16-Security Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C Access Controllers Command References(R5426P02)-6W10416-Security Command Reference
15-Bandwidth management commands
Title Size Download
15-Bandwidth management commands 193.32 KB

Bandwidth management commands

The WX1800H series, WX2500H series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode.

The following compatibility matrixes show the support of hardware platforms for bandwidth management:

 

Hardware series

Model

Product code

Bandwidth management compatibility

WX1800H series

WX1804H

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H

WX2510H-F

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

WX3000H series

WX3010H

WX3010H-X

WX3010H-L

WX3024H

WX3024H-L

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

Yes:

·     WX3010H

·     WX3010H-X

·     WX3024H

·     WX3024H-F

No:

·     WX3010H-L

·     WX3024H-L

WX3500H series

WX3508H

WX3510H

WX3520H

WX3520H-F

WX3540H

EWP-WX3508H

EWP-WX3510H

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

Yes

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

Yes

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

Yes

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

Yes

Hardware series

Model

Product code

Bandwidth management compatibility

WX1800H series

WX1804H

WX1810H

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

action

Use action to specify a traffic profile for a traffic rule.

Use undo action to restore the default.

Syntax

action qos profile profile-name

undo action

Default

No traffic profile is specified for a traffic rule (packets matching a traffic rule are allowed to pass).

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

qos profile profile-name: Specifies a traffic profile by its name. The profile name is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If a packet matches a traffic rule, the device applies the traffic profile specified for the traffic rule to the packet.

Examples

# Create a traffic rule named rule1, and apply traffic profile profile1 to the traffic rule.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] action qos profile profile1

Related commands

profile name

rule name

application

Use application to configure application or application group as a match criterion.

Use undo application to delete an application or application group match criterion.

Syntax

application { app application-name | app-group application-group-name }

undo application { app application-name | app-group application-group-name }

Default

No application or application group is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

app application-name: Specifies an application by its name, a case-insensitive string of 1 to 63 characters.

app-group application-group-name: Specifies an application group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can configure multiple applications or application groups for a traffic rule to match packets.

This command enables the device to manage bandwidth by application type, such as email, P2P, IM, and web browsing.

If you specify a user-defined application that uses DCCP, SCTP, or UDP-Lite as the transport layer protocol, the application is not limited by bandwidth management. For information about user-defined applications, see Security Configuration Guide.

Examples

# Configure P2P_General_TCP_Communications as a match criterion for traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] application app P2P_General_TCP_Communications

Related commands

app-group (Security Command Reference)

nbar application (Security Command Reference)

port-mapping (Security Command Reference)

bandwidth

Use bandwidth to set the total guaranteed bandwidth or maximum bandwidth in a traffic profile.

Use undo bandwidth to delete the total guaranteed bandwidth or maximum bandwidth setting of a traffic profile.

Syntax

bandwidth { downstream | total | upstream } { guaranteed | maximum } bandwidth-value

undo bandwidth { downstream | total | upstream } { guaranteed | maximum }

Default

The total guaranteed bandwidth and maximum bandwidth are not set in a traffic profile.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

downstream: Specifies downstream traffic (traffic from a server to a client).

total: Specifies both downstream traffic and upstream traffic.

upstream: Specifies upstream traffic (traffic from a client to a server).

guaranteed: Specifies the guaranteed bandwidth.

maximum: Specifies the maximum bandwidth. The maximum bandwidth must be greater than or equal to the guaranteed bandwidth.

bandwidth-value: Specifies the bandwidth value in the range of 8 to 100000000 kbps.

Usage guidelines

When you specify traffic profiles for parent and child traffic rules, following these restrictions and guidelines:

·     The maximum bandwidth for the child traffic rule must be smaller than or equal to that for the parent traffic rule.

·     The guaranteed bandwidth for a child traffic rule must be smaller than or equal to that for the parent traffic rule.

·     The traffic profiles cannot be the same for the child and parent traffic rules.

An interface with small default expected bandwidth might experience traffic loss if the following conditions exist:

·     There is a large amount of traffic on the interface.

·     The interface uses the default expected bandwidth.

To avoid traffic loss, implicitly set the expected bandwidth to a large value for such an interface. For example, you can set the expected bandwidth of a tunnel interface to a value greater than 64 kbps (the default) if there is a large amount of traffic on the interface.

