CloudEngine 12800 and 12800E V200R019C10 Command Reference
TCAM ACL Customization Commands
The CE12800E configured with ED-E, EG-E, and EGA-E series cards does not support TCAM ACL customization.
- action
- action (policy-group)
- apply-view
- display system tcam acl template
- match ethernet
- match ethernet (policy-group)
- match ipv4 (policy-group)
- match ipv6 (policy-group)
- match vxlan (policy-group)
- match mpls (policy-group)
- match forwarding
- match icmp icmp-type
- match igmp igmp-type
- match ip
- match ipv6
- match mpls
- match tcp
- match udf
- match udp
- group (TCAM ACL customization profile view)
- policy-group
- service
- system tcam acl predefined template
- system tcam acl
- system tcam acl template
- system tcam acl template { slot | all }
action
Function
The action command configures an action in a TCAM ACL customization group.
The undo action command deletes an action from a TCAM ACL customization group.
By default, no action is configured in a TCAM ACL customization group.
Format
action { car | deny | forwarding-modify | mac-address-learning-disable | mirror | redirect { eth-trunk | flow | interface | nexthop | observe-port } * | remark { 8021p | dscp | exp | local-precedence | vlan | tos } * | share-car | snoop | statistics | trap } *
undo action
Parameters
Parameter |
Description |
Value |
|---|---|---|
car |
Specifies the CAR. |
- |
deny |
Specifies the action of discarding packets. |
- |
forwarding-modify |
Specifies the packet forwarding mode. |
- |
mac-address-learning-disable |
Specifies the action of disabling MAC address learning. |
- |
mirror |
Specifies the mirroring action. |
- |
redirect |
Specifies the redirection action. |
- |
eth-trunk |
Redirects packets to an Eth-Trunk. |
- |
flow |
Redirects packets to a queue. |
- |
interface |
Redirects packets to an interface (excluding the tunnel interface). |
- |
nexthop |
Redirects packets to a next hop address (including the GRE and MPLS tunnels). |
- |
observe-port |
Redirects packets to an observing interface. |
- |
remark |
Specifies the re-marking action. |
- |
8021p |
Re-marks 802.1p values in VLAN packets. |
- |
dscp |
Re-marks DSCP values in IP packets. |
- |
exp |
Re-marks EXP priorities in MPLS packets. |
- |
local-precedence |
Re-marks local IP precedence values in packets. |
- |
vlan |
Re-marks VLAN IDs. |
- |
tos |
Re-marks ToS values. |
- |
share-car |
Specifies the aggregated CAR action. |
- |
snoop |
Specifies the action of replicating packets to the CPU. |
- |
statistics |
Specifies the traffic statistics collection action. |
- |
trap |
Specifies the packet obtaining action. |
- |
Usage Guidelines
Usage Scenario
You can run this command to define an action in a TCAM ACL customization group.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# Configure the action of discarding packets and traffic statistics collection in a TCAM ACL customization group.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] action deny statistics
action (policy-group)
Function
The action command configures an action in a TCAM ACL customization policy group.
The undo action command deletes an action from a TCAM ACL customization policy group
By default, no action is configured in a TCAM ACL customization policy group.
Format
action { car | remark { 8021p | dscp | local-precedence } * | deny | redirect { interface | nexthop | cpu | observe-port } * | mirror | statistics } *
undo action { car | remark { 8021p | dscp | local-precedence } * | deny | redirect { interface | nexthop | cpu | observe-port } * | mirror | statistics } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
car |
Specifies the CAR. |
- |
remark |
Specifies the re-marking action. |
- |
8021p |
Re-marks 802.1p values in VLAN packets. |
- |
dscp |
Re-marks DSCP values in IP packets. |
- |
local-precedence |
Re-marks local IP precedence values in packets. |
- |
deny |
Specifies the action of discarding packets. |
- |
redirect |
Specifies the redirection action. |
- |
nexthop |
Redirects packets to a next hop address. |
- |
cpu |
Redirects packets to the CPU. |
- |
interface |
Redirects packets to an interface. |
- |
observe-port |
Redirects packets to an observing interface. NOTE:
Only the CE12800 supports this parameter. |
- |
mirror |
Specifies the mirroring action. |
- |
statistics |
Specifies the traffic statistics collection action. |
- |
Usage Guidelines
Usage Scenario
You can run this command to define an action in a TCAM ACL customization policy group.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# Configure the action of discarding packets and traffic statistics collection in a TCAM ACL customization policy group.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] action deny statistics
apply-view
Function
The apply-view command applies a TCAM ACL customization policy group.
The undo apply-view command cancels the application of a TCAM ACL customization policy group.
By default, no TCAM ACL customization policy group is applied.
