- Table of Contents
-
- 16-Security Command Reference
- 00-Preface
- 01-ACL commands
- 02-APR commands
- 03-ARP attack protection commands
- 04-ASPF commands
- 05-IP source guard commands
- 06-IPsec commands
- 07-ND attack defense commands
- 08-Password control commands
- 09-PKI commands
- 10-SSH commands
- 11-SSL commands
- 12-SSL VPN commands
- 13-URL filtering commands
- 14-User profile commands
- 15-Bandwidth management commands
- 16-Public key management commands
- 17-Attack detection and prevention commands
- 18-Session management commands
- 19-Connection limit commands
- 20-Crypto engine commands
- 21-Time range commands
- 22-Protocol packet rate limit commands
- 23-DPI engine commands
- Related Documents
-
Title | Size | Download |
---|---|---|
15-Bandwidth management commands | 193.32 KB |
Contents
bandwidth { per-ip | per-user }
display traffic-policy statistics bandwidth
display traffic-policy statistics connection-limit
display traffic-policy statistics rule-hit
reset traffic-policy statistics bandwidth
reset traffic-policy statistics connection-limit
Bandwidth management commands
The WX1800H series, WX2500H series, and WX3000H series access controllers do not support parameters or commands that are available only in IRF mode.
The following compatibility matrixes show the support of hardware platforms for bandwidth management:
Hardware series |
Model |
Product code |
Bandwidth management compatibility |
WX1800H series |
WX1804H |
EWP-WX1804H-PWR-CN |
Yes |
WX2500H series |
WX2508H-PWR-LTE WX2510H WX2510H-F WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
Yes |
WX3000H series |
WX3010H WX3010H-X WX3010H-L WX3024H WX3024H-L WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
Yes: · WX3010H · WX3010H-X · WX3024H · WX3024H-F No: · WX3010H-L · WX3024H-L |
WX3500H series |
WX3508H WX3510H WX3520H WX3520H-F WX3540H |
EWP-WX3508H EWP-WX3510H EWP-WX3520H EWP-WX3520H-F EWP-WX3540H |
Yes |
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
Yes |
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
Yes |
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
Yes |
Hardware series |
Model |
Product code |
Bandwidth management compatibility |
WX1800H series |
WX1804H WX1810H WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
Yes |
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
No |
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
No |
action
Use action to specify a traffic profile for a traffic rule.
Use undo action to restore the default.
Syntax
action qos profile profile-name
undo action
Default
No traffic profile is specified for a traffic rule (packets matching a traffic rule are allowed to pass).
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
qos profile profile-name: Specifies a traffic profile by its name. The profile name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If a packet matches a traffic rule, the device applies the traffic profile specified for the traffic rule to the packet.
Examples
# Create a traffic rule named rule1, and apply traffic profile profile1 to the traffic rule.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] action qos profile profile1
Related commands
profile name
rule name
application
Use application to configure application or application group as a match criterion.
Use undo application to delete an application or application group match criterion.
Syntax
application { app application-name | app-group application-group-name }
undo application { app application-name | app-group application-group-name }
Default
No application or application group is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
app application-name: Specifies an application by its name, a case-insensitive string of 1 to 63 characters.
app-group application-group-name: Specifies an application group by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You can configure multiple applications or application groups for a traffic rule to match packets.
This command enables the device to manage bandwidth by application type, such as email, P2P, IM, and web browsing.
If you specify a user-defined application that uses DCCP, SCTP, or UDP-Lite as the transport layer protocol, the application is not limited by bandwidth management. For information about user-defined applications, see Security Configuration Guide.
Examples
# Configure P2P_General_TCP_Communications as a match criterion for traffic rule rule1.
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] application app P2P_General_TCP_Communications
Related commands
app-group (Security Command Reference)
nbar application (Security Command Reference)
port-mapping (Security Command Reference)
bandwidth
Use bandwidth to set the total guaranteed bandwidth or maximum bandwidth in a traffic profile.
Use undo bandwidth to delete the total guaranteed bandwidth or maximum bandwidth setting of a traffic profile.
Syntax
bandwidth { downstream | total | upstream } { guaranteed | maximum } bandwidth-value
undo bandwidth { downstream | total | upstream } { guaranteed | maximum }
Default
The total guaranteed bandwidth and maximum bandwidth are not set in a traffic profile.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
downstream: Specifies downstream traffic (traffic from a server to a client).
total: Specifies both downstream traffic and upstream traffic.
upstream: Specifies upstream traffic (traffic from a client to a server).
guaranteed: Specifies the guaranteed bandwidth.
maximum: Specifies the maximum bandwidth. The maximum bandwidth must be greater than or equal to the guaranteed bandwidth.
bandwidth-value: Specifies the bandwidth value in the range of 8 to 100000000 kbps.
