H3C S3600 Command Manual-Release 1602(V1.02)

HomeSupportSwitchesH3C S3600 Switch SeriesReference GuidesCommand ReferencesH3C S3600 Command Manual-Release 1602(V1.02)
26-QoS-QoS Profile Command
Title Size Download
26-QoS-QoS Profile Command 195.04 KB

 

The following commands were added:

l          VLAN mapping related commands: display qos-interface traffic-remark-vlanid and section traffic-remark-vlanid.

l          Commands related to port rate limiting and traffic policing: line-rate and section traffic-limit.

l          VLAN-based priority marking command: traffic-priority vlan.

l          The command for redirecting traffic to an aggregation group and removing outer VLAN tags when redirecting traffic to the specified port/aggregation group. Refer to traffic-redirect.

l          The command enabling the burst function. Refer to burst-mode enable.

 

QoS Commands

burst-mode enable

Syntax

burst-mode enable

undo burst-mode enable

View

System view

Parameters

None

Description

Use the burst-mode enable command to enable the burst function.

Use the undo burst-mode enable command to disable the burst function.

By default, the burst function is disabled.

The burst function improves packet buffering and forwarding performance in the following scenarios:

l          Dense broadcast or multicast traffic and massive burst traffic are present.

l          High-speed traffic is forwarded over a low-speed link or traffic received from multiple interfaces at the same speed is forwarded through an interface at the same speed.

By enabling the burst function on your switch, you can improve the processing performance of the switch operating in the above scenarios and thus drop packet loss rate.

 

l          For packets to be forwarded properly, you must not enable the burst function when the IRF function is enabled. Refer to IRF Fabric Operation for detailed information about IRF.

l          Because the burst function may affect the QoS performance of your switch, you must make sure that you are fully aware of the impacts when enabling the burst function.

 

Examples

# Enable the burst function.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] burst-mode enable

display protocol-priority

Syntax

display protocol-priority

View

Any view

Parameters

None

Description

Use the display protocol-priority command to display the list of protocol priorities you assigned with the protocol-priority command.

An S3600 series switch supports setting priorities for certain protocol packets generated by it. The supported protocols are Telnet, SNMP, ICMP, and OSPF. Depending on your configuration, the IP or DSCP precedence is displayed for a specified protocol.

Related commands: protocol-priority.

Examples

# Display the list of protocol priorities manually specified.

<Sysname> display protocol-priority

Protocol: ospf

  IP-Precedence: routine(0)

 

Protocol: telnet

  DSCP: be(0)

Table 1-1 Description on the fields of the display protocol-priority command

Field

Description

Protocol: ospf

Indicate that a priority has been set for OSPF packets with the protocol-priority command.

IP-Precedence: routine(0)

An IP precedence has been assigned to OSPF packets. The assigned IP precedence is 0, that is, routine in words.

For information about the IP precedence range, refer to Table 1-6.

Protocol: telnet

Indicate that a priority has been set for Telnet packets with the protocol-priority command.

DSCP: be(0)

A DSCP precedence has been assigned to Telnet packets. The assigned value is 0, that is, be in words.

For information about the DSCP precedence range, refer to Table 1-7.

 

display qos cos-local-precedence-map

Syntax

display qos cos-local-precedence-map

View

Any view

Parameters

None

Description

Use the display qos cos-local-precedence-map command to display the 802.1p priority-to-local precedence mapping, illustrated by an 802.1p priority-to-local precedence mapping table as shown in the following example.

After a packet enters a switch, the switch sets the 802.1p priority and local precedence for the packet according to its own capability and the corresponding rules. The local precedence is locally significant precedence that the switch assigns to the packet. It corresponds to an output queue. Packets with higher local precedence values take precedence over those with lower precedence values and will be processed preferentially.

Related commands: qos cos-local-precedence-map.

Examples

# Display the 802.1p priority-to-local precedence mapping.

<Sysname> display qos cos-local-precedence-map

cos-local-precedence-map:

              cos(802.1p) :    0    1    2     3     4     5     6     7

------------------------------------------------------------------------

 local precedence(queue) :     2    0    1     3     4     5     6     7

display qos-interface all

Syntax

display qos-interface { interface-type interface-number | unit-id } all

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port, for which QoS configuration information is to be displayed.

unit-id: Unit ID of the switch whose QoS-related configuration is to be displayed. Table 1-2 shows the value range for the unit-id argument.

Table 1-2 The value range for the unit-id argument

For a switch not in a fabric

For a switch in a fabric

Always 1

The unit ID ranges from 1 to 8, depending on the unit ID of the switch in the fabric. For example, if two switches form a fabric, with the unit IDs being 3 and 5 respectively, the unit IDs of the two switches can only be 3 and 5.

 

Description

Use the display qos-interface all command to display all the QoS-related configuration settings of a port or a unit.

Examples

# Display all the QoS-related configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet 1/0/1 all

 

Ethernet1/0/1: traffic-limit

 Inbound:

   Matches: Acl 2000 rule 0  running

     Effect mode: Union effect

     Egress port: Ethernet1/0/2

     Target rate: 64 Kbps

     Burst bucket size: 16 Kbyte

     Exceed action: remark-dscp cs7

Ethernet1/0/1: traffic-priority

 Inbound:

   Matches: Acl 2000 rule 0  running

     Priority action: dscp cs6

Ethernet1/0/1: traffic-redirect

 Inbound:

   Matches: Acl 2000 rule 0  running

     Redirected to: interface Ethernet1/0/2

Ethernet1/0/1: traffic-statistic

 Inbound:

   Matches: Acl 2000 rule 0  running

     6 packets inprofile

     0 packet outprofile

Ethernet1/0/1: mirrored-to

 Inbound:

   Matches: Acl 2000 rule 0  running

     Mirrored to: monitor interface

 

Ethernet1/0/1: line-rate

   Inbound: 64 Kbps

     Burst bucket size: 16 Kbyte

 

Ethernet1/0/1:

 

 Queue scheduling mode: weighted round robin

 weight of queue 0: 1

 weight of queue 1: 2

 weight of queue 2: 3

 weight of queue 3: 4

 weight of queue 4: 5

 weight of queue 5: 9

 weight of queue 6: 13

 weight of queue 7: 15

Ethernet1/0/1: traffic-remark-vlanid

 Inbound:

   Matches: Acl 2000 rule 0  running

     Remark vlan: 2

Table 1-3 Description on the fields of the display qos-interface all command

Field

Description

Ethernet1/0/1

QoS functions configured on a port, including

l      traffic-limit, traffic policing configuration

l      traffic-priority, priority marking configuration

l      traffic-redirect, traffic redirecting configuration

l      traffic-statistic, traffic accounting configuration

l      mirrored-to, traffic mirroring configuration

l      line-rate, port speed limit configuration

l      traffic-remark-vlanid, VLAN mapping configuration

Inbound

Packet direction

Matches

ACL rules for traffic classifying

Effect mode

Union effect, indicating that the ACL referenced in the traffic-limit command takes effect together with the other ACLs applied to the port.