Format
apply-view { global | vlan | bridge-domain | vpn-instance | vsi | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface | vbdif | qos-group member [ global | vlan | vpn-instance | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface ] * } *
undo apply-view { global | vlan | bridge-domain | vpn-instance | vsi | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface | vbdif | qos-group member [ global | vlan | vpn-instance | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface ] * } *
undo apply-view { global | vlan | bridge-domain | vpn-instance | vsi | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface | vbdif | qos-group member [ global | vlan | vpn-instance | main-interface | eth-trunk | vlanif | l3sub-interface | l2sub-interface ] * } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
global |
Applies a TCAM ACL customization policy group globally. |
- |
vlan |
Applies a TCAM ACL customization policy group in a VLAN. |
- |
bridge-domain |
Applies a TCAM ACL customization policy group in a BD. |
- |
vpn-instance |
Applies a TCAM ACL customization policy group in a VPN instance. |
- |
vsi |
Applies a TCAM ACL customization policy group to a VSI. |
- |
main-interface |
Applies a TCAM ACL customization policy group to a physical main interface. |
- |
eth-trunk |
Applies a TCAM ACL customization policy group to an Eth-Trunk. |
- |
vlanif |
Applies a TCAM ACL customization policy group to a VLANIF interface. |
- |
l3sub-interface |
Applies a TCAM ACL customization policy group to a Layer 3 sub-interface. |
- |
l2sub-interface |
Applies a TCAM ACL customization policy group to a Layer 2 sub-interface. |
- |
vbdif |
Applies a TCAM ACL customization policy group to a VBDIF interface. |
- |
qos-group member |
Applies a TCAM ACL customization policy group to a QoS group. |
- |
Usage Guidelines
Usage Scenario
You can run this command to apply a TCAM ACL customization policy group.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Precautions
The matching fields of different parameters may contain each other. That is, when a parameter is specified to apply a TCAM ACL customization policy group to an object, the policy group may also be applied to other objects. When a TCAM ACL customization policy group is canceled for an object, the policy group may also be canceled for other objects. The relationships between parameters in the command are as follows:
- When the global parameter is specified, the TCAM ACL customization policy group is also applied to the object corresponding to qos-group member main-interface.
- When one of bridge-domain, vlan, and vsi is specified, the TCAM ACL customization policy group is applied to the objects corresponding to all of them.
- When the vpn-instance parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to vlan, bridge-domain, vsi, vlanif, and vbdif.
- When the vlanif parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to vbdif, bridge-domain, vlan, and vsi.
- When the l3sub-interface parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to eth-trunk, main-interface, vlan, bridge-domain, and vsi.
- When the vbdif parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to vlanif, vlan, bridge-domain, and vsi.
- When the qos-group member vlanif parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to qos-group member vlan, qos-group member main-interface, qos-group member l3sub-interface, qos-group member l2sub-interface, and global.
- When the qos-group member vlan parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to qos-group member main-interface, qos-group member l3sub-interface, qos-group member l2sub-interface, and global.
- When the qos-group member main-interface parameter is specified, the TCAM ACL customization policy group is also applied to the object corresponding to global.
- When the qos-group member l2sub-interface parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to qos-group member main-interface, qos-group member vlan, qos-group member l3sub-interface, and global.
- When the qos-group member l3sub-interface parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to qos-group member main-interface, qos-group member vlan, qos-group member l2sub-interface, and global.
- When either qos-group member l3sub-interface or qos-group member vlanif is specified, the TCAM ACL customization policy group is applied to objects corresponding to both of them.
- When the l3sub-interface parameter is specified, the TCAM ACL customization policy group is also applied to the objects corresponding to eth-trunk, main-interface, and vlan.
Example
# Apply a TCAM ACL customization policy group globally.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] apply-view global
display system tcam acl template
Function
The display system tcam acl template command displays information about a TCAM ACL customization profile or preset profile.
Only the CE12800E configured with FD-X series cards supports this command.
Parameters
Parameter |
Description |
Value |
|---|---|---|
template-name |
Specifies the name of a TCAM ACL customization profile or preset profile to be displayed. |
The value must be the name of an existing profile. |
group group-name |
Specifies the name of a TCAM ACL customization group or a group in the preset profile. |
The value must be the name of an existing group. |
brief |
Displays brief information about a TCAM ACL customization profile or preset profile. |
- |
Usage Guidelines
You can run this command to check information about a TCAM ACL customization profile or preset profile.
