- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 516.59 KB |
display packet-filter statistics
display packet-filter statistics sum
reset packet-filter statistics
rule (Ethernet frame header ACL view)
Congestion management commands
display qos queue sp interface
display qos queue wrr interface
qos wrr { byte-count | weight }
display qos queue wfq interface
qos wfq { byte-count | weight }
Queue scheduling profile commands
display qos qmprofile configuration
display qos qmprofile interface
Queue-based accounting commands
ACL commands
acl
Use acl to create an ACL, and enter its view. If the ACL has already been created, you directly enter its view.
Use undo acl to delete the specified or all ACLs.
Syntax
acl number acl-number [ name acl-name ] [ match-order { auto | config } ]
undo acl { all | name acl-name | number acl-number }
Default
No ACL exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
number acl-number: Specifies the number of an ACL:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Assigns a name to the ACL for easy identification. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.
match-order: Sets the order in which ACL rules are matched against packets.
· auto: Matches ACL rules in depth-first order. The depth-first order differs with ACL categories. For more information, see ACL and QoS Configuration Guide.
· config: Matches ACL rules in ascending order of rule ID. It is the default match order. The rule with a smaller ID has a higher priority.
all: Specifies all ACLs (IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs).
Usage guidelines
You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name.
You can change the match order only for ACLs that do not contain any rules.
Examples
# Create IPv4 basic ACL 2000, and enter its view.
<Sysname> system-view
[Sysname] acl number 2000
# Create IPv4 basic ACL 2001 with the name flow, and enter its view.
<Sysname> system-view
[Sysname] acl number 2001 name flow
[Sysname-acl-basic-2001-flow]
Related commands
display acl
acl copy
Use acl copy to create an ACL by copying an ACL that already exists.
Syntax
acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
source-acl-number: Specifies an existing source ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name source-acl-name: Specifies an existing source ACL by its name. The source-acl-name argument is a case-insensitive string of 1 to 63 characters. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
dest-acl-number: Assigns a unique number to the ACL you are creating. This number must be from the same ACL category as the source ACL. If no ACL number is specified, the system automatically picks the smallest number from all available numbers in the same ACL category as the source ACL. Available value ranges include:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name dest-acl-name: Assigns a unique name to the ACL you are creating. The dest-acl-name is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. If no ACL name is specified, the system does not name the ACL. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Usage guidelines
The new ACL has the same properties and content as the source ACL, but not the same ACL number and name.
You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name.
Examples
# Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001.
<Sysname> system-view
[Sysname] acl copy 2001 to 2002
acl name
Use acl name to enter the view of an ACL that has a name.
Syntax
acl name acl-name
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-name: Specifies the name of an ACL, a case-insensitive string of 1 to 63 characters. It must start with an English letter. The ACL must already exist. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Examples
# Enter the view of IPv4 basic ACL flow, which already exists.
<Sysname> system-view
[Sysname] acl name flow
[Sysname-acl-basic-2001-flow]
Related commands
acl
description
Use description to configure a description for an ACL.
Use undo description to delete an ACL description.
Syntax
description text
undo description
Default
An ACL has no description.
Views
IPv4 basic/advanced ACL view
Ethernet frame header ACL view
User-defined ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Configures a description for the ACL, a case-sensitive string of 1 to 127 characters.
Examples
# Configure a description for IPv4 basic ACL 2000.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] description This is an IPv4 basic ACL.
Related commands
display acl
display acl
Use display acl to display configuration and match statistics for ACLs.
Syntax
display acl { acl-number | all | name acl-name }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
acl-number: Specifies an ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
all: Displays information about all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Usage guidelines
This command displays ACL rules in config or auto order, whichever is configured.
Examples
# Display configuration and match statistics for IPv4 basic ACL 2001.
<Sysname> display acl 2001
Basic ACL 2001, named flow, 1 rule, match-order is auto,
This is an IPv4 basic ACL.
ACL's step is 5
rule 5 permit source 1.1.1.1 0 (5 times matched)
rule 5 comment This rule is used on FortyGigE 1/0/1.
Table 1 Command output
Field |
Description |
Basic ACL 2001 |
Category and number of the ACL. The following field information is about IPv4 basic ACL 2000. |
named flow |
The name of the ACL is flow. If the ACL is not named, this field displays -none-. |
1 rule |
The ACL contains one rule. |
match-order is auto |
The match order for the ACL is auto, which sorts ACL rules in depth-first order. This field is not present when the match order is config. |
This is an IPv4 basic ACL. |
Description of this ACL. |
ACL's step is 5 |
The rule numbering step is 5. |
rule 5 permit source 1.1.1.1 0 |
Content of rule 5. |
5 times matched |
There have been five matches for the rule. The statistic counts only ACL matches performed in software. This field is not displayed when no packets matched the rule. |
rule 5 comment This rule is used on FortyGigE 1/0/1. |
Comment of ACL rule 5. |
display packet-filter
Use display packet-filter to display application information of ACLs for packet filtering.
Syntax
In standalone mode:
display packet-filter { global [ inbound | outbound ] [ slot slot-number ] | interface [ interface-type interface-number ] [ inbound | outbound ] | interface vlan-interface vlan-interface-number [ inbound | outbound ] [ slot slot-number ] }
In IRF mode:
display packet-filter { global [ inbound | outbound ] [ chassis chassis-number slot slot-number ] | interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ chassis chassis-number slot slot-number ] }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.
interface [ interface-type interface-number ]: Specifies an interface by its type and number. VLAN interfaces are not supported. If no interface is specified, the command displays ACL application information on all interfaces except VLAN interfaces for packet filtering.
interface vlan-interface vlan-interface-number: Specifies a VLAN interface by its number.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
slot slot-number: Specifies a card by its slot number. If no card is specified, the command displays ACL application information on the active MPU for packet filtering. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application information for packet filtering on the global active MPU of the IRF fabric. (In IRF mode.)
Usage guidelines
If you specify neither the inbound keyword nor the outbound keyword, the command displays the ACL application information for packet filtering in both directions.
Examples
# Display ACL application information for inbound packet filtering on interfaces FortyGigE 1/0/1.
<Sysname> display packet-filter interface fortygige 1/0/1 inbound
Interface: FortyGigE1/0/1
In-bound policy:
ACL 2001 , Hardware-count
Table 2 Command output
Field |
Description |
Interface |
Interface to which the ACL applies. |
In-bound policy |
ACL used for filtering incoming traffic. |
ACL 2001 |
IPv4 basic ACL 2001 has been successfully applied. |
Hardware-count |
Successfully enables counting ACL rule matches. |
display packet-filter statistics
Use display packet-filter statistics to display match statistics of ACLs for packet filtering.
Syntax
display packet-filter statistics { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
global: Displays the statistics for all physical interfaces. This keyword is available in Release 1138P01 and later versions.
interface interface-type interface-number: Displays the statistics of an interface specified by its type and number.
inbound: Displays the statistics in the inbound direction.
outbound: Displays the statistics in the outbound direction.
acl-number: Specifies the number of an ACL:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
brief: Displays brief statistics.
Usage guidelines
When neither acl-number nor name acl-name is specified, this command displays match statistics of all ACLs for packet filtering.
Examples
# Display match statistics of all ACLs for inbound packet filtering on FortyGigE 1/0/1.
<Sysname> display packet-filter statistics interface fortygige 1/0/1 inbound
Interface: FortyGigE1/0/1
In-bound policy:
ACL 2001, Hardware-count
From 2013-06-09 13:31:00 to 2013-06-09 13:31:42
rule 0 permit source 2.2.2.2 0
rule 5 permit source 1.1.1.1 0
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied
Table 3 Command output
Field |
Description |
Interface |
Interface to which the ACL applies. |
In-bound policy |
ACL used for filtering incoming traffic. |
ACL 2001 |
IPv4 basic ACL 2001 has been successfully applied. |
Hardware-count |
Successfully enables counting ACL rule matches. |
From 2013-06-09 13:31:00 to 2013-06-09 13:31:42 |
Start time and end time of the statistics. |
Totally 0 packets permitted, 0 packets denied |
Number of packets permitted and denied by the ACL. |
Totally 0% permitted, 0% denied |
Ratios of permitted and denied packets to all packets. |
Related commands
reset packet-filter statistics
display packet-filter statistics sum
Use display packet-filter statistics sum to display accumulated packet filtering ACL statistics.
Syntax
display packet-filter statistics sum { inbound | outbound } { acl-number | name acl-name } [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
inbound: Displays the statistics in the inbound direction.
outbound: Displays the statistics in the outbound direction.
acl-number: Specifies the number of an ACL:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
brief: Displays brief accumulated packet filtering ACL statistics.
Examples
# Display accumulated packet filtering ACL statistics of IPv4 basic ACL 2001 for incoming packets.
<Sysname> display packet-filter statistics sum inbound 2001
Sum:
In-bound policy:
ACL 2001
rule 0 permit source 2.2.2.2 0 (2 packets)
rule 5 permit source 1.1.1.1 0
Totally 0 packets permitted, 0 packets denied
Totally 0% permitted, 0% denied
Table 4 Command output
Field |
Description |
Sum |
Accumulated packet filtering ACL statistics. |
In-bound policy |
Accumulated ACL statistics used for filtering incoming traffic. |
ACL 2001 |
Accumulated ACL statistics used for IPv4 basic ACL 2001. |
2 packets |
Two packets matched the rule. This field is not displayed when no packets matched the rule. |
Totally 0 packets permitted, 0 packets denied |
Number of packets permitted and denied by the ACL. |
Totally 0% permitted, 0% denied |
Ratios of permitted and denied packets to all packets. |
Related commands
reset packet-filter statistics
display packet-filter verbose
Use display packet-filter verbose to display application details of ACLs for packet filtering.
Syntax
In standalone mode:
display packet-filter verbose { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ slot slot-number ]
In IRF mode:
display packet-filter verbose { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.
interface interface-type interface-number: Specifies an interface by its type and number.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
acl-number: Specifies the number of an ACL:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
slot slot-number: Specifies a card by its slot number. If no card is specified, the command displays ACL application details on the active MPU for packet filtering. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application details for packet filtering on the global active MPU of the IRF fabric. (In IRF mode.)
Usage guidelines
When neither acl-number nor name acl-name is specified, this command displays application details of all ACLs for packet filtering.
Examples
# Display application details of all ACLs for inbound packet filtering on FortyGigE 1/0/1.
<Sysname> display packet-filter verbose interface fortygige 1/0/1 inbound
Interface: FortyGigE1/0/1
In-bound policy:
ACL 2001, Hardware-count
rule 0 permit source 2.2.2.2 0
rule 5 permit source 1.1.1.1 0
Table 5 Command output
Field |
Description |
Interface |
Interface to which the ACL applies. |
In-bound policy |
ACL used for filtering incoming traffic. |
ACL 2001 |
IPv4 basic ACL 2001 has been successfully applied. |
Hardware-count |
Successfully enables counting ACL rule matches. |
display qos-acl resource
Use display qos-acl resource to display QoS and ACL resource usage.
Syntax
In standalone mode:
display qos-acl resource [ slot slot-number ]
In IRF mode:
display qos-acl resource [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Specifies a card by its slot number. If no slot is specified, the command displays ACL QoS and ACL resource usage on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays QoS and ACL resource usage on all cards of the IRF fabric. (In IRF mode.)
