No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MQC Configuration Commands

MQC Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

classifier behavior

Function

The classifier behavior command binds a traffic behavior to a traffic classifier in a traffic policy.

The undo classifier command unbinds a traffic behavior from a traffic classifier in a traffic policy.

By default, no traffic classifier or traffic behavior is bound to a traffic policy.

Format

classifier classifier-name behavior behavior-name

undo classifier classifier-name

Parameters

Parameter

Description

Value

classifier-name

Specifies the name of a traffic classifier.

The value must be the name of an existing traffic classifier.

behavior-name

Specifies the name of a traffic behavior.

The value must be the name of an existing traffic behavior.

Views

Traffic policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To take an action for packets of a certain type, use a traffic classifier to group the packets into one class and use a traffic behavior to define an action. Then associate the traffic classifier with the traffic behavior and bind them to a traffic policy.

Prerequisites

Precautions

You can dynamically add, modify, or delete the bound traffic classifiers, traffic behaviors, or binding of traffic classifiers and traffic behaviors in a traffic policy that has been applied to the system, an LPU, a VLAN, or an interface.

Dynamically updating the traffic classifiers and traffic behaviors in a traffic policy makes the traffic policy ineffective for a short time. Confirm the operation before you use this command.

In a traffic policy, one traffic classifier can be bound to only one traffic behavior; each traffic policy supports a maximum of 256 pairs of traffic classifiers and traffic behaviors.

Example

# Bind the traffic classifier c1 to the traffic behavior b1 in the traffic policy p1, and apply the traffic policy to GE1/0/1 in the inbound direction.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match any
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] remark 8021p 2
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound
[HUAWEI-GigabitEthernet1/0/1] quit

# Bind the traffic classifier c1 to the new traffic behavior newb1 in the traffic policy p1 that has been applied to GE1/0/1 in the inbound direction.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior newb1
[HUAWEI-trafficpolicy-p1] quit

display acl division

Function

The display acl division command displays division rules based on the VLAN ID range in a delivered traffic classification rule or port number range in a delivered ACL rule.

Format

display acl division start-id to end-id

Parameters

Parameter

Description

Value

start-id

Specifies the start VLAN ID or port number.

The value is an integer that ranges from 0 to 65535.

to end-id

Specifies the end VLAN ID or port number.

The value is an integer that ranges from 0 to 65535.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When the if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ] command is used to configure a traffic classification rule defining a VLAN ID range, or the rule (advanced ACL view) or rule (advanced ACL6 view) command is used with the protocol as TCP or UDP and the port number range specified, run the display acl resource command to view occupied ACL resources. The system divides a rule into multiple rules. The display acl division command displays division rules based on the VLAN ID range or port number range.

Example

# Display division rules based on VLAN 10 to VLAN 20 or PORT10 to PORT20.
<HUAWEI> display acl division 10 to 20
 Range: 10 to 20;  Total rules: 4                                               
 ------------------------------------------------------                         
  [ 1]:Value = 10     Mask = 0xfffe  Range[   10,   11]                         
  [ 2]:Value = 12     Mask = 0xfffc  Range[   12,   15]                         
  [ 3]:Value = 16     Mask = 0xfffc  Range[   16,   19]                         
  [ 4]:Value = 20     Mask = 0xffff  Range[   20,   20]     
Table 15-1  Description of the display acl division command output

Item

Description

Range

Input VLAN ID range or port number range.

Total rules

Number of division rules based on the VLAN ID range or port number range.

[ 1]

ID of the division rule.

Value

Start VLAN ID of the division rule.

Mask

Mask of the VLAN ID in the division rule.

Range

Division rule range.

display traffic behavior

Function

The display traffic behavior command displays the traffic behavior configuration on the device.

Format

display traffic behavior user-defined [ behavior-name ]

Parameters

Parameter

Description

Value

user-defined [ behavior-name ]

Displays the configuration of a specified traffic behavior. If the name of a traffic behavior is not specified, the configuration of all traffic behaviors is displayed.

The value must be the name of an existing traffic behavior.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic behavior command displays the configuration of a specified traffic behavior or all traffic behaviors. The command output helps you check the traffic behavior configuration and locate faults.

Precautions

If no traffic behavior is created, the system displays the following information after this command is executed:
Info: There is no behavior exists.
If the specified traffic behavior name is incorrect, the system displays the following information after this command is executed:
Info: The behavior does not exist.

Example

# Display the configuration of all traffic behaviors.
<HUAWEI> display traffic behavior user-defined
  User Defined Behavior Information:                                            
    Behavior: b1                                                                
      permit
      Remark:                                                                   
        Remark 8021p 4                                                          
      Redirect:                                                                 
        Redirect cpu                                                            
      Committed Access Rate:                                                    
        CIR 10000 (Kbps), PIR 10000 (Kbps), CBS 1880000 (byte), PBS 3130000 (byte)
        Color Mode: color Blind                                                 
        Conform Action: pass                                                    
        Yellow  Action: pass                                                    
        Exceed  Action: discard                                                 
                                                                                
Total behavior number is 1    
Table 15-2  Description of the display traffic behavior user-defined command output

Item

Description

Behavior

Traffic behavior name. To create a traffic behavior, run the traffic behavior command.

Committed Access Rate

CAR. To configure an action taken for packets whose rate exceeds the CAR, run the car (traffic behavior view) command.

CIR

Committed information rate (CIR). To set the CIR, run the car (traffic behavior view) command.

PIR

Peak information rate (PIR). To set the PIR, run the car (traffic behavior view) command.

CBS

Committed burst size (CBS). To set the CBS, run the car (traffic behavior view) command.

PBS

Peak burst size (PBS). To set the PBS, run the car (traffic behavior view) command.

Color Mode

Color mode, which can be color-aware or color-blind. To set the color mode, run the car (traffic behavior view) command.

Conform Action

Action taken for packets whose rate is within the CIR. To configure an action taken for packets whose rate is within the CIR, run the car (traffic behavior view) command.

Yellow Action

Action taken for yellow packets. To configure an action taken for yellow packets, run the car (traffic behavior view) command.

Exceed Action

Action taken for packets whose rate exceeds the CIR. To configure an action taken for packets whose rate exceeds the CIR, run the car (traffic behavior view) command.

Remark

Re-marking action. To configure re-marking, run the remark command.

Redirect

Redirection action. To configure redirection, run the redirect command.

Total behavior number is 1

Total number of created traffic behaviors.

display traffic classifier

Function

The display traffic classifier command displays the traffic classifier configuration on the device.

Format

display traffic classifier user-defined [ classifier-name ]

Parameters

Parameter

Description

Value

user-defined [ classifier-name ]

Displays the configuration of a specified traffic classifier. If the name of a traffic classifier is not specified, the configuration of all traffic classifiers is displayed.

The value must be the name of an existing traffic classifier.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic classifier command displays the configuration of a specified traffic classifier or all traffic classifiers. The command output helps you check the traffic classifier configuration and locate faults.

Precautions

If no traffic classifier is created, the system displays the following information after this command is executed:
Info: There is no classifier exists.
If the specified traffic classifier name is incorrect, the system displays the following information after this command is executed:
Info: The classifier does not exist.

Example

# Display the configuration of all traffic classifiers on the device.

<HUAWEI> display traffic classifier user-defined
  User Defined Classifier Information:
   Classifier: c1
    Precedence: 5
    Operator: AND
    Rule(s) : if-match vlan-id 120
             
   Classifier: c2
    Precedence: 10
    Operator: AND
    Rule(s) : if-match vlan-id 110
             
   Classifier: c3
    Precedence: 15
    Operator: AND
    Rule(s) : if-match vlan-id 100
             
Total classifier number is 3 
Table 15-3  Description of the display traffic classifier user-defined command output

Item

Description

Classifier

Traffic classifier name. To create a traffic classifier, run the traffic classifier command.

Precedence

Traffic classifier priority. A smaller value indicates a higher priority of a traffic classifier. To create a traffic classifier, run the traffic classifier command.

Operator

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Rule(s)

Rule in a traffic classifier.

Total classifier number is

Total number of created traffic classifiers.
Related Topics

display traffic policy

Function

The display traffic policy command displays the traffic policy configuration on the device.

Format

display traffic policy { interface [ interface-type interface-number [.subinterface-number ] ] | vlan [ vlan-id ] | ssid-profile [ ssid-profile-name ] | global } [ inbound | outbound ]

Parameters

Parameter

Description

Value

interface [ interface-type interface-number [.subinterface-number ] ]

Displays the traffic policy configuration on a specified interface.
  • interface-type specifies the interface type.
  • interface-number [.subinterface-number ] specifies the interface or sub-interface number.

-

vlan [ vlan-id ]

Displays the traffic policy configuration in a specified VLAN.

The value is an integer that ranges from 1 to 4094.

ssid-profile [ ssid-profile-name ]

Displays the traffic policy configuration in a specified SSID profile.

The value must be the name of an existing SSID profile.

global

Displays the traffic policy configuration in the system.

-

inbound

Displays the traffic policy configuration in the inbound direction.

-

outbound

Displays the traffic policy configuration in the outbound direction.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic policy command displays the configuration of a specified traffic policy or all traffic policies. The command output helps you check the traffic policy configuration and locate faults.

Example

# Display the traffic policy on GE 1/0/1.
<HUAWEI> display traffic policy interface gigabitethernet 1/0/1
                                                                                
  Interface: GigabitEthernet1/0/1                                             
                                                                                
  Direction: Inbound                                                            
                                                                                
  Policy: p1                                                                    
    Classifier: c1                                                              
      Operator: OR                                                              
      Rule(s) :                                                                 
        if-match any                                                            
    Behavior: b1                                                                
      Committed Access Rate:                                                    
        CIR 10000 (Kbps), PIR 10000 (Kbps), CBS 1880000 (byte), PBS 3130000 (byte)                                                                              
        Color Mode: color Blind                                                 
        Conform Action: pass                                                    
        Yellow  Action: pass                                                    
        Exceed  Action: discard                                                 
Table 15-4  Description of the display traffic policy command output

Item

Description

Interface

Interface to which the traffic policy is applied.

Direction

Direction to which a traffic policy is applied. To apply a traffic policy, run the traffic-policy (interface view) command.

Policy

Traffic policy name. To create a traffic policy, run the traffic policy command.

Classifier

Traffic classifier in a traffic policy. To create a traffic classifier, run the traffic classifier command.

Operator

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Rule(s)

Rule in a traffic classifier.

Behavior

Traffic behavior bound to the traffic classifier. To create a traffic behavior, run the traffic behavior command.

Committed Access Rate

CAR. To configure CAR, run the car (traffic behavior view) command.

CIR 10000 (Kbps), PIR 10000 (Kbps), CBS 1880000 (byte), PBS 3130000 (byte)

Parameters in the QoS CAR profile, including the CIR, PIR, CBS, and PBS. To configure CAR parameters, run the car (traffic behavior view) command.

Color Mode

Color mode for traffic policing. To configure a color mode for traffic policing, run the car (traffic behavior view) command.

Conform Action

Action taken for packets whose rate is within the CIR. To configure an action taken for packets whose rate is within the CIR, run the car (traffic behavior view) command.