Egress port

The specified egress port

Target rate

Traffic policing target rate, in kbps

Bucket burst size

Maximum burst traffic size allowed, in KB

Exceed action

Action to take for exceeding packets:

l      drop: Drops the packets.

l      remark-dscp: Re-marks the DSCP precedence of the packets and forwards the packets.

Priority action

Priority marking action, which can be:

l      cos: Sets 802.1p precedence for packets.

l      dscp: Sets DSCP precedence for packets.

l      ip-precedence: Sets IP precedence for packets.

l      local-precedence: Sets local precedence for packets.

Redirected to

l      “interface” indicates that the packets are redirected to the port.

l      “cpu” indicates that the packets are redirected to the CPU.

l      “link-aggregation-group” indicates that the packets are redirected to the aggregation group.

inprofile

Statistics about the packets within the traffic limit

outprofile

Statistics about the packets beyond the traffic limit

Mirrored to

l      “monitor interface” indicates that the packets are duplicated to a port.

l      “cpu” indicates that the packets are duplicated to the CPU.

Queue scheduling mode

Queue scheduling algorithm, which can be:

l      strict priority

l      weighted round robin (WRR)

l      weighted fair queuing (WFQ)

Remark vlan

Target VLAN ID used in VLAN mapping

 

display qos-interface line-rate

Syntax

display qos-interface { interface-type interface-number | unit-id } line-rate

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of the port, of which the line rate configuration is to be displayed.

unit-id: Unit ID of the switch for which line rate configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface line-rate command to display the line rate configuration of a port or the ports on a unit.

Related commands: line-rate.

Examples

# Display the line rate configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet 1/0/1 line-rate

 

Ethernet1/0/1: line-rate

   Inbound: 128 Kbps

     Burst bucket size: 16 Kbyte

Refer to Table 1-3 for the description on the output fields.

display qos-interface mirrored-to

Syntax

display qos-interface { interface-type interface-number | unit-id } mirrored-to

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which traffic mirroring configuration is to be displayed.

unit-id: Unit ID of the switch for which traffic mirroring configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface mirrored-to command to display the traffic mirroring configuration of a port or a unit.

Related commands: mirrored-to.

Examples

# Display the traffic mirroring configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 mirrored-to

Ethernet1/0/1: mirrored-to

 Inbound:

   Matches: Acl 2000 rule 0  running

     Mirrored to: monitor interface

Refer to Table 1-3 for the description on the output fields.

display qos-interface traffic-limit

Syntax

display qos-interface { interface-type interface-number | unit-id } traffic-limit

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which traffic policing configuration is to be displayed.

unit-id: Unit ID of the switch whose traffic policing configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface traffic-limit command to display the traffic policing configuration of a port or a unit.

Related commands: traffic-limit.

Examples

# Display the traffic policing configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 traffic-limit

 

Ethernet1/0/1: traffic-limit

 Inbound:

   Matches: Acl 3000 rule 1  running

     Effect mode: Union effect

     Egress port: Ethernet1/0/2

     Target rate: 640 Kbps

     Burst bucket size: 16 Kbyte

     Exceed action: remark-dscp cs7 

Refer to Table 1-3 for the description on the output fields.

display qos-interface traffic-priority

Syntax

display qos-interface { interface-type interface-number | unit-idtraffic-priority

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which priority marking configuration is to be displayed.

unit-id: Unit ID of the switch whose priority marking configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface traffic-priority command to display the priority marking configuration of a port or a unit.

Related commands: traffic-priority.

Examples

# Display the priority marking configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 traffic-priority

Ethernet1/0/1: traffic-priority

 Inbound:

   Matches: Acl 2000 rule 0  running

     Priority action: dscp ef  

Refer to Table 1-3 for the description on the output fields.

display qos-interface traffic-redirect

Syntax

display qos-interface { interface-type interface-number | unit-idtraffic-redirect

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which traffic redirecting configuration is to be displayed.

unit-id: Unit ID of the switch whose traffic redirecting configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface traffic-redirect command to display the traffic redirecting configuration of a port or a unit.

Related commands: traffic-redirect.

Examples

# Display the traffic redirecting configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 traffic-redirect

Ethernet1/0/1: traffic-redirect

 Inbound:

   Matches: Acl 3000 rule 0  running

     Redirected to: interface Ethernet1/0/2

Refer to Table 1-3 for the description on the output fields.

display qos-interface traffic-remark-vlanid

Syntax

display qos-interface { interface-type interface-number | unit-id } traffic-remark-vlanid

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which VLAN mapping configuration is to be displayed.

unit-id: Unit ID of the switch whose VLAN mapping configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface traffic-remark-vlanid command to display the VLAN mapping configuration of a port or a unit.

Related commands: traffic-remark-vlanid.

Examples

# Display the VLAN mapping configuration of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 traffic-remark-vlanid

Ethernet1/0/1: traffic-remark-vlanid

 Inbound:

   Matches: Acl 4000 rule 0  running

     Remark vlan: 101

Refer to Table 1-3 for the description on the output fields.

display qos-interface traffic-statistic

Syntax

display qos-interface { interface-type interface-number | unit-id } traffic-statistic

View

Any view

Parameters

interface-type interface-number: Specifies the type and number of a port for which traffic accounting configuration is to be displayed.

unit-id: Unit ID of the switch for which traffic accounting configuration and traffic statistics are to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

Description

Use the display qos-interface traffic-statistic command to display the traffic accounting configuration and traffic statistics of a port or a unit.

Related commands: traffic-statistic.

Examples

# Display the traffic accounting configuration and traffic statistics of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet1/0/1 traffic-statistic

Ethernet1/0/1: traffic-statistic

 Inbound:

   Matches: Acl 2000 rule 2  running

     6 packets inprofile

     0 packet outprofile

Refer to Table 1-3 for the description on the output fields.

display queue-scheduler

Syntax

display queue-scheduler

View

Any view

Parameters

None

Description

Use the display queue-scheduler command to display the global queue scheduling configuration.

This command does not display the weight or bandwidth set for a queue in port view. To display the setting, you can perform the display this command in port view.

Related commands: queue-scheduler.

Examples

# Display the global queue scheduling configuration.

<Sysname> display queue-scheduler

 Queue scheduling mode: weighted round robin

 weight of queue 0: 1

 weight of queue 1: 2

 weight of queue 2: 3

 weight of queue 3: 4

 weight of queue 4: 5

 weight of queue 5: 9

 weight of queue 6: 13

 weight of queue 7: 15

Refer to Table 1-3 for the description of the output fields.

line-rate

Syntax

line-rate { inbound | outbound } target-rate [ burst-bucket burst-bucket-size ]

undo line-rate{ inbound | outbound }

View

Ethernet port view

Parameters

inbound: Limits the inbound packet rate.

outbound: Limits the outbound packet rate.

target-rate: Total target rate (in kbps). The range of this argument varies with port type as follows:

l          Fast Ethernet port: 64 to 99,968;

l          GigabitEthernet port: 64 to 1,000,000.

The granularity of port rate limit is 64 kbps. Assume that the value you provide for the target-rate argument is in the range N*64 to (N+1)*64 (N is a natural number), it will be rounded off to (N+1)*64.

burst-bucket burst-bucket-size: Specifies the maximum burst traffic size (in KB). This is the buffer size provided for burst traffic while traffic is being forwarding or received at the rate of target-rate. The burst-bucket-size argument must be an integer power of 2, in the range of 4 to 512. If it is not specified, 512 KB applies by default.

