No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Re-marking of Destination MAC Addresses

Configuring Re-marking of Destination MAC Addresses

Context

The re-marking function enables the switch to set the specified fields of packets that match traffic classification rules. After a re-marking action is configured, the switch continues to process outgoing packets based on the original priority, but the downstream device processes the packets based on the re-marked priority. You can configure an action that re-marks the destination MAC address of packets in a traffic behavior so that the downstream device can identify packets and provide differentiated services.

NOTE:

Only the S5720EI, S6720EI, and S6720S-EI support this function.

Procedure

  1. Configure a traffic classifier.
    1. Run system-view

      The system view is displayed.

    2. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.

      The logical operator and between the rules in the traffic classifier means that:
      • If the traffic classifier contains ACL rules, packets match the traffic classifier only if they match one ACL rule and all the non-ACL rules.

      • If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only if they match all the rules in the classifier.

      The logical operator or means that packets match the traffic classifier if they match one of the rules in the classifier.

      By default, the relationship between rules in a traffic classifier is or.

    3. Configure matching rules in the traffic classifier according to the following table.
      NOTE:

      Only the S5720EI, S6720EI, and S6720S-EI support traffic classifiers with advanced ACLs containing the ttl-expired field.

      When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, the S5720HI, S5730HI, and S6720HI do not support remark 8021p [ 8021p-value | inner-8021p ], remark cvlan-id cvlan-id, remark vlan-id vlan-id, or mac-address learning disable.

      Matching Rule

      Command

      Remarks

      Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

      if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

      Only the S1720X, S1720X-E, S5720EI, S5720HI, S5730HI, S5730S-EI, S5730SI, S6720EI, S6720HI, S6720LI, S6720S-EI, S6720S-LI, S6720S-SI, and S6720SI support the cvlan-id cvlan-id parameter.

      Inner and outer VLAN IDs in QinQ packets

      if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ] (S1720X, S1720X-E, S5720EI, S5720HI, S5730HI, S5730S-EI, S5730SI, S6720EI, S6720HI, S6720LI, S6720S-EI, S6720S-LI, S6720S-SI, and S6720SI)

      -

      802.1p priority in VLAN packets

      if-match 8021p 8021p-value &<1-8>

      If you specify multiple values for 8021p-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      Inner 802.1p priority in QinQ packets

      if-match cvlan-8021p 8021p-value &<1-8> (S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI)

      -

      Drop packet

      if-match discard (S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI)

      A traffic classifier containing this matching rule can only be bound to traffic behaviors containing the traffic statistics collection and flow mirroring actions.

      Double tags in QinQ packets

      if-match double-tag (S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI)

      -

      Destination MAC address

      if-match destination-mac mac-address [ mac-address-mask ]

      -

      Source MAC address

      if-match source-mac mac-address [ mac-address-mask ]

      -

      Protocol type in the Ethernet frame header

      if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

      -

      All packets

      if-match any

      -

      DSCP priority in IP packets

      if-match dscp dscp-value &<1-8>

      • If you specify multiple values for dscp-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      • If the relationship between rules in a traffic classifier is AND, the if-match dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

      IP precedence in IP packets

      if-match ip-precedence ip-precedence-value &<1-8>
      • If you specify multiple values for ip-precedence-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      • The if-match dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

      Layer 3 protocol type

      if-match protocol { ip | ipv6 }

      -

      SYN flag in TCP packets

      if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

      -

      Inbound interface

      if-match inbound-interface interface-type interface-number

      A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.

      Outbound interface

      if-match outbound-interface interface-type interface-number (S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI)

      A traffic policy containing this matching rule cannot be applied to the inbound direction on the S5720HI, S5730HI, and S6720HI.

      A traffic policy containing this matching rule cannot be applied in the interface view.

      ACL rule

      if-match acl { acl-number | acl-name }
      • When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.
      • If an ACL in a traffic classifier defines multiple rules and a packet matches any of the rules, the packet matches the ACL, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

      ACL6 rule

      if-match ipv6 acl { acl-number | acl-name }

      Before specifying an ACL6 in a matching rule, configure the ACL6.

      Flow ID

      if-match flow-id flow-id (S5720EI, S6720EI, S6720S-EI)

      A traffic classifier containing if-match flow-id and a traffic behavior containing remark flow-id must be bound to different traffic policies.