Examples

# In traffic profile profile1, set both upstream and downstream maximum bandwidth to 10000 kbps, and set both upstream and downstream guaranteed bandwidth to 5000 kbps.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] bandwidth upstream maximum 10000

[Sysname-traffic-policy-profile-profile1] bandwidth downstream maximum 10000

[Sysname-traffic-policy-profile-profile1] bandwidth upstream guaranteed 5000

[Sysname-traffic-policy-profile-profile1] bandwidth downstream guaranteed 5000

bandwidth average enable

Use bandwidth average enable to enable dynamic and even allocation for maximum bandwidth.

Use undo bandwidth average enable to disable dynamic and even allocation for maximum bandwidth.

Syntax

bandwidth average enable

undo bandwidth average enable

Default

Dynamic and even allocation for maximum bandwidth is disabled.

Views

Traffic profile view

Predefined user roles

network-admin

Usage guidelines

This command allows the device to dynamically and evenly allocate the total maximum bandwidth among all online IP addresses.

This command can be enabled only after you set the total maximum bandwidth.

Examples

# Enable dynamic and even allocation for maximum bandwidth in traffic profile profile1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] bandwidth total maximum 10000

[Sysname-traffic-policy-profile-profile1] bandwidth average enable

Related commands

bandwidth { downstream | total | upstream } maximum

bandwidth { per-ip | per-user }

Use bandwidth { per-ip | per-user } to set the per-IP or per-user maximum or guaranteed bandwidth for a traffic profile.

Use undo bandwidth { per-ip | per-user } to delete the per-IP or per-user maximum or guaranteed bandwidth setting of a traffic profile.

Syntax

bandwidth { downstream | total | upstream } { guaranteed | maximum } { per-ip | per-user } bandwidth-value

undo bandwidth { downstream | total | upstream } { guaranteed | maximum } { per-ip | per-user }

Default

The per-IP or per-user maximum bandwidth and guaranteed bandwidth are not set in a traffic profile.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

downstream: Specifies downstream traffic (traffic from a server to a client).

total: Specifies both downstream traffic and upstream traffic.

upstream: Specifies upstream traffic (traffic from a client to a server).

guaranteed: Sets the guaranteed bandwidth.

maximum: Sets the maximum bandwidth.

per-ip: Sets the per-IP bandwidth.

per-user: Sets the per-user bandwidth.

bandwidth-value: Specifies the bandwidth value in the range of 8 to 100000000 kbps.

Usage guidelines

This command allows you to manage bandwidth at finer granularity.

The per-IP or per-user maximum bandwidth cannot be greater than the total maximum bandwidth.

The per-IP or per-user guaranteed bandwidth cannot be greater than the total guaranteed bandwidth.

The per-IP or per-user guaranteed bandwidth cannot be greater than the per-IP or per-user maximum bandwidth.

Examples

# In traffic profile profile1, set both upstream and downstream per-IP maximum bandwidth to 10000 kbps.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] bandwidth upstream maximum per-ip 10000

[Sysname-traffic-policy-profile-profile1] bandwidth downstream maximum per-ip 10000

connection-limit count

Use connection-limit count to set the connection count limit for a traffic profile.

Use undo connection-limit count to delete the connection count limit setting of a traffic profile.

Syntax

connection-limit count { per-rule | per-ip | per-user } connection-number

undo connection-limit count { per-rule | per-ip | per-user }

Default

No connection count limit is set for a traffic profile.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

per-rule: Specifies the total connection count limit (count limit for the traffic rule associated with the traffic profile).

per-ip: Specifies the per-IP connection count limit.

per-user: Specifies the per-user connection count limit.

connection-number: Specifies the maximum number of connections allowed, in the range of 1 to 12000000.

Usage guidelines

The per-IP or per-user connection count limit cannot be greater than the total connection count limit.

You cannot set both per-IP and per-user connection count limits for one traffic profile.

Examples

# In traffic profile profile1, set the total connection count limit to 1000.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] connection-limit count per-rule 1000

# In traffic profile profile1, set the per-IP connection count limit to 500.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] connection-limit count per-ip 500

connection-limit rate

Use connection-limit rate to set the connection rate limit for a traffic profile.

Use undo connection-limit rate to delete the connection rate limit setting of a traffic profile.

