This command does not take effect if the hardware resources are insufficient. When the hardware resources become sufficient, the following operations will make ACL acceleration take effect:

· Execute the accelerate command again.

· Modify, add, or delete rules for the ACL.

You can modify, add, or delete rules for an accelerated ACL. The rule adding or modification operation fails if the hardware resources are insufficient. The failure does not affect the accelerated ACL.

Examples

# Enable ACL acceleration for ACL 2000.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] accelerate

Related commands

display acl accelerate

acl

Use acl to create an ACL and enter its view, or enter the view of an existing ACL.

Use undo acl to delete the specified or all ACLs.

Syntax

acl [ ipv6 ] { advanced | basic } { acl-number | name acl-name } [ match-order { auto | config } ]

acl mac { acl-number | name acl-name } [ match-order { auto | config } ]

undo acl [ ipv6 ] { all | { advanced | basic } { acl-number | name acl-name } }

undo acl mac { all | acl-number | name acl-name }

Default

No ACLs exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

basic: Specifies the basic ACL type.

advanced: Specifies the advanced ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Assigns a number to the ACL. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Assigns a name to the ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.

match-order: Specifies the order in which ACL rules are compared against packets.

· auto: Compares ACL rules in depth-first order.

· config: Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has a higher priority. If you do not specify a match order, the config order applies by default.

all: Specifies all ACLs of the specified type.

Usage guidelines

If you do not specify the ipv6 or mac keyword, you are creating an IPv4 ACL.

You can change the match order only for ACLs that do not contain any rules.

Matching packets are forwarded through slow forwarding if an ACL rule contains match criteria or has functions enabled in addition to the following match criteria and functions:

· Source and destination IP addresses.

· Source and destination ports.

· Transport layer protocol.

· ICMP or ICMPv6 message type, message code, and message name.

· VPN instance.

· Logging.

· Time range.

Slow forwarding requires packets to be sent to the control plane for forwarding entry calculation, which affects the device forwarding performance.

Examples

# Create IPv4 basic ACL 2000 and enter its view.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000]

# Create IPv4 basic ACL flow and enter its view.

<Sysname> system-view

[Sysname] acl basic name flow

[Sysname-acl-ipv4-basic-flow]

# Create IPv4 advanced ACL 3000 and enter its view.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000]

# Create IPv6 basic ACL 2000 and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 basic 2000

[Sysname-acl-ipv6-basic-2000]

# Create IPv6 basic ACL flow and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 basic name flow

[Sysname-acl-ipv6-basic-flow]

# Create IPv6 advanced ACL abc and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 advanced name abc

[Sysname-acl-ipv6-adv-abc]

# Create Layer 2 ACL 4000 and enter its view.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname-acl-mac-4000]

# Create Layer 2 ACL flow and enter its view.

<Sysname> system-view

[Sysname] acl mac name flow

[Sysname-acl-mac-flow]

Related commands

display acl

acl copy

Use acl copy to create an ACL by copying an ACL that already exists.

Syntax

acl [ ipv6 | mac ] copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

source-acl-number: Specifies an existing source ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name source-acl-name: Specifies an existing source ACL by its name. The source-acl-name argument is a case-insensitive string of 1 to 63 characters.

dest-acl-number: Assigns a unique number to the new ACL. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name dest-acl-name: Assigns a unique name to the new ACL. The dest-acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.

Usage guidelines

The new ACL and the source ACL must be the same type.

The new ACL has the same properties and content as the source ACL, but uses a different number or name from the source ACL.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

Examples

# Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001.

<Sysname> system-view

[Sysname] acl copy 2001 to 2002

# Create IPv4 basic ACL paste by copying IPv4 basic ACL test.

<Sysname> system-view

[Sysname] acl copy name test to name paste

acl logging interval

Use acl logging interval to enable logging for packet filtering and set the interval.

Use undo acl logging interval to restore the default.

Syntax

acl logging interval interval

undo acl logging interval

Default

The interval is 0. The device does not generate log entries for packet filtering.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which log entries are generated and output. It must be a multiple of 5, in the range of 0 to 1440 minutes. To disable the logging, set the value to 0.

Usage guidelines

The logging feature is available for IPv4 or IPv6 ACL rules that have the logging keyword.

You can configure the ACL module to generate log entries for packet filtering and output them to the information center at the output interval. The log entry records the number of matching packets and the matched ACL rules. When the first packet of a flow matches an ACL rule, the output interval starts, and the device immediately outputs a log entry for this packet. When the output interval ends, the device outputs a log entry for subsequent matching packets of the flow. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Configure the device to generate and output packet filtering log entries every 10 minutes.

<Sysname> system-view

[Sysname] acl logging interval 10

Related commands

rule (IPv4 advanced ACL view)

rule (IPv4 basic ACL view)

rule (IPv6 advanced ACL view)

rule (IPv6 basic ACL view)

acl trap interval

Use acl trap interval to enable SNMP notifications for packet filtering and set the interval.

Use undo acl interval to restore the default.

Syntax

acl trap interval interval

undo acl trap interval

Default

The interval is 0. The device does not generate SNMP notifications for packet filtering.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval at which SNMP notifications are generated and output. It must be a multiple of 5, in the range of 0 to 1440 minutes. To disable SNMP notifications, set the value to 0.

Usage guidelines

The SNMP notifications feature is available for IPv4 or IPv6 ACL rules that have the logging keyword.

You can configure the ACL module to generate SNMP notifications for packet filtering and output them to the SNMP module at the output interval. The notification records the number of matching packets and the matched ACL rules. When the first packet of a flow matches an ACL rule, the output interval starts, and the device immediately outputs a notification for this packet. When the output interval ends, the device outputs a notification for subsequent matching packets of the flow. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

Examples

# Configure the device to generate and output packet filtering SNMP notifications every 10 minutes.

<Sysname> system-view

[Sysname] acl trap interval 10

Related commands

rule (IPv4 advanced ACL view)

rule (IPv4 basic ACL view)

rule (IPv6 advanced ACL view)

rule (IPv6 basic ACL view)

description

Use description to configure a description for an ACL.

Use undo description to delete an ACL description.

Syntax

description text

undo description

Default

An ACL does not have a description.

Views

IPv4 basic/advanced ACL view

IPv6 basic/advanced ACL view

Layer 2 ACL view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters.

Examples

# Configure a description for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] description This is an IPv4 basic ACL.

Related commands

display acl

Use display acl to display ACL configuration and match statistics.

Syntax

display acl [ ipv6 | mac ] { acl-number | all | name acl-name }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

all: Specifies all ACLs of the specified type.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command displays ACL rules in config or auto order, whichever is configured.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

Examples

# Display configuration and match statistics for all IPv4 ACLs.

<Sysname> display acl all

Basic IPv4 ACL 2001, 2 rules, match-order is auto,

This is an IPv4 basic ACL.

ACL's step is 5

ACL accelerated

rule 5 permit source 1.1.1.1 0 (5 times matched)

rule 5 comment This rule is used on GigabitEthernet 1/0/1.

rule 10 permit source object-group permit (5 times matched)

Advanced IPv4 ACL 3001, 1 rule,

ACL's step is 5

rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255

Table 1 Command output

Field	Description
Basic IPv4 ACL 2001	Type and number of the ACL. The following field information is about IPv4 basic ACL 2001.
2 rules	The ACL contains two rules.
match-order is auto	The match order for the ACL is auto, which sorts ACL rules in depth-first order. This field is not displayed when the match order is config.
This is an IPv4 basic ACL.	Description of the ACL.
ACL's step is 5	The rule numbering step is 5.
ACL accelerated	ACL acceleration is enabled for the ACL.
rule 5 permit source 1.1.1.1 0	Content of rule 5. The rule permits packets sourced from the IP address 1.1.1.1.
rule 10 permit source object-group permit	Content of rule 10. The rule permits packets sourced from the object group permit.
5 times matched	The rule has been matched for five times. Only matches performed in software are counted. This field is not displayed when no packets matched the rule.
rule 5 comment This rule is used on GigabitEthernet 1/0/1.	Comment of rule 5.

display acl accelerate

Use display acl accelerate to display ACL acceleration status.

Syntax

Centralized devices in standalone mode:

display acl accelerate { summary [ ipv6 | mac ] | verbose [ ipv6 | mac ] { acl-number | name acl-name } }

Distributed devices in standalone mode/centralized devices in IRF mode:

display acl accelerate { summary [ ipv6 | mac ] | verbose [ ipv6 | mac ] { acl-number | name acl-name } slot slot-number }

Distributed devices in IRF mode:

display acl accelerate { summary [ ipv6 | mac ] | verbose [ ipv6 | mac ] { acl-number | name acl-name } chassis chassis-number slot slot-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

summary: Displays summary information about ACL acceleration status.

verbose: Displays detailed information about ACL acceleration status.

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies a card by its slot number. The specified card must be the card where the acceleration chip resides. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device. The slot-number argument represents the ID of the IRF member device. The specified device must be the device where the acceleration chip resides. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device. The slot-number argument represents the number of the slot that holds the card. The specified card must be the card where the acceleration chip resides. (Distributed devices in IRF mode.)

Usage guidelines

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

Examples

# Display summary information about ACL acceleration status.

<Sysname> display acl accelerate summary

Basic IPv4 ACL 2000

# Display detailed information about ACL acceleration status.

<Sysname> display acl accelerate verbose 2000

Basic IPv4 ACL 2000.

rule 0 permit

rule 1 deny

Table 2 Command output

Field	Description
failed	ACL acceleration for the rule failed, and the rule is not effective.

display packet-filter

Use display packet-filter to display ACL application information for packet filtering.

Syntax

Centralized devices in standalone mode:

display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | zone-pair security [ source source-zone-name destination destination-zone-name ] }

Distributed devices in standalone mode/centralized devices in IRF mode:

display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | zone-pair security [ source source-zone-name destination destination-zone-name ] } [ slot slot-number ]

Distributed devices in IRF mode:

display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | zone-pair security [ source source-zone-name destination destination-zone-name ] } [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If you do not specify an interface, this command displays ACL application information for packet filtering on all interfaces except VA interfaces. For information about VA interfaces, see PPPoE in Layer 2—WAN Access Configuration Guide..

zone-pair security [ source source-zone-name destination destination-zone-name ]: Specifies a zone pair. The source-zone-name argument specifies a source security zone by its name. The destination-zone-name argument specifies a destination security zone by its name. The security zone name is a case-insensitive string of 1 to 31 characters.

The following matrix shows the zone-pair security [ source source-zone-name destination destination-zone-name ] option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ACL application information for packet filtering for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ACL application information for packet filtering for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays ACL application information for packet filtering for the global active MPU. (Distributed devices in IRF mode.)

Usage guidelines

This command displays ACL application information for zone pair-based packet filtering in the direction of source security zone to destination security zone.

This command displays ACL application information for interface-based packet filtering in both directions if neither the inbound keyword nor the outbound keyword is specified.

Examples

# Display ACL application information for inbound packet filtering on interface GigabitEthernet 1/0/1.

<Sysname> display packet-filter interface gigabitethernet 1/0/1 inbound

Interface: GigabitEthernet1/0/1

Inbound policy:

IPv4 ACL 2001

IPv6 ACL 2002 (Failed)

MAC ACL 4003 (Failed)

IPv4 default action: Deny

IPv6 default action: Deny

MAC default action: Deny

# Display ACL application information for packet filtering from source security zone office to destination security zone library.

<Sysname> display packet-filter zone-pair security source office destination library

Zone-pair: source office destination library

IPv4 ACL 2001

IPv4 ACL 2002

Table 3 Command output

Field	Description
Interface	Interface to which the ACL applies.
Zone-pair	Zone pair to which the ACL applies.
Inbound policy	ACL used for filtering incoming traffic.
Outbound policy	ACL used for filtering outgoing traffic.
IPv4 ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
IPv6 ACL 2002 (Failed)	The device has failed to apply IPv6 basic ACL 2002.
IPv4 default action	Packet filter default action for packets that do not match any IPv4 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
IPv6 default action	Packet filter default action for packets that do not match any IPv6 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
MAC default action	Packet filter default action for packets that do not match any Layer 2 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.

display packet-filter statistics

Use display packet-filter statistics to display packet filtering statistics.

Syntax

display packet-filter statistics { interface interface-type interface-number { inbound | outbound } [ default | [ ipv6 | mac ] { acl-number | name acl-name } ] | zone-pair security source source-zone-name destination destination-zone-name [ [ ipv6 ] { acl-number | name acl-name } ] } [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

zone-pair security source source-zone-name destination destination-zone-name: Specifies a zone pair. The source-zone-name argument specifies a source security zone by its name. The destination-zone-name argument specifies a destination security zone by its name. The security zone name is a case-insensitive string of 1 to 31 characters.

The following matrix shows the zone-pair security source source-zone-name destination destination-zone-name option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

default: Displays the default action statistics for packet filtering.

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

brief: Displays brief statistics.

Usage guidelines

If default, acl-number, name acl-name, ipv6, or mac is not specified, this command displays packet filtering statistics for all ACLs.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

This command displays statistics on a zone pair in the direction of source security zone to destination security zone.

Examples

# Display packet filtering statistics for all ACLs and default action statistics on incoming packets of GigabitEthernet 1/0/1.

<Sysname> display packet-filter statistics interface gigabitethernet 1/0/1 inbound

Interface: GigabitEthernet1/0/1

Inbound policy:

IPv4 ACL 2001

From 2011-06-04 10:25:21 to 2011-06-04 10:35:57

rule 0 permit source 2.2.2.2 0 (2 packets)

rule 5 permit source 1.1.1.1 0 (Failed)

rule 10 permit vpn-instance test (No resource)

Totally 2 packets permitted, 0 packets denied

Totally 100% permitted, 0% denied

IPv6 ACL 2000

MAC ACL 4000

From 2011-06-04 10:25:34 to 2011-06-04 10:35:57

rule 0 permit

IPv4 default action: Deny

From 2011-06-04 10:25:21 to 2011-06-04 10:35:57

Totally 7 packets

IPv6 default action: Deny

From 2011-06-04 10:25:41 to 2011-06-04 10:35:57

Totally 0 packets

MAC default action: Deny

From 2011-06-04 10:25:34 to 2011-06-04 10:35:57

Totally 0 packets

# Display packet filtering statistics for IPv4 advanced ACL 3001 on packets from source security zone office to destination security zone library.

<Sysname> display packet-filter statistics zone-pair security source office destination library 3001

Zone-pair: source office destination library

IPv4 ACL 3001

rule 0 permit source 2.2.2.2 0

rule 5 permit source 1.1.1.1 0 counting (2 packets)

rule 10 permit vpn-instance test (Failed)

Totally 2 packets permitted, 0 packets denied

Totally 100% permitted, 0% denied

Table 4 Command output

Field	Description
Interface	Interface to which the ACL applies.
Zone-pair	Zone pair to which the ACL applies.
Inbound policy	ACL used for filtering incoming traffic.
Outbound policy	ACL used for filtering outgoing traffic.
IPv4 ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
IPv4 ACL 2002 (Failed)	The device has failed to apply IPv4 basic ACL 2002.
From 2011-06-04 10:25:21 to 2011-06-04 10:35:57	Start time and end time of the statistics.
2 packets	Two packets matched the rule. This field is not displayed when no packets matched the rule.
No resource	Resources are not enough for counting matches for the rule.
rule 5 permit source 1.1.1.1 0 (Failed)	The device has failed to apply rule 5.
Totally 2 packets permitted, 0 packets denied	Number of packets permitted and denied by the ACL.
Totally 100% permitted, 0% denied	Ratios of permitted and denied packets to all packets.
IPv4 default action	Packet filter default action for packets that do not match any IPv4 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
IPv6 default action	Packet filter default action for packets that do not match any IPv6 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
MAC default action	Packet filter default action for packets that do not match any Layer 2 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
Totally 7 packets	The default action has been executed on seven packets.

Related commands

reset packet-filter statistics

display packet-filter statistics sum

Use display packet-filter statistics sum to display accumulated packet filtering statistics for an ACL.

Syntax

display packet-filter statistics sum { inbound | outbound } [ ipv6 | mac ] { acl-number | name acl-name } [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

brief: Displays brief statistics.

Usage guidelines

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

Examples

# Display accumulated packet filtering statistics for IPv4 basic ACL 2001 on incoming packets.

<Sysname> display packet-filter statistics sum inbound 2001

Sum:

Inbound policy:

IPv4 ACL 2001

rule 0 permit source 2.2.2.2 0 (2 packets)

rule 5 permit source 1.1.1.1 0

rule 10 permit vpn-instance test

Totally 2 packets permitted, 0 packets denied

Totally 100% permitted, 0% denied

# Display brief accumulated packet filtering statistics for IPv4 basic ACL 2000 on incoming packets.

<Sysname> display packet-filter statistics sum inbound 2000 brief

Sum:

Inbound policy:

IPv4 ACL 2000

Totally 2 packets permitted, 0 packets denied

Totally 100% permitted, 0% denied

Table 5 Command output

Field	Description
Sum	Accumulated packet filtering statistics.
Inbound policy	Accumulated packet filtering statistics in the inbound direction.
Outbound policy	Accumulated packet filtering statistics in the outbound direction.
IPv4 ACL 2001	Accumulated packet filtering statistics of IPv4 basic ACL 2001.
2 packets	Two packets matched the rule. This field is not displayed when no packets matched the rule.
Totally 2 packets permitted, 0 packets denied	Number of packets permitted and denied by the ACL.
Totally 100% permitted, 0% denied	Ratios of permitted and denied packets to all packets.

Related commands

reset packet-filter statistics

display packet-filter verbose

Use display packet-filter verbose to display ACL application details for packet filtering.

Syntax

Centralized devices in standalone mode:

display packet-filter verbose { interface interface-type interface-number { inbound | outbound } [ [ ipv6 | mac ] { acl-number | name acl-name } ] | zone-pair security source source-zone-name destination destination-zone-name [ [ ipv6 ] { acl-number | name acl-name } ] }

Distributed devices in standalone mode/centralized devices in IRF mode:

Distributed devices in IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. The chassis chassis-number and slot slot-number options are not available for an Ethernet interface.

The following matrix shows the zone-pair security source source-zone-name destination destination-zone-name option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ACL application details for packet filtering for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ACL application details for packet filtering for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays ACL application details for packet filtering for the global active MPU. (Distributed devices in IRF mode.)

Usage guidelines

If acl-number, name acl-name, ipv6 or mac is not specified, this command displays application details of all ACLs for packet filtering.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

This command displays ACL application details for zone pair-based packet filtering in the direction of source security zone to destination security zone.

Examples

# Display application details of all ACLs for inbound packet filtering on GigabitEthernet 1/0/1.

<Sysname> display packet-filter verbose interface gigabitethernet 1/0/1 inbound

Interface: GigabitEthernet1/0/1

Inbound policy:

IPv4 ACL 2001

rule 0 permit

rule 5 permit source 1.1.1.1 0 (Failed)

rule 10 permit vpn-instance test (Failed)

IPv4 ACL 2002 (Failed)

IPv6 ACL 2000

rule 0 permit

MAC ACL 4000

IPv4 default action: Deny

IPv6 default action: Deny

MAC default action: Deny

# Display application details of all ACLs for packet filtering from source security zone office to destination security zone library.

<Sysname> display packet-filter verbose zone-pair security source office destination library

Zone-pair: source office destination library

IPv4 ACL 2001

rule 0 permit

rule 5 permit source 1.1.1.1 0

rule 10 permit vpn-instance test

Table 6 Command output

Field	Description
Interface	Interface to which the ACL applies.
Zone-pair	Zone pair to which the ACL applies.
Inbound policy	ACL used for filtering incoming traffic.
Outbound policy	ACL used for filtering outgoing traffic.
IPv4 ACL 2001	IPv4 basic ACL 2001 has been successfully applied.
IPv4 ACL 2002 (Failed)	The device has failed to apply IPv4 basic ACL 2002.
rule 5 permit source 1.1.1.1 0 (Failed)	The device has failed to apply rule 5.
IPv4 default action	Packet filter default action for packets that do not match any IPv4 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
IPv6 default action	Packet filter default action for packets that do not match any IPv6 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.
MAC default action	Packet filter default action for packets that do not match any Layer 2 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.

packet-filter (interface view)

Use packet-filter to apply an ACL to an interface to filter packets.

Use undo packet-filter to remove an ACL from an interface.

Syntax

packet-filter [ ipv6 | mac ] { acl-number | name acl-name } { inbound | outbound }

undo packet-filter [ ipv6 | mac ] { acl-number | name acl-name } { inbound | outbound }

Default

No ACL is applied to an interface to filter packets.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

Usage guidelines

This command is not supported on Layer 2 interfaces.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

This feature does not take effect on an interface that is an aggregation member port.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] packet-filter 2001 inbound

Related commands

display packet-filter

display packet-filter statistics

display packet-filter verbose

packet-filter (zone pair view)

Use packet-filter to apply an ACL to a zone pair to filter packets.

Use undo packet-filter to remove an ACL from a zone pair.

Syntax

packet-filter [ ipv6 ] { acl-number | name acl-name }

undo packet-filter [ ipv6 ] { acl-number | name acl-name }

Default

No ACL is applied to a zone pair to filter packets.

Views

Zone pair view

Predefined user roles

network-admin

Parameters

ipv6: Specifies the IPv6 ACL type. To specify the IPv4 ACL type, do not provide this keyword.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Examples

# Apply IPv4 basic ACL 2002 to filter traffic from source security zone office to destination security zone library.

<Sysname> system-view

[Sysname] zone-pair security source office destination library

[Sysname-zone-pair-security-office-library] packet-filter 2002

Related commands

display packet-filter

display packet-filter statistics

display packet-filter verbose

packet-filter default deny

Use packet-filter default deny to set the packet filtering default action to deny. The packet filter denies packets that do not match any ACL rule.

Use undo packet-filter default deny to restore the default.

Syntax

packet-filter default deny

undo packet-filter default deny

Default

The packet filtering default action is permit. The packet filter permits packets that do not match any ACL rule.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The packet filter applies the default action to all ACL applications for packet filtering. The default action appears in the display command output for packet filtering.

Examples

# Set the packet filter default action to deny.

<Sysname> system-view

[Sysname] packet-filter default deny

Related commands

display packet-filter

display packet-filter statistics

display packet-filter verbose

reset acl counter

Use reset acl counter to clear statistics for ACLs.

Syntax

reset acl [ ipv6 | mac ] counter { acl-number | all | name acl-name }

Views

User view

Predefined user roles

network-admin

Parameters

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

all: Clears statistics for all ACLs of the specified type.

name acl-name: Clears statistics of an ACL specified by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Usage guidelines

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

Examples

# Clear statistics for IPv4 basic ACL 2001.

<Sysname> reset acl counter 2001

Related commands

display acl

reset packet-filter statistics

Use reset packet-filter statistics to clear the packet filtering statistics for an ACL.

Syntax

reset packet-filter statistics { interface [ interface-type interface-number ] { inbound | outbound } [ default | [ ipv6 | mac ] { acl-number | name acl-name } ] | zone-pair security [ source source-zone-name destination destination-zone-name ] [ [ ipv6 ] { acl-number | name acl-name } ] }

Views

User view

Predefined user roles

network-admin

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If you do not specify an interface, this command clears packet filtering statistics for all interfaces.

The following matrix shows the zone-pair security [ source source-zone-name destination destination-zone-name ] option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

default: Clears the default action statistics for packet filtering.

ipv6: Specifies the IPv6 ACL type.

mac: Specifies the Layer 2 ACL type.

acl-number: Specifies an ACL by its number. The following are available value ranges:

· 2000 to 2999 for basic ACLs.

· 3000 to 3999 for advanced ACLs.

· 4000 to 4999 for Layer 2 ACLs.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If default, acl-number, name acl-name, ipv6, or mac is not specified, this command clears the packet filtering statistics for all ACLs and the default action statistics.

To specify the IPv4 ACL type, do not specify the ipv6 or mac keyword.

This command clears statistics on a zone pair in the direction of source security zone to destination security zone.

Examples

# Clear IPv4 basic ACL 2001 statistics for inbound packet filtering on GigabitEthernet 1/0/1.

<Sysname> reset packet-filter statistics interface gigabitethernet 1/0/1 inbound 2001

Related commands

display packet-filter statistics

display packet-filter statistics sum

rule (IPv4 advanced ACL view)

Use rule to create or edit an IPv4 advanced ACL rule.

Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { object-group address-group-name | dest-address dest-wildcard | any } | destination-port { object-group port-group-name | operator port1 [ port2 ] } | { dscp dscp1 [ to dscp2 ] | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { object-group address-group-name | source-address source-wildcard | any } | source-port { object-group port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | { dscp | { precedence | tos } * } | fragment | icmp-type | logging | source | source-port | time-range | vpn-instance ] *

undo rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { object-group address-group-name | dest-address dest-wildcard | any } | destination-port { object-group port-group-name | operator port1 [ port2 ] } | { dscp dscp1 [ to dscp2 ] | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { object-group address-group-name | source-address source-wildcard | any } | source-port { object-group port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance vpn-instance-name ] *

Default

No IPv4 advanced ACL rules exist.