Usage guidelines
The command does not display any usage data if the specified card or IRF member device does not support counting QoS and ACL resource.
Examples
# Display QoS and ACL resource usage.
<Sysname> display qos-acl resource
Interfaces: FGE1/0/1 to FGE1/0/6
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
IFP ACL 23040 4608 0 18432 20%
IFP Meter 30720 48 0 30672 0%
IFP Counter 8191 49 0 8142 0%
EFP ACL 9216 0 0 9216 0%
Interfaces: FGE1/0/7 to FGE1/0/12
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
IFP ACL 23040 4608 0 18432 20%
IFP Meter 30720 48 0 30672 0%
IFP Counter 8191 49 0 8142 0%
EFP ACL 9216 0 0 9216 0%
Table 6 Command output
Field |
Description |
Interfaces |
Interface range for the resource. |
Type |
Resource type: · IFP ACL—ACL rules applied to inbound traffic. · IFP Meter—Traffic policing rules for inbound traffic. · IFP Counter—Traffic counting rules for inbound traffic. · EFP ACL—ACL rules applied to outbound traffic. |
Total |
Total number of resource. |
Reserved |
Number of reserved resource. |
Configured |
Number of resource that has been applied. |
Remaining |
Number of resource that you can apply. |
Usage |
Percent of the configured and reserved resources to the total resources. If the percent is a non-integer, this field displays the integer part. For example, if the actual usage is 50.8%, this field displays 50%. |
packet-filter
Use packet-filter to apply an ACL to an interface to filter packets.
Use undo packet-filter to remove an ACL application from an interface.
Syntax
packet-filter { acl-number | name acl-name } { inbound | outbound } [ extension ] [ hardware-count ]
undo packet-filter { acl-number | name acl-name } { inbound | outbound }
Default
An interface does not filter packets.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-number: Specifies an ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
inbound: Filters incoming packets.
outbound: Filters outgoing packets.
extension: Uses TCAM resources for packet filtering. This keyword is available in Release 1138P01 and later versions.
hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.
Usage guidelines
To use the extension keyword, make sure you have set the TCAM operating mode to ACL. For more information about the TCAM operating modes, see Fundamentals Configuration Guide.
Examples
# Apply IPv4 basic ACL 2001 to filter incoming traffic on FortyGigE 1/0/1, and enable counting ACL rule matches performed in hardware.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] packet-filter 2001 inbound hardware-count
· display packet-filter
· display packet-filter statistics
· display packet-filter verbose
packet-filter default deny
Use packet-filter default deny to set the packet filtering default action to deny. The packet filter denies packets that do not match any ACL rule.
Use undo packet-filter default deny to restore the default.
Syntax
packet-filter default deny
undo packet-filter default deny
Default
The packet filter permits packets that do not match any ACL rule.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The packet filter applies the default action to all ACL applications for packet filtering. The default action appears in the display command output for packet filtering.
Examples
# Set the packet filter default action to deny.
<Sysname> system-view
[Sysname] packet-filter default deny
Related commands
· display packet-filter
· display packet-filter statistics
· display packet-filter verbose
packet-filter global
Use packet-filter global to apply an ACL to filter packets globally.
Use undo packet-filter global to remove an ACL application for global packet filtering.
Syntax
packet-filter { acl-number | name acl-name } global { inbound | outbound } [ hardware-count ]
undo packet-filter { acl-number | name acl-name } global { inbound | outbound }
Default
No ACL is applied to filter packets globally.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-number: Specifies an ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
inbound: Filters incoming packets.
outbound: Filters outgoing packets.
hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Apply IPv4 basic ACL 2001 to filter incoming traffic on all physical interfaces, and enable counting ACL rule matches performed in hardware.
<Sysname> system-view
[Sysname] packet-filter 2001 global inbound hardware-count
Related commands
· display packet-filter
· display packet-filter statistics
· display packet-filter verbose
reset acl counter
Use reset acl counter to clear statistics for ACLs.
Syntax
reset acl counter { acl-number | all | name acl-name }
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-number: Specifies an ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
all: Clears statistics for all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
name acl-name: Clears statistics of an ACL specified by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Examples
# Clear statistics for IPv4 basic ACL 2001.
<Sysname> reset acl counter 2001
Related commands
display acl
reset packet-filter statistics
Use reset packet-filter statistics to clear the match statistics (including the accumulated statistics) of ACLs for packet filtering.
Syntax
reset packet-filter statistics { global | interface [ interface-type interface-number ] } { inbound | outbound } [ acl-number | name acl-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, the command clears packet filtering ACL statistics on all interfaces.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
acl-number: Specifies an ACL by its number:
· 2000 to 2999 for IPv4 basic ACLs.
· 3000 to 3999 for IPv4 advanced ACLs.
· 4000 to 4999 for Ethernet frame header ACLs.
· 5000 to 5999 for user-defined ACLs.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Usage guidelines
When neither acl-number nor name acl-name is specified, this command clears the match statistics of all ACLs for packet filtering.
Examples
# Clear IPv4 basic ACL 2001 statistics for inbound packet filtering of FortyGigE 1/0/1.
<Sysname> reset packet-filter statistics interface fortygige 1/0/1 inbound 2001
Related commands
· display packet-filter statistics
· display packet-filter statistics sum
rule (Ethernet frame header ACL view)
Use rule to create or edit an Ethernet frame header ACL rule.
Use undo rule to delete an Ethernet frame header ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } [ cos vlan-pri | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] *
undo rule rule-id [ counting | time-range ] *
Default
An Ethernet frame header ACL does not contain any rule.
Views
Ethernet frame header ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is specified when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
cos vlan-pri: Matches an 802.1p priority. The vlan-pri argument can be a number in the range of 0 to 7, or in words, best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5), voice (6), or network-management (7).
counting: Counts the number of times the Ethernet frame header ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.
dest-mac dest-address dest-mask: Matches a destination MAC address range. The dest-address and dest-mask arguments represent a destination MAC address and mask in the H-H-H format.
lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask.
type protocol-type protocol-type-mask: Matches one or more protocols in the Ethernet frame header. The protocol-type argument is a 16-bit hexadecimal number that represents a protocol type in Ethernet_II and Ethernet_SNAP frames. The protocol-type-mask argument is a 16-bit hexadecimal number that represents a protocol type mask.
source-mac source-address source-mask: Matches a source MAC address range. The source-address argument represents a source MAC address, and the sour-mask argument represents a mask in the H-H-H format.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
Usage guidelines
When you configure an Ethernet frame header ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:
· With the lsap keyword specified, the lsap-type argument must be AAAA and the lsap-type-mask argument must be FFFF. Otherwise, the ACL cannot be applied successfully.
· If the ACL is used in the outbound direction, you cannot specify the lsap, type, and counting keywords.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.
You can edit ACL rules only when the match order is config. If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.
To view rules in existing ACLs, use the display acl all command.
Examples
# Create a rule in Ethernet frame header ACL 4000 to deny packets with source MAC address prefix 000f-e2.
<Sysname> system-view
[Sysname] acl number 4000
[Sysname-acl-ethernetframe-4000] rule deny source-mac 000f-e200-0000 ffff-ff00-0000
Related commands
· acl
· display acl
· step
· time-range
rule (IPv4 advanced ACL view)
Use rule to create or edit an IPv4 advanced ACL rule.
Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | { dscp dscp | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | qos-local-id local-id-value | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | { dscp | { precedence | tos } * } | fragment | icmp-type | qos-local-id | source | source-port | time-range | vpn-instance ] *
Default
An IPv4 advanced ACL does not contain any rule.
Views
IPv4 advanced ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Specifies one of the following values:
· A protocol number in the range of 0 to 255.
· A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17). The ip keyword specifies all protocols.
Table 7 describes the parameters that you can specify regardless of the value for the protocol argument.
Table 7 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters |
Function |
Description |
source { source-address source-wildcard | any } |
Specifies a source address. |
The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. The any keyword specifies any source IP address. |
destination { dest-address dest-wildcard | any } |
Specifies a destination address. |
The dest-address dest-wildcard arguments represent a destination IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. The any keyword represents any destination IP address. |
counting |
Counts the number of times the IPv4 advanced ACL rule has been matched. |
The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted. |
precedence precedence |
Specifies an IP precedence value. |
The precedence argument can be a number in the range of 0 to 7, or in words: routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), or network (7). |
tos tos |
Specifies a ToS preference. |
The tos argument can be a number in the range of 0 to 15, or in words: max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0). |
dscp dscp |
Specifies a DSCP priority. |
The dscp argument can be a number in the range of 0 to 63, or in words: af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). |
fragment |
Applies the rule to fragments. |
Without this keyword, the rule applies to all fragments and non-fragments. |
time-range time-range-name |
Specifies a time range for the rule. |
The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide. |
qos-local-id local-id-value |
Specifies a QoS local ID. |
The value range for the local-id-value argument is 1 to 4095. By default, no QoS local ID is specified. For more information about the QoS local ID, see the routing policy in Layer 3—IP Routing Configuration Guide. This option is available in Release 1138P01 and later versions. |
vpn-instance vpn-instance-name |
Applies the rule to an MPLS L3VPN instance. |
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the rule applies to both VPN packets and non-VPN packets. |
If the protocol argument is tcp (6) or udp (7), set the parameters shown in Table 8.
Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters |
Function |
Description |
source-port operator port1 [ port2 ] |
Specifies one or more UDP or TCP source ports. |
The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. port2 is needed only when the operator argument is range. TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177). If the domain keyword is used to specify a TCP destination port, it is saved as dns in the configuration file. |
destination-port operator port1 [ port2 ] |
Specifies one or more UDP or TCP destination ports. |
|
{ ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * |
Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG. |
Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ANDed. For example, a rule configured with ack 0 psh 1 matches packets that have the ACK flag bit not set and the PSH flag bit set. |
established |
Specifies the flags for indicating the established status of a TCP connection. |
Parameter specific to TCP. The rule matches TCP connection packets with the ACK or RST flag bit set. |
If the protocol argument is icmp (1), set the parameters shown in Table 9.
Table 9 ICMP-specific parameters for IPv4 advanced ACL rules
Parameters |
Function |
Description |
icmp-type { icmp-type icmp-code | icmp-message } |
Specifies the ICMP message type and code. |
The icmp-type argument is in the range of 0 to 255. The icmp-code argument is in the range of 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 10. |
Table 10 ICMP message names supported in IPv4 advanced ACL rules
ICMP message name |
ICMP message type |
ICMP message code |
echo |
8 |
0 |
echo-reply |
0 |
0 |
fragmentneed-DFset |
3 |
4 |
host-redirect |
5 |
1 |
host-tos-redirect |
5 |
3 |
host-unreachable |
3 |
1 |
information-reply |
16 |
0 |
information-request |
15 |
0 |
net-redirect |
5 |
0 |
net-tos-redirect |
5 |
2 |
net-unreachable |
3 |
0 |
parameter-problem |
12 |
0 |
port-unreachable |
3 |
3 |
protocol-unreachable |
3 |
2 |
reassembly-timeout |
11 |
1 |
source-quench |
4 |
0 |
source-route-failed |
3 |
5 |
timestamp-reply |
14 |
0 |
timestamp-request |
13 |
0 |
ttl-exceeded |
11 |
0 |
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.