Syntax

connection-limit rate { per-rule | per-ip | per-user } connection-rate

undo connection-limit rate { per-rule | per-ip | per-user }

Default

No connection rate limit is set for a traffic profile.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

per-rule: Specifies the total connection rate limit (rate limit for the traffic rule associated with the traffic profile).

per-ip: Specifies the per-IP connection rate limit.

per-user: Specifies the per-user connection rate limit.

connection- rate: Specifies the maximum connection rate in the range of 1 to 12000000 connections per second.

Usage guidelines

The per-IP or per-user connection rate limit cannot be greater than the total connection rate limit.

You cannot set both per-IP and per-user connection rate limits for one traffic profile.

Examples

# In traffic profile profile1, set the total connection rate limit to 1000 connections per second.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] connection-limit rate per-rule 1000

# In traffic profile profile1, set the per-IP connection rate limit to 500 connections per second.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] connection-limit rate per-user 500

disable

Use disable to disable a traffic rule.

Use undo disable to enable a traffic rule.

Syntax

disable

undo disable

Default

A traffic rule is enabled.

Views

Traffic rule view

Predefined user roles

network-admin

Usage guidelines

If a traffic rule is not used, use this command to disable it. A disabled traffic rule does not participate in traffic matching. You can copy, rename, and move a disabled traffic rule.

Examples

# Disable traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] disable

display traffic-policy statistics bandwidth

Use display traffic-policy statistics bandwidth to display traffic statistics for traffic rules.

Syntax

In standalone mode:

display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name }

In IRF mode:

display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

downstream: Specifies downstream traffic.

total: Specifies both downstream traffic and upstream traffic.

upstream: Specifies upstream traffic.

per-ip: Displays per-IP traffic statistics.

ipv4: Displays per-IP traffic statistics for IPv4 addresses.

ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays per-IP traffic statistics for all IPv4 addresses of the specified traffic rule.

ipv6: Displays per-IP traffic statistics for IPv6 addresses.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays per-IP traffic statistics for all IPv6 addresses of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

per-rule: Displays per-rule traffic statistics.

rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays per-rule traffic statistics for all traffic rules.

per-user: Displays per-user traffic statistics.

user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command displays per-user traffic statistics for all users of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays traffic statistics for all member devices. (In IRF mode.)

Usage guidelines

You can identify whether a traffic rule works as configured by displaying the traffic statistics for the traffic rule.

Examples

# (In standalone mode.) Display per-rule upstream traffic statistics for traffic rule traffic-rule.

<Sysname> display traffic-policy statistics bandwidth upstream per-rule traffic-rule

Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)

----------------------------------------------------------------------------------------

Rule name     State   Profile name    PP   PB     DP   DB    PR   DR    FPP  FPB    FPR

----------------------------------------------------------------------------------------

traffic-rule  Enabled  profile1         726  7550   4    2961  703  497   595  6632   664.1

--------------------------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In IRF mode.) Display per-rule upstream traffic statistics for traffic rule traffic-rule.

<Sysname> display traffic-policy statistics bandwidth upstream per-rule traffic-rule

Slot 1:

Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)

----------------------------------------------------------------------------------------

Rule name     State    Profile name    PP   PB     DP   DB    PR   DR    FPP  FPB    FPR

----------------------------------------------------------------------------------------

traffic-rule  Enabled  profile1          726   7550   4    2961  703  497   595  6632   664.1

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In standalone mode.) Display per-IP upstream traffic statistics for all IPv4 addresses in traffic rule traffic-rule.

<Sysname> display traffic-policy statistics bandwidth upstream per-ip ipv4 rule traffic-rule

Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)

----------------------------------------------------------------------------------------

Rule name      State    IP       PP    PB       DP   DB    PR     DR   FPP      FPB      FPR

----------------------------------------------------------------------------------------

traffic-rule   Enabled  1.1.1.1  726   75502    4    2961  703.3  497  595      6632     664.1

----------------------------------------------------------------------------------------

traffic-rule2  Enabled  1.1.1.5  756   74502    4    2901  712    488  595      6632     664.1

----------------------------------------------------------------------------------------

traffic-rule3  Enabled  1.1.1.8  756   74502    4    2951  712    488  595      6632     664.1

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In IRF mode.) Display per-IP upstream traffic statistics for all IPv4 addresses in traffic rule traffic-rule.