Yellow Action

Action taken for yellow packets. To configure an action taken for yellow packets, run the car (traffic behavior view) command.

Exceed Action

Action taken for packets whose rate exceeds the CIR. To configure an action taken for packets whose rate exceeds the CIR, run the car (traffic behavior view) command.

# Display the traffic policy in the SSID profile named test.
<HUAWEI> display traffic policy ssid-profile test inbound
  Ssid-profile: test

  Direction: Inbound

  Policy: 1
    Classifier: 1
     Operator: AND
     Rule(s) :
        if-match vlan-id 100
    Behavior: 1
      Permit
Table 15-5  Description of the display traffic policy command output

Item

Description

Ssid-profile

SSID profile to which the traffic policy is applied.

Direction

Direction to which a traffic policy is applied. To apply a traffic policy, run the traffic-policy (SSID profile view) command.

Policy

Traffic policy name. To create a traffic policy, run the traffic policy command.

Classifier

Traffic classifier in a traffic policy. To create a traffic classifier, run the traffic classifier command.

Operator

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Rule(s)

Rule in a traffic classifier.

Behavior

Traffic behavior bound to the traffic classifier. To create a traffic behavior, run the traffic behavior command.

Permit

Allows packets matching the rule in the traffic classifier to pass. To allow or disallow packets matching the rule in the traffic classifier to pass, run the deny | permit command.

display traffic policy statistics

Function

The display traffic policy statistics command displays packet statistics in the specified object or each object to which a traffic policy has been applied.

Format

display traffic policy statistics { global [ slot slot-id ] | interface interface-type interface-number [.subinterface-number ] | vlan vlan-id | ssid-profile ssid-profile-name } { inbound | outbound } [ verbose { classifier-base | rule-base } [ class classifier-name ] ]

display traffic policy statistics policy-name policy-name

display traffic policy statistics all

Parameters

Parameter

Description

Value

global

Displays packet statistics in the system to which a traffic policy has been applied.

-

slot slot-id

Displays packet statistics on a specified LPU to which a traffic policy has been applied. slot-id specifies the slot ID of the LPU.

The value is an integer. It must be the slot ID of a running LPU.

interface interface-type interface-number [.subinterface-number ]

Displays packet statistics on a specified interface or sub-interface to which a traffic policy has been applied.
  • interface-type specifies the interface type.
  • interface-number [.subinterface-number ] specifies the interface or sub-interface number.

-

vlan vlan-id

Displays packet statistics in a specified VLAN to which a traffic policy has been applied. vlan-id specifies the ID of the VLAN.

The value is an integer that ranges from 1 to 4094.

ssid-profile ssid-profile-name

Displays packet statistics in a specified SSID profile to which a traffic policy has been applied. ssid-profile-name specifies the name of the SSID profile.

The value must be the name of an existing SSID profile.

inbound

Displays packet statistics in the inbound direction to which a traffic policy has been applied.

-

outbound

Displays packet statistics in the outbound direction to which a traffic policy has been applied.

-

verbose

Displays detailed packet statistics.

-

classifier-base

Displays statistics on packets matching a specified traffic classifier. If this parameter is specified, statistics on packets matching all traffic classifiers in the traffic policy are displayed.

-

rule-base

Displays statistics on packets matching a rule. If this parameter is specified, statistics on packets matching all rules are displayed.

-

class classifier-name

Specifies the name of a traffic classifier. If this parameter is specified, statistics on packets matching the specified traffic classifier or rules in the specified traffic classifier are displayed. If this parameter is not specified, statistics on packets matching all traffic classifiers are displayed.

The value must be the name of an existing traffic classifier.

policy-name policy-name

Displays packet statistics in each object to which the specified traffic policy is applied.

The value must be the name of an existing traffic policy.

all

Displays packet statistics in each object to which a traffic policy has been applied, including packet statistics in the inbound or outbound directions in the system, on each LPU, on each interface, in each VLAN, and in each SSID profile.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic policy statistics command displays packet statistics in the specified object or each object to which a traffic policy has been applied. The command output helps you check statistics on forwarded and discarded packets and locate faults.

Precautions

If no traffic policy is applied, the system displays the following information after this command is executed:
Info: The Policy is not applied in this view.
If you do not run the statistic enable (traffic behavior view) command in the view of the traffic behavior in a traffic policy, the system displays the following information after this command is executed:
Info: Statistic has not been enabled.
NOTE:

If a traffic policy contains many rules, after the reset traffic policy statistics command has been used, wait for a period and run the display traffic policy statistics command. If you run the display traffic policy statistics command immediately, information may be not displayed.

If the rule-base parameter is specified in this command to display packet statistics matching a rule in a traffic classifier and ACL rules are modified or deleted at the same time, ACL rule statistics that are displayed in pagination mode are inaccurate. To obtain accurate ACL rule statistics, run this command after ACL rules are modified or deleted.

Example

# Display packet statistics on GE1/0/1 in the inbound direction to which a traffic policy has been applied.

<HUAWEI> display traffic policy statistics interface gigabitethernet 1/0/1 inbound
                                                                            
 Interface: GigabitEthernet1/0/1       
 Traffic policy inbound: p1                           
 Rule number: 1                                       
 Current status: success                                  
 Statistics interval: 300                             
---------------------------------------------------------------------            
 Board : 1                                          
---------------------------------------------------------------------            
 Matched          |      Packets:                             0                  
                  |      Bytes:                               0                  
                  |      Rate(pps):                           0                  
                  |      Rate(bps):                           0                  
---------------------------------------------------------------------            
   Passed         |      Packets:                             0                  
                  |      Bytes:                               0                  
                  |      Rate(pps):                           0                  
                  |      Rate(bps):                           0                  
---------------------------------------------------------------------            
   Dropped        |      Packets:                             0                  
                  |      Bytes:                               0                  
                  |      Rate(pps):                           0                  
                  |      Rate(bps):                           0                  
---------------------------------------------------------------------            
     Filter       |      Packets:                             0                  
                  |      Bytes:                               0                  
---------------------------------------------------------------------            
     Car          |      Packets:                             0                  
                  |      Bytes:                               0                  
--------------------------------------------------------------------- 

# Display statistics on incoming packets matching a rule after the traffic policy is applied to the system.

<HUAWEI> display traffic policy statistics global inbound verbose rule-base
 Global :                                               
 Traffic policy inbound: p1                             
 Rule number: 2                                         
 Current status: success                                    
 Statistics interval: 300                               
---------------------------------------------------------------------                     
 Classifier: c1 operator and                            
 Behavior: b1 
 if-match vlan-id 20                                    
 Board : 1  
---------------------------------------------------------------------                     
 Passed           |      Packets:                             0                           
                  |      Bytes:                               0                           
                  |      Rate(pps):                           0                           
                  |      Rate(bps):                           0                           
---------------------------------------------------------------------                     
 Dropped          |      Packets:                             0                           
                  |      Bytes:                               0                           
                  |      Rate(pps):                           0                           
                  |      Rate(bps):                           0                           
--------------------------------------------------------------------- 
NOTE:

SA series cards do not support byte-based traffic statistics. The information of the Bytes and Rate(bps) fields is displayed as -.

# Display statistics on incoming packets matching a traffic classifier in the traffic policy that has been applied to GE1/0/1.
<HUAWEI> display traffic policy statistics interface gigabitethernet 1/0/1 inbound verbose classifier-base class c1               
                                                                                
 Interface: GigabitEthernet1/0/1                                                
 Traffic policy inbound: p1                                                     
 Rule number: 5                                                                 
 Current status: success                                                            
 Statistics interval: 300                                                       
---------------------------------------------------------------------           
 Classifier: c1 operator and                                                    
 Behavior: b1                                                                   
 Board : 1                                                                     
---------------------------------------------------------------------       
 Matched          |      Packets:                             0              
                  |      Bytes:                               0              
                  |      Rate(pps):                           0                       
                  |      Rate(bps):                           0                        
---------------------------------------------------------------------                 
   Passed         |      Packets:                             0                      
                  |      Bytes:                               0                      
                  |      Rate(pps):                           0                 
                  |      Rate(bps):                           0                     
---------------------------------------------------------------------               
   Dropped        |      Packets:                             0                  
                  |      Bytes:                               0                    
                  |      Rate(pps):                           0                   
                  |      Rate(bps):                           0                   
---------------------------------------------------------------------               
     Filter       |      Packets:                             0                 
                  |      Bytes:                               0                   
---------------------------------------------------------------------                 
     Car          |      Packets:                             0                    
                  |      Bytes:                               0                     
--------------------------------------------------------------------- 

# Display statistics about incoming packets matching rules after the traffic policy is applied to GigabitEthernet 1/0/1.

<HUAWEI> display traffic policy statistics interface GigabitEthernet 1/0/1 inbound verbose rule-base
Interface: GigabitEthernet1/0/1
Traffic policy inbound: tp2
Rule number: 2
Current status: success
Statistics interval: 300
---------------------------------------------------------------------
Classifier: c2 operator and
Behavior: b1
Board : 1
rule 15 permit ip source 10.154.128.6 0 (match-counter 0)
---------------------------------------------------------------------
Passed            |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
Dropped           |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
rule 70 permit ip source 10.10.12.0 0.0.0.31 (match-counter 0)
---------------------------------------------------------------------
Passed            |      Packets:                        13,528
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
Dropped           |      Packets:                             0
                  |      Bytes:                               -
                  |      Rate(pps):                           0
                  |      Rate(bps):                           -
---------------------------------------------------------------------
Table 15-6  Description of the display traffic policy statistics command output

Item

Description

Interface

Interface to which the traffic policy is applied.

Global

System or LPU to which the traffic policy is applied.

Traffic policy inbound

Applied traffic policy.

Rule number

Number of valid rules in the traffic classifier.

Current status

Traffic policy status.

Statistics interval

Interval for collecting traffic statistics. To set the interval for collecting traffic statistics, run the traffic statistics interval command.

Classifier

Relationship between rules in the traffic classifier. To configure the relationship between rules in a traffic classifier, run the traffic classifier command.

Behavior

Traffic behavior name. To create a traffic behavior, run the traffic behavior command.

Board

LPU to which the traffic policy is applied. When you query the statistics on an Eth-Trunk, the system displays only the statistics on the LPU where member interfaces in the Eth-Trunk are located.

Matched

Numbers of packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time.

Passed

Numbers of forwarded packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time.

Dropped

Numbers of discarded packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time. The discarded packets include the filtered packets and packets dropped by CAR.

Filter

Numbers of filtered packets and bytes that match traffic classification rules. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time.

Car

Numbers of packets and bytes that match traffic classification rules and are discarded by CAR. The data is originated from the packet statistics that have been collected since the original statistics were cleared last time. To configure CAR, run the car (traffic behavior view) command.

Packets

Number of packets. If the information is displayed as -, the statistics on this item cannot be collected.

Bytes

Number of bytes. If the information is displayed as -, the statistics on this item cannot be collected.

Rate(pps) Rate, in pps. If the information is displayed as -, the statistics on this item cannot be collected.
Rate(bps) Rate, in bit/s. If the information is displayed as -, the statistics on this item cannot be collected.

match-counter 0

Number of times packets match ACL rules.