Usage guidelines
When you specify traffic profiles for parent and child traffic rules, following these restrictions and guidelines:
· The maximum bandwidth for the child traffic rule must be smaller than or equal to that for the parent traffic rule.
· The guaranteed bandwidth for a child traffic rule must be smaller than or equal to that for the parent traffic rule.
· The traffic profiles cannot be the same for the child and parent traffic rules.
An interface with small default expected bandwidth might experience traffic loss if the following conditions exist:
· There is a large amount of traffic on the interface.
· The interface uses the default expected bandwidth.
To avoid traffic loss, implicitly set the expected bandwidth to a large value for such an interface. For example, you can set the expected bandwidth of a tunnel interface to a value greater than 64 kbps (the default) if there is a large amount of traffic on the interface.
Examples
# In traffic profile profile1, set both upstream and downstream maximum bandwidth to 10000 kbps, and set both upstream and downstream guaranteed bandwidth to 5000 kbps.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] bandwidth upstream maximum 10000
[Sysname-traffic-policy-profile-profile1] bandwidth downstream maximum 10000
[Sysname-traffic-policy-profile-profile1] bandwidth upstream guaranteed 5000
[Sysname-traffic-policy-profile-profile1] bandwidth downstream guaranteed 5000
bandwidth average enable
Use bandwidth average enable to enable dynamic and even allocation for maximum bandwidth.
Use undo bandwidth average enable to disable dynamic and even allocation for maximum bandwidth.
Syntax
bandwidth average enable
undo bandwidth average enable
Default
Dynamic and even allocation for maximum bandwidth is disabled.
Views
Traffic profile view
Predefined user roles
network-admin
Usage guidelines
This command allows the device to dynamically and evenly allocate the total maximum bandwidth among all online IP addresses.
This command can be enabled only after you set the total maximum bandwidth.
Examples
# Enable dynamic and even allocation for maximum bandwidth in traffic profile profile1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] bandwidth total maximum 10000
[Sysname-traffic-policy-profile-profile1] bandwidth average enable
Related commands
bandwidth { downstream | total | upstream } maximum
bandwidth { per-ip | per-user }
Use bandwidth { per-ip | per-user } to set the per-IP or per-user maximum or guaranteed bandwidth for a traffic profile.
Use undo bandwidth { per-ip | per-user } to delete the per-IP or per-user maximum or guaranteed bandwidth setting of a traffic profile.
Syntax
bandwidth { downstream | total | upstream } { guaranteed | maximum } { per-ip | per-user } bandwidth-value
undo bandwidth { downstream | total | upstream } { guaranteed | maximum } { per-ip | per-user }
Default
The per-IP or per-user maximum bandwidth and guaranteed bandwidth are not set in a traffic profile.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
downstream: Specifies downstream traffic (traffic from a server to a client).
total: Specifies both downstream traffic and upstream traffic.
upstream: Specifies upstream traffic (traffic from a client to a server).
guaranteed: Sets the guaranteed bandwidth.
maximum: Sets the maximum bandwidth.
per-ip: Sets the per-IP bandwidth.
per-user: Sets the per-user bandwidth.
bandwidth-value: Specifies the bandwidth value in the range of 8 to 100000000 kbps.
Usage guidelines
This command allows you to manage bandwidth at finer granularity.
The per-IP or per-user maximum bandwidth cannot be greater than the total maximum bandwidth.
The per-IP or per-user guaranteed bandwidth cannot be greater than the total guaranteed bandwidth.
The per-IP or per-user guaranteed bandwidth cannot be greater than the per-IP or per-user maximum bandwidth.
Examples
# In traffic profile profile1, set both upstream and downstream per-IP maximum bandwidth to 10000 kbps.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] bandwidth upstream maximum per-ip 10000
[Sysname-traffic-policy-profile-profile1] bandwidth downstream maximum per-ip 10000
connection-limit count
Use connection-limit count to set the connection count limit for a traffic profile.
Use undo connection-limit count to delete the connection count limit setting of a traffic profile.
Syntax
connection-limit count { per-rule | per-ip | per-user } connection-number
undo connection-limit count { per-rule | per-ip | per-user }
Default
No connection count limit is set for a traffic profile.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
per-rule: Specifies the total connection count limit (count limit for the traffic rule associated with the traffic profile).
per-ip: Specifies the per-IP connection count limit.
per-user: Specifies the per-user connection count limit.
connection-number: Specifies the maximum number of connections allowed, in the range of 1 to 12000000.
Usage guidelines
The per-IP or per-user connection count limit cannot be greater than the total connection count limit.