Description

Use the line-rate command to limit the rate of the inbound or outbound packets on a port.

Use the undo line-rate command to cancel the line rate configuration.

Compared to traffic policing, line rate applies to all the inbound or outbound packets passing through a port and thus a simpler solution when you only want to limit the rate of all the inbound or outbound packets passing through a port as a whole.

Related commands: display qos-interface line-rate.

Examples

# Limit the inbound packet rate to 128 kbps on Ethernet 1/0/1 and provide 32 KB of buffer for burst traffic.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] line-rate inbound 128 burst-bucket 32

# Display the line rate configuration of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] display qos-interface Ethernet 1/0/1 line-rate

Ethernet1/0/1: line-rate

   Inbound: 128 Kbps

     Burst bucket size: 32 Kbyte

mirrored-to

Syntax

mirrored-to { inbound | outbound } acl-rule { monitor-interface | cpu }

undo mirrored-to { inbound | outbound } acl-rule

View

Ethernet port view

Parameters

inbound: Duplicates inbound packets.

outbound: Duplicates outbound packets.

acl-rule: ACL rules to be used for traffic classification. This argument can be a combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

Table 1-4 Ways of applying combined ACL rules

ACL combination

Form of the acl-rule argument

Apply a basic or advanced Layer 3 ACL

ip-group  acl-number

Apply a rule in an Layer 3 ACL

ip-group acl-number rule rule-id

Apply all the rules in a Layer 2 ACL

link-group acl-number

Apply a rule in a Layer 2 ACL

link-group acl-number rule rule-id

Apply all the rules in a user-defined ACL

user-group acl-number

Apply a rule in a user-defined ACL

user-group acl-number rule rule-id

Apply a rule in an Layer 3 ACL and a rule in a Layer 2 ACL

ip-group acl-number rule rule-id link-group acl-number rule rule-id

 

Table 1-5 Description on the parameters used in Table 1-4

Parameter

Description

ip-group acl-number

Specifies the number of a basic or advanced ACL, in the range 2000 to 3999.

link-group acl-number

Specifies the number of a Layer 2 ACL, in the range 4000 to 4999.

User-group acl-number

Specifies the number of a user-defined ACL, in the range 5000 to 5999.

Rule-id

ACL rule number, in the range 0 to 65534. If this argument is not provided, all the rules in the ACL are specified.

 

monitor-interface: Duplicates packets to the specified destination port (the monitor port).

cpu: Duplicates packets to the CPU.

Description

Use the mirrored-to command to configure traffic mirroring.

Use the undo mirrored-to command to cancel the configuration.

Traffic monitoring provides a finer mirroring granularity than port mirroring, which mirrors all traffic passing through a port. For detailed information about port mirroring, refer to the part talking about mirroring.

Note that:

l          If you mirror traffic to the CPU, you do not need to configure a monitor port.

l          If you mirror traffic to a port, you must configure a monitor port with the mirroring-group monitor-port command or the monitor-port command. For information about the two commands, refer to the part talking about mirroring.

l          Traffic mirroring and local port mirroring share the same monitor port.

Related commands: display qos-interface mirrored-to.

Examples

# Configure traffic mirroring on Ethernet 1/0/1, duplicating the inbound packets sourced from IP address 1.1.1.1 to Ethernet 1/0/4.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] interface Ethernet 1/0/4

[Sysname-Ethernet1/0/4] monitor-port

[Sysname-Ethernet1/0/4] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] mirrored-to inbound ip-group 2000 monitor-interface

[Sysname-Ethernet1/0/1] quit

# Configure traffic mirroring on Ethernet 1/0/2, duplicating the inbound packets matching ACL 2000 to the CPU.

[Sysname] interface Ethernet 1/0/2

[Sysname-Ethernet1/0/2] mirrored-to inbound ip-group 2000 cpu

[Sysname-Ethernet1/0/2] return

# Display the traffic mirroring configuration of Ethernet 1/0/1 and Ethernet 1/0/2.

<Sysname> display qos-interface Ethernet 1/0/1 mirrored-to

Ethernet1/0/1: mirrored-to

 Inbound:

   Matches: Acl 2000 rule 0  running

     Mirrored to: monitor interface

<Sysname> display qos-interface Ethernet 1/0/2 mirrored-to

Ethernet1/0/2: mirrored-to

 Inbound:

   Matches: Acl 2000 rule 0  running

     Mirrored to: cpu

priority

Syntax

priority priority-level

undo priority

View

Ethernet port view

Parameters

priority-level: Port priority, ranging from 0 to 7.

Description

Use the priority command to configure trusting port priority and set the priority of the port.

Use the undo priority command to restore the default.

By default, port priority is trusted and the priority of an Ethernet port is 0.

After you execute the priority command on a port, the port priority rather than the 802.1p priority of each inbound 802.1q-tagged packet is used to identify the matching local precedence for the packet (in the 802.1p-precedence-to-local precedence mapping table). Then, the packet is assigned to the output queue corresponding to the local precedence.

If the priority command, the priority trust command, and the undo priority command are configured on the same port, the command configured the last applies.

Related commands: priority trust.

Examples

# Configure Ethernet 1/0/1 to trust its port priority and set the priority of Ethernet 1/0/1 to 6.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] priority 6

priority trust

Syntax

priority trust

undo priority

View

Ethernet port view

Parameters

None

Description

Use the priority trust command to configure the switch to trust the 802.1p priority of an inbound packet.

Use the undo priority command to restore the default settings.

By default, port priority is trusted and the priority of a port is 0.

After you execute the priority trust command on a port, the 802.1p priority of each inbound 802.1q-tagged packet is used to identify the matching local precedence for the packet (in the 802.1p-precedence-to-local precedence mapping table). Then, the packet is assigned to the output queue corresponding to the local precedence.

If the priority command, the priority trust command, and the undo priority command are configured on the same port, the command configured the last applies.

Related commands: priority.

Examples

# Configure the switch to trust the 802.1p priority of 802.1q-tagged packets on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] priority trust

protocol-priority protocol-type

Syntax

protocol-priority protocol-type protocol-type { ip-precedence ip-precedence | dscp dscp-value }

undo protocol-priority protocol-type protocol-type

View

System view

Parameters

protocol-type protocol-type: Specifies the protocol type, which could be Telnet, SNMP, ICMP, or OSPF.

ip-precedence ip-precedence: Specifies an IP precedence in digits for the specified protocol, in the range 0 to 7. Alternatively, you can specify the IP precedence in words; available keywords are listed in Table 1-6.

Table 1-6 IP precedence values in words and in digits

IP precedence (in words)

IP precedence (in digits)

routine

0

priority

1

immediate

2

flash

3

flash-override

4

critical

5

internet

6

network

7

 

dscp dscp-value: Specifies an DSCP precedence in digits for the specified protocol, in the range of 0 to 63. Alternatively, you can specify the DSCP precedence in words; available keywords are listed in Table 1-7.