NOTE:

FTP, TFTP, Telnet, SNMP, HTTP, routing, and multicast packets match software ACL rules, and the number of times packets match software ACL rules can be checked using a command. Other packets match hardware ACL rules, and the number of times packets match hardware ACL rules can be checked using other methods. For example, to view the number of times packets match ACL rules after a traffic policy is applied, run the statistic enable (traffic behavior view) command to enable traffic statistics in the traffic behavior and run the display traffic policy statistics command to check statistics.

display traffic policy user-defined

Function

The display traffic policy user-defined command displays the user-defined traffic policy configuration.

Format

display traffic policy user-defined [ policy-name [ classifier classifier-name ] ]

Parameters

Parameter

Description

Value

policy-name

Displays the configuration of a specified user-defined traffic policy. If this parameter is not specified, the configuration of all user-defined traffic policies is displayed.

The value must be the name of an existing traffic policy.

classifier classifier-name

Displays the configuration of a traffic behavior bound to a specified traffic classifier in a traffic policy. If this parameter is not specified, the traffic policy configuration is displayed.

The value must be the name of an existing traffic classifier.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic policy user-defined command displays the configuration of a specified traffic policy or all traffic policies. The command output helps you check the traffic policy configuration and locate faults.

Precautions

If no traffic policy is created, the system displays the following information after the display traffic policy user-defined command is executed:
Info: There is no policy exists.
If the specified traffic policy name is incorrect, the system displays the following information after the display traffic policy user-defined command is executed:
Info: The policy does not exist.

Example

# Display the user-defined traffic policy configuration.

<HUAWEI> display traffic policy user-defined
  User Defined Traffic Policy Information:                                      
  Policy: p1                                                                    
   Classifier: c1                                                               
    Operator: AND                                                               
     Behavior: b1                                                               
      Permit
      Remark:                                                                   
        Remark 8021p 4                                                          
      Committed Access Rate:                                                    
        CIR 10000 (Kbps), PIR 10000 (Kbps), CBS 1880000 (byte), PBS 3130000 (byte)                                                                              
        Color Mode: color Blind                                                 
        Conform Action: pass                                                    
        Yellow  Action: pass                                                    
        Exceed  Action: discard                                                 
                                                                                
Total policy number is 1                                                        
Table 15-7  Description of the display traffic policy user-defined command output

Item

Description

User Defined Traffic Policy Information

User-defined traffic policy configuration.

Policy

Traffic policy name. To create a traffic policy, run the traffic policy command.

Classifier

Traffic classifier in a traffic policy. To create a traffic classifier, run the traffic classifier command.

Operator

Relationship between rules in the traffic classifier. To create a traffic classifier, run the traffic classifier command.

Behavior

Traffic behavior associated with the traffic classifier in the traffic policy. To create a traffic behavior, run the traffic behavior command.

Committed Access Rate

CAR. To configure the CAR, run the car (traffic behavior view) command.

Conform Action

Action taken for packets whose rate is within the CIR. To configure an action taken for packets whose rate is within the CIR, run the car (traffic behavior view) command.

Yellow Action

Action taken for yellow packets. To configure an action taken for yellow packets, run the car (traffic behavior view) command.

Exceed Action

Action taken for packets whose rate exceeds the CIR. To configure an action taken for packets whose rate exceeds the CIR, run the car (traffic behavior view) command.

Remark

Re-marking action. To configure re-marking, run the remark command.

Total policy number is

Total number of created traffic policies.

display traffic-applied

Function

The display traffic-applied command displays information about ACL-based simplified and MQC-based traffic policies applied to the system, a VLAN, an interface, an SSID profile, or a traffic profile.

Format

display traffic-applied [ interface [ interface-type interface-number ] | vlan [ vlan-id ] ] { inbound | outbound } [ verbose ]

display traffic-applied [ ssid-profile [ ssid-profile-name ] | traffic-profile [ traffic-profile-name ] ] { inbound | outbound }

display traffic-applied brief

display traffic-applied record

Parameters

Parameter

Description

Value

interface [ interface-type interface-number ]

Displays information about ACL-based simplified and MQC-based traffic policies applied to a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

If this parameter is not specified, information about ACL-based simplified and MQC-based traffic policies applied to the system or a VLAN is displayed.

-

vlan [ vlan-id ]

Displays information about ACL-based simplified and MQC-based traffic policies applied to a specified VLAN.

If this parameter is not specified, information about ACL-based simplified and MQC-based traffic policies applied to the system or an interface is displayed.

The value is an integer that ranges from 1 to 4094.

ssid-profile [ ssid-profile-name ]

Displays information about ACL-based simplified and MQC-based traffic policies applied to a specified SSID profile.

The value must be the name of an existing SSID profile.

traffic-profile [ traffic-profile-name ]

Displays information about ACL-based simplified and MQC-based traffic policies applied to a specified traffic profile.

The value must be the name of an existing traffic profile.

inbound

Displays information about ACL-based simplified and MQC-based traffic policies applied in the inbound direction.

-

outbound

Displays information about ACL-based simplified and MQC-based traffic policies applied in the outbound direction.

-

verbose

Displays detailed information about ACL-based simplified and MQC-based traffic policies applied to the system, a VLAN, or an interface.

-

brief

Displays brief information about ACL-based simplified and MQC-based traffic policies applied to the system, a VLAN, an interface, an SSID profile, or a traffic profile.

-

record

Displays information about all ACL-based simplified traffic policies applied to the device.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display traffic-applied command displays information about ACL-based simplified and MQC-based traffic policies applied to the system, a VLAN, or an interface.

Example

# Display information about globally applied ACL-based simplified and MQC-based traffic policies in the inbound direction.

<HUAWEI> display traffic-applied inbound
-----------------------------------------------------------
Policy applied inbound global
  Policy:    p1
-----------------------------------------------------------
Table 15-8  Description of the display traffic-applied inbound command output

Item

Description

Policy

Traffic policy name. To create a traffic policy, run the traffic policy command.

# Display the configuration of all ACL-based simplified traffic policies on the device.

<HUAWEI> display traffic-applied record
-------------------------------------------------------------------------
*interface GigabitEthernet1/0/1
 traffic-filter inbound acl 3000
  slot 1: success

-------------------------------------------------------------------------
*system
 traffic-filter inbound acl 3001
  slot 1: success
  slot 2: success

 traffic-filter outbound acl 3002
  slot 1: success
  slot 2: success

-------------------------------------------------------------------------
Table 15-9  Description of the display traffic-applied record command output

Item

Description

interface GigabitEthernet1/0/1

Interface where the ACL-based simplified traffic policy has been applied.

traffic-filter inbound acl 3000

Configuration of the ACL-based simplified traffic policy that has been applied. For details, see ACL-based Simplified Traffic Policy Commands.

slot

Slot where the ACL-based simplified traffic policy has been applied.

success

Status of the ACL-based simplified traffic policy that has been applied:
  • success: The ACL-based simplified traffic policy has been applied successfully.
  • fail: The ACL-based simplified traffic policy fails to be applied.

system

Configuration of the ACL-based simplified traffic policy that has been applied globally.

display traffic-policy applied-record

Function

The display traffic-policy applied-record command displays traffic policy records.

Format

display traffic-policy applied-record [ policy-name ]

Parameters

Parameter

Description

Value

policy-name

Displays the record of a specified traffic policy. If this parameter is not specified, records of all the applied traffic policies are displayed.

The value must be the name of an existing traffic policy.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The display traffic-policy applied-record command displays a record of an applied traffic policy or records of all applied traffic policies, including the view, interface number, and direction that the traffic policy/policies is/are applied to, traffic policy status on a card or an SSID profile, and number of times the traffic policy/policies is/are applied. The command output helps you check traffic policy records and locate faults.

Precautions

If no traffic policy is created, the system does not display any information after this command is executed.

If the specified traffic policy name is incorrect, the system displays the following information after this command is executed:
Info: Traffic policy does not exist.

Example

# Display the record of the traffic policy p1 in a non-CSS scenario.

<HUAWEI> display traffic-policy applied-record p1
-------------------------------------------------
  Policy Name:   p1
  Policy Index:  3
     Classifier:c1     Behavior:b1
-------------------------------------------------
 *interface GigabitEthernet1/0/0
    traffic-policy p1 inbound
      slot 1    :  success
 *vlan 100
    traffic-policy p1 inbound
      slot 1    :  fail
      slot 3    :  fail
 *system
    traffic-policy p1 global inbound
      slot 1    :  success
      slot 3    :  success
 *ssid-profile test
    traffic-policy p1 inbound
      slot 1    :  success
-------------------------------------------------
  Policy total applied times: 4.                  

# Display the record of the traffic policy p1 in a CSS scenario.

<HUAWEI> display traffic-policy applied-record p1
-------------------------------------------------                               
  Policy Name:   p1                                                              
  Policy Index:  1                                                              
     Classifier:c1     Behavior:b1                                                
-------------------------------------------------                               
 *system                                                                        
    traffic-policy p1 global inbound                                             
      slot 1/5  :  success                                                      
      slot 1/8  :  success                                                      
      slot 1/9  :  success                                                      
      slot 1/10 :  success                                                      
      slot 2/4  :  success                                                      
      slot 2/5  :  success                                                      
      slot 2/7  :  success                                                      
      slot 2/9  :  success                                                      
      slot 2/10 :  success                                                      
 *system                                                                        
    traffic-policy p1 global outbound                                            
      slot 1/5  :  success                                                      
      slot 1/8  :  success                                                      
      slot 1/9  :  success                                                      
      slot 1/10 :  fail                                                         
      slot 2/4  :  success                                                      
      slot 2/5  :  success                                                      
      slot 2/7  :  success                                                      
      slot 2/9  :  success                                                      
      slot 2/10 :  success                                                      
-------------------------------------------------                               
  Policy total applied times: 2.          
Table 15-10  Description of the display traffic-policy applied-record command output

Item

Description

Policy Name

Traffic policy name. To configure a traffic policy, run the traffic policy command.

Policy Index

Traffic policy index.

Classifier

Traffic classifier name. To configure a traffic classifier, run the traffic classifier command.

Behavior

Traffic behavior name. To configure a traffic behavior, run the traffic behavior command.

interface GigabitEthernet1/0/0

Interface to which the traffic policy is applied. To apply a traffic policy to an interface, run the traffic-policy (interface view) command.

traffic-policy p1 inbound

Inbound direction to which the traffic policy p1 is applied.

traffic-policy p1 outbound

Outbound direction to which the traffic policy p1 is applied.

slot

Status of the traffic policy applied to the specified card.
  • success: The traffic policy is applied successfully.
  • fail: The traffic policy fails to be applied.

vlan

VLAN to which the traffic policy is applied. To apply a traffic policy to a VLAN, run the traffic-policy (VLAN view) command.

system

System to which the traffic policy is applied. To apply a traffic policy to the system, run the traffic-policy global command.

ssid-profile

SSID profile to which the traffic policy is applied. To apply a traffic policy to an SSID profile, run the traffic-policy (SSID profile view) command.

Policy total applied times

Number of times the traffic policy is applied.

if-match 8021p

Function

The if-match 8021p command configures a matching rule based on the 802.1p priority of VLAN packets in a traffic classifier.