Views

IPv4 advanced ACL view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.

deny: Denies matching packets.

permit: Allows matching packets to pass.

protocol: Specifies one of the following values:

· A protocol number in the range of 0 to 255.

· A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17). The ip keyword specifies all protocols.

Table 7 describes the parameters that you can specify regardless of the value for the protocol argument.

Table 7 Match criteria and other rule information for IPv4 advanced ACL rules

Parameters	Function	Description
source { object-group address-group-name \| source-address source-wildcard \| any }	Specifies a source address.	The address-group-name argument specifies an object group of source IP addresses. The source-address source-wildcard arguments specify a source IP address and a wildcard mask in dotted decimal notation. An all-zero wildcard represents a host address. The any keyword specifies any source IP address.
destination { object-group address-group-name \| dest-address dest-wildcard \| any }	Specifies a destination address.	The address-group-name argument specifies an object group of destination IP addresses. The dest-address dest-wildcard arguments specify a destination IP address and a wildcard mask in dotted decimal notation. An all-zero wildcard mask represents a host address. The any keyword represents any destination IP address.
counting	Counts the times that the rule is matched.	If the counting keyword is not specified, matches for the rule are not counted.
precedence precedence	Specifies an IP precedence value.	The precedence argument can be a number in the range of 0 to 7, or in words: routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), or network (7).
tos tos	Specifies a ToS preference.	The tos argument can be a number in the range of 0 to 15, or in words: max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0).
dscp dscp1 [ to dscp2 ]	Specifies a DSCP priority.	The dscp argument can be a number in the range of 0 to 63, or in words: af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). The to dscp2 option is used to specify a DSCP value range. The value for the dscp2 argument must be greater than or equal to the value for the dscp1 argument.
fragment	Applies the rule only to non-first fragments.	If you do not specify this keyword, the rule applies to all fragments and non-fragments.
logging	Logs matching packets.	This feature requires that the module (for example, packet filtering) that uses the ACL supports logging.
time-range time-range-name	Specifies a time range for the rule.	The time-range-name argument is a case-insensitive string of 1 to 32 characters. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
vpn-instance vpn-instance-name	Applies the rule to an MPLS L3VPN instance.	The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the rule applies to only non-VPN packets.

If the protocol argument is tcp (6) or udp (17), set the parameters shown in Table 8.

Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters	Function	Description
source-port { object-group port-group-name \| operator port1 [ port2 ] }	Specifies one or more UDP or TCP source ports.	The port-group-name argument specifies an object group of ports. The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. The port2 argument is needed only when the operator argument is range. TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).
destination-port { object-group port-group-name \| operator port1 [ port2 ] }	Specifies one or more UDP or TCP destination ports.
{ ack ack-value \| fin fin-value \| psh psh-value \| rst rst-value \| syn syn-value \| urg urg-value } *	Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG.	Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ORed. For example, a rule configured with ack 0 psh 1 matches both packets that have the ACK flag bit not set and packets that have the PSH flag bit set.
established	Specifies the flags for indicating the established status of a TCP connection.	Parameter specific to TCP. The rule matches TCP connection packets with the ACK or RST flag bit set.

The following matrix shows the object-group parameter and hardware compatibility:

Hardware	Parameter compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1	No
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

If the protocol argument is icmp (1), set the parameters shown in Table 9.

Table 9 ICMP-specific parameters for IPv4 advanced ACL rules

Parameters	Function	Description
icmp-type { icmp-type icmp-code \| icmp-message }	Specifies the ICMP message type and code.	The icmp-type argument is in the range of 0 to 255. The icmp-code argument is in the range of 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 10.

Parameters

Function

Description

icmp-type { icmp-type icmp-code | icmp-message }

Specifies the ICMP message type and code.

The icmp-type argument is in the range of 0 to 255.

The icmp-code argument is in the range of 0 to 255.

The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 10.

Table 10 ICMP message names supported in IPv4 advanced ACL rules

ICMP message name	ICMP message type	ICMP message code
echo	8	0
echo-reply	0	0
fragmentneed-DFset	3	4
host-redirect	5	1
host-tos-redirect	5	3
host-unreachable	3	1
information-reply	16	0
information-request	15	0
net-redirect	5	0
net-tos-redirect	5	2
net-unreachable	3	0
parameter-problem	12	0
port-unreachable	3	3
protocol-unreachable	3	2
reassembly-timeout	11	1
source-quench	4	0
source-route-failed	3	5
timestamp-reply	14	0
timestamp-request	13	0
ttl-exceeded	11	0

Usage guidelines

Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating or editing has the same deny or permit statement as another manually added rule in the ACL, the rule will not be created or changed. If the rule you are creating or editing has the same deny or permit statement as a dynamically added rule in the ACL, the rule will overwrite the dynamically added rule.

The object group you specify when creating or editing a rule must already exist. Otherwise, the rule will not be created or changed.

You can edit ACL rules only when the match order is config.

To view the existing IPv4 basic and advanced ACL rules, use the display acl all command.

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for the rule.

The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

Examples

# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from 129.9.0.0/16 to 202.38.160.0/24.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80

# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for 192.168.1.0/24.

<Sysname> system-view

[Sysname] acl advanced 3001

[Sysname-acl-ipv4-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255

[Sysname-acl-ipv4-adv-3001] rule permit ip

# Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets.

<Sysname> system-view

[Sysname] acl advanced 3002

[Sysname-acl-ipv4-adv-3002] rule permit tcp source-port eq ftp

[Sysname-acl-ipv4-adv-3002] rule permit tcp source-port eq ftp-data

[Sysname-acl-ipv4-adv-3002] rule permit tcp destination-port eq ftp

[Sysname-acl-ipv4-adv-3002] rule permit tcp destination-port eq ftp-data

# Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.

<Sysname> system-view

[Sysname] acl advanced 3003

[Sysname-acl-ipv4-adv-3003] rule permit udp source-port eq snmp

[Sysname-acl-ipv4-adv-3003] rule permit udp source-port eq snmptrap

[Sysname-acl-ipv4-adv-3003] rule permit udp destination-port eq snmp

[Sysname-acl-ipv4-adv-3003] rule permit udp destination-port eq snmptrap

Related commands

acl

acl logging interval

display acl

step

time-range

rule (IPv4 basic ACL view)

Use rule to create or edit an IPv4 basic ACL rule.

Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { object-group address-group-name | source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { object-group address-group-name | source-address source-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

Default

No IPv4 basic ACL rules exist.

Views

IPv4 basic ACL view

Predefined user roles

network-admin

Parameters

deny: Denies matching packets.

permit: Allows matching packets to pass.

counting: Counts the times that the rule is matched. If you do not specify this keyword, matches for the rule are not counted.

fragment: Applies the rule only to non-first fragments. If you do not specify this keyword, the rule applies to both fragments and non-fragments.

logging: Logs matching packets. This feature is available only when the application module (for example, packet filtering) that uses the ACL supports the logging feature.

source { object-group address-group-name | source-address source-wildcard | any }: Matches a source address. The object-group address-group-name option specifies an object group of source IP addresses. The source-address and source-wildcard arguments specify a source IP address and a wildcard mask in dotted decimal notation. A wildcard mask of zeros represents a host address. The any keyword represents any source IP address.

The following matrix shows the object-group address-group-name option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1	No
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Parameter compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	Yes

time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.

vpn-instance vpn-instance-name: Applies the rule to an MPLS L3VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the rule applies to only non-VPN packets.

Usage guidelines

Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created or changed.

The object group you specify when creating or editing a rule must already exist. Otherwise, the rule will not be created or changed.

You can edit ACL rules only when the match order is config.

To view the existing IPv4 basic and advanced ACL rules, use the display acl all command.

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for the rule.

The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

Examples

# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP subnet but 10.0.0.0/8, 172.17.0.0/16, or 192.168.1.0/24.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] rule permit source 10.0.0.0 0.255.255.255

[Sysname-acl-ipv4-basic-2000] rule permit source 172.17.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255

[Sysname-acl-ipv4-basic-2000] rule deny source any

Related commands

acl

acl logging interval

display acl

step

time-range

rule (IPv6 advanced ACL view)

Use rule to create or edit an IPv6 advanced ACL rule.

Use undo rule to delete an entire IPv6 advanced ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { object-group address-group-name | dest-address dest-prefix | dest-address/dest-prefix | any } | destination-port { object-group port-group-name | operator port1 [ port2 ] } | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { object-group address-group-name | source-address source-prefix | source-address/source-prefix | any } | source-port { object-group port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | hop-by-hop | source | source-port | time-range | vpn-instance ] *

undo rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { object-group address-group-name | dest-address dest-prefix | dest-address/dest-prefix | any } | destination-port { object-group port-group-name | operator port1 [ port2 ] } | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { object-group address-group-name | source-address source-prefix | source-address/source-prefix | any } | source-port { object-group port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance vpn-instance-name ] *

Default

No IPv6 advanced ACL rules exist.

Views

IPv6 advanced ACL view

Predefined user roles

network-admin

Parameters

deny: Denies matching packets.

permit: Allows matching packets to pass.

protocol: Specifies one of the following values:

· A protocol number in the range of 0 to 255.

· A protocol name: gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), or udp (17). The ipv6 keyword specifies all protocols.

Table 11 describes the parameters that you can specify regardless of the value for the protocol argument.

Table 11 Match criteria and other rule information for IPv6 advanced ACL rules

Parameters	Function	Description
source { object-group address-group-name \| source-address source-prefix \| source-address/source-prefix \| any }	Specifies a source IPv6 address.	The address-group-name argument specifies an object group of source IPv6 addresses. The source-address argument specifies an IPv6 source address. The source-prefix argument specifies a prefix length in the range of 1 to 128. The any keyword represents any IPv6 source address.
destination { object-group address-group-name \| dest-address dest-prefix \| dest-address/dest-prefix \| any }	Specifies a destination IPv6 address.	The address-group-name argument specifies an object group of destination IPv6 addresses. The dest-address argument specifies a destination IPv6 address. The dest-prefix argument specifies a prefix length in the range of 1 to 128. The any keyword represents any IPv6 destination address.
counting	Counts the times that the rule is matched.	If the counting keyword is not specified, matches for the rule are not counted.
dscp dscp	Specifies a DSCP preference.	The dscp argument can be a number in the range of 0 to 63, or in words, af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46).
flow-label flow-label-value	Specifies a flow label value in an IPv6 packet header.	The flow-label-value argument is in the range of 0 to 1048575.
fragment	Applies the rule only to non-first fragments.	If you do not specify this keyword, the rule applies to all fragments and non-fragments.
logging	Logs matching packets.	This feature requires that the module (for example, packet filtering) that uses the ACL supports logging.
routing [ type routing-type ]	Specifies an IPv6 routing header type.	routing-type: Value of the IPv6 routing header type, in the range of 0 to 255. If you specify the type routing-type option, the rule applies to the specified type of IPv6 routing header. If you do not specify the type routing-type option, the rule applies to all types of IPv6 routing header.
hop-by-hop [ type hop-type ]	Specifies an IPv6 Hop-by-Hop Options header type.	hop-type: Value of the IPv6 Hop-by-Hop Options header type, in the range of 0 to 255. If you specify the type hop-type option, the rule applies to the specified type of IPv6 Hop-by-Hop Options header. If you do not specify the type hop-type option, the rule applies to all types of IPv6 Hop-by-Hop Options header.
time-range time-range-name	Specifies a time range for the rule.	The time-range-name argument is a case-insensitive string of 1 to 32 characters. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
vpn-instance vpn-instance-name	Applies the rule to an MPLS L3VPN instance.	The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the rule applies to only non-VPN packets.

If the protocol argument is tcp (6) or udp (17), set the parameters shown in Table 12.

Table 12 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters	Function	Description
source-port { object-group port-group-name \| operator port1 [ port2 ] }	Specifies one or more UDP or TCP source ports.	The port-group-name argument specifies an object group of ports. The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. The port2 argument is needed only when the operator argument is range. TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).
destination-port { object-group port-group-name \| operator port1 [ port2 ] }	Specifies one or more UDP or TCP destination ports.
{ ack ack-value \| fin fin-value \| psh psh-value \| rst rst-value \| syn syn-value \| urg urg-value } *	Specifies one or more TCP flags, including ACK, FIN, PSH, RST, SYN, and URG.	Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ORed. For example, a rule configured with ack 0 psh 1 matches both packets that have the ACK flag bit not set and packets that have the PSH flag bit set.
established	Specifies the flags for indicating the established status of a TCP connection.	Parameter specific to TCP. The rule matches TCP connection packets with the ACK or RST flag bit set.

The following matrix shows the object-group parameter and hardware compatibility:

Hardware	Parameter compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1	No
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Parameter compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	Yes

If the protocol argument is icmpv6 (58), set the parameters shown in Table 13.

Table 13 ICMPv6-specific parameters for IPv6 advanced ACL rules

Parameters	Function	Description
icmp6-type { icmp6-type icmp6-code \| icmp6-message }	Specifies the ICMPv6 message type and code.	The icmp6-type argument is in the range of 0 to 255. The icmp6-code argument is in the range of 0 to 255. The icmp6-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 14.

Parameters

Function

Description

icmp6-type { icmp6-type icmp6-code | icmp6-message }

Specifies the ICMPv6 message type and code.

The icmp6-type argument is in the range of 0 to 255.

The icmp6-code argument is in the range of 0 to 255.

The icmp6-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 14.

Table 14 ICMPv6 message names supported in IPv6 advanced ACL rules

ICMPv6 message name	ICMPv6 message type	ICMPv6 message code
echo-reply	129	0
echo-request	128	0
err-Header-field	4	0
frag-time-exceeded	3	1
hop-limit-exceeded	3	0
host-admin-prohib	1	1
host-unreachable	1	3
neighbor-advertisement	136	0
neighbor-solicitation	135	0
network-unreachable	1	0
packet-too-big	2	0
port-unreachable	1	4
redirect	137	0
router-advertisement	134	0
router-solicitation	133	0
unknown-ipv6-opt	4	2
unknown-next-hdr	4	1

Usage guidelines

The object group you specify when creating or editing a rule must already exist. Otherwise, the rule will not be created or changed.

You can edit ACL rules only when the match order is config.

To view the existing IPv6 basic and advanced ACL rules, use the display acl ipv6 all command.

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for a rule.

The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

Examples

# Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to FE80:5060::/96.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3000

[Sysname-acl-ipv6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96 destination-port eq 80

# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for FE80:5060:1001::/48.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3001

[Sysname-acl-ipv6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48

[Sysname-acl-ipv6-adv-3001] rule permit ipv6

# Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3002

[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp

[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp-data

[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp

[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp-data

# Create IPv6 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3003

[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmp

[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmptrap

[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmp

[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmptrap

# Create IPv6 advanced ACL 3004, and configure two rules: one permits packets with the Hop-by-Hop Options header type as 5, and the other one denies packets with other Hop-by-Hop Options header types.

<Sysname> system-view

[Sysname] acl ipv6 advanced 3004

[Sysname-acl-ipv6-adv-3004] rule permit ipv6 hop-by-hop type 5

[Sysname-acl-ipv6-adv-3004] rule deny ipv6 hop-by-hop

Related commands

acl

acl logging interval

display acl

step

time-range

rule (IPv6 basic ACL view)

Use rule to create or edit an IPv6 basic ACL rule.

Use undo rule to delete an entire IPv6 basic ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { object-group address-group-name | source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

undo rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { object-group address-group-name | source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] *

Default

No IPv6 basic ACL rules exist.

Views

IPv6 basic ACL view

Predefined user roles

network-admin

Parameters

deny: Denies matching packets.

permit: Allows matching packets to pass.

counting: Counts the times that the rule is matched. If you do not specify this keyword, matches for the rule are not counted.

fragment: Applies the rule only to non-first fragments. If you do not specify this keyword, the rule applies to both fragments and non-fragments.

logging: Logs matching packets. This feature is available only when the application module (for example, packet filtering) that uses the ACL supports the logging feature.

routing [ type routing-type ]: Applies the rule to the specified type of routing header or all types of routing header. The routing-type argument specifies the value of the routing header type, in the range of 0 to 255. If you do not specify the type routing-type option, the rule applies to all types of IPv6 routing header.

source { object-group address-group-name | source-address source-prefix | source-address/source-prefix | any }: Matches a source IPv6 address. The object-group address-group-name option specifies an object group of source IPv6 addresses. The source-address argument specifies a source IPv6 address. The source-prefix argument specifies an address prefix length in the range of 1 to 128. The any keyword represents any IPv6 source address.

The following matrix shows the object-group address-group-name option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1	No
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Parameter compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	Yes

Usage guidelines

The object group you specify when creating or editing a rule must already exist. Otherwise, the rule will not be created or changed.

You can edit ACL rules only when the match order is config.

To view the existing IPv6 basic and advanced ACL rules, use the display acl ipv6 all command.

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for a rule.

The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

Examples

# Create an IPv6 basic ACL rule to deny the packets from any source IP subnet but 1001::/16, 3124:1123::/32, or FE80:5060:1001::/48.

<Sysname> system-view

[Sysname] acl ipv6 basic 2000

[Sysname-acl-ipv6-basic-2000] rule permit source 1001:: 16

[Sysname-acl-ipv6-basic-2000] rule permit source 3124:1123:: 32

[Sysname-acl-ipv6-basic-2000] rule permit source fe80:5060:1001:: 48

[Sysname-acl-ipv6-basic-2000] rule deny source any

Related commands

acl

acl logging interval

display acl

step

time-range

rule (Layer 2 ACL view)

Use rule to create or edit a Layer 2 ACL rule.

Use undo rule to delete an entire Layer 2 ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } [ cos dot1p | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] *

undo rule rule-id [ counting | time-range ] *

undo rule [ rule-id ] { deny | permit } [ cos dot1p | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] *

Default

No Layer 2 ACL rules exist.

Views

Layer 2 ACL view

Predefined user roles

network-admin

Parameters

deny: Denies matching packets.

permit: Allows matching packets to pass.

cos dot1p: Matches an 802.1p priority. The 802.1p priority can be specified by one of the following values:

· A priority number in the range of 0 to 7.

· A priority name: best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5), voice (6), or network-management (7).

counting: Counts the times that the rule is matched. If you do not specify this keyword, matches for the rule are not counted.

dest-mac dest-address dest-mask: Matches a destination MAC address range. The dest-address and dest-mask arguments represent a destination MAC address and mask in the H-H-H format.

lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask.

type protocol-type protocol-type-mask: Matches one or more protocols in the Layer 2. The protocol-type argument is a 16-bit hexadecimal number that represents a protocol type in Ethernet_II and Ethernet_SNAP frames. The protocol-type-mask argument is a 16-bit hexadecimal number that represents a protocol type mask.

source-mac source-address source-mask: Matches a source MAC address range. The source-address argument represents a source MAC address, and the sour-mask argument represents a mask in the H-H-H format.

Usage guidelines

You can edit ACL rules only when the match order is config.

To view the existing Layer 2 ACL rules, use the display acl mac all command.

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for the rule.

The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

Examples

# Create a rule in Layer 2 ACL 4000 to permit ARP packets and deny RARP packets.

<Sysname> system-view

[Sysname] acl mac 4000

[Sysname-acl-mac-4000] rule permit type 0806 ffff

[Sysname-acl-mac-4000] rule deny type 8035 ffff

Related commands

acl

display acl

step

time-range

rule comment

Use rule comment to configure a comment for an ACL rule.

Use undo rule comment to delete an ACL rule comment.

Syntax

rule rule-id comment text

undo rule rule-id comment

Default

A rule does not have a comment.

Views

IPv4 basic/advanced ACL view

IPv6 basic/advanced ACL view

Layer 2 ACL view

Predefined user roles

network-admin

Parameters

rule-id: Specifies an ACL rule ID in the range of 0 to 65534. The ACL rule must already exist.

text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters.

Usage guidelines

This command adds a comment to a rule if the rule does not have a comment. It modifies the comment for a rule if the rule already has a comment.

Examples

# Create a rule for IPv4 basic ACL 2000, and add a comment about the rule.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] rule 0 deny source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2000] rule 0 comment This rule is used on GigabitEthernet 1/0/1.

Related commands

display acl

step

Use step to set a rule numbering step for an ACL.

Use undo step to restore the default.

Syntax

step step-value

undo step

Default

The rule numbering step is 5, and the start rule ID is 0.

Views

IPv4 basic/advanced ACL view

IPv6 basic/advanced ACL view

Layer 2 ACL view

Predefined user roles

network-admin

Parameters

step-value: Specifies the ACL rule numbering step in the range of 1 to 20.

Usage guidelines

The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on.

The wider the numbering step, the more rules you can insert between two rules. Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2, 4, 6, and 8.

Examples

# Set the rule numbering step to 2 for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] step 2

Related commands

display acl

QoS policy commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

Support for ATM interfaces depends on the device model. For more information, see the installation guide and interface module manual.

PWs are not supported on the following routers:

· MSR810-LMS/810-LUS.

· MSR3600-28-SI/3600-51-SI.

Traffic class commands

display traffic classifier

Use display traffic classifier to display traffic classes.

Syntax

Centralized devices in standalone mode:

display traffic classifier { system-defined | user-defined } [ classifier-name ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display traffic classifier { system-defined | user-defined } [ classifier-name ] [ slot slot-number ]

Distributed devices in IRF mode:

display traffic classifier { system-defined | user-defined } [ classifier-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

system-defined: Specifies system-defined traffic classes.

user-defined: Specifies user-defined traffic classes.

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the traffic classes for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the traffic classes for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic classes for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display all user-defined traffic classes.

<Sysname> display traffic classifier user-defined

User-defined classifier information:

Classifier: 1 (ID 100)

Operator: AND

Rule(s) :

If-match acl 2000

Classifier: 2 (ID 101)

Operator: AND

Rule(s) :

If-match not protocol ipv6

Classifier: 3 (ID 102)

Operator: AND

Rule(s) :

-none-

# Display the system-defined traffic class (default-class).

<Sysname> display traffic classifier system-defined default-class

System-defined classifier information:

Classifier: default-class (ID 0)

Operator: AND

Rule(s) :

If-match any

Table 15 Command output

Field	Description
Classifier	Traffic class name and its match criteria.
Operator	Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria.
Rule(s)	Match criteria.

if-match

Use if-match to define a match criterion.

Use undo if-match to delete a match criterion.

Syntax

if-match [ not ] match-criteria

undo if-match [ not ] match-criteria

Default

No match criterion is configured.

Views

Traffic class view

Predefined user roles

network-admin

Parameters

not: Matches packets that do not conform to the specified criterion.

match-criteria: Specifies a match criterion. Table 16 shows the available match criteria.

Table 16 Available match criteria

Option	Description
acl [ ipv6 \| mac ] { acl-number \| name acl-name }	Matches an ACL. The acl-number argument has the following value ranges: · 2000 to 3999 for IPv4 and IPv6 ACLs. · 4000 to 4999 for Layer 2 ACLs. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all.
app-group group-name	Matches an application group. The group-name argument specifies a system-defined application group by its name.
application app-name	Matches an application. The app-name argument specifies a system-defined application by its name.
any	Matches all packets.
classifier classifier-name	Matches a class. The classifier-name argument specifies a class by its name.
control-plane protocol protocol-name&<1-8>	Matches control plane protocols. The protocol-name&<1-8> argument specifies a space-separated list of up to eight system-defined control plane protocols. For available system-defined control plane protocols, see Table 17.
control-plane protocol-group protocol-group-name	Matches a control plane protocol group. The protocol-group-name argument can be critical, exception, important, management, monitor, normal, or redirect.
customer-dot1p dot1p-value&<1-8>	Matches 802.1p priority values in inner VLAN tags of double-tagged packets. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7.
customer-vlan-id vlan-id-list	Matches VLAN IDs in inner VLAN tags of double-tagged packets. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be greater than or equal to the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
destination-mac mac-address	Matches a destination MAC address.
dscp dscp-value&<1-8>	Matches DSCP values. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 19.
inbound-interface interface-type interface-number	Matches an input interface specified by its type and number.
ip-precedence ip-precedence-value&<1-8>	Matches IP precedence values. The ip-precedence-value&<1-8> argument specifies a space-separated list of up to eight IP precedence values. The value range for the ip-precedence-value argument is 0 to 7.
local-precedence local-precedence-value&<1-8>	Matches local precedence values. The local-precedence-value&<1-8> argument specifies a space-separated list of up to eight local precedence values. The value range for the local-precedence-value argument is 0 to 7.
mpls-exp exp-value&<1-8>	Matches MPLS EXP values. The exp-value&<1-8> argument specifies a space-separated list of up to eight EXP values. The value range for the exp-value argument is 0 to 7.
packet-length { min min-value \| max max-value } *	Matches the packet length. The min-value argument specifies the minimum packet length in bytes. The max-value argument specifies the maximum packet length in bytes.
protocol protocol-name	Matches a protocol. The protocol-name argument can be arp, ip, or ipv6.
qos-local-id local-id-value	Matches a local QoS ID in the range of 1 to 4095.
rtp payload-type { type-value&<0-16> \| audio \| video } *	Matches RTP payload types. The type-value&<0-16> argument specifies a space-separated list of up to 16 RTP payload type values. The value range for the type-value argument is 0 to 127. The audio keyword matches an RTP payload type value in the range of 0 to 23 or 33. The video keyword matches an RTP payload type value in the range of 24 to 34.
rtp start-port start-port-number end-port end-port-number	Matches RTP protocol ports. The value ranges for the start-port-number and end-port-number arguments are both 2000 to 65535. This criterion matches RTP packets with an even UDP destination port number in the specified RTP port number range.
source-mac mac-address	Matches a source MAC address.
tunnel-dscp dscp-value&<1-8>	Matches the DSCP value in the outer IP header of VXLAN packets. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 19.