Table 1-7 DSCP precedence values in words and in digits

DSCP precedence (in words)

DSCP precedence (in digits)

af11

10

af12

12

af13

14

af21

18

af22

20

af23

22

af31

26

af32

28

af33

30

af41

34

af42

36

af43

38

be (the default)

0

cs1

8

cs2

16

cs3

24

cs4

32

cs5

40

cs6

48

cs7

56

ef

46

 

Description

Use the protocol-priority command to set the global IP precedence or DSCP precedence for the specified type of protocol packets generated by the current switch.

Use the undo protocol-priority command to cancel the configuration.

By default, the IP precedence and the DSCP precedence are 0 for all protocol packets generated by the current switch.

Related commands: display protocol-priority.

 

l          On an S3600-EI switch, you can set priority for protocol packets of Telnet, OSPF, SNMP, and ICMP.

l           On an S3600-SI switch, you can set priority for protocol packets of Telnet, SNMP, and ICMP.

 

Examples

# Set the IP precedence to 3 for SNMP protocol packets.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] protocol-priority protocol-type snmp ip-precedence 3

# Set the DSCP precedence of Telnet packets to 30, corresponding to the keyword af33.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] protocol-priority protocol-type telnet dscp af33

qos cos-local-precedence-map

Syntax

qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec

undo qos cos-local-precedence-map

View

System view

Parameters

cos0-map-local-prec: Local precedence to which 802.1p 0 is to be mapped, in the range 0 to 7.

cos1-map-local-prec: Local precedence to which 802.1p 1 is to be mapped, in the range 0 to 7.

cos2-map-local-prec: Local precedence to which 802.1p 2 is to be mapped, in the range 0 to 7.

cos3-map-local-prec: Local precedence to which 802.1p 3 is to be mapped, in the range 0 to 7.

cos4-map-local-prec: Local precedence to which 802.1p 4 is to be mapped, in the range 0 to 7.

cos5-map-local-prec: Local precedence to which 802.1p 5 is to be mapped, in the range 0 to 7.

cos6-map-local-prec: Local precedence to which 802.1p 6 is to be mapped, in the range 0 to 7.

cos7-map-local-prec: Local precedence to which 802.1p 7 is to be mapped, in the range 0 to 7.

Description

Use the qos cos-local-precedence-map command to configure the 802.1p priority-to-local precedence mapping.

Use the undo qos cos-local-precedence-map command to restore the default settings.

Table 1-8 lists the default 802.1p priority-to-local precedence mapping.

Table 1-8 The default 802.1p priority-to-local precedence mapping

802.1p priority

Local precedence

0

2

1

0

2

1

3

3

4

4

5

5

6

6

7

7

 

Related commands: display qos cos-local-precedence-map.

Examples

# Configure the 802.1p priority-to-local precedence mapping table as follows: 0 to 0, 1 to 1, 2 to 2, 3 to 3, 4 to 4, 5 to 5, 6 to 6, and 7 to 7.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] qos cos-local-precedence-map 0 1 2 3 4 5 6 7

# Display the current 802.1p priority-to-local precedence mapping table.

[Sysname] display qos cos-local-precedence-map

cos-local-precedence-map:

               cos(802.1p) :      0     1     2     3     4     5     6     7 --------------------------------------------------------------------------

   local precedence(queue) :      0     1     2     3     4     5     6     7

queue-scheduler

Syntax

In system view

queue-scheduler { strict-priority | wfq queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width | wrr queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight }

undo queue-scheduler

In Ethernet port view

queue-scheduler { wfq queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width | wrr queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight }

undo queue-scheduler

View

System view, Ethernet port view

Parameters

strict-priority: Uses the Strict Priority (SP) algorithm for queue scheduling.

wfq: Uses the Weighted Fair Queuing (WFQ) algorithm for queue scheduling.

queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width: Customizes the bandwidth values to be allocated for queues 0 through 7, in kbps. In system view, the bandwidth ranges from 0 to 99968. The bandwidth varies with the port type as follows.

l          Fast Ethernet port: 0 to 99968;

l          Gigabit Ethernet port: 0 to 1000000.

Bandwidth granularity is 64 kbps. Assume that the value provided is in the range N*64 to (N+1)*64 (N is a natural number), it will be round off to (N+1)*64 automatically. A value of 0 means the corresponding queue adopts the SP algorithm for queue scheduling.

wrr: Uses the Weighted Round Robin (WRR) algorithm for queue scheduling.

queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight: Customizes the weights to be assigned to queues 0 through 7. The value ranges from 0 to 15 in both system view and Ethernet port view. A value of 0 means the corresponding queue adopts the SP algorithm for queue scheduling.

Description

Use the queue-scheduler command to configure the queue scheduling algorithm and the related parameters.

Use the undo queue-scheduler command to restore the default.

By default, the WRR algorithm is used for all the output queues of a port. The default weights of queues 0 through 7 are 1, 2, 3, 4, 5, 9, 13, and 15, as shown in Table 1-9.

Table 1-9 The default weights for queues

Queue ID

Weight

0

1

1

2

2

3

3

4

4

5

5

9

6

13

7

15

 

A port of an S3600 Ethernet switch supports eight output queues, to which these queue scheduling algorithms are applicable: SP, WRR, and WFQ. With WRR (or WFQ) adopted, if you set the weight or the bandwidth of one or multiple queues to 0, the device will add the queue or these queues to the SP group, where SP is adopted. For other queues, WRR (or WFQ) still applies. In this case, both SP and WRR (or WFQ) are adopted.

Note that:

l          The queue scheduling algorithm specified by executing the queue-scheduler command in system view takes effect on all the ports. The queue scheduling algorithm configured in port view must be the same as that configured in system view. Otherwise, the system will prompt configuration errors. For example, if you configure queues 0 and 2 to adopt SP and queues 3 through 7 to adopt WRR in system view, you can modify the weights of queues 3 through 7 in port view but cannot modify the queue scheduling algorithm of any queue in port view.

l          If the weight (or bandwidth value) specified in system view for a queue of WRR queuing or WFQ queuing cannot meet the requirement of a port, you can modify the weight (or bandwidth value) for this port in the corresponding Ethernet port view. The new weight (or bandwidth value) takes effect only on the port while the weights on the other ports remain as set in system view.

l          If the weight (or bandwidth value) specified in system view for a queue of SP-WRR queuing or SP-WFQ queuing in the command cannot meet the requirement of a port, you can modify the weight (or bandwidth value) for this port in the corresponding Ethernet port view. The new weight (or bandwidth value) takes effect only on the port.

l          The display queue-scheduler command cannot display the queue weights (or bandwidth values) specified in Ethernet port view. To do that, use the display this command in the corresponding port view or the display current-configuration interface command in any view. Note that the two commands display the queue scheduling configuration only when the configuration of a port is different from the global configuration.

Related commands: display queue-scheduler.

