HP Moonshot-45XGc Command Reference Guide
Contents
1. Field Description Name Name of the aggregate CAR action Mode Type of the aggregate CAR action aggregative CIR CBS EBS PIR Parameters for the CAR action Action to take on green packets Green action e discard Drops the packets e pass Permits the packets to pass through Action to take on yellow packets Yellow action e discard Drops the packets e pass Permits the packets to pass through Action to take on red packets Red action e discard Drops the packets e pass Permits the packets to pass through Green packet Statistics about green packets Red packet Statistics about red packets qos car Use qos car to configure an aggregate CAR action Use undo qos car to remove an aggregate CAR action 104 Syntax Default Views dos car carname aggregative cir committed information rate cbs committed burstsize ebs excess burst size green action red action yellow action qos car carname aggregative cir committed information rate cbs committed burstsize pir peak information rate ebs excess burst size green action red action yellow action undo qos car carname No aggregate CAR action is configured System view Predefined user roles network admin Parameters carname Specifies the name of the aggregate CAR action This argument must start with a letter and is a case sensitive string of 1 to 31 characters aggregative Specifies the ag2. Configure queue O to use up to 5 shared area space of cell resources in the egress buffer of IRF member device 2 lt Sysname gt system view Sysname buffer egress slot 2 cell queue 0 shared ratio 5 buffer total shared Syntax Default Views Use buffer total shared to set the total shared area ratio Use undo buffer total shared to restore the default buffer egress slot slot number cell total shared ratio ratio value undo buffer egress slot slotnumber cell total shared The total shared area ratio is 84 of the buffer System view Predefined user roles network admin Parameters egress Specifies the egress buffer slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command applies to all IRF member devices cell Specifies cell resources ratio ratio value Specifies the ratio of the shared area in percentage 112 Usage guidelines After you configure the total shared area ratio the remaining buffer space is automatically assigned to the fixed area Examples Configure the shared area to use 65 space of cell resources in the egress buffer of IRF member device 2 lt Sysname gt system view Sysname buffer egress slot 2 cell total shared ratio 65 burstmode enable Use burst mode enable to enable the Burst function Use undo burst mode enable to disable the Burst function Syntax burst mode en
3. Enable weight based WFQ on FortyGigE 1 1 1 and assign queue O to the SP group lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wfq weight Sysname FortyGigE1 1 1 qos wfq 0 group sp Related commands e display qos queue wfq interface e qos bandwidth queue e qos wfq Queue scheduling profile commands bandwidth Use bandwidth to configure the minimum guaranteed bandwidth for a WFQ queue Use undo bandwidth to restore the default Syntax bandwidth queue queve id min bandwidth value undo bandwidth queue queue id Default The minimum guaranteed bandwidth of a WFQ queue is 64 kbps 89 Views Queue scheduling profile view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value can be an integer in the range of O to 7 or a keyword listed in Table 33 min bandwidth value Specifies the minimum guaranteed bandwidth in the range of 8 to 100000000 kbps Usage guidelines You must configure a queue as a WFQ queue before you can configure the minimum guaranteed bandwidth for the queue The minimum guaranteed bandwidth is the minimum bandwidth guaranteed for a WFQ queue when the interface is congested Examples Configure the minimum guaranteed bandwidth as 100 kbps for queue O in the queue scheduling profile myprofile lt Sysname gt system view Sysname qos amprofile myprofile Sysname qmprofile myprofile queue 0 wfq group
4. Configure a CAR action in traffic behavior database as follows e Setthe CIR to 200 kbps CBS to 51200 bytes and EBS to O e Transmit the conforming packets and mark the excess packets with DSCP value O and transmit them lt Sysname gt system view Sysname traffic behavior database 45 Sysname behavior database car cir 200 cbs 51200 ebs 0 green pass red remark dscp pass 0 display traffic behavior Use display traffic behavior to display traffic behaviors Syntax display traffic behavior user defined behaviorname slot slot number Views Any view Predefined user roles network admin network operator Parameters user defined Displays user defined traffic behaviors behavior name Specifies a traffic behavior by its name a case sensitive string of 1 to 31 characters If you do not specify a traffic behavior this command displays all traffic behaviors slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays traffic behaviors on all IRF member devices Examples Display all user defined traffic behaviors lt Sysname gt display traffic behavior user defined User defined behavior information Behavior 1 ID 100 Marking Remark dscp 3 Committed Access Rate CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Behavior 2 ID 101 Accounting enable Pa
5. Configured and reserved resources as a percentage of total resources If the Usage percentage is not an integer this field displays the integer part For example if the actual usage is 50 8 this field displays 50 packet filter Syntax Default Views Use packet filter to apply an ACL to an interface to filter packets Use undo packet filter to remove an ACL application from an interface packet filter ipv acl number name acl name inbound outbound hardware count undo packet filter ipv acl number name acl name inbound outbound An interface does not filter packets Layer 2 Layer 3 Ethernet interface view VLAN interface view S channel interface S channel aggregate interface view VSI interface VSI aggregate interface view Predefined user roles network admin Parameters ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter inbound Filters incoming packets outbound Filters outgoing packets
6. Create a queue scheduling profile named myprofile Configure queue 1 to meet the following requirements e The WRR queuing is used e The WRR group is group 1 e The number of packets sent each time is 10 lt Sysname gt system view Sysname qos amprofile myprofile Sysname qmprofile myprofile queue 1 wrr group 1 weight 10 Related commands e display qos qmprofile interface e qos qmprofile 94 Queue based accounting commands display qos gueue statistics interface outbound Use display qos queue statistics interface outbound to display gueue based outgoing traffic statistics for interfaces Syntax display qos queue statistics interface interface type interface number outbound Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the outgoing traffic statistics for all interfaces Examples Display queue based outgoing traffic statistics for FortyGigE 1 1 1 lt Sysname gt display qos queue statistics interface FortyGigE 1 1 1 outbound Interface FortyGigE 1 1 1 Direction outbound Forwarded 1087 packets 98466 bytes Dropped 0 packets 0 bytes Queue 0 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Queue 1 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current
7. Table name 1 Table type Queue based WRED QID gmin gmax gprob ymin ymax yprob rmin rmax rprob exponent ECN 0 100 1000 0 100 1000 0 100 1000 10 9 N 1 100 1000 0 100 1000 0 100 1000 10 2 N 2 LOO 1000 10 100 1000 10 100 1000 10 9 N 3 100 1000 0 100 1000 0 100 1000 10 9 N 4 100 1000 0 100 1000 0 100 1000 10 9 N 5 100 1000 0 100 1000 0 100 1000 10 9 N 6 100 1000 10 100 1000 10 100 1000 10 9 7 100 1000 10 100 1000 10 100 1000 10 9 Table 39 Command output Field Description QID Queue ID gmin Lower limit for green packets gmax Upper limit for green packets gprob Drop probability for green packets ymin Lower limit for yellow packets ymax Upper limit for yellow packets yprob Drop probability for yellow packets rmin Lower limit for red packets rmax Upper limit for red packets rprob Drop probability for red packets exponent Exponent for average queue length calculation Indicates whether ECN is enabled for the queue ECN e Y Enabled e N Disabled gos wred apply Syntax Default Views Use qos wred apply to apply a WRED table to an interface Use undo qos wred apply to restore the default qos wred apply table name undo qos wred apply No WRED table is applied to an interface and the tail drop mode is used on an interface Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters ta
8. slot slo number Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies an interface by its type and number inbound Specifies the inbound direction outbound Specifies the outbound direction ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter slot slot number Specifies an IRF member device The slotnumber argument represents the ID of the IRF member device If you do not specify an IRF member device this command displays ACL application details for packet filtering on the master Usage guidelines When none of acl number and name acl name is specified this command displays application details of all ACLs for packet filtering e If the ipv6 keyword is not specified all ACLs refer to all IPv4 basic IPv4 advanced and Ethernet frame header ACLs e Ifthe ipv6 keyword is specified all ACLs refer to all IPv basic and IPv advanced ACLs Examples Display application
9. ACL is ignored and the actions in the associated traffic behavior are performed 39 If a class that uses the AND operator has multiple if match acl if match acl ipv if match customer vlan id or if match service vlan id clauses a packet that matches any of the clauses matches the class To successfully execute the traffic behavior associated with a traffic class that uses the AND operator define only one if match clause for any of the following match criteria and enter only one value for any of the following list arguments for example the 8021 p list argument e customer dotlp 802 p list e destination mac macaddress e dscp dscp list e ip precedence p precedence list e service dotlp 8021 p list source mac mac address e control plane protocol protocol name To create multiple if match clauses for these match criteria or specify multiple values for the list arguments specify the operator of the class as OR and use the if match command multiple times If a match criterion includes the if match control plane protocol or if match control plane protocol group clause the QoS policy that references this match criterion can be applied only to the control plane Defining an ACL based match criterion e If the ACL referenced in the if match command does not exist the relevant QoS policy cannot be applied normally e You can configure multiple ACLs for a class e For a traffic class you can reference an ACL t
10. No packet filtering logs are generated Views System view Predefined user roles network admin Parameters interval Specifies the interval in minutes at which packet filtering logs are generated and output It must be a multiple of 5 and in the range of O to 1440 To disable generating packet filtering logs assign O to the argument Usage guidelines The system collects packet filtering logs only for IPv4 basic IPv4 advanced IPv basic and IPv advanced ACL rules that have the logging keyword e When the ipv6 keyword is not specified this command sets the interval for generating and outputting IPv4 packet filtering logs e When the ipv6 keyword is specified this command sets the interval for generating and outputting IPv packet filtering logs Examples Enable the device to generate and output IPv4 packet filtering logs at 10 minute intervals lt Sysname gt system view Sysname acl logging interval 10 Related commands e rule IPv4 advanced ACL view e rule IPv4 basic ACL view e rule IPv advanced ACL view e rule IPv basic ACL view acl name Use acl name to enter the view of an ACL that has a name Syntax acl ipv name acl name Views System view Predefined user roles network admin Parameters acl name Specifies the name of an ACL a case insensitive string of 1 to 63 characters It must start with an English letter The ACL must already exist For a basic ACL or advanced ACL if you do no
11. drop level drop level low limit low limit high limit high limit discard probability discard prob undo queue queve id all After a WRED table is created the low limit argument is 100 the high limit argument is 1000 and the discard prob argument is 10 WRED table view Predefined user roles network admin Parameters queue id Specifies a queue by its ID in the range of O to 7 drop level drop level Specifies a drop level This argument is a consideration for dropping packets The value O corresponds to green packets the value 1 corresponds to yellow packets and the value 2 corresponds to red packets If you do not specify a drop level the subsequent configuration takes effect on the packets in the queue regardless of the drop level low limit low limit Specifies the lower limit for the average queue length in the range of O to 38000 high limit high limit Specifies the upper limit for the average queue length The high limit argument is in the range of O to 38000 and must be greater than the low limit argument discard probability discard prob Specifies the numerator for drop probability calculation in percentage in the range of O to 100 Usage guidelines When the average queue size is smaller than the lower limit no packet is dropped When the average queue size is between the lower limit and the upper limit packets are dropped based on the user configured drop probability When the average queue size exce
12. network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the SP queuing configuration of all the interfaces Examples Display the SP queuing configuration of FortyGigE 1 1 1 lt Sysname gt display qos queue sp interface FortyGigE 1 1 1 Interface FortyGigE1 1 1 Output queue Strict Priority queuing Table 31 Command output Field Description Interface Interface type and interface number Output queue Type of the current output queue qos sp Use qos sp to configure SP queuing on an interface Use undo dos sp to restore the default Syntax qos sp undo qos sp 80 Default An interface uses the WRR queuing algorithm Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Examples Enable SP queuing on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos sp Related commands display qos queue sp interface WRR commands display qos queue wrr interface Use display qos queue wrr interface to display the WRR queuing configuration on an interface Syntax display qos queue wrr interface inferface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and
13. EE N EA OR ED 101 Aggregate CAR commands reer seer ee RR eee ER RR Ge EER Rea RE RR eones 103 EE RE N EE EE EE EE EE EE an 103 display qos car name nenes 103 OS Eee 104 reset GOS Car Name ene 106 Time range commands enero 107 display time range BE TEEL AO AA E EA E EE EG 107 time range ESRA ER AE EP 1 07 Data buffer commands EE EE Ee RE EE EE EE Re EER EE EE EER EE Ee EE EE EE EE ER EER e ee ee Ee EE EE Ee EER e Ee ee Ee EE Ee Re Re ee EE EE EE Ee ee ee Ee EE EE Ee ee ee ee ee 109 buffer apply EE EE EE OE OE EE ON 109 buffer queue guaranteed EE EE E EE 110 buffer queue shared eeeeeeeeerseerserseserssesseesserseeseerseessernserseenserseenserseerserseerseesserseenserseerserseesseeseerseesserseesserseerseesserseese 111 buffer EET nano corn cn conan nn nano cnnnncnn nana nnnnn cnn cano nnnancnnnanennncnnnos 112 burst mode enable eeeeeeeeeerseerseesserseeerseesseesserseesserseesseesserseenserseesserseesseesserseerserseerseesserseessererssereseerseeseerseessersserseese 113 display Me 113 display buffer TEE TT 115 FEE oe OE EE OE AE ES 118 ACL commands acl Syntax Default Views Use acl to create an ACL and enter its view If the ACL has been created you directly enter its view Use undo acl to delete the specified or all ACLs acl ipv number acl number name acl name match order auto config undo acl ipv fall name acl name number acl number No ACL exists System view Predefined us
14. EET TT TT TT EG 50 remark drop precedence RE 0 51 remark dscp EE EE EE EE ER EE EE EE N 51 remark ip precedence EE EE EE 52 remark local precedence EE EE SERENE SEKERA 53 remark gos local id EE EE EE iii 54 remark service vlan id EE nono cnn nono nnn ronca nn ronca nn rnnn arc ronca nn rnnn cnn nnnnannnnnn arc nnnnnnnnanannanannss 54 traffic TE EE nan nn nr non R nr nan RR rn nan RR RR n nn RR RR nn NR RR nnn NR nn nan nn n nano enn nnnnnnnnnnn an rra nnnnnnnnnnnnnnnnnnnannnnss 55 QoS policy leletana lale CA 56 ETA ENE anno erro nan nn rn nan RR rr nan n RR nnnn NR rn nan nn nr nan nnn nana nnn nana nn nnnnnnnn nan nnnnnnnnannnnnnnnnnnnnnnss 56 control plane RE EE OE EE LE EE OE N EE EE OE AG 57 display qos policy ET EE EE EE RE ER EE 57 display qos policy control plane EI EE A DE EE 58 display qos policy control plane pre defined EE EE N EE EE EE OE OR 59 display qos policy global EE DEE EE EE N EE 61 display qos policy interface veerssetstreeteeseseessseseeecesseeecesesesessesecessesesessesecessesesesseseeessesesensesssessessaeaesssenseseeeeeseseneess 62 display qos vlan policy LR AE AE ER EE 63 qos apply policy interface view control plane view EE EE OE EE 65 qos apply policy user profile view BARE RA EE 66 qos apply policy global EE EE RR OE OE OE ON OE OE 67 qos policy TA EE ER RR E E RO RE EE EE HE 67 qos vlan policy EA AE RE N E ee oa a 68 reset qos policy control plane es ER AA E 69 reset qos policy global ER LE EL HERE OE AE EE O
15. Examples Clear statistics for the aggregate CAR action aggear l lt Sysname gt reset qos car name aggcar 1 106 Time range commands display time range Use display time range to display time range configuration and status Syntax display time range time range name all Views Any view Predefined user roles network admin network operator Parameters time range name Specifies a time range name a case insensitive string of 1 to 32 characters It must start with an English letter all Displays the configuration and status of all existing time ranges Examples Display the configuration and status of time range t4 lt Sysname gt display time range t4 Current time is 17 12 34 11 23 2010 Tuesday Time range t4 Inactive 10 00 to 12 00 Mon 14 00 to 16 00 Wed from 00 00 1 1 2011 to 00 00 1 1 2012 from 00 00 6 1 2011 to 00 00 7 1 2011 Table 41 Command output Field Description Current time Current system time Configuration and status of the time range including its name status active or Timerange inactive and start time and end time time range Use time range to create or edit a time range Use undo time range to delete a time range or a statement in the time range 107 Syntax Default Views time range Hime range name starHime to end time days from time date to time2 date2 from time date to time2 date2 to time2 date2 undo time range tim