The undo if-match 8021p command deletes a matching rule based on the 802.1p priority of VLAN packets in a traffic classifier.

By default, a matching rule based on the 802.1p priority of VLAN packets is not configured in a traffic classifier.

Format

if-match 8021p 8021p-value &<1-8>

undo if-match 8021p

Parameters

Parameter

Description

Value

8021p-value

Specifies the 802.1p priority of VLAN packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority in VLAN packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match 8021p command to classify traffic based on the 802.1p priority in VLAN packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

After the remark 8021p, add-tag vlan-id, remark cvlan-id, and remark vlan-id commands are used, the system modifies VLAN tags of packets according to the re-marking configuration. These actions are called VLAN-based actions.

If a traffic policy containing the traffic classifier if-match 8021p and the VLAN-based action, and the mapping between 802.1p priorities and internal priorities are configured on the inbound interface of packets, the device determines whether packets match the rule according to the mapped 802.1p priorities.

If a traffic policy containing the traffic classifier if-match 8021p and the non-VLAN-based action, and the mapping between 802.1p priorities and internal priorities are configured on the inbound interface of packets, the device determines whether packets match the rule based on mapped internal priorities.

Regardless of whether the relationship between traffic classification rules is AND or OR, if you enter multiple values of 802.1p priorities, the packet that matches one 802.1p priority matches a rule.

If you run the if-match 8021p command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the 802.1p priority of 1 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match 8021p 1

if-match acl

Function

The if-match acl command configures a matching rule based on an Access Control List (ACL) in a traffic classifier.

The undo if-match acl command deletes a matching rule based on an ACL.

By default, a matching rule based on an ACL is not configured in a traffic classifier.

Format

if-match [ ipv6 ] acl { acl-number | acl-name }

undo if-match [ ipv6 ] acl { acl-number | acl-name }

Parameters

Parameter

Description

Value

ipv6

Indicates that IPv6 ACLs are matched. If this parameter is not specified, IPv4 ACLs are matched.

-

acl-number

Specifies the number of an ACL.

The value is an integer. The number of an ACL6 ranges from 2000 to 3999.
  • ACLs numbered 2000 to 2999 are basic ACLs, which are used to classify all packets.
  • ACLs numbered 3000 to 3999 are advanced ACLs, which are used to classify packets based on Layer 3 information.
  • ACLs numbered 4000 to 4999 are Layer 2 ACLs, which are used to classify packets based on the source MAC address, destination MAC address, and packet type.
  • ACLs numbered 5000 to 5999 are user-defined ACLs.

acl-name

Specifies the name of an ACL.

The value must be the name of an existing ACL.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To classify packets based on the interface that receives packets, source IP address, destination IP address, protocol over IP, source and destination TCP port numbers, ICMP type and code, and source and destination MAC addresses, ARP packets, reference an ACL in a traffic classifier. You must first define an ACL and configure rules in the ACL, and then run the if-match acl command to configure a matching rule based on the ACL so that the device processes packets matching the same rule in the same manner.

Prerequisites

The following operations must have been performed:
  • Create an ACL and configure rules in the ACL.

  • Create a traffic classifier using the traffic classifier command.

Precautions

Regardless of whether the relationship between rules in a traffic classifier is AND or OR, if an ACL contains multiple rules, the packet that matches one ACL rule matches the ACL.

You can configure only the user-defined ACL (the user-defined ACL number ranges from 5000 to 5999) or configure the user-defined ACL and other matching rules in a traffic classifier where the relationship between rules is AND. When the user-defined ACL and other matching rules are configured, the user-defined ACL can be used only with the if-match vlan-id, if-match inbound-interface, or if-match outbound-interface command.

X series cards do not support traffic classifiers with advanced ACLs containing the ttl-expired field.

You can configure multiple ACL rules in a traffic classifier to match different types of packets.

Example

# Configure a matching rule based on ACL 2046 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] acl 2046
[HUAWEI-acl-basic-2046] rule permit source any
[HUAWEI-acl-basic-2046] quit
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match acl 2046

if-match any

Function

The if-match any command configures a matching rule based on all data packets in a traffic classifier.

The undo if-match any command deletes a matching rule based on all data packets in a traffic classifier.

By default, a matching rule based on all data packets is not configured in a traffic classifier.

Format

if-match any

undo if-match any

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To process all the data packets in the same manner, run the if-match any command.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Example

# Configure a matching rule based on all data packets in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match any
Related Topics

if-match cvlan-8021p

Function

The if-match cvlan-8021p command configures a matching rule based on the 802.1p priority in the inner tag of QinQ packets in a traffic classifier.

The undo if-match cvlan-8021p command deletes a matching rule based on the 802.1p priority in the inner tag of QinQ packets in a traffic classifier.

By default, a matching rule based on the 802.1p priority in the inner tag of QinQ packets is not configured in a traffic classifier.

Format

if-match cvlan-8021p 8021p-value &<1-8>

undo if-match cvlan-8021p

Parameters

Parameter

Description

Value

8021p-value

Specifies the 802.1p priority in the inner tag of QinQ packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of QinQ packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match cvlan-8021p command to classify packets based on the 802.1p priority in the inner tag of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match cvlan-8021p command is valid for only the double-tagged packets.

If you enter multiple 802.1p priorities in the inner tag of packets in the command, a packet matches a rule as long as it matches one of the 802.1p priorities in the inner tag of packets, regardless of whether the relationship between traffic classification rules is AND or OR.

If you run the if-match cvlan-8021p command multiple times in the same traffic classifier view, only the latest configuration takes effect.

Example

# Configure a matching rule based on the inner 802.1p priority of 1 in QinQ packets in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match cvlan-8021p 1
Related Topics

if-match cvlan-id

Function

The if-match cvlan-id command configures a matching rule based on VLAN IDs in the inner and outer tags of QinQ packets in a traffic classifier. You can specify the VLAN ID range in the inner tag.

The undo if-match cvlan-id command deletes a matching rule based on VLAN IDs in the inner and outer tags of QinQ packets in a traffic classifier.

By default, a matching rule based on the VLAN ID in the inner and outer tags of QinQ packets is not configured in a traffic classifier.

Format

if-match cvlan-id start-cvlan-id [ to end-cvlan-id ] [ vlan-id vlan-id ]

undo if-match cvlan-id start-cvlan-id [ to end-cvlan-id ] [ vlan-id vlan-id ]

Parameters

Parameter

Description

Value

start-cvlan-id [ to end-cvlan-id ]

Specifies the VLAN ID in the inner tag of a QinQ packet.

  • start-cvlan-id specifies the start VLAN ID in the inner tag. The value is an integer that ranges from 1 to 4094.

  • end-cvlan-id specifies the end VLAN ID in the inner tag. The value is an integer that ranges from 1 to 4094.

The value of end-cvlan-id must be larger than the value of start-cvlan-id.

If to end-cvlan-id is not specified, only the VLAN ID specified by start-cvlan-id is matched.

vlan-id vlan-id

Specifies the VLAN ID in the outer tag of a QinQ packet.

If this parameter is not specified, only the VLAN ID in the inner tag of a QinQ packet is matched.

The value is an integer that ranges from 1 to 4094.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match cvlan-id command to classify packets based on the VLAN ID in the inner tag of QinQ packets or VLAN IDs in inner and outer tags of QinQ packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match cvlan-id command is valid for only the double-tagged packets.

Example

# Configure a matching rule based on the VLAN ID of 100 in the inner tag of QinQ packets in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match cvlan-id 100

# Configure a matching rule based on the inner VLAN ID in the range of 100 to 200 and outer VLAN ID 300 of QinQ packets in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match cvlan-id 100 to 200 vlan-id 300
Related Topics

if-match destination-mac

Function

The if-match destination-mac command configures a matching rule based on the destination MAC address in a traffic classifier.

The undo if-match destination-mac command deletes a matching rule based on the destination MAC address in a traffic classifier.

By default, a matching rule based on the destination MAC address is not configured in a traffic classifier.

Format

if-match destination-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

undo if-match destination-mac

Parameters

Parameter

Description

Value

mac-address

Specifies the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

[ mac-address-mask ] mac-address-mask

Specifies the mask of the destination MAC address.

Similar to the mask of the IP address, the value F indicates that the destination MAC address is matched and the value 0 indicates that the destination MAC address is not matched. The mask of the MAC address determines a group of MAC addresses. The device can accurately match certain bits in the destination MAC address using the mask of the MAC address. In practice, you can set these bits to F in the mask of the destination MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The value cannot be 0-0-0.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match destination-mac command to configure a matching rule based on the destination MAC address in a traffic classifier so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you run the if-match destination-mac command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the destination MAC address of 0050-ba27-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match destination-mac 0050-ba27-bed3

# Configure a matching rule based on the destination MAC address of XX50-bXX7-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match destination-mac 0050-b007-bed3 mac-address-mask 00ff-f00f-ffff

if-match discard

Function

The if-match discard command configures a matching rule based on drop packets in a traffic classifier.

The undo if-match discard command deletes a matching rule based on drop packets in a traffic classifier.

By default, a matching rule based on drop packets is not configured in a traffic classifier.

Format

if-match discard

undo if-match discard

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After packets reach the device, invalid packets are discarded. You can run the if-match discard command to configure the device to match discarded packets, take action for the discarded packets such as traffic statistics and mirroring, and analyze them.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

For the X series cards, packets matched by the if-match discard command cannot be mirrored to the CPU.

Example

# Configure a matching rule based on discarded packets in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match discard
Related Topics

if-match double-tag

Function

The if-match double-tag command configures a matching rule based on double tags of packets in a traffic classifier.

The undo if-match double-tag command deletes a matching rule based on double tags of packets in a traffic classifier.

By default, a matching rule based on double tags of packets is not configured in a traffic classifier.

Format

if-match double-tag

undo if-match double-tag

Parameters

None

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match double-tag command to classify traffic based on double tags so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Example

# Configure a matching rule based on double tags of packets in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match double-tag
Related Topics

if-match dscp

Function

The if-match dscp command configures a matching rule based on the Differentiated Services Code Point (DSCP) priority of packets in a traffic classifier.

The undo if-match dscp command deletes a matching rule based on the DSCP priority of packets in a traffic classifier.

By default, a matching rule based on the DSCP priority of packets is not configured in a traffic classifier.

Format

if-match [ ipv6 ] dscp dscp-value &<1-8>

undo if-match [ ipv6 ] dscp

Parameters

Parameter

Description

Value

ipv6

Indicates that IPv6 packets are matched. If this parameter is not specified, IPv4 packets are matched.

-

dscp dscp-value

Specifies the DSCP priority.

The value can be a DiffServ code, an integer ranging from 0 to 63, or the name of the DSCP service type such as af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1-cs7, default, and ef.

The values corresponding to service types are as follows:

  • af11: 10
  • af12: 12
  • af13: 14
  • af21: 18
  • af22: 20
  • af23: 22
  • af31: 26
  • af32: 28
  • af33: 30
  • af41: 34
  • af42: 36
  • af43: 38
  • cs1: 8
  • cs2: 16
  • cs3: 24
  • cs4: 32
  • cs5: 40
  • cs6: 48
  • cs7: 56
  • default: 0
  • ef: 46

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match dscp command to classify packets based on the DSCP priority of packets so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If ipv6 is not specified, if-match dscp can match both IPv4 and IPv6 packets.