Example
# Display brief information about a TCAM ACL customization profile or preset profile.
<HUAWEI> display system tcam acl template brief
--------------------------------------------------------------------------------
template name: 9_special_ali_1(pre-defined)
template applys on slot: <2>
group name: filter, erspan&stat,
int
--------------------------------------------------------------------------------
template name: 9_special_ali_2(pre-defined)
template applys on slot: <-->
group name: filter, erspan&stat
--------------------------------------------------------------------------------
template name: device
template applys on slot: <-->
group name: huawei1
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
template name |
Name of a TCAM ACL customization profile or preset profile. The profile marked with pre-defined is a preset profile. |
template applys on slot |
ID of the slot where a profile is applied. If the profile is not applied to the card or globally, the value is <-->. |
group name |
Name of a TCAM ACL customization group or a group in the preset profile. |
# Display brief information about a TCAM ACL preset profile.
<HUAWEI> display system tcam acl template name 9_special_ali_1
--------------------------------------------------------------------------------
template name: 9_special_ali_1
-------------------------------------------------------------------------------
group name : filter
qualify set: source-ip, destination-ip, protocol, tos, fragment, tcp-destinatio
n-port, tcp-source-port, tcp-flag, udp-destination-port, udp-sourc
e-port, vlanif, udf
action set : deny
-------------------------------------------------------------------------------
group name : erspan&stat
qualify set: source-ip, destination-ip, protocol, tos, fragment, tcp-destinatio
n-port, tcp-source-port, tcp-flag, udp-destination-port, udp-sourc
e-port, source-interface, udf
action set : mirror, statistics
-------------------------------------------------------------------------------
group name : int
qualify set: source-ip, destination-ip, protocol, tos, fragment, tcp-destinatio
n-port, tcp-source-port, tcp-flag, udp-destination-port, udp-sourc
e-port, source-interface, udf
action set : ioam
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
template name |
Name of a TCAM ACL preset profile. |
group name |
Name of a group in a TCAM ACL preset profile. |
qualify set |
Field that is matched in a TCAM ACL preset profile. |
action set |
Action that is executed in a TCAM ACL preset profile. |
match ethernet
Function
The match ethernet command configures a matching rule based on Ethernet information in a TCAM ACL customization group.
The undo match ethernet command deletes a matching rule based on Ethernet information from a TCAM ACL customization group.
By default, no matching rule based on Ethernet information is defined in a TCAM ACL customization group.
Format
match ethernet { 8021p | destination-mac | ethertype | inner-8021p | inner-vlan | source-mac | vlan } *
undo match ethernet
Parameters
Parameter |
Description |
Value |
|---|---|---|
8021p |
Matches 802.1p priorities in VLAN packets. |
- |
destination-mac |
Matches destination MAC addresses. |
- |
ethertype |
Matches Ethernet types. |
- |
inner-8021p |
Matches inner 802.1p priorities in QinQ packets. |
- |
inner-vlan |
Matches inner VLAN IDs in QinQ packets. |
- |
source-mac |
Matches source MAC addresses. |
- |
vlan |
Matches VLAN IDs in VLAN packets. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on Ethernet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on the VLAN ID and destination MAC address of VLAN packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match ethernet vlan destination-mac
match ethernet (policy-group)
Function
The match ethernet command configures a matching rule based on Ethernet information in a TCAM ACL customization policy group.
The undo match ethernet command deletes a matching rule based on Ethernet information from a TCAM ACL customization policy group.
By default, no matching rule based on Ethernet information is defined in a TCAM ACL customization policy group.
Format
match ethernet { destination-mac | source-mac | vlan | 8021p | inner-vlan | inner-8021p | l2-protocol | double-tag | 802.3 | ether-ii | snap } *
undo match ethernet { destination-mac | source-mac | vlan | 8021p | inner-vlan | inner-8021p | l2-protocol | double-tag | 802.3 | ether-ii | snap } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
destination-mac |
Matches destination MAC addresses. |
- |
source-mac |
Matches source MAC addresses. |
- |
vlan |
Matches VLAN IDs in VLAN packets. |
- |
8021p |
Matches 802.1p priorities in VLAN packets. |
- |
inner-vlan |
Matches inner VLAN IDs in QinQ packets. |
- |
inner-8021p |
Matches inner 802.1p priorities in QinQ packets. |
- |
l2-protocol |
Matches the Layer 2 protocol. |
- |
double-tag |
Matches double-tagged packets. |
- |
802.3 |
Matches the 802.3 encapsulation format of packets. |
- |
ether-ii |
Matches the Ethernet II encapsulation format of packets. |
- |
snap |
Matches the SNAP encapsulation format of packets. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization policy group, you can run this command to configure a matching rule based on Ethernet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization policy group, configure a matching rule based on the VLAN ID and destination MAC address of VLAN packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] match ethernet vlan destination-mac
match ipv4 (policy-group)
Function
The match ipv4 command configures a matching rule based on IPv4 packet information in a TCAM ACL customization policy group.
The undo match ipv4 command deletes a matching rule based on IPv4 packet information from a TCAM ACL customization policy group.
By default, no matching rule based on IPv4 packet information is defined in a TCAM ACL customization policy group.