16. Traffic behavior view Predefined user roles network admin Parameters carname Specifies the name of an aggregate CAR action This argument must start with a letter and is a case sensitive string of 1 to 31 characters Examples Reference the aggregate CAR action aggcar 1 in the traffic behavior bel lt Sysname gt system view Sysname traffic behavior bel Sysname behavior bel car name aggcar 1 Related commands e display qos car name e display traffic behavior user defined display gos car name Use display qos car name to display the configuration and statistics for an aggregate CAR action Syntax display qos car name carname Views Any view Predefined user roles network admin network operator 103 Parameters carname Specifies an aggregate CAR action by its name This argument must start with a letter and is a case sensitive string of 1 to 31 characters If you do not specify an aggregate CAR action this command displays the configuration and statistics for all aggregate CAR actions Examples Display the configuration and statistics for all aggregate CAR actions lt Sysname gt display qos car name Name a Mode aggregative CIR 12800 kbps CBS 800256 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Slot 1 Green packets 54641 Packets Red packets 856 Packets Slot 2 Green packets 12541 Packets Red packets 1235 Packets Table 40 Command output
17. Usage guidelines For information about S channel interfaces S channel aggregate interfaces VSI interfaces and VSI aggregate interfaces see EVB Configuration Guide Examples Apply QoS policy USER to the outgoing traffic of FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos apply policy USER1 outbound Apply QoS policy aaa to the incoming traffic of the control plane of IRF member device 1 lt Sysname gt system view Sysname control plane slot 1 Sysname cp slot1 qos apply policy aaa inbound Apply QoS policy USER to the outgoing traffic of interface S Channel 1 1 1 1 lt Sysname gt system view Sysname interface S Channel 1 1 1 1 Sysname S Channel1 1 1 1 qos apply policy USER1 outbound Apply QoS policy USER to the incoming traffic of interface Schannel Aggregation 1 1 lt Sysname gt system view Sysname interface Schannel Aggregation 1 1 Sysname Schannel Aggregationl 1 qos apply policy USER1 inbound gos apply policy user profile view Use qos apply policy to apply a QoS policy to a user profile Use undo gos apply policy to remove an applied QoS policy Syntax qos apply policy policy name inbound outbound undo qos apply policy policy name inbound outbound Default No QoS policy is applied to a user profile Views User profile view Predefined user roles network admin Parameters inbound Applies the QoS policy to the incomi
18. criterion for traffic class class1 to match double tagged packets with VLAN ID 1 6 or 9 in inner VLAN tags lt Sysname gt system view Sysname traffic classifier classi Sysname classifier classl if match customer vlan id 1 6 9 Define a match criterion for traffic class dass1 to match the packets with VLAN ID 2 7 or 10 in outer VLAN tags lt Sysname gt system view Sysname traffic classifier classl Sysname classifier classl if match service vlan id 2 7 10 Define a match criterion for traffic class dlass1 to match the packets with a local QoS ID of 3 42 lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match qos local id 3 Define a match criterion for traffic class dlass1 to match ARP protocol packets lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match control plane protocol arp Define a match criterion for traffic class class1 to match packets of the protocols in protocol group normal lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match control plane protocol group normal traffic classifier Use traffic classifier to create a traffic class and enter traffic class view Use undo traffic classifier to delete a traffic class Syntax traffic classifier classifier name operator and or undo traffic classifier classifiername Default No traffic cl
19. default buffer egress slot slot number cell queue queue id shared ratio ratio value undo buffer egress slot slotnumber cell queue queve id shared The maximum shared area ratio for a queue is 33 System view Predefined user roles network admin Parameters egress Specifies the egress buffer slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command applies to all IRF member devices cell Specifies cell resources queue id Specifies a queue by its ID in the range of O to 7 ratio ratio value Specifies the maximum shared area ratio in percentage Usage guidelines By default all queues have an equal share of the shared area You can set the shared area ratio for a queue The unconfigured queues use the default setting The shared area ratio for each queue is finally determined by the chip based on your configuration and the number of packets to be sent For the maximum shared area ratio for a queue the percentage values O to 100 are divided into 10 ranges Table 42 shows the effective values that correspond to the configured values of ratio value 111 Table 42 Mapping between configured values of ratio valve and effective values Configured value of ratio value Effective value Otol 1 2 to 3 3 4 to 7 6 8 to 16 1 17 to 29 20 30 to 42 33 43 to 60 50 61 to 76 67 77 to 86 80 87 to 100 89 Examples
20. details of all ACLs IPv4 basic IPv4 advanced and Ethernet frame header ACLs for incoming packet filtering on FortyGigE 1 1 1 lt Sysname gt display packet filter verbose interface fortygige 1 1 1 inbound Interface FortyGigE1 1 1 In bound policy ACL 2001 Hardware count rule 0 permit rule 5 permit source 1 1 1 1 0 ACL6 2000 Hardware count rule 0 permit ACL 4000 Hardware count IPv4 default action Deny IPv6 default action Deny MAC default action Deny Table 5 Command output Field Description Interface Interface to which the ACL applies In bound policy ACL used for filtering incoming traffic Out bound policy ACL used for filtering outgoing traffic ACL 2001 IPv4 basic ACL 2001 has been successfully applied Hardware count Successfully enables counting ACL rule matches Packet filter default action for packets that do not match any IPv4 IPv4 default action ACLs This field is displayed only when the default action is deny Packet filter default action for packets that do not match any IPv IPv6 default action ACLs This field is displayed only when the default action is deny 12 Field Description Packet filter default action for packets that do not match any Ethernet frame header ACLs This field is displayed only when the default action is deny MAC default action display gos acl resource Use display qos acl resource to display QoS and ACL resource usage Syntax disp
21. gt system view Sysname traffic behavior database Sysname behavior database remark qos local id 2 remark service vlan id Use remark service vlan id to configure an SVLAN marking action in a traffic behavior Use undo remark service vlan id to delete the action Syntax remark service vlan id vlan id undo remark service vlan id Default No SVLAN marking action is configured 54 Views Traffic behavior view Predefined user roles network admin Parameters vlan id Specifies an SVLAN ID in the range of 1 to 4094 Examples Configure traffic behavior b1 to mark matching packets with SVLAN 222 lt Sysname gt system view Sysname traffic behavior bl Sysname behavior b1 remark service vlan id 222 traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view Use undo traffic behavior to delete a traffic behavior Syntax traffic behavior behavior name undo traffic behavior behaviorname Default No traffic behavior exists Views System view Predefined user roles network admin Parameters behavior name Sets a traffic behavior name a case sensitive string of 1 to 31 characters Examples Create a traffic behavior named behavior lt Sysname gt system view Sysname traffic behavior behaviorl Sysname behavior behaviorl Related commands display traffic behavior 55 QoS policy commands classifier behavior Use classifier behavior to associate a traffic behavi
22. hardware count Enables counting ACL rule matches performed in hardware This keyword enables match counting for all rules in an ACL and the counting keyword in the rule command enables match counting specific to rules If the hardware count keyword is not specified rule matches for the ACL are not counted Examples Apply IPv4 basic ACL 2001 to filter incoming traffic on FortyGigE 1 1 1 and enable counting ACL rule matches performed in hardware lt Sysname gt system view Sysname interface fortygige 1 1 1 Sysname FortyGigE1 1 1 packet filter 2001 inbound hardware count Related commands e display packet filter e display packet filter statistics e display packet filter verbose packetfilter default deny Use packet filter default deny to set the packet filtering default action to deny The packet filter denies packets that do not match any ACL rule Use undo packet filter default deny to restore the default Syntax packet filter default deny undo packet filter default deny Default The packet filter permits packets that do not match any ACL rule Views System view Predefined user roles network admin Usage guidelines The packet filter applies the default action to all ACL applications for packet filtering The default action appears in the display command output for packet filtering Examples Set the packet filter default action to deny lt Sysname gt system view Sysname packet filter default deny Rela
23. of the match pattern A match pattern mask is used for ANDing the selected string of a packet offset Specifies an offset in bytes after which the match operation begins amp lt 1 8 gt Specifies that up to eight match patterns can be defined in the ACL rule counting Counts the number of times the user defined ACL rule has been matched The counting keyword enables match counting specific to rules and the hardware count keyword in the packet filter command enables match counting for all rules in an ACL If the counting keyword is not specified matches for the rule are not counted time range time range name Specifies a time range for the rule The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule using the time range can take effect only after you configure the timer range For more information about time range see ACL and QoS Configuration Guide Usage guidelines Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed To view rules in an ACL and their rule IDs use the display acl all command Examples Create a rule for user defined ACL 5005 to permit packets in which the 13th and 14th bytes starting from the Layer 2
24. ono n none n conan nana conc anne cnn encon a nnncanonennonen none nnncnconc cnn cnnanacnncacns 5 display packet filter RT TE EE EE EED EE OE VEINE EIENEN EE ER 7 display packet filter statistics coceeeeeeeeeteteettettteeeeeeeeeeeessaeeeeeeeesseseneeseeeesseeesessaeeeseceesnsaeessseeecessesesesseeeeeesaseeseseeeeessseeeeas 8 display packetfilter statistics SUM EE 10 display packetfilter verbose EE ET DE EE EE EE EE EE 11 display gos acl NT crrrrrrrrrenn nano cnn RAR RARA RR RR RARA NR RR RRA NN RR RR NN NR RR R NN NR RR nnn NR nn ana nen nannn nana n are nnnnannnnnannnnannanss 13 packetfilter seis dese AE EE cede cede deus EE A ENEN 14 packetfilter default deny EE EL RA EE AE EE EE DE ER EE OE 15 reset acl counter crerrretetrettetseetteeeeeeecesseeesenseeesesseessesesssesessesnsesesessesssensesssensesesensesecensesessesesscessesasensesasensesssenseeasenes 16 reset packetfilter EE cnn nnnn arc nnnn arc nnnnnnnnnnn nn nr nana nn nana nn nn nn nro nan nn rra nnnn nana nnnnnnnnnnnnn ana nannannnans 17 rule Ethernet frame header ACL view nm nene ee RR Rae RR nenes 18 rule IPv4 advanced ACL view EG 19 rule IPV4 basic ACL view EE EG 24 rule IPv advanced TOR WEE EE ET EG 25 rule IPV6 basic ACL view EG 30 rule user defined ACL view ene ennrnnne enero 32 rule comment cnn nono n corran nn rr nan RR RON nn RR RON nn NR RIN nN NR RON N NR NO nnn NR Non n nn ron nnn ron nan rnnn nan ronca nana nnn non nnnronannnnannss 34 step EE EE ET EE EA EE see
25. outbound 95 display qos trust interface 74 display qos vlan policy 63 display qos wred interface 96 display qos wred table 97 display qos acl resource 13 display time range 107 display traffic behavior 46 display traffic classifier 36 F filter 47 l if match 37 import 72 N nest top most 48 P packet filter 14 packet filter default deny 15 Q qos apply policy interface view control plane view 65 qos apply policy user profile view 66 qos apply policy global 67 qos apply qmprofile 92 qos bandwidth queue 86 gos car 104 gos gts 76 gos Ir 78 qos map table 73 qos policy 67 qos priority 73 qos qmprofile 93 gos sp 80 gos trust 74 qos vlan policy 68 qos wia 87 qos wfq 1 byte count weight 87 qos wfq group sp 88 qos wred apply 98 qos wred table 99 gos wrr 82 qos wrr byte count weight 83 qos wrr group sp 84 queue 99 queue 93 queue ecn 101 queue weighting constant 101 redirect 48 remark customer vlan id 49 remark dot1p 50 remark drop precedence 51 remark dscp 51 remark ip precedence 52 119 remark local precedence 53 remark qos local id 54 remark service vlan id 54 reset acl counter 16 reset packet filter statistics 17 reset qos car name 106 reset qos policy control plane 69 reset qos policy global 69 reset qos vlan policy 70 rule Ethernet frame header ACL view 18 rule IPv4 advanced ACL view 19 rule IPv4 b
26. qmprofile to apply a queue scheduling profile to an interface Use undo gos apply qmprofile to remove an applied queue scheduling profile from an interface Syntax qos apply qmprofile profile name undo qos apply qmprofile Default No queue scheduling profile is applied to an interface Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters profile name Specifies a queue scheduling profile by its name a case sensitive string of 1 to 31 characters Usage guidelines You can apply only one queue scheduling profile to each interface Examples Apply the queue scheduling profile myprofile to FortyGigE 1 1 1 92 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos apply amprofile myprofile Related commands display gos qmprofile interface qos qmprofile Use qos qmprofile to create a queue scheduling profile and enter queue scheduling profile view Use undo gos qmprofile to delete a user defined queue scheduling profile Syntax qos qmprofile profile name undo gos qmprofile profile name Default No user defined queue scheduling profile exists Views System view Predefined user roles network admin Parameters profile name Specifies the name of the queue scheduling profile a case sensitive string of 1 to 31 characters Usage guidelines To delete a queue scheduling profile already applied to an interface first rem
27. rule However the rule using the time range timerange name rule can take effect only after you configure the timer range For more information about time range see ACL and QoS Configuration Guide The vpn instance name argument is a case sensitive vpn instance Applies the rule to a VPN string of 1 to 31 characters vpn instancename instance If you do not specify a VPN instance the rule applies only to non VPN packets If the protocol argument is tep 6 or udp 7 set the parameters shown in Table 8 Table 8 TCP UDP specific parameters for IPv4 advanced ACL rules Parameters Function Description The operator argument can be It lower than gt greater than eq equal to neq not equal to or range inclusive range The port and port2 arguments are TCP or UDP port numbers in the source port Specifies one or operator port more UDP or TCP ange of O to 65535 port2 is needed only when the operator port2 source ports argument is range TCP port numbers can be represented as chargen 19 bgp 179 cmd 514 daytime 13 discard 9 domain 53 echo 7 exec 512 finger 79 ftp 21 ftp data 20 gopher 70 hostname 101 ire 194 klogin 543 kshell 544 login 513 Ipd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpe 111 tacacs 49 talk 517 telnet 23 time 37 uucp 540 whois 43 and www 80 UDP port numbers can be represented as biff 512 bootpe 68 bootp
28. system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos gts queue 1 cir 6400 cbs 51200 Rate limit commands display qos Ir interface Syntax Views Use display qos Ir interface to display the rate limit configuration of interfaces display qos Ir interface interface type interface number Any view Predefined user roles network admin network operator 77 Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the rate limit configuration of all interfaces Examples gos Ir Syntax Default Views Display the rate limit configuration of all interfaces lt Sysname gt display qos lr interface Interface FortyGigE1 1 1 Direction Outbound CIR 12800 kbps CBS 800256 Bytes Interface FortyGigE1 1 2 Direction Outbound CIR 25600 kbps CBS 1600000 Bytes Table 30 Command output Field Description Interface Interface type and interface number Direction Direction to which the rate limit configuration is applied inbound or outbound CIR CIR in kbps which specifies the average traffic rate CBS CBS in bytes which specifies the amount of bursty traffic allowed at a time Use qos Ir to limit the rate of packets on an interface Use undo gos Ir to remove rate limit settings on an interface gos Ir inbound outbound cir committed information rate cbs c
29. to the interface Green packets Traffic statistics for green packets Red packets Traffic statistics for red packets For the description of other fields see Table 16 and Table 19 display gos vlan policy Use display qos vlan policy to display QoS policies applied to VLANs Syntax display qos vlan policy name policy name vlan vlan id slot slot number inbound outbound 63 Views Any view Predefined user roles network admin network operator Parameters name policy name Specifies a QoS policy by its name a case sensitive string of 1 to 31 characters vlan vian id Specifies a VLAN by its ID inbound Displays QoS policies applied to incoming traffic outbound Displays QoS policies applied to outgoing traffic slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays QoS policies applied to VLANs on the master device Usage guidelines If you do not specify a direction this command displays QoS policies applied to VLANs in both inbound and outbound directions Examples Display QoS policies applied to VLAN 2 lt Sysname gt display qos vlan policy vlan 2 Vlan 2 Direction Outbound Policy 1 Classifier 1 Operator AND Rule s If match acl 2000 Behavior 1 Marking Remark dscp 3 Committed Access Rate CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red a
30. traffic globally outbound Clears the statistics of the global QoS policy applied to outgoing traffic globally Usage guidelines If you do not specify a direction this command clears the statistics of the global QoS policies in both directions 69 Examples Clear the statistics of the global QoS policy applied to the incoming traffic globally lt Sysname gt reset qos policy global inbound reset qos vlan policy Use reset gos vlan policy to clear statistics for QoS policies applied to VLANs Syntax reset qos vlan policy vlan vian id inbound outbound Views User view Predefined user roles network admin Parameters vlan vian id Specifies a VLAN by its ID in the range of 1 to 4094 inbound Clears statistics for QoS policies applied to incoming traffic outbound Clears statistics for QoS policies applied to outgoing traffic Usage guidelines If you do not specify a direction this command clears statistics of QoS policies in both directions Examples Clear statistics for QoS policies applied to VLAN 2 lt Sysname gt reset qos vlan policy vlan 2 70 Priority mapping commands Priority map commands display gos map table Use display qos map table to display the configuration of a priority map Syntax display qos map table dot1p dp dotlp exp dotlp lp dscp dotlp dscp dp dscp dscp exp dotlp exp dp Views Any view Predefined user roles network admin network operator Paramete
