How to use traffic policy filter BAS interface traffic?

Customer wanted to filter some traffic for BRAS user, so he configured the traffic policy and applied on bas interface, but the traffic policy did not work. The configuration is below:

acl number 3005

rule 5 permit ip source ip-address 10.1.1.0 0.0.0.255 destination ip-address 172.16.1.0 0.0.255.255

#

traffic classifier BAS-Drop operator or

 if-match acl 3005

#

traffic behavior BAS-Drop

 deny

#

traffic policy BAS-Drop

share-mode

statistics enable

classifier BAS-Drop behavior BAS-Drop

#

#

interface Eth-Trunk1.1

statistic enable

 user-vlan 1 4094 qinq 1 4094

 pppoe-server bind Virtual-Template 1

 traffic-policy BAS-Drop inbound

 bas

 #

  access-type layer2-subscriber

  permit-domain-list Huawei

 #

#

None

1.      Doing the ping test on source device, and checking the traffic statistic.

<HUAWEI> display traffic policy statistics interface eth-trunk1.1 inbound verbose rule-base
interface  :eth-trunk1.1
Traffic policy inbound: BAS-Drop
Rule number: 1
Current status: success
Statistics interval: 300
---------------------------------------------------------------------
Passed | Packets: 0
| Bytes: 0
| Rate(pps): 0
| Rate(bps): 0
---------------------------------------------------------------------
Dropped | Packets: 0
| Bytes: 0
| Rate(pps): 0
| Rate(bps): 0
---------------------------------------------------------------------

From the result, we can see there is no packets matched.

2.      Searching the traffic policy using scenario, in Chinese product document, it descripts like this :

 It means that if traffic policy want to match bas user traffic, the traffic policy should be configured on global. (But in English product document, there is no description about this)

3.      Changing the traffic policy to global, and doing the ping test again. The ping is reachable, and the traffic policy still did not work.

4.      The ACL is advanced ACL, it can’t match the bas user traffic, for bas user traffic, the UCL should be configured, so we changed the ACL to UCL, and then it worked.

For filtering the BAS user traffic, the UCL should be used to match the traffic and configured the traffic policy under global.

Changing the ACL to UCL and match the source as user-group, and apply this traffic policy on global.

acl number 6005

rule 5 permit ip source user-group any destination ip-address 172.16.1.0 0.0.0.255  

#

traffic classifier BAS-Drop operator or

if-match acl 6005

#

traffic behavior BAS-Drop

deny

#

traffic policy BAS-Drop

share-mode

classifier BAS-Drop behavior BAS-Drop

#

traffic-policy BAS-Drop inbound

1. Fow Huawei: Modify the English product document description about this command;

2. Fow User: The BAS interface is different with other port, the global change may affect other traffic, it is recommended asking for support from TAC.