name acl-name: Assigns a name to the ACL for easy identification. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.

match-order: Sets the order in which ACL rules are matched against packets.

· auto: Matches ACL rules in depth-first order. The depth-first order differs with ACL categories. For more information, see ACL and QoS Configuration Guide.

· config: Matches ACL rules in ascending order of rule ID. It is the default match order. The rule with a smaller ID has a higher priority.

all: Specifies all ACLs (IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs).

Usage guidelines

You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name.

You can change the match order only for ACLs that do not contain any rules.

Examples

# Create IPv4 basic ACL 2000, and enter its view.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000]

# Create IPv4 basic ACL 2001 with the name flow, and enter its view.

<Sysname> system-view

[Sysname] acl number 2001 name flow

[Sysname-acl-basic-2001-flow]

Related commands

display acl

acl copy

Use acl copy to create an ACL by copying an ACL that already exists.

Syntax

acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

source-acl-number: Specifies an existing source ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

name source-acl-name: Specifies an existing source ACL by its name. The source-acl-name argument is a case-insensitive string of 1 to 63 characters. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

dest-acl-number: Assigns a unique number to the ACL you are creating. This number must be from the same ACL category as the source ACL. If no ACL number is specified, the system automatically picks the smallest number from all available numbers in the same ACL category as the source ACL. Available value ranges include:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

name dest-acl-name: Assigns a unique name to the ACL you are creating. The dest-acl-name is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. If no ACL name is specified, the system does not name the ACL. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

Usage guidelines

The new ACL has the same properties and content as the source ACL, but not the same ACL number and name.

You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name.

Examples

# Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001.

<Sysname> system-view

[Sysname] acl copy 2001 to 2002

acl name

Use acl name to enter the view of an ACL that has a name.

Syntax

acl name acl-name

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-name: Specifies the name of an ACL, a case-insensitive string of 1 to 63 characters. It must start with an English letter. The ACL must already exist. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

Examples

# Enter the view of IPv4 basic ACL flow, which already exists.

<Sysname> system-view

[Sysname] acl name flow

[Sysname-acl-basic-2001-flow]

Related commands

acl

description

Use description to configure a description for an ACL.

Use undo description to delete an ACL description.

Syntax

description text

undo description

Default

An ACL has no description.

Views

IPv4 basic/advanced ACL view

Ethernet frame header ACL view

User-defined ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Configures a description for the ACL, a case-sensitive string of 1 to 127 characters.

Examples

# Configure a description for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] description This is an IPv4 basic ACL.

Related commands

display acl

Use display acl to display configuration and match statistics for ACLs.

Syntax

display acl { acl-number | all | name acl-name }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

acl-number: Specifies an ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

all: Displays information about all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

Usage guidelines

This command displays ACL rules in config or auto order, whichever is configured.

Examples

# Display configuration and match statistics for IPv4 basic ACL 2001.

<Sysname> display acl 2001

Basic ACL 2001, named flow, 1 rule, match-order is auto,

This is an IPv4 basic ACL.

ACL's step is 5

rule 5 permit source 1.1.1.1 0 (5 times matched)

rule 5 comment This rule is used on FortyGigE 1/0/1.

Table 1 Command output

Field	Description
Basic ACL 2001	Category and number of the ACL. The following field information is about IPv4 basic ACL 2000.
named flow	The name of the ACL is flow. If the ACL is not named, this field displays -none-.
1 rule	The ACL contains one rule.
match-order is auto	The match order for the ACL is auto, which sorts ACL rules in depth-first order. This field is not present when the match order is config.
This is an IPv4 basic ACL.	Description of this ACL.
ACL's step is 5	The rule numbering step is 5.
rule 5 permit source 1.1.1.1 0	Content of rule 5.
5 times matched	There have been five matches for the rule. The statistic counts only ACL matches performed in software. This field is not displayed when no packets matched the rule.
rule 5 comment This rule is used on FortyGigE 1/0/1.	Comment of ACL rule 5.

display packet-filter

Use display packet-filter to display application information of ACLs for packet filtering.

Syntax

In standalone mode:

display packet-filter { global [ inbound | outbound ] [ slot slot-number ] | interface [ interface-type interface-number ] [ inbound | outbound ] | interface vlan-interface vlan-interface-number [ inbound | outbound ] [ slot slot-number ] }

In IRF mode:

display packet-filter { global [ inbound | outbound ] [ chassis chassis-number slot slot-number ] | interface [ interface-type interface-number ] [ inbound | outbound ] | { global | interface vlan-interface vlan-interface-number | vlan [ vlan-id ] } [ inbound | outbound ] [ chassis chassis-number slot slot-number ] }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.

interface [ interface-type interface-number ]: Specifies an interface by its type and number. VLAN interfaces are not supported. If no interface is specified, the command displays ACL application information on all interfaces except VLAN interfaces for packet filtering.

interface vlan-interface vlan-interface-number: Specifies a VLAN interface by its number.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

slot slot-number: Specifies a card by its slot number. If no card is specified, the command displays ACL application information on the active MPU for packet filtering. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application information for packet filtering on the global active MPU of the IRF fabric. (In IRF mode.)

Usage guidelines

If you specify neither the inbound keyword nor the outbound keyword, the command displays the ACL application information for packet filtering in both directions.

Examples

# Display ACL application information for inbound packet filtering on interfaces FortyGigE 1/0/1.

<Sysname> display packet-filter interface fortygige 1/0/1 inbound

Interface: FortyGigE1/0/1

In-bound policy:

ACL 2001 , Hardware-count

Table 2 Command output

Field	Description
Interface	Interface to which the ACL applies.
In-bound policy	ACL used for filtering incoming traffic.
ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
Hardware-count	Successfully enables counting ACL rule matches.

display packet-filter statistics

Use display packet-filter statistics to display match statistics of ACLs for packet filtering.

Syntax

display packet-filter statistics { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

global: Displays the statistics for all physical interfaces. This keyword is available in Release 1138P01 and later versions.

interface interface-type interface-number: Displays the statistics of an interface specified by its type and number.

inbound: Displays the statistics in the inbound direction.

outbound: Displays the statistics in the outbound direction.

acl-number: Specifies the number of an ACL:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

brief: Displays brief statistics.

Usage guidelines

When neither acl-number nor name acl-name is specified, this command displays match statistics of all ACLs for packet filtering.

Examples

# Display match statistics of all ACLs for inbound packet filtering on FortyGigE 1/0/1.

<Sysname> display packet-filter statistics interface fortygige 1/0/1 inbound

Interface: FortyGigE1/0/1

In-bound policy:

ACL 2001, Hardware-count

From 2013-06-09 13:31:00 to 2013-06-09 13:31:42

rule 0 permit source 2.2.2.2 0

rule 5 permit source 1.1.1.1 0

Totally 0 packets permitted, 0 packets denied

Totally 0% permitted, 0% denied

Table 3 Command output

Field	Description
Interface	Interface to which the ACL applies.
In-bound policy	ACL used for filtering incoming traffic.
ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
Hardware-count	Successfully enables counting ACL rule matches.
From 2013-06-09 13:31:00 to 2013-06-09 13:31:42	Start time and end time of the statistics.
Totally 0 packets permitted, 0 packets denied	Number of packets permitted and denied by the ACL.
Totally 0% permitted, 0% denied	Ratios of permitted and denied packets to all packets.

Related commands

reset packet-filter statistics

display packet-filter statistics sum

Use display packet-filter statistics sum to display accumulated packet filtering ACL statistics.

Syntax

display packet-filter statistics sum { inbound | outbound } { acl-number | name acl-name } [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

inbound: Displays the statistics in the inbound direction.

outbound: Displays the statistics in the outbound direction.

acl-number: Specifies the number of an ACL:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

brief: Displays brief accumulated packet filtering ACL statistics.

Examples

# Display accumulated packet filtering ACL statistics of IPv4 basic ACL 2001 for incoming packets.

<Sysname> display packet-filter statistics sum inbound 2001

Sum:

In-bound policy:

ACL 2001

rule 0 permit source 2.2.2.2 0 (2 packets)

rule 5 permit source 1.1.1.1 0

Totally 0 packets permitted, 0 packets denied

Totally 0% permitted, 0% denied

Table 4 Command output

Field	Description
Sum	Accumulated packet filtering ACL statistics.
In-bound policy	Accumulated ACL statistics used for filtering incoming traffic.
ACL 2001	Accumulated ACL statistics used for IPv4 basic ACL 2001.
2 packets	Two packets matched the rule. This field is not displayed when no packets matched the rule.
Totally 0 packets permitted, 0 packets denied	Number of packets permitted and denied by the ACL.
Totally 0% permitted, 0% denied	Ratios of permitted and denied packets to all packets.

Related commands

reset packet-filter statistics

display packet-filter verbose

Use display packet-filter verbose to display application details of ACLs for packet filtering.

Syntax

In standalone mode:

display packet-filter verbose { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ slot slot-number ]

In IRF mode:

display packet-filter verbose { global | interface interface-type interface-number } { inbound | outbound } [ acl-number | name acl-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.

interface interface-type interface-number: Specifies an interface by its type and number.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

acl-number: Specifies the number of an ACL:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

slot slot-number: Specifies a card by its slot number. If no card is specified, the command displays ACL application details on the active MPU for packet filtering. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays ACL application details for packet filtering on the global active MPU of the IRF fabric. (In IRF mode.)

Usage guidelines

When neither acl-number nor name acl-name is specified, this command displays application details of all ACLs for packet filtering.

Examples

# Display application details of all ACLs for inbound packet filtering on FortyGigE 1/0/1.

<Sysname> display packet-filter verbose interface fortygige 1/0/1 inbound

Interface: FortyGigE1/0/1

In-bound policy:

ACL 2001, Hardware-count

rule 0 permit source 2.2.2.2 0

rule 5 permit source 1.1.1.1 0

Table 5 Command output

Field	Description
Interface	Interface to which the ACL applies.
In-bound policy	ACL used for filtering incoming traffic.
ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
Hardware-count	Successfully enables counting ACL rule matches.

display qos-acl resource

Use display qos-acl resource to display QoS and ACL resource usage.

Syntax

In standalone mode:

display qos-acl resource [ slot slot-number ]

In IRF mode:

display qos-acl resource [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If no slot is specified, the command displays ACL QoS and ACL resource usage on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card. If no card is specified, the command displays QoS and ACL resource usage on all cards of the IRF fabric. (In IRF mode.)

Usage guidelines

The command does not display any usage data if the specified card or IRF member device does not support counting QoS and ACL resource.