      A traffic policy containing if-match flow-id can be only applied to an interface, a VLAN or the system in the inbound direction.

    4. Run quit

      Exit from the traffic classifier view.

  2. Configure a traffic behavior.
    1. Run traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed.

    2. Run remark destination-mac mac-address

      An action that re-marks destination MAC addresses of packets is configured. The destination MAC address to be re-marked must be a unicast MAC address.

    3. Run quit

      Exit from the traffic behavior view.

    4. Run quit

      Exit from the system view.

  3. Configure a traffic policy.
    1. Run traffic policy policy-name [ match-order { auto | config } ]

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed. If you do not specify a matching order for traffic classifiers in the traffic policy, the default matching order config is used.

      After a traffic policy is applied, you cannot use the traffic policy command to modify the matching order of traffic classifiers in the traffic policy. To modify the matching order, delete the traffic policy, create a traffic policy, and then specify the matching order.

      When creating a traffic policy, you can specify the matching order of matching rules in the traffic policy. The matching order can be either the automatic order (auto) or configuration order (config):
      • If the automatic order is used, traffic classifiers are matched based on the priorities of their types. Traffic classifiers based on Layer 2 and IPv4 Layer 3 information, advanced ACL6 information, basic ACL6 information, Layer 2 information, IPv4 Layer 3 information, and user-defined ACL information are matched in descending order of priority. If data traffic matches multiple traffic classifiers and the bound traffic behaviors conflict with each other, the traffic behavior corresponding to the highest priority rule takes effect.
      • If the configuration order is used, traffic classifiers are matched based on the sequence in which they are bound to traffic behaviors.
      NOTE:

      If more than 128 ACL rules defining CAR are configured, a traffic policy must be applied to an interface, a VLAN, and the system in sequence in the outbound direction. In the preceding situation, if ACL rules need to be updated, delete the traffic policy from the interface, VLAN, and system and re-configure a traffic policy in sequence.

    2. Run classifier classifier-name behavior behavior-name

      A traffic behavior is bound to a traffic classifier in the traffic policy.

    3. Run quit

      Exit from the traffic policy view.

    4. Run quit

      Exit from the system view.

  4. Apply the traffic policy.
    • Applying a traffic policy to an interface
      1. Run system-view

        The system view is displayed.

      2. Run interface interface-type interface-number

        The interface view is displayed.

      3. Run traffic-policy policy-name { inbound }

        A traffic policy is applied to the interface.

    • Applying a traffic policy to a VLAN
      1. Run system-view

        The system view is displayed.

      2. Run vlan vlan-id

        The VLAN view is displayed.

      3. Run traffic-policy policy-name { inbound }

        A traffic policy is applied to the VLAN.

    • Applying a traffic policy to the system
      1. Run system-view

        The system view is displayed.

      2. Run traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]

        A traffic policy is applied to the system.

        Only one traffic policy can be applied to the system or slot in one direction. A traffic policy cannot be applied to the same direction in the system and slot simultaneously.

        • In a stack, a traffic policy that is applied to the system takes effect on all the interfaces and VLANs of all the member switches in the stack. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on all the member switches. A traffic policy that is applied to a specified slot takes effect on all the interfaces and VLANs of the member switch with the specified stack ID. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on this member switch.
        • On a standalone switch, a traffic policy that is applied to the system takes effect on all the interfaces and VLANs of the local switch. The system then performs traffic policing for all the incoming and outgoing packets that match traffic classification rules on the local switch. Traffic policies applied to the slot and system have the same functions.

Verifying the Configuration

  • Run the display traffic classifier user-defined [ classifier-name ] command to check the traffic classifier configuration on the switch.
  • Run the display traffic behavior user-defined [ behavior-name ] command to check the traffic behavior configuration on the switch.
  • Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ] command to check the user-defined traffic policy configuration.
  • Run the display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound } [ verbose ] command to check traffic actions and ACL rules associated with the system, a VLAN, or an interface.
  • Run the display traffic policy { interface [ interface-type interface-number ] | vlan [ vlan-id ] | global } [ inbound ] command to check the traffic policy configuration on the switch.
  • Run the display traffic-policy applied-record [ policy-name ] command to check the record of the specified traffic policy.
Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 156531

Downloads: 680

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next