Examples

# Configure WRR as the queuing algorithm and set the weights of queues 0 through 7 to 2, 2, 4, 4, 6, 6, 8, and 8 globally in system view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] queue-scheduler wrr 2 2 4 4 6 6 8 8

# Configure Ethernet 1/0/1 to adopt the WRR queue scheduling algorithm, setting the weights of queue 0 through queue 7 to 1, 2, 3, 4, 5, 6, 7, and 8.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] queue-scheduler wrr 1 2 3 4 5 6 7 8

# Display the global queue scheduling configuration.

[Sysname-Ethernet1/0/1] display queue-scheduler

 Queue scheduling mode: weighted round robin

 weight of queue 0: 2

 weight of queue 1: 2

 weight of queue 2: 4

 weight of queue 3: 4

 weight of queue 4: 6

 weight of queue 5: 6

 weight of queue 6: 8

 weight of queue 7: 8

# Display the queue scheduling configuration on Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] display this

#

interface Ethernet1/0/1

 queue-scheduler wrr 1 2 3 4 5 6 7 8

#

return

reset traffic-statistic

Syntax

reset traffic-statistic inbound acl-rule

View

Ethernet port view

Parameters

inbound: Specifies to clear the statistics of the inbound packets on the port.

acl-rule: ACL rules to be applied. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5.

Description

Use the reset traffic-statistic command to clear the statistics on packets matching specific ACL rules.

Related commands: traffic-statistic, display qos-interface traffic-statistic.

Examples

# Display the current traffic statistics of Ethernet 1/0/1.

<Sysname> display qos-interface Ethernet 1/0/1 traffic-statistic

Ethernet1/0/1: traffic-statistic

 Inbound:

   Matches: Acl 2008 rule 0  running

     13775 packets inprofile

     2061 packets outprofile

   Matches: Acl 4008 rule 0  running

     2606 packets inprofile

     0 packet outprofile

# Clear the statistics about inbound packets matching ACL 2008 on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] reset traffic-statistic inbound ip-group 2008

# Display the current traffic statistics of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] display qos-interface Ethernet 1/0/1 traffic-statistic

Ethernet1/0/1: traffic-statistic

 Inbound:

   Matches: Acl 2008 rule 0  running

     0 packets inprofile

     0 packet outprofile

   Matches: Acl 4008 rule 0  running

     2606 packets inprofile

     0 packet outprofile

The output fields above show that the statistics about packets matching ACL 2008 have been cleared.

traffic-limit

Syntax

traffic-limit inbound acl-rule [ union-effect ] [ egress-port interface-type interface-number ] target-rate [ burst-bucket burst-bucket-size ] [ exceed action ]

undo traffic-limit inbound acl-rule

View

Ethernet port view

Parameters

inbound: Imposes traffic limit on the packets received through the interface.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

union-effect: Specifies that all the ACL rules, including those identified by the acl-rule argument in this command and those applied previously, are valid. If this keyword is not specified, traffic policing issues both the rate limiting action and the permit action at the same time, that is, traffic policing permits the conforming traffic to pass through. If this keyword is specified, traffic policing issues only the rate limiting action but not the permit action. In this case, if a packet matches both an ACL rule specified in the traffic-limit command and another previously applied ACL rule with the deny keyword specified, the packet will be dropped.

 

On Ethernet 1/0/1, assume that the filter command is configured to filter packets destined to IP address 2.2.2.2 and the traffic-limit command is configured to limit the rate of packets sourced from IP address 1.1.1.1 within 128 kbps. Whether packets conforming to the rate limit of 128 kbps, sourced from IP address 1.1.1.1, and destined to IP address 2.2.2.2 (referred to as packets A later) will be dropped depends on the union-effect keyword of the traffic-limit command.

l          If the union-effect keyword is not specified, the traffic-limit command issues both the rate limiting action and the permit action. Whether packets A can pass through depends on the configuration order of the filter command and the traffic-limit command. If the traffic-limit command is configured after the filter command is configured, packets A can pass through; otherwise, packets A are dropped.

l          If the union-effect keyword is specified, the traffic-limit command issues only the rate limiting action. Whether packets A can pass through depends on the filter command. As for this example, packets A are dropped.

 

egress-port interface-type interface-number: Enables traffic policing for the outbound packets of the port identified by interface-type interface-number. The interface-type interface-number argument refers to the port type and port number. If you specify this keyword-argument combination, this command applies to the outbound unicast packets that pass the port and match the ACL rules.

 

 

l          When you configure the traffic policing on a port, an ACL rule can only be applied to one egress port. If you configure the same ACL rule for different egress ports, only the last configuration takes effect. To apply the same ACL rule to multiple egress ports, you need to specify different ACL numbers or rule numbers for the ACL rule.

l          If the IRF function is enabled, the egress port can only be a port of the local unit. For information about IRF, refer to IRF Fabric module of this manual.

l          Do not specify the egress-port keyword when configuring traffic policing on ports in an aggregation group spanning multiple units. Refer to Link Aggregation Operation for detailed information about link aggregation.

 

target-rate: Target packet rate (in kbps) to be set. The range of this argument varies with the port type as follows.

l          Fast Ethernet port: 64 to 99,968

l          Gigabit Ethernet port: 64 to 1,000,000

The granularity of rate limit is 64 kbps. If the number you input is in the range N*64 to (N+1)*64 (N is a natural number), it will be rounded off to (N+1)*64.

burst-bucket burst-bucket-size: Specifies the maximum burst traffic size (in KB) allowed. The burst-bucket-size argument ranges from 4 to 512 and defaults to 512. Note that it must be an integer power of 2.

exceed action: Specifies the action to be taken when the traffic rate exceeds the threshold. The action argument can be:

l          drop: Drops the packets.

l          remark-dscp value: Sets a new DSCP value for the packets and then forwards the packets.

Description

Use the traffic-limit command to enable traffic policing and set the related settings.

Use the undo traffic-limit command to disable traffic policing for packets matching specific ACL rules.

Related commands: display qos-interface traffic-limit.

Examples

# Configure traffic policing for inbound packets sourced from VLAN 200 on Ethernet 1/0/1, setting the target packet rate to 128 kbps, burst bucket size to 64 KB, and configuring to drop the packets exceeding the rate limit.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule permit source 200

[Sysname-acl-ethernetframe-4000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-limit inbound link-group 4000 128 burst-bucket 64 exceed drop

traffic-priority

Syntax

traffic-priority { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence { pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence pre-value }*

undo traffic-priority { inbound | outbound } acl-rule

View

Ethernet port view

Parameters

inbound: Performs priority marking on the inbound packets.

outbound: Performs priority marking on the outbound packets.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

dscp dscp-value: Sets the DSCP precedence, ranging from 0 to 63. You can also provide one of the keywords listed in Table 1-7 for the dscp-value argument.

ip-precedence { pre-value | from-cos }: Sets the IP precedence. You can assign a value in digits in the range of 0 to 7 for the pre-value argument or in words as shown in Table 1-6. Alternatively, you can specify the from-cos keyword for the switch to extract the 802.1p priority for the IP precedence.

cos { pre-value | from-ipprec }: Sets the 802.1p priority. You can assign a value in digits in the range of 0 to 7 for the pre-value argument or in words as shown in Table 1-10. Alternatively, you can specify the from-ipprec keyword for the switch to extract the IP precedence for the 802.1p priority.

Table 1-10 802.1p priority values in words and in digits

802.1p priority (in words)

802.1p priority (in digits)

best-effort

0

background

1

spare

2

excellent-effort

3

controlled-load

4

video

5

voice

6

network-management

7

 

local-precedence pre-value: Sets the local precedence. The pre-value argument ranges from 0 to 7.

