Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-ITA commands | 61.97 KB |
ITA commands
ITA is supported only when the device operates in standard mode. For more information about setting the system operating mode to standard, see device management in Fundamentals Configuration Guide.
ITA is supported only on CSPEX (except CSPEX-1104-E) cards.
ITA services are supported only by portal, IPoE, and PPPoE users.
accounting-level
Use accounting-level to specify a traffic level for ITA accounting.
Use undo accounting-level to remove the ITA accounting configuration for a traffic level.
Syntax
accounting-level level { { ipv4 | ipv6 } | car { inbound cir committed-information-rate [ pir peak-information-rate ] | outbound cir committed-information-rate [ pir peak-information-rate ] } * } *
undo accounting-level [ level ]
Default
No traffic levels are specified for ITA accounting.
Views
ITA policy view
Predefined user roles
network-admin
Parameters
level: Specifies a traffic level in the range of 1 to 8.
ipv4: Counts the traffic as IPv4 traffic.
ipv6: Counts the traffic as IPv6 traffic.
car: Specifies a CAR action for the level of traffic. If you do not specify this keyword, no CAR action is applied to the level of traffic.
inbound: Specifies the incoming traffic.
outbound: Specifies the outgoing traffic.
cir committed-information-rate: Specifies the committed information rate in kbps. The value range for the committed-information-rate argument is 8 to 160000000.
pir peak-information-rate: Specifies the peak information rate in kbps. The value range for the peak-information-rate argument is 8 to 160000000. The peak information rate cannot be smaller than the committed information rate. If you do not specify this option, the CAR action does not restrict traffic by peak information rate.
Usage guidelines
By defining different traffic levels based on the destination addresses of users' traffic, you can use ITA to separate the traffic accounting statistics of different levels for each user.
Execute this command multiple times to specify multiple traffic levels for ITA accounting or specify CAR actions for each traffic level. If you specify only CAR actions for a traffic level without specifying the ipv4 or ipv6 keyword, the device does not perform ITA accounting on the traffic of that level.
If you do not specify a level for the undo accounting-level command, this command removes the ITA accounting configuration for all traffic levels in the ITA policy.
If the IP protocol type specified for a traffic level is not the actual IP protocol type, the device counts the traffic of this level as the traffic of the specified IP protocol.
If you do not specify the ipv4 or ipv6 keyword, the device does not perform accounting on ITA traffic.
Supported traffic levels for ITA accounting vary by access types of users, as shown in Table 1.
Table 1 ITA traffic accounting levels for different user types
|
User type |
Number of ITA traffic accounting levels |
|
|
CSPEX-1204 card |
CSPEX cards (except the CSPEX-1204 and CSPEX-1104-E cards) |
|
|
Portal users that access the network through VLAN interfaces |
7 (level-1 to level 8) |
7 (level-1 to level 8) |
|
Portal users that access the network through the following types of interfaces: · Layer 3 Ethernet interface. · Layer 3 Ethernet subinterface. · Layer 3 aggregate interface. · Layer 3 aggregate subinterface. |
1 (level-1) |
4 (level 1 to level 4) |
|
IPoE users |
1 (level-1) |
4 (level 1 to level 4) |
|
PPPoE users |
1 (level-1) |
4 (level 1 to level 4) |
Examples
# In ITA policy ita1, specify traffic levels 2 and 4, and count the level-2 traffic as IPv4 traffic and the level-4 traffic as IPv6 traffic.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] accounting-level 2 ipv4
[Sysname-ita-policy-ita1] accounting-level 4 ipv6
Related commands
display ita policy
accounting-merge enable
Use accounting-merge enable to enable the accounting merge feature.
Use undo accounting-merge enable to disable the accounting merge feature.
Syntax
accounting-merge enable
undo accounting-merge enable
Default
The accounting merge feature is disabled.
Views
ITA policy view
Predefined user roles
network-admin
Usage guidelines
When accounting merge is enabled, the device merges accounting statistics for the ITA traffic of all levels in the ITA policy. It reports the traffic as the lowest level of the policy to the accounting server.
Examples
# Enable the accounting merge feature for ITA policy ita1.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] accounting-merge enable
Related commands
display ita policy
accounting-method
Use accounting-method to configure the accounting method for an ITA policy.
Use undo accounting-method to restore the default.
Syntax
accounting-method { none | radius-scheme radius-scheme-name [ none ] }
undo accounting-method
Default
The default accounting method of an ITA policy is none.