<Sysname> display traffic-policy statistics bandwidth upstream per-ip ipv4 rule traffic-rule

Slot 1:

Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)

----------------------------------------------------------------------------------------

Rule name      State    IP       PP    PB       DP   DB    PR     DR   FPP      FPB      FPR

----------------------------------------------------------------------------------------

traffic-rule   Enabled  1.1.1.1  726   75502    4    2961  703.3  497  595      6632     664.1

----------------------------------------------------------------------------------------

traffic-rule2  Enabled  1.1.1.5  756   74502    4    2901  712    488  595      6632     664.1

----------------------------------------------------------------------------------------

traffic-rule3  Enabled  1.1.1.8  756   74502    4    2951  712    488  595      6632     664.1

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

Table 1 Command output

Field

Description

Codes

Acronyms for fields:

·     PP(Passed Packets)Number of packets permitted by the traffic rule.

·     PB(Passed Bytes)Number of bytes permitted by the traffic rule.

·     DP(Dropped Packets)Number of packets dropped by the traffic rule.

·     DB(Dropped Bytes)Number of bytes dropped by the traffic rule.

·     PR(Passed Rate:kbps)Rate of packets permitted by the traffic rule, in kbps.

·     DR(Drop Rate:kbps)Rate of packets dropped by the traffic rule, in kbps.

·     FPP(Final Passed Packets)Number of packets permitted by both the traffic rule and interface bandwidth.

·     FPB(Final Passed Bytes)Number of bytes permitted by both the traffic rule and interface bandwidth.

·     FPR(Final Passed Rate:kbps)Rate of packets permitted by both the traffic rule and interface bandwidth, in kbps.

In the case of rule nesting, the actual values of the FPP, FPB, and FPR fields are displayed only if you specify the lowest-level traffic rule in the display traffic-policy statistics bandwidth command. If you specify a non-lowest-level traffic rule, the value 0 is displayed for these fields.

 

display traffic-policy statistics connection-limit

Use display traffic-policy statistics connection-limit to display connection limit statistics.

Syntax

In standalone mode:

display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } }

In IRF mode:

display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

per-ip: Displays per-IP connection limit statistics.

ipv4: Displays per-IP connection limit statistics for IPv4 addresses.

ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays connection limit statistics for all IPv4 addresses of the specified traffic rule.

ipv6: Displays per-IP connection limit statistics for IPv6 addresses.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays connection limit statistics for all IPv6 addresses of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

per-rule: Displays per-rule connection limit statistics.

rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays per-rule connection limit statistics for all traffic rules.

per-user: Displays per-user connection limit statistics.

user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command displays per-user connection limit statistics for all users of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays connection limit statistics for all member devices. (In IRF mode.)

Usage guidelines

You can identify whether a traffic rule works as configured by displaying the connection limit statistics for the traffic rule.

Examples

# (In standalone mode.) Display per-rule connection limit statistics for traffic rule traffic-rule.

<Sysname> display traffic-policy statistics connection-limit per-rule traffic-rule

Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)

----------------------------------------------------------------------------------------

Rule name      State      Profile name   CC         RC         CL       RRC        RR       PR

----------------------------------------------------------------------------------------

traffic-rule   Enabled    profile1      200        300        200      200        300      200

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In IRF mode.) Display per-rule connection limit statistics for traffic rule traffic-rule.

<Sysname> display traffic-policy statistics connection-limit per-rule traffic-rule

Slot 1:

Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)

----------------------------------------------------------------------------------------

Rule name      State      Profile name   CC         RC         CL       RRC        RR       PR

----------------------------------------------------------------------------------------

traffic-rule   Enabled    profile1      200        300        200      200        300      200

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In standalone mode.) Display per-user connection limit statistics for all users of traffic rule traffic-rule.

<Sysname> display traffic-policy statistics connection-limit per-user rule traffic-rule

Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)

----------------------------------------------------------------------------------------

Rule name       State     Profile name   User ID   User name  CC   RC    CL    RRC    RR     PR

----------------------------------------------------------------------------------------

traffic-rule   Enabled    profile1      0x3d     user1     200  300   200   200    300    200

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

# (In IRF mode.) Display per-user connection limit statistics for all users of traffic rule traffic-rule.

<Sysname> display traffic-policy statistics connection-limit per-user rule traffic-rule

Slot 1:

Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)

----------------------------------------------------------------------------------------

Rule name       State     Profile name   User ID   User name  CC   RC    CL    RRC    RR     PR

----------------------------------------------------------------------------------------

traffic-rule   Enabled    profile1      0x3d     user1     200  300   200   200    300    200

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

Table 2 Command output

Field

Description

Codes

Acronyms for fields:

·     CC (current connections)—Number of current connections.