You cannot set both per-IP and per-user connection count limits for one traffic profile.
Examples
# In traffic profile profile1, set the total connection count limit to 1000.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] connection-limit count per-rule 1000
# In traffic profile profile1, set the per-IP connection count limit to 500.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] connection-limit count per-ip 500
connection-limit rate
Use connection-limit rate to set the connection rate limit for a traffic profile.
Use undo connection-limit rate to delete the connection rate limit setting of a traffic profile.
Syntax
connection-limit rate { per-rule | per-ip | per-user } connection-rate
undo connection-limit rate { per-rule | per-ip | per-user }
Default
No connection rate limit is set for a traffic profile.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
per-rule: Specifies the total connection rate limit (rate limit for the traffic rule associated with the traffic profile).
per-ip: Specifies the per-IP connection rate limit.
per-user: Specifies the per-user connection rate limit.
connection- rate: Specifies the maximum connection rate in the range of 1 to 12000000 connections per second.
Usage guidelines
The per-IP or per-user connection rate limit cannot be greater than the total connection rate limit.
You cannot set both per-IP and per-user connection rate limits for one traffic profile.
Examples
# In traffic profile profile1, set the total connection rate limit to 1000 connections per second.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] connection-limit rate per-rule 1000
# In traffic profile profile1, set the per-IP connection rate limit to 500 connections per second.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] connection-limit rate per-user 500
disable
Use disable to disable a traffic rule.
Use undo disable to enable a traffic rule.
Syntax
disable
undo disable
Default
A traffic rule is enabled.
Views
Traffic rule view
Predefined user roles
network-admin
Usage guidelines
If a traffic rule is not used, use this command to disable it. A disabled traffic rule does not participate in traffic matching. You can copy, rename, and move a disabled traffic rule.
Examples
# Disable traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] disable
display traffic-policy statistics bandwidth
Use display traffic-policy statistics bandwidth to display traffic statistics for traffic rules.
Syntax
In standalone mode:
display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name }
In IRF mode:
display traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
downstream: Specifies downstream traffic.
total: Specifies both downstream traffic and upstream traffic.
upstream: Specifies upstream traffic.
per-ip: Displays per-IP traffic statistics.
ipv4: Displays per-IP traffic statistics for IPv4 addresses.
ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays per-IP traffic statistics for all IPv4 addresses of the specified traffic rule.
ipv6: Displays per-IP traffic statistics for IPv6 addresses.
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays per-IP traffic statistics for all IPv6 addresses of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
per-rule: Displays per-rule traffic statistics.
rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays per-rule traffic statistics for all traffic rules.
per-user: Displays per-user traffic statistics.
user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command displays per-user traffic statistics for all users of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays traffic statistics for all member devices. (In IRF mode.)
Usage guidelines
You can identify whether a traffic rule works as configured by displaying the traffic statistics for the traffic rule.
Examples
# (In standalone mode.) Display per-rule upstream traffic statistics for traffic rule traffic-rule.
<Sysname> display traffic-policy statistics bandwidth upstream per-rule traffic-rule
Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)
----------------------------------------------------------------------------------------
Rule name State Profile name PP PB DP DB PR DR FPP FPB FPR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 726 7550 4 2961 703 497 595 6632 664.1
--------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In IRF mode.) Display per-rule upstream traffic statistics for traffic rule traffic-rule.
<Sysname> display traffic-policy statistics bandwidth upstream per-rule traffic-rule
Slot 1:
Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)
----------------------------------------------------------------------------------------
Rule name State Profile name PP PB DP DB PR DR FPP FPB FPR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 726 7550 4 2961 703 497 595 6632 664.1
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In standalone mode.) Display per-IP upstream traffic statistics for all IPv4 addresses in traffic rule traffic-rule.
<Sysname> display traffic-policy statistics bandwidth upstream per-ip ipv4 rule traffic-rule
Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)
----------------------------------------------------------------------------------------
Rule name State IP PP PB DP DB PR DR FPP FPB FPR
----------------------------------------------------------------------------------------
traffic-rule Enabled 1.1.1.1 726 75502 4 2961 703.3 497 595 6632 664.1
----------------------------------------------------------------------------------------
traffic-rule2 Enabled 1.1.1.5 756 74502 4 2901 712 488 595 6632 664.1
----------------------------------------------------------------------------------------
traffic-rule3 Enabled 1.1.1.8 756 74502 4 2951 712 488 595 6632 664.1
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In IRF mode.) Display per-IP upstream traffic statistics for all IPv4 addresses in traffic rule traffic-rule.