Views
ITA policy view
Predefined user roles
network-admin
Parameters
none: Does not perform accounting.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
Use this command to configure accounting methods for an ITA policy. ITA accounting is separated from accounting of other services.
You can specify one primary accounting method and one backup accounting method for an ITA policy.
When the primary method is invalid, the device uses the backup method. For example, the accounting-method radius-scheme radius-scheme-name none command specifies RADIUS accounting as the primary method and no accounting as the backup method. The device performs RADIUS accounting by default and does not perform accounting when the RADIUS server is invalid.
Examples
# Specify RADIUS accounting scheme radius1 for ITA policy ita1.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] accounting-method radius-scheme radius1
Related commands
display ita policy
radius scheme
display ita policy
Use display ita policy to display ITA policy information.
Syntax
display ita policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
policy-name: Specifies an ITA policy by its name, a case-insensitive string of 1 to 31 characters. If you do not specify an ITA policy, this command displays information about all ITA policies.
Examples
# Display information about all ITA policies.
<Sysname> display ita policy
Total 2 ITA policies.
ITA policy: ita1
Accounting method : RADIUS=Rd1, None
Accounting merge : Enabled
Accounting levels :
Level 1 IPv4
Inbound CAR: CIR 100 kbps PIR 200 kbps
Outbound CAR: CIR 100 kbps PIR 200 kbps
Level 2 IPv6
Inbound CAR: CIR 300 kbps PIR 400 kbps
Level 3 IPv4
Level 8 IPv6
Traffic separation : Enabled
Separated levels: 1, 2, 3, 4
Traffic quota-out action: Online
Send accounting update: No
ITA policy: ita2
Accounting method : None
Accounting merge : Disabled
Accounting levels : None
Traffic separation : Disabled
Traffic quota-out action: Online
Send accounting update: Yes
User group NAT instance
g1 cp1
g2 cp2
g3 -
Table 2 Command output
|
Field |
Description |
|
ITA policy |
ITA policy name. |
|
Accounting merge |
Status of the accounting merge feature: · Enabled—The accounting merge feature is enabled. The device merges the ITA traffic of all accounting rates in the ITA policy, and applies the lowest rate to the merged traffic. · Disabled—The accounting merge feature is disabled. The device sends separate traffic statistics for each accounting rate to the server. |
|
Accounting levels |
ITA traffic accounting levels: · Level m IPv4—Applies accounting level m to IPv4 traffic. The value range for the m argument is 1 to 8. · Level n IPv6—Applies accounting level n to IPv6 traffic. The value range for the n argument is 1 to 8. · None—No ITA traffic accounting level is configured. |
|
Inbound CAR |
Inbound CAR: · CIR—Committed information rate in kbps. · PIR—Peak information rate in kbps. |
|
Outbound CAR |
Outbound CAR: · CIR—Committed information rate in kbps. · PIR—Peak information rate in kbps. |
|
Traffic separation |
Whether the amount of ITA traffic is excluded from the overall traffic statistics sent to the accounting server: · Enabled—The amount of specific-level ITA traffic is excluded from the overall traffic statistics. · Disabled—ITA traffic is included in the overall traffic statistics. |
|
Separated levels |
Levels of ITA traffic of which statistics are excluded from the overall traffic statistics sent to the accounting server. |
|
Traffic quota-out action |
Access control for users that have used up their ITA data quotas: · Online—Users can access the authorized IP subnets after their ITA data quotas are used up. · Offline—Users cannot access the authorized IP subnets after their ITA data quotas are used up. |
|
Send accounting update |
Whether to send accounting-update packets to refresh users' data quotas: · Yes. · No. |
|
User group |
User group name. |
|
NAT instance |
NAT instance bound to the user group. If no NAT instance has been bound to the user group, this field displays a hyphen (-). |
ita policy
Use ita policy to create an ITA policy and enter its view, or enter the view of an existing ITA policy.
Use undo ita policy to delete an ITA policy.
Syntax
ita policy policy-name
undo ita policy policy-name
Default
No ITA policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the ITA policy name, a case-insensitive string of 1 to 31 characters.
Examples
# Create an ITA policy named ita1 and enter ITA policy view.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1]
Related commands
display ita policy
traffic-quota-out
Use traffic-quota-out to configure access control for users that have used up their ITA data quotas.
Use undo traffic-quota-out to restore the default.
Syntax
traffic-quota-out { offline | online } [ no-accounting-update ]
undo traffic-quota-out
Default
The device sends accounting-update packets to the server to request new data quotas for the users that have used up their data quotas. A user cannot access the authorized IP subnets if the device does not receive any new data quota from the server for the user.