Examples

# Display QoS and ACL resource usage.

<Sysname> display qos-acl resource

Interfaces: FGE1/0/1 to FGE1/0/6

---------------------------------------------------------------------

Type Total Reserved Configured Remaining Usage

---------------------------------------------------------------------

IFP ACL 23040 4608 0 18432 20%

IFP Meter 30720 48 0 30672 0%

IFP Counter 8191 49 0 8142 0%

EFP ACL 9216 0 0 9216 0%

Interfaces: FGE1/0/7 to FGE1/0/12

---------------------------------------------------------------------

Type Total Reserved Configured Remaining Usage

---------------------------------------------------------------------

IFP ACL 23040 4608 0 18432 20%

IFP Meter 30720 48 0 30672 0%

IFP Counter 8191 49 0 8142 0%

EFP ACL 9216 0 0 9216 0%

Table 6 Command output

Field	Description
Interfaces	Interface range for the resource.
Type	Resource type: · IFP ACL—ACL rules applied to inbound traffic. · IFP Meter—Traffic policing rules for inbound traffic. · IFP Counter—Traffic counting rules for inbound traffic. · EFP ACL—ACL rules applied to outbound traffic.
Total	Total number of resource.
Reserved	Number of reserved resource.
Configured	Number of resource that has been applied.
Remaining	Number of resource that you can apply.
Usage	Percent of the configured and reserved resources to the total resources. If the percent is a non-integer, this field displays the integer part. For example, if the actual usage is 50.8%, this field displays 50%.

packet-filter

Use packet-filter to apply an ACL to an interface to filter packets.

Use undo packet-filter to remove an ACL application from an interface.

Syntax

packet-filter { acl-number | name acl-name } { inbound | outbound } [ extension ] [ hardware-count ]

undo packet-filter { acl-number | name acl-name } { inbound | outbound }

Default

An interface does not filter packets.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

VLAN interface view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

extension: Uses TCAM resources for packet filtering. This keyword is available in Release 1138P01 and later versions.

hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.

Usage guidelines

To use the extension keyword, make sure you have set the TCAM operating mode to ACL. For more information about the TCAM operating modes, see Fundamentals Configuration Guide.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic on FortyGigE 1/0/1, and enable counting ACL rule matches performed in hardware.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] packet-filter 2001 inbound hardware-count

Related commands

· display packet-filter

· display packet-filter statistics

· display packet-filter verbose

packet-filter default deny

Use packet-filter default deny to set the packet filtering default action to deny. The packet filter denies packets that do not match any ACL rule.

Use undo packet-filter default deny to restore the default.

Syntax

packet-filter default deny

undo packet-filter default deny

Default

The packet filter permits packets that do not match any ACL rule.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The packet filter applies the default action to all ACL applications for packet filtering. The default action appears in the display command output for packet filtering.

Examples

# Set the packet filter default action to deny.

<Sysname> system-view

[Sysname] packet-filter default deny

Related commands

· display packet-filter

· display packet-filter statistics

· display packet-filter verbose

packet-filter global

Use packet-filter global to apply an ACL to filter packets globally.

Use undo packet-filter global to remove an ACL application for global packet filtering.

Syntax

packet-filter { acl-number | name acl-name } global { inbound | outbound } [ hardware-count ]

undo packet-filter { acl-number | name acl-name } global { inbound | outbound }

Default

No ACL is applied to filter packets globally.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic on all physical interfaces, and enable counting ACL rule matches performed in hardware.

<Sysname> system-view

[Sysname] packet-filter 2001 global inbound hardware-count

Related commands

· display packet-filter

· display packet-filter statistics

· display packet-filter verbose

reset acl counter

Use reset acl counter to clear statistics for ACLs.

Syntax

reset acl counter { acl-number | all | name acl-name }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

all: Clears statistics for all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.

name acl-name: Clears statistics of an ACL specified by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, this option specifies the name of an IPv4 basic ACL or advanced ACL.

Examples

# Clear statistics for IPv4 basic ACL 2001.

<Sysname> reset acl counter 2001

Related commands

display acl

reset packet-filter statistics

Use reset packet-filter statistics to clear the match statistics (including the accumulated statistics) of ACLs for packet filtering.

Syntax

reset packet-filter statistics { global | interface [ interface-type interface-number ] } { inbound | outbound } [ acl-number | name acl-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

global: Specifies all physical interfaces. This keyword is available in Release 1138P01 and later versions.

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, the command clears packet filtering ACL statistics on all interfaces.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

acl-number: Specifies an ACL by its number:

· 2000 to 2999 for IPv4 basic ACLs.

· 3000 to 3999 for IPv4 advanced ACLs.

· 4000 to 4999 for Ethernet frame header ACLs.

· 5000 to 5999 for user-defined ACLs.

Usage guidelines

When neither acl-number nor name acl-name is specified, this command clears the match statistics of all ACLs for packet filtering.

Examples

# Clear IPv4 basic ACL 2001 statistics for inbound packet filtering of FortyGigE 1/0/1.

<Sysname> reset packet-filter statistics interface fortygige 1/0/1 inbound 2001

Related commands

· display packet-filter statistics

· display packet-filter statistics sum

rule (Ethernet frame header ACL view)

Use rule to create or edit an Ethernet frame header ACL rule.

Use undo rule to delete an Ethernet frame header ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } [ cos vlan-pri | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] *

undo rule rule-id [ counting | time-range ] *

Default

An Ethernet frame header ACL does not contain any rule.

Views

Ethernet frame header ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is specified when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.

deny: Denies matching packets.

permit: Allows matching packets to pass.

cos vlan-pri: Matches an 802.1p priority. The vlan-pri argument can be a number in the range of 0 to 7, or in words, best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5), voice (6), or network-management (7).

counting: Counts the number of times the Ethernet frame header ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.

dest-mac dest-address dest-mask: Matches a destination MAC address range. The dest-address and dest-mask arguments represent a destination MAC address and mask in the H-H-H format.

lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask.

type protocol-type protocol-type-mask: Matches one or more protocols in the Ethernet frame header. The protocol-type argument is a 16-bit hexadecimal number that represents a protocol type in Ethernet_II and Ethernet_SNAP frames. The protocol-type-mask argument is a 16-bit hexadecimal number that represents a protocol type mask.

source-mac source-address source-mask: Matches a source MAC address range. The source-address argument represents a source MAC address, and the sour-mask argument represents a mask in the H-H-H format.

time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.

Usage guidelines

When you configure an Ethernet frame header ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:

· With the lsap keyword specified, the lsap-type argument must be AAAA and the lsap-type-mask argument must be FFFF. Otherwise, the ACL cannot be applied successfully.

· If the ACL is used in the outbound direction, you cannot specify the lsap, type, and counting keywords.

Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.

You can edit ACL rules only when the match order is config. If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.

To view rules in existing ACLs, use the display acl all command.

Examples

# Create a rule in Ethernet frame header ACL 4000 to deny packets with source MAC address prefix 000f-e2.

<Sysname> system-view

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule deny source-mac 000f-e200-0000 ffff-ff00-0000

Related commands

· acl

· display acl

· step

· time-range

rule (IPv4 advanced ACL view)

Use rule to create or edit an IPv4 advanced ACL rule.

Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | { dscp dscp | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | qos-local-id local-id-value | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | { dscp | { precedence | tos } * } | fragment | icmp-type | qos-local-id | source | source-port | time-range | vpn-instance ] *

Default

An IPv4 advanced ACL does not contain any rule.

Views

IPv4 advanced ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.

deny: Denies matching packets.

permit: Allows matching packets to pass.

protocol: Specifies one of the following values:

· A protocol number in the range of 0 to 255.

· A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17). The ip keyword specifies all protocols.

Table 7 describes the parameters that you can specify regardless of the value for the protocol argument.

Table 7 Match criteria and other rule information for IPv4 advanced ACL rules

Parameters	Function	Description
source { source-address source-wildcard \| any }	Specifies a source address.	The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. The any keyword specifies any source IP address.
destination { dest-address dest-wildcard \| any }	Specifies a destination address.	The dest-address dest-wildcard arguments represent a destination IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. The any keyword represents any destination IP address.
counting	Counts the number of times the IPv4 advanced ACL rule has been matched.	The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.
precedence precedence	Specifies an IP precedence value.	The precedence argument can be a number in the range of 0 to 7, or in words: routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), or network (7).
tos tos	Specifies a ToS preference.	The tos argument can be a number in the range of 0 to 15, or in words: max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0).
dscp dscp	Specifies a DSCP priority.	The dscp argument can be a number in the range of 0 to 63, or in words: af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46).
fragment	Applies the rule to fragments.	Without this keyword, the rule applies to all fragments and non-fragments.
time-range time-range-name	Specifies a time range for the rule.	The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
qos-local-id local-id-value	Specifies a QoS local ID.	The value range for the local-id-value argument is 1 to 4095. By default, no QoS local ID is specified. For more information about the QoS local ID, see the routing policy in Layer 3—IP Routing Configuration Guide. This option is available in Release 1138P01 and later versions.
vpn-instance vpn-instance-name	Applies the rule to an MPLS L3VPN instance.	The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the rule applies to both VPN packets and non-VPN packets.

If the protocol argument is tcp (6) or udp (7), set the parameters shown in Table 8.

Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters	Function	Description
source-port operator port1 [ port2 ]	Specifies one or more UDP or TCP source ports.	The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. port2 is needed only when the operator argument is range. TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177). If the domain keyword is used to specify a TCP destination port, it is saved as dns in the configuration file.
destination-port operator port1 [ port2 ]	Specifies one or more UDP or TCP destination ports.
{ ack ack-value \| fin fin-value \| psh psh-value \| rst rst-value \| syn syn-value \| urg urg-value } *	Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG.	Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ANDed. For example, a rule configured with ack 0 psh 1 matches packets that have the ACK flag bit not set and the PSH flag bit set.
established	Specifies the flags for indicating the established status of a TCP connection.	Parameter specific to TCP. The rule matches TCP connection packets with the ACK or RST flag bit set.

If the protocol argument is icmp (1), set the parameters shown in Table 9.

Table 9 ICMP-specific parameters for IPv4 advanced ACL rules

Parameters	Function	Description
icmp-type { icmp-type icmp-code \| icmp-message }	Specifies the ICMP message type and code.	The icmp-type argument is in the range of 0 to 255. The icmp-code argument is in the range of 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 10.

Parameters

Function

Description

icmp-type { icmp-type icmp-code | icmp-message }

Specifies the ICMP message type and code.

The icmp-type argument is in the range of 0 to 255.

The icmp-code argument is in the range of 0 to 255.

The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 10.

Table 10 ICMP message names supported in IPv4 advanced ACL rules

ICMP message name	ICMP message type	ICMP message code
echo	8	0
echo-reply	0	0
fragmentneed-DFset	3	4
host-redirect	5	1
host-tos-redirect	5	3
host-unreachable	3	1
information-reply	16	0
information-request	15	0
net-redirect	5	0
net-tos-redirect	5	2
net-unreachable	3	0
parameter-problem	12	0
port-unreachable	3	3
protocol-unreachable	3	2
reassembly-timeout	11	1
source-quench	4	0
source-route-failed	3	5
timestamp-reply	14	0
timestamp-request	13	0
ttl-exceeded	11	0

Usage guidelines

You can edit ACL rules only when the match order is config.

If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.

To view rules in existing ACLs, use the display acl all command.

When you configure an IPv4 advanced ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:

· Do not specify the vpn-instance vpn-instance-name option.