You can edit ACL rules only when the match order is config.
If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.
To view rules in existing ACLs, use the display acl all command.
When you configure an IPv4 advanced ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:
· Do not specify the vpn-instance vpn-instance-name option.
· Do not specify neq for the operator argument.
· Do not specify gt, lt, or range for the operator argument, nor specify the counting keyword if the ACL is for outbound application.
· The ACL takes effect only on packets forwarded at Layer 3 if it is for outbound application.
Examples
# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from 129.9.0.0/16 to 202.38.160.0/24.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80
# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for 192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255
[Sysname-acl-adv-3001] rule permit ip
# Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets.
<Sysname> system-view
[Sysname] acl number 3002
[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp
[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp-data
[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp
[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp-data
# Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.
<Sysname> system-view
[Sysname] acl number 3003
[Sysname-acl-adv-3003] rule permit udp source-port eq snmp
[Sysname-acl-adv-3003] rule permit udp source-port eq snmptrap
[Sysname-acl-adv-3003] rule permit udp destination-port eq snmp
[Sysname-acl-adv-3003] rule permit udp destination-port eq snmptrap
Related commands
· acl
· display acl
· step
· time-range
rule (IPv4 basic ACL view)
Use rule to create or edit an IPv4 basic ACL rule.
Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } [ counting | fragment | source { source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ counting | fragment | source | time-range | vpn-instance ] *
Default
An IPv4 basic ACL does not contain any rule.
Views
IPv4 basic ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
counting: Counts the number of times the IPv4 basic ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.
fragment: Applies the rule to fragments. A rule without this keyword applies to both fragments and non-fragments.
source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard mask of zeros specifies a host address. The any keyword represents any source IP address.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
vpn-instance vpn-instance-name: Applies the rule to an MPLS L3VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the rule applies to both VPN packets and non-VPN packets.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.
You can edit ACL rules only when the match order is config.
If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.
To view rules in existing ACLs, use the display acl all command.
When you configure an IPv4 basic ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:
· Do not specify the vpn-instance vpn-instance-name option.
· Do not specify the counting keyword if the ACL is for outbound application.
· The ACL takes effect only on packets forwarded at Layer 3 if it is for outbound application.
Examples
# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8, 172.17.0.0/16, or 192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.0.0.0 0.255.255.255
[Sysname-acl-basic-2000] rule permit source 172.17.0.0 0.0.255.255
[Sysname-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Sysname-acl-basic-2000] rule deny source any
Related commands
· acl
· display acl
· step
· time-range
rule (user-defined ACL view)
Use rule to create or edit a user-defined ACL rule.
Use undo rule to delete a user-defined ACL rule.
Syntax
rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask offset }&<1-8> ] [ counting | time-range time-range-name ] *
undo rule rule-id
Default
A user-defined ACL does not contain any rule.
Views
User-defined ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
l2: Specifies that the offset is relative to the beginning of the Layer 2 frame header.
rule-string: Defines a match pattern in hexadecimal format. Its length must be a multiple of two.
rule-mask: Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. A match pattern mask is used for ANDing the selected string of a packet.
offset: Specifies an offset in bytes after which the match operation begins.
&<1-8>: Specifies that up to eight match patterns can be defined in the ACL rule.
counting: Counts the times the rule is matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created or changed.
To view rules in existing ACLs, use the display acl all command.
A user-defined ACL cannot be used for outbound QoS traffic classification or outbound packet filtering.
Examples
# Create a rule for user-defined ACL 5005 to permit packets in which the 13th and 14th bytes starting from the Layer 2 header are 0x0806 (the ARP packets).
<Sysname> system-view
[Sysname] acl number 5005
[Sysname-acl-user-5005] rule permit l2 0806 ffff 12
Related commands
· acl
· display acl
· time-range
rule comment
Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand.
Use undo rule comment to delete an ACL rule comment.
Syntax
rule rule-id comment text
undo rule rule-id comment
Default
An ACL has not rule comment.
Views
IPv4 basic/advanced ACL view
Ethernet frame header ACL view
User-defined ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
rule-id: Specifies an ACL rule ID in the range of 0 to 65534. The ACL rule must already exist.
text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters.
Examples
# Create a rule for IPv4 basic ACL 2000, and add a comment about the rule.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0
[Sysname-acl-basic-2000] rule 0 comment This rule is used for telnet.
Related commands
display acl
step
Use step to set a rule numbering step for an ACL.
Use undo step to restore the default.
Syntax
step step-value
undo step
Default
The rule numbering step is five.
Views
IPv4 basic/advanced ACL view, Ethernet frame header ACL view
Predefined user roles
network-admin
mdc-admin
Parameters
step-value: ACL rule numbering step in the range of 1 to 20.
Usage guidelines
The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert between two rules. Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2, 4, 6, and 8.
Examples
# Set the rule numbering step to 2 for IPv4 basic ACL 2000.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] step 2
Related commands
display acl
QoS policy commands
Traffic class commands
display traffic classifier
Use display traffic classifier to display traffic classes.
Syntax
In standalone mode:
display traffic classifier user-defined [ classifier-name ] [ slot slot-number ]
In IRF mode:
display traffic classifier user-defined [ classifier-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
user-defined: Displays user-defined traffic classes.
classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the traffic classes on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic classes on all cards of all member devices. (In IRF mode.)
Examples
# Display all user-defined traffic classes.
<Sysname> display traffic classifier user-defined
User-defined classifier information:
Classifier: 1 (ID 100)
Operator: AND
Rule(s) :
If-match acl 2000
Classifier: 2 (ID 101)
Operator: AND
Rule(s) :
If-match protocol ip
Classifier: 3 (ID 102)
Operator: AND
Rule(s) :
-none-
Field |
Description |
Classifier |
Traffic class name and its match criteria. |
Operator |
Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria. |
Rule(s) |
Match criteria. |
if-match
Use if-match to define a match criterion.
Use undo if-match to delete a match criterion.
Syntax
if-match match-criteria
undo if-match match-criteria
Default
No match criterion is configured.
Views
Traffic class view
Predefined user roles
network-admin
mdc-admin
Parameters
match-criteria: Specifies a match criterion. Table 12 shows the available match criteria.
Table 12 Available match criteria
Option |
Description |
acl { acl-number | name acl-name } |
Matches an ACL. The acl-number argument has the following value ranges: · 2000 to 3999 for IPv4 ACLs. · 4000 to 4999 for Ethernet frame header ACLs. · 5000 to 5999 for user-defined ACLs. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all. |
any |
Matches all packets. |
destination-mac mac-address |
Matches a destination MAC address. |
dscp dscp-value&<1-8> |
Matches DSCP values. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 14. |
ip-precedence ip-precedence-value&<1-8> |
Matches IP precedence. The ip-precedence-value&<1-8> argument specifies a space-separated list of up to eight IP precedence values. The value range for the ip-precedence-value argument is 0 to 7. |
protocol protocol-name |
Matches a protocol. The protocol-name argument can only be ip. |
service-dot1p dot1p-value&<1-8> |
Matches 802.1p priority values in outer VLAN tags. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7. |
service-vlan-id vlan-id-list |
Matches VLAN IDs in outer VLAN tags. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be equal to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. |
source-mac mac-address |
Matches a source MAC address. |
Usage guidelines
To configure multiple values for a match criterion, perform the following tasks:
1. Set the logical operator to OR.
2. Configure multiple if-match commands for the match criterion.
For the service-vlan-id match criterion, you can configure multiple values in one if-match command when the logical operator is OR or AND.
To delete multiple values configured in one if-match command, make sure the values specified in the undo if-match command are the same as the configured values. The order of values can be different.
When you configure ACL-based match criteria for a traffic class, follow these restrictions and guidelines:
· If the ACL used as a match criterion does not exist, the QoS policy that uses the traffic class cannot be applied correctly.
· You can add two if-match statements that use the same ACL as the match criterion. In one statement, specify the ACL by its name. In the other statement, specify the ACL by its number.
· If the configured logical operator is AND for the traffic class, the actual logical operator for the rules in an ACL is OR.
Examples
# Define a match criterion for traffic class class1 to match the packets with their destination MAC addresses as 0050-ba27-bed3.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3
# Define a match criterion for traffic class class2 to match the packets with their source MAC addresses as 0050-ba27-bed2.
<Sysname> system-view
[Sysname] traffic classifier class2
[Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2
# Define a match criterion for traffic class class1 to match the packets with 802.1p priority 5 in outer VLAN tags.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match service-dot1p 5
# Define a match criterion for traffic class class1 to match the advanced ACL 3101.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match acl 3101
# Define a match criterion for traffic class class1 to match the ACL named flow.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match acl name flow
# Define a match criterion for traffic class class1 to match all packets.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match any
# Define a match criterion for traffic class class1 to match the packets with their DSCP values as 1, 6, or 9.
<Sysname> system-view
[Sysname] traffic classifier class1 operator or
[Sysname-classifier-class1] if-match dscp 1
[Sysname-classifier-class1] if-match dscp 6
[Sysname-classifier-class1] if-match dscp 9
# Define a match criterion for traffic class class1 to match the packets with their IP precedence values as 1 or 6.
<Sysname> system-view
[Sysname] traffic classifier class1 operator or
[Sysname-classifier-class1] if-match ip-precedence 1
[Sysname-classifier-class1] if-match ip-precedence 6
# Define a match criterion for traffic class class1 to match IP packets.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match protocol ip
# Define a match criterion for traffic class class1 to match the packets with VLAN ID 2, 7, or 10 in outer VLAN tags.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1] if-match service-vlan-id 2 7 10
traffic classifier
Use traffic classifier to create a traffic class and enter traffic class view.
Use undo traffic classifier to delete a traffic class.
Syntax
traffic classifier classifier-name [ operator { and | or } ]
undo traffic classifier classifier-name
Default
No traffic class exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
classifier-name: Specifies a traffic class name, a case-sensitive string of 1 to 31 characters.
operator: Sets the operator to logic AND (the default) or OR for the traffic class.
and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria.
or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria.
Examples
# Create a traffic class class1.
<Sysname> system-view
[Sysname] traffic classifier class1
[Sysname-classifier-class1]
Related commands
display traffic classifier
Traffic behavior commands
accounting
Use accounting to configure the traffic accounting action in a traffic behavior.
Use undo accounting to delete the traffic accounting action from a traffic behavior.
Syntax
accounting [ byte | packet ]
undo accounting
Default
No traffic accounting action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
byte: Counts traffic in bytes.
packet: Counts traffic in packets.
Examples
# Configure a traffic accounting action in traffic behavior database to count traffic in bytes.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] accounting byte
car
Use car to configure a CAR action in a traffic behavior.
Use undo car to delete a CAR action from a traffic behavior.