Description

Use the traffic-priority command to configure priority marking on a port.

Use the undo traffic-priority command to remove the priority marking configuration.

This command is used to set precedence for traffic matching a specified ACL rule:

l          If 802.1p priority marking is configured, the traffic will be mapped to the local precedence corresponding to the re-marked 802.1p priority and assigned to the output queue corresponding to the local precedence.

l          If local precedence marking is configured, the traffic will be assigned to the output queue corresponding to the re-marked local precedence.

l          If IP precedence or DSCP marking is configured, the traffic will be marked with new IP precedence or DSCP precedence.

 

Do not configure 802.1p priority marking and local precedence marking for the same traffic. With 802.1p priority marking, the new 802.1p priority will be mapped to a local precedence automatically. If local precedence marking is also configured, there will be two local precedence values for the traffic, resulting in conflict. In this case, the device will display an error prompt.

 

Related commands: display qos-interface traffic-priority.

Examples

# Set the 802.1p priority of the inbound packets with 802.1p priority 5 to 1 on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule permit cos 5

[Sysname-acl-ethernetframe-4000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-priority inbound link-group 4000 cos 1

# Set the DSCP precedence of inbound DNS protocol packets to 16 (corresponding to the cs2 keyword) on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule permit udp source-port eq dns

[Sysname-acl-adv-3000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-priority inbound ip-group 3000 dscp cs2

# Set the 802.1p priority of inbound packets sourced from IP address 1.1.1.1 to the value of their IP precedence on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-priority outbound ip-group 2000 cos from-ipprec

traffic-priority vlan

Syntax

traffic-priority vlan vlan-id { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence { pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence pre-value }*

undo traffic-priority vlan vlan-id { inbound | outbound } acl-rule

View

System view

Parameters

vlan-id: VLAN ID, in the range of 1 to 4094.

inbound: Re-marks priority for the packets received on any ports in the specified VLAN.

outbound: Re-marks priority for the packets to be transmitted by any ports in the specified VLAN.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

dscp dscp-value: Sets the DSCP precedence, which is in the range 0 to 63. You can also provide one of the keywords listed in Table 1-7 for the dscp-value argument.

ip-precedence { pre-value | from-cos }: Sets the IP precedence. You can assign a value in digits in the range of 0 to 7 for the pre-value argument or in words as shown in Table 1-6. Alternatively, you can specify the from-cos keyword for the switch to extract the 802.1p priority for the IP precedence.

cos { pre-value | from-ipprec }: Sets the 802.1p priority. You can assign a value in digits in the range of 0 to 7 for the pre-value argument or in words as shown in Table 1-10. Alternatively, you can specify the from-ipprec keyword for the switch to extract the IP precedence for the 802.1p priority.

local-precedence pre-value: Sets the local precedence, which is in the range 0 to 7.

Description

Use the traffic-priority vlan command to configure priority marking for the packets received or transmitted by any ports in the specified VLAN.

Use the undo traffic-priority vlan command to cancel the configuration.

Related commands: traffic-priority, display qos-interface traffic-priority.

 

Do not configure 802.1p priority marking and local precedence marking for the same traffic. With 802.1p priority marking, the new 802.1p priority will be mapped to a local precedence automatically. If local precedence marking is also configured, there will be two local precedence values for the traffic, resulting in conflict. In this case, the device will display an error prompt.

 

Examples

# Set the 802.1p priority to 1 for the packets received on any ports in VLAN 2 and destined to MAC address 000F-E200-1234.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule permit cos 3 dest 000f-e200-1234 ffff-ffff-ffff

[Sysname-acl-ethernetframe-4000] quit

[Sysname] traffic-priority vlan 2 inbound link-group 4000 cos 1

traffic-redirect

Syntax

traffic-redirect { inbound | outbound } acl-rule { cpu | { interface interface-type interface-number | link-aggregation-group agg-id } [ untagged ] }

undo traffic-redirect { inbound | outbound } acl-rule

View

Ethernet port view

Parameters

inbound: Redirects inbound packets.

outbound: Redirects outbound packets.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

cpu: Redirects the packets to the CPU.

interface interface-type interface-number: Specifies the target port, to which the packets are to be redirected. The interface-type interface-number argument refers to the port type and port number.

link-aggregation-group agg-id: Specifies the aggregation group the traffic is to be redirected to. The agg-id argument is the ID of an aggregation group, in the range 1 to 416.

untagged: Specifies to remove the outer VLAN tag of a packet after the packet is redirected to a port or an aggregation group.

Description

Use the traffic-redirect command to configure traffic redirecting on a port.

Use the undo traffic-redirect command to remove the configuration from the port.

You can configure to redirect inbound or outbound packets matching a specified ACL rule on a port to the CPU, the specified port, or the specified aggregation group.

Related commands: display qos-interface traffic-redirect.

 

l          Packets redirected to the CPU are not forwarded.

l          If the traffic is redirected to a Combo port in down state, the system automatically redirects the traffic to the port corresponding to the Combo port in up state. Refer to Port Basic Configuration module of this manual for information about Combo ports.

l          If the traffic is configured to be redirected to an aggregation group, the traffic is redirected to the master port of the aggregation group. Refer to Link Aggregation module of this manual for information about aggregation group.

l          When the traffic redirecting function is used in conjunction with the selective QinQ function, you can specify the untagged keyword as required (that is, remove the outer VLAN tag of a packet after the packet is redirected to the uplink port) in a tree network with a single uplink port (or an aggregation group). Do not specify the untagged keyword in a ring network or a network with multiple uplink ports. Refer to VLAN-VPN module of this manual for information about selective QinQ.

 

Examples

# Redirect the inbound packets sourced from the IP network segment 1.1.1.0/24 to Ethernet 1/0/7 on Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.0 0.0.0.255

[Sysname-acl-basic-2000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-redirect inbound ip-group 2000 interface Ethernet 1/0/7

traffic-remark-vlanid

Syntax

traffic-remark-vlanid inbound acl-rule remark-vlan remark-vlanid

undo traffic-remark-vlanid inbound acl-rule

View

Ethernet port view

Parameters

inbound: Maps the VLAN IDs carried in the inbound packets to a specified VLAN ID.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

remark-vlan remark-vlanid: Specified the target VLAN ID, to which the VLAN IDs of the packets matching specific ACL rules are to be mapped.

Description

Use the traffic-remark-vlanid command to enable VLAN mapping and set the target VLAN ID for packets matching specific ACL rules.

Use the undo traffic-remark-vlanid command to disable VLAN mapping for packets matching specific ACL rules.

Related commands: display qos-interface traffic-remark-vlanid.

Examples

# Enable VLAN mapping on Ethernet 1/0/1 to map the VLAN IDs of the inbound packets sourced from VLAN 5 to VLAN ID 1001.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule permit source 5

[Sysname-acl-ethernetframe-4000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-remark-vlanid inbound link-group 4000 remark-vlan 1001

traffic-statistic

Syntax

traffic-statistic inbound acl-rule

undo traffic-statistic inbound acl-rule

View

Ethernet port view

Parameters

inbound: Enables traffic accounting for the inbound packets.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

Description

Use the traffic-statistic command to enable traffic accounting for packets matching specific ACL rules.