Table 17 Available system-defined control plane protocols

Protocol	Description
default	Protocol packets other than the following packet types
arp	ARP packets
arp-snooping	ARP snooping packets
bgp	BGP packets
bgp4+	IPv6 BGP packets
ftp	FTP packets
http	HTTP packets
https	HTTPS packets
icmp	ICMP packets
icmpv6	ICMPv6 packets
igmp	IGMP packets
isis	IS-IS packets
ldp	LDP packets
ldp6	IPv6 LDP packets
msdp	MSDP packets
ntp	NTP packets
oam	OAM packets
ospf-multicast	OSPF multicast packets
ospf-unicast	OSPF unicast packets
ospf3-multicast	OSPFv3 multicast packets
ospf3-unicast	OSPFv3 unicast packets
pim-multicast	PIM multicast packets
pim-unicast	PIM unicast packets
pim6-multicast	IPv6 PIM multicast packets
pim6-unicast	IPv6 PIM unicast packets
radius	RADIUS packets
rip	RIP packets
ripng	RIPng packets
rsvp	RSVP packets
snmp	SNMP packets
ssh	SSH packets
tacacs	TACACS packets
telnet	Telnet packets
tftp	TFTP packets
vrrp	VRRP packets
vrrp6	IPv6 VRRP packets

Usage guidelines

In a traffic class with the logical OR operator, you can configure multiple if match commands for any of the available match criteria.

When you configure ACL-based match criteria, follow these restrictions and guidelines:

· The ACL used as a match criterion must already exist.

· In a traffic class, you can add two if-match statements that use the same ACL as the match criterion. In one statement, specify the ACL by its name. In the other statement, specify the ACL by its number.

· If the ACL contains deny rules, the if-match command is ignored and the matching process continues.

The source MAC address and destination MAC address match criteria are applicable only to Ethernet interfaces.

You can use both AND and OR operators to define the match relationships between the criteria for a class. For example, you can define relationships among three match criteria in traffic class classA as follows:

traffic classifier classB operator and

if-match criterion 1

if-match criterion 2

traffic classifier classA operator or

if-match criterion 3

if-match classifier classB

When you configure the packet length match criterion, follow these restrictions and guidelines:

· If you configure only the min min-value option, the match criterion matches packets longer than min-value.

· If you configure only the max max-value option, the match criterion matches packets shorter than max-value.

· If you configure both min min-value and max max-value (max-value must be greater than min-value), the match criterion matches packets longer than min-value and shorter than max-value.

When you configure a match criterion that can have multiple values in one if-match command, follow these restrictions and guidelines:

· You can specify up to eight values for any of the following match criteria in one if-match command:

¡ Control plane protocol.

¡ 802.1p priority.

¡ DSCP.

¡ IP precedence.

¡ Local precedence.

¡ MPLS EXP.

¡ VLAN ID.

· If a packet matches one of the specified values, it matches the if-match command.

· To delete a criterion that has multiple values, the specified values in the undo if-match command must be identical with those specified in the if-match command. The order of the values can be different.

When you configure the MPLS EXP match criterion, follow these additional restrictions and guidelines:

· The MPLS EXP match criterion takes effect only on MPLS packets.

· For software forwarding QoS, MPLS packets do not support IP-related match criteria.

For the VLAN ID match criterion, you can use the VLAN ID in the outer VLAN tag to match single-tagged packets.

Examples

# Define a match criterion for traffic class class1 to match the packets with a destination MAC address of 0050-ba27-bed3.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3

# Define a match criterion for traffic class class2 to match the packets with a source MAC address of 0050-ba27-bed2.

<Sysname> system-view

[Sysname] traffic classifier class2

[Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2

# Define a match criterion for traffic class class1 to match the double-tagged packets with 802.1p priority 3 in the inner VLAN tag.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match customer-dot1p 3

# Define a match criterion for traffic class class1 to match the advanced ACL 3101.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl 3101

# Define a match criterion for traffic class class1 to match the ACL named flow.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl name flow

# Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl ipv6 3101

# Define a match criterion for traffic class class1 to match the IPv6 ACL named flow.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl ipv6 name flow

# Define a match criterion for traffic class class1 to match all packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match any

# Define a match criterion for traffic class class1 to match the packets with a DSCP value of 1, 6, or 9.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match dscp 1 6 9

# Define a match criterion for traffic class class1 to match the packets with an IP precedence value of 1 or 6.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match ip-precedence 1 6

# Define a match criterion for traffic class class1 to match the packets with a local precedence value of 1 or 6.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match local-precedence 1 6

# Define a match criterion for traffic class class1 to match IP packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match protocol ip

# Define a match criterion for traffic class class1 to match the RTP packets with even UDP destination port numbers in the range of 16384 to 32767.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match rtp start-port 16384 end-port 32767

# Define a match criterion for traffic class class1 to match double-tagged packets with VLAN ID 1, 6, or 9 in the inner VLAN tag.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match customer-vlan-id 1 6 9

# Define a match criterion for traffic class class1 to match the packets with a local QoS ID of 3.

<Sysname> system-view

[Sysname] traffic classifier class1 operator or

[Sysname-classifier-class1] if-match qos-local-id 3

# Define a match criterion for traffic class class to match the RTP packets with payload type 1, 8, audio, or video.

<Sysname> system-view

[Sysname] traffic classifier class

[Sysname-behavior-class] if-match rtp payload-type 1 8 audio video

# Define a match criterion for traffic class class1 to match the packets of the application group multimedia.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match app-group multimedia

# Define a match criterion for traffic class class1 to match the packets of the application 3link.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match application 3link

# Define a match criterion for traffic class class1 to match ARP protocol packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match control-plane protocol arp

# Define a match criterion for traffic class class1 to match packets of the protocols in protocol group normal.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match control-plane protocol-group normal

# Define a match criterion for traffic class class1 to match packets with the length in the range of 100 to 200 bytes.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match packet-length min 100 max 200

# Define a match criterion for traffic class class1 to match packets with DSCP value 10 in the outer IP header of VXLAN packets.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match tunnel-dscp 10

traffic classifier

Use traffic classifier to create a traffic class and enter its view, or enter the view of an existing traffic class.

Use undo traffic classifier to delete a traffic class.

Syntax

traffic classifier classifier-name [ operator { and | or } ]

undo traffic classifier classifier-name

Default

No traffic classes exist.

Views

System view

Predefined user roles

network-admin

Parameters

classifier-name: Specifies a name for the traffic class, a case-sensitive string of 1 to 31 characters.

operator: Sets the operator to logic AND (the default) or OR for the traffic class.

and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria.

or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria.

Examples

# Create a traffic class named class1.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1]

Related commands

display traffic classifier

Traffic behavior commands

car

Use car to configure a CAR action in absolute value in a traffic behavior.

Use undo car to restore the default.

Syntax

car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action | red action | yellow action ] *

car cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ green action | red action | yellow action ] *

undo car

Default

No CAR action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which is an average traffic rate. The value range for committed-information-rate is 8 to 10000000.

cbs committed-burst-size: Specifies the committed burst size (CBS) in bytes. The value range for committed-burst-size is 1000 to 1000000000. The default CBS is the traffic transmitted at the rate of the CIR for 500 milliseconds.

ebs excess-burst-size: Specifies the excess burst size (EBS) in bytes. The value range for excess-burst-size is 0 to 1000000000. The default is 0.

pir peak-information-rate: Specifies the peak information rate (PIR) in kbps. The value range for peak-information-rate is 8 to 10000000.

green action: Specifies the action to take on packets that conform to the CIR. The default setting is pass.

red action: Specifies the action to take on packets that conform to neither CIR nor PIR. The default setting is discard.

yellow action: Specifies the action to take on packets that conform to the PIR but not to the CIR. The default setting is pass.

action: Sets the action to take on the packet.

· discard: Drops the packet.

· pass: Permits the packet to pass through.

· remark-dot1p-pass new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and permits the packet to pass through. The new-cos argument is in the range of 0 to 7.

· remark-dscp-pass new-dscp: Sets the DSCP value of the packet to new-dscp and permits the packet to pass through. The new-dscp argument is in the range of 0 to 63.

· remark-mpls-exp-pass new-exp: Sets the EXP field value of the MPLS packet to new-exp and permits the packet to pass through. The new-exp argument is in the range of 0 to 7.

· remark-prec-pass new-precedence: Sets the IP precedence of the packet to new-precedence and permits the packet to pass through. The new-precedence argument is in the range of 0 to 7.

Usage guidelines

To use two rates for traffic policing, configure the car command with the pir peak-information-rate option. To use one rate for traffic policing, configure the car command without the pir peak-information-rate option.

A QoS policy that uses a traffic behavior configured with CAR can be applied in either the inbound direction or outbound direction of an interface.

If you execute the car command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure a CAR action in traffic behavior database:

· Set the CIR to 200 kbps, CBS to 51200 bytes, and EBS to 0.

· Transmit the conforming packets, and mark the excess packets with DSCP value 0 and transmit them.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] car cir 200 cbs 51200 ebs 0 green pass red remark-dscp-pass 0

car percent

Use car percent to configure a CAR action in percentage in a traffic behavior.

Use undo car to restore the default.

Syntax

car cir percent cir-percent [ cbs cbs-time [ ebs ebs-time ] ] [ green action | red action | yellow action ] *

car cir percent cir-percent [ cbs cbs-time ] pir percent pir-percent [ ebs ebs-time ] [ green action | red action | yellow action ] *

undo car

Default

No CAR action in percentage is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

cir percent cir-percent: Specifies the CIR in percentage, in the range of 1 to 100.

cbs cbs-time: Specifies the CBS in milliseconds. The actual CBS value is cbs-time × the actual CIR value. The value range for the cbs-time argument is 50 to 2000.

ebs ebs-time: Specifies the EBS in milliseconds. The actual EBS value is ebs-time × the actual CIR value. The value range for the ebs-time argument is 0 to 2000.

pir percent pir-percent: Specifies the PIR in percentage, in the range of 1 to 100. The PIR value must be greater than or equal to the CIR value.

green action: Specifies the action to take on packets that conform to the CIR. The default is pass.

red action: Specifies the action to take on packets that conform to neither CIR nor PIR. The default is discard.

yellow action: Specifies the action to take on packets that conform to the PIR but not to the CIR. The default is pass.

action: Sets the action to take on the packet.

· discard: Drops the packet.

· pass: Permits the packet to pass through.

· remark-dot1p-pass new-cos: Sets the 802.1p priority value of the packet to new-cos and permits the packet to pass through. The new-cos argument is in the range of 0 to 7.

· remark-dscp-pass new-dscp: Sets the DSCP value of the packet to new-dscp and permits the packet to pass through. The new-dscp argument is in the range of 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.

· remark-mpls-exp-pass new-exp: Sets the EXP field value of the MPLS packet to new-exp and permits the packet to pass through. The new-exp argument is in the range of 0 to 7.

· remark-prec-pass new-precedence: Sets the IP precedence of the packet to new-precedence and permits the packet to pass through. The new-precedence argument is in the range of 0 to 7.

Usage guidelines

To use two rates for traffic policing, configure the car percent command with the pir percent pir-percent option. To use one rate for traffic policing, configure the car percent command without the pir percent pir-percent option.

A QoS policy that uses a traffic behavior configured with percentage-based CAR can be applied in the inbound or outbound direction of an interface.

If you execute the car percent command multiple times in the same traffic behavior, the most recent configuration takes effect.

A QoS policy that uses a behavior configured with percentage-based CAR can be applied only to interfaces.

The actual CIR value is cir-percent × bandwidth. The actual PIR value is pir-percent × bandwidth. In the policy nesting case, the bandwidth used for the CIR and PIR calculations is determined by using the following rules:

· The top policy uses the interface bandwidth.

· A child policy uses the CIR value in GTS configured in the behavior of the child policy.

· If the CIR value is not available in the behavior, the child policy uses the CIR value in GTS configured in the behavior of the higher-level policy.

· If the CIR value is not available in the behavior of the higher-level policy, the child policy uses the interface bandwidth.

Examples

# Configure a CAR action in percentage in traffic behavior database. The CAR parameters are as follows: CIR is 20% and CBS is 100 ms.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] car cir percent 20 cbs 100

display traffic behavior

Use display traffic behavior to display traffic behaviors.

Syntax

Centralized devices in standalone mode:

display traffic behavior { system-defined | user-defined } [ behavior-name ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display traffic behavior { system-defined | user-defined } [ behavior-name ] [ slot slot-number ]

Distributed devices in IRF mode:

display traffic behavior { system-defined | user-defined } [ behavior-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

system-defined: Specifies system-defined traffic behaviors.

user-defined: Specifies user-defined traffic behaviors.

behavior-name: Specifies a behavior by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic behavior, this command displays all traffic behaviors.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays traffic behaviors for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the traffic behaviors for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the traffic behaviors for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display all user-defined traffic behaviors.

<Sysname> display traffic behavior user-defined

User-defined behavior information:

Behavior: 1 (ID 100)

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Primap pre-defined table: dscp-lp

Assured Forwarding:

Bandwidth 30 (kbps)

Discard Method: Tail

Behavior: 2 (ID 101)

Accounting enable: Packet

Filter enable: Permit

Marking:

Remark mpls-exp 4

Redirecting:

Mirroring:

Mirror to the VLAN: VLAN 1000

Expedited Forwarding:

Bandwidth 50 (kbps) CBS 1250 (Bytes)

Behavior: 3 (ID 102)

-none-

# Display all system-defined traffic behaviors.

<Sysname> display traffic behavior system-defined

System-defined behavior information:

Behavior: be (ID 0)

-none-

Behavior: af (ID 1)

Assured Forwarding:

Bandwidth 20 (%)

Discard Method: Tail

Behavior: ef (ID 2)

Expedited Forwarding:

Bandwidth 20 (%) Cbs-ratio 25

Behavior: be-flow-based (ID 3)

Flow based Weighted Fair Queue:

Max number of hashed queues: 256

Discard Method: IP Precedence based WRED

Exponential Weight: 9

Pre Low High Dis-prob

-------------------------

0 10 30 10

1 10 30 10

2 10 30 10

3 10 30 10

4 10 30 10

5 10 30 10

6 10 30 10

7 10 30 10

Table 18 Command output

Field	Description
Behavior	Name and contents of a traffic behavior.
Marking	Information about priority marking.
Remark dscp	Action of setting the DSCP value for packets.
Committed Access Rate	Information about the CAR action.
Green action	Action to take on green packets.
Yellow action	Action to take on yellow packets.
Red action	Action to take on red packets.
Bandwidth	Bandwidth of the queue.
Accounting enable	Traffic accounting action.
Filter enable	Traffic filtering action.
Remark mpls-exp	Action of setting the MPLS EXP value for packets.
Redirecting	Information about traffic redirecting.
Mirroring	Information about traffic mirroring.
Expedited Forwarding	Expedited forwarding (EF) information.
none	No other traffic behavior is configured.
Exponential Weight	Exponent for average queue size calculation
Pre	IP precedence.
Low	Lower threshold of the queue.
High	Upper threshold of the queue.
Dis-prob	Denominator for drop probability calculation.

filter

Use filter to configure a traffic filtering action in a traffic behavior.

Use undo filter to restore the default.

Syntax

filter { deny | permit }

undo filter

Default

No traffic filtering action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

deny: Drops packets.

permit: Transmits packets.

Examples

# Configure a traffic filtering action as deny in traffic behavior database.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] filter deny

gts

Use gts to configure a GTS action in absolute value in a traffic behavior.

Use undo gts to restore the default.

Syntax

gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

undo gts

Default

No GTS action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

cir committed-information-rate: Sets the CIR in kbps, which specifies the average traffic rate. The CIR is in the range of 8 to 10000000.

cbs committed-burst-size: Sets the CBS in bytes, which specifies the size of bursty traffic when the actual average rate is not greater than CIR. The CBS is in the range of 1000 to 1000000000.

ebs excess-burst-size: Sets the EBS in bytes. The value range for peak-information-rate is 0 to 1000000000.

queue-length queue-length: Sets the maximum queue length in the range of 1 to 1024. The default is 50.

Usage guidelines

A QoS policy that uses a behavior configured with GTS can be applied only to the outbound direction of an interface.

A QoS policy that uses a behavior configured with GTS overwrites the qos gts command on the interface, if both are configured.

If you execute the gts command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure a GTS action in absolute value in traffic behavior database. The GTS parameters are as follows: CIR is 200 kbps, CBS is 51200 bytes, EBS is 0, and the maximum queue length is 100.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] gts cir 200 cbs 51200 ebs 0 queue-length 100

Related commands

gts percent

Use gts percent to configure a GTS action in percentage in a traffic behavior.

Use undo gts to restore the default.

Syntax

gts percent cir cir-percent [ cbs cbs-time [ ebs ebs-time ] ] [ queue-length queue-length ]

undo gts

Default

No GTS action in percentage is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

cir cir-percent: Specifies the CIR in percentage, in the range of 1 to 100. The actual CIR value is cir-percent × interface bandwidth.

cbs cbs-time: Specifies the CBS in milliseconds. The default cbs-time is 500 milliseconds. The value range for cbs-time is 50 to 2000. The actual CBS value is cbs-time × the actual CIR value.

ebs ebs-time: Specifies the EBS in milliseconds. The default ebs-time is 0 milliseconds. The value range for ebs-time is 0 to 2000. The actual EBS value is ebs-time × the actual CIR value.

queue-length queue-length: Specifies the maximum queue length in the range of 1 to 1024. The default is 50.

Usage guidelines

A QoS policy that uses a behavior configured with percentage-based GTS can be applied only to the outbound direction of an interface.

A QoS policy that uses a behavior configured with percentage-based GTS overwrites the qos gts command on the interface, if both configured.

If you execute the gts percent command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure a GTS action in percentage in traffic behavior database. The GTS parameters are as follows: CIR is 50 and CBS is 200 ms.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] gts percent cir 50 cbs 200

Related commands

gts

redirect

Use redirect to configure a traffic redirecting action in a traffic behavior.

Use undo redirect to restore the default.

Syntax

redirect interface interface-type interface-number [ track-oap ]

undo redirect interface interface-type interface-number

Default

No traffic redirecting action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Redirects traffic to an interface specified by its type and number. To redirect traffic to a tunnel interface, set the interface type to tunnel. To redirect traffic to a Layer 2 aggregate interface, set the interface type to bridge-aggregation. To redirect traffic to a Layer 3 aggregate interface, set the interface type to route-aggregation.

track-oap: Checks the OAP client status. The device redirects traffic to the interface only if the OAP client is present and the interface is on the OAP client.

Usage guidelines

If you execute the redirect command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure redirecting traffic to GigabitEthernet 1/0/1 in traffic behavior database.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] redirect interface gigabitethernet 1/0/1

Related commands

classifier behavior

qos policy

traffic behavior

remark dot1p

Use remark dot1p to configure an 802.1p priority marking action in a traffic behavior.

Use undo remark dot1p to restore the default.

Syntax

remark dot1p dot1p-value

undo remark dot1p

Default

No 802.1p priority marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

dot1p-value: Specifies the 802.1p priority to be marked for packets, in the range of 0 to 7.

Examples

# Configure traffic behavior database to mark matching traffic with 802.1p 2.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark dot1p 2

remark dscp

Use remark dscp to configure a DSCP marking action in a traffic behavior.

Use undo remark dscp to restore the default.

Syntax

remark dscp dscp-value

undo remark dscp

Default

No DSCP marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value, which can be a number from 0 to 63 or a keyword in Table 19.

Table 19 DSCP keywords and values

Keyword	DSCP value (binary)	DSCP value (decimal)
default	000000	0
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
ef	101110	46

Usage guidelines

On devices that forward packets in hardware, the remark dscp and remark tunnel-dscp commands are mutually exclusive with each other in the same traffic behavior.

If you execute the remark dscp command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure traffic behavior database to mark matching traffic with DSCP 6.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark dscp 6

remark ip-precedence

Use remark ip-precedence to configure an IP precedence marking action in a traffic behavior.

Use undo remark ip-precedence to restore the default.

Syntax

remark ip-precedence ip-precedence-value

undo remark ip-precedence

Default

No IP precedence marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

ip-precedence-value: Specifies the IP precedence value to be marked for packets, in the range of 0 to 7.

Usage guidelines

On devices that forward packets in hardware, the remark ip-precedence and remark tunnel-dscp commands are mutually exclusive with each other in the same traffic behavior.

If you execute the remark ip-precedence command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Set the IP precedence to 6 for packets.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark ip-precedence 6

remark local-precedence

Use remark local-precedence to configure a local precedence marking action in a traffic behavior.

Use undo remark local-precedence to restore the default.

Syntax

remark local-precedence local-precedence-value

undo remark local-precedence

Default

No local precedence marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

local-precedence-value: Specifies the local precedence to be marked for packets, in the range of 0 to 7.

Examples

# Configure traffic behavior database to mark matching traffic with local precedence 2.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark local-precedence 2

remark qos-local-id

Use remark qos-local-id to configure a local QoS ID marking action in a traffic behavior.

Use undo remark qos-local-id to restore the default.

Syntax

remark qos-local-id local-id-value

undo remark qos-local-id

Default

No local QoS ID marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

local-id-value: Specifies the local QoS ID to be marked for packets, in the range of 1 to 4095.

Examples

# Configure the action of marking packet with local QoS ID 2.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark qos-local-id 2

remark tunnel-dscp

Use remark tunnel-dscp to configure an outer DSCP value marking action in a traffic behavior.

Use undo remark tunnel-dscp to restore the default.

Syntax

remark tunnel-dscp dscp-value

undo remark tunnel-dscp

Default

No outer DSCP value marking action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies the DSCP value to be set for the outer IP header of tunneled packets. The DSCP value can be a number from 0 to 63 or a keyword in Table 19.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

This command takes effect on the following packets:

· GRE packets.

· VXLAN packets.

· IPv4 over IPv4 tunneled packets.

· IPv6 over IPv4 tunneled packets.

· IPv6 tunneled packets.

· MPLS TE tunneled packets.

A QoS policy that contains an outer DSCP value marking action can be applied only to an interface.

On devices that forward packets in hardware, the remark tunnel-dscp command is exclusive with the remark dscp or remark ip-precedence command in the same traffic behavior.

If you execute the remark tunnel-dscp command multiple times in the same traffic behavior, the most recent configuration takes effect.

Examples

# Configure traffic behavior data to mark matching packets with DSCP value 2 in the outer IP header of tunneled packets.

<Sysname> system-view

[Sysname] traffic behavior data

[Sysname-behavior-data] remark tunnel-dscp 2

traffic behavior

Use traffic behavior to create a traffic behavior and enter its view, or enter the view of an existing traffic behavior.

Use undo traffic behavior to delete a traffic behavior.

Syntax

traffic behavior behavior-name

undo traffic behavior behavior-name

Default

No traffic behaviors exist.

Views

System view

Predefined user roles

network-admin

Parameters

behavior-name: Specifies a name for the traffic behavior, a case-sensitive string of 1 to 31 characters.

Examples

# Create a traffic behavior named behavior1.

<Sysname> system-view

[Sysname] traffic behavior behavior1

[Sysname-behavior-behavior1]

Related commands

display traffic behavior

traffic-policy

Use traffic-policy to nest a policy in a traffic behavior.

Use undo traffic-policy to remove child policies from a traffic behavior.

Syntax

traffic-policy policy-name

undo traffic-policy

Default

No policy is nested in a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a policy by its name, a string of 1 to 31 characters. If the policy does not exist, it is automatically created.