Syntax
car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
undo car
Default
No CAR action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which specifies an average traffic rate. The value range for the committed-information-rate argument is an integral multiple of 8 between 8 and 160000000.
cbs committed-burst-size: Specifies the committed burst size (CBS) in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 256000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. When the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product. A default value greater than 256000000 is converted to 256000000.
ebs excess-burst-size: Specifies the excess burst size (EBS) in bytes. The value range for the excess-burst-size argument is an integral multiple of 512 between 0 and 256000000, and the default value is 512.
pir peak-information-rate: Specifies the peak information rate (PIR) in kbps. The value range for the peak-information-rate argument is an integral multiple of 8 between 8 and 160000000. If the PIR is configured, two rates are used for traffic policing. Otherwise, one rate is used.
Usage guidelines
A QoS policy that references the traffic behavior can be applied in either the inbound direction or outbound direction of an interface.
If you configure the car command multiple times in the same traffic behavior, the most recent configuration takes effect.
Examples
# Configure a CAR action in traffic behavior database:
· Set the CIR to 256 kbps, CBS to 51200 bytes, and EBS to 0.
· Forward the conforming packets, and drop the excess packets.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] car cir 256 cbs 51200 ebs 0
display traffic behavior
Use display traffic behavior to display traffic behaviors.
Syntax
In standalone mode:
display traffic behavior user-defined [ behavior-name ] [ slot slot-number ]
In IRF mode:
display traffic behavior user-defined [ behavior-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
user-defined: Displays user-defined traffic behaviors.
behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic behavior, this command displays all traffic behaviors.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the traffic behaviors on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic behaviors on all cards of all member devices. (In IRF mode.)
Examples
# Display all user-defined traffic behaviors.
<Sysname> display traffic behavior user-defined
User-defined behavior information:
Behavior: 1 (ID 100)
Marking:
Remark dscp 3
Committed Access Rate:
CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)
Green action: pass
Yellow action: pass
Red action: discard
Behavior: 2 (ID 101)
Accounting enable: Packet
Filter enable: Permit
Marking:
Remark dot1p 1
Behavior: 3 (ID 102)
-none-
Field |
Description |
Behavior |
Name and contents of a traffic behavior. |
Marking |
Information about priority marking. |
Remark dscp |
Action of setting the DSCP value for packets. |
Committed Access Rate |
Information about the CAR action. |
Green action |
Action to take on green packets. |
Yellow action |
Action to take on yellow packets. |
Red action |
Action to take on red packets. |
Accounting enable |
Traffic accounting action. |
Filter enable |
Traffic filtering action. |
none |
No other traffic behavior is configured. |
filter
Use filter to configure a traffic filtering action in a traffic behavior.
Use undo filter to delete a traffic filtering action from a traffic behavior.
Syntax
filter { deny | permit }
undo filter
Default
No traffic filtering action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
deny: Drops packets.
permit: Transmits the packets.
Examples
# Configure a traffic filtering action as deny in traffic behavior database.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] filter deny
redirect
Use redirect to configure a traffic redirecting action in the traffic behavior.
Use undo redirect to delete the traffic redirecting action.
Syntax
redirect { cpu | interface interface-type interface-number }
undo redirect { cpu | interface interface-type interface-number }
Default
No traffic redirecting action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
cpu: Redirects traffic to the CPU.
interface: Redirects traffic to an interface.
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Redirecting traffic to CPU and redirecting traffic to an interface are mutually exclusive with each other in the same traffic behavior. The last redirecting action configured takes effect.
Examples
# Configure redirecting traffic to FortyGigE 1/0/1 in traffic behavior database.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] redirect interface fortygige1/0/1
Related commands
· classifier behavior
· qos policy
· traffic behavior
remark dscp
Use remark dscp to configure a DSCP marking action.
Use undo remark dscp to restore the default.
Syntax
remark dscp dscp-value
undo remark dscp
Default
No DSCP marking action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
dscp-value: DSCP value, which can be a number from 0 to 63 or a keyword in Table 14.
Table 14 DSCP keywords and values
Keyword |
DSCP value (binary) |
DSCP value (decimal) |
default |
000000 |
0 |
af11 |
001010 |
10 |
af12 |
001100 |
12 |
af13 |
001110 |
14 |
af21 |
010010 |
18 |
af22 |
010100 |
20 |
af23 |
010110 |
22 |
af31 |
011010 |
26 |
af32 |
011100 |
28 |
af33 |
011110 |
30 |
af41 |
100010 |
34 |
af42 |
100100 |
36 |
af43 |
100110 |
38 |
cs1 |
001000 |
8 |
cs2 |
010000 |
16 |
cs3 |
011000 |
24 |
cs4 |
100000 |
32 |
cs5 |
101000 |
40 |
cs6 |
110000 |
48 |
cs7 |
111000 |
56 |
ef |
101110 |
46 |
Usage guidelines
A DSCP marking action takes effect only on incoming IP packets that are forwarded at Layer 3 by the local switch.
Examples
# Configure traffic behavior database to mark matching traffic with DSCP 6.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] remark dscp 6
remark local-precedence
Use remark local-precedence to configure a local precedence marking action.
Use undo remark local-precedence to delete the action.
Syntax
remark local-precedence local-precedence-value
undo remark local-precedence
Default
No local precedence marking action is configured.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
local-precedence-value: Sets the local precedence to be marked for packets, which ranges from 0 to 7.
Examples
# Configure traffic behavior database to mark matching traffic with local precedence 2.
<Sysname> system-view
[Sysname] traffic behavior database
[Sysname-behavior-database] remark local-precedence 2
traffic behavior
Use traffic behavior to create a traffic behavior and enter traffic behavior view.
Use undo traffic behavior to delete a traffic behavior.
Syntax
traffic behavior behavior-name
undo traffic behavior behavior-name
Default
No traffic behavior exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
behavior-name: Sets a traffic behavior name, a case-sensitive string of 1 to 31 characters.
Examples
# Create a traffic behavior named behavior1.
<Sysname> system-view
[Sysname] traffic behavior behavior1
[Sysname-behavior-behavior1]
Related commands
display traffic behavior
QoS policy commands
classifier behavior
Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy.
Use undo classifier to remove a traffic class from the QoS policy.
Syntax
classifier classifier-name behavior behavior-name [ mode dcbx | insert-before before-classifier-name ] *
undo classifier classifier-name
Default
No traffic behavior is associated with a traffic class.
Views
QoS policy view
Predefined user roles
network-admin
mdc-admin
Parameters
classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.
behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters.
mode dcbx: Specifies that the class-behavior association applies only to DCBX. For more information about DCBX, see Layer 2—LAN Switching Configuration Guide.
insert-before before-classifier-name: Inserts the new traffic class before an existing traffic class in the QoS policy. The before-classifier-name argument specifies an existing traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify the insert-before before-classifier-name option, the new traffic class is placed at the end of the QoS policy.
Usage guidelines
A traffic class can associate with only one traffic behavior in a QoS policy.
If the specified traffic class or traffic behavior does not exist, the system defines a null traffic class or traffic behavior.
The insert-before keyword cannot be specified for an existing traffic class.
Examples
# Associate traffic class database with traffic behavior test in QoS policy user1.
<Sysname> system-view
[Sysname] qos policy user1
[Sysname-qospolicy-user1] classifier database behavior test
Related commands
qos policy
display qos policy
Use display qos policy to display user-defined QoS policies.
Syntax
In standalone mode:
display qos policy user-defined [ policy-name [ classifier classifier-name ] ] [ slot slot-number ]
In IRF mode:
display qos policy user-defined [ policy-name [ classifier classifier-name ] ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
user-defined: Displays user-defined QoS policies.
policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a QoS policy, this command displays all user-defined QoS policies.
classifier classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the QoS policies on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the QoS policies on all cards of all member devices. (In IRF mode.)
Examples
# Display all user-defined QoS policies.
<Sysname> display qos policy user-defined
User-defined QoS policy information:
Policy: 1 (ID 100)
Classifier: 1 (ID 0)
Behavior: 1
Marking:
Remark dscp 3
Committed Access Rate:
CIR 112 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)
Classifier: 2 (ID 101)
Behavior: 2
Accounting enable: Packet
Filter enable: Permit
Marking:
Remark dot1p 1
Classifier: 3 (ID 102)
Behavior: 3
-none-
display qos policy global
Use display qos policy global to display global QoS policies.
Syntax
In standalone mode:
display qos policy global [ slot slot-number ] [ inbound | outbound ]
In IRF mode:
display qos policy global [ chassis chassis-number slot slot-number ] [ inbound | outbound ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
inbound: Displays the inbound global QoS policy. An inbound global QoS policy applies to the incoming traffic globally.
outbound: Displays the outbound global QoS policy. An outbound global QoS policy applies to the outgoing traffic globally.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the global QoS policies on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the global QoS policies on the global active MPU. (In IRF mode.)
Usage guidelines
If you do not specify a direction, this command displays both inbound and outbound global QoS policies.
Examples
# Display the inbound global QoS policy.
<Sysname> display qos policy global inbound
Direction: Inbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) : If-match acl 2000
Behavior: 1
Marking:
Remark dscp 3
Committed Access Rate:
CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)
Green packets: 0(Packets)
Red packets: 0(Packets)
Classifier: 2
Operator: AND
Rule(s) : If-match protocol ip
Behavior: 2
Accounting enable:
0 (Packets)
Filter enable: Permit
Marking:
Remark dot1p 1
Table 15 Command output
Field |
Description |
Direction |
Direction (inbound or outbound ) in which the QoS policy is applied. |
Green packets |
Statistics about green packets. |
Red packets |
Statistics about red packets. |
For the description of other fields, see Table 11 and Table 13.
display qos policy interface
Use display qos policy interface to display QoS policies applied to interfaces.
Syntax
display qos policy interface [ interface-type interface-number ] [ inbound | outbound ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
inbound: Displays QoS policies applied to incoming traffic.
outbound: Displays QoS policies applied to outgoing traffic.
Usage guidelines
If you do not specify a direction, this command displays the QoS policy applied to the incoming traffic and the QoS policy applied to the outgoing traffic.
Examples
# Display the QoS policy applied to the incoming traffic of FortyGigE 1/0/1.
<Sysname> display qos policy interface fortygige 1/0/1 inbound
Interface: FortyGigE1/0/1
Direction: Inbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) : If-match acl 2000
Behavior: 1
Marking:
Remark dscp 3
Committed Access Rate:
CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)
Green packets: 0(Packets)
Red packets: 0(Packets)
Classifier: 2
Operator: AND
Rule(s) : If-match protocol ip
Behavior: 2
Accounting enable:
0 (Packets)
Filter enable: Permit
Marking:
Remark dot1p 1
Table 16 Command output
Field |
Description |
Direction |
Direction in which the QoS policy is applied to the interface. |
Green packets |
Traffic statistics for green packets. |
Red packets |
Traffic statistics for red packets. |
For the description of other fields, see Table 11 and Table 13.
display qos vlan-policy
Use display qos vlan-policy to display QoS policies applied to VLANs.
Syntax
In standalone mode:
display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ slot slot-number ] [ inbound | outbound ]
In IRF mode:
display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ chassis chassis-number slot slot-number ] [ inbound | outbound ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
name policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.
vlan vlan-id: Specifies a VLAN by its ID.
inbound: Displays QoS policies applied to incoming traffic.
outbound: Displays QoS policies applied to outgoing traffic.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays QoS policies applied to VLANs on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays QoS policies applied to VLANs on the global active MPU. (In IRF mode.)