<Sysname> display traffic-policy statistics bandwidth upstream per-ip ipv4 rule traffic-rule
Slot 1:
Codes: PP(Passed Packets), PB(Passed Bytes), DP(Dropped Packets), DB(Dropped Bytes), PR(Passed Rate:kbps), DR(Drop Rate:kbps), FPP(Final Passed Packets), FPB(Final Passed Bytes), FPR(Final Passed Rate:kbps)
----------------------------------------------------------------------------------------
Rule name State IP PP PB DP DB PR DR FPP FPB FPR
----------------------------------------------------------------------------------------
traffic-rule Enabled 1.1.1.1 726 75502 4 2961 703.3 497 595 6632 664.1
----------------------------------------------------------------------------------------
traffic-rule2 Enabled 1.1.1.5 756 74502 4 2901 712 488 595 6632 664.1
----------------------------------------------------------------------------------------
traffic-rule3 Enabled 1.1.1.8 756 74502 4 2951 712 488 595 6632 664.1
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
Table 1 Command output
Field |
Description |
Codes |
Acronyms for fields: · PP(Passed Packets)—Number of packets permitted by the traffic rule. · PB(Passed Bytes)—Number of bytes permitted by the traffic rule. · DP(Dropped Packets)—Number of packets dropped by the traffic rule. · DB(Dropped Bytes)—Number of bytes dropped by the traffic rule. · PR(Passed Rate:kbps)—Rate of packets permitted by the traffic rule, in kbps. · DR(Drop Rate:kbps)—Rate of packets dropped by the traffic rule, in kbps. · FPP(Final Passed Packets)—Number of packets permitted by both the traffic rule and interface bandwidth. · FPB(Final Passed Bytes)—Number of bytes permitted by both the traffic rule and interface bandwidth. · FPR(Final Passed Rate:kbps)—Rate of packets permitted by both the traffic rule and interface bandwidth, in kbps. In the case of rule nesting, the actual values of the FPP, FPB, and FPR fields are displayed only if you specify the lowest-level traffic rule in the display traffic-policy statistics bandwidth command. If you specify a non-lowest-level traffic rule, the value 0 is displayed for these fields. |
display traffic-policy statistics connection-limit
Use display traffic-policy statistics connection-limit to display connection limit statistics.
Syntax
In standalone mode:
display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } }
In IRF mode:
display traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
per-ip: Displays per-IP connection limit statistics.
ipv4: Displays per-IP connection limit statistics for IPv4 addresses.
ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays connection limit statistics for all IPv4 addresses of the specified traffic rule.
ipv6: Displays per-IP connection limit statistics for IPv6 addresses.
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays connection limit statistics for all IPv6 addresses of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
per-rule: Displays per-rule connection limit statistics.
rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays per-rule connection limit statistics for all traffic rules.
per-user: Displays per-user connection limit statistics.
user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command displays per-user connection limit statistics for all users of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays connection limit statistics for all member devices. (In IRF mode.)
Usage guidelines
You can identify whether a traffic rule works as configured by displaying the connection limit statistics for the traffic rule.
Examples
# (In standalone mode.) Display per-rule connection limit statistics for traffic rule traffic-rule.
<Sysname> display traffic-policy statistics connection-limit per-rule traffic-rule
Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)
----------------------------------------------------------------------------------------
Rule name State Profile name CC RC CL RRC RR PR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 200 300 200 200 300 200
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In IRF mode.) Display per-rule connection limit statistics for traffic rule traffic-rule.
<Sysname> display traffic-policy statistics connection-limit per-rule traffic-rule
Slot 1:
Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)
----------------------------------------------------------------------------------------
Rule name State Profile name CC RC CL RRC RR PR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 200 300 200 200 300 200
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In standalone mode.) Display per-user connection limit statistics for all users of traffic rule traffic-rule.
<Sysname> display traffic-policy statistics connection-limit per-user rule traffic-rule
Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)
----------------------------------------------------------------------------------------
Rule name State Profile name User ID User name CC RC CL RRC RR PR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 0x3d user1 200 300 200 200 300 200
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
# (In IRF mode.) Display per-user connection limit statistics for all users of traffic rule traffic-rule.
<Sysname> display traffic-policy statistics connection-limit per-user rule traffic-rule
Slot 1:
Codes: CC(Current Connection), RC(Rejective Connection), CL(Current Limit), RRC(Rate Rejective Connection), RR(Rejective Rate), PR(Pass Rate)
----------------------------------------------------------------------------------------
Rule name State Profile name User ID User name CC RC CL RRC RR PR
----------------------------------------------------------------------------------------
traffic-rule Enabled profile1 0x3d user1 200 300 200 200 300 200
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
Table 2 Command output
Field |
Description |
Codes |
Acronyms for fields: · CC (current connections)—Number of current connections. · RC (rejected connections)—Number of connections rejected after the number of current connections reached the limit. · CL (connection limit)—Maximum number of connections allowed. · RRC(Rate Rejective Connection)—Number of connections rejected after the connection establishment rate reached the limit. · RR(Rejective Rate)—Rate of connections rejected, in connections per second. · PR(Pass Rate)—Rate of connections established, in connections per second. |
display traffic-policy statistics rule-hit
Use display traffic-policy statistics rule-hit to display rule-hit statistics.