Usage guidelines

After you nest a child policy in a behavior of a parent policy, the system performs the following operations:

· Performs the associated behavior defined in the parent policy for a class of traffic.

· Uses the child policy to further classify the class of traffic and performs the behaviors defined in the child policy.

When you nest QoS policies, follow these guidelines:

· A parent policy can nest up to two layers of child policies. This child policy cannot be the parent policy itself.

· You can nest only one child policy at one layer of a behavior.

· To configure CBQ in the child policy successfully, configure GTS in the parent policy. Make sure the configured GTS bandwidth is greater than CBQ bandwidth configured in the child policy.

· If GTS bandwidth is set in percentage in the parent policy, you must set CBQ bandwidth in percentage in the child policy. If GTS bandwidth is set as an absolute value in the parent policy, you can set CBQ bandwidth in either format in the child policy.

· A child policy cannot contain GTS actions.

· Policy nesting is available for IPv4 and IPv6 packets.

· To delete the child policy after you apply the parent policy to an interface, first remove the child policy from the parent policy.

Examples

# Nest child policy child in traffic behavior database of the parent policy.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] traffic-policy child

Related commands

traffic behavior

traffic classifier

QoS policy commands

classifier behavior

Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy.

Use undo classifier to delete a class-behavior association from a QoS policy.

Syntax

classifier classifier-name behavior behavior-name [ insert-before before-classifier-name ]

undo classifier classifier-name

Default

No traffic behavior is associated with a traffic class.

Views

QoS policy view

Predefined user roles

network-admin

Parameters

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.

behavior behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters.

insert-before before-classifier-name: Inserts the new traffic class before an existing traffic class in the QoS policy. The before-classifier-name argument specifies an existing traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify the insert-before before-classifier-name option, the new traffic class is placed at the end of the QoS policy.

Usage guidelines

A traffic class can be associated only with one traffic behavior in a QoS policy.

If the specified traffic class or traffic behavior does not exist, the system defines a null traffic class or traffic behavior.

The undo classifier default-class command performs the following operations:

· Deletes the existing class-behavior association for the system-defined class default-class.

· Associates the system-defined class default-class with the system-defined behavior be.

Examples

# Associate traffic class database with traffic behavior test in QoS policy user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1] classifier database behavior test

# Associate traffic class database with traffic behavior test in QoS policy user1, and insert the traffic class database before an existing traffic class named class-a.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1] classifier database behavior test insert-before class-a

Related commands

qos policy

control-plane

Use control-plane to enter control plane view.

Syntax

Centralized devices in standalone mode:

control-plane

Distributed devices in standalone mode/centralized devices in IRF mode:

control-plane slot slot-number

Distributed devices in IRF mode:

control-plane chassis chassis-number slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)

Examples

# (Centralized devices in standalone mode.) Enter control plane view.

<Sysname> system-view

[Sysname] control-plane

[Sysname-cp]

# (Distributed devices in standalone mode.) Enter the control plane view of card 3.

<Sysname> system-view

[Sysname] control-plane slot 3

[Sysname-cp-slot3]

# (Centralized devices in IRF mode.) Enter the control plane view of IRF member device 3.

<Sysname> system-view

[Sysname] control-plane slot 3

[Sysname-cp-slot3]

# (Distributed devices in IRF mode.) Enter the control plane view of card 3 on IRF member 1.

<Sysname> system-view

[Sysname] control-plane chassis 1 slot 3

[Sysname-cp-chassis1-slot3]

control-plane management

Use control-plane management to enter management interface control plane view.

Syntax

control-plane management

Views

System view

Predefined user roles

network-admin

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

Examples

# Enter management interface control plane view.

<Sysname> system-view

[Sysname] control-plane management

[Sysname-cp-management]

display qos policy

Use display qos policy to display QoS policies.

Syntax

Centralized devices in standalone mode:

display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] [ slot slot-number ]

Distributed devices in IRF mode:

display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

system-defined: Specifies system-defined QoS policies.

user-defined: Specifies user-defined QoS policies.

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a QoS policy, this command displays all user-defined QoS policies.

classifier classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a traffic class, this command displays all traffic classes.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the QoS policies for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the QoS policies for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the QoS policies for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display all user-defined QoS policies.

<Sysname> display qos policy user-defined

User-defined QoS policy information:

Policy: 1 (ID 100)

Classifier: default-class (ID 0)

Behavior: be

-none-

Classifier: 1 (ID 100)

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Classifier: 2 (ID 101)

Behavior: 2

Accounting enable: Packet

Filter enable: Permit

Marking:

Remark mpls-exp 4

Classifier: 3 (ID 102)

Behavior: 3

-none-

# Display the system-defined QoS policy (default).

<Sysname> display qos policy system-defined

System-defined QoS policy information:

Policy: default (ID 0)

Classifier: default-class (ID 0)

Behavior: be

-none-

Classifier: ef (ID 1)

Behavior: ef

Expedited Forwarding:

Bandwidth 20 (%) Cbs-ratio 25

Classifier: af1 (ID 2)

Behavior: af

Assured Forwarding:

Bandwidth 20 (%)

Discard Method: Tail

Classifier: af2 (ID 3)

Behavior: af

Assured Forwarding:

Bandwidth 20 (%)

Discard Method: Tail

Classifier: af3 (ID 4)

Behavior: af

Assured Forwarding:

Bandwidth 20 (%)

Discard Method: Tail

Classifier: af4 (ID 5)

Behavior: af

Assured Forwarding:

Bandwidth 20 (%)

Discard Method: Tail

For the output description, see Table 15 and Table 18.

display qos policy advpn

Use display qos policy advpn to display QoS policies applied to hub-spoke tunnels on a tunnel interface.

Syntax

display qos policy advpn tunnel number [ ipv4-address | ipv6-address ] [ outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel number: Specifies a tunnel interface by its number.

ipv4-address: Specifies the spoke's private IPv4 address of a hub-spoke tunnel.

Ipv6-address: Specifies the spoke's private IPv6 address of a hub-spoke tunnel.

outbound: Displays the QoS policy applied to outgoing traffic. If you do not specify this keyword, the command displays QoS policy statistics for both incoming traffic and outgoing traffic.

Usage guidelines

If you do not specify a spoke's private IP address of a hub-spoke tunnel, this command displays the QoS policy information for all hub-spoke tunnels on a tunnel interface. For information about hub-spoke tunnels, see ADVPN in Layer 3—IP Services Configuration Guide.

Examples

# Display the QoS policy applied to the outgoing traffic of all hub-spoke tunnels on tunnel interface 1.

<Sysname> display qos policy advpn tunnel 1 outbound

Session: Tunnel1 192.168.0.3

Direction: Outbound

Policy: finance

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: finance

Matched : 123713988 (Packets) 13608538380 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: finance

Committed Access Rate:

CIR 1500 (kbps), CBS 93750 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 14980239 (Packets) 1647826290 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 108733781 (Packets) 11960715910 (Bytes)

Session: Tunnel1 192.168.0.4 (inactive)

Direction: Outbound

Policy: business

Table 20 Command output

Field	Description
Session	Hub-spoke tunnel information. A hub-spoke tunnel is uniquely identified by a tunnel interface and the spoke's private IPv4 or IPv6 address. The inactive attribute indicates that a QoS policy fails to be applied to the hub-spoke tunnel or the applied QoS policy does not exist.
Direction	Direction to which a QoS policy is applied on the hub-spoke tunnel.

Field

Description

Session

Hub-spoke tunnel information.

A hub-spoke tunnel is uniquely identified by a tunnel interface and the spoke's private IPv4 or IPv6 address. The inactive attribute indicates that a QoS policy fails to be applied to the hub-spoke tunnel or the applied QoS policy does not exist.

Direction

Direction to which a QoS policy is applied on the hub-spoke tunnel.

For the description of other fields, see Table 15 and Table 18.

display qos policy control-plane

Use display qos policy control-plane to display QoS policies applied to a control plane.

Syntax

Centralized devices in standalone mode:

display qos policy control-plane

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos policy control-plane slot slot-number

Distributed devices in IRF mode:

display qos policy control-plane chassis chassis-number slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)

Examples

# (Centralized devices in standalone mode.) Display the QoS policy applied to the control plane.

<Sysname> display qos policy control-plane inbound

Control plane

Direction: Inbound

Policy: 1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: 1

Operator: AND

Rule(s) :

If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Classifier: 2

Operator: AND

Rule(s) :

If-match not protocol ipv6

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark mpls-exp 4

Classifier: 3

Operator: AND

Rule(s) :

-none-

Behavior: 3

-none-

Table 21 Command output

Field	Description
Direction	Inbound direction on the control plane.
Green packets	Statistics about green packets.
Yellow packets	Statistics about yellow packets.
Red packets	Statistics about red packets.

For the description of other fields, see Table 15 and Table 18.

display qos policy control-plane management

Use display qos policy control-plane management to display the QoS policies applied to the management interface control plane.

Syntax

display qos policy control-plane management

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

A QoS policy applied to the management interface control plane takes effect on the packets sent from the management interface to the control plane.

Examples

# Display the QoS policy applied to the management interface control plane.

<Sysname> display qos policy control-plane management

Control plane management

Direction: Inbound

Policy: a

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: a

Matched : 3 (Packets) 180 (Bytes)

Operator: OR

Rule(s) :

If-match control-plane protocol arp

If-match control-plane protocol rip

If-match control-plane protocol-group critical

If-match acl 3001

If-match control-plane protocol bgp

If-match control-plane protocol bgp4+

If-match control-plane protocol ftp

If-match control-plane protocol http https icmp icmp6 ripng snmp

Behavior: a

Committed Access Rate:

CIR 128 (kbps), CBS 5120 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 3 (Packets) 180 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Table 22 Command output

Field	Description
Green packets	Statistics about green packets.
Yellow packets	Statistics about yellow packets.
Red packets	Statistics about red packets.

For the description of other fields, see Table 15 and Table 18.

display qos policy control-plane management pre-defined

Use display qos policy control-plane management pre-defined to display the predefined QoS policy applied to the management interface control plane.

Syntax

display qos policy control-plane management pre-defined

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

A QoS policy applied to the management interface control plane takes effect on the packets sent from the management interface to the control plane.

Examples

# Display the predefined QoS policy applied to the management interface control plane.

<Sysname> display qos policy control-plane management pre-defined

Pre-defined policy information

Protocol Priority Bandwidth (kbps) Group

Default N/A 100000 N/A

ARP N/A 128 normal

BGP N/A 256 critical

BGPv6 N/A 256 critical

HTTP N/A 512 management

HTTPS N/A 512 management

ICMP N/A 128 monitor

ICMPv6 N/A 128 monitor

OSPF Multicast N/A 256 critical

OSPF Unicast N/A 256 critical

OSPFv3 Multicast N/A 256 critical

OSPFv3 Unicast N/A 256 critical

RIP N/A 1024 critical

RIPng N/A 256 critical

SNMP N/A 512 management

SSH N/A 512 management

TELNET N/A 512 management

FTP N/A 512 management

TFTP N/A 512 management

Table 23 Command output

Field	Description
Pre-defined control plane policy management	Predefined QoS policy applied to the management interface control plane.
Protocol	System-defined protocol packet type.
Group	Protocol group to which the protocol belongs.

display qos policy control-plane pre-defined

Use display qos policy control-plane pre-defined to display predefined control plane QoS policies of cards.

Syntax

Centralized devices in standalone mode:

display qos policy control-plane pre-defined

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos policy control-plane pre-defined [ slot slot-number ]

Distributed devices in IRF mode:

display qos policy control-plane pre-defined [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the predefined control plane QoS policies for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays predefined control plane QoS policies for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays predefined control plane QoS policies for all cards. (Distributed devices in IRF mode.)

Examples

# (Distributed devices in standalone mode.) Display the predefined control plane QoS policy of slot 3.

<Sysname> display qos policy control-plane pre-defined slot 3

Pre-defined policy information slot 3

Protocol Priority Bandwidth (kbps) Group

Default N/A 100000 N/A

ARP N/A 128 normal

BGP N/A 256 critical

BGPv6 N/A 256 critical

HTTP N/A 512 management

HTTPS N/A 512 management

ICMP N/A 128 monitor

ICMPv6 N/A 128 monitor

OSPF Multicast N/A 256 critical

OSPF Unicast N/A 256 critical

OSPFv3 Multicast N/A 256 critical

OSFPv3 Unicast N/A 256 critical

RIP N/A 1024 critical

RIPng N/A 256 critical

SNMP N/A 512 management

SSH N/A 512 management

TELNET N/A 512 management

FTP N/A 512 management

TFTP N/A 512 management

# (Centralized devices in IRF mode.) Display the predefined control plane QoS policy of member device 3.

<Sysname> display qos policy control-plane pre-defined slot 3

Pre-defined policy information slot 3

Protocol Priority Bandwidth (kbps) Group

Default N/A 100000 N/A

ARP N/A 128 normal

BGP N/A 256 critical

BGPv6 N/A 256 critical

HTTP N/A 512 management

HTTPS N/A 512 management

ICMP N/A 128 monitor

ICMPv6 N/A 128 monitor

OSPF Multicast N/A 256 critical

OSPF Unicast N/A 256 critical

OSPFv3 Multicast N/A 256 critical

OSFPv3 Unicast N/A 256 critical

RIP N/A 1024 critical

RIPng N/A 256 critical

SNMP N/A 512 management

SSH N/A 512 management

TELNET N/A 512 management

FTP N/A 512 management

TFTP N/A 512 management

# (Distributed devices in IRF mode.) Display the predefined control plane QoS policy of slot 3 of member device 1.

<Sysname> display qos policy control-plane pre-defined chassis 1 slot 3

Pre-defined policy information chassis 1 slot 3

Protocol Priority Bandwidth (kbps) Group

Default N/A 100000 N/A

ARP N/A 128 normal

BGP N/A 256 critical

BGPv6 N/A 256 critical

HTTP N/A 512 management

HTTPS N/A 512 management

ICMP N/A 128 monitor

ICMPv6 N/A 128 monitor

OSPF Multicast N/A 256 critical

OSPF Unicast N/A 256 critical

OSPFv3 Multicast N/A 256 critical

OSFPv3 Unicast N/A 256 critical

RIP N/A 1024 critical

RIPng N/A 256 critical

SNMP N/A 512 management

SSH N/A 512 management

TELNET N/A 512 management

FTP N/A 512 management

TFTP N/A 512 management

Table 24 Command output

Field	Description
Pre-defined control plane policy	Contents of the predefined control plane QoS policy.
Group	Protocol group.

display qos policy interface

Use display qos policy interface to display the QoS policies applied to interfaces or PVCs.

Syntax

Centralized devices in standalone mode:

display qos policy interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] [ inbound | outbound ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos policy interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] [ slot slot-number ] [ inbound | outbound ]

Distributed devices in IRF mode:

display qos policy interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] [ chassis chassis-number slot slot-number ] [ inbound | outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command applies to all PVCs on the ATM interface. When you specify a PVC, you cannot specify the inbound or outbound keyword.

slot slot-number: Specifies a card by its slot number. Only virtual interfaces such as VLAN interfaces and aggregate interfaces support this option. If you do not specify a card, this command displays QoS policies on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify an IRF member device, this command displays QoS policies on the master device. Only virtual interfaces such as VLAN interfaces and aggregate interfaces support this option. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays QoS policies on the global active MPU. Only virtual interfaces such as VLAN interfaces and aggregate interfaces support this option. (Distributed devices in IRF mode.)

inbound: Displays the QoS policy applied to the incoming traffic of the specified interface.

outbound: Displays the QoS policy applied to the outgoing traffic of the specified interface.

Usage guidelines

If you do not specify a direction, this command displays the QoS policy applied to incoming traffic and the QoS policy applied to outgoing traffic.

If you specify a VT interface, this command displays the QoS policies applied to each VA interface of the VT interface. It does not display QoS information about the VT interface.

Examples

# Display the QoS policy applied to the incoming traffic of GigabitEthernet 1/0/1.

<Sysname> display qos policy interface gigabitethernet 1/0/1 inbound

Interface: GigabitEthernet1/0/1

Direction: Inbound

Policy: 1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: 1

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Classifier: 2

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match not protocol ipv6

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark mpls-exp 4

Classifier: 3

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

-none-

Behavior: 3

-none-

# Display the QoS policies applied to all interfaces.

<Sysname> display qos policy interface

Interface: GigabitEthernet5/0/1

Direction: Inbound

Policy: a

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: a

Operator: AND

Rule(s) :

If-match any

Behavior: a

Mirroring:

Mirror to the interface: GigabitEthernet5/0/10

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets)

Red packets : 0 (Packets)

Interface: GigabitEthernet5/0/17

Direction: Inbound

Policy: b

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: b

Operator: AND

Rule(s) :

If-match any

Behavior: b

Committed Access Rate:

CIR 200 (kbps), CBS 51200 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0(Packets)

Red packets : 0 (Packets)

Interface: GigabitEthernet5/0/17

Direction: Inbound

Policy: a

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: a

Operator: AND

Rule(s) :

If-match any

Behavior: a

Mirroring:

Mirror to the interface: GigabitEthernet5/0/10

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets)

Red packets : 0 (Packets)

Table 25 Command output

Field	Description
Direction	Direction in which the QoS policy is applied to the interface.
Matched	Number of matching packets.
Forwarded	Average rate of successfully forwarded matching packets in a statistics collection period.
Dropped	Average rate of dropped matching packets in a statistics collection period.
Green packets	Traffic statistics for green packets.
Yellow packets	Traffic statistics for yellow packets.
Red packets	Traffic statistics for red packets.

For the description of other fields, see Table 15 and Table 18.

display qos policy l2vpn-pw

Use display qos policy l2vpn-pw to display the QoS policies applied to PWs.

Syntax

display qos policy l2vpn-pw [ peer ip-address pw-id pw-id ] [ outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

peer ip-address pw-id pw-id: Specifies a PW by its peer PE LSR ID and its PW ID. The ip-address argument represents the LSR ID of the peer PE of the PW. The value range for the pw-id argument is 1 to 4294967295. If you do not specify a PW, this command displays the QoS policies applied to all PWs.

outbound: Displays the QoS policies applied to the outgoing traffic of PWs.

Usage guidelines

The specified LSR ID and PW ID uniquely identify the PW.

If you do not specify a direction, this command displays the QoS policies applied to outgoing traffic of PWs.

Examples

# Display the QoS policy applied to the outgoing traffic of PW 1 with peer PE IP address 1.1.1.1.

<Sysname> display qos policy l2vpn-pw peer 1.1.1.1 pw-id 1 outbound

L2VPN-PW: peer 1.1.1.1, pw-id 1

Direction: Outbound

Policy: 1

Classifier: 1

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match acl 2000

Behavior: 1

Marking:

Remark dscp 3

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets) 0 (Bytes)

Yellow packets: 0 (Packets) 0 (Bytes)

Red packets : 0 (Packets) 0 (Bytes)

Classifier: 2

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

If-match not protocol ipv6

Behavior: 2

Accounting enable:

0 (Packets)

Filter enable: Permit

Marking:

Remark mpls-exp 4

Classifier: 3

Matched : 0 (Packets) 0 (Bytes)

5-minute statistics:

Forwarded: 0/0 (pps/bps)

Dropped : 0/0 (pps/bps)

Operator: AND

Rule(s) :

-none-

Behavior: 3

-none-

Table 26 Command output

Field	Description
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Direction	Direction to which the QoS policy is applied on the PW.
Matched	Number of matching packets.
5-minute statistics	Traffic statistics in the last 5 minutes.
Forwarded	Average rate of successfully forwarded matching packets during a statistics collection period.
Dropped	Average rate of dropped matching packets during a statistics collection period.
Green packets	Traffic statistics for green packets.
Yellow packets	Traffic statistics for yellow packets.
Red packets	Traffic statistics for red packets.

For the description of other fields, see Table 15 and Table 18.

display qos policy user-profile

Use display qos policy user-profile to display QoS policies applied to user profiles.

Syntax

Centralized devices in standalone mode:

display qos policy user-profile [ name profile-name ] [ user-id user-id ] [ inbound | outbound ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos policy user-profile [ name profile-name ] [ user-id user-id ] [ slot slot-number ] [ inbound | outbound ]

Distributed devices in IRF mode:

display qos policy user-profile [ name profile-name ] [ user-id user-id ] [ chassis chassis-number slot slot-number ] [ inbound | outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name profile-name: Specifies a user profile by its name, a case-sensitive string of 1 to 31 characters. Valid characters include English letters, digits, and underscores (_). The name must start with an English letter and must be unique. If you do not specify a user profile, this command displays QoS policies applied to all user profiles.

user-id user-id: Specifies an online user by a system-assigned, hexadecimal ID. If you do not specify an online user, this command displays QoS policies applied to user profiles for all online users.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays QoS policies applied to user profiles for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays QoS policies applied to user profiles for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays QoS policies applied to user profiles for all cards. (Distributed devices in IRF mode.)

inbound: Specifies QoS policies applied to incoming traffic.

outbound: Specifies QoS policies applied to outgoing traffic.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

If you do not specify a direction, this command displays QoS policies applied in the inbound direction and QoS policies applied in the outbound direction.

Examples

# Display the QoS policy applied to user profile abc for a global user.

<Sysname> display qos policy user-profile name abc user-id 30000000 inbound

User-Profile: abc

User ID: 0x30000000(global)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

# Display the QoS policy applied to user profile abc for a local user.

<Sysname> display qos policy user-profile name abc user-id 30000001 inbound

User-Profile: abc

slot 2:

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

# Display the QoS policy applied to user profile abc for all online users.

<Sysname> display qos policy user-profile name abc inbound

User-Profile: abc

User ID: 0x30000000(global)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

slot 2:

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

slot 3:

User ID: 0x30000002(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

# Display the QoS policy applied to user profile abc for all online users on a card.

<Sysname> display qos policy user-profile name abc slot 2

User-Profile: abc

User ID: 0x30000000(global)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

# Display the QoS policy applied to user profile abc for a local user on all cards.

<Sysname> display qos policy user-profile name abc user-id 30000001

User-Profile: abc

slot 2:

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

slot 3:

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

# Display QoS policies applied to all user profiles for all online users.

<Sysname> display qos policy user-profile

User-Profile: abc

slot 3:

User ID: 0x30000000(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

User-Profile: a12

slot 4:

User ID: 0x30000001(local)

Direction: Inbound

Policy: p1

Classifier: default-class

Matched : 0 (Packets) 0 (Bytes)

Operator: AND

Rule(s) :

If-match any

Behavior: be

-none-

Classifier: a

Operator: AND

Rule(s) :

If-match any

Behavior: a

Mirroring:

Mirror to the interface: GigabitEthernet1/0/1

Committed Access Rate:

CIR 112 (kbps), CBS 5120 (Bytes), EBS 0 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets)

Red packets : 0 (Packets)

Table 27 Command output

Field	Description
global	Indicates a global user, who comes online from a global interface such as an aggregate interface.
local	Indicates a local user, who comes online from a physical interface.
Matched	Number of packets that meet match criteria.
Green packets	Statistics about green packets.
Yellow packets	Statistics about yellow packets.
Red packets	Statistics about red packets.

For the description of other fields, see Table 15 and Table 18.

qos apply policy (interface view, PVC view, control plane view, management interface control plane view, PW view)

Use qos apply policy to apply a QoS policy to an interface, PVC, control plane, or PW.

Use undo qos apply policy to remove an applied QoS policy.

Syntax

qos apply policy policy-name { inbound | outbound }

undo qos apply policy policy-name { inbound | outbound }

Default

No QoS policy is applied.

Views

Control plane view/management interface control plane view

Cross-connect PW view/VSI LDP PW view/VSI static PW view

Interface view

PVC view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.

inbound: Applies the QoS policy to the incoming traffic of an interface, PVC, control plane, or management interface control plane. This keyword is not supported in PW view.

outbound: Applies the QoS policy to the outgoing traffic of an interface, PVC, or PW. This keyword is not supported in control plane view or management interface control plane view.

Usage guidelines

When you apply a QoS policy to an interface, PVC, or PW, follow these rules:

· The bandwidth assigned to AF and EF queues in the QoS policy must be smaller than the available bandwidth of the interface, PVC, or PW. Otherwise, the QoS policy cannot be successfully applied to the interface or PVC.

· If you modify the available bandwidth of the interface, PVC, or PW to be smaller than the bandwidth for AF and EF queues, the applied QoS policy is removed.

· An inbound QoS policy cannot contain a GTS action or any of these queuing actions: queue ef, queue af, or queue wfq.

A QoS policy configured with CBQ is not supported in control plane view or management interface control plane view.