31. 1 weight 1 Sysname qmprofile myprofile bandwidth queue 0 min 100 Related commands e display qos qmprofile interface e qos qmprofile e queue display qos qmprofile configuration Use display qos qmprofile configuration to display the configuration of queue scheduling profiles Syntax display qos qmprofile configuration profile name slot slotnumber Views Any view Predefined user roles network admin network operator Parameters profile name Specifies a queue scheduling profile by its name a case sensitive string of 1 to 31 characters If you do not specify a queue scheduling profile this command displays the configuration of all queue scheduling profiles 90 slot slot number Specifies an IRF member device The slotnumber argument represents the ID of the IRF member device If you do not specify an IRF member device this command displays the configuration of queue scheduling profiles on the master Examples Display the configuration of the queue scheduling profile myprofile lt Sysname gt display gos qmprofile configuration myprofile Queue management profile myprofile ID 1 Queue ID Type Group Schedule unit Schedule value Bandwidth be WFQ 1 weight T 64 afl SP N A N A A N A af2 WFO 1 weight 1 1000 af3 SP N A N A A N A af4 SP N A N A A N A ef SP N A N A A N A cs6 SP N A N A A N A cs7 SP N A N A A N A Table 35 Command output Field Description Queue management profile Queue schedulin
32. 2030 5060 64 destination fe80 5060 96 destination port eq 80 Create IPv advanced ACL rules to permit all IPv packets but the ICMPv packets destined for FE80 5060 1001 48 lt Sysname gt system view Sysname acl ipv number 3001 Sysname acl6 adv 3001 rule deny icmpv6 destination fe80 5060 1001 48 Sysname acl6 adv 3001 rule permit ipv6 Create IPv advanced ACL rules to permit inbound and outbound FTP packets lt Sysname gt system view Sysname acl ipv number 3002 Sysname acl6 adv 3002 rule permit tcp source port eq ftp Sysname acl6 adv 3002 rule permit tcp source port eq ftp data Sysname acl6 adv 3002 rule permit tcp destination port eq ftp Sysname acl6 adv 3002 rule permit tcp destination port eq ftp data Create IPv advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets lt Sysname gt system view Sysname acl ipv number 3003 Sysname acl6 adv 3003 rule permit udp source port eq snmp Sysname acl6 adv 3003 rule permit udp source port eq snmptrap Sysname acl6 adv 3003 rule permit udp destination port eq snmp Sysname acl6 adv 3003 rule permit udp destination port eq snmptrap Create IPv6 advanced ACL 3004 and configure two rules one permits packets with the Hop by Hop Options header type as 5 and the other one denies packets with other Hop by Hop Options header types lt Sysname gt system view Sysname acl ipv number 3004 Sysname acl6 adv 3004
33. 22 010100 20 af23 010110 22 af31 011010 26 af32 011100 28 af33 011110 30 af4 100010 34 af42 100100 36 af43 100110 38 cs 001000 8 cs2 010000 16 cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples Configure traffic behavior database to mark matching traffic with DSCP 6 lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark dscp 6 remark ip precedence Use remark ip precedence to configure an IP precedence marking action in a traffic behavior 52 Use undo remark ip precedence to delete the action Syntax remark ip precedence ip precedence valve undo remark ip precedence Default No IP precedence marking action is configured Views Traffic behavior view Predefined user roles network admin Parameters ip precedence value Specifies the IP precedence value to be marked for packets in the range of O to 7 Examples Set the IP precedence to 6 for packets lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark ip precedence 6 remark local precedence Use remark local precedence to configure a local precedence marking action in a traffic behavior Use undo remark local precedence to delete the action Syntax remark green red yellow local precedence local precedence value undo remark green red yellow local precedence Default No local precedence marking action is
34. 3 Ethernet interface view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value is an integer in the range of O to 7 or a keyword listed in Table 33 sp Assigns a queue to the SP group which uses the SP queue scheduling algorithm Usage guidelines You must use the qos wrr command to enable WRR queuing before you can configure this command on an interface 84 This command is available only on a WRR enabled interface Queues in the SP group are scheduled with SP The SP group has higher scheduling priority than the WRR group Queues in a WRR group are scheduled according to user configured weights and WRR groups are scheduled at a 1 1 ratio Examples Enable packet based WRR queuing on FortyGigE 1 1 1 and assign queue O to the SP group lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wrr weight Sysname FortyGigE1 1 1 qos wrr 0 group sp Related commands e display qos queue wrr interface e gos wrr WFQ commands display qos queue wiq interface Use display qos queue wfq interface to display the WFQ configuration on an interface Syntax display qos queue wfq interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the WFQ c
35. AND Rule s If match acl 2000 Behavior 1 Marking Remark dscp 3 Committed Access Rate CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Green packets 0 Packets O Bytes Red packets 0 Packets 0 Bytes Classifier 2 Operator AND Rule s If match protocol ipv6 Behavior 2 Accounting enable 0 Packets Filter enable Permit Table 21 Command output Field Description Direction Inbound direction on the control plane Green packets Statistics about green packets Red packets Statistics about red packets For the description of other fields see Table 16 and Table 19 display qos policy control plane pre defined Syntax Views Use display dos policy control plane pre defined to display the predefined QoS policy applied to a control plane display qos policy control plane pre defined slot slot number Any view Predefined user roles network admin network operator 59 Parameters slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays predefined QoS policies applied to control planes on all IRF member devices Examples Display the predefined QoS policy applied to the control plane of IRF member device 1 lt Sysname gt display qos policy control plane pre defined slot 1 Pre defined policy information slot 1 Protocol T
36. E ES 69 reset qos vlan policy dde ds 70 Priority mapping EE EER 71 Priority map Er EE non nnn nana nn rra nn nnn nano nn nnnnnn nr naar nn nn nana nn nan nen non nnrnnnnnnn nn nnnnnnnnnnnnnnannnnnnss 71 display qos map table TR EE AE 71 import ME EE RE EE EE RE ee EI a 72 qos maptable EE EE ER EE EE 73 Port priority ELE nono nan n nan nn ron n nn non n nn rosa nn nro nn nn rra naar rra nn nnn nana nn rnnnn nn rra nnnn nan nrnna nn nnnnnnannnnns 73 qos priority NN 73 Priority trust EERS EE non nro ro nn nnr nana nnn nan nn rosa nn rro are rnnnnnn ron nan nn nana nnnnnnnnnnnannnnns 74 display gos trust Interface rerrrrrrreeronnnnnnonnnnnnnnnnnnnnnnnnnnnnn ano nnnn nen nnnnnnnn nana nn nnnn nn nn nana nn non nnnnnnn nn rra nnnnnnn ana rnnnnnnnnnannnnnnnarannss 74 qos frust ieeeeereeeeerrerereerrrrererererrreeeressrereeeeererreeerreeeeeessrrrereeessrreeeeeessrrerereesrrrereressereereeesrrreseeessrerereressreeeeeeesereeeeeeesreeeeeeee 74 GTS and rate limit commands ER AR AA RR EE E 76 GTS commands rrrssressseesseeesetetseteeeeeseeeecsesecseecsenssseoseseossseeseeseseoneseoneseessenssenneseoneseosesenseeneseecneseosusensesenaseoneseoneseoneseeeen 76 display qos gts Interface sscretreeetetteeeeetseeeeeneseeesseseesseseesseseesssessesseseesseseesssescessseseessssssesaseseeessseeeseseesesesensseesenes 76 qos gts EE EE EE EE EE EI EE 76 Rate limit commands EER EER EE EER EE SEER EER ee r nan n nn EE nn RR rra Ee ee EE nn RR ee EER ee ee EER ee EE ER ee ee EER
37. Free Size of free data buffer 116 Field Description Block where the port resides The block where the ports on the Pos front panel of the device reside is fixed to Block 1 5sec Percentage of the buffer that the port uses for the last 5 seconds 1min Percentage of the buffer that the port uses for the last 1 minute 5min Percentage of the buffer that the port uses for the last 5 minutes 117 Index A accounting 44 acl acl copy 2 acl logging interval 3 acl name 4 bandwidth 89 buffer apply 109 buffer queue guaranteed 110 buffer queue shared 111 buffer total shared 112 burst mode enable 113 C car 44 car name 103 classifier behavior 56 control plane 57 D description 5 display acl 5 display buffer 113 display buffer usage 115 display packet filter 7 display packetfilter statistics 8 display packet filter statistics sum 10 display packet filter verbose 11 display qos car name 103 display qos gts interface 76 display qos Ir interface 77 display qos map table 71 display qos policy 57 display qos policy control plane 58 display qos policy control plane pre defined 59 display qos policy global 61 display qos policy interface 62 display qos qmprofile configuration 90 display qos qmprofile interface 91 display qos queue sp interface 80 display qos queue wfq interface 85 display qos queue wrr interface 81 display qos queue statistics interface
38. HP Moonshot 45XGc Switch ACL and QoS Command Reference Part Number 785507 001 Software version ESS 2407 Document version 5W100 20140912 Legal and notice information Copyright 2014 Hewlett Packard Development Company L P No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett Packard Development Company L P The information contained herein is subject to change without notice HEWLETT PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Contents ACL Genin Gl inc a ees EE EE EE AE Ee 1 acl COPY AAE 2 acl logging int eryal eeeeeeereeeereereerseeesseeeeseserersseeerseeerseeerseserrseeersseenseeeesseeenseeerseeeeseeerseeeerseeeeeenseseeenreeeeseeeenseeenseeenseeeenee 3 TT Te 4 description EE AR AA KA EE AE EO N 5 display TE conan none c
39. LAN ID is in the range of 1 to 4094 You can enter individual discontinuous VLAN IDs and VLAN ID ranges in the form of startvlan id to end vlan id where 68 the start VLAN ID must be smaller than the end VLAN ID Each item in the VLAN list is separated by a space You can specify up to eight VLAN IDs inbound Applies the QoS policy to the incoming packets in the specified VLANs outbound Applies the QoS policy to the outgoing packets in the specified VLANs Examples Apply the QoS policy test to the incoming traffic of VLAN 200 VLAN 300 VLAN 400 and VLAN 500 lt Sysname gt system view Sysname qos vlan policy test vlan 200 300 400 500 inbound reset qos policy control plane Use reset qos policy control plane to clear statistics for the QoS policy applied to the control plane Syntax reset qos policy control plane slot slot number Views User view Predefined user roles network admin Parameters slot slot number Specifies an IRF member device by its member ID slot number Examples Clear the statistics of the QoS policy applied to the control plane of IRF member device 3 lt Sysname gt reset qos policy control plane slot 3 reset gos policy global Use reset qos policy global to clear the statistics of a global QoS policy Syntax reset qos policy global inbound outbound Views User view Predefined user roles network admin Parameters inbound Clears the statistics of the global QoS policy applied to incoming
40. S IS VRRP OSPF Multicast OSPF Unicast IGMP OSPFv3 Unicast OSPFv3 Multicast VRRPV6 ARP DHCP Snooping DHCP 802 1x STP LACP MVRP BGP ICMP TTL Expires IPOPTION BGPV6 Hop Limit Expires Fi POPTIONV6 LLDP DLDP TELNET SSH HTTP HTTPS TACACS RADIUS SNMP ARP Snooping ICMPv6 DHCPv6 BFD Priority 37 40 39 35 19 34 34 40 17 15 43 38 11 27 20 20 26 13 13 25 24 10 10 10 10 10 10 10 12 10 Bandwidth 912 768 256 256 512 256 256 768 256 256 256 128 256 64 256 256 640 64 64 256 64 64 128 64 512 512 64 64 64 64 512 256 512 256 512 kbps 60 Group critical important critical critical important eritical critical important normal redirect normal important critical critical critical critical monitor normal normal critical normal normal important critical management management management management management management management redirect monitor normal critical Table 22 Command output Field Description Pre defined policy information Contents of the predefined control plane QoS policy Protocol System defined control plane protocol Group Control plane protocol group display gos policy global Use display qos policy global to display global QoS policies Syntax display gos policy global slot slot number inbound outbound Views Any view Predefined use
41. able undo burst mode enable Default The Burst function is disabled Views System view Predefined user roles network admin Usage guidelines The Burst function is especially useful for reducing packet losses under circumstances such as the following e Broadcast or multicast traffic is intensive resulting in bursts of traffic e Traffic enters a device from a high speed interface and goes out of a low speed interface e Traffic enters a device from multiple same rate interfaces and goes out of an interface with the same rate Examples Enable the Burst function lt Sysname gt system view Sysname burst mode enable display buffer Use display buffer to display buffer size settings Syntax display buffer slot slot number queue queue id 113 Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays buffer size settings for all IRF member devices queue gueue id Specifies a queue by its ID in the range of O to 7 Usage guidelines If you do not specify the queue keyword this command displays the total shared area ratio If you specify the queue keyword this command displays the fixed area ratio and shared area ratio for all queues If you specify a queue this command displays the fixed area size and shared area size for the specif
42. ables match counting for all been matched rules in an ACL If the counting keyword is not specified matches for the rule are not counted The precedence argument can be a number in the range precedence Specifies an IP precedence of 0 to 7 or in words routine 0 priority 1 precedence value immediate 2 flash 3 flash override 4 critical 5 internet 6 or network 7 The fos argument can be a number in the range of O to ee n EE 15 or in words max reliability 2 max throughput 4 min delay 8 min monetary cost 1 or normal 0 20 Parameters Function Description The dscp argument can be a number in the range of O to 63 or in words af11 10 af12 12 af13 14 af21 18 af22 20 af23 22 af31 26 af32 28 af33 i a Specifies a DSCP priority 30 af41 34 af42 36 af43 38 es1 8 es2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 default 0 or ef 46 Applies the rule only to If you do not specify this keyword the rule applies to all fragment f non first fragments fragments and non fragments lodain isas mathina padet This function requires that the module for example gging 9 9 P j packet filtering that uses the ACL supports logging The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English A f letter If the time range is not configured the system time range Specifies a time range for the creates the
43. admin Parameters step value ACL rule numbering step in the range of 1 to 20 Usage guidelines The rule numbering step sets the increment by which the system numbers rules automatically For example the default ACL rule numbering step is 5 If you do not assign IDs to rules you are creating they are numbered 0 5 10 15 and so on The wider the numbering step the more rules you can insert between two rules Whenever the step changes the rules are renumbered starting from O For example if there are five rules numbered 5 10 13 15 and 20 changing the step from 5 to 2 causes the rules to be renumbered O 2 4 6 and 8 Examples Set the rule numbering step to 2 for IPv4 basic ACL 2000 lt Sysname gt system view Sysname acl number 2000 Sysname acl basic 2000 step 2 Related commands display acl 35 QoS policy commands Traffic class commands display traffic classifier Use display traffic classifier to display traffic classes Syntax display traffic classifier user defined classifiername slot slot number Views Any view Predefined user roles network admin network operator Parameters user defined Displays user defined traffic classes classifierrname Specifies a traffic class by its name a case sensitive string of 1 to 31 characters If you do not specify a traffic class this command displays all traffic classes slot slot number Specifies an IRF member device by its member ID slot number I
44. age queue length calculation for a queue Use undo queue weighting constant to restore the default Syntax queue queue id weighting constant exponent undo queue gueue id weighting constant Default The exponent for average queue length calculation is 9 101 Views WRED table view Predefined user roles network admin Parameters queue id Specifies a queue by its ID weighting constant exponent Specifies the WRED exponent for average queue length calculation in the range of O to 15 Usage guidelines The bigger the exponent is the less sensitive the average queue size is to real time queue size changes The average queue size is calculated using the formula average queue size previous average queue size x 1 2 current queue size x 2 where n can be configured with the qos wred weighting constant command Examples In WRED table queue table1 set the exponent for average queue length calculation to 12 for queue 1 lt Sysname gt system view Sysname qos wred queue table queue tablel Sysname wred table queue tablel queue 1 weighting constant 12 Related commands e display qos wred table e qos wred table 102 Aggregate CAR commands car name Use car name to reference an aggregate CAR action in a traffic behavior Use undo car to remove an aggregate CAR action from a traffic behavior Syntax car name car name undo car Default No aggregate CAR action is configured in a traffic behavior Views
45. ake effect only after you configure the timer range For more information about time range see ACL and QoS Configuration Guide vpn instance vpn instance name Applies the rule to a VPN instance The vpn instance name argument is a case sensitive string of 1 to 31 characters If you do not specify a VPN instance the rule applies only to non VPN packets 31 Usage guidelines If an ACL is for QoS traffic classification or packet filtering e Do not specify the fragment keyword e Do not specify the vpn instance or routing keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config e If you do not specify any optional keywords the undo rule command deletes the entire rule e Ifyou specify optional keywords or arguments the undo rule command deletes the specified attributes To view rules in an ACL and their rule IDs use the display acl ipv all command Examples Create an IPv basic ACL rule to deny the packets from any source IP segment but 1001 16 3124 1123 32 or FE80 5060 1001 48 lt Sysname gt system view Sysname acl ipv number 2000 Sysname acl6 basic 2000 rule permit source 1001 16 Sysna
46. asic ACL view 24 rule IPv advanced ACL view 25 rule IPv basic ACL view 30 rule user defined ACL view 32 rule comment 34 S step 34 T time range 107 traffic behavior 55 traffic classifier 43