If you enter multiple DSCP priorities in the command, a packet matches a rule as longs as it matches one of the DSCP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.

If the relationship between rules in a traffic classifier is AND, the if-match dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

If the relationship between rules in a traffic classifier is AND, the if-match dscp dscp-value and if-match ipv6 dscp dscp-value commands cannot be used in the traffic classifier simultaneously.

In a version earlier than V200R009C00, if if-match dscp dscp-value is configured in the traffic classifier on the switch, the traffic classifier can only match IPv4 packets. After the switch is upgraded to V200R009C00 and later versions, the traffic classifier can match IPv4 and IPv6 packets.

If if-match dscp dscp-value is configured in a traffic classifier and if-match ipv6 dscp dscp-value is configured in the other traffic classifier, the switch matches packets with the traffic classifier based on priorities of traffic classifiers. For details about the priority of a traffic classifier, see traffic classifier.

If you run the if-match dscp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the DSCP priority of 1 in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match dscp 1

if-match flow-id

Function

The if-match flow-id command configures a matching rule based on the flow ID in a traffic classifier.

The undo if-match flow-id command deletes a matching rule based on the flow ID in a traffic classifier.

By default, no matching rule based on the flow ID is configured in a traffic classifier.

Format

if-match flow-id flow-id

undo if-match flow-id

NOTE:

X series cards and SA series cards do not support this command.

Parameters

Parameter

Description

Value

flow-id

Specifies a flow ID.

The value is an integer that ranges from 1 to 8.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a traffic policy is applied to different interfaces or VLANs, to save ACL resources, you can run the if-match flow-id command to classify packets based on the flow ID so that the device processes packets matching the same flow ID in the same manner.

Assume that M ACLs are configured on the device to distinguish services, and each ACL contains N ACL rules. Traffic classifiers classify packets based on ACL rules, and the traffic policy containing the ACL rules are applied to X interfaces. If the action of re-marking flow IDs and matching rules based on the flow IDs are not configured, applying the traffic policy occupies M*N*X ACL resources. If the action of re-marking flow IDs and matching rules based on flow IDs are configured, applying the traffic policy occupies only M*(N+X) ACL resources.

Prerequisites

The following operations must have been performed before this command is used:

  • Run the remark flow-id command in the traffic behavior view to configure an action of re-marking the flow ID.
  • Run the traffic classifier command in the system view to create a traffic classifier.

Precautions

It is recommended that the traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id be bound to different traffic policies.

The traffic policy containing if-match flow-id can be only applied to an interface, a VLAN, a card, or the system in the inbound direction.

If you run the if-match flow-id command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the flow ID of 1 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match flow-id 1

if-match inbound-interface

Function

The if-match inbound-interface command configures a matching rule based on an inbound interface in a traffic classifier.

The undo if-match inbound-interface command deletes a matching rule based on an inbound interface in a traffic classifier.

By default, a matching rule based on an inbound interface is not configured in a traffic classifier.

Format

if-match inbound-interface interface-type interface-number

undo if-match inbound-interface

Parameters

Parameter

Description

Value

interface-type interface-number

Specifies the type and number of an inbound interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match inbound-interface command to classify traffic based on an inbound interface so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

A traffic policy containing if-match inbound-interface cannot be applied to an interface.

For X series cards, the inbound interface in this command cannot be an Eth-Trunk member interface.

A traffic policy containing the if-match inbound-interface rule can only be applied to the inbound direction.

If you run the if-match inbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the inbound interface of GE1/0/1 in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match inbound-interface gigabitethernet 1/0/1
Related Topics

if-match ip-precedence

Function

The if-match ip-precedence command configures a matching rule based on the IP precedence of packets in a traffic classifier.

The undo if-match ip-precedence command deletes a matching rule based on the IP precedence of packets in a traffic classifier.

By default, a matching rule based on the IP precedence of packets is not configured in a traffic classifier.

Format

if-match ip-precedence ip-precedence-value &<1-8>

undo if-match ip-precedence

Parameters

Parameter

Description

Value

ip-precedence-value

Specifies the IP precedence.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match ip-precedence command to classify packets based on the IP precedence so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

After the if-match ip-precedence command is run, IP precedences are listed in ascending order.

If you enter multiple IP precedences in the if-match ip-precedence command, a packet matches a rule as long as it matches one of the IP precedence values, regardless of whether the relationship between traffic classification rules is AND or OR.

In a traffic classifier where the relationship between rules is AND, the if-match dscp and if-match ip-precedence commands cannot be used simultaneously.

The if-match ip-precedence command takes effect only for IPv4 packets.

If you run the if-match ip-precedence command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the IP precedence of 1 in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match ip-precedence 1

if-match ipv6 next-header

Function

The if-match ipv6 next-header command configures a matching rule based on the first Next Header field in the IPv6 packet header in a traffic classifier.

The undo if-match ipv6 next-header command deletes a matching rule based on the first Next Header field in the IPv6 packet header in a traffic classifier.

By default, a matching rule based on the first Next Header field in the IPv6 packet header is not configured in a traffic classifier.

Format

if-match ipv6 next-header header-number first-next-header

undo if-match ipv6 next-header header-number first-next-header

Parameters

Parameter

Description

Value

header-number

Specifies the value of the Next Header field in the IPv6 packet header.

The value is an integer that ranges from 0 to 255.

first-next-header

Specifies the first Next Header field in an IPv6 packet header.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can use the if-match ipv6 next-header command to classify IPv6 packets based on the first Next Header field in the IPv6 packet header so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The ET1D2X12SSA0 card does not support the routes whose prefix length ranges from 64 to 128.

If you run the if-match ipv6 next-header command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the first Next Header field of 20 in the IPv6 packet header in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match ipv6 next-header 20 first-next-header
Related Topics

if-match l2-protocol

Function

The if-match l2-protocol command configures a matching rule based on the Layer 2 protocol type in a traffic classifier.

The undo if-match l2-protocol command deletes a matching rule based on the Layer 2 protocol type in a traffic classifier.

By default, a matching rule based on the Layer 2 protocol type is not configured in a traffic classifier.

Format

if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

undo if-match l2-protocol

Parameters

Parameter

Description

Value

arp

Indicates that ARP packets are classified.

The value of arp corresponds to 0x0806.

ip

Indicates that IP packets are classified.

The value of ip corresponds to 0x0800.

mpls

Indicates that MPLS packets are classified.

The value of mpls corresponds to 0x8847.

rarp

Indicates that RARP packets are classified.

The value of rarp corresponds to 0x8035.

protocol-value

Specifies the value of a protocol type.

The value ranges from 0x0000 to 0xFFFF in hexadecimal notation and must start with 0x.

If the value of protocol-value is smaller than 0x0600, the Destination Service Access Point (DSAP) and Source Service Access Point (SSAP) fields in the Logical Line Control (LLC) protocol packets are matched.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match l2-protocol command to classify packets based on the Layer 2 protocol type so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The device supports Layer 2 protocols including ARP, IP, MPLS, and RARP.

If you run the if-match l2-protocol command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Define a matching rule based on the protocol type of ARP in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match l2-protocol arp
Related Topics

if-match mpls-exp

Function

The if-match mpls-exp command configures a matching rule based on the EXP priority of MPLS packets in a traffic classifier.

The undo if-match mpls-exp command deletes a matching rule based on the EXP priority of MPLS packets in a traffic classifier.

By default, a matching rule based on the EXP priority of MPLS packets is not configured in a traffic classifier.

Format

if-match mpls-exp exp-value &<1-8>

undo if-match mpls-exp

Parameters

Parameter

Description

Value

exp-value

Specifies the EXP priority of MPLS packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority of MPLS packets.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match mpls-exp command to classify MPLS packets based on the EXP priority so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

SA cards of the S series and X series cards do not support matching of EXP priorities in MPLS packets.

If you enter multiple values of EXP priorities in the command, a packet matches the traffic classifier as long as it matches one of the EXP priorities, regardless of whether the relationship between traffic classification rules is AND or OR.

If a traffic classifier in the traffic policy contains if-match mpls-exp, the traffic policy fails to be applied to the outbound direction on other cards except X series cards.

If you run the if-match mpls-exp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the EXP priority of 1 or 4 in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match mpls-exp 1 4
Related Topics

if-match outbound-interface

Function

The if-match outbound-interface command configures a matching rule based on an outbound interface in a traffic classifier.

The undo if-match outbound-interface command deletes a matching rule based on an outbound interface in a traffic classifier.

By default, a matching rule based on an outbound interface is not configured in a traffic classifier.

Format

if-match outbound-interface interface-type interface-number

undo if-match outbound-interface

Parameters

Parameter

Description

Value

interface-type interface-number

Specifies the type and number of an outbound interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match outbound-interface command to classify packets based on an outbound interface so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

A traffic policy containing if-match outbound-interface cannot be applied to an interface.

For X series cards, the outbound interface in this command cannot be an Eth-Trunk member interface.

For X series cards, a traffic policy containing the if-match outbound-interface rule can only be applied to the outbound direction.

If you run the if-match outbound-interface command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the outbound interface of GE1/0/1 in the traffic classifier class1.

<HUAWEI> system-view
[HUAWEI] traffic classifier class1
[HUAWEI-classifier-class1] if-match outbound-interface gigabitethernet 1/0/1
Related Topics

if-match protocol

Function

The if-match protocol command configures a matching rule based on a protocol in a traffic classifier.

The undo if-match protocol command deletes a matching rule based on a protocol in a traffic classifier.

By default, a matching rule based on a protocol is not configured in a traffic classifier.

Format

if-match protocol { ip | ipv6 }

undo if-match protocol

Parameters

Parameter

Description

Value

ip

Specifies an IP protocol.

-

ipv6

Specifies an IPv6 protocol.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match protocol command to classify packets based on a protocol so that the device processes packets of the same protocol in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

Currently, the device supports IPv4 and IPv6.

If you run the if-match protocol command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the IP protocol in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match protocol ip
Related Topics

if-match source-mac

Function

The if-match source-mac command configures a matching rule based on the source MAC address in a traffic classifier.

The undo if-match source-mac command deletes a matching rule based on the source MAC address in a traffic classifier.

By default, a matching rule based on the source MAC address is not configured in a traffic classifier.

Format

if-match source-mac mac-address [ [ mac-address-mask ] mac-address-mask ]

undo if-match source-mac

Parameters

Parameter

Description

Value

mac-address

Specifies the source MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

[ mac-address-mask ] mac-address-mask

Specifies the mask of the source MAC address.

Similar to the mask of the IP address, the mask of the MAC address determines a group of MAC addresses. The device can accurately match certain bits in the source MAC address using the mask of the MAC address. In practice, you can set these bits to F in the mask of the source MAC address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits. The value cannot be 0-0-0.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match source-mac command to classify packets based on the source MAC address so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

If you run the if-match source-mac command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the source MAC address of 0050-ba27-bed2 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match source-mac 0050-ba27-bed2

# Configure a matching rule based on the source MAC address of XX50-bXX7-bed3 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match source-mac 0050-ba27-bed3 mac-address-mask 00ff-f00f-ffff

if-match tcp

Function

The if-match tcp command configures a matching rule based on the SYN Flag in the TCP packet header in a traffic classifier.