Examples

# Apply QoS policy USER1 to the incoming traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos apply policy USER1 inbound

# Apply QoS policy aaa to the incoming traffic of the control plane of slot 3.

<Sysname> system-view

[Sysname] control-plane slot 3

[Sysname-cp-slot3] qos apply policy aaa inbound

# Apply QoS policy bbb to the incoming traffic of the management interface control plane.

<Sysname> system-view

[Sysname] control-plane management

[Sysname-cp-management] qos apply policy bbb inbound

# Apply QoS policy 1 to the outgoing traffic of PW 1 with peer PE IP address 1.1.1.1.

<Sysname> system-view

[Sysname] xconnect-group a

[Sysname-xcg-a] connection a

[Sysname-xcg-a-a] peer 1.1.1.1 pw-id 1

[Sysname-xcg-a-a-1.1.1.1-1] qos apply policy 1 outbound

qos apply policy (user profile view)

Use qos apply policy to apply a QoS policy to a user profile.

Use undo qos apply policy to remove a QoS policy applied to a user profile.

Syntax

qos apply policy policy-name { inbound | outbound }

undo qos apply policy policy-name { inbound | outbound }

Default

No QoS policy is applied to a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.

inbound: Applies the QoS policy to the incoming traffic of the device (traffic sent by online users).

outbound: Applies the QoS policy to the outgoing traffic of the device (traffic received by online users).

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

The QoS policy applied to a user profile takes effect only when a user comes online through PPPoE authentication.

Deleting a user profile also removes the QoS policies applied to the user profile.

Examples

# Apply QoS policy test to incoming traffic of user profile user.

<Sysname> system-view

[Sysname] user-profile user

[Sysname-user-profile-user] qos apply policy test outbound

qos policy

Use qos policy to create a QoS policy and enter its view, or enter the view of an existing QoS policy.

Use undo qos policy to delete a QoS policy.

Syntax

qos policy policy-name

undo qos policy policy-name

Default

No QoS policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a name for the QoS policy, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To delete a QoS policy that has been applied to an object, you must first remove the QoS policy from the object.

Examples

# Create a QoS policy named user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1]

Related commands

classifier behavior

qos apply policy

reset qos policy advpn

Use reset qos policy advpn to clear the statistics for QoS policies applied to hub-spoke tunnels on a tunnel interface.

Syntax

reset qos policy advpn tunnel number [ ipv4-address | ipv6-address ] [ outbound ]

Views

User view

Predefined user roles

network-admin

Parameters

tunnel number: Specifies a tunnel interface by its number.

ipv4-address: Specifies the spoke's private IPv4 address of a hub-spoke tunnel.

Ipv6-address: Specifies the spoke's private IPv6 address of a hub-spoke tunnel.

outbound: Clears the statistics for the QoS policy applied to outgoing traffic. If you do not specify this keyword, the command clears QoS policy statistics for both incoming traffic and outgoing traffic.

Usage guidelines

If you do not specify a spoke's private IP address of a hub-spoke tunnel, this command clears the QoS policy statistics for all hub-spoke tunnels on a tunnel interface. For information about hub-spoke tunnels, see ADVPN in Layer 3—IP Services Configuration Guide.

Examples

# Clear the statistics for the QoS policy applied to the outgoing traffic of the hub-spoke tunnel with spoke's IPv4 address 192.168.0.3 on tunnel interface 1.

<Sysname> reset qos policy advpn tunnel 1 192.168.0.3 outbound

reset qos policy control-plane

Use reset qos policy control-plane to clear the statistics of the QoS policy applied to a control plane.

Syntax

Centralized devices in standalone mode:

reset qos policy control-plane

Distributed devices in standalone mode/centralized devices in IRF mode:

reset qos policy control-plane slot slot-number

Distributed devices in IRF mode:

reset qos policy control-plane chassis chassis-number slot slot-number

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)

Examples

# (Centralized devices in standalone mode.) Clear the statistics of the QoS policy applied to the control plane.

<Sysname> reset qos policy control-plane

# (Distributed devices in standalone mode.) Clear the statistics of the QoS policy applied to the control plane of card 3.

<Sysname> reset qos policy control-plane slot 3

# (Centralized devices in IRF mode.) Clear the statistics of the QoS policy applied to the control plane of member device 3.

<Sysname> reset qos policy control-plane slot 3

# (Distributed devices in IRF mode.) Clear the statistics of the QoS policy applied to the control plane of card 3 on IRF member 1.

<Sysname> reset qos policy control-plane chassis 1 slot 3

reset qos policy control-plane management

Use reset qos policy control-plane management to clear the statistics of the QoS policy applied to the management interface control plane.

Syntax

reset qos policy control-plane management

Views

User view

Predefined user roles

network-admin

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

A QoS policy applied to the management interface control plane takes effect on the packets sent from the management interface to the control plane.

Examples

# Clear the statistics of the QoS policy applied to the management interface control plane.

<Sysname> reset qos policy control-plane management

QoS policy-based traffic rate statistics collection period commands

qos flow-interval

Use qos flow-interval to set the QoS policy-based traffic rate statistics collection period for an interface.

Use undo qos flow-interval to restore the default.

Syntax

qos flow-interval interval

undo qos flow-interval

Default

The QoS policy-based traffic rate statistics collection period is 5 minutes on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

interval: Sets the QoS policy-based traffic rate statistics collection period in minutes, in the range of 1 to 10.

Usage guidelines

You can enable collection of per-class traffic statistics over a period of time, including the average forwarding rate and drop rate. For example, if you set the statistics collection period to 10 minutes, the system performs the following operations:

· Collects traffic statistics for the most recent 10 minutes.

· Refreshes the statistics every 10/5 minutes, 2 minutes.

The traffic rate statistics collection period of a subinterface is the same as the period configured on the main interface.

Examples

# Set the QoS policy-based traffic rate statistics collection period to 10 minutes on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos flow-interval 10

Related commands

display qos policy interface

Priority mapping commands

Priority map commands

display qos map-table

Use display qos map-table to display the configuration of priority maps.

Syntax

display qos map-table [ dot1p-lp | dscp-lp | lp-dot1p | lp-dscp ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

The device provides the following types of priority map.

Table 28 Priority maps

Priority mapping	Description
dot1p-lp	802.1p-local priority map.
dscp-lp	DSCP-local priority map.
lp-dot1p	Local-802.1p priority map.
lp-dscp	Local-DSCP priority map.

Usage guidelines

If you do not specify a priority map, this command displays the configuration of all priority maps.

Examples

# Display the configuration of the 802.1p-local priority map.

<Sysname> display qos map-table dot1p-lp

MAP-TABLE NAME: dot1p-lp TYPE: pre-define

IMPORT : EXPORT

0 : 2

1 : 0

2 : 1

3 : 3

4 : 4

5 : 5

6 : 6

7 : 7

Table 29 Command output

Field	Description
MAP-TABLE NAME	Name of the priority map.
TYPE	Type of the priority map.
IMPORT	Input values of the priority map.
EXPORT	Output values of the priority map.

import

Use import to configure mappings for a priority map.

Use undo import to restore the specified or all mappings to the default for a priority map.

Syntax

import import-value-list export export-value

undo import { import-value-list | all }

Default

The default priority maps are used. For more information, see ACL and QoS Configuration Guide.

Views

Priority map view

Predefined user roles

network-admin

Parameters

import-value-list: Specifies a list of input values.

export-value: Specifies the output value.

all: Restores all mappings in the priority map to the default.

Examples

# Configure the 802.1p-local priority map to map 802.1p priority values 4 and 5 to local priority 1.

<Sysname> system-view

[Sysname] qos map-table dot1p-lp

[Sysname-maptbl-dot1p-lp] import 4 5 export 1

Related commands

display qos map-table

qos map-table

Use qos map-table to enter the specified priority map view.

Syntax

qos map-table { dot1p-lp | dscp-lp | lp-dot1p | lp-dscp }

Views

System view

Predefined user roles

network-admin

Parameters

For the description of the keywords, see Table 28.

Examples

# Enter the 802.1p-local priority map view.

<Sysname> system-view

[Sysname] qos map-table dot1p-lp

[Sysname-maptbl-in-dot1p-lp]

Related commands

display qos map-table

import

Port priority commands

This feature is supported only on the following ports:

· Layer 2 Ethernet ports on Ethernet switching modules.

· Fixed Layer 2 Ethernet ports on MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS/MSR2600-6-X1/2600-10-X1/MSR3600-28/3600-51/3600-28-SI/3600-51-SI routers/MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL routers.

qos priority

Use qos priority to change the port priority of an interface.

Use undo qos priority to restore the default.

Syntax

qos priority priority-value

undo qos priority

Default

The port priority is 0.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the port priority value in the range of 0 to 7.

Examples

# Set the port priority of GigabitEthernet 1/0/1 to 2.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos priority 2

Related commands

display qos trust interface

Priority trust mode commands

This feature is supported only on the following ports:

· Layer 2 Ethernet ports on Ethernet switching modules.

display qos trust interface

Use display qos trust interface to display the priority trust mode and port priorities of an interface.

Syntax

display qos trust interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the priority trust mode and port priorities of all interfaces.

Examples

# Display the priority trust mode and port priority of GigabitEthernet 1/0/1 (on a single port priority-type device).

<Sysname> display qos trust interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

Port priority trust information

Port priority:4

Port priority trust type: dot1p

Table 30 Command output

Field	Description
Interface	Interface type and interface number.
Port priority	Port priority set for the interface.
Port priority trust type	Priority trust mode on the interface: dot1p or dscp.

qos trust

Use qos trust to configure the priority trust mode for an interface.

Use undo qos trust to restore the default.

Syntax

qos trust { dot1p | dscp }

undo qos trust

Default

No priority trust mode is configured for an interface.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

dot1p: Uses the 802.1p priority in incoming packets for priority mapping.

dscp: Uses the DSCP value in incoming packets for priority mapping. This keyword is supported only on the following ports:

· Layer 2 Ethernet ports on SIC-4GSW, SIC-4GSWP, SIC-4GSWF, HMIM-8GSWF, HMIM-24GSW/24GSWP, and HMIM-8GSW modules.

Examples

# Set the priority trust mode to 802.1p priority on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos trust dot1p

Related commands

display qos trust interface

Traffic policing, GTS, and rate limit commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

PWs are not supported on the following routers:

· MSR810-LMS/810-LUS.

· MSR3600-28-SI/3600-51-SI.

Traffic policing commands

display qos car interface

Use display qos car interface to display the CAR information for interfaces.

Syntax

display qos car interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the CAR information for all interfaces.

Examples

# Display the CAR information for GigabitEthernet 1/0/1.

<Sysname> display qos car interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

Direction: inbound

Rule: If-match any

CIR 128 (kbps), CBS 5120 (Bytes), PIR 128 (kbps), EBS 512 (Bytes)

Green action : pass

Yellow action : pass

Red action : discard

Green packets : 0 (Packets), 0 (Bytes)

Yellow packets: 0 (Packets), 0 (Bytes)

Red packets : 0 (Packets), 0 (Bytes)

Table 31 Command output

Field	Description
Interface	Interface name, including interface type and interface number.
Direction	Direction in which traffic policing is applied.
Rule	Match criteria.
CIR	CIR in kbps.
CBS	CBS in bytes.
EBS	EBS in bytes.
PIR	PIR in kbps.
Green action	Action to take on green packets.
Yellow action	Action to take on yellow packets.
Red action	Action to take on red packets.

display qos carl

Use display qos carl to display CAR lists.

Syntax

Centralized devices in standalone mode:

display qos carl [ carl-index ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos carl [ carl-index ] [ slot slot-number ]

Distributed devices in IRF mode:

display qos carl [ carl-index ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

carl-index: Specifies a CAR list by its number in the range of 1 to 199. If you do not specify a CAR list, this command displays all CAR lists.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the CAR lists for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, th is command displays the CAR lists for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the CAR lists for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display all CAR lists.

<Sysname> display qos carl

List Rules

1 destination-ip-address range 1.1.1.1 to 1.1.1.2 per-address shared-bandwidth

2 destination-ip-address subnet 1.1.1.1 22 per-address shared-bandwidth

4 dscp 1 2 3 4 5 6 7 cs1

5 mac 0000-0000-0000

6 mpls-exp 0 1 2

9 precedence 0 1 2 3 4 5 6 7

10 source-ip-address range 1.1.1.1 to 1.1.1.2

11 source-ip-address subnet 1.1.1.1 31

qos car (interface view)

Use qos car to configure a CAR policy on an interface.

Use undo qos car to delete a CAR policy from an interface.

Syntax

qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action | red action | yellow action ] *

qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ green action | red action | yellow action ] *

undo qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index }

Default

No CAR policy is configured on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Performs CAR for incoming packets on the interface.

outbound: Performs CAR for outgoing packets on the interface.

any: Performs CAR for all IP packets in the specified direction.

acl [ ipv6 ] acl-number: Performs CAR for packets matching an ACL specified by its number. The value range for the acl-number argument is 2000 to 3999. If you do not specify ipv6, this option specifies an IPv4 ACL. If you specify ipv6, this option specifies an IPv6 ACL.

carl carl-index: Performs CAR for packets matching a CAR list specified by its number in the range of 1 to 199.

cir committed-information-rate: Specifies the CIR in kbps in the range of 8 to 10000000.

cbs committed-burst-size: Specifies the CBS in bytes, which is the size of bursty traffic when the actual average rate is not greater than the CIR. The value range for committed-burst-size is 1000 to 1000000000.

ebs excess-burst-size: Specifies the EBS in bytes. The value range for excess-burst-size is 0 to 1000000000.

pir peak-information-rate: Specifies the PIR in kbps. The value range for peak-information-rate is 8 to 10000000.

green: Specifies the action to take on packets when the traffic rate conforms to the CIR. The default is pass.

red: Specifies the action to take on packets when the traffic rate conforms to neither CIR nor PIR. The default is discard.

yellow: Specifies the action to take on packets when the traffic rate exceeds the CIR but conforms to the PIR. The default is pass.

action: Specifies the action to take on packets.

· continue: Continues to process the packet by using the next CAR policy.

· discard: Drops the packet.

· pass: Permits the packet to pass through.

· remark-dot1p-continue new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and continues to process the packet by using the next CAR policy. The new-cos argument is in the range of 0 to 7.

· remark-dot1p-pass new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and permits the packet to pass through. The new-cos argument is in the range of 0 to 7.

· remark-dscp-continue new-dscp: Remarks the packet with a new DSCP value and continues to process the packet by using the next CAR policy. The new-dscp argument is in the range of 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.

· remark-dscp-pass new-dscp: Remarks the packet with a new DSCP value and permits the packet to pass through. The new-dscp argument is in the range of 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.

· remark-mpls-exp-continue new-exp: Sets the EXP field value of the MPLS packet to new-exp and continues to process the packet by using the next CAR policy. The new-exp argument is in the range of 0 to 7.

· remark-mpls-exp-pass new-exp: Sets the EXP field value of the MPLS packet to new-exp and permits the packet to pass through. The new-exp argument is in the range of 0 to 7.

· remark-prec-continue new-precedence: Remarks the packet with a new IP precedence and continues to process the packet by using the next CAR policy. The new-precedence argument is in the range of 0 to 7.

· remark-prec-pass new-precedence: Remarks the packet with a new IP precedence and permits the packet to pass through. The new-precedence argument is in the range of 0 to 7.

Usage guidelines

To use two rates for traffic policing, configure the qos car command with the pir peak-information-rate option. To use one rate for traffic policing, configure the qos car command without the pir peak-information-rate option.

You can configure multiple qos car commands on an interface to define multiple CAR policies. These CAR policies are executed in their configuration order.

Examples

# Perform CAR for all packets in the outbound direction of GigabitEthernet 1/0/1. The CAR parameters are as follows:

· CIR is 200 kbps.

· CBS is 5120 bytes.

· EBS is 0.

· Conforming packets are transmitted.

· Excess packets are set with an IP precedence of 0 and transmitted.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos car outbound any cir 200 cbs 5120 ebs 0 green pass red remark-prec-pass 0

Related commands

display qos car interface

qos carl

qos car any (user profile view)

Use qos car any to configure a CAR policy for all IP packets of a user profile.

Use undo qos car to delete a CAR policy from a user profile.

Syntax

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]

undo qos car { inbound | outbound }

Default

No CAR policy is configured for a user profile.

Views

User profile view

Predefined user roles

network-admin

Parameters

inbound: Performs CAR for incoming traffic (traffic sent by the online users).

outbound: Performs CAR for outgoing traffic (traffic received by the online users).

cir committed-information-rate: Specifies the CIR in kbps in the range of 8 to 10000000.

ebs excess-burst-size: Specifies the EBS in bytes. The value range for excess-burst-size is 0 to 1000000000.

pir peak-information-rate: Specifies the PIR in kbps. The value range for peak-information-rate is 8 to 10000000.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

The CAR policy configured for a user profile takes effect only when a user comes online through PPPoE authentication.

The conforming traffic is permitted to pass through, and the excess traffic is dropped.

If you execute the qos car command multiple times for the same user profile, the most recent configuration takes effect.

Examples

# Perform CAR for packets received by user profile user. The CAR parameters are as follows:

· The CIR is 200 kbps.

· The CBS is 51200 bytes.

<Sysname> system-view

[Sysname] user-profile user

[Sysname-user-profile-user] qos car outbound any cir 200 cbs 51200

qos carl

Use qos carl to create or modify a CAR list.

Use undo qos carl to delete a CAR list.

Syntax

qos carl carl-index { dscp dscp-list | mac mac-address | mpls-exp mpls-exp-value | precedence precedence-value | { destination-ip-address | source-ip-address } { range start-ip-address to end-ip-address | subnet ip-address mask-length } [ per-address [ shared-bandwidth ] ] }

undo qos carl carl-index

Default

No CAR list is configured.

Views

System view

Predefined user roles

network-admin

Parameters

carl-index: Specifies a CAR list by its number in the range of 1 to 199.

dscp dscp-list: Specifies a list of DSCP values. A DSCP value can be a number from 0 to 63 or any of the following keywords af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef. You can configure up to eight DSCP values in one command line. If the same DSCP value is specified multiple times, the system considers the values to be one value. If a packet matches one of the defined DSCP values, it matches the if-match clause.

mac mac-address: Specifies a MAC address in hexadecimal format.

mpls-exp mpls-exp-value: Specifies an MPLS EXP value in the range of 0 to 7. You can configure up to eight MPLS EXP values in one command line. If the same MPLS EXP value is specified multiple times, the system considers the values to be one value. If a packet matches one of the defined MPLS EXP values, it matches the if-match clause.

precedence precedence: Specifies a precedence value in the range of 0 to 7. You can configure up to eight IP precedence values in one command line. If the same IP precedence value is specified multiple times, the system considers the values to be one value. If a packet matches one of the defined IP precedence values, it matches the if-match clause.

destination-ip-address: Configures a destination IP address-based CAR list.

source-ip-address: Configures a source IP address-based CAR list.

range start-ip-address to end-ip-address: Specifies an IP address range by the start address and end address. The value for end-ip-address must be greater than the value for start-ip-address. An IP address range can accommodate a maximum of 1024 IP addresses.

subnet ip-address mask-length: Specifies a subnet by the IP subnet address and IP subnet address mask length. The value range for mask-length is 22 to 31.

per-address: Performs per-IP address rate limiting within the network segment. When this keyword is specified, the CIR is dedicated bandwidth for each IP address and is not shared by any other IP address. If you do not specify this keyword, the following events occur:

· Rate limiting is performed for the entire network segment.

· All of the CIR is allocated among all IP addresses in proportion to the traffic load of each IP address.

shared-bandwidth: Specifies that traffic of all IP addresses within the network segment shares the remaining bandwidth. If you specify this keyword, all of the CIR is allocated evenly among all IP addresses with traffic load.

Usage guidelines

You can create a CAR list based on IP precedence, MAC address, MPLS EXP, DSCP, or IP network segment.

If you execute this command multiple times for the same CAR list, the most recent configuration takes effect. If you execute this command multiple times for different CAR lists, multiple CAR lists are created.

To perform rate limiting for a single IP address, use the qos car acl command in interface view.

Examples

# Apply CAR list 1 to the outbound direction of GigabitEthernet 1/0/1 to meet the following requirements:

· The rate of each host on the subnet 1.1.1.0/24 is limited to 100 kbps.

· Traffic of IP addresses in the subnet does not share the remaining bandwidth.

<Sysname> system-view

[Sysname] qos carl 1 source-ip-address subnet 1.1.1.0 24 per-address

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos car outbound carl 1 cir 100 cbs 5120 ebs 0 green pass red discard

# Apply CAR list 2 to the outbound direction of GigabitEthernet 1/0/1 to meet the following requirements:

· The rate of each host in the IP address range of 1.1.2.100 to 1.1.2.199 is limited to 5 Mbps.

· Traffic of IP addresses in the subnet shares the remaining bandwidth.

<Sysname> system-view

[Sysname] qos carl 2 source-ip-address range 1.1.2.100 to 1.1.2.199 per-address shared-bandwidth

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos car outbound carl 2 cir 5000 cbs 5120 ebs 31250 green pass red discard

Related commands

display qos carl

qos car

GTS commands

display qos gts interface

Use display qos gts interface to display the GTS information for interfaces.

Syntax

display qos gts interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the GTS information for all interfaces.

Examples

# Display the GTS information for all interfaces.

<Sysname> display qos gts interface

Interface: GigabitEthernet1/0/1

Rule: If-match acl 2001

CIR 200 (kbps), CBS 51200 (Bytes), PIR 51200 (kbps), EBS 0 (Bytes)

Queue Length: 100 (Packets)

Queue Size: 70 (Packets)

Passed : 0 (Packets) 0 (Bytes)

Discarded: 0 (Packets) 0 (Bytes)

Delayed : 0 (Packets) 0 (Bytes)

Interface: GigabitEthernet1/0/2

Rule: If-match acl 2001

CIR 50 (%), CBS 600 (ms), EBS 0 (ms)

Queue Length: 100 (Packets)

Queue Size: 70 (Packets)

Passed : 0 (Packets) 0 (Bytes)

Discarded: 0 (Packets) 0 (Bytes)

Delayed : 0 (Packets) 0 (Bytes)

Table 32 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
Rule	Match criteria.
CIR	CIR in kbps.
CBS	CBS in bytes.
EBS	EBS in bytes.
PIR	PIR in kbps.
Queue Length	Number of packets that the buffer can hold.
Queue Size	Number of packets in the buffer.
Passed	Number and bytes of packets that have been forwarded.
Discarded	Number and bytes of dropped packets.
Delayed	Number and bytes of delayed packets.

qos gts

Use qos gts to set GTS parameters for traffic of a traffic class or all traffic on an interface.

Use qos gts acl to set GTS parameters for the traffic matching an ACL. Using the command multiple times with different ACLs sets GTS parameters for different traffic flows.

Use qos gts any to set GTS parameters for all traffic on an interface.

Use undo qos gts to delete the GTS configuration for traffic of a traffic class or all traffic on an interface.

Syntax

qos gts { any | acl [ ipv6 ] acl-number } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

qos gts { any | acl [ ipv6 ] acl-number } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]

undo qos gts { any | acl [ ipv6 ] acl-number }

Default

No GTS parameters are configured on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

any: Shapes all packets.

acl [ ipv6 ] acl-number: Performs GTS for packets matching an ACL specified by its number in the range of 2000 to 3999. If you do not specify ipv6, this option specifies an IPv4 ACL. If you specify ipv6, this option specifies an IPv6 ACL.

cir committed-information-rate: Specifies the CIR in kbps in the range of 8 to 10000000.

cbs committed-burst-size: Specifies the CBS in bytes in the range of 1000 to 1000000000.

ebs excess-burst-size: Specifies the EBS in bytes, which is the traffic exceeding CBS when two token buckets are used. The value range for excess-burst-size is 0 to 1000000000.

pir peak-information-rate: Specifies the PIR in kbps in the range of 8 to 10000000. The PIR cannot be smaller than the CIR.

queue-length queue-length: Specifies the maximum queue length in the buffer.

Usage guidelines

To use two rates for traffic shaping, configure the qos gts command with the pir peak-information-rate option. To use one rate for traffic shaping, configure the qos gts command without the pir peak-information-rate option.

Examples

# Shape the packets matching ACL 2001 on GigabitEthernet 1/0/1. The GTS parameters are as follows:

· The CIR is 200 kbps.

· The CBS is 51200 bytes.

· The EBS is 0.

· The maximum buffer queue length is 100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos gts acl 2001 cir 200 cbs 51200 ebs 0 queue-length 100

Rate limit commands

display qos lr

Use display qos lr to display the rate limit information for interfaces or PWs.

Syntax

display qos lr { interface [ interface-type interface-number ] | l2vpn-pw [ peer ip-address pw-id pw-id ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the rate limit information for all interfaces.