Usage guidelines
If you do not specify a direction, this command displays QoS policies applied to VLANs in both the inbound and outbound directions.
Examples
# Display QoS policies applied to VLAN 2.
<Sysname> display qos vlan-policy vlan 2
Vlan 2
Direction: Outbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) : If-match acl 2000
Behavior: 1
Marking:
Remark dscp 3
Committed Access Rate:
CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)
Green packets: 0(Packets)
Red packets: 0(Packets)
Classifier: 2
Operator: AND
Rule(s) : If-match protocol ip
Behavior: 2
Accounting enable:
0 (Packets)
Filter enable: Permit
Marking:
Remark dot1p 1
Classifier: 3
Operator: AND
Rule(s) : -none-
Behavior: 3
-none-
# Displays QoS policy 1 applied to VLANs.
<Sysname> display qos vlan-policy name 1
Policy 1
Vlan 2: outbound
Table 17 Command output
Field |
Description |
Direction |
Direction in which the QoS policy is applied for the VLAN. |
Green packets |
Statistics about green packets. |
Red packets |
Statistics about red packets. |
Vlan 2: outbound |
The QoS policy is applied to the outgoing traffic of VLAN 2. |
For the description of other fields, see Table 11 and Table 13.
qos apply policy
Use qos apply policy to apply a QoS policy.
Use undo qos apply policy to remove the QoS policy.
Syntax
qos apply policy policy-name { inbound | outbound }
undo qos apply policy policy-name { inbound | outbound }
Default
No QoS policy is applied to an interface.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.
inbound: Applies the QoS policy to the incoming traffic of an interface.
outbound: Applies the QoS policy to the outgoing traffic of an interface.
Usage guidelines
The switch does not support applying a QoS policy to the outbound direction of a Layer 3 Ethernet subinterface.
Table 18 shows the switch support for actions in the inbound and outbound directions.
Table 18 Support of EA, EB, and EC cards for actions
Action |
Inbound |
Outbound |
Traffic accounting |
Supported |
Not supported |
Traffic policing |
Supported |
Not supported |
Traffic filtering |
Supported |
Supported |
Traffic mirroring |
Supported |
Supported |
Redirecting traffic to an interface |
Supported |
Not supported |
Redirecting traffic to the CPU |
Supported |
Supported |
DSCP marking |
Supported |
Not supported |
Local precedence marking |
Supported |
Not supported |
Examples
# Apply QoS policy USER1 to the incoming traffic of FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos apply policy USER1 outbound
qos apply policy global
Use qos apply policy global to apply a QoS policy globally.
Use undo qos apply policy global to remove the QoS policy.
Syntax
qos apply policy policy-name global { inbound | outbound }
undo qos apply policy policy-name global { inbound | outbound }
Default
No QoS policy is applied globally.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters.
inbound: Applies the QoS policy to the incoming packets on all interfaces.
outbound: Applies the QoS policy to the outgoing packets on all interfaces.
Usage guidelines
A global QoS policy takes effect on all incoming or outgoing traffic depending on the direction in which the QoS policy is applied.
Examples
# Apply the QoS policy user1 to the incoming traffic globally.
<Sysname> system-view
[Sysname] qos apply policy user1 global inbound
qos policy
Use qos policy to create a QoS policy and enter QoS policy view.
Use undo qos policy to delete a QoS policy.
Syntax
qos policy policy-name
undo qos policy policy-name
Default
No QoS policy is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
To use the undo qos policy command to delete a QoS policy that has been applied to a certain object, you must first remove it from the object.
Examples
# Define QoS policy user1.
<Sysname> system-view
[Sysname] qos policy user1
[Sysname-qospolicy-user1]
Related commands
· classifier behavior
· qos apply policy
· qos apply policy global
· qos vlan-policy
qos vlan-policy
Use qos vlan-policy to apply a QoS policy to the specified VLANs.
Use undo qos vlan-policy to remove the QoS policy from the specified VLANs.
Syntax
qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound }
undo qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound }
Default
No QoS policy is applied to a VLAN.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.
vlan-id-list: Specifies a list of up to eight VLAN IDs. A VLAN ID ranges from 1 to 4094. You can enter individual discontinuous VLAN IDs and VLAN ID ranges in the form of start-vlan-id to end-vlan-id where the start VLAN ID must be smaller than the end VLAN ID. Each item in the VLAN list is separated by a space. You can specify up to eight VLAN IDs.
inbound: Applies the QoS policy to the incoming packets in the specified VLANs.
outbound: Applies the QoS policy to the outgoing packets in the specified VLANs.
Examples
# Apply the QoS policy test to the incoming traffic of VLAN 200, VLAN 300, VLAN 400, and VLAN 500.
<Sysname> system-view
[Sysname] qos vlan-policy test vlan 200 300 400 500 inbound
reset qos policy global
Use reset qos policy global to clear the statistics of a global QoS policy.
Syntax
reset qos policy global [ inbound | outbound ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
inbound: Clears the statistics of the global QoS policy applied to incoming traffic globally.
outbound: Clears the statistics of the global QoS policy applied to outgoing traffic globally.
Usage guidelines
If you do not specify a direction, this command clears the statistics of the global QoS policies in both directions.
Examples
# Clear the statistics of the global QoS policy applied to the incoming traffic globally.
<Sysname> reset qos policy global inbound
reset qos vlan-policy
Use reset qos vlan-policy to clear the statistics of the QoS policy applied in a certain direction of a VLAN.
Syntax
reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan vlan-id: Specifies a VLAN ID, which ranges from 1 to 4094.
inbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN.
outbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN.
Usage guidelines
If you do not specify a direction, this command clears the statistics of the QoS policies in both directions of the VLAN.
Examples
# Clear the statistics of QoS policies applied to VLAN 2.
<Sysname> reset qos vlan-policy vlan 2
Priority mapping commands
Priority map commands
display qos map-table
Use display qos map-table to display the configuration of a priority map.
Syntax
display qos map-table [ dot1p-dp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
The switch provides the following types of priority map.
Priority mapping |
Description |
dot1p-dp |
802.1p-drop priority map. |
dot1p-lp |
802.1p-local priority map. |
dscp-dot1p |
DSCP-802.1p priority map. |
dscp-dp |
DSCP-drop priority map. |
dscp-dscp |
DSCP-DSCP priority map (applicable to only IP packets that are forwarded at Layer 3 by the local switch). |
Usage guidelines
If you do not specify a priority map, this command displays the configuration of all priority maps.
Examples
# Display the configuration of the 802.1p-local priority map.
<Sysname> display qos map-table dot1p-lp
MAP-TABLE NAME: dot1p-lp TYPE: pre-define
IMPORT : EXPORT
0 : 2
1 : 0
2 : 1
3 : 3
4 : 4
5 : 5
6 : 6
7 : 7
Table 20 Command output
Field |
Description |
MAP-TABLE NAME |
Name of the priority map. |
TYPE |
Type of the priority map. |
IMPORT |
Input values of the priority map. |
EXPORT |
Output values of the priority map. |
import
Use import to configure mappings for a priority map.
Use undo import to restore the specified or all mappings to the default for a priority map.
Syntax
import import-value-list export export-value
undo import { import-value-list | all }
Default
The default priority maps are used. For more information, see ACL and QoS Configuration Guide.
Views
Priority map view
Predefined user roles
network-admin
mdc-admin
Parameters
import-value-list: Specifies a list of input values.
export-value: Specifies the output value.
all: Restores all mappings in the priority map to the default.
Examples
# Configure the 802.1p-drop priority map to map 802.1p priority values 4 and 5 to drop priority 1.
<Sysname> system-view
[Sysname] qos map-table dot1p-dp
[Sysname-maptbl-dot1p-dp] import 4 5 export 1
Related commands
display qos map-table
qos map-table
Use qos map-table to enter the specified priority map view.
Syntax
qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp }
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
For the description of the keywords, see Table 19.
Examples
# Enter the 802.1p-drop priority map view.
<Sysname> system-view
[Sysname] qos map-table dot1p-dp
[Sysname-maptbl-dot1p-dp]
Related commands
· display qos map-table
· import
Port priority commands
qos priority
Use qos priority to change the port priority of an interface.
Use undo qos priority to restore the default.
Syntax
qos priority priority-value
undo qos priority
Default
The port priority is 0.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
priority-value: Specifies the port priority value. The port priority ranges from 0 to 7.
Examples
# Set the port priority of interface FortyGigE 1/0/1 to 2.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos priority 2
Related commands
display qos trust interface
Priority trust mode commands
display qos trust interface
Use display qos trust interface to display priority trust mode and port priority information on an interface.
Syntax
display qos trust interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays priority trust mode and port priority information of all interfaces.
Examples
# Display the priority trust mode and port priority information of FortyGigE 1/0/1.
<Sysname> display qos trust interface fortygige 1/0/1
Interface: FortyGigE1/0/1
Port priority information
Port priority: 0
Port priority trust type: none
Table 21 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Port priority |
Port priority set for the interface. |
Port priority trust type |
Priority trust mode on the interface: dot1p or dscp. |
qos trust
Use qos trust to configure the priority trust mode for an interface.
Use undo qos trust to restore the default priority trust mode.
Syntax
qos trust { dot1p | dscp }
undo qos trust
Default
The switch trusts the 802.1p priority carried in packets.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
dot1p: Uses the 802.1p priority in incoming packets for priority mapping.
dscp: Uses the DSCP value in incoming packets for priority mapping.
Examples
# Set the trusted packet priority type to 802.1p priority on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos trust dot1p
Related commands
GTS and rate limit commands
GTS commands
display qos gts interface
Use display qos gts interface to view generic traffic shaping (GTS) configuration and statistics on a specified interface or all the interfaces.
Syntax
display qos gts interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the GTS configuration and statistics on all the interfaces.
Examples
# Display the GTS configuration and statistics on all the interfaces.
<Sysname> display qos gts interface
Interface : FortyGigE1/0/1
Rule(s): If-match queue 1
CIR 128 (kbps), CBS 8192 (Bytes)
Rule(s): If-match queue 2
CIR 256 (kbps), CBS 16384 (Bytes)
Table 22 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Rule |
Match criteria. |
CIR |
CIR in kbps. |
CBS |
CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. |
qos gts
Use qos gts to set GTS parameters for the packets in a specific queue.
Use undo qos gts to remove GTS parameters for traffic of a specific queue on the interface.
Syntax
qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ]
undo qos gts queue queue-number
Default
No GTS parameters are set on an interface.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue queue-number: Shapes the packets in the specified queue. The value range for the queue-number argument is 0 to 7.
cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument varies by interface speed as follows:
· 8 to 10000000 for 10-GE interfaces.
· 8 to 40000000 for 40-GE interfaces.
· 8 to 100000000 for 100-GE interfaces.
The values must be integral multiples of 8.
cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 16000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product.
Examples
# Shape the packets in queue 1 on FortyGigE 1/0/1. The GTS parameters are as follows: CIR is 6400 kbps and CBS is 51200 bytes.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos gts queue 1 cir 6400 cbs 51200
Rate limit commands
display qos lr interface
Use display qos lr interface to view the rate limit configuration and statistics on a specified interface or all the interfaces.