Syntax
In standalone mode:
display traffic-policy statistics rule-hit [ rule rule-name ]
In IRF mode:
display traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command displays rule-hit statistics for all traffic rules.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays rule-hit statistics for all member devices. (In IRF mode.)
Examples
# (In standalone mode.) Display rule-hit statistics for all traffic rules.
<Sysname> display traffic-policy statistics rule-hit
----------------------------------------------------------------------------------------
Rule ID Rule name State Profile ID Profile name Hit
----------------------------------------------------------------------------------------
201 traffic-rule Enabled 21 profile1 11111
----------------------------------------------------------------------------------------
202 traffic-rule1 Enabled 22 profile2 11112
----------------------------------------------------------------------------------------
203 traffic-rule2 Enabled 23 profile1 11565
----------------------------------------------------------------------------------------
# (In IRF mode.) Display rule-hit statistics for all traffic rules.
<Sysname> display traffic-policy statistics rule-hit
Slot 1:
----------------------------------------------------------------------------------------
Rule ID Rule name State Profile ID Profile name Hit
----------------------------------------------------------------------------------------
201 traffic-rule Enabled 21 profile1 11111
----------------------------------------------------------------------------------------
202 traffic-rule1 Enabled 22 profile2 11112
----------------------------------------------------------------------------------------
203 traffic-rule2 Enabled 23 profile1 11565
----------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------
Table 3 Command output
Field |
Description |
Hit |
Number of times that a rule is matched. |
dscp
Use dscp to configure a DSCP priority as a match criterion.
Use undo dscp to remove all DSCP priority match criteria.
Syntax
dscp dscp-value
undo dscp
Default
No DSCP priority is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP priority, which can only be a keyword in Table 4.
Keyword |
DSCP value (binary) |
DSCP value (decimal) |
default |
000000 |
0 |
af11 |
001010 |
10 |
af12 |
001100 |
12 |
af13 |
001110 |
14 |
af21 |
010010 |
18 |
af22 |
010100 |
20 |
af23 |
010110 |
22 |
af31 |
011010 |
26 |
af32 |
011100 |
28 |
af33 |
011110 |
30 |
af41 |
100010 |
34 |
af42 |
100100 |
36 |
af43 |
100110 |
38 |
cs1 |
001000 |
8 |
cs2 |
010000 |
16 |
cs3 |
011000 |
24 |
cs4 |
100000 |
32 |
cs5 |
101000 |
40 |
cs6 |
110000 |
48 |
cs7 |
111000 |
56 |
ef |
101110 |
46 |
Examples
# Configure DSCP priority af11 as a match criterion in traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] dscp af11
profile name
Use profile name to create a traffic profile and enter its view, or enter the view of an existing traffic profile.
Use undo profile name to delete a traffic profile.
Syntax
profile name profile-name
undo profile name profile-name
Default
No traffic profile exists.
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
profile-name: Specifies a name for the traffic profile, a case-insensitive string of 1 to 63 characters.
Usage guidelines
A traffic profile defines the bandwidth resources that can be used and takes effect after it is specified for a traffic rule.
Examples
# Create a traffic profile named profile1 and enter traffic profile view.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1]
Related commands
Action
profile reference-mode
Use profile reference-mode to set the reference mode for a traffic profile.
Use undo profile reference-mode to restore the default.
Syntax
profile reference-mode { per-rule | rule-shared }
undo profile reference-mode
Default
The reference mode for a traffic profile is per-rule.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
per-rule: Specifies that each traffic rule that uses the traffic profile can reach the bandwidth limits and connection limits specified in the profile.
rule-shared: Specifies that all traffic rules that use the traffic profile share the bandwidth limits and connection limits specified in the profile.
Usage guidelines
After a traffic profile is specified for a traffic rule, the bandwidth limits and connection limits in the profile take effect. The reference mode for a traffic profile can be per-rule or rule-shared.
Examples
# Set the reference mode to rule-shared for traffic profile profile1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] profile reference-mode rule-shared
profile rename
Use profile rename to rename a traffic profile.