Examples

# Display the rate limit information for all interfaces.

<Sysname> display qos lr interface

Interface: GigabitEthernet1/0/1

Direction: Inbound

CIR 2000 (kbps), CBS 20480 (Bytes), EBS 0 (Bytes)

Passed : 1000 (Packets) 1000 (Bytes)

Discarded: 1000 (Packets) 1000 (Bytes)

Delayed : 1000 (Packets) 1000 (Bytes)

Active shaping: No

Interface: GigabitEthernet1/0/2

Direction: Outbound

CIR 50 (%), CBS 600 (ms), EBS 0 (ms)

Passed : 1000 (Packets) 1000 (Bytes)

Discarded: 1000 (Packets) 1000 (Bytes)

Delayed : 1000 (Packets) 1000 (Bytes)

Active shaping: No

# Display the rate limit information for all PWs.

<Sysname> display qos lr l2vpn-pw

L2VPN-PW: peer 1.2.3.4, pw-id 1

Direction: Outbound

CIR 1024 (kbps), CBS 64000 (Bytes), EBS 0 (Bytes)

Passed : 0 (Packets) 0 (Bytes)

Delayed : 0 (Packets) 0 (Bytes)

Active shaping: No

Table 33 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Direction	Direction to which the rate limit configuration is applied: inbound or outbound.
CIR	CIR in kbps.
CBS	CBS in bytes.
EBS	EBS in bytes.
Passed	Number and bytes of packets that have passed.
Delayed	Number and bytes of delayed packets.
Active shaping	Indicates whether the rate limit configuration is activated: · Yes—Activated. · No—Not activated.

qos lr

Use qos lr to configure rate limiting on an interface or PW.

Use undo qos lr to delete the rate limit configuration.

Syntax

qos lr outbound cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

undo qos lr outbound

Default

No rate limit is configured on an interface or PW.

Views

Cross-connect PW view

VSI LDP PW view

VSI static PW view

Interface view

Predefined user roles

network-admin

Parameters

outbound: Limits the rate of outgoing packets.

cir committed-information-rate: Specifies the CIR in kbps in the range of 8 to 10000000.

cbs committed-burst-size: Specifies the CBS in bytes in the range of 500 to 1000000000.

ebs excess-burst-size: Specifies the EBS in bytes, which is the traffic exceeding CBS when two token buckets are used. The value range for excess-burst-size is 0 to 1000000000.

Examples

# Limit the rate of outgoing packets on GigabitEthernet 1/0/1, with CIR 200 kbps and CBS 51200 bytes.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos lr outbound cir 200 cbs 51200

Congestion management commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

Support for ATM interfaces depends on the device model. For more information, see the installation guide and the interface module manual.

PWs are not supported on the following routers:

· MSR810-LMS/810-LUS.

· MSR3600-28-SI/3600-51-SI.

Common commands

display qos queue interface

Use display qos queue interface to display the queuing information for interfaces or PVCs.

Syntax

display qos queue interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the queuing information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the queuing information for all PVCs on the ATM interface.

Examples

# Display the queuing information for all interfaces.

<Sysname> display qos queue interface

Interface: GigabitEthernet1/0/1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Weighted Fair queuing: Size/Length/Discards 0/64/0

Weight: IP Precedence

Queues: Active/Max active/Total 0/0/128

Interface: GigabitEthernet1/0/2

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Table 34 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of packets dropped.
Weight	Weight type: · IP Precedence. · DSCP.
Active	Number of active WFQ queues.
Max active	Maximum number of active WFQ queues that was reached.
Total	Total number of configured WFQ queues.

display qos queue l2vpn-pw

Use display qos queue l2vpn-pw to display the queuing information for PWs.

Syntax

display qos queue l2vpn-pw [ peer ip-address pw-id pw-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display the queuing information for all PWs.

<Sysname> display qos queue l2vpn-pw

L2VPN-PW: peer 1.1.1.1, pw-id 1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

L2VPN-PW: peer 2.2.2.2 pw-id 2

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Weighted Fair queuing: Size/Length/Discards 0/64/0

Weight: IP Precedence

Queues: Active/Max active/Total 0/0/128

Table 35 Command output

Field	Description
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of packets dropped.
Weight	Weight type: · IP Precedence. · DSCP.
Active	Number of active WFQ queues.
Max active	Maximum number of active WFQ queues that was reached.
Total	Total number of configured WFQ queues.

reset qos statistics l2vpn-pw

Use reset qos statistics l2vpn-pw to clear the QoS statistics for PWs.

Syntax

reset qos statistics l2vpn-pw [ peer ip-address pw-id pw-id ]

Views

User view

Predefined user roles

network-admin

Parameters

Examples

# Clear the QoS statistics for PW 1 with peer PE IP address 1.1.1.1.

<Sysname> reset qos statistics l2vpn-pw peer 1.1.1.1 pw-id 1

FIFO queuing commands

display qos queue fifo

Use display qos queue fifo to display the FIFO information for interfaces, PVCs or PWs.

Syntax

display qos queue fifo { interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] | l2vpn-pw [ peer ip-address pw-id pw-id ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the FIFO information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the FIFO information for all PVCs on the ATM interface.

Examples

# Display the FIFO information for all interfaces.

<Sysname> display qos queue fifo interface

Interface: GigabitEthernet1/0/2

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

# Display the FIFO information for all PWs.

<Sysname> display qos queue fifo l2vpn-pw

L2VPN-PW: peer 1.1.1.1, pw-id 1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Table 36 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of packets dropped.

qos fifo queue-length

Use qos fifo queue-length to set the FIFO queue length.

Use undo qos fifo queue-length to restore the default.

Syntax

qos fifo queue-length queue-length

undo qos fifo queue-length

Default

The FIFO queue length is 75.

Views

Cross-connect PW view

VSI LDP PW view

VSI static PW view

Interface view

PVC view

Predefined user roles

network-admin

Parameters

queue-length: Specifies the queue length in the range of 1 to 1024.

Usage guidelines

For FIFO queuing to take effect on a subinterface, you must configure the rate limit on the subinterface.

Examples

# Set the FIFO queue length to 100.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos fifo queue-length 100

Related commands

display qos queue fifo interface

PQ commands

display qos queue pq interface

Use display qos queue pq interface to display the PQ information for interfaces or PVCs.

Syntax

display qos queue pq interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the PQ information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the PQ information for all PVCs on the ATM interface.

Usage guidelines

If you specify a VT interface, this command displays the PQ information for all VA interfaces of the VT interface. A VT interface itself does not have QoS information.

Examples

# Display the PQ information for GigabitEthernet 1/0/1.

<Sysname> display qos queue pq interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Priority queuing: PQL 1 Size/Length/Discards

Top: 0/20/0 Middle: 0/40/0 Normal: 0/60/0 Bottom: 0/80/0

Table 37 Command output

Field	Description
Priority queuing: PQL 1	PQL 1 indicates the PQ list in use.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of dropped packets.
Top	Top priority queue.
Middle	Middle priority queue.
Normal	Normal priority queue.
Bottom	Bottom priority queue.

display qos pql

Use display qos pql to display the PQ list configuration.

Syntax

Centralized devices in standalone mode:

display qos pql [ pql-index ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos pql [ pql-index ] [ slot slot-number ]

Distributed devices in IRF mode:

display qos pql [ pql-index ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the PQ list configuration for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the PQ list configuration for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the PQ list configuration for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display the configuration of all PQ lists.

<Sysname> display qos pql

Current PQL configuration:

List Queue Parameters

------------------------------------------------------

1 Top Protocol ip less-than 1000

2 Normal Length 80

2 Bottom Length 40

3 Middle Inbound-interface GigabitEthernet1/0/1

4 Top Local-precedence 7

qos pq

Use qos pq to apply a PQ list to an interface or PVC.

Use undo qos pq to restore the default.

Syntax

qos pq pql pql-index

undo qos pq

Default

An interface or PVC uses FIFO queuing.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

pql pql-index: Specifies a PQ list by its number in the range of 1 to 16.

Usage guidelines

You must configure the rate limit for the PQ feature to take effect on the following interfaces:

· Tunnel interfaces.

· Subinterfaces.

· Layer 3 aggregate interfaces.

· HDLC link bundle interfaces.

· VT and dialer interfaces configured with PPPoE, PPPoA, PPPoEoA, PPPoFR, or MPoFR.

If you execute this command multiple times on an interface or PVC, the most recent configuration takes effect.

Multiple match criteria can be configured for a PQ list. When a packet arrives, it is examined against match criteria in their configuration order.

· When a match is found, the packet is assigned to the corresponding queue, and the matching process ends.

· If no match is found, the packet is assigned to the default queue.

Examples

# Apply PQ list 12 to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos pq pql 12

qos pql default-queue

Use qos pql default-queue to specify a priority queue as the default queue for a PQ list.

Use undo qos pql default-queue to restore the default.

Syntax

qos pql pql-index default-queue { bottom | middle | normal | top }

undo qos pql pql-index default-queue

Default

The normal queue is the default queue for a PQ list.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

Usage guidelines

If a packet does not match any criteria in a PQ list, the packet is assigned to the default queue of the PQ list.

If you execute this command multiple times for the same PQ list, the most recent configuration takes effect.

Examples

# Specify the bottom queue as the default queue for PQ list 12.

<Sysname> system-view

[Sysname] qos pql 12 default-queue bottom

qos pql inbound-interface

Use qos pql inbound-interface to configure an assignment rule for a PQ list to assign packets received on the specified interface to a priority queue.

Use undo qos pql inbound-interface to delete an assignment rule based on the specified input interface from a PQ list.

Syntax

qos pql pql-index inbound-interface interface-type interface-number queue { bottom | middle | normal | top }

undo qos pql pql-index inbound-interface interface-type interface-number

Default

No assignment rule is configured for a PQ list.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

interface-type interface-number: Specifies an input interface by its type and number.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

Usage guidelines

You can configure this command multiple times for the same PQ list to establish multiple assignment rules based on input interfaces.

Examples

# In PQ list 12, assign packets received on GigabitEthernet 1/0/1 to the middle queue.

<Sysname> system-view

[Sysname] qos pql 12 inbound-interface gigabitethernet 1/0/1 queue middle

qos pql local-precedence

Use qos pql local-precedence to configure an assignment rule for a PQ list to assign packets with any of the specified local precedence values to a priority queue.

Use undo qos pql local-precedence to delete an assignment rule based on the specified local precedence values from a PQ list.

Syntax

qos pql pql-index local-precedence local-precedence-list queue { bottom | middle | normal | top }

undo qos pql pql-index local-precedence local-precedence-list

Default

No assignment rule is configured for a PQ list.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

local-precedence-list: Specifies a space-separated list of up to eight local precedence values. The value range is 0 to 7.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

Usage guidelines

You can configure this command multiple times for the same PQ list to establish multiple assignment rules based on local precedence values.

Examples

# In PQ list 12, assign packets with local precedence 3 to the middle queue.

<Sysname> system-view

[Sysname] qos pql 12 local-precedence 3 queue middle

qos pql protocol

Use qos pql protocol to configure an assignment rule for a PQ list to assign packets of the specified protocol type to a priority queue.

Use undo qos pql protocol to delete an assignment rule based on the specified protocol type from a PQ list.

Syntax

qos pql pql-index protocol { ip | ipv6 } [ queue-key key-value ] queue { bottom | middle | normal | top }

undo qos pql pql-index protocol { ip | ipv6 } [ queue-key key-value ]

Default

No assignment rule is configured for a PQ list.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

queue-key key-value: Matches specific IP or IPv6 packets. If you specify neither the queue-key argument nor the key-value argument, all IP or IPv6 packets are matched.

Table 38 Values of the queue-key argument and the key-value argument

queue-key	key-value	Description
acl	ACL number in the range of 2000 to 3999	Packets matching a specific ACL are enqueued.
fragments	N/A	Fragmented packets are enqueued.
greater-than	Length in the range of 0 to 65535	Packets greater than a specific size are enqueued.
less-than	Length in the range of 0 to 65535	Packets smaller than a specific size are enqueued.
tcp	Port number in the range of 0 to 65535 or port name	Packets with a specific source or destination TCP port number are enqueued.
udp	Port number in the range of 0 to 65535 or port name	Packets with a specific source or destination UDP port number are enqueued.

Usage guidelines

When classifying a packet, the system matches the packet against match criteria in the order configured. When a match is found, the matching process ends.

You can configure this command multiple times for the same PQ list to establish multiple assignment rules based on protocol types.

Examples

# In PQ list 5, assign IP packets matching ACL 3100 to the top queue.

<Sysname> system-view

[Sysname] qos pql 5 protocol ip acl 3100 queue top

qos pql protocol mpls exp

Use qos pql protocol mpls exp to configure an assignment rule for a PQ list to assign packets with any of the specified MPLS EXP values to a priority queue.

Use undo qos pql protocol mpls exp to delete an assignment rule based on the specified MPLS EXP values from a PQ list.

Syntax

qos pql pql-index protocol mpls exp exp-list queue { bottom | middle | normal | top }

undo qos pql pql-index protocol mpls exp exp-list

Default

No assignment rule is configured for a PQ list.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

exp-list: Specifies a space-separated list of up to eight MPLS EXP values. The value range is 0 to 7.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

Usage guidelines

You can configure this command multiple times for the same PQ list to establish multiple assignment rules based on MPLS EXP values.

Examples

# In PQ list 5, assign packets with MPLS EXP value 2 or 4 to the top queue.

<Sysname> system-view

[Sysname] qos pql 5 protocol mpls exp 2 4 queue top

qos pql queue

Use qos pql queue to specify the length of a priority queue in a PQ list.

Use undo qos pql queue to restore the default length for a priority queue in a PQ list.

Syntax

qos pql pql-index queue { bottom | middle | normal | top } queue-length queue-length

undo qos pql pql-index queue { bottom | middle | normal | top } queue-length

Default

The queue length values for top, middle, normal, and bottom queues are 20, 40, 60, and 80, respectively.

Views

System view

Predefined user roles

network-admin

Parameters

pql-index: Specifies a PQ list by its number in the range of 1 to 16.

top, middle, normal, bottom: Specifies a priority queue. The four queues are in descending priority order.

queue-length: Specifies the queue length (maximum number of packets that can be held in the queue) in the range of 1 to 1024.

Usage guidelines

If a queue is full, all subsequent packets to this queue are dropped.

Examples

# In PQ list 10, set the length of the top queue to 10.

<Sysname> system-view

[Sysname] qos pql 10 queue top queue-length 10

CQ commands

display qos queue cq interface

Use display qos queue cq interface to display the CQ information for interfaces or PVCs.

Syntax

display qos queue cq interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the CQ information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the CQ information for all PVCs on the ATM interface.

Usage guidelines

If you specify a VT interface, this command displays the CQ information for all VA interfaces of the VT interface. A VT interface itself does not have QoS information.

Examples

# Display the CQ information for GigabitEthernet 1/0/1.

<Sysname>display qos queue cq interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Custom queuing: CQL 1 Size/Length/Discards

1: 0/20/0 2: 0/20/0 3: 0/20/0

4: 0/20/0 5: 0/20/0 6: 0/20/0

7: 0/20/0 8: 0/20/0 9: 0/20/0

10: 0/20/0 11: 0/20/0 12: 0/20/0

13: 0/20/0 14: 0/20/0 15: 0/20/0

16: 0/20/0

Table 39 Command output

Field	Description
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of dropped packets.

display qos cql

Use display qos cql to display the CQ list configuration.

Syntax

Centralized devices in standalone mode:

display qos cql [ cql-index ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display qos cql [ cql-index ] [ slot slot-number ]

Distributed devices in IRF mode:

display qos cql [ cql-index ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16. If you do not specify a CQ list, this command displays the configuration of all CQ lists.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the CQ list configuration for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the CQ list configuration for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify this option, the command displays the CQ list configuration for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display the configuration of all CQ lists.

<Sysname> display qos cql

Current CQL configuration:

List Queue Parameters

------------------------------------------------------

2 3 Protocol ip fragments

3 6 Length 100

3 1 Inbound-interface GigabitEthernet1/0/1

4 5 Local-precedence 7

qos cq

Use qos cq to apply a CQ list to an interface or PVC.

Use undo qos cq to restore the default.

Syntax

qos cq cql cql-index

undo qos cq

Default

An interface or PVC uses FIFO queuing.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

cql cql-index: Specifies a CQ list by its number in the range of 1 to 16.

Usage guidelines

If you execute this command multiple times on an interface or PVC, the most recent configuration takes effect.

Multiple match criteria can be configured for a CQ list. When a packet arrives, it is examined against match criteria in their configuration order.

· When a match is found, the packet is assigned to the corresponding queue, and the matching process ends.

· If no match is found, the packet is assigned to the default queue.

You must configure the rate limit for the CQ feature to take effect on the following interfaces:

· Tunnel interfaces.

· Subinterfaces.

· Layer 3 aggregate interfaces.

· HDLC link bundle interfaces.

· VT and dialer interfaces configured with PPPoE, PPPoA, PPPoEoA, PPPoFR, or MPoFR..

Examples

# Apply CQ list 5 to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos cq cql 5

qos cql default-queue

Use qos cql default-queue to specify a custom queue as the default queue for a CQ list.

Use undo qos cql default-queue to restore the default.

Syntax

qos cql cql-index default-queue queue-id

undo qos cql cql-index default-queue

Default

Queue 1 is the default queue.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

Usage guidelines

If a packet does not match any criteria in a CQ list, the packet is assigned to the default queue of the CQ list.

Examples

# Specify queue 2 as the default queue for CQ list 5.

<Sysname> system-view

[Sysname] qos cql 5 default-queue 2

qos cql inbound-interface

Use qos cql inbound-interface to configure an assignment rule for a CQ list to assign packets received on the specified interface to a custom queue.

Use undo qos cql inbound-interface to delete an assignment rule based on the specified input interface from a CQ list.

Syntax

qos cql cql-index inbound-interface interface-type interface-number queue queue-id

undo qos cql cql-index inbound-interface interface-type interface-number

Default

No assignment rule is configured for a CQ list.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

interface-type interface-number: Specifies an input interface by its type and number.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

Usage guidelines

You can configure this command multiple times for the same CQ list to establish multiple assignment rules based on input interfaces.

Examples

# In CQ list 5, assign packets received from GigabitEthernet 1/0/1 to custom queue 3.

<Sysname> system-view

[Sysname] qos cql 5 inbound-interface gigabitethernet 1/0/1 queue 3

qos cql local-precedence

Use qos cql local-precedence to configure an assignment rule for a CQ list to assign packets with any of the specified local precedence values to a custom queue.

Use undo qos cql local-precedence to delete an assignment rule based on the specified local precedence values from a CQ list.

Syntax

qos cql cql-index local-precedence local-precedence-list queue queue-id

undo qos cql cql-index local-precedence local-precedence-list

Default

No assignment rule is configured for a CQ list.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

local-precedence-list: Specifies a space-separated list of up to eight local precedence values. The value range is 0 to 7.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

Usage guidelines

You can configure this command multiple times for the same CQ list to establish multiple assignment rules based on local precedence values.

Examples

# In CQ list 5, assign packets with local precedence 4 to custom queue 3.

<Sysname> system-view

[Sysname] qos cql 5 local-precedence 4 queue 3

qos cql protocol

Use qos cql protocol to configure an assignment rule for a CQ list to assign packets of the specified protocol type to a custom queue.

Use undo qos cql protocol to delete an assignment rule based on the specified protocol type from a CQ list.

Syntax

qos cql cql-index protocol { ip | ipv6 } [ queue-key key-value ] queue queue-id

undo qos cql cql-index protocol { ip | ipv6 } [ queue-key key-value ]

Default

No assignment rule is configured for a CQ list.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

queue-key key-value: Matches specific IP or IPv6 packets. If you specify neither the queue-key argument nor the key-value argument, all IP or IPv6 packets are matched.

Table 40 Values of the queue-key argument and the key-value argument

queue-key	key-value	Description
acl	ACL number in the range of 2000 to 3999	Packets matching a specific ACL are enqueued.
fragments	N/A	Fragmented packets are enqueued.
greater-than	Length in the range of 0 to 65535	Packets greater than a specific size are enqueued.
less-than	Length in the range of 0 to 65535	Packets smaller than a specific size are enqueued.
tcp	Port number in the range of 0 to 65535 or port name	Packets with a specific source or destination TCP port number are enqueued.
udp	Port number in the range of 0 to 65535 or port name	Packets with a specific source or destination UDP port number are enqueued.

Usage guidelines

When classifying a packet, the system matches the packet against match criteria in their configuration order. When a match is found, the matching process ends.

You can configure this command multiple times for the same CQ list to establish multiple assignment rules based on protocol types.

Examples

# In CQ list 5, assign IP packets matching ACL 3100 to custom queue 3.

<Sysname> system-view

[Sysname] qos cql 5 protocol ip acl 3100 queue 3

qos cql protocol mpls exp

Use qos cql protocol mpls exp to configure an assignment rule for a CQ list to assign packets with any of the specified MPLS EXP values to a custom queue.

Use undo qos cql protocol mpls exp to delete an assignment rule based on the specified MPLS EXP values from a CQ list.

Syntax

qos cql cql-index protocol mpls exp exp-list queue queue-id

undo qos cql cql-index protocol mpls exp exp-list

Default

No assignment rule is configured for a CQ list.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

exp-list: Specifies a space-separated list of up to eight MPLS EXP values. The value range is 0 to 7.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

Usage guidelines

You can configure this command multiple times for the same CQ list to establish multiple assignment rules based on MPLS EXP values.

Examples

# In CQ list 5, assign packets with MPLS EXP value 2 or 4 to custom queue 3.

<Sysname> system-view

[Sysname] qos cql 5 protocol mpls exp 2 4 queue 3

qos cql queue

Use qos cql queue to specify the length of a custom queue in a CQ list.

Use undo qos cql queue to restore the default length for a custom queue in a CQ list.

Syntax

qos cql cql-index queue queue-id queue-length queue-length

undo qos cql cql-index queue queue-id queue-length

Default

The queue length is 20 for each queue.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

queue-length: Specifies the queue length in the range of 1 to 1024.

Usage guidelines

The custom queue length specifies the maximum number of packets that a custom queue can hold.

If a queue is full, all subsequent packets to this queue are dropped.

Examples

# In CQ list 5, set the length of custom queue 4 to 40.

<Sysname> system-view

[Sysname] qos cql 5 queue 4 queue-length 40

qos cql queue serving

Use qos cql queue serving to specify the number of bytes forwarded from a queue during a cycle.

Use undo qos cql queue serving to restore the default.

Syntax

qos cql cql-index queue queue-id serving byte-count

undo qos cql cql-index queue queue-id serving

Default

The number of bytes forwarded from a queue during a cycle is 1500 bytes.

Views

System view

Predefined user roles

network-admin

Parameters

cql-index: Specifies a CQ list by its number in the range of 1 to 16.

queue-id: Specifies a custom queue by its ID in the range of 1 to 16.

byte-count: Specifies the number of bytes forwarded from a queue during a cycle of queue scheduling. The value range for the byte-count argument is 1 to 16777215 bytes.

Examples

# In CQ list 5, set the byte count to 1400 for queue 2.

<Sysname> system-view

[Sysname] qos cql 5 queue 2 serving 1400

WFQ commands

display qos queue wfq

Use display qos queue wfq to display the WFQ information for interfaces, PVCs, or PWs.

Syntax

display qos queue wfq { interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] | l2vpn-pw [ peer ip-address pw-id pw-id ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WFQ information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the WFQ information for all PVCs on the ATM interface.

Examples

# Display the WFQ information for GigabitEthernet 1/0/1.

<Sysname> display qos queue wfq interface gigabitethernet 1/0/1

Interface: GigabitEthernet1/0/1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Weighted Fair queuing: Size/Length/Discards 0/64/0

Weight: IP Precedence

Queues: Active/Max active/Total 0/0/128

# Display the WFQ information for all PWs.

<Sysname> display qos queue wfq l2vpn-pw

L2VPN-PW: peer 1.1.1.1, pw-id 1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Weighted Fair queuing: Size/Length/Discards 0/64/0

Weight: IP Precedence

Queues: Active/Max active/Total 0/0/128

Table 41 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of dropped packets.
Weight	Weight type: · IP Precedence. · DSCP.
Active	Number of active WFQ queues.
Max active	Maximum number of active WFQ queues that was reached.
Total	Total number of configured WFQ queues.

qos wfq

Use qos wfq to apply WFQ to an interface, PVC, or PW. You can also use this command to modify WFQ parameters.

Use undo qos wfq to restore the default.

Syntax

qos wfq [ dscp | precedence ] [ queue-number total-queue-number | queue-length max-queue-length ] *

undo qos wfq

Default

An interface, PVC, or PW uses FIFO queuing.

Views

Cross-connect PW view

VSI LDP PW view

VSI static PW view

Interface view

PVC view

Predefined user roles

network-admin

Parameters

dscp: Specifies a DSCP weight.

precedence: Specifies an IP precedence weight.

queue-length max-queue-length: Specifies the maximum number of packets a queue can hold. The value range for the max-queue-length argument is 1 to 1024, and the default is 64.

queue-number total-queue-number: Specifies the total number of queues, which can be 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096. The default is 256.