Syntax
display qos lr interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the rate limit configuration and statistics on all the interfaces.
Examples
# Display the rate limit configuration and statistics on all the interfaces.
<Sysname> display qos lr interface
Interface : FortyGigE1/0/1
Direction: Outbound
CIR 12800 (kbps), CBS 800256 (Bytes)
Interface : FortyGigE1/0/2
Direction: Outbound
CIR 25600 (kbps), CBS 1600000 (Bytes)
Table 23 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Direction |
Direction to which the rate limit configuration is applied. The switch supports only Outbound. |
CIR |
CIR in kbps. |
CBS |
CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. |
qos lr
Use qos lr to limit the rate of packets on the interface.
Use undo qos lr to remove the rate limit.
Syntax
qos lr outbound cir committed-information-rate [ cbs committed-burst-size ]
undo qos lr outbound
Default
Rate limit is not configured on an interface.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
outbound: Limits the rate of outgoing packets on the interface.
cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument varies by interface speed as follows:
· 8 to 10000000 for 10-GE interfaces.
· 8 to 40000000 for 40-GE interfaces.
· 8 to 100000000 for 100-GE interfaces.
The values must be integral multiples of 8.
cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 128000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product.
Examples
# Limit the rate of outgoing packets on FortyGigE 1/0/1, with CIR 25600 kbps and CBS 512000 bytes.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos lr outbound cir 25600 cbs 512000
Congestion management commands
SP commands
display qos queue sp interface
Use display qos queue sp interface to view the SP queuing configuration of an interface.
Syntax
display qos queue sp interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the SP queuing configuration of all the interfaces.
Examples
# Display the SP queuing configuration of FortyGigE 1/0/1.
<Sysname> display qos queue sp interface fortygige 1/0/1
Interface: FortyGigE1/0/1
Output queue: Strict Priority queuing
Table 24 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Output queue |
Type of the current output queue. |
qos sp
Use qos sp to configure SP queuing on an interface.
Use undo qos sp to restore the default.
Syntax
qos sp
undo qos sp
Default
An interface uses the SP queuing algorithm.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable SP queuing on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos sp
Related commands
display qos queue sp interface
WRR commands
display qos queue wrr interface
Use display qos queue wrr interface to display the WRR queuing configuration on an interface.
Syntax
display qos queue wrr interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WRR queuing configuration of all the interfaces.
Examples
# Display the WRR queuing configuration of FortyGigE 1/0/1.
<Sysname> display qos queue wrr interface fortygige 1/0/1
Interface: FortyGigE1/0/1
Output queue: Weighted Round Robin queuing
Queue ID Group Weight
-----------------------------------------
be sp NA
af1 1 2
af2 1 3
af3 1 4
af4 1 5
ef 1 9
cs6 1 13
cs7 1 15
Table 25 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Output queue |
Type of the current output queue. |
Queue ID |
ID of a queue. |
Group |
Group to which a queue belongs. |
Weight |
Packet-based queue scheduling weight of a queue. N/A is displayed for a queue that uses the SP queue scheduling algorithm. |
qos wrr
Use qos wrr to enable WRR queuing and specify the weight type for an interface.
Use undo qos wrr to disable WRR queuing and restore the default queue scheduling algorithm for an interface.
Syntax
qos wrr { byte-count | weight }
undo qos wrr { byte-count | weight }
Default
An interface uses the SP queuing algorithm.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
byte-count: Allocates bandwidth to queues in terms of bytes.
weight: Allocates bandwidth to queues in terms of packets.
Usage guidelines
You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface.
Examples
# Enable weight-based WRR queuing on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wrr weight
# Enable byte-count WRR queuing on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wrr byte-count
Related commands
display qos queue wrr interface
qos wrr { byte-count | weight }
Use qos wrr { byte-count | weight } to configure the WRR queuing parameters for a queue on an interface.
Use undo qos wrr to restore the default WRR queuing parameters of a queue on an interface.
Syntax
qos wrr queue-id group 1 { byte-count | weight } schedule-value
undo qos wrr queue-id
Default
An interface uses the byte-count WRR queuing algorithm, and queues 0 through 7 are in WRR group 1, with their weights of 1, 2, 3, 4, 5, 6, 7, and 8, respectively.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
group 1: Specifies the WRR group. Only one WRR group is supported.
byte-count: Allocates bandwidth to queues in terms of bytes.
weight: Allocates bandwidth to queues in terms of packets.
schedule-value: Specifies a scheduling weight for the specified queue in WRR queuing, in the range of 1 to 127.
Usage guidelines
You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface.
The queue-id argument can be either a number or a keyword. Table 26 shows the number-keyword map.
Table 26 The number-keyword map for the queue-id argument
Number |
Keyword |
0 |
be |
1 |
af1 |
2 |
af2 |
3 |
af3 |
4 |
af4 |
5 |
ef |
6 |
cs6 |
7 |
cs7 |
Examples
# Enable byte-count WRR queuing on FortyGigE 1/0/1, and assign queues 0 and 1 to the WRR group, with the scheduling weights 10 and 5, respectively.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wrr byte-count
[Sysname-FortyGigE1/0/1] qos wrr 0 group 1 byte-count 10
[Sysname-FortyGigE1/0/1] qos wrr 1 group 1 byte-count 5
Related commands
· display qos queue wrr interface
· qos wrr
qos wrr group sp
Use qos wrr group sp to assign a queue to the SP group.
Use undo qos wrr group sp to restore the default.
Syntax
qos wrr queue-id group sp
undo qos wrr queue-id
Default
An interface uses the byte-count WRR queuing algorithm, and all the queues are in WRR group 1.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm.
Usage guidelines
This command is available only on a WRR-enabled interface. Queues in the SP group are scheduled with SP. The SP group has higher scheduling priority than the WRR group. Queues in the WRR group are scheduled according to user-configured weights.
You must use the qos wrr command to enable WRR queuing before you can configure this command on an interface.
Examples
# Enable packet-based WRR queuing on FortyGigE 1/0/1, and assign queue 0 to the SP group.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wrr weight
[Sysname-FortyGigE1/0/1] qos wrr 0 group sp
Related commands
· display qos queue wrr interface
· qos wrr
WFQ commands
display qos queue wfq interface
Use display qos queue wfq interface to display the WFQ configuration on an interface.
Syntax
display qos queue wfq interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WFQ configuration of all the interfaces.
Examples
# Display the WFQ configuration of FortyGigE 1/0/1.
<Sysname> display qos queue wfq interface fortygige 1/0/1
Interface: FortyGigE1/0/1
Output queue: Hardware Weighted Fair Queuing
Queue ID Group Byte-count Min-Bandwidth
----------------------------------------------------------------
be 1 1 64
af1 1 1 64
af2 1 1 64
af3 1 1 64
af4 1 1 64
ef 1 1 64
cs6 1 1 64
cs7 1 1 64
Table 27 Command output
Field |
Description |
Interface |
Interface type and interface number. |
Output queue |
Type of the current output queue. |
Queue ID |
ID of a queue. |
Group |
Group to which a queue belongs. |
Byte-count |
Byte-count scheduling weight of the queue. |
Min-Bandwidth |
Minimum guaranteed bandwidth. |
qos bandwidth queue
Use qos bandwidth queue to set the minimum guaranteed bandwidth for a specified queue on an interface.
Use undo qos bandwidth queue to restore the default.
Syntax
qos bandwidth queue queue-id min bandwidth-value
undo qos bandwidth queue queue-id
Default
The minimum guaranteed bandwidth is 64 kbps.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
min bandwidth-value: Sets the minimum guaranteed bandwidth in kbps for a queue when the interface is congested. The value range for the bandwidth-value argument varies by interface speed as follows:
· 8 to 10000000 for 10-GE interfaces.
· 8 to 40000000 for 40-GE interfaces.
· 8 to 100000000 for 100-GE interfaces.
Usage guidelines
You must use the qos wfq command to enable WFQ before you can configure this command on an interface.
Examples
# Set the minimum guaranteed bandwidth to 100 kbps for queue 0 on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wfq weight
[Sysname-FortyGigE1/0/1] qos bandwidth queue 0 min 100
Related commands
qos wfq
qos wfq
Use qos wfq to enable WFQ and specify the WFQ weight type on an interface.
Use undo qos wfq to disable WFQ and restore the default queuing algorithm on an interface.
Syntax
qos wfq { byte-count | weight }
undo qos wfq { byte-count | weight }
Default
An interface uses the SP queuing algorithm.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
byte-count: Allocates bandwidth to queues in terms of bytes.
weight: Allocates bandwidth to queues in terms of packets.
Usage guidelines
You must use the qos wfq command to enable WFQ before you can configure WFQ queuing parameters for a queue on an interface.
Examples
# Enable weight-based WFQ on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wfq weight
# Enable byte-count WFQ on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wfq byte-count
Related commands
display qos queue wfq interface
qos wfq { byte-count | weight }
Use qos wfq { byte-count | weight } to assign a queue to a WFQ group with a certain scheduling weight.
Use undo qos wfq to restore the default.
Syntax
qos wfq queue-id group 1 { byte-count | weight } schedule-value
undo qos wfq queue-id
Default
When WFQ queuing is used on an interface, all the queues are in the WFQ group and have a weight of 1.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
group 1: Specifies the WFQ group. Only one WFQ group is supported.
byte-count: Allocates bandwidth to queues in terms of bytes.
weight: Allocates bandwidth to queues in terms of packets.
schedule-value: Specifies a scheduling weight for the specified queue in WFQ queuing, in the range of 1 to 127.
Usage guidelines
You must use the qos wfq command to enable WFQ first before you configure this command.
Examples
# Enable byte-count WFQ on interface FortyGigE 1/0/1, assign queue 0, with the scheduling weight 10, to WFQ group 1, and assign queue 1, with the scheduling weight 5, to WFQ group 2.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wfq byte-count
[Sysname-FortyGigE1/0/1] qos wfq 0 group 1 byte-count 10
[Sysname-FortyGigE1/0/1] qos wfq 1 group 1 byte-count 5
Related commands
· display qos queue wfq interface
· qos bandwidth queue
· qos wfq
qos wfq group sp
Use qos wfq group sp to assign a queue to the SP group.
Use undo qos wfq group sp to restore the default.
Syntax
qos wfq queue-id group sp
undo qos wfq queue-id
Default
When WFQ queuing is used on an interface, all the queues are in the WFQ group.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm.
Usage guidelines
With this SP+WFQ queuing method, the system schedules traffic in the following order:
1. Schedules the traffic conforming to the minimum guaranteed bandwidth of each queue in a WFQ group.
2. Schedules the queues in the SP group based on their priorities.
3. Schedules the queues in the WFQ group according to the configured weights.
You must use the qos wfq command to enable WFQ first before you configure this command.
Examples
# Enable weight-based WFQ on interface FortyGigE 1/0/1, and assign queue 0 to the SP group.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos wfq weight
[Sysname-FortyGigE1/0/1] qos wfq 0 group sp
Related commands
· display qos queue wfq interface
· qos bandwidth queue
· qos wfq
Queue scheduling profile commands
bandwidth
Use bandwidth to set the minimum guaranteed bandwidth for a WFQ queue in a queue scheduling profile.