47. ass exists Views System view Predefined user roles network admin Parameters classifiername Specifies a traffic class name a case sensitive string of 1 to 31 characters operator Sets the operator to logic AND the default or OR for the traffic class and Specifies the logic AND operator The traffic class matches the packets that match all its criteria or Specifies the logic OR operator The traffic class matches the packets that match any of its criteria Examples Create a traffic class class1 lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 Related commands display traffic classifier 43 Traffic behavior commands accounting Syntax Default Views Use accounting to configure a traffic accounting action in a traffic behavior Use undo accounting to delete the action accounting byte packet undo accounting No traffic accounting action is configured Traffic behavior view Predefined user roles network admin Parameters byte Counts traffic in bytes packet Counts traffic in packets Examples car Syntax Default Views Configure a traffic accounting action in traffic behavior database to count traffic in bytes lt Sysname gt system view Sysname traffic behavior database Sysname behavior database accounting byte Use car to configure a CAR action in a traffic behavior Use undo car to delete the action car
48. ate traffic class database with traffic behavior test in QoS policy user1 lt Sysname gt system view Sysname qos policy userl Sysname qospolicy userl classifier database behavior test Associate the traffic class database with the traffic behavior test in the QoS policy user1 and insert the traffic class database before an existing traffic class class a lt Sysname gt system view Sysname qos policy userl Sysname qospolicy userl classifier database behavior test insert before class a 56 Related commands qos policy control plane Use control plane to enter control plane view Syntax control plane slot s of number Views System view Predefined user roles network admin Parameters slot slot number Specifies an IRF member device by its member ID slot number Examples Enter control plane view of IRF member device 1 lt Sysname gt system view Sysname control plane slot 1 Sysname cp slot1 display gos policy Use display qos policy to display user defined QoS policies Syntax display qos policy user defined policy name classifier classifiername slot slot number Views Any view Predefined user roles network admin network operator Parameters user defined Displays user defined QoS policies policy name Specifies a QoS policy by its name a case sensitive string of 1 to 31 characters If you do not specify a QoS policy this command displays all user defined QoS policies classifier cla
49. avior database 47 Sysname behavior database filter deny nest top most Syntax Default Views Use nest top most to configure a VLAN tag adding action in a traffic behavior Use undo nest top most to delete the action nest top most vlan vlan id undo nest top most No VLAN tag adding action is configured Traffic behavior view Predefined user roles network admin Parameters vlan id vlan id Specifies the ID of the VLAN tag to be added The vlan id argument is in the range of 1 to 4094 Usage guidelines If a QoS policy contains a VLAN tag adding action apply it only to the incoming traffic of an interface If the traffic behavior already contains a VLAN tag adding action the new one overwrites the old one Examples Configure traffic behavior b1 to add VLAN tag 123 lt Sysname gt system view Sysname traffic behavior bl Sysname behavior b1 nest top most vlan 123 redirect Syntax Default Views Use redirect to configure a traffic redirecting action in the traffic behavior Use undo redirect to delete action redirect cpu interface interface type interface number undo redirect cpu interface interface type interface number No traffic redirecting action is configured Traffic behavior view 48 Predefined user roles network admin Parameters cpu Redirects traffic to the CPU interface Redirects traffic to an interface interface type interface number Sp
50. ay qos qmprofile configuration BEE EE EE EE EE EER OIE OE EE MEE IE OE ET 90 display qos qmprofile interface eerrrrrrerenncnnnnnnnnnnnnnannnnnnnnnnnnnnnnnn nana nn nnnnn cnn nana nnn rosa nnn nana nnnnnnn arc nana nnnnnnn arenas cnn nnnnnnnnannss 91 qos apply qmprofile EE LERE EE EE EE EE EE ME OR OE EE 92 qos qmprofile EER ES NE REDE EE DE N ER OE EE OER EE EE AE EE EE De EE 93 TEE TT TT TT TT 93 Queue based accounting commandssssssersserserseerserrserseersersserseereerseereerseereernserseereerseereerneerserneereeerserseerserseerseenserseerseeeee 95 display qos queue statistics interface outbound tree REKE EER EE EE RE RE EE EE ER EER EE Re EER ee EE Ee ee EE Ee ee ee Ee ee ee ee ee ee 95 Congestion avoidance commandsrssssssssssssssssnsssecsecssssssssnnusseseceessssssssssunssssseeessesssnssusnsssssssseceeessassssnnssesscee 96 WRED commands EE nono n nono nono nan nn nn RN R IR RR RN RN RIN RR RR RN RR IR RR RN RN RIN RN RN RN RIN RR RN RN RNR IR EE 96 display qos WIE interface ssrrreetretetettetetetseeeeseseseessseseseeesseseeesseseesssescecsssseesssescesssssecesesecensasscecsusesensesasensesesensesanenes 96 display qos WIE table ees Ee ee Be ERA EA EE BA BA ERA EA EE BRA Bee ERA EE Ee EE ERA EE Bee Bee Ee EE ERA EE Bee EE Bee Ee EE Ee EE See ee 97 qos wred apply EE ER OE EE OE N EE RE EE EE EE EE 98 qos MEE non aconcnnonennonannonannncnnoncnnnannnonecnnsaconccnoness 99 Ue TT TT EE neneenennes 99 TEE TT EE 101 queue weighting constant AR EE TA
51. be identical with those defined in the criterion the sequence can be different Defining a criterion to match VLAN IDs in inner or outer VLAN tags e You can configure multiple VLAN ID match criteria for a traffic class The defined VLAN IDs are automatically arranged in ascending order e You can configure multiple VLAN IDs in one command line If the same VLAN ID is specified multiple times the system considers the VLAN IDs as one If a packet matches one of the defined VLAN IDs it matches the if match clause e To delete a criterion that matches VLAN IDs the specified VLAN IDs in the command must be identical with those defined in the criterion the sequence can be different e You can use the VLAN ID in the outer VLAN tag to match single tagged packets Defining a criterion to match control plane protocols e You can configure multiple control plane protocol match criteria for a traffic class e This criterion cannot coexist with other criteria in a traffic class Otherwise the relevant QoS policy cannot be applied normally e You can configure multiple control plane protocols in one command line If the same control plane protocol is specified multiple times the system considers them as one If a packet matches one of the defined control plane protocols it matches the if match clause e To delete a criterion that matches control plane protocols the specified control plane protocols in the command must be identical with those
52. ber name e 4000 to 4999 for Ethernet frame header ACLs acl name e 5000 to 5999 for user defined ACLs The acl name argument is a case insensitive string of 1 to 63 characters which must start with an English letter To avoid confusion the argument cannot be alll any Matches all packets Matches control plane protocols control plane protocol The protocol name amp lt 1 8 gt argument specifies a space separated list of up to protocol name amp lt 1 8 gt eight system defined control plane protocols For available system defined control plane protocols see Table 18 37 Option Description Matches a control plane protocol group control plane protocol group protocolgroup name The protocol group name argument can be critical important management monitor normal or redirect Matches 802 1p priority values in inner VLAN tags of double tagged packets customer dot1p dot p value amp lt 1 8 gt The dot p value amp lt 1 8 gt argument specifies a space separated list of up to eight 802 1p priority values The value range for the dot p value argument is O to 7 Matches VLAN IDs in inner VLAN tags of double tagged packets The vlan id list argument specifies a space separated list of up to 10 VLAN customer vlan id vlan id list items Each item specifies a VLAN or a range of VLANs in the form of vlan id1 to vlan id2 The value for vlan id2 must be equal to or greater than the value for vlan id1 The
53. ble name Specifies a WRED table by its name Usage guidelines If you do not specify a WRED table this command applies the default WRED table to the interface 98 Examples Apply the queue based WRED table table to interface FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wred apply tablel Related commands e display qos wred interface e display qos wred table e qos wred table qos wred table Use qos wred table to create a WRED table and enter WRED table view Use undo qos wred table to delete a WRED table Syntax qos wred queue table table name undo qos wred queue table table name Default No WRED table exists Views System view Predefined user roles network admin Parameters queue Creates a gueue based WRED table which drops packets based on the queue when congestion occurs table table name Specifies a name for the WRED table Usage guidelines You cannot delete a WRED table in use To delete it first remove it from the specified interface Examples Create a gueue based WRED table named queue table1 lt Sysname gt system view Sysname qos wred queue table queue tablel Sysname wred table queue tablel Related commands display qos wred table queue Use queue to configure the drop related parameters for a queue in the gueue based WRED table 99 Syntax Default Views Use undo queue to restore the default queue queuve id
54. bound Specifies the outbound direction slot slot number Specifies an IRF member device The slotnumber argument represents the ID of the IRF member device If you do not specify an IRF member device this command displays ACL application information for packet filtering on the master Usage guidelines If neither the inbound keyword nor the outbound keyword is specified this command displays the ACL application information for both incoming and outgoing packet filtering Examples Display ACL application information for incoming packet filtering on interface FortyGigE 1 1 1 lt Sysname gt display packet filter interface fortygige 1 1 1 inbound Interface FortyGigE1 1 1 In bound policy ACL 2001 Hardware count ACL6 2002 IPv4 default action Deny IPv6 default action Deny Table 2 Command output Field Description Interface Interface to which the ACL applies In bound policy ACL used for filtering incoming traffic Outbound policy ACL used for filtering outgoing traffic Field Description ACL 2001 IPv4 basic ACL 2001 has been successfully applied Hardware count Successfully enables counting ACL rule matches Packet filter default action for packets that do not match any IPv4 AE DU son ACLs This field is displayed only when the default action is deny Packet filter default action for packets that do not match any IPv Pue aaku atian ACLs This field is displayed only when the default action is
55. c rate CBS CBS in bytes which specifies the amount of bursty traffic allowed at a time qos gis Use qos gts to set GTS parameters for traffic of a traffic class or all the traffic on an interface Use qos gts to set GTS parameters for the packets in a queue 76 Syntax Default Views Use undo qos gts to remove GTS parameters for traffic of a queue on an interface qos gts queue queve id cir committed information rate cbs committed burst size undo qos gts queue queue id No GTS parameters are configured on an interface Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters queue queve id Specifies a queue by its ID in the range of 0 to 7 cir committed information rate Specifies the CIR in kbps The value range for the committed information rate argument is 8 to 41943040 for 40 GE interfaces in integral multiples of 8 cbs committed burst size Specifies the CBS in bytes The value range for the committed burst size argument is an integral multiple of 512 between 512 and 16777216 The default value for this argument is the product of 62 5 and the CIR and must be an integral multiple of 512 If the product is not an integral multiple of 512 it is rounded up to the nearest integral multiple of 512 Examples Shape the packets in queue 1 on FortyGigE 1 1 1 The GTS parameters are as follows CIR is 6400 kbps and CBS is 51200 bytes lt Sysname gt
56. cify the fragment keyword e Do not specify neq for the operator argument e Do not specify the vpn instance routing hop by hop or flow label keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering e Do not specify ipv6 ah for the protocol argument nor set its value to O 43 44 51 or 60 if the ACL is for outbound QoS traffic classification or outbound packet filtering If an ACL is to match information in the IPv packet payload it can only match packets with one extension header It cannot match packets with two or more extension headers or with the Encapsulating Security Payload Header Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config e If you do not specify any optional keywords the undo rule command deletes the entire rule e If you specify optional keywords or arguments the undo rule command deletes the specified attributes To view rules in an ACL and their rule IDs use the display acl ipv all command 29 Examples Create an IPv advanced ACL rule to permit TCP packets with the destination port 80 from 2030 5060 64 to FE80 5060 96 lt Sysname gt system view Sysname acl ipv number 3000 Sysname acl6 adv 3000 rule permit tcp source
57. cir committed information rate cbs committed burst size ebs excess burst size green action red action yellow action car cir committed information rate cbs committed burstsize pir peak information rate ebs excess burst size green action red action yellow action undo car No CAR action is configured Traffic behavior view 44 Predefined user roles network admin Parameters cir committed information rate Specifies the committed information rate CIR in kbps which specifies an average traffic rate The value range for the committed information rate argument is an integral multiple of 8 between 8 and 160000000 cbs committed burst size Specifies the committed burst size CBS in bytes The value range for the committed burst size argument is an integral multiple of 512 between 512 and 256000000 The default value for this argument is the product of 62 5 and the CIR and must be an integral multiple of 512 When the product is not an integral multiple of 512 it is rounded up to the nearest integral multiple of 512 A default value greater than 256000000 is converted to 256000000 ebs excess burst size Specifies the excess burst size EBS in bytes The value range for the excess burst size argument is an integral multiple of 512 between 0 and 256000000 and the default value is 512 pir peak information rate Specifies the peak information rate PIR in kbps The value range for the peak information rat
58. cket Filter enable Permit Marking Remark dotlp 4 Redirecting Redirect to the CPU Behavior 3 ID 102 none 46 filter Syntax Default Views Table 19 Command output Field Description Behavior Name and contents of a traffic behavior Marking Information about priority marking Remark dscp Action of setting the DSCP value for packets Committed Access Rate Information about the CAR action CIR CIR in kbps which specifies the average traffic rate CRS CBS in bytes which specifies the amount of bursty traffic allowed at a time ERS EBS in bytes which specities the amount of traffic exceeding CBS when two token buckets are used Green action Action to take on green packets Yellow action Action to take on yellow packets Red action Action to take on red packets Accounting enable Traffic accounting action Filter enable Traffic filtering action None No other traffic behavior is configured Use filter to configure a traffic filtering action in a traffic behavior Use undo filter to delete the action filter deny permit undo filter No traffic filtering action is configured Traffic behavior view Predefined user roles network admin Parameters deny Drops packets permit Transmits the packets Examples Configure a traffic filtering action as deny in traffic behavior database lt Sysname gt system view Sysname traffic beh
59. configured Views Traffic behavior view Predefined user roles network admin Parameters green Specifies green packets red Specifies red packets yellow Specifies yellow packets local precedence value Sets the local precedence to be marked for packets in the range of 0 to 7 Examples Configure traffic behavior database to mark matching traffic with local precedence 2 53 lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark local precedence 2 remark gos local id Use remark gos local id to configure a local QoS ID marking action in a traffic behavior Use undo remark qos local id to delete the action Syntax remark qos local id local id value undo remark gos local id Default No local QoS ID marking action is configured Views Traffic behavior view Predefined user roles network admin Parameters local id value Specifies the local QoS ID to be marked for packets The value range for this argument is 1 to 4095 The switch supports local QoS IDs in the range of 1 to 3999 Usage guidelines Remarking local QoS IDs combines different traffic classes into one new class which is indicated by a local QoS ID You can configure a traffic behavior for this new class to implement two levels of actions on a traffic class Remarking local QoS IDs applies only to the incoming traffic Examples Configure the action of marking packet with local QoS ID 2 lt Sysname
60. counting for all rules in an ACL If the counting keyword is not specified matches for the rule are not counted fragment Applies the rule only to non first fragments If you do not specify this keyword the rule applies to both fragments and non fragments logging Logs matching packets This function is available only when the application module for example packet filtering that uses the ACL supports the logging function 24 source source address source wildcard any Matches a source address The source address source wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation A wildcard mask of zeros specifies a host address The any keyword represents any source IP address time range time range name Specifies a time range for the rule The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule using the time range can take effect only after you configure the timer range For more information about time range see ACL and QoS Configuration Guide vpn instance vpn instance name Applies the rule to a VPN instance The vpn instance name argument is a case sensitive string of 1 to 31 characters If you do not specify a VPN instance the rule applies only to non VPN packets Usage guidelines If an ACL is for outbound QoS traffic classification or outbo
61. ction discard Green packets 0 Packets Red packets 0 Packets Classifier 2 Operator AND Rule s If match protocol ipv6 Behavior 2 Accounting enable 0 Packets Filter enable Permit Marking 64 Remark dotlp 1 Classifier 3 Operator AND Rule s none Behavior 3 none Table 25 Command output Field Description Direction Direction in which the QoS policy is applied for the VLAN Green packets Statistics about green packets Red packets Statistics about red packets For the description of other fields see Table 16 and Table 19 gos apply policy interface view control plane view Syntax Default Views Use qos apply policy to apply a QoS policy Use undo gos apply policy to remove an applied QoS policy qos apply policy policy name inbound outbound undo gos apply policy policy name inbound outbound No QoS policy is applied to an interface or control plane Control plane view Layer 2 Ethernet interface view Layer 3 Ethernet interface view S channel aggregate interface view S channel interface view VSI aggregate interface view VSI interface view Predefined user roles network admin Parameters policy name Specifies a QoS policy name a case sensitive string of 1 to 31 characters inbound Applies the QoS policy to the incoming traffic of an interface or control plane outbound Applies the QoS policy to the outgoing traffic of an interface 65
