Configuring a Traffic Classifier

Context

A traffic classifier classifies packets based on matching rules. Packets matching the same traffic classifier are processed in the same way, which is the basis for providing differentiated services.

Procedure

1. Run system-view

   The system view is displayed.

2. Run traffic classifier classifier-name [ operator { and | or } ]

   A traffic classifier is created and the traffic classifier view is displayed.

   and indicates that rules are ANDed with each other.

   • If a traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.

   • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

   or indicates that the relationship between rules is OR. Packets match a traffic classifier as long as packets match only one rule of the traffic classifier.

   By default, the relationship between rules in a traffic classifier is OR.

3. Run the following commands as required.

   Matching Rule	Command
   Outer VLAN ID	if-match vlan-id start-vlan-id [ to end-vlan-id ]
   Inner VLAN IDs in QinQ packets	if-match cvlan-id start-vlan-id [ to end-vlan-id ]
   802.1p priority in VLAN packets	if-match 8021p 8021p-value &<1-8>
   Inner 802.1p priority in QinQ packets	if-match cvlan-8021p 8021p-value &<1-8>
   Destination MAC address	if-match destination-mac mac-address [ mac-address-mask mac-address-mask ]
   Source MAC address	if-match source-mac mac-address [ mac-address-mask mac-address-mask ]
   Protocol type field encapsulated in the Ethernet frame header	if-match l2-protocol { arp | ip | rarp | protocol-value }
   All packets	if-match any
   DSCP priority in IP packets	if-match [ ipv6 ] dscp dscp-value &<1-8> NOTE: The AR510 series (except AR515CGW-L and AR515GW-LM9-D) do not support IPv6.
   IP precedence in IP packets	if-match ip-precedence ip-precedence-value &<1-8> NOTE: if-match [ ipv6 ] dscp and if-match ip-precedence cannot be configured simultaneously in a traffic classifier where the relationship between rules is AND.
   Layer 3 protocol type	if-match protocol { ip | ipv6 } NOTE: The AR510 series (except AR515CGW-L and AR515GW-LM9-D) do not support IPv6.
   QoS group index of packets	if-match qos-group qos-group-value
   IPv4 packet length	if-match packet-length min-length [ to max-length ]
   PVC information in ATM packets	if-match pvc vpi-number/vci-number NOTE: The AR550 series do not support this configuration.
   RTP port number	if-match rtp start-port start-port-number end-port end-port-number
   SYN Flag in the TCP packet header	if-match tcp syn-flag { ack | fin | psh | rst | syn | urg } *
   Inbound interface	if-match inbound-interface interface-type interface-number
   Outbound interface	if-match outbound-interface Cellular interface-number:channel
   ACL rule	if-match acl { acl-number | acl-name } NOTE: Before defining a matching rule for traffic classification based on an ACL, create the ACL. To use an ACL in a traffic classifier to match the source IP address, run the qos pre-nat command on an interface to configure NAT pre-classification. NAT pre-classification enables the NAT-enabled device to carry the private IP address before translation on the outbound interface so that the NAT-enabled device can classify IP packets based on private IP addresses and provide differentiated services.
   ACL6 rule	if-match ipv6 acl { acl-number | acl-name } NOTE: The AR510 series (except AR515CGW-L and AR515GW-LM9-D) do not support IPv6. Before defining a matching rule for traffic classification based on an ACL, create the ACL. To use an ACL in a traffic classifier to match the source IP address, run the qos pre-nat command on an interface to configure NAT pre-classification. NAT pre-classification enables the NAT-enabled device to carry the private IP address before translation on the outbound interface so that the NAT-enabled device can classify IP packets based on private IP addresses and provide differentiated services.
   Application protocol	if-match application application-name [ time-range time-name ] NOTE: Only the AR503GW-LcM7, AR503GW-LM7, AR503GW-Lo, AR503HGW-L, AR503HGW-Lc, and AR510 series support this configuration. Before defining a matching rule based on an application protocol, enable Smart Application Control (SA) and load the signature file.
   SA group	if-match category category-name [ time-range time-name ] NOTE: Only the AR503GW-LcM7, AR503GW-LM7, AR503GW-Lo, AR503HGW-L, AR503HGW-Lc, and AR510 series support this configuration. Before defining a matching rule based on an application protocol, enable Smart Application Control (SA) and load the signature file.
   User group	if-match user-set user-set-name [ time-range time-range-name ] NOTE: Only AR550-8FE-D-H, AR550-24FE-D-H, AR550C-4GE, AR550C-2C6GE and AR550C-2C6GE-2D support this configuration.

4. Run quit

   Exit from the traffic classifier view.