Format
match ipv4 { source-ip | destination-ip | protocol | dscp | fragment | ttl | ip-precedence | source-port | destination-port | tcp-flag | l4port-range } *
undo match ipv4 { source-ip | destination-ip | protocol | dscp | fragment | ttl | ip-precedence | source-port | destination-port | tcp-flag | l4port-range } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
source-ip |
Matches source IPv4 addresses. |
- |
destination-ip |
Matches destination IPv4 addresses. |
- |
protocol |
Matches the IP protocol type. |
- |
dscp |
Matches DSCP priorities. |
- |
fragment |
Matches fragments of a packet. |
- |
ttl |
Matches TTL values. |
- |
ip-precedence |
Matches IP preferences. |
- |
source-port |
Matches source port numbers. |
- |
destination-port |
Matches destination port numbers. |
- |
tcp-flag |
Matches TCP flags. |
- |
l4port-range |
Matches port numbers in a specified range. NOTE:
The CE12800 does not support this parameter. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization policy group, you can run this command to configure a matching rule based on IPv4 packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization policy group, configure a matching rule based on the destination and source IPv4 addresses.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] match ipv4 destination-ip source-ip
match ipv6 (policy-group)
Function
The match ipv6 command configures a matching rule based on IPv6 packet information in a TCAM ACL customization policy group.
The undo match ipv6 command deletes a matching rule based on IPv6 packet information from a TCAM ACL customization policy group.
By default, no matching rule based on IPv6 packet information is defined in a TCAM ACL customization policy group.
Format
match ipv6 { { source-ip | destination-ip } * { loose | strict } | protocol | dscp | ttl | ip-precedence | source-port | destination-port | tcp-flag | l4port-range } *
undo match ipv6 { { source-ip | destination-ip } * { loose | strict } | protocol | dscp | ttl | ip-precedence | source-port | destination-port | tcp-flag | l4port-range } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
source-ip |
Matches source IPv6 addresses. |
- |
destination-ip |
Matches destination IPv6 addresses. |
- |
loose |
Matches the leftmost 64 bits of an IPv6 address. |
- |
strict |
Matches all the 128 bits of an IPv6 address. |
- |
protocol |
Matches the IP protocol type. |
- |
dscp |
Matches DSCP priorities. |
- |
ttl |
Matches TTL values. |
- |
ip-precedence |
Matches IP preferences. |
- |
source-port |
Matches source port numbers. |
- |
destination-port |
Matches destination port numbers. |
- |
tcp-flag |
Matches TCP flags. |
- |
l4port-range |
Matches port numbers in a specified range. NOTE:
The CE12800 does not support this parameter. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization policy group, you can run this command to configure a matching rule based on IPv6 packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization policy group, configure a matching rule based on the destination and source IPv6 addresses.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] match ipv6 destination-ip source-ip
match vxlan (policy-group)
Function
The match vxlan command configures a matching rule based on VXLAN packet information in a TCAM ACL customization policy group.
The undo match vxlan command deletes matching rules based on VXLAN packet information in a TCAM ACL customization policy group.
By default, no matching rule based on VXLAN packet information is defined in a TCAM ACL customization policy group.
Format
match [ ipv6 ] vxlan [ tag-format { none | single } ] { ipv4 { inner-source-ip | inner-destination-ip | inner-source-mac | inner-ethertype | inner-protocol | inner-tcp-flag | inner-source-port | inner-destination-port } * | ipv6 { { inner-source-ipv6 | inner-destination-ipv6 } * { loose | strict } | inner-source-mac | inner-ethertype | inner-protocol | inner-tcp-flag | inner-source-port | inner-destination-port } *
undo match [ ipv6 ] vxlan [ tag-format { none | single } ] { ipv4 { inner-source-ip | inner-destination-ip | inner-source-mac | inner-ethertype | inner-protocol | inner-tcp-flag | inner-source-port | inner-destination-port } * | ipv6 { { inner-source-ipv6 | inner-destination-ipv6 } * { loose | strict } | inner-source-mac | inner-ethertype | inner-protocol | inner-tcp-flag | inner-source-port | inner-destination-port } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
ipv6 |
Matches the IPv6 protocol. NOTE:
|
- |
ipv4 |
Matches the outer IPv4 information in VXLAN packets. |
- |
tag-format { none | single } |
Specifies whether to match tagged VXLAN packets.
|
- |
inner-source-ip |
Matches inner source IPv4 addresses. |
- |
inner-destination-ip |
Specifies inner destination IPv4 addresses. |
- |
inner-source-ipv6 |
Matches inner source IPv6 addresses. |
- |
inner-destination-ipv6 |
Matches inner destination IPv6 addresses. |
- |
loose |
Specifies the loose mode for matching IPv6 ACLs. In this mode, the leftmost 64 bits of an IPv6 address are matched. |
- |
strict |
Specifies the strict mode for matching IPv6 ACLs. In this mode, all the 128 bits of an IPv6 address are matched. |
- |
inner-source-mac |
Matches inner source MAC addresses. |
- |
inner-ethertype |
Matches the inner Ethernet type. |
- |
inner-protocol |
Matches the inner protocol type. |
- |
inner-tcp-flag |
Matches inner TCP flags. |
- |
inner-source-port |
Matches inner source port numbers. |
- |
inner-destination-port |
Matches the inner destination port number. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization policy group, you can run this command to configure a matching rule based on VXLAN packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization policy group, configure matching rules based on the inner and outer IPv6 information and the inner source IPv4 address of VXLAN packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] match vxlan ipv4 inner-source-ip
match mpls (policy-group)
Function
The match mpls command configures a matching rule based on MPLS packet information in a TCAM ACL customization policy group.