·     RC (rejected connections)—Number of connections rejected after the number of current connections reached the limit.

·     CL (connection limit)—Maximum number of connections allowed.

·     RRC(Rate Rejective Connection)Number of connections rejected after the connection establishment rate reached the limit.

·     RR(Rejective Rate)Rate of connections rejected, in connections per second.

·     PR(Pass Rate)Rate of connections established, in connections per second.

 

display traffic-policy statistics rule-hit

Use display traffic-policy statistics rule-hit to display rule-hit statistics.

Syntax

In standalone mode:

display traffic-policy statistics rule-hit [ rule rule-name ]

In IRF mode:

display traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays rule-hit statistics for all traffic rules.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays rule-hit statistics for all member devices. (In IRF mode.)

Examples

# (In standalone mode.) Display rule-hit statistics for all traffic rules.

<Sysname> display traffic-policy statistics rule-hit

----------------------------------------------------------------------------------------

Rule ID  Rule name       State       Profile ID    Profile name  Hit

----------------------------------------------------------------------------------------

201      traffic-rule    Enabled     21            profile1     11111

----------------------------------------------------------------------------------------

202      traffic-rule1   Enabled     22            profile2     11112

----------------------------------------------------------------------------------------

203      traffic-rule2   Enabled     23            profile1     11565

----------------------------------------------------------------------------------------

# (In IRF mode.) Display rule-hit statistics for all traffic rules.

<Sysname> display traffic-policy statistics rule-hit

Slot 1:

----------------------------------------------------------------------------------------

Rule ID  Rule name       State       Profile ID    Profile name  Hit

----------------------------------------------------------------------------------------

201      traffic-rule    Enabled     21            profile1     11111

----------------------------------------------------------------------------------------

202      traffic-rule1   Enabled     22            profile2     11112

----------------------------------------------------------------------------------------

203      traffic-rule2   Enabled     23            profile1     11565

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

Table 3 Command output

Field

Description

Hit

Number of times that a rule is matched.

 

dscp

Use dscp to configure a DSCP priority as a match criterion.

Use undo dscp to remove all DSCP priority match criteria.

Syntax

dscp dscp-value

undo dscp

Default

No DSCP priority is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP priority, which can only be a keyword in Table 4.

Table 4 Keyword-value map

Keyword

DSCP value (binary)

DSCP value (decimal)

default

000000

0

af11

001010

10

af12

001100

12

af13

001110

14

af21

010010

18

af22

010100

20

af23

010110

22

af31

011010

26

af32

011100

28

af33

011110

30

af41

100010

34

af42

100100

36

af43

100110

38

cs1

001000

8

cs2

010000

16

cs3

011000

24

cs4

100000

32

cs5

101000

40

cs6

110000

48

cs7

111000

56

ef

101110

46

 

Examples

# Configure DSCP priority af11 as a match criterion in traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] dscp af11

profile name

Use profile name to create a traffic profile and enter its view, or enter the view of an existing traffic profile.

Use undo profile name to delete a traffic profile.

Syntax

profile name profile-name

undo profile name profile-name

Default

No traffic profile exists.

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

profile-name: Specifies a name for the traffic profile, a case-insensitive string of 1 to 63 characters.

Usage guidelines

A traffic profile defines the bandwidth resources that can be used and takes effect after it is specified for a traffic rule.

Examples

# Create a traffic profile named profile1 and enter traffic profile view.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1]

Related commands

Action

profile reference-mode

Use profile reference-mode to set the reference mode for a traffic profile.

Use undo profile reference-mode to restore the default.

Syntax

profile reference-mode { per-rule | rule-shared }

undo profile reference-mode

Default

The reference mode for a traffic profile is per-rule.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

per-rule: Specifies that each traffic rule that uses the traffic profile can reach the bandwidth limits and connection limits specified in the profile.

rule-shared: Specifies that all traffic rules that use the traffic profile share the bandwidth limits and connection limits specified in the profile.

Usage guidelines

After a traffic profile is specified for a traffic rule, the bandwidth limits and connection limits in the profile take effect. The reference mode for a traffic profile can be per-rule or rule-shared.

Examples

# Set the reference mode to rule-shared for traffic profile profile1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] profile reference-mode rule-shared

profile rename

Use profile rename to rename a traffic profile.