Use undo bandwidth to restore the default.
Syntax
bandwidth queue queue-id min bandwidth-value
undo bandwidth queue queue-id
Default
The minimum guaranteed bandwidth is 64 kbps for a WFQ queue in a queue scheduling profile.
Views
Queue scheduling profile view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.
min bandwidth-value: Specifies the minimum guaranteed bandwidth in the range of 8 to 100000000 kbps. The parameter specifies the bandwidth guaranteed for a queue when the port is congested.
Usage guidelines
To configure the minimum guaranteed bandwidth for a queue in a queue scheduling profile, you must first configure the queue as a WFQ queue.
Examples
# In queue scheduling profile myprofile, configure queue 0 as follows:
· Configure queue 0 as a WFQ queue with a packet-based weight of 1.
· Set the minimum guaranteed bandwidth to 100 kbps for queue 0.
<Sysname> system-view
[Sysname] qos qmprofile myprofile
[Sysname-qmprofile-myprofile] queue 0 wfq group 1 weight 1
[Sysname-qmprofile-myprofile] bandwidth queue 0 min 100
Related commands
· display qos qmprofile interface
· qos qmprofile
· queue
display qos qmprofile configuration
Use display qos qmprofile configuration to display the configuration of queue scheduling profiles.
Syntax
In standalone mode:
display qos qmprofile configuration [ profile-name ] [ slot slot-number ]
In IRF mode:
display qos qmprofile configuration [ profile-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
profile-name: Specifies a queue scheduling profile by its name, a string of 1 to 31 case-sensitive characters. If you do not specify a queue scheduling profile, this command displays the configuration of all queue scheduling profiles.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the configuration of queue scheduling profiles on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the configuration of queue scheduling profiles on the global active MPU. (In IRF mode.)
Examples
# Display the configuration of queue scheduling profile myprofile.
<Sysname> display qos qmprofile configuration myprofile
Queue management profile: myprofile (ID 1)
Queue ID Type Group Schedule-unit Schedule-value Bandwidth
---------------------------------------------------------------------------
be WFQ N/A weight 1 64
af1 WFQ 1 weight 1 64
af2 WFQ N/A weight 1 1000
af3 WFQ N/A weight 1 64
af4 SP N/A N/A N/A N/A
ef WFQ N/A weight 1 64
cs6 WFQ 1 weight 56 64
cs7 SP N/A N/A N/A N/A
Table 28 Command output
Field |
Description |
Queue management profile |
Queue scheduling profile name. |
Queue ID |
ID of a queue. |
Type |
Queue scheduling type: · SP. · WRR. · WFQ. |
Group |
Priority group to which the queue belongs. · For an SP queue, this field is always N/A. · For a WFQ or WRR queue, this field is always 1. |
Schedule-unit |
Scheduling weight type. · For an SP queue, this field is always N/A. · For a WRR queue or WFQ queue, this field can be weight or byte-count. |
Schedule-value |
Scheduling weight of the queue. For an SP queue, this field is always N/A. |
Bandwidth |
Minimum guaranteed bandwidth of the queue. This parameter can be configured for only WFQ queues. |
display qos qmprofile interface
Use display qos qmprofile interface to display the queue scheduling profile applied to the specified interface.
Syntax
display qos qmprofile interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the queue scheduling profiles applied to all interfaces.
Examples
# Display the queue scheduling profile applied to FortyGigE 1/0/1.
<Sysname> display qos qmprofile interface fortygige 1/0/1
Interface: FortyGigE1/0/1
Queue management profile: myprofile
Table 29 Command output
Field |
Description |
Interface |
Interface name. |
Queue management profile |
Name of the queue scheduling profile applied to the interface. |
qos apply qmprofile
Use qos apply qmprofile to apply a queue scheduling profile to an interface.
Use undo qos apply qmprofile to restore the default.
Syntax
qos apply qmprofile profile-name
undo qos apply qmprofile
Default
No queue scheduling profile is applied to an interface.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
profile-name: Specifies a queue scheduling profile by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
You can apply only one queue scheduling profile to an interface.
Examples
# Apply queue scheduling profile myprofile to FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] qos apply qmprofile myprofile
Related commands
display qos qmprofile interface
qos qmprofile
Use qos qmprofile to create a queue scheduling profile and enter queue scheduling profile view.
Use undo qos qmprofile to delete a queue scheduling profile.
Syntax
qos qmprofile profile-name
undo qos qmprofile profile-name
Default
No queue scheduling profile exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
profile-name: Specifies the queue scheduling profile name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
To delete a queue scheduling profile already applied to an interface, remove it from the interface first and then delete it.
Examples
# Create queue scheduling profile myprofile and enter queue scheduling profile view.
<Sysname> system-view
[Sysname] qos qmprofile myprofile
[Sysname-qmprofile-myprofile]
Related commands
· display qos qmprofile interface
· queue
queue
Use queue to configure queue scheduling parameters.
Use undo queue to restore the default.
Syntax
queue queue-id { sp | wfq group 1 { byte-count | weight } schedule-value | wrr group 1 { byte-count | weight } schedule-value }
undo queue queue-id
Default
In a queue scheduling profile, SP queuing is used for all queues.
Views
Queue scheduling profile view
Predefined user roles
network-admin
mdc-admin
Parameters
queue-id: Specifies a queue by its ID in the range of 0 to 7.
sp: Enables SP for the queue.
wfq: Enables WFQ for the queue.
group 1: Specifies the group to which the queue belongs.
byte-count: Allocates bandwidth to queues in terms of bytes.
weight: Allocates bandwidth to queues in terms of packets.
schedule-value: Specifies the scheduling weight in the range of 1 to 127.
wrr: Enables WRR for the queue.
Usage guidelines
The queue-id argument can be either a number or a keyword. Table 26 shows the number-keyword map.
Examples
# Create queue scheduling profile myprofile and configure queue 0 to use SP.
<Sysname> system-view
[Sysname] qos qmprofile myprofile
[Sysname-qmprofile-myprofile] queue 0 sp
# Create queue scheduling profile myprofile and configure it as follows:
· Configure queue 1 to use WRR.
· Set the scheduling weight to 10 for queue 1.
· Assign queue 1 to WRR priority group 1.
<Sysname> system-view
[Sysname] qos qmprofile myprofile
[Sysname-qmprofile-myprofile] queue 1 wrr group 1 weight 10
Related commands
· display qos qmprofile interface
· qos qmprofile
Aggregate CAR commands
car name
Use car name to reference an aggregate CAR action in a traffic behavior.
Use undo car to remove an aggregate CAR action from a traffic behavior.
Syntax
car name car-name
undo car
Default
No aggregate CAR action is configured in a traffic behavior.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.
Examples
# Reference the aggregate CAR action aggcar-1 in the traffic behavior be1.
<Sysname> system-view
[Sysname] traffic behavior be1
[Sysname-behavior-be1] car name aggcar-1
· display qos car name
· display traffic behavior user-defined
display qos car name
Use display qos car name to display the configuration and statistics for aggregate CAR actions.
Syntax
display qos car name [ car-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
car-name: Specifies an aggregate CAR action by its name. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If you do not specify a CAR action, this command displays the configuration and statistics for all aggregate CAR actions.
Examples
# (In standalone mode.) Display the configuration and statistics for all aggregate CAR actions.
<Sysname> display qos car name
Name: a
Mode: aggregative
CIR 12800 (kbps), CBS 800256 (Bytes), EBS 512 (Bytes), PIR 25600 (kbps)
Slot 0:
Green packets: 54641 (Packets)
Red packets: 856 (Packets)
Slot 1:
Green packets: 12541 (Packets)
Red packets: 1235 (Packets)
# (In IRF mode.) Display the configuration and statistics for all aggregate CAR actions.
<Sysname> display qos car name
Name: a
Mode: aggregative
CIR 12800 (kbps), CBS 800256 (Bytes), EBS 512 (Bytes), PIR 25600 (kbps)
Chassis 1 Slot 0:
Green packets: 54641 (Packets)
Red packets: 856 (Packets)
Chassis 2 Slot 1:
Green packets: 12541 (Packets)
Red packets: 1235 (Packets)
Table 30 Command output
Field |
Description |
Name |
Name of the aggregate CAR action. |
Mode |
Type of the aggregate CAR action: aggregative. |
CIR CBS EBS PIR |
Parameters for the CAR action. |
Green packet |
Statistics about green packets. |
Red packet |
Statistics about red packets. |
qos car
Use qos car to configure an aggregate CAR action.
Use undo qos car to delete an aggregate CAR action.
Syntax
qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
undo qos car car-name
Default
No aggregate CAR action is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
car-name: Specifies the name of the aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.
aggregative: Specifies the aggregate CAR action.
cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument is an integral multiple of 8 between 8 and 160000000.
cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 256000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product. A default value greater than 256000000 is converted to 256000000.
ebs excess-burst-size: Specifies the EBS in bytes. The value range for the excess-burst-size argument is an integral multiple of 512 between 0 and 256000000, and the default value is 512.
pir peak-information-rate: Specifies the PIR in kbps. The value range for the peak-information-rate argument is an integral multiple of 8 between 8 and 160000000. If the PIR is configured, two rates are used for traffic policing. Otherwise, one rate is used.
Usage guidelines
An aggregate CAR action takes effect only after it is applied to an interface or referenced in a QoS policy.
Examples
# Configure the aggregate CAR action aggcar-1, where CIR is 25600, CBS is 512000, and red packets are dropped.
<Sysname> system-view
[Sysname] qos car aggcar-1 aggregative cir 25600 cbs 512000 red discard
display qos car name
reset qos car name
Use reset qos car name to clear statistics for aggregate CAR actions.
Syntax
reset qos car name [ car-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
car-name: Specifies an aggregate CAR action by its name. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If you do not specify an aggregate CAR action, this command clears statistics for all aggregate CAR actions.
Examples
# Clear statistics for the aggregate CAR action aggcar-1.
Queue-based accounting commands
display qos queue-statistics
Use display qos queue-statistics to display queue-based traffic statistics for interfaces.
Syntax
display qos queue-statistics interface [ interface-type interface-number ] outbound
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays queue-based traffic statistics for all interfaces.
outbound: Displays outbound traffic statistics.
Usage guidelines
To display traffic statistics on a per-queue basis, first set the packet statistics collection mode to queue by using the statistic mode queue command.
Examples
# Display queue-based outbound traffic statistics for FortyGigE 1/0/1.
<Sysname> display qos queue-statistics interface FortyGigE 1/0/1 outbound
Interface: FortyGigE1/0/1
Direction: outbound
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Queue 0
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 1
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 2
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 3
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 4
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 5
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 6
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Queue 7
Forwarded: 0 packets, 0 bytes
Dropped: 0 packets, 0 bytes
Total queue length: 0 packets
Current queue length: 0 packets, 0% use ratio
Table 31 Command output
Field |
Description |
Forwarded |
Counts forwarded traffic both in packets and in bytes. Counting forwarded traffic in packets is not supported in the current software version. |
Dropped |
Counts dropped traffic both in packets and in bytes. |
Total queue length |
Maximum number of packets allowed in the queue. |
Current queue length |
Current number of packets in the queue. |
use ratio |
Ratio of the current number of packets in the queue to the maximum number of packets allowed in the queue. |
Related commands
· reset qos queue-statistics
· statistic mode queue
display statistic mode
Use display statistic mode to display the packet statistics collection mode.