The undo mpls command deletes a matching rule based on MPLS packet information from a TCAM ACL customization policy group.
By default, no matching rule based on MPLS packet information is defined in a TCAM ACL customization policy group.
The CE12800E does not support this command.
Format
match mpls { inner-source-ip | inner-destination-ip | inner-source-port | inner-protocol | inner-destination-port | inner-ip-identification } *
undo match mpls { inner-source-ip | inner-destination-ip | inner-source-port | inner-protocol | inner-destination-port | inner-ip-identification } *
Parameters
Parameter |
Description |
Value |
|---|---|---|
inner-source-ip |
Matches inner source IP addresses in MPLS packets. |
- |
inner-destination-ip |
Matches inner destination IP addresses in MPLS packets. |
- |
inner-source-port |
Matches inner source port numbers in MPLS packets. |
- |
inner-protocol |
Matches inner protocol types in MPLS packets. |
- |
inner-destination-port |
Matches inner destination port numbers in MPLS packets. |
- |
inner-ip-identification |
Matches inner IP identifiers in MPLS packets. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization policy group, you can run this command to configure a matching rule based on MPLS packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization policy group has been configured using the policy-group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization policy group, configure a matching rule based on the inner source and destination IP addresses in MPLS packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] policy-group g1 [*HUAWEI-tcam-acl-c1-policy-group-g1] match mpls inner-source-ip inner-destination-ip
match forwarding
Function
The match forwarding command configures a matching rule based on the forwarding status in a TCAM ACL customization group.
The undo match forwarding command deletes a matching rule based on the forwarding status from a TCAM ACL customization group.
By default, no matching rule based on the forwarding status is defined in a TCAM ACL customization group.
Format
match forwarding { destination-interface | source-interface | l2sub-interface | bridge-domain | bd-virtual-interface | vlan | vlanif | source-trunk| vrf | vsi } *
undo match forwarding
Only the CE12800E configured with FD-X series cards supports the vlan, vlanif, bridge-domain, source-trunk, and bd-virtual-interface parameters.
Parameters
Parameter |
Description |
Value |
|---|---|---|
destination-interface |
Matches outbound interfaces. |
- |
source-interface |
Matches inbound interfaces. |
- |
l2sub-interface |
Matches Layer 2 sub-interfaces. |
- |
bridge-domain |
Matches BDs. |
- |
bd-virtual-interface |
Matches VBDIF interfaces. |
- |
vlan |
Matches VLAN IDs. |
- |
vlanif |
Matches VLANIF interfaces. |
- |
source-trunk |
Matches source Eth-Trunks. |
- |
vrf |
Matches virtual routing and forwarding. |
- |
vsi |
Matches virtual switching instances. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on the forwarding status.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on the forwarding status.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match forwarding destination-interface
match icmp icmp-type
Function
The match icmp icmp-type command configures a matching rule based on ICMP packets in a TCAM ACL customization group.
The undo match icmp command deletes a matching rule based on ICMP packets from a TCAM ACL customization group.
By default, no matching rule based on ICMP packets is defined in a TCAM ACL customization group.
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on ICMP packets.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on ICMP packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match icmp icmp-type
match igmp igmp-type
Function
The match igmp igmp-type command configures a matching rule based on IGMP packets in a TCAM ACL customization group.
The undo match igmp command deletes a matching rule based on IGMP packets from a TCAM ACL customization group.
By default, no matching rule based on IGMP packets is defined in a TCAM ACL customization group.
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on IGMP packets.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on IGMP packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match igmp igmp-type
match ip
Function
The match ip command configures a matching rule based on IPv4 packet information in a TCAM ACL customization group.
The undo match ip command deletes a matching rule based on IPv4 packet information from a TCAM ACL customization group.
By default, no matching rule based on IPv4 packet information is defined in a TCAM ACL customization group.
Parameters
Parameter |
Description |
Value |
|---|---|---|
destination-ip |
Matches destination IPv4 addresses. |
- |
source-ip |
Matches source IPv4 addresses. |
- |
fragment |
Matches fragments. |
- |
protocol |
Matches IP protocol types. |
- |
tos |
Matches ToS values. |
- |
ttl |
Matches TTL values. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on IPv4 packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on source and destination IPv4 addresses.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match ip destination-ip source-ip
match ipv6
Function
The match ipv6 command configures a matching rule based on IPv6 packet information in a TCAM ACL customization group.