Use the undo traffic-statistic command to disable traffic accounting.

Related commands: display qos-interface traffic-statistic, reset traffic-statistic.

Examples

# Enable traffic accounting on Ethernet 1/0/1 for the inbound packets sourced from the IP network segment 1.1.1.0/24.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.0 0.0.0.255

[Sysname-acl-basic-2000] quit

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] traffic-statistic inbound ip-group 2000

# Display traffic statistics of Ethernet 1/0/1.

[Sysname-Ethernet1/0/1] display qos-interface Ethernet 1/0/1 traffic-statistic

Ethernet1/0/1: traffic-statistic

 Inbound:

   Matches: Acl 2000 rule 0  running

     20787 packets inprofile

     11464 packets outprofile

wred

Syntax

wred queue-index qstart probability

undo wred queue-index

View

Ethernet port view

Parameters

queue-index: Queue number in the range of 0 to 7.

qstart: Number of the packets contained in the queue, in the range 1 to 128.

probability: Dropping probability in the range of 0 to 92 (in percentage).

Description

Use the wred command to enable the WRED function.

Use the undo wred command to restore the default.

By default, the WRED function is disabled.

Examples

# Enable the WRED function for queue 2 on Ethernet 1/0/1, specifying to drop packets at random when the number of packets in queue 2 exceeds 64 and setting the dropping probability to 20%.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] wred 2 64 20

 


QoS Profile Configuration Commands

apply qos-profile

Syntax

In system view

apply qos-profile profile-name interface interface-list

undo apply qos-profile profile-name interface interface-list

In Ethernet port view

apply qos-profile profile-name

undo apply qos-profile profile-name

View

System view, Ethernet port view

Parameters

profile-name: QoS profile name, a case-insensitive string of 1 to 32 characters and starting with English letters [a-z, A-Z].

interface-list: List of Ethernet ports. You can specify multiple Ethernet ports by providing this argument in the form of interface-type interface-number [ to interface-type interface-number ].

Description

Use the apply qos-profile command to apply a QoS profile to a port in Ethernet port view or multiple ports in system view.

Use the undo apply qos-profile command to remove a QoS profile from a port in Ethernet port view or multiple ports in system view.

Examples

# Apply the QoS profile named a123 to Ethernet 1/0/1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] apply qos-profile a123

# Apply the QoS profile named a123 to Ethernet 1/0/1 through Ethernet 1/0/4.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] apply qos-profile a123 interface Ethernet1/0/1 to Ethernet1/0/4

display qos-profile

Syntax

display qos-profile { all | name profile-name | interface interface-type interface-number | user user-name }

View

Any view

Parameters

all: Specifies all the QoS profiles.

name profile-name: Specifies a QoS profile by its name, for which information is to be displayed. The profile-name argument is a case-insensitive string of 1 to 32 characters and must begin with an English letter (a to z, and A to Z).

interface interface-type interface-number: Specifies the type and number of a port to display the QoS profile applied on the port.

user user-name: Specifies the name of an 802.1x authentication user. The user-name argument is a string of 1 to 184 characters and in the form of aa@cc, with aa for user name and cc for domain name.

Description

Use the display qos-profile command to display the configuration of a QoS profile or all the QoS profiles.

Examples

# Display the configuration of the QoS profile named test.

<Sysname> display qos-profile name test

qos-profile: test, 3 actions

 packet-filter inbound ip-group 2000 rule 0

 traffic-limit inbound ip-group 3000 rule 0 64

 traffic-priority inbound ip-group 4000 rule 0 cos controlled-load

# Display the configuration of the QoS profile applied to the 802.1x user abc@net.

<Sysname> display qos-profile user abc@net

User abc@net applied qos-profile: test, 3 actions

 packet-filter inbound ip-group 2000 rule 0

 traffic-limit inbound ip-group 3000 rule 0 64

 traffic-priority inbound ip-group 4000 rule 0 cos controlled-load

# Display the configuration of the QoS profile applied to Ethernet 1/0/1, assuming that the QoS profile has been applied to Ethernet 1/0/1 manually.

<Sysname> display qos-profile interface Ethernet 1/0/1

User's qos-profile applied mode: user-based

 

Default applied qos-profile: test, 3 actions

 packet-filter inbound ip-group 2000 rule 0

 traffic-limit inbound ip-group 3000 rule 0 64

 traffic-priority inbound ip-group 4000 rule 0 cos controlled-load

# Display the configuration of the QoS profile applied to Ethernet 1/0/2, assuming that the QoS profile has been applied to Ethernet 1/0/2 dynamically.

<H3C> display qos-profile interface Ethernet 1/0/2

User's qos-profile applied mode: port-based

 

User abc@net applied qos-profile: test, 3 actions

 packet-filter inbound ip-group 2000 rule 0

 traffic-limit inbound ip-group 3000 rule 0 64

 traffic-priority inbound ip-group 4000 rule 0 cos controlled-load

Table 2-1 Description on the fields of the display qos-profile command

Field

Description

qos-profile: test, 3 actions

Name of the QoS profile and the number of actions configured in the QoS profile.

packet-filter inbound ip-group 2000 rule 0

Filter the inbound packets matching rule 0 of ACL 2000.

traffic-limit inbound ip-group 3000 rule 0 64

Limit the rate of the inbound packets matching rule 0 of ACL 3000 to 64 kbps.

traffic-priority inbound ip-group 4000 rule 0 cos controlled-load

Set the 802.1p precedence of the inbound packets matching rule 0 of ACL 4000 to controlled-load (that is, 802.1p precedence 0).

User abc@net applied qos-profile: test, 3 actions

The QoS profile applied to 802.1x user abc@net is named test and contains three actions.

User's qos-profile applied mode

The QoS profile is dynamically applied and the application mode could be:

l      User-based, or

l      Port-based

For detailed information about the two application modes, refer to the corresponding operation manual.

Default applied qos-profile: test, 3 actions

“Default” indicates that the QoS profile named test is applied to Ethernet 1/0/1 manually. The QoS profile contains three actions.

User abc@net applied qos-profile: test, 3 actions

The QoS profile test is applied to Ethernet 1/0/2, the access port for 802.1x user abc@net. The QoS profile contains three actions.

 

packet-filter

Syntax

packet-filter { inbound | outbound } acl-rule

undo packet-filter { inbound | outbound } acl-rule

View

QoS profile view

Parameters

inbound: Filters the inbound packets.

outbound: Filters the outbound packets.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5.

Description

Use the packet-filter command to add the packet filtering action to a QoS profile.

Use the undo packet-filter command to remove the packet filtering action from a QoS profile.

Examples

# Add the packet filtering action to the QoS profile named a123 to filter the inbound packets sourced from MAC address 000F-1FD7-9528.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 4000

[Sysname-acl-ethernetframe-4000] rule deny source 000f-1fd7-9528 ffff-ffff-ffff

[Sysname-acl-ethernetframe-4000] quit

[Sysname] qos-profile a123

[Sysname-qos-profile-a123] packet-filter inbound link-group 4000

qos-profile

Syntax

qos-profile profile-name

undo qos-profile profile-name

View

System view

Parameters

profile-name: QoS profile name, a case-insensitive string of 1 to 32 characters, starting with an English letter in the range a to z and A to Z. Note that a QoS profile name cannot be all, interface, user, undo, or name.

