Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Switch to Use the Enhanced Mode When a Traffic Policy Is Applied
Context
- By default, a traffic policy containing IPv4 rules is valid only for Layer 3 packets when it is applied to the outbound direction. You can use the traffic-policyipv4-enhance-mode command to enable the enhanced IPv4 mode on a device when a traffic policy containing IPv4 rules is applied. Then the traffic policy is valid for both Layer 2 and Layer 3 packets when it is applied to the outbound direction.
- By default, when a traffic policy containing IPv6 rules is applied to the outbound direction, the device uses the loopback mode to forward traffic. All traffic on a port is looped back inside the device before being forwarded. You can use the traffic-policyipv6-enhance-mode command to enable the enhanced IPv6 mode on a device when a traffic policy containing IPv6 rules is applied. Then traffic is directly forwarded without being looped back inside the device when the traffic policy is applied to the outbound direction.
The CE12800E does not support this function.
Procedure
- Run system-view
The system view is displayed.
- Run traffic-policy ipv4-enhance-mode { loose | strict } or traffic-policy ipv6-enhance-mode { loose | strict }
The switch is configured to use the enhanced mode when a traffic policy is applied.
By default, the switch is disabled from using the enhanced mode when a traffic policy is applied.
This command is valid for only the new traffic policy. To make this command take effect for existing traffic policies, delete the traffic policies and reconfigure them.
- If the device uses the enhanced mode when a traffic policy is applied, traffic classification rules match only the source IP address, destination IP address, protocol, source port number, destination port number, and TCP flag, and the traffic behavior can only be packet filtering.
- If the device uses the enhanced mode when a traffic policy is applied, traffic policies applied to the VLAN view take effect for Layer 3 IP packets only.
- When the device is configured to use the enhanced mode during application of a traffic policy, the ARP resource allocation mode cannot be set to extend. If the ARP resource allocation mode cannot be set to extend, the device cannot be configured to use the enhanced mode during application of a traffic policy.
- If the device uses the loose enhanced mode when a traffic policy is applied, packets may be incorrectly matched because traffic policies applied in the outbound direction contain overlapping matching rules. For example, if traffic policies p1 and p2, that are applied in the outbound direction, contain a rule for matching 10.1.1.1/32 and a rule for matching 10.1.1.0/24, respectively, packets with the IP address 10.1.1.1/32 may incorrectly match traffic policy p2. In this case, you need to use the strict enhanced mode or modify the matching rules of the traffic policies.
- This command and the acl sequence retain enable command can not be used together.
- Run commit
The configuration is committed.