Syntax
display statistic mode
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the packet statistics collection mode.
<Sysname> display statistic mode
The packet statistic mode is queue.
· statistic mode queue
· statistic mode vsi (VXLAN Command Reference)
reset qos queue-statistics
Use reset qos queue-statistics to clear queue-based traffic statistics for interfaces.
Syntax
reset qos queue-statistics interface [ interface-type interface-number ] outbound
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears the queue-based traffic statistics for all interfaces.
outbound: Clears outbound traffic statistics.
Examples
# Clear queue-based outbound traffic statistics for FortyGigE 1/0/1.
<Sysname> reset qos queue-statistics interface FortyGigE 1/0/1 outbound
· display qos queue-statistics
· statistic mode queue
statistic mode queue
Use statistic mode queue to set the packet statistics collection mode to queue.
Use undo statistic mode queue to restore the default.
Syntax
statistic mode queue
undo statistic mode
Default
The packet statistics collection mode is VSI.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To display traffic statistics on a per-queue basis, first set the packet statistics collection mode to queue by using the statistic mode queue command.
Examples
# Set the packet statistics collection mode to queue.
<Sysname> system-view
[Sysname] statistic mode queue
Do you want to change the packet statistic mode? [Y/N]:y
Related commands
· display qos queue-statistics
· display statistic mode
· statistic mode vsi (VXLAN Command Reference)
Time range commands
display time-range
Use display time-range to display time range configuration and status.
Syntax
display time-range { time-range-name | all }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter.
all: Displays the configuration and status of all existing time ranges.
Examples
# Display the configuration and status of time range t4.
<Sysname> display time-range t4
Current time is 17:12:34 11/23/2010 Tuesday
Time-range : t4 (Inactive)
10:00 to 12:00 Mon
14:00 to 16:00 Wed
from 00:00 1/1/2011 to 00:00 1/1/2012
from 00:00 6/1/2011 to 00:00 7/1/2011
Table 32 Command output
Field |
Description |
Current time |
Current system time. |
Time-range |
Configuration and status of the time range, including its name, status (active or inactive), and start time and end time. |
time-range
Use time-range to create or edit a time range.
Use undo time-range to delete a time range or a statement in the time range.
Syntax
time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }
undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ]
Default
No time range exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
time-range-name: Specifies a time range name. The name is a case-insensitive string of 1 to 32 characters. It must start with an English letter and to avoid confusion, it cannot be all.
start-time to end-time: Specifies a periodic statement. Both start-time and end-time are in hh:mm format (24-hour clock). The value range is 00:00 to 23:59 for the start time, and 00:00 to 24:00 for the end time. The end time must be greater than the start time.
days: Specifies the day or days of the week (in words or digits) on which the periodic statement is valid. If you specify multiple values, separate each value with a space, and make sure they do not overlap. These values can take one of the following forms:
· A digit in the range of 0 to 6, respectively for Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday.
· A day of a week in abbreviated words: sun, mon, tue, wed, thu, fri, and sat.
· working-day for Monday through Friday.
· off-day for Saturday and Sunday.
· daily for the whole week.
from time1 date1: Specifies the start time and date of an absolute statement. The time1 argument specifies the time of the day in hh:mm format (24-hour clock). Its value range is 00:00 to 23:59. The date1 argument specifies a date in MM/DD/YYYY or YYYY/MM/DD format, where MM is the month of the year in the range of 1 to 12, DD is the day of the month with the range depending on MM, and YYYY is the year in the calendar in the range of 1970 to 2100. If the start time is not specified, the start time is 01/01/1970 00:00 AM, the earliest time available in the system.
to time2 date2: Specifies the end time and date of the absolute time statement. The time2 argument has the same format as the time1 argument, but its value range is 00:00 to 24:00. The date2 argument has the same format and value range as the date1 argument. The end time must be greater than the start time. If not specified, the end time is 12/31/2100 24:00 PM, the maximum time available in the system.
Usage guidelines
If you provide an existing time range name for the time-range command, the command adds a statement to the time range.
You can create multiple statements in a time range. Each time statement can take one of the following forms:
· Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week.
· Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur.
· Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period. For example, to create a time range that is active from 08:00 to 12:00 on Monday between January 1, 2011 00:00 and December 31, 2011 23:59, use the time-range test 08:00 to 12:00 mon from 00:00 01/01/2011 to 23:59 12/31/2011 command.
You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements. The active period of a time range is calculated as follows:
1. Combining all periodic statements
2. Combining all absolute statements
3. Taking the intersection of the two statement sets as the active period of the time range
Examples
# Create a periodic time range t1, setting it to be active between 8:00 to 18:00 during working days.
<Sysname> system-view
[Sysname] time-range t1 08:00 to 18:00 working-day
# Create an absolute time range t2, setting it to be active in the whole year of 2011.
<Sysname> system-view
[Sysname] time-range t2 from 00:00 1/1/2011 to 24:00 12/31/2011
# Create a compound time range t3, setting it to be active from 08:00 to 12:00 on Saturdays and Sundays of the year 2011.
<Sysname> system-view
[Sysname] time-range t3 08:00 to 12:00 off-day from 00:00 1/1/2011 to 24:00 12/31/2011
# Create a compound time range t4, setting it to be active from 10:00 to 12:00 on Mondays and from 14:00 to 16:00 on Wednesdays in the period of January through June of the year 2011.
<Sysname> system-view
[Sysname] time-range t4 10:00 to 12:00 1 from 00:00 1/1/2011 to 24:00 1/31/2011
[Sysname] time-range t4 14:00 to 16:00 3 from 00:00 6/1/2011 to 24:00 6/30/2011
Related commands
display time-range
Data buffer commands
burst-mode enable
Use burst-mode enable to enable the Burst feature.
Use undo burst-mode enable to disable the Burst feature.
Syntax
burst-mode enable
undo burst-mode enable
Default
The Burst feature is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The Burst feature is especially useful for reducing packet losses under the following circumstances:
· Broadcast or multicast traffic is intensive, resulting in bursts of traffic.
· Traffic enters a device from a high-speed interface and goes out of a low-speed interface.
· Traffic enters a device from multiple same-rate interfaces and goes out of an interface with the same rate.
Examples
# Enable the Burst feature.
<Sysname> system-view
[Sysname] burst-mode enable
buffer usage threshold
Use buffer usage threshold to set a per-interface buffer usage threshold.
Use undo buffer usage threshold to restore the default.
Syntax
In standalone mode:
buffer usage threshold slot slot-number ratio ratio
undo buffer usage threshold slot slot-number
In IRF mode:
buffer usage threshold chassis chassis-number slot slot-number ratio ratio
undo buffer usage threshold chassis chassis-number slot slot-number
Default
The per-interface buffer usage threshold is 100%.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
ratio ratio: Specifies the buffer usage threshold in percentage, in the range of 1 to 100.
Usage guidelines
This command is available in Release 1138P01 and later versions.
This command takes effect only when the packet statistics collection mode is queue (configured by using the statistic mode queue command). For more information about packet statistics collection modes, see the statistic mode queue command.
After you configure this command, the switch automatically records buffer usage for each interface. When a queue on an interface uses more buffer space than the set threshold, the system counts one threshold violation for the queue.
To display the buffer usage statistics for interfaces, use the display buffer usage interface command.
Examples
# Set the per-interface buffer usage threshold to 50% for card 2. (In standalone mode.)
<Sysname> system-view
[Sysname] buffer usage threshold slot 2 ratio 50
# Set the per-interface buffer usage threshold to 50% for card 2 on IRF member device 2. (In IRF mode.)
<Sysname> system-view
[Sysname] buffer usage threshold chassis 2 slot 2 ratio 50
display buffer usage interface
display buffer usage interface
Use display buffer usage interface to display buffer usage statistics for interfaces.
Syntax
display buffer usage interface [ interface-type [ interface-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type [ interface-number ]: Specifies an interface by its type and number. If you do not specify the interface-type argument, this command displays buffer usage statistics for all Ethernet interfaces. If you specify the interface-type argument without the interface-number argument, this command displays buffer usage statistics for all Ethernet interfaces of the specified type.
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Display buffer usage statistics for Ten-GigabitEthernet 2/0/1.
<Sysname> display buffer usage interface ten-gigabitethernet 2/0/1
Interface QueueID Total Used Threshold(%) Violations
--------------------------------------------------------------------------------
XGE2/0/1 0 9418032 0 30 0
1 9418032 0 30 0
2 9418032 0 30 0
3 9418032 0 30 0
4 9418032 0 30 0
5 9418032 0 30 0
6 9418032 0 30 0
7 9418032 0 30 0
Table 33 Command output
Field |
Description |
Total |
Data buffer size in bytes allowed for a queue. |
Used |
Data buffer size in bytes that has been used by a queue. |
Threshold(%) |
Buffer usage threshold for a queue. The threshold value is the same as the per-interface threshold value. |
Violations |
Number of threshold violations for a queue. The value of this field is reset upon a switch reboot. |
accounting,31
acl,1
acl copy,2
acl name,3
bandwidth,68
buffer usage threshold,86
burst-mode enable,86
car,32
car name,75
classifier behavior,38
description,3
display acl,4
display buffer usage interface,87
display packet-filter,5
display packet-filter statistics,6
display packet-filter statistics sum,8
display packet-filter verbose,9
display qos car name,75
display qos gts interface,55
display qos lr interface,56
display qos map-table,50
display qos policy,39
display qos policy global,40
display qos policy interface,42
display qos qmprofile configuration,69
display qos qmprofile interface,71
display qos queue sp interface,59
display qos queue wfq interface,64
display qos queue wrr interface,60
display qos queue-statistics,79
display qos trust interface,53
display qos vlan-policy,43
display qos-acl resource,10
display statistic mode,80
display time-range,83
display traffic behavior,33
display traffic classifier,27
filter,34
if-match,28
import,51
packet-filter,12
packet-filter default deny,13
packet-filter global,13
qos apply policy,45
qos apply policy global,46
qos apply qmprofile,71
qos bandwidth queue,65
qos car,76
qos gts,55
qos lr,57
qos map-table,51
qos policy,46
qos priority,52
qos qmprofile,72
qos sp,59
qos trust,53
qos vlan-policy,47
qos wfq,66
qos wfq { byte-count | weight },66
qos wfq group sp,67
qos wrr,61
qos wrr { byte-count | weight },62
qos wrr group sp,63
queue,73
redirect,35
remark dscp,36
remark local-precedence,37
reset acl counter,14
reset packet-filter statistics,15
reset qos car name,77
reset qos policy global,48
reset qos queue-statistics,81
reset qos vlan-policy,48
rule (Ethernet frame header ACL view),16
rule (IPv4 advanced ACL view),17
rule (IPv4 basic ACL view),22
rule (user-defined ACL view),23
rule comment,25
statistic mode queue,81
step,25
time-range,83
traffic behavior,38
traffic classifier,31