Description

Use the qos-profile command to create a QoS profile and enter QoS profile view. If the QoS profile already exists, this command leads you to the corresponding QoS profile view.

Use the undo qos-profile command to remove a QoS profile.

To remove or modify a QoS profile already applied to a port, you must remove the QoS profile from the port first.

l          If the QoS profile is applied to the port manually, use the undo apply qos-profile command to remove the QoS profile from the port.

l          If the QoS profile is applied to the port dynamically, log off the user connected to the port to remove the QoS profile from the port.

Examples

# Create a QoS profile named a123.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] qos-profile a123

[Sysname-qos-profile-a123]

qos-profile port-based

Syntax

qos-profile port-based

undo qos-profile port-based

View

Ethernet port view

Parameters

None

Description

Use the qos-profile port-based command to configure the QoS profile application mode on a port to be port-based.

Use the undo qos-profile port-based command to restore the default.

By default, the application mode of a QoS profile is user-based.

Note that:

l          If the 802.1x authentication is MAC-based, you need to configure the QoS profile application mode to be user-based.

l          If the 802.1x authentication is port-based, you need to configure the QoS profile application mode to be port-based.

Examples

# Configure the QoS profile application mode on Ethernet 1/0/1 to be port-based.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Ethernet1/0/1

[Sysname-Ethernet1/0/1] qos-profile port-based

traffic-limit

Syntax

traffic-limit inbound acl-rule [ union-effect ] [ egress-port interface-type interface-number ] target-rate [ burst-bucket burst-bucket-size ] [ exceed action ]

undo traffic-limit inbound acl-rule

View

QoS profile view

Parameters

inbound: Imposes traffic limit on the packets received through the interface.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

union-effect: Specifies that all the ACL rules, including those identified by the acl-rule argument in this command and those applied previously, are valid. If this keyword is not specified, traffic policing issues both the rate limiting action and the permit action at the same time, that is, traffic policing permits the conforming traffic to pass through. If this keyword is specified, traffic policing issues only the rate limiting action but not the permit action. In this case, if a packet matches both an ACL rule specified in the traffic-limit command and another previously applied ACL rule with the deny keyword, the packet will be dropped.

 

On Ethernet 1/0/1, assume that the filter command is configured to filter packets destined to IP address 2.2.2.2 and the traffic-limit command is configured to limit the rate of packets sourced from IP address 1.1.1.1 within 128 kbps. Whether packets conforming to the rate limit of 128 kbps, sourced from IP address 1.1.1.1, and destined to IP address 2.2.2.2 (referred to as packets A later)are dropped depends on the union-effect of the traffic-limit command.

l          If the union-effect keyword is not specified, the traffic-limit command issues both the rate limiting action and the permit action. Whether packets A can pass through depends on the configuration order of the filter command and the traffic-limit command, with the latest command applying. That is, if the traffic-limit command is configured after the filter command is configured, packets A can pass through; otherwise, packets A are dropped.

l          If the union-effect keyword is specified, the traffic-limit command issues only the rate limiting action. Whether packets A can pass through depends on the filter command. As for this example, packets A are dropped.

 

egress-port interface-type interface-number: Enables traffic policing for the outbound packets of the port identified by interface-type interface-number. If you specify this keyword, this command applies to the outbound unicast packets that pass the port and match the ACL rules.

 

 

l          When you configure the traffic policing over a port, an ACL rule can only be applied to one egress port. If you configure the same ACL rule for different egress ports, only the last configuration takes effect. To apply the same ACL rule to multiple egress ports, you need to specify different ACL numbers or rule numbers for the ACL rule.

l          If the IRF function is enabled, the egress port can only be a port of the local unit. For information about IRF, refer to IRF Fabric module of this manual.

l          Do not specify the egress-port keyword when configuring traffic policing on ports in an aggregation group spanning multiple units. Refer to Link Aggregation Operation for detailed information about link aggregation.

 

target-rate: Target packet rate (in kbps) to be set, in the range 64 to 1,000,000. The granularity of rate limit is 64 kbps. If the number you input is in the ranges N*64 to (N+1)*64 (N is a natural number), it will be rounded off to (N+1)*64.

burst-bucket-size: Maximum burst traffic size (in KB) allowed, in the range 4 to 512. This argument defaults to 512 and must be an integer power of 2.

exceed action: Specifies the action to be taken when the traffic rate exceeds the threshold. The action can be:

l          drop: Drops the packets.

l          remark-dscp value: Sets a new DSCP value for the packets and then forwards the packets.

Description

Use the traffic-limit command to add the traffic policing action to a QoS profile.

Use the undo traffic-limit command to remove the traffic policing action from a QoS profile.

Examples

# Add traffic policing action to the QoS profile named a123 to limit the rate of the inbound packets sourced from IP address 1.1.1.1 to 128 kbps and drop the packets exceeding 128 kbps.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] qos-profile a123

[Sysname-qos-profile-a123] traffic-limit inbound ip-group 2000 128 exceed drop

traffic-priority

Syntax

traffic-priority { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence { pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence pre-value }*

undo traffic-priority { inbound | outbound } acl-rule

View

QoS profile view

Parameters

inbound: Performs priority marking on the inbound packets.

outbound: Performs priority marking on the outbound packets.

acl-rule: ACL rules to be applied for traffic classification. This argument can be the combination of multiple ACLs. For more information about this argument, refer to Table 1-4 and Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword.

dscp dscp-value: Sets the DSCP precedence, in the range 0 to 63. You can also provide one of the keywords listed in Table 1-7 for the dscp-value argument.

ip-precedence { pre-value | from-cos }: Sets the IP precedence. The pre-value argument ranges from 0 to 7. You can also provide one of the keywords listed in Table 1-6 for the pre-value argument. The from-cos keyword specifies to use the 802.1p priority as the IP precedence.

cos { pre-value | from-ipprec }: Sets the 802.1p priority. The pre-value argument is in the range 0 to 7. You can also provide one of the keywords listed in Table 1-10 for the pre-value argument. The from-ipprec keyword specifies to use the IP precedence as the 802.1p priority.

local-precedence pre-value: Sets the local precedence value, in the range of 0 to 7.

Description

Use the traffic-priority command to add a priority marking action to a QoS profile.

Use the undo traffic-priority command to remove a priority marking action from a QoS profile.

 

Do not configure 802.1p priority marking and local precedence marking for the same traffic. With 802.1p priority marking, the new 802.1p priority will be mapped to a local precedence automatically. If local precedence marking is also configured, there will be two local precedence values for the traffic, resulting in conflict. In this case, the device will display an error prompt.

 

Examples

# Add the priority marking action to the QoS profile named a123 to set the local precedence of the inbound packets sourced from IP address 1.1.1.1 to 0.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] qos-profile a123

[Sysname-qos-profile-a123] traffic-priority inbound ip-group 2000 local-precedence 0

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网