The undo match ipv6 command deletes a matching rule based on IPv6 packet information from a TCAM ACL customization group.
By default, no matching rule based on IPv6 packet information is defined in a TCAM ACL customization group.
Format
match ipv6 { destination-ip | destination-ip-high | source-ip | source-ip-high | protocol | tos | ttl } *
undo match ipv6
Parameters
Parameter |
Description |
Value |
|---|---|---|
destination-ip |
Matches destination IPv6 addresses. |
- |
destination-ip-high |
Matches the leftmost 64 bits of a destination IPv6 address. |
- |
source-ip |
Matches source IPv6 addresses. |
- |
source-ip-high |
Matches the leftmost 64 bits of a source IPv6 address. |
- |
protocol |
Matches the IP protocol type. |
- |
tos |
Matches ToS values. |
- |
ttl |
Matches TTL values. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on IPv6 packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on source and destination IPv6 addresses.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match ipv6 destination-ip source-ip
match mpls
Function
The match mpls command configures a matching rule based on MPLS packet information in a TCAM ACL customization group.
The undo match mpls command deletes a matching rule based on MPLS packet information from a TCAM ACL customization group.
By default, no matching rule based on MPLS packet information is defined in a TCAM ACL customization group.
The CE12800E does not support this command.
Parameters
Parameter |
Description |
Value |
|---|---|---|
bos |
Matches labels at the bottom of the stack. |
- |
forward-label-action |
Matches the label forwarding action. |
- |
exp |
Matches EXP priorities. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on MPLS packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on EXP priorities.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match mpls exp
match tcp
Function
The match tcp command configures a matching rule based on TCP packet information in a TCAM ACL customization group.
The undo match tcp command deletes a matching rule based on TCP packet information from a TCAM ACL customization group.
By default, no matching rule based on TCP packet information is defined in a TCAM ACL customization group.
Format
match tcp { tcp-flag | destination-port | source-port | l4port-range } *
undo match tcp
Only the CE12800E configured with FD-X series cards supports the l4port-range parameter.
Parameters
Parameter |
Description |
Value |
|---|---|---|
tcp-flag |
Matches TCP flags. |
- |
destination-port |
Matches destination interfaces. |
- |
source-port |
Matches source interfaces. |
- |
l4port-range |
Specifies the range of port numbers to be matched. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on TCP packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on TCP packet information.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match tcp source-port
match udf
Function
The match udf command configures a matching rule based on user-defined packet information in a TCAM ACL customization group.
The undo match udf command deletes a matching rule based on user-defined packet information from a TCAM ACL customization group.
By default, no matching rule based on user-defined packet information is defined in a TCAM ACL customization group.
Format
match { udf { ipv4-head | inner-ipv4-head | l2-head | l4-head } [ negative ] { head-length offset-length } }&<1-8>
undo match udf
Parameters
Parameter |
Description |
Value |
|---|---|---|
ipv4-head |
Matches the offset starting from the outer IP header of user-defined packets. |
- |
inner-ipv4-head |
Matches the offset starting from the inner IP header of user-defined packets. |
- |
l2-head |
Matches the offset starting from the Layer 2 header of user-defined packets. |
- |
l4-head |
Matches the offset starting from the Layer 4 header of user-defined packets. |
- |
negative |
Matches the reverse offset. NOTE:
Only the CE12800 and CE12800E (configured with FD-X) support this parameter. |
- |
head-length |
Specifies the offset. |
The value is an integer in the range from 0 to 66. |
offset-length |
Specifies the matched packet length. |
The value is an integer in the range from 1 to 4. |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on user-defined packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on user-defined packet information.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match udf ipv4-head 50 4
match udp
Function
The match udp command configures a matching rule based on UDP packet information in a TCAM ACL customization group.
The undo match udp command deletes a matching rule based on UDP packet information from a TCAM ACL customization group.
By default, no matching rule based on UDP packet information is defined in a TCAM ACL customization group.
Format
match udp { destination-port | source-port | l4port-range } *
undo match udp
Only the CE12800E configured with FD-X series cards supports the l4port-range parameter.
Parameters
Parameter |
Description |
Value |
|---|---|---|
destination-port |
Matches destination interfaces. |
- |
source-port |
Matches source interfaces. |
- |
l4port-range |
Specifies the range of port numbers to be matched. |
- |
Usage Guidelines
Usage Scenario
In a TCAM ACL customization group, you can run this command to configure a matching rule based on UDP packet information.
Prerequisites
TCAM ACL customization has been enabled using the system tcam acl command.
A TCAM ACL customization profile has been created using the system tcam acl template command.
