-interface be not applied to an interface.

If you run the if-match outbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier class1: Packets sent from GE1/0/1 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match 1 outbound-interface gigabitethernet 1/0/1

if-match protocol (upgrade-compatible command)

Function

The if-match protocol command configures a matching rule in a traffic classifier based on the protocol.

By default, a matching rule based on the protocol is not configured in a traffic classifier.

Format

if-match [ match-id ] protocol { ip | ipv6 }

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

ip

Specifies an IP protocol.

-

ipv6

Specifies an IPv6 protocol.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match protocol command to classify traffic based on the protocol and process packets of the same protocol in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

Currently, IPv4 and IPV6 are supported on the device.

If you run the if-match protocol command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for traffic classifier c1: IP packets are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 protocol ip

if-match tcp (upgrade-compatible command)

Function

The if-match tcp command configures a matching rule in a traffic classifier based on the SYN Flag in the TCP packet header.

By default, a matching rule based on the SYN Flag in the TCP packet header is not configured in a traffic classifier.

Format

if-match [ match-id ] tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

syn-flag Specifies the SYN Flag in the TCP packet header. -

syn-flag-value

Specifies the SYN Flag in the TCP packet header.

The value is an integer that ranges from 0 to 63.

ack

Indicates that the SYN Flag type in the TCP packet header is ACK.

-

fin

Indicates that the SYN Flag type in the TCP packet header is FIN.

-

psh

Indicates that the SYN Flag type in the TCP packet header is PSH.

-

rst

Indicates that the SYN Flag type in the TCP packet header is RST.

-

syn

Indicates that the SYN Flag type in the TCP packet header is SYN.

-

urg

Indicates that the SYN Flag type in the TCP packet header is URG.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match tcp command to classify traffic based on the SYN Flag in the TCP packet header and process packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

NOTE:

The if-match tcp command only takes effect for IPv4 packets.

If you run the if-match tcp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule for the traffic classifier c1: TCP packets with SYN Flag psh are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 tcp syn-flag psh

if-match vlan-id (upgrade-compatible command)

Function

The if-match vlan-id command configures a matching rule in a traffic classifier based on the VLAN ID in packets.

By default, a matching rule based on the VLAN ID in packets is not configured in a traffic classifier.

Format

if-match [ match-id ] vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

start-vlan-id [ to end-vlan-id ]

Specifies the outer VLAN ID.
  • start-vlan-id specifies the start outer VLAN ID. The values of start-vlan-idis integer in the range of 1 to 4094.

  • end-vlan-id specifies the end outer VLAN ID. The values of end-cvlan-id is integer in the range of 1 to 4094.

end-cvlan-id must be larger than start-cvlan-id. If to end-vlan-id is not specified, only the VLAN ID specified by start-vlan-id is matched.

-

cvlan-id cvlan-id

Specifies the inner VLAN ID.

The value is an integer that ranges from 1 to 4094.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match vlan-id command to classify traffic based on the VLAN ID of packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Example

# Define a matching rule for the traffic classifier c1: Packets with VLAN 2 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 vlan-id 2

if-match vlan-8021p (upgrade-compatible command)

Function

The if-match vlan-8021p command configures a matching rule in a traffic classifier based on the 802.1p priority in VLAN packets.

By default, a matching rule based on the 802.1p priority in VLAN packets is not configured in a traffic classifier.

Format

if-match [ match-id ] vlan-8021p 8021p-value &<1-8>

Parameters

Parameter

Description

Value

match-id

Specifies the number of an if-match rule.

The value is an integer that ranges from 0 to 255.

8021p-value

Specifies the 802.1p priority in VLAN packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority in VLAN packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Define a matching rule for the traffic classifier c1: Packets with 802.1p priority 1 are matched.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 1 vlan-8021p 1

pass (upgrade-compatible command)

Function

Using the pass command, you can configure the device to send host packets with abnormal IDs, without applying the CAR.

Format

pass

Parameters

None

Views

CPCAR view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Configure the device to send ARP packets with an abnormal ID.

<HUAWEI> system-view
[HUAWEI] cpcar bfd
[HUAWEI-cpcar-bfd] pass

qos car (upgrade-compatible command)

Function

Using the qos car { broadcast | multicast | unknown } command, you can apply a QoS CAR template to a VLAN to police the outgoing traffic of the VLAN.

Format

qos car { broadcast | multicast | unknown } car-name [ share ]

Parameters

Parameter

Description

Value

broadcast

Implements QoS CAR for outgoing broadcast packets in a VLAN.

-

multicast

Implements QoS CAR for outgoing multicast packets in a VLAN.

-

unknown

Implements the QoS CAR for outgoing unknown unicast packets in a VLAN.

-

car-name

Specifies the name of a QoS CAR template.

The value is a string of 1 to 31 characters.

share

Implements QoS CAR for all the outgoing packets for which the same QoS CAR template is created in a VLAN.

-

Views

VLAN view

Default Level

2: Configuration level

Usage Guidelines

To limit outgoing packets in a VLAN, you need to use the qos car { broadcast | multicast | unknown } command.

Broadcast packets refer to the packets whose destination MAC address is all Fs.

QoS CAR configured on an interface takes precedence over QoS CAR configured in a VLAN. If QoS CAR is configured on the interface and in the VLAN, QoS CAR configured on the interface is used.

Example

# Implement a QoS CAR named qoscar1 for outgoing broadcast packets in VLAN 10.

<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] qos car broadcast qoscar1

set (upgrade-compatible command)

Function

The set command configures 802.1p or DSCP field.

The undo set command deletes the 802.1p or DSCP field.

Format

set { cos cos-value | dscp dscp-value }

undo set { cos | dscp }

Parameters

Parameter

Description

Value

cos cos-value

Indicates the 802.1p field.

The value is an integer that ranges from 0 to 7.

dscp dscp-value

Indicates the DSCP priority.

The value is an integer that ranges from 0 to 63.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After the 802.1p or DSCP field is set, the corresponding field in the protocol packets sent by the switch is changed to the new value.

Example

# Set the DSCP field to 10.

<HUAWEI> system-view
[HUAWEI] set dscp 10
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 26595

Downloads: 109

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next