· Do not specify neq for the operator argument.

· Do not specify gt, lt, or range for the operator argument, nor specify the counting keyword if the ACL is for outbound application.

· The ACL takes effect only on packets forwarded at Layer 3 if it is for outbound application.

Examples

# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from 129.9.0.0/16 to 202.38.160.0/24.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80

# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for 192.168.1.0/24.

<Sysname> system-view

[Sysname] acl number 3001

[Sysname-acl-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255

[Sysname-acl-adv-3001] rule permit ip

# Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets.

<Sysname> system-view

[Sysname] acl number 3002

[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp

[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp-data

[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp

[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp-data

# Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.

<Sysname> system-view

[Sysname] acl number 3003

[Sysname-acl-adv-3003] rule permit udp source-port eq snmp

[Sysname-acl-adv-3003] rule permit udp source-port eq snmptrap

[Sysname-acl-adv-3003] rule permit udp destination-port eq snmp

[Sysname-acl-adv-3003] rule permit udp destination-port eq snmptrap

Related commands

· acl

· display acl

· step

· time-range

rule (IPv4 basic ACL view)

Use rule to create or edit an IPv4 basic ACL rule.

Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } [ counting | fragment | source { source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule rule-id [ counting | fragment | source | time-range | vpn-instance ] *

Default

An IPv4 basic ACL does not contain any rule.

Views

IPv4 basic ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

deny: Denies matching packets.

permit: Allows matching packets to pass.

counting: Counts the number of times the IPv4 basic ACL rule has been matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.

fragment: Applies the rule to fragments. A rule without this keyword applies to both fragments and non-fragments.

source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard mask of zeros specifies a host address. The any keyword represents any source IP address.

vpn-instance vpn-instance-name: Applies the rule to an MPLS L3VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify this option, the rule applies to both VPN packets and non-VPN packets.

Usage guidelines

You can edit ACL rules only when the match order is config.

If no optional keywords are provided for the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.

To view rules in existing ACLs, use the display acl all command.

When you configure an IPv4 basic ACL for QoS traffic classification or packet filtering, follow these restrictions and guidelines:

· Do not specify the vpn-instance vpn-instance-name option.

· Do not specify the counting keyword if the ACL is for outbound application.

· The ACL takes effect only on packets forwarded at Layer 3 if it is for outbound application.

Examples

# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8, 172.17.0.0/16, or 192.168.1.0/24.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 10.0.0.0 0.255.255.255

[Sysname-acl-basic-2000] rule permit source 172.17.0.0 0.0.255.255

[Sysname-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255

[Sysname-acl-basic-2000] rule deny source any

Related commands

· acl

· display acl

· step

· time-range

rule (user-defined ACL view)

Use rule to create or edit a user-defined ACL rule.

Use undo rule to delete a user-defined ACL rule.

Syntax

rule [ rule-id ] { deny | permit } [ { l2 rule-string rule-mask offset }&<1-8> ] [ counting | time-range time-range-name ] *

undo rule rule-id

Default

A user-defined ACL does not contain any rule.

Views

User-defined ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.

deny: Denies matching packets.

permit: Allows matching packets to pass.

l2: Specifies that the offset is relative to the beginning of the Layer 2 frame header.

rule-string: Defines a match pattern in hexadecimal format. Its length must be a multiple of two.

rule-mask: Defines a match pattern mask in hexadecimal format. Its length must be the same as that of the match pattern. A match pattern mask is used for ANDing the selected string of a packet.

offset: Specifies an offset in bytes after which the match operation begins.

&<1-8>: Specifies that up to eight match patterns can be defined in the ACL rule.

counting: Counts the times the rule is matched. The counting keyword enables match counting specific to rules, and the hardware-count keyword in the packet-filter command enables match counting for all rules in an ACL. If the counting keyword is not specified, matches for the rule are not counted.

Usage guidelines

Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created or changed.

To view rules in existing ACLs, use the display acl all command.

A user-defined ACL cannot be used for outbound QoS traffic classification or outbound packet filtering.

Examples

# Create a rule for user-defined ACL 5005 to permit packets in which the 13th and 14th bytes starting from the Layer 2 header are 0x0806 (the ARP packets).

<Sysname> system-view

[Sysname] acl number 5005

[Sysname-acl-user-5005] rule permit l2 0806 ffff 12

Related commands

· acl

· display acl

· time-range

rule comment

Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand.

Use undo rule comment to delete an ACL rule comment.

Syntax

rule rule-id comment text

undo rule rule-id comment

Default

An ACL has not rule comment.

Views

IPv4 basic/advanced ACL view

Ethernet frame header ACL view

User-defined ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

rule-id: Specifies an ACL rule ID in the range of 0 to 65534. The ACL rule must already exist.

text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters.

Examples

# Create a rule for IPv4 basic ACL 2000, and add a comment about the rule.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0

[Sysname-acl-basic-2000] rule 0 comment This rule is used for telnet.

Related commands

display acl

step

Use step to set a rule numbering step for an ACL.

Use undo step to restore the default.

Syntax

step step-value

undo step

Default

The rule numbering step is five.

Views

IPv4 basic/advanced ACL view, Ethernet frame header ACL view

Predefined user roles

network-admin

mdc-admin

Parameters

step-value: ACL rule numbering step in the range of 1 to 20.

Usage guidelines

The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert between two rules. Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2, 4, 6, and 8.

Examples

# Set the rule numbering step to 2 for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] step 2

Related commands

display acl

QoS policy commands

Traffic class commands

display traffic classifier

Use display traffic classifier to display traffic classes.

Syntax

In standalone mode:

display traffic classifier user-defined [ classifier-name ] [ slot slot-number ]

In IRF mode:

display traffic classifier user-defined [ classifier-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

user-defined: Displays user-defined traffic classes.

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the traffic classes on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic classes on all cards of all member devices. (In IRF mode.)

Examples

# Display all user-defined traffic classes.

<Sysname> display traffic classifier user-defined

User-defined classifier information:

Classifier: 1 (ID 100)

Operator: AND

Rule(s) :

If-match acl 2000

Classifier: 2 (ID 101)

Operator: AND

Rule(s) :

If-match protocol ip

Classifier: 3 (ID 102)

Operator: AND

Rule(s) :

-none-

Table 11 Command output

Field	Description
Classifier	Traffic class name and its match criteria.
Operator	Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria.
Rule(s)	Match criteria.

if-match

Use if-match to define a match criterion.

Use undo if-match to delete a match criterion.

Syntax

if-match match-criteria

undo if-match match-criteria

Default

No match criterion is configured.

Views

Traffic class view

Predefined user roles

network-admin

mdc-admin

Parameters

match-criteria: Specifies a match criterion. Table 12 shows the available match criteria.

Table 12 Available match criteria

Option	Description
acl { acl-number \| name acl-name }	Matches an ACL. The acl-number argument has the following value ranges: · 2000 to 3999 for IPv4 ACLs. · 4000 to 4999 for Ethernet frame header ACLs. · 5000 to 5999 for user-defined ACLs. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all.
any	Matches all packets.
destination-mac mac-address	Matches a destination MAC address.
dscp dscp-value&<1-8>	Matches DSCP values. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 14.
ip-precedence ip-precedence-value&<1-8>	Matches IP precedence. The ip-precedence-value&<1-8> argument specifies a space-separated list of up to eight IP precedence values. The value range for the ip-precedence-value argument is 0 to 7.
protocol protocol-name	Matches a protocol. The protocol-name argument can only be ip.
service-dot1p dot1p-value&<1-8>	Matches 802.1p priority values in outer VLAN tags. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7.
service-vlan-id vlan-id-list	Matches VLAN IDs in outer VLAN tags. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be equal to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
source-mac mac-address	Matches a source MAC address.

Usage guidelines

To configure multiple values for a match criterion, perform the following tasks:

1. Set the logical operator to OR.

2. Configure multiple if-match commands for the match criterion.

For the service-vlan-id match criterion, you can configure multiple values in one if-match command when the logical operator is OR or AND.

To delete multiple values configured in one if-match command, make sure the values specified in the undo if-match command are the same as the configured values. The order of values can be different.

When you configure ACL-based match criteria for a traffic class, follow these restrictions and guidelines:

· If the ACL used as a match criterion does not exist, the QoS policy that uses the traffic class cannot be applied correctly.

· You can add two if-match statements that use the same ACL as the match criterion. In one statement, specify the ACL by its name. In the other statement, specify the ACL by its number.

· If the configured logical operator is AND for the traffic class, the actual logical operator for the rules in an ACL is OR.

Examples

# Define a match criterion for traffic class class1 to match the packets with their destination MAC addresses as 0050-ba27-bed3.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3

# Define a match criterion for traffic class class2 to match the packets with their source MAC addresses as 0050-ba27-bed2.

<Sysname> system-view

[Sysname] traffic classifier class2

[Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2

# Define a match criterion for traffic class class1 to match the packets with 802.1p priority 5 in outer VLAN tags.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match service-dot1p 5

# Define a match criterion for traffic class class1 to match the advanced ACL 3101.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl 3101

# Define a match criterion for traffic class class1 to match the ACL named flow.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl name flow

# Define a match criterion for traffic class class1 to match all packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match any

# Define a match criterion for traffic class class1 to match the packets with their DSCP values as 1, 6, or 9.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match dscp 1

[Sysname-classifier-class1] if-match dscp 6

[Sysname-classifier-class1] if-match dscp 9

# Define a match criterion for traffic class class1 to match the packets with their IP precedence values as 1 or 6.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match ip-precedence 1

[Sysname-classifier-class1] if-match ip-precedence 6

# Define a match criterion for traffic class class1 to match IP packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match protocol ip

# Define a match criterion for traffic class class1 to match the packets with VLAN ID 2, 7, or 10 in outer VLAN tags.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match service-vlan-id 2 7 10

traffic classifier

Use traffic classifier to create a traffic class and enter traffic class view.

Use undo traffic classifier to delete a traffic class.

Syntax

traffic classifier classifier-name [ operator { and | or } ]

undo traffic classifier classifier-name

Default

No traffic class exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

classifier-name: Specifies a traffic class name, a case-sensitive string of 1 to 31 characters.

operator: Sets the operator to logic AND (the default) or OR for the traffic class.

and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria.

or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria.

Examples

# Create a traffic class class1.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1]

Related commands

display traffic classifier

Traffic behavior commands

accounting

Use accounting to configure the traffic accounting action in a traffic behavior.

Use undo accounting to delete the traffic accounting action from a traffic behavior.

Syntax

accounting [ byte | packet ]

undo accounting

Default

No traffic accounting action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

byte: Counts traffic in bytes.

packet: Counts traffic in packets.

Examples

# Configure a traffic accounting action in traffic behavior database to count traffic in bytes.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] accounting byte

car

Use car to configure a CAR action in a traffic behavior.

Use undo car to delete a CAR action from a traffic behavior.