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Example
# In a TCAM ACL customization group, configure a matching rule based on destination port numbers of UDP packets.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:y [*HUAWEI] system tcam acl template c1 [*HUAWEI-tcam-acl-c1] group g1 [*HUAWEI-tcam-acl-c1-group-g1] match udp destination-port
group (TCAM ACL customization profile view)
Function
The group command creates a TCAM ACL customization group and displays its view, or directly displays the view of an existing TCAM ACL customization group.
The undo group command deletes a TCAM ACL customization group.
By default, no TCAM ACL customization group is created.
Parameters
Parameter |
Description |
Value |
|---|---|---|
group-name |
Specifies the name of a TCAM ACL customization group. |
The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter. |
precedence precedence-value |
Specifies the priority of a TCAM ACL customization group. |
The value is an integer in the range from 0 to 255. A smaller value indicates a higher priority. |
Usage Guidelines
Usage Scenario
After a TCAM ACL customization profile is configured, you can run the group group-name command to create a TCAM ACL customization group and enter its view. In addition, you can run the group group-name [ precedence precedence-value ] command to specify the priority of the TCAM ACL customization group.
Precautions
A maximum of 16 TCAM ACL customization groups can be configured in a TCAM ACL customization profile.
If the priorities of TCAM ACL customization groups are not set, the priorities increment by 1 from 0 and increase based on the configuration sequence of the groups.
If the priority value of a TCAM ACL customization group has been specified, the priority value of a subsequently configured TCAM ACL customization group with no priority specified is the specified priority value plus one. If a TCAM ACL customization group whose priority value is less than the specified priority value needs to be configured, you need to manually specify the priority value.
Different TCAM ACL customization groups must use different priorities.
policy-group
Function
The policy-group command creates a TCAM ACL customization policy group and displays the TCAM ACL customization policy group view, or directly displays the view of an existing TCAM ACL customization policy group.
The undo policy-group command deletes a TCAM ACL customization policy group.
By default, no TCAM ACL customization policy group is created.
Parameters
Parameter |
Description |
Value |
|---|---|---|
group-name |
Specifies the name of a TCAM ACL customization policy group. |
The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter. |
precedence precedence-value |
Specifies the priority of a TCAM ACL customization policy group. |
The value is an integer in the range from 0 to 255. A smaller value indicates a higher priority. |
Usage Guidelines
Usage Scenario
After a TCAM ACL customization profile is configured, you can run the policy-group group-name command to create a TCAM ACL customization policy group and enter the TCAM ACL customization policy group view. In addition, you can run the policy-group group-name [ precedence precedence-value ] command to specify the priority of the TCAM ACL customization policy group.
Precautions
A maximum of 16 TCAM ACL customization policy groups can be configured in a TCAM ACL customization profile.
If the priorities of TCAM ACL customization policy groups are not set, the priorities increment by 1 from 0 based on the configuration sequence of the groups.
If the priority value of a TCAM ACL customization policy group has been specified, the priority value of a subsequently configured TCAM ACL customization policy group with no priority specified is the specified priority value plus one. If a TCAM ACL customization policy group whose priority value is less than the specified priority value needs to be configured, you need to manually specify the priority value.
Different TCAM ACL customization policy groups cannot have the same priority value.
service
Function
The service command binds a TCAM ACL customization group to a service.
The undo service command unbinds a TCAM ACL customization group from a service.
By default, no TCAM ACL customization group is bound to a service.
Parameters
Parameter |
Description |
Value |
|---|---|---|
service-name |
Specifies a service name. |
This parameter has enumerated values. Select one from the displayed values. |
group group-name |
Specifies the name of a TCAM ACL customization group. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value must start with a-z or A-Z. The value must be the name of an existing TCAM ACL customization group. |
Usage Guidelines
Usage Scenario
After a TCAM ACL customization group is configured, run the service service-name group group-name command to bind the TCAM ACL customization group to a service.
Prerequisites
A TCAM ACL customization group has been configured using the group (TCAM ACL customization profile view) command.
Precautions
A maximum of 16 TCAM ACL customization groups can be configured in a TCAM ACL customization profile.
A service can be bound to only one TCAM ACL customization group.
system tcam acl predefined template
Function
The system tcam acl predefined template command creates a TCAM ACL preset profile.
The undo system tcam acl template command deletes a TCAM ACL preset profile.
By default, no TCAM ACL preset profile is created.
Only the CE12800E configured with FD-X series cards supports this command.
Usage Guidelines
Usage Scenario
You can run the system tcam acl predefined template command to create a TCAM ACL preset profile so that packet filtering, mirroring, and IOAM can take effect simultaneously.
After this command is executed, the system automatically generates the preset profile, as well as group names, matched fields, and actions in the preset profile. Then you need to run the system tcam acl template template-name { slot slot-id | all } command to apply the TCAM ACL preset profile to a card or globally to make the TCAM ACL customization function take effect.