The undo if-match tcp command deletes a matching rule based on the SYN Flag in the TCP packet header in a traffic classifier.

By default, a matching rule based on the SYN Flag in the TCP packet header is not configured in a traffic classifier.

Format

if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

undo if-match tcp syn-flag

Parameters

Parameter

Description

Value

syn-flag

Specifies the SYN Flag in the TCP packet header.

-

syn-flag-value

Specifies the SYN Flag in the TCP packet header.

The value is an integer that ranges from 0 to 63.

ack

Indicates that the SYN Flag type in the TCP packet header is ACK.

-

fin

Indicates that the SYN Flag type in the TCP packet header is FIN.

-

psh

Indicates that the SYN Flag type in the TCP packet header is PSH.

-

rst

Indicates that the SYN Flag type in the TCP packet header is RST.

-

syn

Indicates that the SYN Flag type in the TCP packet header is SYN.

-

urg

Indicates that the SYN Flag type in the TCP packet header is URG.

-

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match tcp command to classify packets based on the SYN Flag in the TCP packet header so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Precautions

The if-match tcp command takes effect only for IPv4 packets.

If you run the if-match tcp command in the same traffic classifier view multiple times, only the latest configuration takes effect.

Example

# Configure a matching rule based on the SYN Flag of psh in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match tcp syn-flag psh
Related Topics

if-match vlan-id

Function

The if-match vlan-id command configures a matching rule based on the VLAN ID of packets in a traffic classifier.

The undo if-match vlan-id command deletes a matching rule based on the VLAN ID of packets in a traffic classifier.

By default, a matching rule based on the VLAN ID of packets is not configured in a traffic classifier.

Format

if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

undo if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

Parameters

Parameter

Description

Value

start-vlan-id [ to end-vlan-id ]

Specifies the outer VLAN ID.

  • start-vlan-id specifies the start outer VLAN ID. The value of start-vlan-id is an integer that ranges from 1 to 4094.

  • end-vlan-id specifies the end outer VLAN ID. The value of end-vlan-id is an integer that ranges from 1 to 4094.

end-vlan-id must be larger than start-vlan-id. If to end-vlan-id is not specified, only the VLAN ID specified by start-vlan-id is matched.

cvlan-id cvlan-id

Specifies the inner VLAN ID.

The value is an integer that ranges from 1 to 4094.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the if-match vlan-id command to classify packets based on the VLAN ID so that the device processes packets matching the same traffic classifier in the same manner.

Prerequisites

A traffic classifier has been created using the traffic classifier command in the system view.

Example

# Configure a matching rule based on VLAN 2 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match vlan-id 2
Related Topics

if-match vxlan

Function

The if-match vxlan command configures a matching rule based on inner information of VXLAN packets in a traffic classifier.

The undo if-match vxlan command deletes a matching rule based on inner information of VXLAN packets from a traffic classifier.

By default, a matching rule based on inner information of VXLAN packets is not configured in a traffic classifier.

Format

if-match vxlan [ transit ] vni vni-id

undo if-match vxlan [ transit ] vni vni-id

Parameters

Parameter

Description

Value

transit

Indicates that VXLAN packets on the transmission device are matched.

If this parameter is not specified, a traffic policy containing this traffic classifier takes effect only on a VXLAN decapsulation device.

-

vni vni-id

Specifies the VNI ID for matching VXLAN packets.

The value is an integer that ranges from 1 to 16777215.

Views

Traffic classifier view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A VNI is similar to a VLAN ID on a traditional network, and it identifies a VXLAN segment. You can use the if-match vxlan command to classify packets based on the inner information of VXLAN packets so that the device processes packets matching the same traffic classifier in the same manner.

Precautions

  • A traffic policy containing this traffic classifier cannot be applied in the outbound direction.
  • If a traffic classifier contains this matching rule, it supports only traffic behaviors of traffic policing, packet filtering, and traffic statistics.

Example

# Configure a matching rule based on VNI 10 in the traffic classifier c1.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1] if-match vxlan transit vni 10
Related Topics

remark flow-id

Function

The remark flow-id command configures an action of re-marking the flow ID in a traffic behavior.

The undo remark flow-id command deletes the configuration.

By default, an action of re-marking the flow ID is not configured in a traffic behavior.

Format

remark flow-id flow-id

undo remark flow-id

NOTE:

X series cards and SA series cards do not support this command.

Parameters

Parameter

Description

Value

flow-id

Specifies the value of a flow ID.

The value is an integer that ranges from 1 to 8.

Views

Traffic behavior view

Default Level

2: Configuration level

Usage Guidelines

Application Scenarios

When a traffic policy is applied to different interfaces or VLANs, to save ACL resources, you can run the if-match flow-id command to classify packets based on the flow ID so that the device processes packets matching the same flow ID in the same manner. Before the device classifies packets based on the flow ID, use the remark flow-id command to configure an action of re-marking the flow ID in a traffic behavior.

Assume that M ACLs are configured on the device to distinguish services, and each ACL contains N ACL rules. Traffic classifiers classify packets based on ACL rules, and the traffic policy containing the ACL rules are applied to X interfaces. If the action of re-marking flow IDs and matching rules based on the flow IDs are not configured, applying the traffic policy occupies M*N*X ACL resources. If the action of re-marking flow IDs and matching rules based on flow IDs are configured, applying the traffic policy occupies only M*(N+X) ACL resources.

Follow-up Procedure

Run the traffic classifier command to configure a traffic classifier and run the if-match flow-id command in the traffic classifier view to create a matching rule based on the flow ID.

Precautions

It is recommended that the traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id be bound to different traffic policies.

The traffic policy containing remark flow-id can be only applied to an interface, a VLAN, a card, or the system in the inbound direction.

remark flow-id, statistic enable, and car cannot be configured in the same traffic behavior.

If you run the remark flow-id command in the same traffic behavior view multiple times, only the latest configuration takes effect.

Example

# Configure the device to re-mark the flow ID with 4 in the traffic behavior b1.

<HUAWEI> system-view
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] remark flow-id 4

reset traffic policy statistics

Function

The reset traffic policy statistics command clears statistics on packets matching a traffic policy that has been applied to the specified object or each object.

Format

reset traffic policy statistics { global [ slot slot-id ] | interface interface-type interface-number [.subinterface-number ] | vlan vlan-id | ssid-profile ssid-profile-name } { inbound | outbound }

reset traffic policy statistics policy-name policy-name

reset traffic policy statistics all

Parameters

Parameter

Description

Value

global

Clears statistics on packets matching a traffic policy in the system.

-

slot slot-id

Clears statistics on packets matching a traffic policy on a specified LPU. slot-id specifies the slot ID of the LPU.

The value is an integer. It must be the slot ID of a running LPU.

interface interface-type interface-number [.subinterface-number ]

Clears statistics on packets matching a traffic policy on a specified interface.
  • interface-type specifies the interface type.
  • interface-number [.subinterface-number ] specifies the interface or sub-interface number.

-

vlan vlan-id

Clears statistics on packets matching a traffic policy in a specified VLAN. vlan-id specifies the ID of the VLAN.

The value is an integer that ranges from 1 to 4094.

ssid-profile ssid-profile-name

Clears statistics on packets matching a traffic policy in a specified SSID profile. ssid-profile-name specifies the name of the SSID profile.

The value must the name of an existing SSID profile.

inbound

Clears traffic statistics in the inbound direction.

-

outbound

Clears traffic statistics in the outbound direction.

-

policy-name policy-name

Clears statistics on packets matching the specified traffic policy in each object.

The value must be the name of an existing traffic policy.

all

Clears statistics on packets matching a traffic policy in each object, including statistics on packets in the inbound and outbound directions in the system, on each LPU, on each interface, in each VLAN, and in each SSID profile.

-

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before re-collecting statistics on packets matching a traffic policy in the specified object or each object, run the reset traffic policy statistics command to clear existing packet statistics. Then run the display traffic policy statistics command to view packet statistics.

Precautions

The traffic policies that can be deleted from the device every second are limited. If many traffic policies are applied to the device, it may take a long time to delete the traffic policies.

The cleared traffic statistics cannot be restored. Exercise caution when you use the command.

If no traffic policy is applied, the system displays an error message after the reset traffic policy statistics command is executed:
Error: The Policy is not applied in this view.
If you do not run the statistic enable (traffic behavior view) command in the view of the traffic behavior in a traffic policy, the system displays an error message after the reset traffic policy statistics command is executed:
Info: Statistic has not been enabled.

If a traffic policy contains many rules, after the reset traffic policy statistics command has been used, wait for a period and run the display traffic policy statistics command. If you run the display traffic policy statistics command immediately, information may be not displayed.

Example

# Clear traffic statistics on GE1/0/1 in the inbound direction to which a traffic policy has been applied.

<HUAWEI> reset traffic policy statistics interface gigabitethernet 1/0/1 inbound

traffic behavior

Function

The traffic behavior command creates a traffic behavior and displays the traffic behavior view, or directly displays the view of an existing traffic behavior.

The undo traffic behavior command deletes a traffic behavior.

By default, no traffic behavior is created in the system.

Format

traffic behavior behavior-name

undo traffic behavior behavior-name

Parameters

Parameter

Description

Value

behavior-name

Specifies the name of a traffic behavior.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A traffic classifier is used to differentiate services and must be associated with a flow control or resource allocation action such as packet filtering, traffic policing, and re-marking. The actions constitute a traffic behavior. The traffic behavior command creates a traffic behavior.

Follow-up Procedure

Configure an action in the traffic behavior view. For example, run the car (traffic behavior view) command to configure the traffic policing action.

Precautions

To delete a traffic behavior, unbind the traffic policy containing the traffic behavior from the system, an LPU, an interface, or a VLAN where the traffic policy is applied and unbind the traffic behavior from the traffic classifier. To modify only actions in a traffic behavior, you do not need to unbind the traffic policy containing the traffic behavior from the system, an LPU, an interface, or a VLAN.

On the device, a maximum of 256 traffic behaviors can be created and multiple traffic actions can be configured in a traffic behavior.

Example

# Create the traffic behavior b1 and enter the traffic behavior view.

<HUAWEI> system-view
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1]

traffic classifier

Function

The traffic classifier command creates a traffic classifier and displays the traffic classifier view, or directly displays the view of an existing traffic classifier.

The undo traffic classifier command deletes a traffic classifier.

By default, no traffic classifier is created in the system.

Format

traffic classifier classifier-name [ operator { and | or } ] [ precedence precedence-value ]

undo traffic classifier classifier-name

Parameters

Parameter

Description

Value

classifier-name

Specifies the name of a user-defined traffic classifier.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

operator

Specifies the relationship between rules in a traffic classifier. If this parameter is not specified, the relationship between rules is OR by default.

-

and

Indicates that the relationship between rules is AND.

After this parameter is specified, the following situations occur:
  • If a traffic classifier contains ACL rules, packets match the traffic classifier only when the packets match one ACL rule and all the non-ACL rules.
  • If a traffic classifier does not contain ACL rules, packets match the traffic classifier only when the packets match all the non-ACL rules.