Syntax

profile rename old-name new-name

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

old-name: Specifies the old name of the traffic profile, a case-insensitive string of 1 to 63 characters.

new-name: Specifies a new name for the traffic profile, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.

Examples

# Create a traffic profile named profile1, and rename traffic profile profile1 as profile2.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] quit

[Sysname-traffic-policy] profile rename profile1 profile2

remark dscp

Use remark dscp to mark the DSCP priority for packets of a traffic profile.

Use undo remark dscp to restore the default.

Syntax

remark dscp dscp-value

undo remark dscp

Default

The DSCP priority for packets of a traffic profile is not marked.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP priority, which can only be a keyword in Table 4.

Usage guidelines

Network devices can classify traffic by using DSCP priorities and provide different treatment for packets with different DSCP priorities.

Examples

# Mark DSCP priority af22 for packets of traffic profile profile1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] remark dscp af22

Related commands

profile name

reset traffic-policy statistics bandwidth

Use reset traffic-policy statistics bandwidth to clear traffic statistics for traffic rules.

Syntax

In standalone mode:

reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name }

In IRF mode:

reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

downstream: Specifies downstream traffic.

total: Specifies both downstream traffic and upstream traffic.

upstream: Specifies upstream traffic.

per-ip: Clears per-IP traffic statistics.

ipv4: Clears per-IP traffic statistics for IPv4 addresses.

ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command clears per-IP traffic statistics for all IPv4 addresses of the specified traffic rule.

ipv6: Clears per-IP traffic statistics for IPv6 addresses.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command clears per-IP traffic statistics for all IPv6 addresses of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

per-rule: Clears per-rule traffic statistics.

rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears per-rule traffic statistics for all traffic rules.

per-user: Clears per-user traffic statistics.

user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command clears per-user traffic statistics for all users of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears traffic statistics for all member devices. (In IRF mode.)

Examples

# (In standalone mode.) Clear per-rule upstream traffic statistics for traffic rule traffic-rule.

<Sysname> reset traffic-policy statistics bandwidth upstream per-rule traffic-rule

Succeeded in clearing the bandwidth statistics.

# (In IRF mode.) Clear per-rule upstream traffic statistics for traffic rule traffic-rule on a slot.

<Sysname> reset traffic-policy statistics bandwidth upstream per-rule traffic-rule slot 1

Succeeded in clearing the bandwidth statistics.

reset traffic-policy statistics connection-limit

Use reset traffic-policy statistics connection-limit to clear connection limit statistics.

Syntax

In standalone mode:

reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } }

In IRF mode:

reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

per-ip: Clears per-IP connection limit statistics.

ipv4: Clears per-IP connection limit statistics for IPv4 addresses.

ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command clears connection limit statistics for all IPv4 addresses of the specified traffic rule.

ipv6: Clears per-IP connection limit statistics for IPv6 addresses.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command clears connection limit statistics for all IPv6 addresses of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

per-rule: Clears per-rule connection limit statistics.

rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears per-rule connection limit statistics for all traffic rules.

per-user: Clears per-user connection limit statistics.

user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command clears per-user connection limit statistics for all users of the specified traffic rule.

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears connection limit statistics for all member devices. (In IRF mode.)

Examples

# (In standalone mode.) Clear per-rule connection limit statistics for traffic rule traffic-rule.

<Sysname> reset traffic-policy statistics connection-limit per-rule traffic-rule

Succeeded in clearing the connection-limit statistics.

# (In IRF mode.) Clear per-rule connection limit statistics for traffic rule traffic-rule on a slot.

<Sysname> reset traffic-policy statistics connection-limit per-rule traffic-rule slot 1

Succeeded in clearing the connection-limit statistics.

reset traffic-policy statistics rule-hit

Use reset traffic-policy statistics rule-hit to clear rule-hit statistics.

Syntax

In standalone mode:

reset traffic-policy statistics rule-hit [ rule rule-name ]

In IRF mode:

reset traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears rule-hit statistics for all traffic rules.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears rule-hit statistics for all member devices. (In IRF mode.)

Examples

# (In standalone mode.) Clear rule-hit statistics for traffic rule traffic-rule.

<Sysname> reset traffic-policy statistics rule-hit rule traffic-rule

Succeeded in clearing the rule-hit statistics.