Syntax

car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

car cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]

undo car

Default

No CAR action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which specifies an average traffic rate. The value range for the committed-information-rate argument is an integral multiple of 8 between 8 and 160000000.

cbs committed-burst-size: Specifies the committed burst size (CBS) in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 256000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. When the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product. A default value greater than 256000000 is converted to 256000000.

ebs excess-burst-size: Specifies the excess burst size (EBS) in bytes. The value range for the excess-burst-size argument is an integral multiple of 512 between 0 and 256000000, and the default value is 512.

pir peak-information-rate: Specifies the peak information rate (PIR) in kbps. The value range for the peak-information-rate argument is an integral multiple of 8 between 8 and 160000000. If the PIR is configured, two rates are used for traffic policing. Otherwise, one rate is used.

Usage guidelines

A QoS policy that references the traffic behavior can be applied in either the inbound direction or outbound direction of an interface.

If you configure the car command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure a CAR action in traffic behavior database:

· Set the CIR to 256 kbps, CBS to 51200 bytes, and EBS to 0.

· Forward the conforming packets, and drop the excess packets.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] car cir 256 cbs 51200 ebs 0

display traffic behavior

Use display traffic behavior to display traffic behaviors.

Syntax

In standalone mode:

display traffic behavior user-defined [ behavior-name ] [ slot slot-number ]

In IRF mode:

display traffic behavior user-defined [ behavior-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

user-defined: Displays user-defined traffic behaviors.

behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic behavior, this command displays all traffic behaviors.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the traffic behaviors on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic behaviors on all cards of all member devices. (In IRF mode.)

Examples

# Display all user-defined traffic behaviors.

<Sysname> display traffic behavior user-defined

User-defined behavior information:

Behavior: 1 (ID 100)

Marking:

Remark dscp 3

Committed Access Rate:

CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)

Green action: pass

Yellow action: pass

Red action: discard

Behavior: 2 (ID 101)

Accounting enable: Packet

Filter enable: Permit

Marking:

Remark dot1p 1

Behavior: 3 (ID 102)

-none-

Table 13 Command output

Field	Description
Behavior	Name and contents of a traffic behavior.
Marking	Information about priority marking.
Remark dscp	Action of setting the DSCP value for packets.
Committed Access Rate	Information about the CAR action.
Green action	Action to take on green packets.
Yellow action	Action to take on yellow packets.
Red action	Action to take on red packets.
Accounting enable	Traffic accounting action.
Filter enable	Traffic filtering action.
none	No other traffic behavior is configured.

filter

Use filter to configure a traffic filtering action in a traffic behavior.

Use undo filter to delete a traffic filtering action from a traffic behavior.

Syntax

filter { deny | permit }

undo filter

Default

No traffic filtering action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

deny: Drops packets.

permit: Transmits the packets.

Examples

# Configure a traffic filtering action as deny in traffic behavior database.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] filter deny

redirect

Use redirect to configure a traffic redirecting action in the traffic behavior.

Use undo redirect to delete the traffic redirecting action.

Syntax

redirect { cpu | interface interface-type interface-number }

undo redirect { cpu | interface interface-type interface-number }

Default

No traffic redirecting action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

cpu: Redirects traffic to the CPU.

interface: Redirects traffic to an interface.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

Redirecting traffic to CPU and redirecting traffic to an interface are mutually exclusive with each other in the same traffic behavior. The last redirecting action configured takes effect.

Examples

# Configure redirecting traffic to FortyGigE 1/0/1 in traffic behavior database.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] redirect interface fortygige1/0/1

Related commands

· classifier behavior

· qos policy

· traffic behavior

remark dscp

Use remark dscp to configure a DSCP marking action.

Use undo remark dscp to restore the default.

Syntax

remark dscp dscp-value

undo remark dscp

Default

No DSCP marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: DSCP value, which can be a number from 0 to 63 or a keyword in Table 14.

Table 14 DSCP keywords and values

Keyword	DSCP value (binary)	DSCP value (decimal)
default	000000	0
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
ef	101110	46

Usage guidelines

A DSCP marking action takes effect only on incoming IP packets that are forwarded at Layer 3 by the local switch.

Examples

# Configure traffic behavior database to mark matching traffic with DSCP 6.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark dscp 6

remark local-precedence

Use remark local-precedence to configure a local precedence marking action.

Use undo remark local-precedence to delete the action.

Syntax

remark local-precedence local-precedence-value

undo remark local-precedence

Default

No local precedence marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

local-precedence-value: Sets the local precedence to be marked for packets, which ranges from 0 to 7.

Examples

# Configure traffic behavior database to mark matching traffic with local precedence 2.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark local-precedence 2

traffic behavior

Use traffic behavior to create a traffic behavior and enter traffic behavior view.

Use undo traffic behavior to delete a traffic behavior.

Syntax

traffic behavior behavior-name

undo traffic behavior behavior-name

Default

No traffic behavior exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

behavior-name: Sets a traffic behavior name, a case-sensitive string of 1 to 31 characters.

Examples

# Create a traffic behavior named behavior1.

<Sysname> system-view

[Sysname] traffic behavior behavior1

[Sysname-behavior-behavior1]

Related commands

display traffic behavior

QoS policy commands

classifier behavior

Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy.

Use undo classifier to remove a traffic class from the QoS policy.

Syntax

classifier classifier-name behavior behavior-name [ mode dcbx | insert-before before-classifier-name ] *

undo classifier classifier-name

Default

No traffic behavior is associated with a traffic class.

Views

QoS policy view

Predefined user roles

network-admin

mdc-admin

Parameters

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.

behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters.

mode dcbx: Specifies that the class-behavior association applies only to DCBX. For more information about DCBX, see Layer 2—LAN Switching Configuration Guide.

insert-before before-classifier-name: Inserts the new traffic class before an existing traffic class in the QoS policy. The before-classifier-name argument specifies an existing traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify the insert-before before-classifier-name option, the new traffic class is placed at the end of the QoS policy.

Usage guidelines

A traffic class can associate with only one traffic behavior in a QoS policy.

If the specified traffic class or traffic behavior does not exist, the system defines a null traffic class or traffic behavior.

The insert-before keyword cannot be specified for an existing traffic class.

Examples

# Associate traffic class database with traffic behavior test in QoS policy user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1] classifier database behavior test

Related commands

qos policy

display qos policy

Use display qos policy to display user-defined QoS policies.

Syntax

In standalone mode:

display qos policy user-defined [ policy-name [ classifier classifier-name ] ] [ slot slot-number ]

In IRF mode:

display qos policy user-defined [ policy-name [ classifier classifier-name ] ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

user-defined: Displays user-defined QoS policies.

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a QoS policy, this command displays all user-defined QoS policies.

classifier classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the QoS policies on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the QoS policies on all cards of all member devices. (In IRF mode.)

Examples

# Display all user-defined QoS policies.

<Sysname> display qos policy user-defined

User-defined QoS policy information:

Policy: 1 (ID 100)

Classifier: 1 (ID 0)

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)

Classifier: 2 (ID 101)

Behavior: 2

Accounting enable: Packet

Filter enable: Permit

Marking:

Remark dot1p 1

Classifier: 3 (ID 102)

Behavior: 3

-none-

display qos policy global

Use display qos policy global to display global QoS policies.

Syntax

In standalone mode:

display qos policy global [ slot slot-number ] [ inbound | outbound ]

In IRF mode:

display qos policy global [ chassis chassis-number slot slot-number ] [ inbound | outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

inbound: Displays the inbound global QoS policy. An inbound global QoS policy applies to the incoming traffic globally.

outbound: Displays the outbound global QoS policy. An outbound global QoS policy applies to the outgoing traffic globally.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the global QoS policies on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the global QoS policies on the global active MPU. (In IRF mode.)

Usage guidelines

If you do not specify a direction, this command displays both inbound and outbound global QoS policies.

Examples

# Display the inbound global QoS policy.

<Sysname> display qos policy global inbound

Direction: Inbound

Policy: 1

Classifier: 1

Operator: AND

Rule(s) : If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)

Green packets: 0(Packets)

Red packets: 0(Packets)

Classifier: 2

Operator: AND

Rule(s) : If-match protocol ip

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark dot1p 1

Table 15 Command output

Field	Description
Direction	Direction (inbound or outbound ) in which the QoS policy is applied.
Green packets	Statistics about green packets.
Red packets	Statistics about red packets.

For the description of other fields, see Table 11 and Table 13.

display qos policy interface

Use display qos policy interface to display QoS policies applied to interfaces.

Syntax

display qos policy interface [ interface-type interface-number ] [ inbound | outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number.

inbound: Displays QoS policies applied to incoming traffic.

outbound: Displays QoS policies applied to outgoing traffic.

Usage guidelines

If you do not specify a direction, this command displays the QoS policy applied to the incoming traffic and the QoS policy applied to the outgoing traffic.

Examples

# Display the QoS policy applied to the incoming traffic of FortyGigE 1/0/1.

<Sysname> display qos policy interface fortygige 1/0/1 inbound

Interface: FortyGigE1/0/1

Direction: Inbound

Policy: 1

Classifier: 1

Operator: AND

Rule(s) : If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)

Green packets: 0(Packets)

Red packets: 0(Packets)

Classifier: 2

Operator: AND

Rule(s) : If-match protocol ip

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark dot1p 1

Table 16 Command output

Field	Description
Direction	Direction in which the QoS policy is applied to the interface.
Green packets	Traffic statistics for green packets.
Red packets	Traffic statistics for red packets.

For the description of other fields, see Table 11 and Table 13.

display qos vlan-policy

Use display qos vlan-policy to display QoS policies applied to VLANs.

Syntax

In standalone mode:

display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ slot slot-number ] [ inbound | outbound ]

In IRF mode:

display qos vlan-policy { name policy-name | vlan [ vlan-id ] } [ chassis chassis-number slot slot-number ] [ inbound | outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.

vlan vlan-id: Specifies a VLAN by its ID.

inbound: Displays QoS policies applied to incoming traffic.

outbound: Displays QoS policies applied to outgoing traffic.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays QoS policies applied to VLANs on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays QoS policies applied to VLANs on the global active MPU. (In IRF mode.)

Usage guidelines

If you do not specify a direction, this command displays QoS policies applied to VLANs in both the inbound and outbound directions.

Examples

# Display QoS policies applied to VLAN 2.

<Sysname> display qos vlan-policy vlan 2

Vlan 2

Direction: Outbound

Policy: 1

Classifier: 1

Operator: AND

Rule(s) : If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes)

Green packets: 0(Packets)

Red packets: 0(Packets)

Classifier: 2

Operator: AND

Rule(s) : If-match protocol ip

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark dot1p 1

Classifier: 3

Operator: AND

Rule(s) : -none-

Behavior: 3

-none-

# Displays QoS policy 1 applied to VLANs.

<Sysname> display qos vlan-policy name 1

Policy 1

Vlan 2: outbound

Table 17 Command output

Field	Description
Direction	Direction in which the QoS policy is applied for the VLAN.
Green packets	Statistics about green packets.
Red packets	Statistics about red packets.
Vlan 2: outbound	The QoS policy is applied to the outgoing traffic of VLAN 2.