Syntax
profile rename old-name new-name
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
old-name: Specifies the old name of the traffic profile, a case-insensitive string of 1 to 63 characters.
new-name: Specifies a new name for the traffic profile, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.
Examples
# Create a traffic profile named profile1, and rename traffic profile profile1 as profile2.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] quit
[Sysname-traffic-policy] profile rename profile1 profile2
remark dscp
Use remark dscp to mark the DSCP priority for packets of a traffic profile.
Use undo remark dscp to restore the default.
Syntax
remark dscp dscp-value
undo remark dscp
Default
The DSCP priority for packets of a traffic profile is not marked.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP priority, which can only be a keyword in Table 4.
Usage guidelines
Network devices can classify traffic by using DSCP priorities and provide different treatment for packets with different DSCP priorities.
Examples
# Mark DSCP priority af22 for packets of traffic profile profile1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] remark dscp af22
Related commands
profile name
reset traffic-policy statistics bandwidth
Use reset traffic-policy statistics bandwidth to clear traffic statistics for traffic rules.
Syntax
In standalone mode:
reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name }
In IRF mode:
reset traffic-policy statistics bandwidth { downstream | total | upstream } { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
downstream: Specifies downstream traffic.
total: Specifies both downstream traffic and upstream traffic.
upstream: Specifies upstream traffic.
per-ip: Clears per-IP traffic statistics.
ipv4: Clears per-IP traffic statistics for IPv4 addresses.
ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command clears per-IP traffic statistics for all IPv4 addresses of the specified traffic rule.
ipv6: Clears per-IP traffic statistics for IPv6 addresses.
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command clears per-IP traffic statistics for all IPv6 addresses of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
per-rule: Clears per-rule traffic statistics.
rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears per-rule traffic statistics for all traffic rules.
per-user: Clears per-user traffic statistics.
user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command clears per-user traffic statistics for all users of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears traffic statistics for all member devices. (In IRF mode.)
Examples
# (In standalone mode.) Clear per-rule upstream traffic statistics for traffic rule traffic-rule.
<Sysname> reset traffic-policy statistics bandwidth upstream per-rule traffic-rule
Succeeded in clearing the bandwidth statistics.
# (In IRF mode.) Clear per-rule upstream traffic statistics for traffic rule traffic-rule on a slot.
<Sysname> reset traffic-policy statistics bandwidth upstream per-rule traffic-rule slot 1
Succeeded in clearing the bandwidth statistics.
reset traffic-policy statistics connection-limit
Use reset traffic-policy statistics connection-limit to clear connection limit statistics.
Syntax
In standalone mode:
reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } }
In IRF mode:
reset traffic-policy statistics connection-limit { per-ip { ipv4 [ ipv4-address ] | ipv6 [ ipv6-address ] } rule rule-name | per-rule [ rule-name ] | per-user [ user user-name ] rule rule-name } } [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
per-ip: Clears per-IP connection limit statistics.
ipv4: Clears per-IP connection limit statistics for IPv4 addresses.
ipv4-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command clears connection limit statistics for all IPv4 addresses of the specified traffic rule.
ipv6: Clears per-IP connection limit statistics for IPv6 addresses.
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command clears connection limit statistics for all IPv6 addresses of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
per-rule: Clears per-rule connection limit statistics.
rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears per-rule connection limit statistics for all traffic rules.
per-user: Clears per-user connection limit statistics.
user user-name: Specifies a user by its name, a case-insensitive string of 1 to 55 characters. If you do not specify a user, this command clears per-user connection limit statistics for all users of the specified traffic rule.
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears connection limit statistics for all member devices. (In IRF mode.)
Examples
# (In standalone mode.) Clear per-rule connection limit statistics for traffic rule traffic-rule.
<Sysname> reset traffic-policy statistics connection-limit per-rule traffic-rule
Succeeded in clearing the connection-limit statistics.
# (In IRF mode.) Clear per-rule connection limit statistics for traffic rule traffic-rule on a slot.
<Sysname> reset traffic-policy statistics connection-limit per-rule traffic-rule slot 1
Succeeded in clearing the connection-limit statistics.
reset traffic-policy statistics rule-hit
Use reset traffic-policy statistics rule-hit to clear rule-hit statistics.
Syntax
In standalone mode:
reset traffic-policy statistics rule-hit [ rule rule-name ]
In IRF mode:
reset traffic-policy statistics rule-hit [ rule rule-name ] [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
rule rule-name: Specifies a traffic rule by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a traffic rule, this command clears rule-hit statistics for all traffic rules.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears rule-hit statistics for all member devices. (In IRF mode.)