-

or

Indicates that the relationship between rules is OR.

After this parameter is specified, packets match a traffic classifier if the packets match one or more rules.

-

precedence precedence-value

Specifies the priority of a traffic classifier.

The value is an integer that ranges from 0 to 65535. A smaller value represents a higher priority.

If precedence-value is not specified when the traffic classifier is configured, the system allocates a priority to the traffic classifier.

Allocated priority value = [ (max-precedence + 5) / 5] × 5, where max-precedence specifies the largest priority value of a traffic classifier.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A traffic classifier classifies traffic of a certain type using matching rules. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior (see traffic behavior) to a traffic policy and apply the traffic policy.

A traffic classifier can be created based on Layer 2 information such as the 802.1p priority in the VLAN ID, 802.1p priority in the C-VLAN ID, VLAN ID, C-VLAN ID, or Layer 2 protocol type, and Layer 3 information such as the DSCP priority or IP priority, or ACLs.

Follow-up Procedure

Define rules in the traffic classifier. For example, run the if-match 8021p command to define rules based on the 802.1p priority in the VLAN tag.

Precautions

If precedence-value is not specified when a traffic classifier is configured, the value of [ (max-precedence + 5) / 5] × 5 is as follows:

When no traffic classifier exists, the value of max-precedence is 0.
  1. When no traffic classifier exists, if you create a traffic classifier named c1 and the priority of the traffic classifier is not specified, the value of max-precedence is 0. The system allocates the priority of 5 to the traffic classifier: [ ( 0 + 5 ) / 5 ] × 5 = 5. In this case, the maximum priority of the traffic classifier is 5, that is, the value of max-precedence is 5.
  2. If you create a traffic classifier named c2 and specify the priority of 11 for the traffic classifier (that is, the value of precedence-value is 11), there are two traffic classifiers in the system. The priorities of c1 and c2 are 5 and 11, respectively. The value of max-precedence is 11.
  3. If you create a traffic classifier named c3 and the priority of the traffic classifier is not specified, the system allocates the priority of 15 to the traffic classifier: [ ( 11 + 5 ) / 5 ] × 5 = 15. In this case, the maximum priority of the traffic classifier is 15, that is, the value of max-precedence is 15.

To modify the priority of a traffic classifier or delete a traffic classifier, unbind the traffic policy containing the traffic classifier from the system, an LPU, an interface, or a VLAN where the traffic policy is applied and unbind the traffic classifier from the traffic behavior.

A maximum of 512 traffic classifiers can be created on the device.

After the relationship between rules in a traffic classifier is changed, the system checks whether rules conflict. When the relationship between rules is changed from OR to AND and multiple rules are configured, for example, matching rules based on the 802.1p priority in the inner VLAN tag, DSCP priority, MPLS EXP priority, IP precedence, and VLAN ID, the rules may conflict and the traffic policy cannot take effect. If the relationship between rules is changed from AND to OR, the traffic policy still takes effect but services may be affected because more packets are matched. Exercise caution when you change the relationship between rules.

A traffic classifier allows a maximum of 40000 traffic classification rules.

Example

# Create a traffic classifier c1 and enter the traffic classifier view.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1 operator and
[HUAWEI-classifier-c1]

traffic policy

Function

The traffic policy command creates a traffic policy and specifies the matching order of traffic classifiers in the traffic policy.

The undo traffic policy command deletes a traffic policy.

By default, no traffic policy is created in the system.

Format

traffic policy policy-name [ match-order { auto | config } ] [ atomic ]

undo traffic policy policy-name

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a user-defined traffic policy.

The value is a string of 1 to 64 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

match-order

Specifies the matching order of traffic classifiers in the traffic policy.

By default, the matching order of traffic classifiers in a traffic policy is config.

-

auto

Indicates that the matching order depends on priorities of traffic classifier types. Traffic classifiers based on the following information are in descending order of priority:
  • Layer 2 and IPv4 Layer 3 information
  • Advanced ACL6 information
  • Basic ACL6 information
  • Layer 2 information
  • IPv4 Layer 3 information
  • User-defined ACL information

If this parameter is specified, ACL resources are saved.

-

config

Indicates that the matching order depends on the priorities of traffic classifiers. For details about the priority of a traffic classifier, refer to the traffic classifier command.

If this parameter is specified, more ACL resources are consumed.

-

atomic

Indicates the atomic attribute of a traffic policy. After this parameter is specified, if a traffic policy references an ACL and the ACL is applied to a specified object, dynamically updating the ACL does not interrupt services.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are obtained based on Layer 2 information, Layer 3 information, or ACLs. To implement differentiated services for service flows of packets, bind a traffic classifier and a traffic behavior to the created traffic policy and apply the traffic policy. You can use the traffic policy command to create a traffic policy. A maximum of 256 traffic policies can be created on the device.

Pre-configuration Tasks

A traffic classifier and a traffic behavior have been created.

Follow-up Procedure

Precautions

For the X series cards, no matter whether the traffic policy defines the auto or config matching order, traffic classifiers bound to the traffic policy always take effect in the config matching order.

For the cards except X series cards, when the traffic policy that defines the config matching order is applied to the inbound direction, traffic classifiers bound to the traffic policy take effect in the config matching order. When the traffic policy is applied to the outbound direction, even if the matching order is config, traffic classifiers bound to the traffic policy still take effect in the auto matching order.

For the cards except X series cards, when any of the following actions is defined in a traffic action of a traffic policy, even if the matching order is config, traffic classifiers bound to the traffic policy still take effect in the auto matching order:

You cannot directly modify the atomic attribute of a created traffic policy. To modify the atomic attribute, delete the traffic policy, and then recreate the traffic policy with the atomic attribute being specified or deleted.

The atomic attribute is valid for the traffic policy only containing the permit or deny action. If the traffic policy in which the atomic attribute is specified contains other actions in addition to permit or deny, applying the traffic policy will cause a failure to deliver the configuration.

For the traffic policy with specified atomic attribute, when the ACL configuration is being updated dynamically, ensure that the device has sufficient ACL resources. Otherwise, the updated ACL configuration will fail to be delivered.

If the atomic attribute is specified for a traffic policy and the device is downgraded from the current version to a version earlier than V200R011C10, the traffic policy configuration cannot be restored during device restart.

If the traffic policy that you want to delete has been applied to the system, LPU, an interface, or a VLAN, run the undo traffic-policy command to unbind the traffic policy in the corresponding view. Then run the undo traffic policy command in the system view to delete the traffic policy. The traffic policy that is not applied can be deleted directly.

When rule is configured in the traffic policy and permit ip is specified, many ARP Miss packets may be sent to the CPU. As a result, the device is disconnected.

Example

# Create a traffic policy p1, and associate the traffic classifier c1 with the traffic behavior b1 in the traffic policy.

<HUAWEI> system-view
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match any
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] remark 8021p 2
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 

# Delete the traffic policy p1 that has been applied to the inbound indirection on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo traffic-policy p1 inbound
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] undo traffic policy p1

traffic statistics interval

Function

The traffic statistics interval command sets the interval at which the system measures the rates of forwarded and discarded packets in a queue.

The undo traffic statistics interval command restores the default interval.

By default, the system measures the rates of forwarded and discarded packets in a queue at intervals of 300s.

Format

traffic statistics interval time-value

undo traffic statistics interval [ time-value ]

Parameters

Parameter

Description

Value

time-value

Specifies the interval at which the system measures the rates of forwarded and discarded packets in a queue.

The value is an integer that ranges from 30 to 600, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a device is managed by a network management system (NMS), the MIB module checks the rates of forwarded and discarded packets in each queue at intervals and sends the rates to the NMS. You can view the rates of forwarded and discarded packets in each queue to analyze network performance or locate faults. The MIB module calculates the average rates forwarded and discarded packets during an interval configured by this command.

Example

# Set the interval at which the system measures the rates of forwarded and discarded packets in a queue to 100s.

<HUAWEI> system-view
[HUAWEI] traffic statistics interval 100

traffic-policy (interface view)

Function

The traffic-policy command applies a traffic policy to an interface.

The undo traffic-policy command deletes a traffic policy from an interface.

By default, no traffic policy is applied to an interface.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy [ policy-name ] { inbound | outbound }

NOTE:

Sub-interfaces support only inbound.

NOTE:
  • Only the E series, X series, and SC series cards on the S12700 support Ethernet sub-interface configuration. For details about the cards, see Cards in the Hardware Description.

  • Only hybrid and trunk interfaces on the preceding series of cards support Ethernet sub-interface configuration.
  • After you run the undo portswitch command to switch Layer 2 interfaces on the preceding series of cards into Layer 3 interfaces, you can configure Ethernet sub-interfaces on the interfaces.

  • The SA series cards do not support Ethernet sub-interface configuration and cannot forward IP traffic to Ethernet sub-interfaces on other cards.

  • You are advised to add a member interface to an Eth-Trunk and then configure an Eth-Trunk sub-interface. The Eth-Trunk sub-interface can be successfully configured only when the card on which the member interface locates supports Ethernet sub-interface configuration.

  • VLAN termination sub-interfaces cannot be created on a VCMP client.

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a user-defined traffic policy.

The value must be the name of an existing traffic policy.

inbound

Applies a traffic policy to the inbound direction.

-

outbound

Applies a traffic policy to the outbound direction.

-

Views

GE interface view, XGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, GE sub-interface view, XGE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a created traffic policy to an interface.

Prerequisites

A traffic policy has been created using the traffic policy command, and traffic classifiers and traffic behaviors have been bound to the traffic policy.

Precautions

When you apply a traffic policy to an interface, the following situations may occur:
  • If a traffic classifier in the traffic policy contains if-match mpls-exp, the traffic policy fails to be applied to the outbound direction on other cards except X series cards.

  • If remark 8021p, remark cvlan-id, or remark vlan-id is defined in the traffic behavior bound to the traffic classifier, the traffic policy cannot be applied to the outbound direction of the interface added to the VLAN in untagged mode (see the port hybrid untagged vlan command). Otherwise, the packet content may be incorrect.

Only one traffic policy can be applied to each direction on an interface, but a traffic policy can be applied to different directions on different interfaces.

If there is a dynamic or static DHCP snooping binding table on an interface, the traffic policy containing traffic filtering or CAR is invalid for packets on the interface.

After a traffic policy is applied to an interface, you cannot directly delete the traffic policy, the traffic classifier and traffic behavior bound to the traffic policy. In addition, you cannot modify the matching order of the rules in the traffic policy. However, you can modify the relationship between matching rules in the traffic classifier, matching rules in the traffic classifier, priority of the traffic classifier, traffic action in the traffic behavior, and binding between the traffic classifier and the traffic behavior.

If the traffic policy that you want to delete has been applied to an interface, run the undo traffic-policy command to unbind the traffic policy from the interface. Then run the undo traffic policy command in the system view to delete the traffic policy.

Run the undo traffic-policy { inbound | outbound } command without policy-name specified to delete the traffic policy that has been applied to an interface and has the following names: i, in, inb, inbo, inbou, inboun, inbound, o, ou, out, outb, outbo, outbou, outboun, and outbound.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] traffic-policy p1 inbound

traffic-policy (SSID profile view)

Function

traffic-policy command applies a traffic policy to an SSID profile.

undo traffic-policy command deletes a traffic policy from an SSID profile.