Views
ITA policy view
Predefined user roles
network-admin
Parameters
offline: Prohibits users from accessing the authorized IP subnets after their ITA data quotas are used up.
online: Permits users to access the authorized IP subnets after their ITA data quotas are used up.
no-accounting-update: Disables the device from sending accounting-update requests to refresh the users' quotas.
Usage guidelines
The server might divide the data quota of a user into multiple portions and assign a portion to the user each time. If the server does not support dividing user data quota, specify the no-accounting-update keyword to decrease the burden of the server as a best practice.
Examples
# In ITA policy ita1, prohibit users from accessing the authorized IP subnets after their ITA data quotas are used up.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] traffic-quota-out offline
Related commands
display ita policy
traffic-separate
Use traffic-separate enable to exclude the amount of specific-level ITA traffic from the overall traffic statistics that are sent to the accounting server.
Use undo traffic-separate enable to restore the default for an ITA traffic level.
Syntax
traffic-separate enable [ level level&<1-8> ]
undo traffic-separate enable [ level level&<1-8> ]
Default
The amount of ITA traffic is included in the overall traffic statistics that are sent to the accounting server.
Views
ITA policy view
Predefined user roles
network-admin
Parameters
level level&<1-8>: Specifies a space-separated list of up to eight ITA traffic levels. If you do not specify an ITA traffic level, this command excludes the amount of ITA traffic at all levels from the overall traffic statistics that are sent to the accounting server.
Examples
# In ITA policy ita1, exclude the amount of level-1 ITA traffic from the overall traffic statistics that are sent to the accounting server.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] traffic-separate enable level 1
Related commands
accounting-level
display ita policy
user-group
Use user-group to specify a user group for an ITA policy.
Use undo user-group to remove user group configuration from an ITA policy.
Syntax
user-group name group-name [ nat-instance instance-name ]
undo user-group [ name group-name ]
Default
No user groups are specified for an ITA policy.
Views
ITA policy view
Predefined user roles
network-admin
Parameters
name group-name: Specifies a user group by its name, a case-insensitive string of 1 to 32 characters.
nat-instance instance-name: Specifies a NAT instance by its name, a case-sensitive string of 1 to 31 characters. If the NAT instance name contains spaces, you must enclose the name into double quotation marks (for example, "xxx xxx"). If you do not specify this option, the user group is not bound with a NAT instance. Address translation is not performed for ITA services in the user group.
Usage guidelines
If a user is assigned an ITA policy associated with a user group, the ITA services of that user will be assigned to the user group. Different user groups can be associated with different accounting levels and CAR actions. To dynamically change the ITA accounting levels and CAR actions for an online user, you can dynamically change the ITA policy of the user to assign the ITA services of that user to a new user group.
To match ITA traffic of different user groups and remark the traffic to different accounting levels, you can configure QoS policies. For more information about configuring QoS policies, see ACL and QoS Configuration Guide.
You can specify a maximum of 32 user groups in an ITA policy and only one user group is not bound with a NAT instance.
The device assigns the ITA services of a user to a user group and uses the NAT instance associated with that user group to process NAT services for the ITA traffic. The rules are as follows:
· If the non-ITA service traffic of the user has been processed by a NAT instance, the ITA services of the user are assigned to the user group associated with the NAT instance. If the user group does not exist in the ITA policy, the ITA services of the user are not assigned to a new user group. The ITA services are processed in the same user group as non-ITA services.
· If the non-ITA service traffic of the user has not been processed by a NAT instance, the ITA services of the user are assigned to the user group that is not bound with a NAT instance. If no user groups are specified for the ITA policy, the ITA services of the user are not assigned to a new user group. The ITA services are processed in the same user group as non-ITA services.
For more information about NAT and NAT instances, see NAT configuration in Layer 3—IP Services Configuration Guide.
If you do not specify the name group-name option, the undo user-group command removes all user group-to-NAT instance bindings from the ITA policy.
A user group can be bound only to one NAT instance.
Deleting or modifying a user group for an ITA policy does not affect the ITA users that have been assigned the ITA policy. The configuration takes effect only on ITA users that are assigned or re-assigned the ITA policy after the configuration.
Examples
# In ITA policy ita1, specify user group g1 and bind NAT instance cp1 to the user group.
<Sysname> system-view
[Sysname] ita policy ita1
[Sysname-ita-policy-ita1] user-group name g1 nat-instance cp1
Related commands
display ita policy
user-group (system view)