For the description of other fields, see Table 11 and Table 13.

qos apply policy

Use qos apply policy to apply a QoS policy.

Use undo qos apply policy to remove the QoS policy.

Syntax

qos apply policy policy-name { inbound | outbound }

undo qos apply policy policy-name { inbound | outbound }

Default

No QoS policy is applied to an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.

inbound: Applies the QoS policy to the incoming traffic of an interface.

outbound: Applies the QoS policy to the outgoing traffic of an interface.

Usage guidelines

The switch does not support applying a QoS policy to the outbound direction of a Layer 3 Ethernet subinterface.

Table 18 shows the switch support for actions in the inbound and outbound directions.

Table 18 Support of EA, EB, and EC cards for actions

Action	Inbound	Outbound
Traffic accounting	Supported	Not supported
Traffic policing	Supported	Not supported
Traffic filtering	Supported	Supported
Traffic mirroring	Supported	Supported
Redirecting traffic to an interface	Supported	Not supported
Redirecting traffic to the CPU	Supported	Supported
DSCP marking	Supported	Not supported
Local precedence marking	Supported	Not supported

Examples

# Apply QoS policy USER1 to the incoming traffic of FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos apply policy USER1 outbound

qos apply policy global

Use qos apply policy global to apply a QoS policy globally.

Use undo qos apply policy global to remove the QoS policy.

Syntax

qos apply policy policy-name global { inbound | outbound }

undo qos apply policy policy-name global { inbound | outbound }

Default

No QoS policy is applied globally.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters.

inbound: Applies the QoS policy to the incoming packets on all interfaces.

outbound: Applies the QoS policy to the outgoing packets on all interfaces.

Usage guidelines

A global QoS policy takes effect on all incoming or outgoing traffic depending on the direction in which the QoS policy is applied.

Examples

# Apply the QoS policy user1 to the incoming traffic globally.

<Sysname> system-view

[Sysname] qos apply policy user1 global inbound

qos policy

Use qos policy to create a QoS policy and enter QoS policy view.

Use undo qos policy to delete a QoS policy.

Syntax

qos policy policy-name

undo qos policy policy-name

Default

No QoS policy is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To use the undo qos policy command to delete a QoS policy that has been applied to a certain object, you must first remove it from the object.

Examples

# Define QoS policy user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1]

Related commands

· classifier behavior

· qos apply policy

· qos apply policy global

· qos vlan-policy

qos vlan-policy

Use qos vlan-policy to apply a QoS policy to the specified VLANs.

Use undo qos vlan-policy to remove the QoS policy from the specified VLANs.

Syntax

qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound }

undo qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound }

Default

No QoS policy is applied to a VLAN.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters.

vlan-id-list: Specifies a list of up to eight VLAN IDs. A VLAN ID ranges from 1 to 4094. You can enter individual discontinuous VLAN IDs and VLAN ID ranges in the form of start-vlan-id to end-vlan-id where the start VLAN ID must be smaller than the end VLAN ID. Each item in the VLAN list is separated by a space. You can specify up to eight VLAN IDs.

inbound: Applies the QoS policy to the incoming packets in the specified VLANs.

outbound: Applies the QoS policy to the outgoing packets in the specified VLANs.

Examples

# Apply the QoS policy test to the incoming traffic of VLAN 200, VLAN 300, VLAN 400, and VLAN 500.

<Sysname> system-view

[Sysname] qos vlan-policy test vlan 200 300 400 500 inbound

reset qos policy global

Use reset qos policy global to clear the statistics of a global QoS policy.

Syntax

reset qos policy global [ inbound | outbound ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

inbound: Clears the statistics of the global QoS policy applied to incoming traffic globally.

outbound: Clears the statistics of the global QoS policy applied to outgoing traffic globally.

Usage guidelines

If you do not specify a direction, this command clears the statistics of the global QoS policies in both directions.

Examples

# Clear the statistics of the global QoS policy applied to the incoming traffic globally.

<Sysname> reset qos policy global inbound

reset qos vlan-policy

Use reset qos vlan-policy to clear the statistics of the QoS policy applied in a certain direction of a VLAN.

Syntax

reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan vlan-id: Specifies a VLAN ID, which ranges from 1 to 4094.

inbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN.

outbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN.

Usage guidelines

If you do not specify a direction, this command clears the statistics of the QoS policies in both directions of the VLAN.

Examples

# Clear the statistics of QoS policies applied to VLAN 2.

<Sysname> reset qos vlan-policy vlan 2

Priority mapping commands

Priority map commands

display qos map-table

Use display qos map-table to display the configuration of a priority map.

Syntax

display qos map-table [ dot1p-dp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

The switch provides the following types of priority map.

Table 19 Priority maps

Priority mapping	Description
dot1p-dp	802.1p-drop priority map.
dot1p-lp	802.1p-local priority map.
dscp-dot1p	DSCP-802.1p priority map.
dscp-dp	DSCP-drop priority map.
dscp-dscp	DSCP-DSCP priority map (applicable to only IP packets that are forwarded at Layer 3 by the local switch).

Usage guidelines

If you do not specify a priority map, this command displays the configuration of all priority maps.

Examples

# Display the configuration of the 802.1p-local priority map.

<Sysname> display qos map-table dot1p-lp

MAP-TABLE NAME: dot1p-lp TYPE: pre-define

IMPORT : EXPORT

0 : 2

1 : 0

2 : 1

3 : 3

4 : 4

5 : 5

6 : 6

7 : 7

Table 20 Command output

Field	Description
MAP-TABLE NAME	Name of the priority map.
TYPE	Type of the priority map.
IMPORT	Input values of the priority map.
EXPORT	Output values of the priority map.

import

Use import to configure mappings for a priority map.

Use undo import to restore the specified or all mappings to the default for a priority map.

Syntax

import import-value-list export export-value

undo import { import-value-list | all }

Default

The default priority maps are used. For more information, see ACL and QoS Configuration Guide.

Views

Priority map view

Predefined user roles

network-admin

mdc-admin

Parameters

import-value-list: Specifies a list of input values.

export-value: Specifies the output value.

all: Restores all mappings in the priority map to the default.

Examples

# Configure the 802.1p-drop priority map to map 802.1p priority values 4 and 5 to drop priority 1.

<Sysname> system-view

[Sysname] qos map-table dot1p-dp

[Sysname-maptbl-dot1p-dp] import 4 5 export 1

Related commands

display qos map-table

qos map-table

Use qos map-table to enter the specified priority map view.

Syntax

qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

For the description of the keywords, see Table 19.

Examples

# Enter the 802.1p-drop priority map view.

<Sysname> system-view

[Sysname] qos map-table dot1p-dp

[Sysname-maptbl-dot1p-dp]

Related commands

· display qos map-table

· import

Port priority commands

qos priority

Use qos priority to change the port priority of an interface.

Use undo qos priority to restore the default.

Syntax

qos priority priority-value

undo qos priority

Default

The port priority is 0.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

priority-value: Specifies the port priority value. The port priority ranges from 0 to 7.

Examples

# Set the port priority of interface FortyGigE 1/0/1 to 2.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos priority 2

Related commands

display qos trust interface

Priority trust mode commands

display qos trust interface

Use display qos trust interface to display priority trust mode and port priority information on an interface.

Syntax

display qos trust interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays priority trust mode and port priority information of all interfaces.

Examples

# Display the priority trust mode and port priority information of FortyGigE 1/0/1.

<Sysname> display qos trust interface fortygige 1/0/1

Interface: FortyGigE1/0/1

Port priority information

Port priority: 0

Port priority trust type: none

Table 21 Command output

Field	Description
Interface	Interface type and interface number.
Port priority	Port priority set for the interface.
Port priority trust type	Priority trust mode on the interface: dot1p or dscp.

qos trust

Use qos trust to configure the priority trust mode for an interface.

Use undo qos trust to restore the default priority trust mode.

Syntax

qos trust { dot1p | dscp }

undo qos trust

Default

The switch trusts the 802.1p priority carried in packets.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

dot1p: Uses the 802.1p priority in incoming packets for priority mapping.

dscp: Uses the DSCP value in incoming packets for priority mapping.

Examples

# Set the trusted packet priority type to 802.1p priority on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos trust dot1p

Related commands

display qos trust interface

GTS and rate limit commands

GTS commands

display qos gts interface

Use display qos gts interface to view generic traffic shaping (GTS) configuration and statistics on a specified interface or all the interfaces.

Syntax

display qos gts interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the GTS configuration and statistics on all the interfaces.

Examples

# Display the GTS configuration and statistics on all the interfaces.

<Sysname> display qos gts interface

Interface : FortyGigE1/0/1

Rule(s): If-match queue 1

CIR 128 (kbps), CBS 8192 (Bytes)

Rule(s): If-match queue 2

CIR 256 (kbps), CBS 16384 (Bytes)

Table 22 Command output

Field	Description
Interface	Interface type and interface number.
Rule	Match criteria.
CIR	CIR in kbps.
CBS	CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic.

qos gts

Use qos gts to set GTS parameters for the packets in a specific queue.

Use undo qos gts to remove GTS parameters for traffic of a specific queue on the interface.

Syntax

qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ]

undo qos gts queue queue-number

Default

No GTS parameters are set on an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue queue-number: Shapes the packets in the specified queue. The value range for the queue-number argument is 0 to 7.

cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument varies by interface speed as follows:

· 8 to 10000000 for 10-GE interfaces.

· 8 to 40000000 for 40-GE interfaces.

· 8 to 100000000 for 100-GE interfaces.

The values must be integral multiples of 8.

cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 16000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product.

Examples

# Shape the packets in queue 1 on FortyGigE 1/0/1. The GTS parameters are as follows: CIR is 6400 kbps and CBS is 51200 bytes.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos gts queue 1 cir 6400 cbs 51200

Rate limit commands

display qos lr interface

Use display qos lr interface to view the rate limit configuration and statistics on a specified interface or all the interfaces.

Syntax

display qos lr interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the rate limit configuration and statistics on all the interfaces.

Examples

# Display the rate limit configuration and statistics on all the interfaces.

<Sysname> display qos lr interface

Interface : FortyGigE1/0/1

Direction: Outbound

CIR 12800 (kbps), CBS 800256 (Bytes)

Interface : FortyGigE1/0/2

Direction: Outbound

CIR 25600 (kbps), CBS 1600000 (Bytes)

Table 23 Command output

Field	Description
Interface	Interface type and interface number.
Direction	Direction to which the rate limit configuration is applied. The switch supports only Outbound.
CIR	CIR in kbps.
CBS	CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic.

qos lr

Use qos lr to limit the rate of packets on the interface.

Use undo qos lr to remove the rate limit.

Syntax

qos lr outbound cir committed-information-rate [ cbs committed-burst-size ]

undo qos lr outbound

Default

Rate limit is not configured on an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

outbound: Limits the rate of outgoing packets on the interface.

cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument varies by interface speed as follows:

· 8 to 10000000 for 10-GE interfaces.