62. d interface Use display qos wred in Syntax terface to display the WRED configuration for an interface display gos wred interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the WRED configuration and statistics for all interfaces Examples Display the WRED configuration for all interfaces lt Sysname gt display qos wred interface Interface FortyGigE1 1 1 Current WRED configuration Applied WRED table name 1 Table 38 Command output Field Description Interface Interface type and interface number display gos wred table Use display qos wred table to display the WRED table configuration Syntax display qos wred table name table name slot slot number Views Any view Predefined user roles network admin network operator Parameters name fable name Specifies a WRED table by its name If you do not specify a WRED table this command displays the configuration of all WRED tables slot slot number Specifies an IRF member device by its member ID slotnumber If you do not specify an IRF member device this command displays the configuration of WRED tables on the master device Examples Display the configuration of WRED table 1 lt Sysname gt display qos wred table name 1
63. defined in the criterion the sequence can be different Examples Define a match criterion for traffic class class1 to match the packets with their destination MAC addresses being 0050 ba27 bed3 lt Sysname gt system view Sysname traffic classifier classl Sysname classifier classl if match destination mac 0050 ba27 bed3 Define a match criterion for traffic class class2 to match the packets with their source MAC addresses being 0050 ba27 bed 2 lt Sysname gt system view Sysname traffic classifier class2 Sysname classifier class2 if match source mac 0050 ba27 bed2 Define a match criterion for traffic class class1 to match double tagged packets with 802 1p priority 3 in inner VLAN tags lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match customer dotlp 3 Define a match criterion for traffic class dlass1 to match the packets with 802 1p priority 5 in outer VLAN tags lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match service dotlp 5 Define a match criterion for traffic class dlass1 to match the advanced ACL 3101 lt Sysname gt system view Sysname traffic classifier classl Al Sysname classifier classl if match acl 3101 Define a match criterion for traffic class class1 to match the ACL named flow lt Sysname gt system view Sysname traffic classifier classi Sysname classifier classl i
64. deny Packet filter default action for packets that do not match any Ethernet MAC default action frame header ACLs This field is displayed only when the default action is deny display packetilter statistics Use display packet filter statistics to display match statistics of ACLs for packet filtering Syntax display packet filter statistics interface interface type interface number inbound outbound ipv acl number name acl name brief Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Displays the statistics of an interface specified by its type and number inbound Displays the statistics in the inbound direction outbound Displays the statistics in the outbound direction ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv keyword is specified name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter brief Displays brief statistics Usage guidelines When none of acl number and name acl name is specified this command disp
65. e ACL contains one rule The match order for the ACL is auto which sorts ACL rules in depth first tch i t A mate orders GUS order This field is not present when the match order is config This is an IPv4 basic ACL Description of this ACL ACL s step is 5 The rule numbering step is 5 rule 5 permit source 1 1 1 1 0 Content of rule 5 There have been five matches for the rule The statistic counts only ACL 5 times matched matches performed in software This field is not displayed when no packets matched the rule rule 5 comment This rule is used arca 17 Z1 Comment of ACL rule 5 display packet filter Use display packet filter to display whether an ACL has been successfully applied to an interface for packet filtering Syntax display packet filter interface interface type interface number inbound outbound interface vlan interface vian interface number inbound outbound slot s ot number Views Any view Predefined user roles network admin network operator Parameters interface interface type interface number Specifies an interface by its type and number VLAN interfaces are not supported If you do not specify an interface this command displays ACL application information on all interfaces except VLAN interfaces for packet filtering interface vlan interface vian interface number Specifies a VLAN interface by its number inbound Specifies the inbound direction out
66. e FortyGigE1 1 1 qos wfq 0 group 1 byte count 10 Sysname FortyGigE1 1 1 qos wfq 1 group 2 byte count 5 Related commands e display qos queue wfq interface e qos bandwidth queue e qos wfq gos wfq group sp Syntax Default Use qos wfq group sp to assign a queue to the SP group Use undo qos wfq group sp to restore the default qos wfq queue id group sp undo gos wig queue id When WFQ queuing is used on an interface all the queues are in the WFQ group 88 Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value is an integer in the range of O to 7 or a keyword listed in Table 33 sp Assigns a queue to the SP group which uses the SP queue scheduling algorithm Usage guidelines You must use the qos wfg command to enable WFQ first before you configure this command With this SP WFQ queuing method the system schedules traffic as follows 1 The system schedules the traffic conforming to the minimum guaranteed bandwidth in each WFQ group and schedules the traffic of the two WFQ groups in the ratio of 1 1 in a round robin manner The system uses SP to schedule queues in the SP group If there is remaining bandwidth the system schedules the traffic of queues in each WFQ group based on their weights and schedules the traffic of the two WFQ groups in the ratio of 1 1 ratio in a round robin manner Examples
67. e argument is an integral multiple of 8 between 8 and 160000000 If the PIR is configured two rates are used for traffic policing Otherwise one rate is used green action Specifies the action to take on packets that conform to CIR The default setting is pass red action Specifies the action to take on the packet that conforms to neither CIR nor PIR The default setting is discard yellow action Action to take on packets that conform to PIR but not to CIR The default setting is pass action Sets the action to take on the packet e discard Drops the packet e pass Permits the packet to pass through e remark dotlp pass new cos Sets the 802 1p priority value of the 802 1p packet to new cos and permits the packet to pass through The new cos argument is in the range of 0 to 7 e remark dscp pass new dscp Sets the DSCP value of the packet to new dscp and permits the packet to pass through The new dscp argument is in the range of O to 63 e remark lp pass new local precedence Sets the local precedence value of the packet to new local precedence and permits the packet to pass through The new local precedence argument is in the range of O to 7 Usage guidelines A QoS policy that references the traffic behavior can be applied in either the inbound direction or outbound direction of an interface If you configure the car command multiple times in the same traffic behavior the most recent configuration takes effect Examples
68. e count keyword in the packet filter ipv command enables match counting for all rules in an ACL If the counting keyword is not specified matches for the rule are not counted fragment Applies the rule only to non first fragments If you do not specify this keyword the rule applies to both fragments and non fragments logging Logs matching packets This function is available only when the application module for example packet filtering that uses the ACL supports the logging function routing type routing type Applies the rule to the specified type of routing header or all types of routing header The routing type argument specifies the value of the routing header type which is in the range of O to 255 If you specify the type routing type option the rule applies to the specified type of routing header Otherwise the rule applies to any type of routing header source source address source prefix source address source prefix any Matches a source IP address The ipv address and prefix length arguments represent a source IPv address and address prefix length in the range of 1 to 128 The any keyword represents any IPv source address time range time range name Specifies a time range for the rule The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule using the time range can t
69. e range name start time to end time days from time date to time2 date2 from time date to time2 date2 to time2 date2 No time range exists System view Predefined user roles network admin Parameters time range name Specifies a time range name The name is a case insensitive string of 1 to 32 characters It must start with an English letter and to avoid confusion it cannot be all start time to end time Specifies a periodic statement Both start time and end time are in hh mm format 24 hour clock The value is in the range of 00 00 to 23 59 for the start time and 00 00 to 24 00 for the end time The end time must be greater than the start time days Specifies the day or days of the week in words or digits on which the periodic statement is valid If you specify multiple values separate each value with a space and make sure they do not overlap These values can take one of the following forms e A digit in the range of O to 6 respectively for Sunday Monday Tuesday Wednesday Thursday Friday and Saturday e A day of a week in abbreviated words sun mon tue wed thu fri and sat e working day for Monday through Friday e off day for Saturday and Sunday e daily for the whole week from time date Specifies the start time and date of an absolute statement The time argument specifies the time of the day in hh mm format 24 hour clock Its value is in the range of 00 00 to 23 59 The da
70. ecifies a message name icmp message code Supported ICMP message names and their corresponding type and code values are listed in Table 10 Table 10 ICMP message names supported in IPv4 advanced ACL rules ICMP message name ICMP message type ICMP message code echo 8 0 echo reply 0 0 fragmentneed DFset 3 4 host redirect 5 1 hosttos redirect 5 3 hostunreachable 3 1 information reply 16 0 information request 15 0 net redirect 5 0 nettos redirect 5 2 net unreachable 3 0 parameter problem 12 0 port unreachable 3 3 protocol unreachable 3 2 reassembly timeout 11 1 source quench 4 0 22 ICMP message name ICMP message type ICMP message code source route failed 3 5 timestamp reply 14 0 timestamp request 13 0 lexceeded 11 0 Usage guidelines If an ACL is for QoS traffic classification or packet filtering e Do not specify the vpn instance keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering e Do not specify neg for the operator argument Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config e If you do not specify any optional keywords the undo rule command deletes the entire rule e If you s
71. ecifies an interface by its type and number Usage guidelines Redirecting traffic to the CPU and redirecting traffic to an interface are mutually exclusive with each other in the same traffic behavior The most recently configured redirecting action takes effect Examples Configure redirecting traffic to FortyGigE 1 1 1 in traffic behavior database lt Sysname gt system view Sysname traffic behavior database Sysname behavior database redirect interface FortyGigE 1 1 1 Related commands e classifier behavior e qos policy e traffic behavior remark customer vlan id Use remark customer vlan id to configure a CVLAN marking action in a traffic behavior Use undo remark customer vlan id to delete the action Syntax remark customer vlan id vlan id undo remark customer vlan id Default No CVLAN marking action is configured Views Traffic behavior view Predefined user roles networkadmin Parameters vlan id Specifies a CVLAN ID in the range of 1 to 4094 Examples Configure traffic behavior b1 to mark matching packets with CVLAN 111 lt Sysname gt system view Sysname traffic behavior bl Sysname behavior b1 remark customer vlan id 111 49 remark dotlp Syntax Default Views Use remark dotlp to configure an 802 1p priority marking action or an inner to outer tag priority copying action in a traffic behavior Use undo remark dot1p to delete the action remark green red yellow dot1
72. eds the upper limit subsequent packets are dropped Examples In gueue based WRED table queue table1 configure drop related parameters for packets in queue 1 as follows e The drop level is 1 e The lower limit for the average queue length is 10 e The upper limit for the average queue length is 20 e The drop probability is 30 lt Sysname gt system view Sysname qos wred queue table queue tablel Sysname wred table queue tablel queue 1 drop level 1 low limit 10 high limit 20 discard probability 30 Related commands e display qos wred table 100 e qos wred table queue ecn Use queue ecn to enable ECN for a queue Use undo queue ecn to restore the default Syntax queue queue id ecn undo queue gueue id ecn Default ECN is not enabled on any queue Views WRED table view Predefined user roles network admin Parameters queue id Specifies a queue by its ID in the range of O to 7 Usage guidelines When both the receiver and sender support ECN the device can notify the peer end of the congestion status by identifying and setting the ECN flag ECN avoids deteriorating congestion Examples In WRED table gueue table1 enable ECN for queue 1 lt Sysname gt system view Sysname qos wred queue table queue tablel Sysname wred table queue tablel queue 1 ecn Related commands e display qos wred table e qos wred table queue weighting constant Use queue weighting constant to specify an exponent for aver
73. ee ee EER ee ee EER ee ee EER ee ee EER ee ee ee ee ee 77 display qos Ir Interface cevsssseesssstessseeteessesceeesseeseesseescesseecessseseesseseeesssseessscsceessesceeseeseecssesenenseseeensesecesssseeeeseeeneess 77 ANETTE TT TT 78 Congestion management commands sere eeeEEEERRERRRRRR RR Reg Re ERRRRRRRRRRR RR eeeERERRRRRRRRRR nenes 80 SEE RR RRE RRE RR RN NENNE RARA ARAN NARRO RON RN NOR RR RN Ran an nen EENAA SAA 80 display qos queue sp interface eeertrrrrerrnnnnnnnnnnnnnnnnnnnnnnnnnnnn nana cnn nnnn nn nn nan nnn nana nn n nan nnn nana nnn nan nnn nana nnnn anna nn rana cnn nana nnnnnnoss 80 TI eR EE OG 80 WRR Commands EE Ee 81 display qos queue wrr interface veeereeeetseeeteteseesteseeceesseseeessesesessesscessesseesessesssesecensesesensesesensessesssessseseseeenseseeeneess 81 EET TT TT 82 qos wrr byte count weight a 83 GOS Wrr group EE EE ET TT ET TE eeene eee 84 WFQ COMIMQNAS errrrrrrcnnennnnonnnnonnonnon Ee 85 display qos queue wfq interface rerrrrerenrrccnnnonnnnononnnnonnnnnnononnn non cnn non cnn non nnnnnnnnnnnnnnnnn nen nana nnn nana nnn nana nnn nana nnn nan annnannnnss 85 qos bandwidth TEE nene ren ren renace narrar serves 86 OS gr TT TE TE 87 qos wig byte count weight EE EE N o 87 ETE ELE TT TT TT eenne nenes 88 Queue scheduling profile COMMANAS ee Re EER EER ee EER ee EE ER ee EER ee ee EER ee EER ee ee EER ee ee EER ee EE Re ee EER ee ee Ee ees ee 89 bandwidth EE conan oa nnonenonnaconcnnocnnonccnonacnn nano 89 displ
74. er roles network admin Parameters ipv6 Specifies IPv ACLs number acl number Specifies the number of an ACL e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot create an Ethernet frame header ACL if the ipv6 keyword is specified e 5000 to 5999 for user defined ACLs You cannot create a user defined ACL if the ipv keyword is specified name acl name Assigns a name to the ACL for easy identification The aclname argument is a case insensitive string of 1 to 63 characters It must start with an English letter and to avoid confusion it cannot be alll match order Sets the order in which ACL rules are compared against packets e auto Compares ACL rules in depth first order The depth first order varies by ACL category For more information see ACL and QoS Configuration Guide e config Compares ACL rules in ascending order of rule ID The rule with a smaller ID has higher priority If you do not specify a match order the config order applies by default all Specifies all ACLs e Ifthe ipv keyword is not specified all ACLs refer to all IPv4 basic IPv4 advanced and Ethernet frame header ACLs e Ifthe ipv keyword is specified all ACLs refer to all IPv basic and IPv advanced ACLs Usage guidelines You can assign a name to an ACL only when you create it After an ACL is created with a name you cannot rename it or remove its name Yo
75. erface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos priority 2 Related commands display gos trust interface Priority trust mode commands display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface Syntax display qos trust interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays priority trust mode and port priority information of all interfaces Examples Display the priority trust mode and port priority information of FortyGigE 1 1 1 lt Sysname gt display qos trust interface FortyGigE 1 1 1 Interface FortyGigE1 1 1 Port priority information Port priority 0 Port priority trust type none Table 28 Command output Field Description Interface Interface type and interface number Port priority Port priority set for the interface Priority trust mode on the interface dot1p dscp or none If the trust mode is SERE cs none the port priority is used for priority mapping qos trust Use qos trust to configure the priority trust mode for an interface 74 Use undo dos trust to restore the default priority trust mode Syntax qos trust dotlp dscp undo qos trust Default An interface does not trust any packet
76. ermit udp destination port eq snmp Sysname acl adv 3003 rule permit udp destination port eq snmptrap Related commands e ad e ad logging interval e display acl e step e time range rule IPv4 basic ACL view Syntax Default Views Use rule to create or edit an IPv4 basic ACL rule Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule rule rule id deny permit counting fragment logging source source address source wildcard any time range time range name vpn instance vpn instance name undo rule rule id counting fragment logging source time range vpn instance An IPv4 basic ACL does not contain any rule IPv4 basic ACL view Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass counting Counts the number of times the IPv4 basic ACL rule has been matched The counting keyword enables match counting specific to rules and the hardware count keyword in the packet filter command enables match