# (In IRF mode.) Clear rule-hit statistics for traffic rule traffic-rule on a slot.

<Sysname> reset traffic-policy statistics rule-hit rule traffic-rule slot 1

Succeeded in clearing the rule-hit statistics.

rule copy

Use rule copy to copy a traffic rule.

Syntax

rule copy rule-name new-rule-name

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

rule-name: Specifies a traffic rule to be copied by its name, a case-insensitive string of 1 to 63 characters.

new-rule-name: Specifies a name for the new traffic rule, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.

Usage guidelines

If a traffic rule to be created is similar to an existing traffic rule, create the traffic rule by copying the existing traffic rule and then modify it. The new traffic rule is placed next to the copied traffic rule.

If a traffic rule to be copied has child traffic rules, only the parent traffic rule is copied.

Examples

# Create a traffic rule named rule2 by copying traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule copy rule1 rule2

rule move

Use rule move to move a traffic rule to a new position.

Syntax

rule move rule-name1 { after | before } rule-name2

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

rule-name1: Specifies a traffic rule to be moved by its name, a case-insensitive string of 1 to 63 characters. The traffic rule can be a parent or child traffic rule.

after: Moves the specified traffic rule to the position after a target traffic rule.

before: Moves the specified traffic rule to the position before a target traffic rule.

rule-name2: Specifies the target traffic rule by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

The device matches traffic with traffic rules in their order of appearance on the device. When a traffic rule is matched, the matching process ends and the device applies the traffic profile specified for the traffic rule to the traffic. If no traffic rule is matched, the device forwards the traffic.

To ensure reasonable, precise bandwidth management, configure traffic rules in ascending order of granularity. If the traffic rules are not in ascending order of granularity, you can use the rule move command to change the position of them.

You can move child traffic rules only within their parent traffic rule.

Examples

# Create two traffic rules named rule1 and rule2, and move rule1 to the position after rule2.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] quit

[Sysname-traffic-policy] rule name rule2

[Sysname-traffic-policy-rule-rule2] quit

[Sysname-traffic-policy] rule move rule1 after rule2

rule name

Use rule name to create a traffic rule and enter its view, or enter the view of an existing traffic rule.

Use undo rule name to delete a traffic rule.

Syntax

rule name rule-name [ parent parent-rule-name ]

undo rule name rule-name

Default

No traffic rule exists.

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

rule-name: Specifies a name for the traffic rule, a case-insensitive string of 1 to 63 characters.

parent parent-rule-name: Specifies a parent traffic rule by its name, a case-insensitive string of 1 to 63 characters. To successfully create the traffic rule, make sure the parent traffic rule already exists.

Usage guidelines

You can configure multiple traffic rules in the traffic policy. For a traffic rule, you can configure match criteria to match packets and specify the traffic profile to apply to matching packets. The device matches traffic rules in their order of appearance on the device. When a traffic rule is matched, the matching process ends and the device applies the traffic profile for the traffic rule to the traffic. If no traffic rule is matched, the device forwards the traffic.

For a new traffic rule to inherit the match criteria of an existing traffic rule, specify the existing traffic rule as the parent of the new traffic rule.

A level-4 rule cannot act as a parent rule

You can specify a parent traffic rule only when creating a traffic rule. You cannot add or modify a parent traffic rule for an existing traffic rule.

Examples

# Create a traffic rule named rule1 and enter traffic rule view.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1]

rule rename

Use rule rename to rename a traffic rule.

Syntax

rule rename old-rule-name new-rule-name

Views

Traffic policy view

Predefined user roles

network-admin

Parameters

old-rule-name: Specifies the old name of the traffic rule, a case-insensitive string of 1 to 63 characters.

new-rule-name: Specifies a new name for the traffic rule, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.

Examples

# Create a traffic rule named rule1, and rename traffic rule rule1 as rule2.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] quit

[Sysname-traffic-policy] rule rename rule1 rule2

time-range

Use time-range to specify a time range during which a traffic rule is in effect.

Use undo time-range to restore the default.

Syntax

time-range time-range-name

undo time-range

Default

A traffic rule is in effect at any time.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

time-range-name: Specifies a time range by its name, a case-insensitive string of 1 to 32 characters.

Examples

# Specify time range work-time for traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] time-range work-time

Related commands

time-range

traffic-policy

Use traffic-policy to enter traffic policy view.

Syntax

traffic-policy

Views

System view

Predefined user roles

network-admin

Usage guidelines

In traffic policy view, you can create and manage traffic rules.