Examples
# (In standalone mode.) Clear rule-hit statistics for traffic rule traffic-rule.
<Sysname> reset traffic-policy statistics rule-hit rule traffic-rule
Succeeded in clearing the rule-hit statistics.
# (In IRF mode.) Clear rule-hit statistics for traffic rule traffic-rule on a slot.
<Sysname> reset traffic-policy statistics rule-hit rule traffic-rule slot 1
Succeeded in clearing the rule-hit statistics.
rule copy
Use rule copy to copy a traffic rule.
Syntax
rule copy rule-name new-rule-name
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
rule-name: Specifies a traffic rule to be copied by its name, a case-insensitive string of 1 to 63 characters.
new-rule-name: Specifies a name for the new traffic rule, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.
Usage guidelines
If a traffic rule to be created is similar to an existing traffic rule, create the traffic rule by copying the existing traffic rule and then modify it. The new traffic rule is placed next to the copied traffic rule.
If a traffic rule to be copied has child traffic rules, only the parent traffic rule is copied.
Examples
# Create a traffic rule named rule2 by copying traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule copy rule1 rule2
rule move
Use rule move to move a traffic rule to a new position.
Syntax
rule move rule-name1 { after | before } rule-name2
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
rule-name1: Specifies a traffic rule to be moved by its name, a case-insensitive string of 1 to 63 characters. The traffic rule can be a parent or child traffic rule.
after: Moves the specified traffic rule to the position after a target traffic rule.
before: Moves the specified traffic rule to the position before a target traffic rule.
rule-name2: Specifies the target traffic rule by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
The device matches traffic with traffic rules in their order of appearance on the device. When a traffic rule is matched, the matching process ends and the device applies the traffic profile specified for the traffic rule to the traffic. If no traffic rule is matched, the device forwards the traffic.
To ensure reasonable, precise bandwidth management, configure traffic rules in ascending order of granularity. If the traffic rules are not in ascending order of granularity, you can use the rule move command to change the position of them.
You can move child traffic rules only within their parent traffic rule.
Examples
# Create two traffic rules named rule1 and rule2, and move rule1 to the position after rule2.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] quit
[Sysname-traffic-policy] rule name rule2
[Sysname-traffic-policy-rule-rule2] quit
[Sysname-traffic-policy] rule move rule1 after rule2
rule name
Use rule name to create a traffic rule and enter its view, or enter the view of an existing traffic rule.
Use undo rule name to delete a traffic rule.
Syntax
rule name rule-name [ parent parent-rule-name ]
undo rule name rule-name
Default
No traffic rule exists.
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
rule-name: Specifies a name for the traffic rule, a case-insensitive string of 1 to 63 characters.
parent parent-rule-name: Specifies a parent traffic rule by its name, a case-insensitive string of 1 to 63 characters. To successfully create the traffic rule, make sure the parent traffic rule already exists.
Usage guidelines
You can configure multiple traffic rules in the traffic policy. For a traffic rule, you can configure match criteria to match packets and specify the traffic profile to apply to matching packets. The device matches traffic rules in their order of appearance on the device. When a traffic rule is matched, the matching process ends and the device applies the traffic profile for the traffic rule to the traffic. If no traffic rule is matched, the device forwards the traffic.
For a new traffic rule to inherit the match criteria of an existing traffic rule, specify the existing traffic rule as the parent of the new traffic rule.
A level-4 rule cannot act as a parent rule
You can specify a parent traffic rule only when creating a traffic rule. You cannot add or modify a parent traffic rule for an existing traffic rule.
Examples
# Create a traffic rule named rule1 and enter traffic rule view.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1]
rule rename
Use rule rename to rename a traffic rule.
Syntax
rule rename old-rule-name new-rule-name
Views
Traffic policy view
Predefined user roles
network-admin
Parameters
old-rule-name: Specifies the old name of the traffic rule, a case-insensitive string of 1 to 63 characters.
new-rule-name: Specifies a new name for the traffic rule, a case-insensitive string of 1 to 63 characters. The new name cannot be an existing traffic profile name.
Examples
# Create a traffic rule named rule1, and rename traffic rule rule1 as rule2.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] quit
[Sysname-traffic-policy] rule rename rule1 rule2
time-range
Use time-range to specify a time range during which a traffic rule is in effect.
Use undo time-range to restore the default.
Syntax
time-range time-range-name
undo time-range
Default
A traffic rule is in effect at any time.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
time-range-name: Specifies a time range by its name, a case-insensitive string of 1 to 32 characters.
Examples
# Specify time range work-time for traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] time-range work-time
Related commands
time-range
traffic-policy
Use traffic-policy to enter traffic policy view.