77. f input values export value Specifies the output value all Restores all mappings in the priority map to the default Examples Configure the 802 1 p local priority map to map 802 1p priority values 4 and 5 to local precedence 1 lt Sysname gt system view Sysname qos map table dotlp lp Sysname maptbl dotlp lp import 4 5 export 1 Related commands display qos map table 72 gos map table Use qos map table to enter the specified priority map view Syntax qos map table dot1p dp dot1p exp dot1p Ip dscp dot1p dscp dp dscp dscp exp dotlp exp dp Views System view Predefined user roles network admin Parameters For the description of the keywords see Table 26 Examples Enter the 802 1p local priority map view lt Sysname gt system view Sysname qos map table dotlp lp Sysname maptbl dotlp 1p Related commands e display qos map table e import Port priority commands qos priority Use qos priority to change the port priority of an interface Use undo gos priority to restore the default Syntax qos priority priority value undo qos priority Default The port priority is O Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters priority value Specifies the port priority value in the range of 0 to 7 73 Examples Set the port priority of FortyGigE 1 1 1 to 2 lt Sysname gt system view Sysname int
78. f match acl name flow Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101 lt Sysname gt system view Sysname traffic classifier classl Sysname classifier class1 if match acl ipv6 3101 Define a match criterion for traffic class class1 to match the IPv6 ACL named flow lt Sysname gt system view Sysname traffic classifier classi Sysname classifier class1 if match acl ipv name flow Define a match criterion for traffic class dlass1 to match all packets lt Sysname gt system view Sysname traffic classifier classi Sysname classifier class1 if match any Define a match criterion for traffic class class1 to match the packets with their DSCP values being 1 6 or 9 lt Sysname gt system view Sysname traffic classifier classl operator or Sysname classifier class1 if match dscp 1 Sysname classifier class1 if match dscp 6 Sysname classifier classl if match dscp 9 Define a match criterion for traffic class dlass1 to match the packets with their IP precedence values being 1 or 6 lt Sysname gt system view Sysname traffic classifier classl operator or Sysname classifier class1 if match ip precedence 1 Sysname classifier classl if match ip precedence 6 Define a match criterion for traffic class dlass1 to match IP packets lt Sysname gt system view Sysname traffic classifier classi Sysname classifier class1 if match protocol ip Define a match
79. f you do not specify an IRF member device this command displays traffic classes on all IRF member devices Examples Display all user defined traffic classes lt Sysname gt display traffic classifier user defined User defined classifier information Classifier 1 ID 100 Operator AND Rule s If match acl 2000 Classifier 2 ID 101 Operator AND Rule s If match protocol ipv6 Classifier 3 ID 102 Operator AND Rule s NOS 36 Table 16 Command output Field Description Classifier Traffic class name and its match criteria Match operator you set for the traffic class If the operator is AND the traffic class Operator matches the packets that match all its match criteria If the operator is OR the traffic class matches the packets that match any of its match criteria Rule s Match criteria if match Syntax Default Views Use if match to define a match criterion Use undo if match to delete a match criterion if match match criteria undo if match match criteria No match criterion is configured Traffic class view Predefined user roles network admin Parameters match criteria Specifies a match criterion Table 17 shows the available match criteria Table 17 Available match criteria Option Description Matches an ACL The acl number argument has the following value ranges e 2000 to 3999 for IPv4 ACLs 2000 to 3999 for IPv ACLs acl ipv6 acl num
80. fault action for packets that do not match any IPv4 Eres aci n ACLs This field is displayed only when the default action is deny Packet filter default action for packets that do not match any IPv6 Evo estan acia ACLs This field is displayed only when the default action is deny Packet filter default action for packets that do not match any MAC default action Ethernet frame header ACLs This field is displayed only when the default action is deny Related commands reset packet filter statistics display packet filter statistics sum Syntax Views Use display packet filter statistics sum to display accumulated packet filtering ACL statistics display packet filter statistics sum inbound outbound ipv acl number name acl name brief Any view Predefined user roles network admin network operator Parameters inbound Displays the statistics in the inbound direction outbound Displays the statistics in the outbound direction ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified name acl name Specifies an ACL by its name The acl name argument is a case insensit
81. g profile name Queue scheduling type e SP Type e WRR e WFQ Priority group to which the queue belongs Group N A indicates that this field is ignored Scheduling unit e weight or byte count for WRR and WFQ e N A for SP N A indicates that this field is ignored Schedule unit This field indicates e Number of packets for the weight scheduling unit Schedule value e Number of bytes for the byte count scheduling unit N A indicates that this field is ignored Bandwidth Minimum guaranteed bandwidth for the queue display qos qmprotile interface Use display qos qmprofile interface to display queue scheduling profiles applied to interfaces Syntax display qos qmprofile interface interface type interface number 91 Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the queue scheduling profiles applied to all interfaces Examples Display the queue scheduling profile applied to FortyGigE 1 1 1 lt Sysname gt display qos amprofile interface FortyGigE 1 1 1 Interface FortyGigEl 1 1 Queue management profile myprofile Table 36 Command output Field Description Interface Interface name Queue management profile Name of the queue scheduling profile applied to the interface qos apply qmprofile Use qos apply
82. ge for the vlan id argument is 1 to 4094 source mac mac address Matches a source MAC address Table 18 Available system defined control plane protocols Protocol Description arp ARP packets arp snooping ARP snooping packets btd BFD packets bgp BGP packets 38 Protocol Description bgp4 IPv BGP packets bpdu tunnel BPDU tunnel packets dhcp DHCP packets dhcp snooping DHCP snooping packets dhcp IPv DHCP packets dldp DLDP packets dotl x 802 1X packets mvrp MVRP packets including GVRP packets hop limit expires ICMPv time exceeded packets http HTTP packets https HTTPS packets icmp ICMP packets icmp ICMP snooping packets igmp IGMP packets ip option IPv4 packets with the Options field ipv option IPv packets with the Options field isis IS IS packets lacp LACP packets IIdp LLDP packets ospf multicast OSPF multicast packets ospf unicast OSPF unicast packets ospf3 multicast OSPFv3 multicast packets ospf3 unicast OSPFv3 unicast packets radius RADIUS packets snmp SNMP packets ssh SSH packets stp STP packets tacacs TACACS packets telnet Telnet packets ttl expires ICMP time exceeded packets vrrp VRRP packets vrrp IPv VRRP packets Usage guidelines When an ACL is referenced by a QoS policy for traffic classification the action permit or deny in the
83. ge guidelines You must use the qos wfq command to enable WFQ before you can configure this command on an interface Examples Set the minimum guaranteed bandwidth to 100 kbps for queue O on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wfq weight Sysname FortyGigE1 1 1 qos bandwidth queue 0 min 100 86 Related commands qos wfq gos wiq Use qos wfq to enable WFQ and specify the WFQ weight type on an interface Use undo gos wfq to disable WFQ and restore the default queuing algorithm on an interface Syntax qos wfq byte count weight undo qos wfq byte count weight Default An interface uses the byte count WRR queuing algorithm and all the queues are in the WRR group Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters byte count Allocates bandwidth to queues in terms of bytes weight Allocates bandwidth to queues in terms of packets Usage guidelines You must use the qos wfq command to enable WFQ before you can configure WFQ queuing parameters for a queue on an interface Examples Enable weight based WFQ on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wfq weight Enable byte count WFQ on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qo
84. gregate CAR action cir committed information rate Specifies the CIR in kbps The value range for the committed information rate argument is an integral multiple of 8 between 8 and 160000000 cbs committed burst size Specifies the CBS in bytes The value range for the committed burst size argument is an integral multiple of 512 between 512 and 256000000 The default value for this argument is the product of 62 5 and the CIR and must be an integral multiple of 512 If the product is not an integral multiple of 512 it is rounded up to the nearest integral multiple of 512 A default value greater than 256000000 is converted to 256000000 ebs excess burstsize Specifies the EBS in bytes The value range for the excess burst size argument is an integral multiple of 512 between O and 256000000 and the default value is 512 pir peak information rate Specifies the PIR in kbps The value range for the peak information rate argument is an integral multiple of 8 between 8 and 160000000 If the PIR is configured two rates are used for traffic policing Otherwise one rate is used green action Specifies the action to take on packets that conform to CIR The default setting is pass red action Specifies the action to take on the packet that conforms to neither CIR nor PIR The default setting is discard yellow action Specifies the action to take on packets that conform to PIR but not to CIR The default setting is pass action Specifies the acti
85. he port and port2 arguments are TCP or UDP port numbers in the range of O to 65535 port2 is needed only when the operator argument is range TCP port numbers can be represented as chargen 19 bgp 179 cmd 514 daytime 13 discard 9 domain 53 echo 7 exec 512 finger 79 ftp 21 ftp data 20 gopher 70 hostname 101 ire 194 klogin 543 kshell 544 login 513 Ipd 515 destination port Specifies one or more nntp 119 pop2 109 pop3 110 smtp 25 sunrpe 111 operator port UDP or TCP tacacs 49 talk 517 telnet 23 time 37 uucp 540 whois port2 destination ports 43 and www 80 UDP port numbers can be represented as biff 512 bootpc 68 bootps 67 discard 9 dns 53 dnsix 90 echo 7 mobilip ag 434 mobilip mn 435 nameserver 42 netbios dgm 138 netbios ns 137 netbios ssn 139 ntp 123 rip 520 snmp 161 samptrap 162 sunrpe 111 syslog 514 tacacs ds 65 talk 517 tftp 69 time 37 who 513 and xdmep 177 ack ack value Parameters specific to TCP fin fin value psh psh value rst rstvalve syn syn value urg urg value Specifies one or more The value for each argument can be 0 flag bit not set or 1 flag bit TCP flags including set ACK FIN PSH RST The TCP flags in a rule are ANDed For example a rule configured SYN and URG with ack O psh 1 matches packets that have the ACK flag bit n
86. header are 0x0806 the ARP packets lt Sysname gt system view Sysname acl number 5005 Sysname acl user 5005 rule permit 12 0806 ffff 12 Related commands e ad e display acl e time range 33 rule comment Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand Use undo rule comment to delete an ACL rule comment Syntax rule rule id comment text undo rule rule id comment Default An ACL has not rule comment Views IPv4 IPv basic ACL view IPv4 IPv advanced ACL view Ethernet frame header ACL view User defined ACL view Predefined user roles network admin Parameters rule id Specifies an ACL rule ID in the range of O to 65534 The ACL rule must already exist text Specifies a comment about the ACL rule a case sensitive string of 1 to 127 characters Examples Create a rule for IPv4 basic ACL 2000 and add a comment about the rule lt Sysname gt system view Sysname acl number 2000 Sysname acl basic 2000 rule 0 deny source 1 1 1 1 0 Sysname acl basic 2000 rule 0 comment This rule is used for telnet Related commands display acl step Use step to set a rule numbering step for an ACL Use undo step to restore the default Syntax step step value undo step Default The rule numbering step is five 34 Views IPv4 IPv basic ACL view IPv4 IPv advanced ACL view Ethernet frame header ACL view Predefined user roles network
87. ied queue Examples Display the total shared area ratio lt Sysname gt display buffer Slot Type Eg Total shared 1 gell 25 Eg Size of the sending buffer Total shared Size of the shared buffer for all ports Unit Ratio Display the fixed area ratio and shared area ratio for each queue lt Sysname gt display buffer queue Slot Queue Type Eg Guaranteed Shared 2 0 cell 20 33 2 1 cell 14 33 2 2e cell LI BA Eg Size of the sending buffer Guaranteed Size of the minimum guaranteed buffer per queue Shared Size of the maximum shared buffer per queue Unit Ratio Table 43 Command output Field Description Slot ID of an IRF member device ies Resource type The device supports only cell resources Queue Queue ID in the range of 0 to 7 114 Field Description Eg Egress buffer Total shared Total shared area size e Guaranteed Fixed area ratio for a queue e Shared Shared area ratio for a queue Guaranteed Shared The default fixed area ratio for a queue is 12 5 but the default value in the display buffer queue command output is 13 Unit for configuring the data butfer The device it An supports only ratio display buffer usage Use display buffer usage to display buffer usage Syntax display buffer usage slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF membe
88. ime range for the rule The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule using the time range can take effect only after you configure the timer range For more information about time range see ACL and QoS Configuration Guide Usage guidelines When an Ethernet frame header ACL with the Isap keyword specified is used for QoS traffic classification or packet filtering the Isap type argument must be AAAA and the Isap type mask argument must be FFFF Otherwise the ACL cannot be applied successfully Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config e If you do not specify any optional keywords the undo rule command deletes the entire rule e _ If you specify optional keywords or arguments the undo rule command deletes the specified attributes To view rules in an ACL and their rule IDs use the display acl all command Examples Create a rule in Ethernet frame header ACL 4000 to permit ARP packets and deny RARP packets lt Sysname gt system view Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit type 0806 ffff Sysname acl etherne
89. in the display buffer queue command output is 13 Views System view Predefined user roles network admin Parameters egress Specifies the egress buffer slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command applies to all IRF member devices cell Specifies cell resources queue id Specifies a queue by its ID in the range of O to 7 ratio ratio value Specifies the fixed area ratio in percentage 110 Usage guidelines The fixed area space for a queue cannot be used by other queues It is also called the minimum guaranteed buffer The sum of fixed area ratios configured for queues cannot be greater than or equal to 100 Queues 5 6 and 7 must have available fixed area space After you configure the fixed area ratios for some queues the other queues each are assigned an equal share of the remaining part of the fixed area The display buffer queue command displays the preceding whole number for each assignment result Therefore the sum of the ratios for all queues might be less than 100 Examples Configure queue O to use 15 fixed area space of cell resources in the egress buffer of IRF member device 2 lt Sysname gt system view Sysname buffer egress slot 2 cell queue 0 guaranteed ratio 15 buffer queue shared Use buffer queue shared to set the maximum shared area ratio for a queue Use undo buffer queue shared to restore the
90. ion address The counting keyword enables match counting specific to Counts the number of times rules and the hardware count keyword in the packet filter counting the IPv advanced ACL rule pv command enables match counting for all rules in an has been matched ACL If the counting keyword is not specified matches for the rule are not counted The dscp argument can be a number in the range of O to 63 or in words af11 10 af12 12 af13 14 af21 dilo Specifies a DSCP 18 af22 20 af23 22 af31 26 af32 28 af33 preference 30 af41 34 af42 36 af43 38 cs1 8 cs2 16 cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 default 0 or ef 46 flow label Specifies a flow label value The flow label value argument is in the range of O to flow label value in an IPv6 packet header 1048575 f Applies the rule only to If you do not specify this keyword the rule applies to all ragment non first fragments fragments and non fragments logging isgemiciching packets This function requires that the module for example packet filtering that uses the ACL supports logging routing type routing type Specifies an IPv routing header type routing type Value of the IPv routing header type in the range of O to 255 If you specify the type routing type option the rule applies to the specified type of IPv routing header Otherwise the rule applies to all types of IPv routing header hop by hop t
91. ior Use undo remark drop precedence to delete the action remark drop precedence drop precedence value undo remark drop precedence No drop priority marking action is configured Traffic behavior view Predefined user roles network admin Parameters drop precedence value Specifies the drop priority to be marked for packets This argument is in the range of O to 2 Usage guidelines The command applies only to incoming traffic Examples Configure traffic behavior database to mark matching traffic with drop priority 2 lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark drop precedence 2 remark dscp Syntax Default Views Use remark dscp to configure a DSCP marking action in a traffic behavior Use undo remark dscp to delete the action remark green red yellow dsep dscp value undo green red yellow remark dscp No DSCP marking action is configured Traffic behavior view Predefined user roles network admin 5 Parameters green Specifies green packets red Specifies red packets yellow Specifies yellow packets dscp value DSCP value which can be a number from 0 to 63 or a keyword in Table 20 Table 20 DSCP keywords and values Keyword DSCP value binary DSCP value decimal default 000000 0 af11 001010 10 af12 001100 12 af13 001110 14 af21 010010 18 af