· 8 to 40000000 for 40-GE interfaces.

· 8 to 100000000 for 100-GE interfaces.

The values must be integral multiples of 8.

cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 128000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product.

Examples

# Limit the rate of outgoing packets on FortyGigE 1/0/1, with CIR 25600 kbps and CBS 512000 bytes.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos lr outbound cir 25600 cbs 512000

Congestion management commands

SP commands

display qos queue sp interface

Use display qos queue sp interface to view the SP queuing configuration of an interface.

Syntax

display qos queue sp interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the SP queuing configuration of all the interfaces.

Examples

# Display the SP queuing configuration of FortyGigE 1/0/1.

<Sysname> display qos queue sp interface fortygige 1/0/1

Interface: FortyGigE1/0/1

Output queue: Strict Priority queuing

Table 24 Command output

Field	Description
Interface	Interface type and interface number.
Output queue	Type of the current output queue.

qos sp

Use qos sp to configure SP queuing on an interface.

Use undo qos sp to restore the default.

Syntax

qos sp

undo qos sp

Default

An interface uses the SP queuing algorithm.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable SP queuing on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos sp

Related commands

display qos queue sp interface

WRR commands

display qos queue wrr interface

Use display qos queue wrr interface to display the WRR queuing configuration on an interface.

Syntax

display qos queue wrr interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WRR queuing configuration of all the interfaces.

Examples

# Display the WRR queuing configuration of FortyGigE 1/0/1.

<Sysname> display qos queue wrr interface fortygige 1/0/1

Interface: FortyGigE1/0/1

Output queue: Weighted Round Robin queuing

Queue ID Group Weight

-----------------------------------------

be sp NA

af1 1 2

af2 1 3

af3 1 4

af4 1 5

ef 1 9

cs6 1 13

cs7 1 15

Table 25 Command output

Field	Description
Interface	Interface type and interface number.
Output queue	Type of the current output queue.
Queue ID	ID of a queue.
Group	Group to which a queue belongs.
Weight	Packet-based queue scheduling weight of a queue. N/A is displayed for a queue that uses the SP queue scheduling algorithm.

qos wrr

Use qos wrr to enable WRR queuing and specify the weight type for an interface.

Use undo qos wrr to disable WRR queuing and restore the default queue scheduling algorithm for an interface.

Syntax

qos wrr { byte-count | weight }

undo qos wrr { byte-count | weight }

Default

An interface uses the SP queuing algorithm.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

byte-count: Allocates bandwidth to queues in terms of bytes.

weight: Allocates bandwidth to queues in terms of packets.

Usage guidelines

You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface.

Examples

# Enable weight-based WRR queuing on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wrr weight

# Enable byte-count WRR queuing on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wrr byte-count

Related commands

display qos queue wrr interface

qos wrr { byte-count | weight }

Use qos wrr { byte-count | weight } to configure the WRR queuing parameters for a queue on an interface.

Use undo qos wrr to restore the default WRR queuing parameters of a queue on an interface.

Syntax

qos wrr queue-id group 1 { byte-count | weight } schedule-value

undo qos wrr queue-id

Default

An interface uses the byte-count WRR queuing algorithm, and queues 0 through 7 are in WRR group 1, with their weights of 1, 2, 3, 4, 5, 6, 7, and 8, respectively.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

group 1: Specifies the WRR group. Only one WRR group is supported.

byte-count: Allocates bandwidth to queues in terms of bytes.

weight: Allocates bandwidth to queues in terms of packets.

schedule-value: Specifies a scheduling weight for the specified queue in WRR queuing, in the range of 1 to 127.

Usage guidelines

You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface.

The queue-id argument can be either a number or a keyword. Table 26 shows the number-keyword map.

Table 26 The number-keyword map for the queue-id argument

Number	Keyword
0	be
1	af1
2	af2
3	af3
4	af4
5	ef
6	cs6
7	cs7

Examples

# Enable byte-count WRR queuing on FortyGigE 1/0/1, and assign queues 0 and 1 to the WRR group, with the scheduling weights 10 and 5, respectively.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wrr byte-count

[Sysname-FortyGigE1/0/1] qos wrr 0 group 1 byte-count 10

[Sysname-FortyGigE1/0/1] qos wrr 1 group 1 byte-count 5

Related commands

· display qos queue wrr interface

· qos wrr

qos wrr group sp

Use qos wrr group sp to assign a queue to the SP group.

Use undo qos wrr group sp to restore the default.

Syntax

qos wrr queue-id group sp

undo qos wrr queue-id

Default

An interface uses the byte-count WRR queuing algorithm, and all the queues are in WRR group 1.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm.

Usage guidelines

This command is available only on a WRR-enabled interface. Queues in the SP group are scheduled with SP. The SP group has higher scheduling priority than the WRR group. Queues in the WRR group are scheduled according to user-configured weights.

You must use the qos wrr command to enable WRR queuing before you can configure this command on an interface.

Examples

# Enable packet-based WRR queuing on FortyGigE 1/0/1, and assign queue 0 to the SP group.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wrr weight

[Sysname-FortyGigE1/0/1] qos wrr 0 group sp

Related commands

· display qos queue wrr interface

· qos wrr

WFQ commands

display qos queue wfq interface

Use display qos queue wfq interface to display the WFQ configuration on an interface.

Syntax

display qos queue wfq interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WFQ configuration of all the interfaces.

Examples

# Display the WFQ configuration of FortyGigE 1/0/1.

<Sysname> display qos queue wfq interface fortygige 1/0/1

Interface: FortyGigE1/0/1

Output queue: Hardware Weighted Fair Queuing

Queue ID Group Byte-count Min-Bandwidth

----------------------------------------------------------------

be 1 1 64

af1 1 1 64

af2 1 1 64

af3 1 1 64

af4 1 1 64

ef 1 1 64

cs6 1 1 64

cs7 1 1 64

Table 27 Command output

Field	Description
Interface	Interface type and interface number.
Output queue	Type of the current output queue.
Queue ID	ID of a queue.
Group	Group to which a queue belongs.
Byte-count	Byte-count scheduling weight of the queue.
Min-Bandwidth	Minimum guaranteed bandwidth.

qos bandwidth queue

Use qos bandwidth queue to set the minimum guaranteed bandwidth for a specified queue on an interface.

Use undo qos bandwidth queue to restore the default.

Syntax

qos bandwidth queue queue-id min bandwidth-value

undo qos bandwidth queue queue-id

Default

The minimum guaranteed bandwidth is 64 kbps.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

min bandwidth-value: Sets the minimum guaranteed bandwidth in kbps for a queue when the interface is congested. The value range for the bandwidth-value argument varies by interface speed as follows:

· 8 to 10000000 for 10-GE interfaces.

· 8 to 40000000 for 40-GE interfaces.

· 8 to 100000000 for 100-GE interfaces.

Usage guidelines

You must use the qos wfq command to enable WFQ before you can configure this command on an interface.

Examples

# Set the minimum guaranteed bandwidth to 100 kbps for queue 0 on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wfq weight

[Sysname-FortyGigE1/0/1] qos bandwidth queue 0 min 100

Related commands

qos wfq

Use qos wfq to enable WFQ and specify the WFQ weight type on an interface.

Use undo qos wfq to disable WFQ and restore the default queuing algorithm on an interface.

Syntax

qos wfq { byte-count | weight }

undo qos wfq { byte-count | weight }

Default

An interface uses the SP queuing algorithm.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

byte-count: Allocates bandwidth to queues in terms of bytes.

weight: Allocates bandwidth to queues in terms of packets.

Usage guidelines

You must use the qos wfq command to enable WFQ before you can configure WFQ queuing parameters for a queue on an interface.

Examples

# Enable weight-based WFQ on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wfq weight

# Enable byte-count WFQ on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wfq byte-count

Related commands

display qos queue wfq interface

qos wfq { byte-count | weight }

Use qos wfq { byte-count | weight } to assign a queue to a WFQ group with a certain scheduling weight.

Use undo qos wfq to restore the default.

Syntax

qos wfq queue-id group 1 { byte-count | weight } schedule-value

undo qos wfq queue-id

Default

When WFQ queuing is used on an interface, all the queues are in the WFQ group and have a weight of 1.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

group 1: Specifies the WFQ group. Only one WFQ group is supported.

byte-count: Allocates bandwidth to queues in terms of bytes.

weight: Allocates bandwidth to queues in terms of packets.

schedule-value: Specifies a scheduling weight for the specified queue in WFQ queuing, in the range of 1 to 127.

Usage guidelines

You must use the qos wfq command to enable WFQ first before you configure this command.

Examples

# Enable byte-count WFQ on interface FortyGigE 1/0/1, assign queue 0, with the scheduling weight 10, to WFQ group 1, and assign queue 1, with the scheduling weight 5, to WFQ group 2.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wfq byte-count

[Sysname-FortyGigE1/0/1] qos wfq 0 group 1 byte-count 10

[Sysname-FortyGigE1/0/1] qos wfq 1 group 1 byte-count 5

Related commands

· display qos queue wfq interface

· qos bandwidth queue

· qos wfq

qos wfq group sp

Use qos wfq group sp to assign a queue to the SP group.

Use undo qos wfq group sp to restore the default.

Syntax

qos wfq queue-id group sp

undo qos wfq queue-id

Default

When WFQ queuing is used on an interface, all the queues are in the WFQ group.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm.

Usage guidelines

With this SP+WFQ queuing method, the system schedules traffic in the following order:

1. Schedules the traffic conforming to the minimum guaranteed bandwidth of each queue in a WFQ group.

2. Schedules the queues in the SP group based on their priorities.

3. Schedules the queues in the WFQ group according to the configured weights.

You must use the qos wfq command to enable WFQ first before you configure this command.

Examples

# Enable weight-based WFQ on interface FortyGigE 1/0/1, and assign queue 0 to the SP group.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos wfq weight

[Sysname-FortyGigE1/0/1] qos wfq 0 group sp

Related commands

· display qos queue wfq interface

· qos bandwidth queue

· qos wfq

Queue scheduling profile commands

bandwidth

Use bandwidth to set the minimum guaranteed bandwidth for a WFQ queue in a queue scheduling profile.

Use undo bandwidth to restore the default.

Syntax

bandwidth queue queue-id min bandwidth-value

undo bandwidth queue queue-id

Default

The minimum guaranteed bandwidth is 64 kbps for a WFQ queue in a queue scheduling profile.

Views

Queue scheduling profile view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 26.

min bandwidth-value: Specifies the minimum guaranteed bandwidth in the range of 8 to 100000000 kbps. The parameter specifies the bandwidth guaranteed for a queue when the port is congested.

Usage guidelines

To configure the minimum guaranteed bandwidth for a queue in a queue scheduling profile, you must first configure the queue as a WFQ queue.

Examples

# In queue scheduling profile myprofile, configure queue 0 as follows:

· Configure queue 0 as a WFQ queue with a packet-based weight of 1.