By default, no traffic policy is applied to an SSID profile.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy [ policy-name ] { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a user-defined traffic policy.

The value must be the name of an existing traffic policy.

inbound

Applies a traffic policy to the inbound direction of an SSID profile.

-

outbound

Applies a traffic policy to the outbound direction of an SSID profile.

-

Views

SSID profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a traffic policy to an SSID profile.

Prerequisites

A traffic policy has been created using the traffic policy command, and traffic classifiers and traffic behaviors have been bound to the traffic policy.

Precautions

Only one traffic policy can be applied to each direction in an SSID profile, but a traffic policy can be applied to different directions in different SSID profiles.

NOTE:

After a traffic policy is applied to an SSID profile, you cannot directly delete the traffic policy, the traffic classifier and traffic behavior bound to the traffic policy. In addition, you cannot modify the matching order of the rules in the traffic policy. However, you can modify the relationship between matching rules in the traffic classifier, matching rules in the traffic classifier, priority of the traffic classifier, traffic action in the traffic behavior, and binding between the traffic classifier and the traffic behavior.

If the traffic policy that you want to delete has been applied to an SSID profile, run the undo traffic-policy command to unbind the traffic policy from the SSID profile. Then run the undo traffic policy command in the system view to delete the traffic policy.

Run the undo traffic-policy { inbound | outbound } command without policy-name specified to delete the traffic policy that has been applied to an SSID profile and has the following names: i, in, inb, inbo, inbou, inboun, inbound, o, ou, out, outb, outbo, outbou, outboun, and outbound.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction in the SSID profile named test.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] wlan
[HUAWEI-wlan-view] ssid-profile name test
[HUAWEI-wlan-ssid-prof-test] traffic-policy p1 inbound

traffic-policy (VLAN view)

Function

The traffic-policy command applies a traffic policy to a VLAN.

The undo traffic-policy command deletes a traffic policy from a VLAN.

By default, no traffic policy is applied to a VLAN.

Format

traffic-policy policy-name { inbound | outbound }

undo traffic-policy [ policy-name ] { inbound | outbound }

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value must be the name of an existing traffic policy.

inbound

Applies a traffic policy to the inbound direction of a VLAN.

-

outbound

Applies a traffic policy to the outbound direction of a VLAN.

-

Views

VLAN view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a traffic policy to a VLAN.

Prerequisites

A traffic policy has been created using the traffic policy command.

Precautions

After a traffic policy is applied to a VLAN, the traffic policy takes effect for packets received and sent in the VLAN.

After a traffic policy is applied to a VLAN, ACL resources are occupied by a card even if no interface on the card is added to the VLAN.

If a traffic classifier in the traffic policy contains if-match mpls-exp, the traffic policy fails to be applied to the outbound direction on other cards except X series cards.

Only one traffic policy can be applied to each direction in a VLAN, but a traffic policy can be applied to different directions in different VLANs.

After a traffic policy is applied to a VLAN, you cannot directly delete the traffic policy, the traffic classifier and traffic behavior bound to the traffic policy. In addition, you cannot modify the matching order of the rules in the traffic policy. However, you can modify the relationship between matching rules in the traffic classifier, matching rules in the traffic classifier, priority of the traffic classifier, traffic action in the traffic behavior, and binding between the traffic classifier and the traffic behavior.

To delete the traffic policy that has been applied, run the undo traffic-policy command in the corresponding view to unbind the traffic policy and then run the undo traffic policy command in the system view to delete the traffic policy.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction in VLAN 100.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] vlan 100
[HUAWEI-vlan100] traffic-policy p1 inbound

traffic-policy (VLANIF interface view)

Function

The traffic-policy command applies a traffic policy to a VLANIF interface.

The undo traffic-policy command deletes a traffic policy from a VLANIF interface.

By default, no traffic policy is applied to a VLANIF interface.

Format

traffic-policy policy-name inbound

undo traffic-policy [ policy-name ] inbound

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a user-defined traffic policy.

The value must be the name of an existing traffic policy.

inbound

Applies a traffic policy to the inbound direction.

-

Views

VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy. You can use the traffic-policy command to apply a created traffic policy to a VLANIF interface.

Prerequisites

A traffic policy has been created using the traffic policy command, and traffic classifiers and traffic behaviors have been bound to the traffic policy.

Precautions

Only one traffic policy can be applied to the inbound direction on a VLANIF interface, but a traffic policy can be applied to the inbound direction on different VLANIF interfaces.

A traffic policy cannot be applied to a VLANIF interface corresponding to the super-VLAN or MUX VLAN.

On X series cards, a traffic policy applied to a VLANIF interface takes effect only for unicast packets on the VLANIF interface. For other cards, a traffic policy applied to a VLANIF interface takes effect only for unicast packets and Layer 3 multicast packets on the VLANIF interface.

A traffic policy cannot be applied to a VLANIF interface when the bound traffic behaviors define the following actions:

After a traffic policy is applied to a VLANIF interface, you cannot directly delete the traffic policy, the traffic classifier and traffic behavior bound to the traffic policy. In addition, you cannot modify the matching order of the rules in the traffic policy. However, you can modify the relationship between matching rules in the traffic classifier, matching rules in the traffic classifier, priority of the traffic classifier, traffic action in the traffic behavior, and binding between the traffic classifier and the traffic behavior.

If the traffic policy that you want to delete has been applied to a VLANIF interface, run the undo traffic-policy command to unbind the traffic policy from the VLANIF interface. Then run the undo traffic policy command in the system view to delete the traffic policy.

Run the undo traffic-policy inbound command without policy-name specified to delete the traffic policy that has been applied to a VLANIF interface and has the following names: i, in, inb, inbo, inbou, inboun, and inbound.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction on VLANIF 100.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] traffic-policy p1 inbound
[HUAWEI-Vlanif100] quit

traffic-policy fast-mode enable

Function

The traffic-policy fast-mode enable command enables fast delivery of ACL rules.

The undo traffic-policy fast-mode enable command disables fast delivery of ACL rules.

By default, fast delivery of ACL rules is disabled.

Format

traffic-policy fast-mode enable

undo traffic-policy fast-mode enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If many ACL rules are applied in the system view, and then some of them are applied in the interface view, it takes a long time to deliver ACL rules. As a result, the ACL rules are slow to take effect, and the CPU usage is high. To speed up ACL delivery, run the traffic-policy fast-mode enable command.

Precautions

After the traffic-policy fast-mode enable command is run:

  • ACL rules in effect may be invalid temporarily.
  • The statistics on traffic policies are cleared.
  • The device performance deteriorates.

Example

# Enable fast delivery of ACL rules.

<HUAWEI> system-view
[HUAWEI] traffic-policy fast-mode enable

traffic-policy global

Function

The traffic-policy global command applies a traffic policy to the system or an LPU.

The undo traffic-policy global command deletes a traffic policy that is applied to the system or an LPU.

By default, no traffic policy is applied to the system or an LPU.

Format

traffic-policy policy-name global { inbound | outbound } [ slot slot-id ]

undo traffic-policy [ policy-name ] global { inbound | outbound } [ slot slot-id ]

Parameters

Parameter

Description

Value

policy-name

Specifies the name of a traffic policy.

The value must be the name of an existing traffic policy.

inbound

Applies a traffic policy to the inbound direction.

-

outbound

Applies a traffic policy to the outbound direction.

-

slot slot-id

Specifies the slot ID to which the traffic policy is applied. If no slot ID is specified, the traffic policy is applied to all the LPUs on the device.

The value is an integer. It must be the slot ID of a running LPU.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Packets are classified based on Layer 2 information, Layer 3 information, or ACLs. To provide differentiated services for service flows, bind a traffic classifier and a traffic behavior to a traffic policy and apply the traffic policy.

You can use the traffic policy global command to apply a traffic policy to the system or an LPU.

Prerequisites

A traffic policy has been created using the traffic policy command.

Precautions

A traffic policy cannot be applied to the same direction in the system and on the LPU simultaneously.

If a traffic classifier in the traffic policy contains if-match mpls-exp, the traffic policy fails to be applied to the outbound direction on other cards except X series cards.

Only one traffic policy can be applied to each direction on an LPU, but a traffic policy can be applied to different directions on different LPUs.

After a traffic policy is applied, you cannot directly delete the traffic policy or the traffic classifier and traffic behavior bound to the traffic policy. In addition, you cannot modify the matching order of the rules in the traffic policy. However, you can modify the relationship between matching rules in the traffic classifier, matching rules in the traffic classifier, priority of the traffic classifier, traffic action in the traffic behavior, and binding between the traffic classifier and the traffic behavior.

Run the undo traffic-policy global { inbound | outbound } command without policy-name specified to delete the traffic policy that has been applied to an interface and has the following names: g, gl, glo, glob, globa, and global.

The traffic policy that has the following names cannot be applied to the system: f, fa, fas, fast, fast-, fast-m, fast-mo, fast-mod, and fast-mode.

Example

# Create a traffic policy p1, bind the created traffic classifier c1 and traffic behavior b1 to the traffic policy, and apply the traffic policy to the inbound direction.

<HUAWEI> system-view
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] traffic-policy p1 global inbound

traffic rate statistics enable

Function

The traffic rate statistics enable command enables traffic rate statistics collection in a traffic policy.

The undo traffic rate statistics enable command disables traffic rate statistics collection in a traffic policy.

By default, traffic rate statistics collection is enabled in a traffic policy.

Format

traffic rate statistics enable

undo traffic rate statistics enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If the traffic statistics function is configured in a traffic policy and more than 60K traffic classification rules are configured, memory resources may be insufficient. To release memory resources, run the undo traffic rate statistics enable command to disable traffic rate statistics collection in the traffic policy.

Precautions

After traffic rate statistics collection is disabled in a traffic policy, the display traffic policy statistics command can still display the number of packets and bytes, but traffic rates are all displayed as -.

This command is valid for traffic policies configured after traffic rate statistics collection is enabled or disabled, and traffic rate statistics collection is not disabled in traffic policies that have been configured before this command is executed.

Before you disable traffic rate statistics collection in a traffic policy, traffic statistics are displayed as follows:
<HUAWEI> display traffic policy statistics global slot 1 inbound
 Global :
 Traffic policy inbound: test
 Rule number: 1
 Current status: success
 Statistics interval: 300
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------
After you disable traffic rate statistics collection in a traffic policy, traffic statistics are displayed as follows:
<HUAWEI> display traffic policy statistics global slot 1 inbound
 Global :
 Traffic policy inbound: testp
 Rule number: 1
 Current status: success
 Statistics interval: 300
---------------------------------------------------------------------
 Board : 1
---------------------------------------------------------------------
 Matched          |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           -
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Passed         |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           -
                  |      Rate(bps):                           -
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           -
                  |      Rate(bps):                           -
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------

Example

# Disable traffic rate statistics collection in a traffic policy.

<HUAWEI> system-view
[HUAWEI] undo traffic rate statistics enable
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 114178

Downloads: 83

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next