Examples

# Enter traffic policy view.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy]

traffic-priority

Use traffic-priority to set the traffic priority for a traffic profile.

Use undo traffic-priority to restore the default.

Syntax

traffic-priority priority-value

undo traffic-priority

Default

The traffic priority is 1 for a traffic profile.

Views

Traffic profile view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the priority value in the range of 1 to 7. The larger the priority value, the higher the priority.

Usage guidelines

When an interface is congested with packets of multiple traffic profiles, packets with higher priority are sent first. Packets with the same priority have the same chance of being forwarded.

Examples

# Set the traffic priority to 7 for traffic profile profile1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] profile name profile1

[Sysname-traffic-policy-profile-profile1] traffic-priority 7

Related commands

profile name

user

Use user to configure a username as a match criterion.

Use undo user to delete a username match criterion.

Syntax

user user-name [ domain domain-name ]

undo user user-name [ domain domain-name ]

Default

No username is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

user-name: Specifies a username, a case-insensitive string of 1 to 55 characters. The username cannot be a, al, or all, and cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@).

domain domain-name: Matches the user in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters. The identity domain name cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@). If you do not specify this option, the system matches the user among users that do not belong to any identity domain. For more information about identity domains, see user identification in Security Configuration Guide.

Usage guidelines

A username corresponds to changing IP addresses. This command implements per-user bandwidth management and facilitates bandwidth management for mobile Internet users whose IP addresses change.

Examples

# Configure username managers as a match criterion in traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] user managers

# Configure username user1 in identity domain dpi as a match criterion in traffic rule myrule.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name myrule

[Sysname-traffic-policy-rule-myrule] user user1 domain dpi

Related commands

local-user (Security Command Reference)

user-identity enable (Security Command Reference)

user-identity static-user (Security Command Reference)

user-group

Use user-group to configure a user group as a match criterion.

Use undo user-group to delete a user group match criterion.

Syntax

user-group user-group-name [ domain domain-name ]

undo user-group user-group-name [ domain domain-name ]

Default

No user group is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

user-group-name: Specifies a user group by its name, a case-insensitive string of 1 to 32 characters.

domain domain-name: Matches the user group in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters. The identity domain name cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@). If you do not specify this option, the system matches the user group among user groups that do not belong to any identity domain. For more information about identity domains, see user identification in Security Configuration Guide.

Usage guidelines

A user group corresponds to changing IP addresses. This command implements per-user-group bandwidth management and facilitates bandwidth management for mobile Internet users whose IP addresses change.

Examples

# Configure user group mak as a match criterion in traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] user-group mak

# Configure user group usergroup1 in identity domain dpi as a match criterion in traffic rule myrule.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name myrule

[Sysname-traffic-policy-rule-myrule] user-group usergroup1 domain dpi

Related commands

user-group (Security Command Reference)

user-identity enable (Security Command Reference)

wlan ssid

Use wlan ssid to configure an SSID as a match criterion.

Use undo wlan ssid to delete an SSID match criterion.

Syntax

wlan ssid ssid-name

undo wlan ssid ssid-name

 

Default

No SSID is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

This command matches the packets of users that use the specified SSID. You can configure this command multiple times to specify multiple SSIDs.

Examples

# Configure SSID service as a match criterion in traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] wlan ssid service

wlan user-profile

Use wlan user-profile to configure a user profile as a match criterion.

Use undo wlan user-profile to delete a user profile match criterion.

Syntax

wlan user-profile profile-name

undo wlan user-profile profile-name

 

Default

No user profile is used as a match criterion.

Views

Traffic rule view

Predefined user roles

network-admin

Parameters

profile-name: Specifies a user profile by its name, a case-sensitive string of 1 to 31 characters. The name must begin with a letter and can only contain letters, digits, and underscores (_).

Usage guidelines

When a user accesses the device, the authentication server first authenticates the user. If the user passes authentication, the authentication server sends to the device the name of the user profile bound to the user account. Then, the device can perform bandwidth management on the user according to the settings of the user profile.

This command takes effect only on wireless users. You can configure this command multiple times to specify multiple user profiles.

Examples

# Configure user profile user as a match criterion in traffic rule rule1.

<Sysname> system-view

[Sysname] traffic-policy

[Sysname-traffic-policy] rule name rule1

[Sysname-traffic-policy-rule-rule1] wlan user-profile user