Usage guidelines

If you do not specify a weight type, the default weight type is IP precedence.

You must configure the rate limit for the WFQ feature to take effect on the following interfaces:

· Tunnel interfaces.

· Subinterfaces.

· Layer 3 aggregate interfaces.

· HDLC link bundle interfaces.

· VT and dialer interfaces configured with PPPoE, PPPoA, PPPoEoA, PPPoFR, or MPoFR.

Examples

# Apply WFQ to GigabitEthernet 1/0/1, and set the maximum queue length to 100 and the total number of queues to 512.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos wfq queue-length 100 queue-number 512

Related commands

display qos queue wfq interface

RTPQ commands

display qos queue rtpq interface

Use display qos queue rtpq interface to display the RTPQ information for interfaces or PVCs.

Syntax

display qos queue rtpq interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the RTPQ information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the RTPQ information for all PVCs on the ATM interface.

Usage guidelines

If you specify a VT interface, this command displays the RTPQ information for all VA interfaces of the VT interface. A VT interface itself does not have QoS information.

Examples

# Display the RTPQ information for GigabitEthernet 1/0/1.

<Sysname> display qos queue rtpq interface

Interface: GigabitEthernet1/0/1

Output queue - RTP queuing: Size/Max/Outputs/Discards 0/0/0/0

Table 42 Command output

Field	Description
Size	Number of packets in the queue.
Max	Historical maximum number of packets in the queue.
Outputs	Number of sent packets.
Discards	Number of dropped packets.

qos rtpq

Use qos rtpq to enable RTPQ on an interface or PVC for RTP packets to specific UDP ports.

Use undo qos rtpq to restore the default.

Syntax

qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs committed-burst-size ]

undo qos rtpq

Default

RTPQ is disabled an interface or PVC.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

start-port first-rtp-port-number: Specifies the start UDP port number in the range of 2000 to 65535.

end-port last-rtp-port-number: Specifies the end UDP port number in the range of 2000 to 65535.

bandwidth bandwidth: Specifies the maximum bandwidth allowed for the RTP priority queue, in the range of 8 to 1000000 kbps.

cbs committed-burst-size: Specifies the CBS in the range of 1500 to 2000000 bytes.

Usage guidelines

You must configure the rate limit for the RTPQ feature to take effect on the following interfaces:

· Tunnel interfaces.

· Subinterfaces.

· Layer 3 aggregate interfaces.

· HDLC link bundle interfaces.

· VT and dialer interfaces configured with PPPoE, PPPoA, PPPoEoA, PPPoFR, or MPoFR.

This command provides preferential service for delay-sensitive applications, such as real-time voice traffic transmission.

Set the bandwidth argument to a value greater than the required bandwidth for real-time applications to allow bursts of traffic.

Examples

# Enable RTPQ on GigabitEthernet 1/0/1 for RTP packets with a destination UDP port number in the range of 16384 to 32767.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos rtpq start-port 16384 end-port 32767 bandwidth 64

CBQ commands

display qos queue cbq

Use display qos queue cbq to display the CBQ information for interfaces, PVCs, or PWs.

Syntax

display qos queue cbq { interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] | l2vpn-pw [ peer ip-address pw-id pw-id ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command the CBQ information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command the CBQ information for all PVCs on the ATM interface.

Examples

# Display the CBQ information for all interfaces.

<Sysname> display qos queue cbq interface

Interface: GigabitEthernet1/0/1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Class Based Queuing: Size/Discards 0/0

Queue Size: EF/AF/BE 0/0/0

BE Queues: Active/Max active/Total 0/0/256

AF Queues: Allocated 1

Bandwidth(kbps): Available/Max reserve 74992/75000

# Display the CBQ information for all PWs.

<Sysname> display qos queue cbq l2vpn-pw

L2VPN-PW: peer 1.1.1.1, pw-id 1

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - Class Based Queuing: Size/Discards 0/0

Queue Size: EF/AF/BE 0/0/0

BE Queues: Active/Max active/Total 0/0/256

AF Queues: Allocated 1

Bandwidth(kbps): Available/Max reserve 74992/75000

Table 43 Command output

Field	Description
Interface	Interface name, including the interface type and interface number.
L2VPN-PW	A PW is uniquely identified by a combination of the peer PE IP address and PW ID.
Size	Total number of bytes of packets in all queues.
Length	Number of packets allowed in each queue.
Discards	Number of dropped packets.
EF	EF queue.
AF	AF queue.
BE	BE queue.
Active	Number of active BE queues.
Max active	Maximum number of active BE queues allowed.
Total	Total number of BE queues.
Available	Available bandwidth for CBQ.
Max reserve	Maximum reserved bandwidth for CBQ.

qos reserved-bandwidth

Use qos reserved-bandwidth to set the maximum reserved bandwidth as a percentage of available bandwidth on the interface.

Use undo qos reserved-bandwidth to restore the default.

Syntax

qos reserved-bandwidth pct percent

undo qos reserved-bandwidth

Default

The maximum reserved bandwidth is 80% of available bandwidth on the interface.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

percent: Specifies the percentage of available bandwidth to be reserved. The value range for this argument is 1 to 100.

Usage guidelines

The maximum reserved bandwidth is set on a per-interface or per-PVC basis. It decides the maximum bandwidth assignable for the QoS queues on an interface or PVC. It is typically set no greater than 80% of available bandwidth, considering the bandwidth for control traffic and Layer 2 frame headers.

Use the default maximum reserved bandwidth setting in most situations. If you adjust the setting, make sure the Layer 2 frame header plus the data traffic is under the maximum available bandwidth of the interface.

The maximum available bandwidth of an interface can be set by using the bandwidth command. For more information about this command, see Interface Command Reference.

Examples

# Set the maximum reserved bandwidth to 70% of available bandwidth on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos reserved-bandwidth pct 70

queue af

Use queue af to enable assured-forwarding (AF) and set its minimum guaranteed bandwidth.

Use undo queue af to restore the default.

Syntax

queue af bandwidth { bandwidth | pct percentage | remaining-pct remaining-percentage }

undo queue af

Default

AF is not configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

bandwidth: Specifies the bandwidth in kbps in the range of 8 to 10000000.

pct percentage: Specifies the percentage of the available bandwidth, in the range of 1 to 100.

remaining-pct remaining-percentage: Specifies the percentage of the remaining bandwidth, in the range of 1 to 100.

Usage guidelines

To associate the traffic behavior configured with the queue af command with a class in a policy, you must follow these requirements:

· The total bandwidth assigned to AF and EF queues in a policy cannot exceed the maximum available bandwidth of the interface where the policy is applied.

· The total percentage of bandwidth assigned to AF and EF in a policy cannot exceed 100.

· The bandwidth assigned to AF and EF in a policy must use the same form, either as an absolute bandwidth value or as a percentage.

Examples

# Configure AF in traffic behavior database and assign the minimum guaranteed bandwidth 200 kbps to it.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue af bandwidth 200

Related commands

display qos queue cbq interface

traffic behavior

queue ef

Use queue ef to configure expedited forwarding (EF) and assign its maximum bandwidth.

Use undo queue ef to restore the default.

Syntax

queue ef bandwidth { bandwidth [ cbs burst ] | pct percentage [ cbs-ratio ratio ] }

undo queue ef

Default

EF is not configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

bandwidth: Specifies the bandwidth in kbps in the range of 8 to 10000000.

cbs burst: Sets the CBS in bytes in the range of 32 to 1000000000. The default is bandwidth × 25.

pct percentage: Specifies the percentage of the available bandwidth, in the range of 1 to 100.

cbs-ratio ratio: Sets the allowed burst ratio in the range of 25 to 500. This default is 25.

Usage guidelines

You cannot use this command in conjunction with the queue af or queue-length command in the same traffic behavior.

In a policy, the default class cannot be associated with the traffic behavior that has the queue ef command.

The total bandwidth assigned to AF and EF in a policy cannot exceed the maximum available bandwidth of the interface where the policy is applied.

The total percentage of the maximum available bandwidth assigned to AF and EF in a policy cannot exceed 100.

The bandwidths assigned to AF and EF in a policy must have the same type, bandwidth or percentage.

After the queue ef bandwidth pct percentage [ cbs-ratio ratio ] command is used, CBS equals (Interface available bandwidth × percentage × ratio)/100/1000.

After the queue ef bandwidth bandwidth [ cbs burst ] command is used, CBS equals burst. If the burst argument is not specified, CBS equals bandwidth × 25.

Examples

# Configure EF in traffic behavior database, with the maximum bandwidth as 200 kbps and CBS as 5000 bytes.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue ef bandwidth 200 cbs 5000

Related commands

display qos queue cbq interface

traffic behavior

queue sp

Use queue sp to configure SP.

Use undo queue sp to restore the default.

Syntax

queue sp

undo queue sp

Default

SP is not configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Usage guidelines

The traffic behavior configured with this command cannot be associated with the default class.

You cannot configure this command together with any of the following commands in one traffic behavior:

· queue af.

· queue-length.

· queue ef.

Examples

# Configure SP.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue sp

Related commands

display qos queue cbq interface

traffic behavior

queue wfq

Use queue wfq to configure WFQ for the default class.

Use undo queue wfq to restore the default.

Syntax

queue wfq [ queue-number total-queue-number ]

undo queue wfq

Default

WFQ is not configured for the default class.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

queue-number total-queue-number: Specifies the number of fair queues, which can be 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096. The default is 256.

Usage guidelines

The traffic behavior configured with this command can only be associated with the default class. This command can be used in conjunction with the queue-length or wred command in the same traffic behavior.

Examples

# Configure the default class to use WFQ with 16 queues.

<Sysname> system-view

[Sysname] traffic behavior test

[Sysname-behavior-test] queue wfq queue-number 16

[Sysname] qos policy user1

[Sysname-qospolicy-user1] classifier default-class behavior test

Related commands

display qos queue cbq interface

traffic behavior

queue-length

Use queue-length to set the maximum queue length and use tail drop.

Use undo queue-length to restore the default.

Syntax

queue-length queue-length

undo queue-length

Default

Tail drop is used, and the queue length is 64.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

queue-length: Specifies the maximum queue length in the range of 1 to 1024.

Usage guidelines

Before configuring this command, make sure the queue af command or the queue wfq command has been configured.

The undo queue af or undo queue wfq command deletes the queue length configured by using the queue-length command.

Examples

# Set the maximum queue length to 16 and specify tail drop for AF.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue af bandwidth 200

[Sysname-behavior-database] queue-length 16

Related commands

queue af

queue wfq

wred

Use wred to enable WRED.

Use undo wred to restore the default.

Syntax

wred [ dscp | ip-precedence ]

undo wred

Default

WRED is disabled.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

dscp: Uses the DSCP value for calculating the drop probability for a packet.

ip-precedence: Uses the IP precedence value for calculating the drop probability for a packet. This is the default.

Usage guidelines

You can configure this command only after you have configured the queue af or queue wfq command.

This command and the queue-length command are mutually exclusive in a traffic behavior. After you configure one command, the other command cannot take effect.

The undo wred command also deletes other WRED settings.

Examples

# Enable WRED in traffic behavior database and calculate the drop probabilities based on IP precedence values.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue wfq

[Sysname-behavior-database] wred

Related commands

queue af

queue wfq

wred dscp

Use wred dscp to set the lower limit, upper limit, and drop probability denominator for packets with a DSCP value.

Use undo wred dscp to delete the settings for a DSCP value.

Syntax

wred dscp dscp-value low-limit low-limit high-limit high-limit [ discard-probability discard-prob ]

undo wred dscp dscp-value

Default

The lower limit is 10, and the upper limit is 30.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 19.

low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024.

high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024.

discard-probability discard-prob: Specifies the denominator for drop probability calculation, in the range of 1 to 255. The default is 10.

Usage guidelines

Before configuring this command, make sure DSCP-based WRED is enabled by using the wred command.

The wred dscp command configuration is deleted when the undo wred command is executed.

Removing the queue af or queue wfq command configuration also removes the WRED-related parameters.

Examples

# Set the following parameters for packets with DSCP value 3: lower limit 20, upper limit 40, and drop probability denominator 15.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue wfq

[Sysname-behavior-database] wred dscp

[Sysname-behavior-database] wred dscp 3 low-limit 20 high-limit 40 discard-probability 15

Related commands

queue af

queue wfq

wred

wred ip-precedence

Use wred ip-precedence to set the lower limit, upper limit, and drop probability denominator for packets with an IP precedence value.

Use undo wred ip-precedence to delete the settings for an IP precedence value.

Syntax

wred ip-precedence precedence low-limit low-limit high-limit high-limit [ discard-probability discard-prob ]

undo wred ip-precedence precedence

Default

The lower limit is 10, and the upper limit is 30.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

precedence: Specifies an IP precedence value in the range of 0 to 7.

low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024.

high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024.

discard-probability discard-prob: Specifies the denominator for drop probability calculation, in the range of 1 to 255. The default is 10.

Usage guidelines

Before configuring this command, make sure IP precedence-based WRED is enabled by using the wred command.

The wred ip-precedence command configuration is deleted when the undo wred command is executed.

Removing the queue af or queue wfq command configuration also removes the WRED-related parameters.

Examples

# Configure the following parameters for packets with IP precedence value 3: lower limit 20, upper limit 40, and drop probability denominator 15.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue wfq

[Sysname-behavior-database] wred ip-precedence

[Sysname-behavior-database] wred ip-precedence 3 low-limit 20 high-limit 40 discard-probability 15

Related commands

queue af

queue wfq

wred

wred weighting-constant

Use wred weighting-constant to set the exponent for WRED to calculate the average queue size.

Use undo wred weighting-constant to restore the default.

Syntax

wred weighting-constant exponent

undo wred weighting-constant

Default

The exponent for WRED to calculate the average queue size is 9.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

exponent: Specifies the exponent in the range of 1 to 16.

Usage guidelines

Before configuring this command, make sure the queue af or queue wfq command is configured and WRED is enabled by using the wred command.

The wred weighting-constant command configuration is deleted when the undo wred command is executed.

Examples

# Set the WRED exponent to calculate the average queue size to 6.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] queue af bandwidth 200

[Sysname-behavior-database] wred ip-precedence

[Sysname-behavior-database] wred weighting-constant 6

Related commands

queue af

queue wfq

wred

Packet information pre-extraction commands

qos pre-classify

Use qos pre-classify to enable packet information pre-extraction on an interface.

Use undo qos pre-classify to disable packet information pre-extraction on an interface.

Syntax

qos pre-classify

undo qos pre-classify

Default

Packet information pre-extraction is disabled on an interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Examples

# Enable packet information pre-extraction on Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] qos pre-classify

QoS token commands

qos qmtoken

Use qos qmtoken to set the number of QoS tokens for an interface.

Use undo qos qmtoken to restore the default.

Syntax

qos qmtoken token-number

undo qos qmtoken

Default

The number of QoS tokens is not set for an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

token-number: Specifies the number of QoS tokens, in the range of 1 to 256.

Usage guidelines

This feature is a lower-layer flow control mechanism that controls the length of the lower-layer queue on an interface. The number of QoS tokens determines the length of the lower-layer queue on an interface. The shorter the lower-layer queue, the lower the dequeuing delay of packets. This feature is applicable in the following scenarios:

· When CBQ is used and the interface is congested, the delay in EF queues might fail to meet the requirements because of the buffering of lower-layer queues. This feature can reduce the delay for EF queues when the interface is congested.

· When FTP is used to transmit traffic, QoS queuing might fail to take effect because the upper-layer protocol TCP provides the flow control function. The QoS token feature can solve this problem.

Tune the number of QoS tokens according to the actual conditions to achieve optimal transmission efficiency.

As a best practice to improve the data transmission efficiency, do not configure this command if the upper-layer protocols (for example, UDP) do not support flow control.

When you use this command, follow these restrictions and guidelines:

· For this command to take effect on an interface, execute the shutdown and then undo shutdown commands on the interface after configuring this command.

· This command is available only on serial interfaces and Layer 3 Ethernet interfaces.

Examples

# Set the number of QoS tokens to 10 for Serial 2/2/1.

<Sysname> system-view

[Sysname] interface serial 2/2/1

[Sysname-Serial2/2/1] qos qmtoken 1

[Sysname-Serial2/2/1] shutdown

[Sysname-Serial2/2/1] undo shutdown

Congestion avoidance commands

Support for ATM interfaces depends on the device model. For more information, see the installation guide and the interface module manual.

display qos wred interface

Use display qos wred interface to display the WRED information for interfaces or PVCs.

Syntax

display qos wred interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WRED information for all interfaces.

pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, this command displays the WRED information for all PVCs on the ATM interface.

Examples

# Display the WRED information for GigabitEthernet 1/0/4.

<Sysname> display qos wred interface

Interface: GigabitEthernet1/0/4

Current WRED configuration:

Exponent: 9 (1/512)

Pre Low High Dis-prob Random-discard Tail-discard

------------------------------------------------------

0 10 30 10 0 0

1 10 30 10 0 0

2 10 30 10 0 0

3 10 30 10 0 0

4 10 30 10 0 0

5 10 30 10 0 0

6 10 30 10 0 0

7 10 30 10 0 0

Interface: GigabitEthernet1/0/3

Current WRED configuration:

Applied WRED table name: q1

Table 44 Command output

Field	Description
Interface	Interface type and interface number.
Pre	IP precedence of packets.
Low	Lower limit for a queue.
High	Upper limit for a queue.
Dis-prob	Drop probability denominator.
Random-discard	Number of packets dropped by WRED.
Tail-discard	Number of packets dropped by tail drop.

qos wred enable

Use qos wred enable to enable WRED on an interface or PVC.

Use undo qos wred enable to restore the default.

Syntax

qos wred [ dscp | ip-precedence ] enable

undo qos wred [ dscp | ip-precedence ] enable

Default

Tail drop is used.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

dscp: Uses the DSCP values for calculating the drop probability.

ip-precedence: Uses the IP precedence for calculating the drop probability. This keyword is used by default.

Usage guidelines

Before configuring the qos wred enable command on an interface, you must enable WFQ on the interface.

Examples

# Enable WRED on GigabitEthernet 1/0/1, and use the IP precedence for drop probability calculation.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos wfq queue-length 100 queue-number 512

[Sysname-GigabitEthernet1/0/1] qos wred ip-precedence enable

Related commands

display qos wred interface

qos wred dscp

Use qos wred dscp to set the lower limit, upper limit, and drop probability denominator for a DSCP value.

Use undo qos wred dscp to restore the default.

Syntax

qos wred dscp dscp-value low-limit low-limit high-limit high-limit discard-probability discard-prob

undo qos wred dscp dscp-value

Default

The lower limit is 10, the upper limit is 30, and the drop probability denominator is 10.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 19.

low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024.

high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024.

discard-probability discard-prob: Specifies the denominator for drop probability calculation, in the range of 1 to 255.

Usage guidelines

Before configuring this command, enable DSCP-based WRED on the interface or PVC with the qos wred dscp enable command. The upper and lower limits restrict the average queue length.

Examples

# Configure the following parameters for packets with DSCP value 63 on GigabitEthernet 1/0/1: lower limit 20, upper limit 40, and drop probability denominator 15.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos wfq queue-length 100 queue-number 512

[Sysname-GigabitEthernet1/0/1] qos wred dscp enable

[Sysname-GigabitEthernet1/0/1] qos wred dscp 63 low-limit 20 high-limit 40 discard-probability 15

Related commands

display qos wred interface

qos wred enable

qos wred ip-precedence

Use qos wred ip-precedence to set the lower limit, upper limit, and drop probability denominator for an IP precedence value.

Use undo qos wred ip-precedence to restore the default.

Syntax

qos wred ip-precedence ip-precedence low-limit low-limit high-limit high-limit discard-probability discard-prob

undo qos wred ip-precedence ip-precedence

Default

The lower limit is 10, the upper limit is 30, and the drop probability denominator is 10.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

ip-precedence precedence: Specifies an IP precedence value in the range of 0 to 7.

low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024.

high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024.

discard-probability discard-prob: Specifies the denominator for drop probability calculation, in the range of 1 to 255.

Usage guidelines

Before configuring this command, enable IP precedence-based WRED on the interface or PVC with the qos wred enable command.

The upper and lower limits restrict the average queue length.

Examples

# Configure the following parameters for packets with IP precedence value 3 on GigabitEthernet 1/0/1: lower limit 20, upper limit 40, and drop probability denominator 15.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos wfq queue-length 100 queue-number 512

[Sysname-GigabitEthernet1/0/1] qos wred ip-precedence enable

[Sysname-GigabitEthernet1/0/1] qos wred ip-precedence 3 low-limit 20 high-limit 40 discard-probability 15

Related commands

display qos wred interface

qos wred enable

qos wred weighting-constant

Use qos wred weighting-constant to set the exponent for WRED to calculate the average queue size.

Use undo qos wred weighting-constant to restore the default.

Syntax

qos wred weighting-constant exponent

undo qos wred weighting-constant

Default

The exponent for WRED to calculate the average queue size is 9.

Views

Interface view

PVC view

Predefined user roles

network-admin

Parameters

exponent: Specifies the exponent for average queue length calculation, in the range of 1 to 16.

Usage guidelines

Before configuring this command, enable WRED on the interface or PVC with the qos wred enable command.

Examples

# Set the exponent for the average queue size calculation to 6 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] qos wfq queue-length 100 queue-number 512

[Sysname-GigabitEthernet1/0/1] qos wred enable

[Sysname-GigabitEthernet1/0/1] qos wred weighting-constant 6

Related commands

display qos wred interface

qos wred enable

QPPB commands

bgp-policy

Use bgp-policy to enable QPPB, which transmits the apply ip-precedence and apply qos-local-id configuration through BGP routing policies.

Use undo bgp-policy to restore the default.

Syntax

bgp-policy { destination | source } { ip-prec-map | ip-qos-map } *

undo bgp-policy { destination | source } [ ip-prec-map | ip-qos-map ] *

Default

QPPB is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

destination: Searches the routing table by destination IP address.

source: Searches the routing table by source IP address. If the source keyword is specified, the source IP address is used as the destination address for inverse lookup.

ip-prec-map: Sets an IP precedence value for matching packets.

ip-qos-map: Sets a local QoS ID for matching packets.

Usage guidelines

The bgp-policy command applies only to the incoming traffic of an interface.

In an MPLS L3VPN, the bgp-policy command is executed after the QoS features are performed in the inbound direction of the PE's public network interface. In any other case, the bgp-policy command is executed before the QoS features.

If you configure either of the following bgp-policy command pairs, both commands in the pair take effect:

· bgp-policy destination ip-prec-map and bgp-policy source ip-qos-map.

· bgp-policy source ip-prec-map and bgp-policy destination ip-qos-map.

If you configure either of the following bgp-policy command pairs, the command with the destination keyword in the pair takes effect:

· bgp-policy destination ip-prec-map and bgp-policy source ip-prec-map.

· bgp-policy destination ip-qos-map and bgp-policy source ip-qos-map.

Examples

# Configure GigabitEthernet 1/0/1 to get the IP precedence and local QoS ID by looking up routes based on source IP address.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] bgp-policy source ip-prec-map ip-qos-map

Related commands

apply ip-precedence (Layer 3—IP Routing Command Reference)

apply qos-local-id (Layer 3—IP Routing Command Reference)

route-policy (Layer 3—IP Routing Command Reference)

MPLS QoS commands

if-match mpls-exp

Use if-match mpls-exp to define a criterion to match the EXP field in the first (topmost) MPLS label.

Use undo if-match mpls-exp to delete the match criterion.

Syntax

if-match [ not ] mpls-exp exp-value&<1-8>

undo if-match [ not ] mpls-exp exp-value&<1-8>

Default

No criterion is defined to match the EXP field in the first (topmost) MPLS label.

Views

Traffic class view

Predefined user roles

network-admin

Parameters

not: Matches packets not conforming to the specified criterion.

exp-value&<1-8>: Specifies a space-separated list of up to eight EXP values. The value range for the exp-value argument is 0 to 7. If the same EXP value is specified multiple times, the system considers them as one. If a packet matches one of the defined MPLS EXP values, it matches the if-match clause.

Examples

# Define a criterion to match packets with EXP value 3 or 4 in the topmost MPLS label.

<Sysname> system-view

[Sysname] traffic classifier database

[Sysname-classifier-database] if-match mpls-exp 3 4

remark mpls-exp

Use remark mpls-exp to configure an EXP value marking action in a traffic behavior.

Use undo remark mpls-exp to delete the action.

Syntax

remark mpls-exp exp-value

undo remark mpls-exp

Default

No EXP value marking action is configured in a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

exp-value: Specifies an EXP value in the range of 0 to 7.