92. ive string of 1 to 63 characters It must start with an English letter brief Displays brief accumulated packet filtering ACL statistics Examples Display accumulated packet filtering ACL statistics of IPv4 basic ACL 2001 for incoming packets lt Sysname gt display packet filter statistics sum inbound 2001 Sum In bound policy ACL 2001 rule 0 permit source 2 2 2 2 0 2 packets rule 5 permit source 1 1 1 1 0 Totally 2 packets permitted 0 packets denied Totally 100 permitted 0 denied Table 4 Command output Field Description Sum Accumulated packet filtering ACL statistics In bound policy Accumulated ACL statistics used for filtering incoming traffic Out bound policy Accumulated ACL statistics used for filtering outgoing traffic ACL 2001 Accumulated ACL statistics used for IPv4 basic ACL 2001 Two packets matched the rule 2 packets This field is not displayed when no packets matched the rule Totally 2 packets permitted O packets denied Number of packets permitted and denied by the ACL Totally 100 permitted 0 denied Ratios of permitted and denied packets to all packets Related commands reset packet filter statistics display packetfilter verbose Use display packet filter verbose to display application details of ACLs for packet filtering Syntax display packet filter verbose interface interface type interface number inbound outbound ipv acl number name acl name
93. lay qos acl resource slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device The slotnumber argument represents the ID of the IRF member device If you do not specify an IRF member device this command displays QoS and ACL resource usage on all member devices Examples Display QoS and ACL resource usage lt Sysname gt display gos acl resource Interfaces XGE1 0 1 to XGE1 0 45 FGE1 1 1 to FGE1 1 4 Type otal Reserved Configured Remaining Usage VFP ACL 1024 272 0 752 26 IFP ACL 2048 1664 0 384 81 IFP Meter 1024 832 0 192 81 IFP Counter 1024 832 0 192 81 EFP ACL 1024 0 0 1024 EFP Meter 512 0 0 512 EFP Counter 512 0 0 512 Table 6 Command output Field Description Interfaces Interface range for the resource 13 Field Description Resource type e VFP ACL ACL rules for local QoS ID remarking before Layer 2 forwarding e IFP ACL ACL rules applied to inbound traffic Type e IFP Meter Traffic policing rules for inbound traffic e IFP Counter Traffic counting rules for inbound traffic o EFP Meter Traffic policing rules for outbound traffic e EFP Counter Traffic counting rules for outbound traffic Total Total number of resource Reserved Number of reserved resource Configured Number of resource that has been applied Remaining Number of resource that you can apply
94. lays match statistics of all ACLs for packet filtering e Ifthe ipv6 keyword is not specified all ACLs refer to all IPv4 basic IPv4 advanced and Ethernet frame header ACLs e Ifthe ipv6 keyword is specified all ACLs refer to all IPv basic and IPv advanced ACLs Examples Display match statistics of all ACLs IPv4 basic IPv4 advanced and Ethernet frame header ACLs for incoming packet filtering on FortyGigE 1 1 1 lt Sysname gt display packet filter statistics interface fortygige 1 1 1 inbound Interface FortyGigE1 1 1 In bound policy ACL 2001 Hardware count From 2011 06 04 10 25 21 to 2011 06 04 10 35 57 rule 0 permit source 2 2 2 2 0 rule 5 permit source 1 1 1 1 0 Totally 0 packets permitted 0 packets denied Totally 0 permitted 0 denied IPv4 default action Deny Table 3 Command output Field Description Interface Interface to which the ACL applies In bound policy ACL used for filtering incoming traffic Outbound policy ACL used for filtering outgoing traffic ACL 2001 IPv4 basic ACL 2001 has been successfully applied Hardware count Successfully enables counting ACL rule matches From 2011 06 04 10 25 21 to 2011 06 04 10 35 57 Start time and end time of the statistics Totally O packets permitted O packets denied Number of packets permitted and denied by the ACL Totally 0 permitted 0 denied Ratios of permitted and denied packets to all packets Packet filter de
95. ll available numbers in the same ACL category as the source ACL Available value ranges include e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot create an Ethernet frame header ACL if the ipv6 keyword is specified e 5000 to 5999 for user defined ACLs You cannot create a user defined ACL if the ipv keyword is specified name destacl name Assigns a unique name to the ACL you are creating The dest acl name is a case insensitive string of 1 to 63 characters It must start with an English letter and to avoid contusion it cannot be all If you do not specify an ACL name the system does not name the ACL Usage guidelines The new ACL has the same properties and content as the source ACL but not the same ACL number and name You can assign a name to an ACL only when you create it After an ACL is created with a name you cannot rename it or remove its name Examples Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001 lt Sysname gt system view Sysname acl copy 2001 to 2002 acl logging interval Use acl logging interval to set the interval for generating and outputting packet filtering logs The log information includes the number of matching packets and the matched ACL rules Use undo acl logging interval to restore the default Syntax acl ipv logging interval interval undo acl ipv logging interval Default The interval is O
96. llocates bandwidth to queues in terms of packets Usage guidelines You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface Examples Enable weight based WRR queuing on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wrr weight 82 Enable byte count WRR queuing on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 gos wrr byte count Related commands display qos queue wrr interface qos wrr byte count weight Syntax Default Views Use qos wrr byte count weight to configure the WRR queuing parameters for a queue on an interface Use undo qos wrr to restore the default WRR queuing parameters of a queue on an interface qos wrr queue id group 1 2 byte count weight schedule value undo qos wrr queue id An interface uses the byte count WRR queuing algorithm and queues O through 7 are in WRR group 1 with their weights of 1 2 3 4 5 9 13 and 15 respectively Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value is an integer in the range of O to 7 or a keyword listed in Table 33 group 1 2 Specifies WRR group 1 or 2 If you do not specify a group group 1 applies byte count All
97. me acl6 basic 2000 rule permit source 3124 1123 32 Sysname acl6 basic 2000 rule permit source fe80 5060 1001 48 Sysname acl6 basic 2000 rule deny source any Related commands e ad e acl logging interval e display acl e step e time range rule user defined ACL view Syntax Default Views Use rule to create or edit a user defined ACL rule Use undo rule to delete a user defined ACL rule rule rule id deny permit 12 rule string rule mask offset amp lt 1 8 gt counting time range time range name undo rule rule id A user defined ACL does not contain any rule User defined ACL view 32 Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass 12 Specifies that the offset is relative to the beginning of the Layer 2 frame header rule string Defines a match pattern in hexadecimal format Its length must be a multiple of two rule mask Defines a match pattern mask in hexadecimal format Its length must be the same as that
98. ng traffic traffic sent by online users of a user profile outbound Applies the QoS policy to the outgoing traffic traffic received by online users of a user profile policy name Specifies a QoS policy by its name a case sensitive string of 1 to 31 characters Usage guidelines Deleting a user profile also removes QoS policies applied to it 66 The QoS policy applied to a user profile takes effect only after the QoS policy is successfully issued to the driver Examples Apply QoS policy test to the outgoing traffic of user profile user lt Sysname gt system view Sysname user profile user Sysname user profile user qos apply policy test outbound qos apply policy global Use qos apply policy global to apply a GoS policy globally Use undo gos apply policy global to remove the QoS policy Syntax qos apply policy policy name global inbound outbound undo qos apply policy policy name global inbound outbound Default No QoS policy is applied globally Views System view Predefined user roles network admin Parameters policy name QoS policy name a case sensitive string of 1 to 31 characters inbound Applies the QoS policy to the incoming packets on all interfaces outbound Applies the QoS policy to the outgoing packets on all interfaces Usage guidelines A global QoS policy takes effect on all incoming or outgoing traffic depending on the direction in which the QoS policy is applied Examples Apply
99. nt highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass protocol Specifies a protocol number in the range of O to 255 or specifies a protocol by its name gre 47 icmp 1 igmp 2 ip ipinip 4 ospf 89 tep 6 or udp 17 The ip keyword specifies all protocols Table 7 describes the parameters that you can specify regardless of the value for the protocol argument Table 7 Match criteria and other rule information for IPv4 advanced ACL rules Parameters Function Description The source address source wildcard arguments represent a source IP address and wildcard mask in Specifies a source address dotted decimal notation An all zero wildcard specifies a host address source source address source wildcard any r The any keyword specifies any source IP address n The dest address dest wildcard arguments represent a destination e oo destination IP address and wildcard mask in dotted destaddress Specifies a destination decimal notation An all zero wildcard specifies a host inate l address address an y The any keyword represents any destination IP address The counting keyword enables match counting specific Counts the number of times the to rules and the hardware count keyword in the counting IPv4 advanced ACL rule has packet filter command en
100. number If you do not specify an interface this command displays the WRR queuing configuration of all the interfaces Examples Display the WRR queuing configuration of FortyGigE 1 1 1 lt Sysname gt display qos queue wrr interface FortyGigE 1 1 1 Interface FortyGigE1 1 1 Output queue Weighted Round Robin queuing Queue ID Group Byte count be T 1 afl 1 2 af2 1 3 af3 1 4 af4 al 5 81 ef T 9 cs6 J 13 es7 i TS Table 32 Command output Field Description Interface Interface type and interface number Output queue Type of the current output queue Queue ID ID of a queue Gop Number of the group a queue is assigned to By default all queues belong to group 1 i Packet based queue scheduling weight of a queue N A is displayed for a gueue Weight q that uses the SP queue scheduling algorithm qos wrr Use qos wrr to enable WRR queuing and specify the weight type for an interface Use undo qos wrr to disable WRR queuing and restore the default queue scheduling algorithm for an interface Syntax qos wrr byte count weight undo qos wrr byte count weight Default An interface uses the byte count WRR queuing algorithm and queues O through 7 have weights of 1 2 3 4 5 9 13 and 15 respectively Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters byte count Allocates bandwidth to queues in terms of bytes weight A
101. ocates bandwidth to queues in terms of bytes weight Allocates bandwidth to queues in terms of packets schedule value Specifies a scheduling weight for the specified queue in WRR queuing in the range of 1 to 15 Usage guidelines You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface The gueue id argument can be either a number or a keyword Table 33 shows the number keyword map Table 33 The number keyword map for the gueve id argument Number Keyword 0 be afl 2 af2 83 Number Keyword 3 af3 4 afd 5 ef 6 cs6 7 cs7 Examples Enable byte count WRR queuing on FortyGigE 1 1 1 assign gueue 0 with the scheduling weight 10 to WRR group 1 and assign queue 1 with the scheduling weight 5 to WRR group 2 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wrr byte count Sysname FortyGigE1 1 1 qos wrr 0 group 1 byte count 10 Sysname FortyGigE1 1 1 qos wrr 1 group 2 byte count 5 Related commands e display qos queue wrr interface e gos wrr dos wrr group sp Use qos wrr group sp to assign a queue to the SP group Use undo dos wrr group sp to restore the default Syntax qos wrr queue id group sp undo qos wrr queue id Default An interface uses the byte count WRR queuing algorithm and all the queues are in WRR group 1 Views Layer 2 Ethernet interface view Layer
102. ommitted burstsize undo qos Ir inbound outbound Rate limit is not configured on an interface Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters inbound Limits the rate of incoming packets on the interface outbound Limits the rate of outgoing packets on the interface cir committed information rate Specifies the CIR in kbps The value range for the committed information rate argument is 8 to 41943040 for 40 GE interfaces in integral multiples of 8 78 cbs committed burst size Specifies the CBS in bytes The value range for the committed burst size argument is an integral multiple of 512 between 512 and 134217728 The default value for this argument is the product of 62 5 and the CIR and must be an integral multiple of 512 If the product is not an integral multiple of 512 it is rounded up to the nearest integral multiple of 512 Examples Limit the rate of outgoing packets on FortyGigE 1 1 1 with CIR 25600 kbps and CBS 512000 bytes lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos lr outbound cir 25600 cbs 512000 79 Congestion management commands SP commands display qos queue sp interface Use display qos queue sp interface to display the SP queuing configuration of an interface Syntax display qos queue sp interface interface type interface number Views Any view Predefined user roles
103. on to take on packets e discard Drops the packet e pass Permits the packet to pass through e remark dotlp pass new cos Sets the 802 1 p priority value of the 802 1p packet to new cos and permits the packet to pass through The new cos argument is in the range of 0 to 7 e remark dscp pass new dscp Remarks the packet with a new DSCP value and permits the packet to pass through The value range is 0 to 63 Alternatively you can specify the new dscp argument with afT1 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 default or ef 105 Usage guidelines An aggregate CAR action takes effect only after it is applied to an interface or referenced in a QoS policy Examples Configure the aggregate CAR action aggcar 1 where CIR is 25600 CBS is 512000 and red packets are dropped lt Sysname gt system view Sysname qos car aggcar 1 aggregative cir 25600 cbs 512000 red discard Related commands display qos car name reset dos car name Use reset qos car name to clear statistics for an aggregate CAR action Syntax reset qos car name car name Views User view Predefined user roles network admin Parameters carname Specifies an aggregate CAR action by its name This argument must start with a letter and is a case sensitive string of 1 to 31 characters If you do not specify an aggregate CAR action this command clears the statistics for all aggregate CAR actions
104. onfiguration of all the interfaces Examples Display the WFQ configuration of FortyGigE 1 1 1 lt Sysname gt display qos queue wfq interface FortyGigE 1 1 1 Interface FortyGigE1 1 1 Output queue Hardware Weighted Fair Queuing Queue ID Group Byte count Min Bandwidth be 64 afl 64 af2 64 af3 64 af4 64 ef 64 cs6 64 85 es 1 i 64 Table 34 Command output Field Description Interface Interface type and interface number Output gueue Type of the current output queue Queue ID ID of a queue Group Number of the WFQ group that holds the queue By default all queues are in group 1 Byte count Byte count scheduling weight of the queue Min Bandwidth Minimum guaranteed bandwidth gos bandwidth queue Use qos bandwidth queue to set the minimum guaranteed bandwidth for a queue on an interface Use undo gos bandwidth queue to restore the default Syntax qos bandwidth queue queve id min bandwidth value undo gos bandwidth queue queue id Default The minimum guaranteed bandwidth is 64 kbps Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value is an integer in the range of O to 7 or a keyword listed in Table 33 min bandwidth value Specifies the minimum guaranteed bandwidth in kbps The value range for the bandwidth value argument is 8 to 40000000 for 40 GE interfaces Usa
105. or with a traffic class in a QoS policy Use undo classifier to remove a traffic class from the QoS policy Syntax classifier classifiermame behavior behavior name mode dcbx insert before before classifiername undo classifier classifiername Default No traffic behavior is associated with a traffic class Views QoS policy view Predefined user roles network admin Parameters classifierrname Specifies a traffic class by its name a case sensitive string of 1 to 31 characters behavior name Specities a traffic behavior by its name a case sensitive string of 1 to 31 characters mode dcbx Specifies that the class behavior association applies only to DCBX For more information about DCBX see Layer 2 LAN Switching Configuration Guide insert before before classifiername Inserts the new traffic class before an existing traffic class in the QoS policy The before classifiermame argument specifies an existing traffic class by its name a case sensitive string of 1 to 31 characters If you do not specify the insert before before classifiername option the new traffic class is placed at the end of the QoS policy Usage guidelines A traffic class can be associated with only one traffic behavior in a QoS policy If the specified traffic class or traffic behavior does not exist the system defines a null traffic class or traffic behavior You cannot change the position of an existing traffic class in a QoS policy Examples Associ
106. ortyGigE 1 1 1 lt Sysname gt reset packet filter statistics interface fortygige 1 1 1 inbound 2001 Related commands display packet filter statistics display packet filter statistics sum rule Ethernet frame header ACL view Syntax Default Views Use rule to create or edit an Ethernet frame header ACL rule Use undo rule to delete an Ethernet frame header ACL rule or some attributes in the rule rule rule id deny permit cos vlan pri counting dest mac destaddress dest mask Isap Isap type Isap type mask type protocol type protocol type mask source mac source address source mask time range time range name undo rule rule id counting time range An Ethernet frame header ACL does not contain any rule Ethernet frame header ACL view Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass cos vlan pri Matches an 802 1 p priority The vlan pri argument can be a number in the range of 0 to 7 or in words best effort 0 background 1
107. ot set and the PSH flag bit set Specifies the flags for indicating the established status of a TCP connection Parameter specific to TCP The rule matches TCP connection packets with the ACK or RST flag bit set established If the protocol argument is icmpv 58 set the parameters shown in Table 14 Table 14 ICMPv 6 specific parameters for IPv advanced ACL rules Parameters Function Description The icmp type argument is in the range of O to 255 icmp6 type icmp type Specifies the ICMPv6 The icmp code argument is in the range of O to 255 icmp code message type and The icmp message argument specifies a message name icmp message code Supported ICMP message names and their corresponding type and code values are listed in Table 15 28 Table 15 ICMPv 6 message names supported in IPv advanced ACL rules ICMPv message name ICMPv message type ICMPv message code echo reply 129 0 echo request 128 0 err Header field 4 0 frag time exceeded 3 1 hop limitexceeded 3 0 hostadmin prohib 1 1 hostunreachable 1 3 neighbor advertisement 136 0 neighbor solicitation 135 0 network unreachable 1 0 packettoo big 2 0 port unreachable 1 4 redirect 137 0 router advertisement 134 0 router solicitation 133 0 unknown ipv opt 4 2 unknown next hdr 4 1 Usage guidelines If an ACL is for QoS traffic classification or packet filtering e Do not spe