· Set the minimum guaranteed bandwidth to 100 kbps for queue 0.

<Sysname> system-view

[Sysname] qos qmprofile myprofile

[Sysname-qmprofile-myprofile] queue 0 wfq group 1 weight 1

[Sysname-qmprofile-myprofile] bandwidth queue 0 min 100

Related commands

· display qos qmprofile interface

· qos qmprofile

· queue

display qos qmprofile configuration

Use display qos qmprofile configuration to display the configuration of queue scheduling profiles.

Syntax

In standalone mode:

display qos qmprofile configuration [ profile-name ] [ slot slot-number ]

In IRF mode:

display qos qmprofile configuration [ profile-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

profile-name: Specifies a queue scheduling profile by its name, a string of 1 to 31 case-sensitive characters. If you do not specify a queue scheduling profile, this command displays the configuration of all queue scheduling profiles.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the configuration of queue scheduling profiles on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the configuration of queue scheduling profiles on the global active MPU. (In IRF mode.)

Examples

# Display the configuration of queue scheduling profile myprofile.

<Sysname> display qos qmprofile configuration myprofile

Queue management profile: myprofile (ID 1)

Queue ID Type Group Schedule-unit Schedule-value Bandwidth

---------------------------------------------------------------------------

be WFQ N/A weight 1 64

af1 WFQ 1 weight 1 64

af2 WFQ N/A weight 1 1000

af3 WFQ N/A weight 1 64

af4 SP N/A N/A N/A N/A

ef WFQ N/A weight 1 64

cs6 WFQ 1 weight 56 64

cs7 SP N/A N/A N/A N/A

Table 28 Command output

Field	Description
Queue management profile	Queue scheduling profile name.
Queue ID	ID of a queue.
Type	Queue scheduling type: · SP. · WRR. · WFQ.
Group	Priority group to which the queue belongs. · For an SP queue, this field is always N/A. · For a WFQ or WRR queue, this field is always 1.
Schedule-unit	Scheduling weight type. · For an SP queue, this field is always N/A. · For a WRR queue or WFQ queue, this field can be weight or byte-count.
Schedule-value	Scheduling weight of the queue. For an SP queue, this field is always N/A.
Bandwidth	Minimum guaranteed bandwidth of the queue. This parameter can be configured for only WFQ queues.

display qos qmprofile interface

Use display qos qmprofile interface to display the queue scheduling profile applied to the specified interface.

Syntax

display qos qmprofile interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the queue scheduling profiles applied to all interfaces.

Examples

# Display the queue scheduling profile applied to FortyGigE 1/0/1.

<Sysname> display qos qmprofile interface fortygige 1/0/1

Interface: FortyGigE1/0/1

Queue management profile: myprofile

Table 29 Command output

Field	Description
Interface	Interface name.
Queue management profile	Name of the queue scheduling profile applied to the interface.

qos apply qmprofile

Use qos apply qmprofile to apply a queue scheduling profile to an interface.

Use undo qos apply qmprofile to restore the default.

Syntax

qos apply qmprofile profile-name

undo qos apply qmprofile

Default

No queue scheduling profile is applied to an interface.

Views

Layer 2 Ethernet interface view, Layer 3 Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

profile-name: Specifies a queue scheduling profile by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

You can apply only one queue scheduling profile to an interface.

Examples

# Apply queue scheduling profile myprofile to FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] qos apply qmprofile myprofile

Related commands

display qos qmprofile interface

qos qmprofile

Use qos qmprofile to create a queue scheduling profile and enter queue scheduling profile view.

Use undo qos qmprofile to delete a queue scheduling profile.

Syntax

qos qmprofile profile-name

undo qos qmprofile profile-name

Default

No queue scheduling profile exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

profile-name: Specifies the queue scheduling profile name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To delete a queue scheduling profile already applied to an interface, remove it from the interface first and then delete it.

Examples

# Create queue scheduling profile myprofile and enter queue scheduling profile view.

<Sysname> system-view

[Sysname] qos qmprofile myprofile

[Sysname-qmprofile-myprofile]

Related commands

· display qos qmprofile interface

· queue

queue

Use queue to configure queue scheduling parameters.

Use undo queue to restore the default.

Syntax

queue queue-id { sp | wfq group 1 { byte-count | weight } schedule-value | wrr group 1 { byte-count | weight } schedule-value }

undo queue queue-id

Default

In a queue scheduling profile, SP queuing is used for all queues.

Views

Queue scheduling profile view

Predefined user roles

network-admin

mdc-admin

Parameters

queue-id: Specifies a queue by its ID in the range of 0 to 7.

sp: Enables SP for the queue.

wfq: Enables WFQ for the queue.

group 1: Specifies the group to which the queue belongs.

byte-count: Allocates bandwidth to queues in terms of bytes.

weight: Allocates bandwidth to queues in terms of packets.

schedule-value: Specifies the scheduling weight in the range of 1 to 127.

wrr: Enables WRR for the queue.

Usage guidelines

The queue-id argument can be either a number or a keyword. Table 26 shows the number-keyword map.

Examples

# Create queue scheduling profile myprofile and configure queue 0 to use SP.

<Sysname> system-view

[Sysname] qos qmprofile myprofile

[Sysname-qmprofile-myprofile] queue 0 sp

# Create queue scheduling profile myprofile and configure it as follows:

· Configure queue 1 to use WRR.

· Set the scheduling weight to 10 for queue 1.

· Assign queue 1 to WRR priority group 1.

<Sysname> system-view

[Sysname] qos qmprofile myprofile

[Sysname-qmprofile-myprofile] queue 1 wrr group 1 weight 10

Related commands

· display qos qmprofile interface

· qos qmprofile

Aggregate CAR commands

car name

Use car name to reference an aggregate CAR action in a traffic behavior.

Use undo car to remove an aggregate CAR action from a traffic behavior.

Syntax

car name car-name

undo car

Default

No aggregate CAR action is configured in a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.

Examples

# Reference the aggregate CAR action aggcar-1 in the traffic behavior be1.

<Sysname> system-view

[Sysname] traffic behavior be1

[Sysname-behavior-be1] car name aggcar-1

Related commands

· display qos car name

· display traffic behavior user-defined

display qos car name

Use display qos car name to display the configuration and statistics for aggregate CAR actions.

Syntax

display qos car name [ car-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

car-name: Specifies an aggregate CAR action by its name. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If you do not specify a CAR action, this command displays the configuration and statistics for all aggregate CAR actions.

Examples

# (In standalone mode.) Display the configuration and statistics for all aggregate CAR actions.

<Sysname> display qos car name

Name: a

Mode: aggregative

CIR 12800 (kbps), CBS 800256 (Bytes), EBS 512 (Bytes), PIR 25600 (kbps)

Slot 0:

Green packets: 54641 (Packets)

Red packets: 856 (Packets)

Slot 1:

Green packets: 12541 (Packets)

Red packets: 1235 (Packets)

# (In IRF mode.) Display the configuration and statistics for all aggregate CAR actions.

<Sysname> display qos car name

Name: a

Mode: aggregative

CIR 12800 (kbps), CBS 800256 (Bytes), EBS 512 (Bytes), PIR 25600 (kbps)

Chassis 1 Slot 0:

Green packets: 54641 (Packets)

Red packets: 856 (Packets)

Chassis 2 Slot 1:

Green packets: 12541 (Packets)

Red packets: 1235 (Packets)

Table 30 Command output

Field	Description
Name	Name of the aggregate CAR action.
Mode	Type of the aggregate CAR action: aggregative.
CIR CBS EBS PIR	Parameters for the CAR action.
Green packet	Statistics about green packets.
Red packet	Statistics about red packets.

qos car

Use qos car to configure an aggregate CAR action.

Use undo qos car to delete an aggregate CAR action.

Syntax

qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]

undo qos car car-name

Default

No aggregate CAR action is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

car-name: Specifies the name of the aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.

aggregative: Specifies the aggregate CAR action.

cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument is an integral multiple of 8 between 8 and 160000000.

cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 256000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product. A default value greater than 256000000 is converted to 256000000.

ebs excess-burst-size: Specifies the EBS in bytes. The value range for the excess-burst-size argument is an integral multiple of 512 between 0 and 256000000, and the default value is 512.

pir peak-information-rate: Specifies the PIR in kbps. The value range for the peak-information-rate argument is an integral multiple of 8 between 8 and 160000000. If the PIR is configured, two rates are used for traffic policing. Otherwise, one rate is used.

Usage guidelines

An aggregate CAR action takes effect only after it is applied to an interface or referenced in a QoS policy.

Examples

# Configure the aggregate CAR action aggcar-1, where CIR is 25600, CBS is 512000, and red packets are dropped.

<Sysname> system-view

[Sysname] qos car aggcar-1 aggregative cir 25600 cbs 512000 red discard

Related commands

display qos car name

reset qos car name

Use reset qos car name to clear statistics for aggregate CAR actions.

Syntax

reset qos car name [ car-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

car-name: Specifies a n aggregate CAR action by its name. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If you do not specify an aggregate CAR action, this command clears statistics for all aggregate CAR actions.

Examples

# Clear statistics for the aggregate CAR action aggcar-1.

<Sysname> reset qos car name aggcar-1

Queue-based accounting commands

display qos queue-statistics

Use display qos queue-statistics to display queue-based traffic statistics for interfaces.

Syntax

display qos queue-statistics interface [ interface-type interface-number ] outbound

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays queue-based traffic statistics for all interfaces.

outbound: Displays outbound traffic statistics.

Usage guidelines

To display traffic statistics on a per-queue basis, first set the packet statistics collection mode to queue by using the statistic mode queue command.

Examples

# Display queue-based outbound traffic statistics for FortyGigE 1/0/1.

<Sysname> display qos queue-statistics interface FortyGigE 1/0/1 outbound

Interface: FortyGigE1/0/1

Direction: outbound

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Queue 0

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 1

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 2

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 3

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 4

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 5

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 6

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Queue 7

Forwarded: 0 packets, 0 bytes

Dropped: 0 packets, 0 bytes

Total queue length: 0 packets

Current queue length: 0 packets, 0% use ratio

Table 31 Command output

Field	Description
Forwarded	Counts forwarded traffic both in packets and in bytes. Counting forwarded traffic in packets is not supported in the current software version.
Dropped	Counts dropped traffic both in packets and in bytes.
Total queue length	Maximum number of packets allowed in the queue.
Current queue length	Current number of packets in the queue.
use ratio	Ratio of the current number of packets in the queue to the maximum number of packets allowed in the queue.

Related commands

· reset qos queue-statistics

· statistic mode queue

display statistic mode

Use display statistic mode to display the packet statistics collection mode.

Syntax

display statistic mode

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the packet statistics collection mode.

<Sysname> display statistic mode

The packet statistic mode is queue.

Related commands

· statistic mode queue

· statistic mode vsi (VXLAN Command Reference)

reset qos queue-statistics

Use reset qos queue-statistics to clear queue-based traffic statistics for interfaces.