Examples

# Set the EXP value to 0 for MPLS packets.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] remark mpls-exp 0

FR QoS commands

The following matrix shows the feature and hardware compatibility:

Hardware	FR QoS compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	No
MSR810-LMS/810-LUS	Yes
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	FR QoS compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

cbs

Use cbs to set the CBS for an FR class.

Use undo cbs to delete the CBS setting of an FR class.

Syntax

cbs [ inbound | outbound ] committed-burst-size

undo cbs [ inbound | outbound ]

Default

The CBS for an FR class is 56000 bits.

Views

FR class view

Predefined user roles

network-admin

Parameters

inbound: Sets the CBS for incoming packets. The inbound CBS does not take effect for FR traffic shaping (FRTS).

outbound: Sets the CBS for outgoing packets. The outbound CBS does not take effect for FR traffic policing (FRTP).

committed-burst-size: Sets the CBS in the range of 300 to 16000000 bits. The default is 56000 bits.

Usage guidelines

If you do not specify the inbound or outbound keyword, the set CBS takes effect on both incoming and outgoing packets.

Examples

# Set the CBS to 64000 bits for both incoming and outgoing packets of the FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] cbs 64000

Related commands

cir

cir allow

ebs

cir

Use cir to set the CIR for an FR class.

Use undo cir to restore the default.

Syntax

cir committed-information-rate

undo cir

Default

The CIR for an FR class is 56000 bps.

Views

FR class view

Predefined user roles

network-admin

Parameters

committed-information-rate: Sets the CIR in the range of 1000 to 45000000 bps.

Usage guidelines

The set CIR takes effect on both incoming and outgoing traffic and must be equal to or smaller than the outbound CIR ALLOW.

Examples

# Set the CIR to 32000 bps for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] cir 32000

Related commands

cbs

cir allow

ebs

cir allow

Use cir allow to set the CIR ALLOW for an FR class.

Use undo cir allow to delete the CIR ALLOW setting of an FR class.

Syntax

cir allow [ inbound | outbound ] committed-information-rate

undo cir allow [ inbound | outbound ]

Default

The CIR ALLOW is 56000 bps.

Views

FR class view

Predefined user roles

network-admin

Parameters

inbound: Sets the CIR ALLOW for incoming packets. The inbound CBS ALLOW does not take effect for FRTS.

outbound: Sets the CIR ALLOW for outgoing packets. The outbound CBS ALLOW does not take effect for FRTP.

committed-information-rate: Sets the CIR ALLOW in bps in the range of 1000 to 45000000.

Usage guidelines

The outbound CIR ALLOW must be greater than or equal to the CIR.

If you do not specify the inbound or outbound keyword, the set CIR ALLOW takes effect on both incoming and outgoing packets.

Examples

# Set the CIR ALLOW to 64000 bps for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] cir allow 64000

display fr class-map

Use display fr class-map to display the associations between FR classes and interfaces (including subinterfaces and PVCs).

Syntax

display fr class-map [ fr-class class-name | interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

fr-class class-name: Specifies an FR class by its name, a case-sensitive string of 1 to 30 characters.

interface interface-type interface-number: Specifies an interface (main interface or subinterface) by its type and number. If you specify a main interface, the command displays the associations between the following elements:

· The FR class and the main interface.

· The FR classes and the subinterfaces on the main interface.

· The FR classes and the PVCs on the main interface.

· The FR classes and the PVCs on each subinterface.

If you specify a subinterface, the command displays the associations between the following elements:

· The FR class and the subinterface.

· The FR classes and the PVCs on the subinterface.

Usage guidelines

If you do not specify an FR class or an interface, the command displays all associations between FR classes and interfaces.

Examples

# Display the associations between Serial 2/1/1 and FR classes.

<Sysname> display fr class-map interface serial 2/1/1

Serial2/1/1

fr-class ts1

fr dlci 100

fr-class ts

Serial2/1/1.1

fr-class ts2

fr dlci 222

fr-class ts

# Display the associations between the FR class ts and interfaces.

<Sysname> display fr class-map fr-class ts

Serial2/1/1

fr dlci 100

fr-class ts

Serial2/1/1.1

fr dlci 222

fr-class ts

Table 45 Command output

Field	Description
Serial2/1/1 fr-class ts1	FR interface and the FR class associated with the FR interface.
fr dlci 100 fr-class ts	PVC on the FR interface and the FR class associated with the PVC.
Serial2/1/1.1 fr-class ts2	FR subinterface and the FR class associated with the FR subinterface.
fr dlci 222 fr-class ts	PVC on the FR subinterface and the FR class associated with the PVC.

ebs

Use ebs to set the EBS for an FR class.

Use undo ebs to delete the EBS setting of an FR class.

Syntax

ebs [ inbound | outbound ] excess-burst-size

undo ebs [ inbound | outbound ]

Default

The EBS for an FR class is 0 bits.

Views

FR class view

Predefined user roles

network-admin

Parameters

inbound: Sets the EBS for incoming packets. The inbound EBS does not take effect for FRTS.

outbound: Sets the EBS for outgoing packets. The outbound EBS does not take effect for FRTP.

excess-burst-size: Sets the EBS in the range of 0 to 16000000 bits.

Usage guidelines

If you do not specify the inbound or outbound keyword, the set EBS takes effect on both incoming and outgoing packets.

Examples

# Set the EBS to 32000 bits for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] ebs 32000

Related commands

cbs

cir

cir allow

fifo queue-length

Use fifo queue-length to set the FIFO queue length for an FR class.

Use undo fifo queue-length to restore the default.

Syntax

fifo queue-length queue-length

undo fifo queue-length

Default

The FIFO queue length for an FR class is 75 packets.

Views

FR class view

Predefined user roles

network-admin

Parameters

queue-length: Sets the FIFO queue length in the range of 1 to 1024 packets.

Examples

# Set the FIFO queue length to 80 packets for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] fifo queue-length 80

fragment enable

Use fragment enable to enable end-to-end FRF.12 fragmentation for an FR class.

Use undo fragment enable to disable end-to-end FRF.12 fragmentation for an FR class.

Syntax

fragment enable

undo fragment enable

Default

End-to-end FRF.12 fragmentation is disabled for an FR class.

Views

FR class view

Predefined user roles

network-admin

Usage guidelines

This command enables end-to-end FRF.12 fragmentation on all PVCs associated with an FR class or PVCs of all interfaces associated with an FR class.

Examples

# Enable Frame Relay FRF.12 fragmentation for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] fragment enable

fragment size

Use fragment size to set the fragment size allowed for an FR class.

Use undo fragment size to restore the default.

Syntax

fragment size size

undo fragment size

Default

The fragment size allowed for an FR class is 45 bytes.

Views

FR class view

Predefined user roles

network-admin

Parameters

size: Specifies the fragment size in the range 16 to 1600 bytes.

Examples

# Set the fragment size to 128 bytes for FR class test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] fragment size 128

fr class

Use fr class to create an FR class and enter its view, or enter the view of an existing FR class.

Use undo fr class to delete an FR class.

Syntax

fr class class-name

undo fr class class-name

Default

No FR classes exist.

Views

System view

Predefined user roles

network-admin

Parameters

class-name: Specifies the name of the FR class, a case-sensitive string of 1 to 30 characters.

Usage guidelines

For the FR class parameters to take effect, associate the FR class with an interface or PVC and enable FR QoS on the interface.

When an FR class is deleted, all associations between this FR class and interfaces are released.

Examples

# Create an FR class named test1.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1]

Related commands

fr-class

fr de del

Use fr de del to apply a DE rule list to an FR PVC.

Use undo fr de del to remove a DE rule list from an FR PVC.

Syntax

fr de del list-number dlci dlci-number

undo fr de del list-number dlci dlci-number

Default

No DE rule list is applied to an FR PVC.

Views

FR interface view

MFR interface view

Predefined user roles

network-admin

Parameters

list-number: Specifies a DE rule list by its number in the range of 1 to 10.

dlci-number: Specifies a FR PVC by its number in the range of 16 to 1007.

Usage guidelines

If you specify a PVC of a subinterface on the main interface, the DE rule list can be successfully applied to the specified PVC.

After a DE rule list is applied to an FR PVC, the DE bits of packets matching the DE rule list are set to 1.

Examples

# Apply DE rule list 3 to DLCI 100 of Serial 2/1/1.

<Sysname> system-view

[Sysname] interface Serial 2/1/1

[Sysname-Serial2/1/1] fr dlci 100

[Sysname-Serial2/1/1-fr-dlci-100] quit

[Sysname-Serial2/1/1] fr de del 3 dlci 100

[Sysname-Serial2/0] fr de del 3 dlci 100

Related commands

fr del inbound-interface

fr del protocol

fr del inbound-interface

Use fr del inbound-interface to create a DE rule list and add an interface-based DE rule.

Use undo fr del inbound-interface to delete an interface-based DE rule from a DE rule list.

Syntax

fr del list-number inbound-interface interface-type interface-number

undo fr del list-number inbound-interface interface-type interface-number

Default

No DE rule lists exist.

Views

System view

Predefined user roles

network-admin

Parameters

list-number: Specifies a DE rule list number in the range of 1 to 10.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This command sets the DE bits of packets that are received on the specified interface to 1.

You can add a maximum of 100 rules for a DE rule list.

When the last DE rule in a DE rule list is deleted, the DE rule list is also deleted.

Examples

# Add a rule to DE rule list 1. The rule sets the DE bits of incoming packets on Serial 2/1/1 to 1.

<Sysname> system-view

[Sysname] fr del 1 inbound-interface serial 2/1/1

Related commands

fr de del

fr del protocol

Use fr del protocol ip to create a DE rule list and add an IP protocol-based DE rule.

Use undo fr del protocol ip to delete an IP protocol-based DE rule from a DE rule list.

Syntax

Default

No DE rule lists exist.

Views

System view

Predefined user roles

network-admin

Parameters

list-number: Specifies a DE rule list number in the range of 1 to 10.

acl acl-number: Specifies the IP packets matching the ACL specified by its number in the range of 2000 to 3999.

fragments: Specifies all fragmented IP packets.

greater-than min-number: Specifies the IP packets that are greater than the specified number of bytes. The value range for the min-number argument is 0 to 65535.

less-than max-number: Specifies the IP packets that smaller than the specified number of bytes. The value range for the max-number argument is 0 to 65535.

tcp-port tcpport-number: Specifies the IP packets with the specified source or destination TCP port number. The value range for the tcpport-number argument is 0 to 65535. The tcpport-number argument can be either an upper-layer application name or the associated port number.

Table 46 Application names and TCP port numbers

Application name	TCP port number
bgp	179
chargen	19
cmd	514
daytime	13
discard	9
domain	53
echo	7
exec	512
finger	79
ftp	21
ftp-data	20
gopher	70
hostname	101
ident	113
irc	194
klogin	543
kshell	544
login	513
lpd	515
nntp	119
pop2	109
pop3	110
smtp	25
sunrpc	111
tacacs	49
talk	517
telnet	23
time	37
uucp	540
whois	43
www	80

udp-port udpport-number: Specifies the IP packets with the specified source or destination UDP port number. The value range for the udpport-number argument is 0 to 65535. The udpport-number argument can be either an upper-layer application name or the associated port number.

Table 47 Application names and UDP port numbers

Application name	UDP port number
biff	512
bootpc	68
bootps	67
discard	9
dnsix	195
domain	53
echo	7
mobile-ip	434
nameserver	42
netbios-dgm	138
netbios-ns	137
ntp	123
rip	520
snmp	161
snmptrap	162
sunrpc	111
syslog	514
tacacs	49
talk	517
tftp	69
time	37
who	513
xdmcp	177

Usage guidelines

If you do not specify any parameters, this command applies to all IP packets.

To add more IP protocol-based DE rules to a DE rule list, repeat this command. A DE rule list can contain both interface-based DE rules and IP-protocol-based DE rules.

When the last DE rule in a DE rule list is deleted, the DE rule list is also deleted.

Examples

# Add a rule to DE rule list 1 that sets the DE bits of all IP packets to 1.

<Sysname> system-view

[Sysname] fr del 1 protocol ip

Related commands

fr de del

fr del inbound-interface

fr traffic-policing

Use fr traffic-policing to enable FRTP.

Use undo fr traffic-policing to disable FRTP.

Syntax

fr traffic-policing

undo fr traffic-policing

Default

FRTP is disabled.

Views

FR interface view

MFR interface view

Predefined user roles

network-admin

Usage guidelines

FRTP is applicable only to the ingress interfaces on the DCE of an FR network.

Examples

# Enable FRTP on Serial 2/1/1.

<Sysname> system-view

[Sysname] interface Serial 2/1/1

[Sysname-Serial2/1/1] fr traffic-policing

Related commands

fr class

fr traffic-shaping

Use fr traffic-shaping to enable FRTS.

Use undo fr traffic-shaping to disable FRTS.

Syntax

fr traffic-shaping

undo fr traffic-shaping

Default

FRTS is disabled.

Views

FR interface view

Predefined user roles

network-admin

Usage guidelines

FRTS is applied to the outgoing interfaces and is typically used on the DTEs of an FR network.

FRTS cannot be enabled on an FR interface when fragmentation is enabled on the interface.

Examples

# Enable FRTS on Serial 2/1/1.

<Sysname> system-view

[Sysname] interface serial 2/1/1

[Sysname-Serial2/1/1] fr traffic-shaping

fr-class

Use fr-class to associate an FR class with an FR interface or FR PVC.

Use undo fr-class to cancel the association.

Syntax

fr-class class-name

undo fr-class class-name

Default

An FR class is not associated with any FR interface or FR PVC.

Views

FR interface (main interface or subinterface) view

FR PVC view

Predefined user roles

network-admin

Parameters

class-name: Specifies an FR class by its name, a case-sensitive string of 1 to 30 characters. The FC class must already exist.

Usage guidelines

For an interface associated with an FR class, all PVCs on the interface inherit the FR QoS parameters in the FR class.

Examples

# Associate FR class test1 with an FR PVC with DLCI 200.

<Sysname> system-view

[Sysname] interface serial 2/1/1

[Sysname-Serial2/1/1] fr dlci 200

[Sysname-Serial2/1/1-fr-dlci-200] fr-class test1

Related commands

fr class

traffic-shaping adaptation

Use traffic-shaping adaptation to enable FRTS adaptation for an FR class.

Use undo traffic-shaping adaptation to disable FRTS adaptation for an FR class.

Syntax

traffic-shaping adaptation { becn | interface-congestion number }

undo traffic-shaping adaptation { becn | interface-congestion }

Default

FRTS adaptation is disabled for an FR class.

Views

FR class view

Predefined user roles

network-admin

Parameters

becn: Adjusts the traffic rate in response to BECNs.

interface-congestion number: Adjusts the traffic rate in response to the number of packets in the output queue on the interface. The value range for the number argument is 1 to 40.

Usage guidelines

For BECN-based adaptation, the router reduces the transmission rates of all FRTS-enabled PVCs associated with the FR class when it receives packets with the BECN bit set. When the router does not receive packets with the BECN bit set within 125 milliseconds, it increases the transmission rates of those PVCs.

For interface congestion-based adaptation, the router reduces the transmission rates of all FRTS-enabled PVCs associated with the FR class when the number of packets in the output queue reaches the threshold. When the number of packets drops below the threshold, the router increases the transmission rates of those PVCs.

Examples

# Enable FRTS adaptation to adjust the traffic rate in response to BECNs.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] traffic-shaping adaptation becn

Related commands

fr traffic-shaping

traffic-shaping adaptation percentage

Use traffic-shaping adaptation percentage to set the rate adjustment percentage for FRTS adaptation.

Use undo traffic-shaping adaptation percentage to restore the default.

Syntax

traffic-shaping adaptation percentage number

undo traffic-shaping adaptation percentage

Default

The rate adjustment percentage for FRTS adaptation is 25%.

Views

FR class view

Predefined user roles

network-admin

Parameters

number: Specifies the rate adjustment percentage, in the range of 1 to 30.

Usage guidelines

When rate adjustment is triggered, the router reduces or increases the traffic rate by the set percentage of the current rate. The adjusted rate must be between the CIR and the CIR ALLOW. For example, the current rate is 3000 bps, the rate adjustment percentage is 20%, and the CIR is 2500 bps. The rate is reduced to 2400 bps (3000 – 3000 x 20%). Because the adjusted rate cannot be lower than the CIR, the adjusted rate should be 2500 bps.

Examples

# Set the rate adjustment percentage to 20%.

<Sysname> system-view

[Sysname] fr class test1

[Sysname-fr-class-test1] traffic-shaping adaptation 20

Related commands

fr traffic-shaping

Time range commands

display time-range

Use display time-range to display time range configuration and status.

Syntax

display time-range { time-range-name | all }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters.

all: Displays the configuration and status of all existing time ranges.

Examples

# Display the configuration and status of time range t4.

<Sysname> display time-range t4

Current time is 17:12:34 11/23/2010 Tuesday

Time-range : t4 (Inactive)

10:00 to 12:00 Mon

14:00 to 16:00 Wed

from 00:00 1/1/2011 to 00:00 1/1/2012

from 00:00 6/1/2011 to 00:00 7/1/2011

Table 48 Command output

Field	Description
Current time	Current system time.
Time-range	Configuration and status of the time range, including its name, status (active or inactive), and start time and end time.

time-range

Use time-range to create or edit a time range.

Use undo time-range to delete a time range or a statement in the time range.

Syntax

time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 }

undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ]

Default

No time ranges exist.

Views

System view

Predefined user roles

network-admin

Parameters

time-range-name: Specifies a time range name. The name is a case-insensitive string of 1 to 32 characters. To avoid confusion, it cannot be all.

start-time to end-time: Specifies a periodic statement. Both start-time and end-time are in hh:mm format (24-hour clock). The value is in the range of 00:00 to 23:59 for the start time, and 00:00 to 24:00 for the end time. The end time must be greater than the start time.

days: Specifies the day or days of the week (in words or digits) on which the periodic statement is valid. If you specify multiple values, separate each value with a space, and make sure they do not overlap. These values can take one of the following forms:

· A digit in the range of 0 to 6, respectively for Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, and Saturday.

· A day of a week in abbreviated words: sun, mon, tue, wed, thu, fri, and sat.

· working-day for Monday through Friday.

· off-day for Saturday and Sunday.

· daily for the whole week.

from time1 date1: Specifies the start time and date of an absolute statement. The time1 argument specifies the time of the day in hh:mm format (24-hour clock). Its value is in the range of 00:00 to 23:59. The date1 argument specifies a date in MM/DD/YYYY or YYYY/MM/DD format, where MM is the month of the year in the range of 1 to 12, DD is the day of the month with the range varying by MM, and YYYY is the year in the calendar in the range of 1970 to 2100. If you do not specify this option, the start time is 01/01/1970 00:00 AM, the earliest time available in the system.

to time2 date2: Specifies the end time and date of the absolute time statement. The time2 argument has the same format as the time1 argument, but its value is in the range of 00:00 to 24:00. The date2 argument has the same format and value range as the date1 argument. The end time must be greater than the start time. If you do not specify this option, the end time is 12/31/2100 24:00 PM, the maximum time available in the system.

Usage guidelines

If an existing time range name is provided, this command adds a statement to the time range.

You can create multiple statements in a time range. Each time statement can take one of the following forms:

· Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week.

· Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur.

· Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period. For example, to create a time range that is active from 08:00 to 12:00 on Monday between January 1, 2015, 00:00 and December 31, 2015, 23:59, use the time-range test 08:00 to 12:00 mon from 00:00 01/01/2015 to 23:59 12/31/2015 command.

You can create a maximum of 1024 time ranges, each with a maximum of 32 periodic statements and 12 absolute statements. The active period of a time range is calculated as follows:

1. Combining all periodic statements.

2. Combining all absolute statements.

3. Taking the intersection of the two statement sets as the active period of the time range.

Examples

# Create a periodic time range t1, setting it to be active between 8:00 to 18:00 during working days.

<Sysname> system-view

[Sysname] time-range t1 08:00 to 18:00 working-day

# Create an absolute time range t2, setting it to be active in the whole year of 2011.

<Sysname> system-view

[Sysname] time-range t2 from 00:00 1/1/2011 to 24:00 12/31/2011

# Create a compound time range t3, setting it to be active from 08:00 to 12:00 on Saturdays and Sundays of the year 2011.

<Sysname> system-view

[Sysname] time-range t3 08:00 to 12:00 off-day from 00:00 1/1/2011 to 24:00 12/31/2011

# Create a compound time range t4, setting it to be active from 10:00 to 12:00 on Mondays and from 14:00 to 16:00 on Wednesdays in January and June of the year 2011.

<Sysname> system-view

[Sysname] time-range t4 10:00 to 12:00 1 from 00:00 1/1/2011 to 24:00 1/31/2011

[Sysname] time-range t4 14:00 to 16:00 3 from 00:00 6/1/2011 to 24:00 6/30/2011

Related commands

display time-range

Index

A B C D E F G I P Q R S T W

accelerate,1

acl,2

acl copy,4

acl logging interval,5

acl trap interval,5

bgp-policy,155

car,51

car percent,52

cbs,159

cir,160

cir allow,160

classifier behavior,66

control-plane,67

control-plane management,68

description,6

display acl,7

display acl accelerate,8

display fr class-map,161

display packet-filter,9

display packet-filter statistics,12

display packet-filter statistics sum,15

display packet-filter verbose,16

display qos car interface,102

display qos carl,103

display qos cql,127

display qos gts interface,109

display qos lr,111

display qos map-table,97

display qos policy,69

display qos policy advpn,71

display qos policy control-plane,72

display qos policy control-plane management,74

display qos policy control-plane management pre-defined,75

display qos policy control-plane pre-defined,77

display qos policy interface,79

display qos policy l2vpn-pw,83

display qos policy user-profile,85

display qos pql,119

display qos queue cbq,137

display qos queue cq interface,126

display qos queue fifo,117

display qos queue interface,114

display qos queue l2vpn-pw,115

display qos queue pq interface,118

display qos queue rtpq interface,136

display qos queue wfq,133

display qos trust interface,100

display qos wred interface,150

display time-range,174

display traffic behavior,54

display traffic classifier,42

ebs,162

fifo queue-length,163

filter,56

fr class,165

fr de del,165

fr del inbound-interface,166

fr del protocol,167

fr traffic-policing,170

fr traffic-shaping,170

fragment enable,164

fragment size,164

fr-class,171

gts,57

gts percent,58

if-match,44

if-match mpls-exp,157

import,98

packet-filter (interface view),19

packet-filter (zone pair view),20

packet-filter default deny,21

qos apply policy (interface view, PVC view, control plane view, management interface control plane view, PW view),90

qos apply policy (user profile view),91

qos car (interface view),104

qos car any (user profile view),106

qos carl,107

qos cq,127

qos cql default-queue,128

qos cql inbound-interface,129

qos cql local-precedence,130

qos cql protocol,130

qos cql protocol mpls exp,131

qos cql queue,132

qos cql queue serving,133

qos fifo queue-length,118

qos flow-interval,95

qos gts,110

qos lr,113

qos map-table,98

qos policy,92

qos pq,120

qos pql default-queue,121

qos pql inbound-interface,122

qos pql local-precedence,122

qos pql protocol,123

qos pql protocol mpls exp,124

qos pql queue,125

qos pre-classify,147

qos priority,99

qos qmtoken,148

qos reserved-bandwidth,139

qos rtpq,136

qos trust,100

qos wfq,134

qos wred dscp,152

qos wred enable,151

qos wred ip-precedence,152

qos wred weighting-constant,153

queue af,140

queue ef,140

queue sp,141

queue wfq,142

queue-length,143

redirect,59

remark dot1p,60

remark dscp,60

remark ip-precedence,61

remark local-precedence,62

remark mpls-exp,157

remark qos-local-id,62

remark tunnel-dscp,63

reset acl counter,22

reset packet-filter statistics,22

reset qos policy advpn,93

reset qos policy control-plane,94

reset qos policy control-plane management,94

reset qos statistics l2vpn-pw,116

rule (IPv4 advanced ACL view),24

rule (IPv4 basic ACL view),29

rule (IPv6 advanced ACL view),31

rule (IPv6 basic ACL view),36

rule (Layer 2 ACL view),38

rule comment,39

step,40

time-range,174

traffic behavior,64

traffic classifier,50

traffic-policy,65

traffic-shaping adaptation,171

traffic-shaping adaptation percentage,172

wred,144

wred dscp,144

wred ip-precedence,145

wred weighting-constant,146

11-ACL and QoS Command Reference

ACL commands

acl logging interval

packet-filter (interface view)

QoS policy commands

display traffic classifier

remark ip-precedence

remark qos-local-id

control-plane management

QoS policy-based traffic rate statistics collection period commands

import

qos car (interface view)

wred dscp

Packet information pre-extraction commands

Congestion avoidance commands

qos wred enable

QPPB commands