Syntax
traffic-policy
Views
System view
Predefined user roles
network-admin
Usage guidelines
In traffic policy view, you can create and manage traffic rules.
Examples
# Enter traffic policy view.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy]
traffic-priority
Use traffic-priority to set the traffic priority for a traffic profile.
Use undo traffic-priority to restore the default.
Syntax
traffic-priority priority-value
undo traffic-priority
Default
The traffic priority is 1 for a traffic profile.
Views
Traffic profile view
Predefined user roles
network-admin
Parameters
priority-value: Specifies the priority value in the range of 1 to 7. The larger the priority value, the higher the priority.
Usage guidelines
When an interface is congested with packets of multiple traffic profiles, packets with higher priority are sent first. Packets with the same priority have the same chance of being forwarded.
Examples
# Set the traffic priority to 7 for traffic profile profile1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] profile name profile1
[Sysname-traffic-policy-profile-profile1] traffic-priority 7
Related commands
profile name
user
Use user to configure a username as a match criterion.
Use undo user to delete a username match criterion.
Syntax
user user-name [ domain domain-name ]
undo user user-name [ domain domain-name ]
Default
No username is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
user-name: Specifies a username, a case-insensitive string of 1 to 55 characters. The username cannot be a, al, or all, and cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@).
domain domain-name: Matches the user in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters. The identity domain name cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@). If you do not specify this option, the system matches the user among users that do not belong to any identity domain. For more information about identity domains, see user identification in Security Configuration Guide.
Usage guidelines
A username corresponds to changing IP addresses. This command implements per-user bandwidth management and facilitates bandwidth management for mobile Internet users whose IP addresses change.
Examples
# Configure username managers as a match criterion in traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] user managers
# Configure username user1 in identity domain dpi as a match criterion in traffic rule myrule.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name myrule
[Sysname-traffic-policy-rule-myrule] user user1 domain dpi
Related commands
local-user (Security Command Reference)
user-identity enable (Security Command Reference)
user-identity static-user (Security Command Reference)
user-group
Use user-group to configure a user group as a match criterion.
Use undo user-group to delete a user group match criterion.
Syntax
user-group user-group-name [ domain domain-name ]
undo user-group user-group-name [ domain domain-name ]
Default
No user group is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
user-group-name: Specifies a user group by its name, a case-insensitive string of 1 to 32 characters.
domain domain-name: Matches the user group in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters. The identity domain name cannot contain the following special characters: backslashes (\), vertical bars (|), slash (/), colon (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), and at signs (@). If you do not specify this option, the system matches the user group among user groups that do not belong to any identity domain. For more information about identity domains, see user identification in Security Configuration Guide.
Usage guidelines
A user group corresponds to changing IP addresses. This command implements per-user-group bandwidth management and facilitates bandwidth management for mobile Internet users whose IP addresses change.
Examples
# Configure user group mak as a match criterion in traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] user-group mak
# Configure user group usergroup1 in identity domain dpi as a match criterion in traffic rule myrule.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name myrule
[Sysname-traffic-policy-rule-myrule] user-group usergroup1 domain dpi
Related commands
user-group (Security Command Reference)
user-identity enable (Security Command Reference)
wlan ssid
Use wlan ssid to configure an SSID as a match criterion.
Use undo wlan ssid to delete an SSID match criterion.
Syntax
wlan ssid ssid-name
undo wlan ssid ssid-name
Default
No SSID is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
ssid-name: Specifies an SSID by its name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
This command matches the packets of users that use the specified SSID. You can configure this command multiple times to specify multiple SSIDs.
Examples
# Configure SSID service as a match criterion in traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] wlan ssid service
wlan user-profile
Use wlan user-profile to configure a user profile as a match criterion.
Use undo wlan user-profile to delete a user profile match criterion.
Syntax
wlan user-profile profile-name
undo wlan user-profile profile-name
Default
No user profile is used as a match criterion.
Views
Traffic rule view
Predefined user roles
network-admin
Parameters
profile-name: Specifies a user profile by its name, a case-sensitive string of 1 to 31 characters. The name must begin with a letter and can only contain letters, digits, and underscores (_).
Usage guidelines
When a user accesses the device, the authentication server first authenticates the user. If the user passes authentication, the authentication server sends to the device the name of the user profile bound to the user account. Then, the device can perform bandwidth management on the user according to the settings of the user profile.
This command takes effect only on wireless users. You can configure this command multiple times to specify multiple user profiles.
Examples
# Configure user profile user as a match criterion in traffic rule rule1.
<Sysname> system-view
[Sysname] traffic-policy
[Sysname-traffic-policy] rule name rule1
[Sysname-traffic-policy-rule-rule1] wlan user-profile user