Syntax

reset qos queue-statistics interface [ interface-type interface-number ] outbound

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command clears the queue-based traffic statistics for all interfaces.

outbound: Clears outbound traffic statistics.

Examples

# Clear queue-based outbound traffic statistics for FortyGigE 1/0/1.

<Sysname> reset qos queue-statistics interface FortyGigE 1/0/1 outbound

Related commands

· display qos queue-statistics

· statistic mode queue

statistic mode queue

Use statistic mode queue to set the packet statistics collection mode to queue.

Use undo statistic mode queue to restore the default.

Syntax

statistic mode queue

undo statistic mode

Default

The packet statistics collection mode is VSI.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To display traffic statistics on a per-queue basis, first set the packet statistics collection mode to queue by using the statistic mode queue command.

Examples

# Set the packet statistics collection mode to queue.

<Sysname> system-view

[Sysname] statistic mode queue

Do you want to change the packet statistic mode? [Y/N]:y

Related commands

· display qos queue-statistics

· display statistic mode

· statistic mode vsi (VXLAN Command Reference)

Time range commands

display time-range

Use display time-range to display time range configuration and status.

Syntax

display time-range { time-range-name | all }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter.

all: Displays the configuration and status of all existing time ranges.

Examples

# Display the configuration and status of time range t4.

<Sysname> display time-range t4

Current time is 17:12:34 11/23/2010 Tuesday

Time-range : t4 (Inactive)

10:00 to 12:00 Mon

14:00 to 16:00 Wed

from 00:00 1/1/2011 to 00:00 1/1/2012

from 00:00 6/1/2011 to 00:00 7/1/2011

Table 32 Command output

Field	Description
Current time	Current system time.
Time-range	Configuration and status of the time range, including its name, status (active or inactive), and start time and end time.

time-range

Use time-range to create or edit a time range.

Use undo time-range to delete a time range or a statement in the time range.

Syntax

time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }

undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ]

Default

No time range exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

time-range-name: Specifies a time range name. The name is a case-insensitive string of 1 to 32 characters. It must start with an English letter and to avoid confusion, it cannot be all.

start-time to end-time: Specifies a periodic statement. Both start-time and end-time are in hh:mm format (24-hour clock). The value range is 00:00 to 23:59 for the start time, and 00:00 to 24:00 for the end time. The end time must be greater than the start time.

days: Specifies the day or days of the week (in words or digits) on which the periodic statement is valid. If you specify multiple values, separate each value with a space, and make sure they do not overlap. These values can take one of the following forms:

· A digit in the range of 0 to 6, respectively for Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday.

· A day of a week in abbreviated words: sun, mon, tue, wed, thu, fri, and sat.

· working-day for Monday through Friday.

· off-day for Saturday and Sunday.

· daily for the whole week.

from time1 date1: Specifies the start time and date of an absolute statement. The time1 argument specifies the time of the day in hh:mm format (24-hour clock). Its value range is 00:00 to 23:59. The date1 argument specifies a date in MM/DD/YYYY or YYYY/MM/DD format, where MM is the month of the year in the range of 1 to 12, DD is the day of the month with the range depending on MM, and YYYY is the year in the calendar in the range of 1970 to 2100. If the start time is not specified, the start time is 01/01/1970 00:00 AM, the earliest time available in the system.

to time2 date2: Specifies the end time and date of the absolute time statement. The time2 argument has the same format as the time1 argument, but its value range is 00:00 to 24:00. The date2 argument has the same format and value range as the date1 argument. The end time must be greater than the start time. If not specified, the end time is 12/31/2100 24:00 PM, the maximum time available in the system.

Usage guidelines

If you provide an existing time range name for the time-range command, the command adds a statement to the time range.

You can create multiple statements in a time range. Each time statement can take one of the following forms:

· Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week.

· Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur.

· Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period. For example, to create a time range that is active from 08:00 to 12:00 on Monday between January 1, 2011 00:00 and December 31, 2011 23:59, use the time-range test 08:00 to 12:00 mon from 00:00 01/01/2011 to 23:59 12/31/2011 command.

You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements. The active period of a time range is calculated as follows:

1. Combining all periodic statements

2. Combining all absolute statements

3. Taking the intersection of the two statement sets as the active period of the time range

Examples

# Create a periodic time range t1, setting it to be active between 8:00 to 18:00 during working days.

<Sysname> system-view

[Sysname] time-range t1 08:00 to 18:00 working-day

# Create an absolute time range t2, setting it to be active in the whole year of 2011.

<Sysname> system-view

[Sysname] time-range t2 from 00:00 1/1/2011 to 24:00 12/31/2011

# Create a compound time range t3, setting it to be active from 08:00 to 12:00 on Saturdays and Sundays of the year 2011.

<Sysname> system-view

[Sysname] time-range t3 08:00 to 12:00 off-day from 00:00 1/1/2011 to 24:00 12/31/2011

# Create a compound time range t4, setting it to be active from 10:00 to 12:00 on Mondays and from 14:00 to 16:00 on Wednesdays in the period of January through June of the year 2011.

<Sysname> system-view

[Sysname] time-range t4 10:00 to 12:00 1 from 00:00 1/1/2011 to 24:00 1/31/2011

[Sysname] time-range t4 14:00 to 16:00 3 from 00:00 6/1/2011 to 24:00 6/30/2011

Related commands

display time-range

Data buffer commands

burst-mode enable

Use burst-mode enable to enable the Burst feature.

Use undo burst-mode enable to disable the Burst feature.

Syntax

burst-mode enable

undo burst-mode enable

Default

The Burst feature is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The Burst feature is especially useful for reducing packet losses under the following circumstances:

· Broadcast or multicast traffic is intensive, resulting in bursts of traffic.

· Traffic enters a device from a high-speed interface and goes out of a low-speed interface.

· Traffic enters a device from multiple same-rate interfaces and goes out of an interface with the same rate.

Examples

# Enable the Burst feature.

<Sysname> system-view

[Sysname] burst-mode enable

buffer usage threshold

Use buffer usage threshold to set a per-interface buffer usage threshold.

Use undo buffer usage threshold to restore the default.

Syntax

In standalone mode:

buffer usage threshold slot slot-number ratio ratio

undo buffer usage threshold slot slot-number

In IRF mode:

buffer usage threshold chassis chassis-number slot slot-number ratio ratio

undo buffer usage threshold chassis chassis-number slot slot-number

Default

The per-interface buffer usage threshold is 100%.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)

ratio ratio: Specifies the buffer usage threshold in percentage, in the range of 1 to 100.

Usage guidelines

This command is available in Release 1138P01 and later versions.

This command takes effect only when the packet statistics collection mode is queue (configured by using the statistic mode queue command). For more information about packet statistics collection modes, see the statistic mode queue command.

After you configure this command, the switch automatically records buffer usage for each interface. When a queue on an interface uses more buffer space than the set threshold, the system counts one threshold violation for the queue.

To display the buffer usage statistics for interfaces, use the display buffer usage interface command.

Examples

# Set the per-interface buffer usage threshold to 50% for card 2. (In standalone mode.)

<Sysname> system-view

[Sysname] buffer usage threshold slot 2 ratio 50

# Set the per-interface buffer usage threshold to 50% for card 2 on IRF member device 2. (In IRF mode.)

<Sysname> system-view

[Sysname] buffer usage threshold chassis 2 slot 2 ratio 50

Related commands

display buffer usage interface

Use display buffer usage interface to display buffer usage statistics for interfaces.

Syntax

display buffer usage interface [ interface-type [ interface-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type [ interface-number ]: Specifies an interface by its type and number. If you do not specify the interface-type argument, this command displays buffer usage statistics for all Ethernet interfaces. If you specify the interface-type argument without the interface-number argument, this command displays buffer usage statistics for all Ethernet interfaces of the specified type.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Display buffer usage statistics for Ten-GigabitEthernet 2/0/1.

<Sysname> display buffer usage interface ten-gigabitethernet 2/0/1

Interface QueueID Total Used Threshold(%) Violations

--------------------------------------------------------------------------------

XGE2/0/1 0 9418032 0 30 0

1 9418032 0 30 0

2 9418032 0 30 0

3 9418032 0 30 0

4 9418032 0 30 0

5 9418032 0 30 0

6 9418032 0 30 0

7 9418032 0 30 0

Table 33 Command output

Field	Description
Total	Data buffer size in bytes allowed for a queue.
Used	Data buffer size in bytes that has been used by a queue.
Threshold(%)	Buffer usage threshold for a queue. The threshold value is the same as the per-interface threshold value.
Violations	Number of threshold violations for a queue. The value of this field is reset upon a switch reboot.

Index

A B C D F I P Q R S T

accounting,31

acl,1

acl copy,2

acl name,3

bandwidth,68

buffer usage threshold,86

burst-mode enable,86

car,32

car name,75

classifier behavior,38

description,3

display acl,4

display buffer usage interface,87

display packet-filter,5

display packet-filter statistics,6

display packet-filter statistics sum,8

display packet-filter verbose,9

display qos car name,75

display qos gts interface,55

display qos lr interface,56

display qos map-table,50

display qos policy,39

display qos policy global,40

display qos policy interface,42

display qos qmprofile configuration,69

display qos qmprofile interface,71

display qos queue sp interface,59

display qos queue wfq interface,64

display qos queue wrr interface,60

display qos queue-statistics,79

display qos trust interface,53

display qos vlan-policy,43

display qos-acl resource,10

display statistic mode,80

display time-range,83

display traffic behavior,33

display traffic classifier,27

filter,34

if-match,28

import,51

packet-filter,12

packet-filter default deny,13

packet-filter global,13

qos apply policy,45

qos apply policy global,46

qos apply qmprofile,71

qos bandwidth queue,65

qos car,76

qos gts,55

qos lr,57

qos map-table,51

qos policy,46

qos priority,52

qos qmprofile,72

qos sp,59

qos trust,53

qos vlan-policy,47

qos wfq,66

qos wfq { byte-count | weight },66

qos wfq group sp,67

qos wrr,61

qos wrr { byte-count | weight },62

qos wrr group sp,63

queue,73

redirect,35

remark dscp,36

remark local-precedence,37

reset acl counter,14

reset packet-filter statistics,15

reset qos car name,77

reset qos policy global,48

reset qos queue-statistics,81

reset qos vlan-policy,48

rule (Ethernet frame header ACL view),16

rule (IPv4 advanced ACL view),17

rule (IPv4 basic ACL view),22

rule (user-defined ACL view),23

rule comment,25

statistic mode queue,81

step,25

time-range,83

traffic behavior,38

traffic classifier,31

08-ACL and QoS Command Reference

ACL commands

acl name

QoS policy commands

display traffic classifier

remark local-precedence

traffic behavior

import

display qos trust interface

display qos queue sp interface

qos wrr { byte-count | weight }

qos bandwidth queue

qos wfq

qos wfq { byte-count | weight }

qos wfq group sp

Queue scheduling profile commands

display qos qmprofile interface

qos qmprofile

burst-mode enable

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us