The following tables describe the group names, matched fields, and actions in different preset profiles. You can run the display system tcam acl template [ name template-name [ group group-name ] | brief ] command to check the preset profile configuration.
Group Name |
Matched Field |
Action |
|---|---|---|
filter |
source-ip, destination-ip, protocol, tos, fragment, tcp-destination-port, tcp-source-port, tcp-flag, udp-destination-port, udp-source-port, vlanif, udf |
deny |
erspan&stat |
source-ip, destination-ip, protocol, tos, fragment, tcp-destination-port, tcp-source-port, tcp-flag, udp-destination-port, udp-source-port, source-interface, udf |
mirror, statistics |
int |
source-ip, destination-ip, protocol, tos, fragment, tcp-destination-port, tcp-source-port, tcp-flag, udp-destination-port, udp-source-port, source-interface, udf |
ioam |
Group Name |
Matched Field |
Action |
|---|---|---|
filter |
source-ip, destination-ip, protocol, tos, fragment, tcp-destination-port, tcp-source-port, tcp-flag, udp-destination-port, udp-source-port, vlanif, udf |
deny |
erspan&stat |
source-ip, destination-ip, protocol, tos, fragment, tcp-destination-port, tcp-source-port, tcp-flag, udp-destination-port, udp-source-port, source-interface, udf |
mirror, statistics |
Prerequisites
The TCAM ACL customization function has been enabled using the system tcam acl command.
system tcam acl
Function
The system tcam acl command enables TCAM ACL customization.
The undo system tcam acl command disables TCAM ACL customization.
By default, TCAM ACL customization is disabled.
Usage Guidelines
To use TCAM ACL customization, run the system tcam acl command to enable TCAM ACL customization.
Example
# Enable TCAM ACL customization.
<HUAWEI> system-view [~HUAWEI] system tcam acl Warning: Enabling the TCAM ACL will cause ACL resources to be replanned. Incorrectly using these commands will cause some services to be unavailable. Therefore, use these commands with the guidance of Huawei engineers. Continue? [Y/N]:
system tcam acl template
Function
The system tcam acl template command creates a TCAM ACL customization profile and displays its view, or directly displays the view of an existing TCAM ACL customization profile.
The undo system tcam acl template command deletes a TCAM ACL customization profile.
By default, no TCAM ACL customization profile is created.
Parameters
Parameter |
Description |
Value |
|---|---|---|
template-name |
Specifies the name of a TCAM ACL customization profile. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value must start with a-z or A-Z. |
Usage Guidelines
Usage Scenario
Before using TCAM ACL customization, run the system tcam acl template command to create a TCAM ACL customization profile.
Prerequisites
The TCAM ACL customization function has been enabled using the system tcam acl command.
Precautions
The device supports a maximum of 16 TCAM ACL customization profiles.
system tcam acl template { slot | all }
Function
The system tcam acl template { slot | all } command applies a TCAM ACL customization profile or preset profile to a specified LPU or all LPUs.
The undo system tcam acl template { slot | all } command deletes a TCAM ACL customization profile or preset profile from a specified LPU or all LPUs.
By default, no TCAM ACL customization profile or preset profile is applied to an LPU.
Format
system tcam acl template template-name { slot slot-id | all }
undo system tcam acl template template-name { slot slot-id | all }
Parameters
Parameter |
Description |
Value |
|---|---|---|
template-name |
Specifies the name of a TCAM ACL customization profile or preset profile. NOTE:
Only the CE12800E configured with FD-X series cards supports the application of a TCAM ACL preset profile to an LPU or the system. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value must be the name of an existing TCAM ACL customization profile or preset profile. |
slot slot-id |
Specifies the slot ID of the LPU where a TCAM ACL customization profile or preset profile is applied. |
The value is an integer or a string of characters. You can enter a question mark (?) and select a value from the displayed value range. |
all |
Indicates all slots. |
- |
Usage Guidelines
Usage Scenario
To implement TCAM ACL customization, you must run the system tcam acl template template-name { slot slot-id | all } command to apply a TCAM ACL customization profile or preset profile to an LPU.
Precautions
If the TCAM ACL customization profile has been applied, the configuration in the profile cannot be modified.
The system tcam acl template template-name { slot slot-id | all } command and the acl sequence retain enable command can not be used together.
- action
- action (policy-group)
- apply-view
- display system tcam acl template
- match ethernet
- match ethernet (policy-group)
- match ipv4 (policy-group)
- match ipv6 (policy-group)
- match vxlan (policy-group)
- match mpls (policy-group)
- match forwarding
- match icmp icmp-type
- match igmp igmp-type
- match ip
- match ipv6
- match mpls
- match tcp
- match udf
- match udp
- group (TCAM ACL customization profile view)
- policy-group
- service
- system tcam acl predefined template
- system tcam acl
- system tcam acl template
- system tcam acl template { slot | all }