108. otocol number in the range of O to 255 or specifies a protocol by its name gre 47 icmpv6 58 ipv6 ipv6 ah 51 ipv6 esp 50 ospf 89 tcp 6 or udp 17 The ipv keyword specifies all protocols You can set the protocol argument to one of the values in Table 11 to match packets with the corresponding IPv extended header Table 11 Protocol values of IPv extended headers Value of the protocol argument IPv extended header 0 Hop by Hop Options Header 43 Routing Header AA Fragment Header 50 Encapsulating Security Payload Header 51 Authentication Header 60 Destination Options Header Table 12 describes the parameters that you can specify regardless of the value for the protocol argument 26 Table 12 Match criteria and other rule information for IPv advanced ACL rules Parameters Function Description aid The source address and source prefix arguments represent source address Specifies a source IPv an IPv source address and prefix length in the range of 1 source prefix to 128 address o source address so urce prefix any The any keyword represents any IPv source address destination The destaddress and destprefix arguments represent a destaddress Specifies a destination IPv destination IPv address and prefix length in the range of dest prefix address 1 to 128 destaddress dest N o prefix any The any keyword specifies any IPv destinat
109. ove it from the interface Examples Create a queue scheduling profile named myprofile and enter queue scheduling profile view lt Sysname gt system view Sysname qos amprofile myprofile Sysname qmprofile myprofile Related commands e display qos qmprofile interface e queue queue Use queue to configure scheduling parameters for a queue Use undo queue to restore the default Syntax queue gueue id sp wfq group group id byte count weight schedule value wrr group group id byte count weight schedule value 93 undo queue gueue id Default A queue uses SP queuing Views Queue scheduling profile view Predefined user roles network admin Parameters queue id Specifies a queue by its ID in the range of O to 7 sp Enables SP for the queue wfq Enables WFQ for the queue wrr Enables WRR for the queue group group id Specifies a WFQ or WRR group by its ID The value range is 1 and 2 byte count Allocates bandwidth to queues in terms of bytes weight Allocates bandwidth to queues in terms of packets schedule value Specifies the number of bytes or packets sent each time in the range of 1 to 127 Usage guidelines The gueue id argument can be either a number or a keyword Table 33 shows the number keyword map Examples Create a queue scheduling profile named myprofile and configure queue O to use SP lt Sysname gt system view Sysname qos amprofile myprofile Sysname qmprofile myprofile queue 0 sp
110. p dot p value undo remark green red yellow dot1p remark dot1p customer dot 1 p trust undo remark dot1p No 802 1p priority marking action or inner to outer tag priority copying action is configured Traffic behavior view Predefined user roles network admin Parameters green Specifies green packets red Specifies red packets yellow Specifies yellow packets dot p value Specifies the 802 1 p priority to be marked for packets in the range of O to 7 customer dot1p trust Copies the 802 1 p priority value in the inner VLAN tag to the outer VLAN tag after the QoS policy is applied to an interface Usage guidelines The remark dotlp dof p value and remark dotlp customer dotlp trust commands are mutually exclusive The most recent configuration of them takes effect The remark dot1p customer dot1p trust command does not take effect on single tagged packets Examples Configure traffic behavior database to mark matching traffic with 802 1 p 2 lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark dotlp 2 Configure an inner to outer tag priority copying action in traffic behavior database lt Sysname gt system view Sysname traffic behavior database Sysname behavior database remark dotlp customer dotlp trust 50 remark drop precedence Syntax Default Views Use remark drop precedence to configure a drop priority marking action in a traffic behav
111. pecify optional keywords or arguments the undo rule command deletes the specified attributes To view rules in an ACL and their rule IDs use the display acl all command Examples Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from 129 9 0 0 16 to 202 38 160 0 24 lt Sysname gt system view Sysname acl number 3000 Sysname acl adv 3000 rule permit tcp source 129 9 0 0 0 0 255 255 destination 202 38 160 0 0 0 0 255 destination port eq 80 Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for 192 168 1 0 24 lt Sysname gt system view Sysname acl number 3001 Sysname acl adv 3001 rule deny icmp destination 192 168 1 0 0 0 0 255 Sysname acl adv 3001 rule permit ip Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets lt Sysname gt system view Sysname acl number 3002 Sysname acl adv 3002 rule permit tcp source port eq ftp Sysname acl adv 3002 rule permit tcp source port eq ftp data Sysname acl adv 3002 rule permit tcp destination port eq ftp Sysname acl adv 3002 rule permit tcp destination port eq ftp data Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets lt Sysname gt system view Sysname acl number 3003 Sysname acl adv 3003 rule permit udp source port eq snmp 23 Sysname acl adv 3003 rule permit udp source port eq snmptrap Sysname acl adv 3003 rule p
112. priority Views Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters dot1p Uses the 802 1p priority in incoming packets for priority mapping dscp Uses the DSCP value in incoming packets for priority mapping Examples Set the trusted packet priority type to 802 1p priority on FortyGigE 1 1 1 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 gos trust dotlp Related commands display dos trust interface 75 GTS and rate limit commands GTS commands display gos gts interface Use display qos gts interface to view generic traffic shaping GTS configuration of interfaces Syntax display qos gts interface interface type interface number Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number If you do not specify an interface this command displays the GTS configuration of all interfaces Examples Display the GTS configuration of all interfaces lt Sysname gt display gos gts interface Interface FortyGigE1 1 1 Rule If match queue 1 CIR 128 kbps CBS 8192 Bytes Rule If match queue 2 CIR 256 kbps CBS 16384 Bytes Table 29 Command output Field Description Interface Interface type and interface number Rule Match criteria CIR CIR in kbps which specifies the average traffi
113. queue length 0 packets Queue 2 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Queue 3 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Queue 4 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets 95 Queue 5 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Queue 6 Forwarded 0 packets 0 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Queue 7 Forwarded 1087 packets 98466 bytes 0 pps 0 bps Dropped 0 packets 0 bytes Current queue length 0 packets Table 37 Command output Field Description Interface Interface for which gueue based traffic statistics are displayed Direction Direction of traffic for which statistics are collected Forwarded traffic statistics for the interface in packets bytes pps Forwarded and bps Dropped Dropped traffic statistics for the interface in packets and bytes Queue 7 Forwarded 1087 packets 98466 bytes O pps O bps Dropped O packets O Current queue length 0 packets Statistics for a queue Forwarded traffic in packets bytes pps and bps ie e Dropped traffic in packets and bytes e Current number of packets in the queue Congestion avoidance commands WRED commands display gos wre
114. r device by its member ID slot number If you do not specify an IRF member device this command displays buffer usage for all IRF member devices Examples Display data buffer usage lt Sysname gt display buffer usage Egress total shared cell buffer usage on slot 1 Total 12330 KB Used 0 KB Free 12330 KB 5sec 1min 5min XGE1 0 1 0 0 0 XGE1 0 2 0 0 0 XGE1 0 3 0 0 0 XGE1 0 4 0 0 0 XGE1 0 5 0 0 0 XGE1 0 6 0 0 0 XGE1 0 7 0 0 0 XGE1 0 8 0 0 0 XGE1 0 9 0 0 0 XGE1 0 10 0 0 0 115 XGE1 0 11 0 0 oe XGE1 0 12 0 0 0 XGE1 0 13 0 0 XGE1 0 14 0 0 0 XGE1 0 15 0 0 XGE1 0 16 0 0 0 XGE1 0 17 0 0 D XGE1 0 18 0 0 D XGE1 0 19 0 0 0 XGE1 0 20 0 0 XGE1 0 21 0 0 0 XGE1 0 22 0 0 D XGE1 0 23 0 0 0 XGE1 0 24 0 0 D XGE1 0 25 0 0 0 XGE1 0 26 0 0 XGE1 0 27 0 0 XGE1 0 28 0 0 0 XGE1 0 29 0 0 D XGE1 0 30 0 0 0 XGE1 0 31 0 0 XGE1 0 32 0 0 0 XGE1 0 33 0 0 XGE1 0 34 0 0 0 XGE1 0 35 0 D D XGE1 0 36 0 D XGE1 0 37 0 0 0 XGE1 0 38 0 XGE1 0 39 0 0 0 XGE1 0 40 0 5 XGE1 0 41 0 0 0 XGE1 0 42 0 5 5 XGE1 0 43 0 0 0 XGE1 0 44 0 XGE1 0 45 0 5 FGE1 1 1 0 0 0 FGE1 1 2 0 5 5 FGE1 1 3 0 0 0 FGE1 1 4 0 Table 44 Command output Field Description RA N EIE oo the shared area of cell resources on an IRF member Total Total size of the data buffer Used Size of used data buffer
115. r fields see Table 16 and Table 19 display qos policy interface Use display qos policy interface to display QoS policies applied to interfaces Syntax display qos policy interface interface type interface number inbound outbound Views Any view Predefined user roles network admin network operator Parameters interface type interface number Specifies an interface by its type and number inbound Displays QoS policies applied to incoming traffic outbound Displays QoS policies applied to outgoing traffic Usage guidelines If you do not specify a direction this command displays QoS policies applied to incoming traffic and QoS policies applied to outgoing traffic 62 Examples Display the QoS policy applied to the incoming traffic of FortyGigE 1 1 1 lt Sysname gt display qos policy interface FortyGigE 1 1 1 inbound Interface FortyGigE1 1 1 Direction Inbound Policy 1 Classifier 1 Operator AND Rule s If match acl 2000 Behavior 1 Marking Remark dscp 3 Committed Access Rate CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Green packets 0 Packets Red packets 0 Packets Classifier 2 Operator AND Rule s If match protocol ipv6 Behavior 2 Accounting Enable 0 Packets Filter Enable Permit Marking Remark dotlp 1 Table 24 Command output Field Description Direction Direction in which the QoS policy is applied
116. r roles network admin network operator Parameters inbound Displays the inbound global QoS policy An inbound global QoS policy applies to the incoming traffic globally outbound Displays the outbound global QoS policy An outbound global QoS policy applies to the outgoing traffic globally slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays global QoS policies on the master device Usage guidelines If you do not specify a direction this command displays both inbound and outbound global QoS policies Examples Display the inbound global QoS policy lt Sysname gt display gos policy global inbound Direction Inbound Policy 1 Classifier 1 Operator AND Rule s If match acl 2000 Behavior 1 Marking Remark dscp 3 Committed Access Rate 6l CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Green packets 0 Packets Red packets 0 Packets Classifier 2 Operator AND Rule s If match protocol ipv6 Behavior 2 Accounting enable 0 Packets Filter enable Permit Marking Remark dotlp 4 Table 23 Command output Field Description AAA Direction Direction inbound or outbound in which the QoS policy is applied Green packets Statistics about green packets Red packets Statistics about red packets For the description of othe
117. rface type interface number inbound outbound ipv acl number name acl name Views User view Predefined user roles network admin Parameters interface interface type interface number Specifies an interface by its type and number If you do not specify an interface this command clears packet filtering ACL statistics on all interfaces inbound Specifies the inbound direction outbound Specifies the outbound direction ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number 2000 to 2999 for basic ACLs 3000 to 3999 for advanced ACLs 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv keyword is specified name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter Usage guidelines When neither of acl number and name acl name is specified this command clears the match statistics of all ACLs for packet filtering Examples If the ipv keyword is not specified all ACLs refer to all IPv4 basic IPv4 advanced and Ethernet frame header ACLs If the ipv keyword is specified all ACLs refer to all IPv basic and IPv advanced ACLs Clear IPv4 basic ACL 2001 statistics for incoming packet filtering of interface F
118. rs The switch provides the following types of priority map Table 26 Priority maps Priority mapping Description dotlp dp 802 1p drop priority map dot p exp 802 1p EXP priority map dot p lp 802 1p local priority map dscp dotlp DSCP 802 1p priority map dscp dp DSCP drop priority map dscp dscp DSCP DSCP priority map exp dotlp EXP 802 1p priority map exp dp EXP to drop priority map Usage guidelines If you do not specify a priority map this command displays the configuration of all priority maps Examples Display the configuration of the 802 1 p local priority map lt Sysname gt display qos map table dotlp 1p MAP TABLE NAME dotlp lp TYPE pre define IMPORT EXPORT 0 2 71 O 0 FF W N FB YT OU FP W HO 7 Table 27 Command output Field Description MAP TABLE NAME Name of the priority map TYPE Type of the priority map IMPORT Input values of the priority map EXPORT Output values of the priority map Import Use import to configure mappings for a priority map Use undo import to restore the specified or all mappings to the default for a priority map Syntax import import value list export export value undo import import value list all Default The default priority maps are used For more information see ACL and QoS Configuration Guide Views Priority map view Predefined user roles network admin Parameters import value list Specifies a list o
119. rs 34 QoS policy commands eeeeeesssssseeeessssessseeresssseeneerensssseeeeerreressseeeersssessseenesssseeseeeenssssereenereesseseersesessseeeesssseeseeeeesssseeeene 36 EERS ETE ER nan nnnnnnnnnn Dann nan nn nnnnnnnnnnnnnnnnna nan nnnncn cono cnn nnnanccnnnacnnnos 36 display EE EE TE conan onnononnnnnnonnnnnnnnnnn ron nnn ron nan ron nnn ron nnn ron cnn nono cnn ron nnn ronca nn nannnnnnannss 36 if match errrrrrerennrnnnononnnnnnonnnnnnonnnnn conc corno nan rra nan nr rn nn RR RON nn NOR nn nn NON On nn NR RI nen NON O nan NON onnnnnrnnnnnnrnnnn ra ronn arenoso ana nnnnnnnnnnn cnn rnnnnnnnnnnss 37 EE non nnnn nn nn anna nn rana ner nnnnn nr nana ner nnnnnnnnnnn nro nnnnannnnnn narran nnn nana nnnnnnnnnss 43 Traffic EE ese ie le Ee 44 accounting Ee AA EE Ee 44 display traffic behavior ees ees ee EE EER EES EER ESE EER ee EE EER ee ee EER ee EER ee ee EER ee ee EER ee ee EER ee ee EER ee ee EER ee ee EER ee ee EER ee ee eke ee ee 46 AE cnn rnnn nn rr anar nr ron n RR nn nn RR Nr nan RR rra nn NR RR nan RR RR nan NR nr nan nnnnnnnn nn nnnnnnn nan n ano rnnn narran nnnnnnnnnnnanannss 47 nest top most EE EE EE OE OE AE EO OR RO 48 redirect eeeeeeeeereeeereererseeererrereerseeerseseeseeenreseereeeerseeenserersesesreseerseeerseeerseeeerseeerseeenseeenseeeseeeeerseeeeseeenreeeenseeerseeenseeenseeeenee 48 remark customer vlan id eeeeeeeeeeeeereeeersseesrseeerersesessesessesesrsseerseeerseeersseesrseeerseeenseeensseeerseeerseeenseeensseeerseeerseeenseeenseeenee 49 TEELS
120. rule permit ipv6 hop by hop type 5 Sysname acl6 adv 3004 rule deny ipv6 hop by hop Related commands e ad e ad logging interval e display acl e step e time range rule IPv basic ACL view Use rule to create or edit an IPv basic ACL rule Use undo rule to delete an entire IPv basic ACL rule or some attributes in the rule 30 Syntax Default Views rule rule id deny permit counting fragment logging routing type routing type source source address source prefix source address source prefix any time range time range name vpn instance vpn instance name undo rule rule id counting fragment logging routing source time range vpn instance An IPv basic ACL does not contain any rule IPv basic ACL view Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass counting Counts the number of times the IPv basic ACL rule has been matched The counting keyword enables match counting specific to rules and the hardwar
121. s 67 discard 9 dns 53 dnsix 90 echo 7 mobilip ag 434 mobilip mn 435 nameserver 42 netbios dgm 138 netbios ns 137 netbios ssn 139 ntp 123 rip 520 snmp 161 snmptrap 162 sunrpe 111 syslog 514 tacacs ds 65 talk 517 tftp 69 time 37 who 513 and xdmep 177 destination port Specifies one or operator port more UDP or TCP port2 destination ports Parameters Function Description ack ack value Parameters specific to TCP vae pesitos one or The value for each argument can be O flag bit not set or 1 flag bit psh psh value more TCP flags sel rst rstvalve including ACK l syn syn value FIN PSH RST The TCP flags in a rule are ANDed For example a rule configured urg urg value SYN and URG with ack O psh 1 matches packets that have the ACK flag bit not set and the PSH flag bit set Specifies the flags for indicating the Parameter specific to TCP established established status The rule matches TCP connection packets with the ACK or RST flag bit of a TCP sel connection If the protocol argument is icmp 1 set the parameters shown in Table 9 Table 9 ICMP specific parameters for IPv4 advanced ACL rules Parameters Function Description The icmp type argument is in the range of O to 255 icmp type icmp type Specifies the ICMP The icmp code argument is in the range of O to 255 icmp code message type and The icmp message argument sp
122. s IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified all Displays information about all IPv4 basic IPv4 advanced and Ethernet frame header ACLs if you do not specify the ipv keyword or displays information about all IPv basic and IPv advanced ACLs if you specify the ipv keyword name acl name Specifies an ACL by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter Usage guidelines This command displays ACL rules in config or depth first order whichever is configured Examples Display configuration and match statistics for IPv4 basic ACL 2001 lt Sysname gt display acl 2001 Basic ACL 2001 named flow 1 rule match order is auto This is an IPv4 basic ACL ACL s step is 5 rule 5 permit source 1 1 1 1 0 5 times matched rule 5 comment This rule is used on FortyGigE 1 1 1 Table 1 Command output Field Description Category and number of the ACL The following field information is about IPv4 basic ACL 2000 The name of the ACL is flow If the ACL is not named this field displays none Basic ACL 2001 named flow 1 rule Th
123. s wfq byte count Related commands display qos queue wfq interface gos wig byte count weight Use qos wfq byte count weight to assign a queue to a WFQ group with a certain scheduling weight Use undo gos wfq to restore the default Syntax qos wfq queue id group 1 2 byte count weight schedule value 87 Default Views undo gos wig queue id When WFQ queuing is used on an interface all the queues are in WFQ group 1 and have a weight of 1 Layer 2 Ethernet interface view Layer 3 Ethernet interface view Predefined user roles network admin Parameters queue id Specifies a queue by its ID The value is an integer in the range of O to 7 or a keyword listed in Table 33 group 1 2 Specifies WFQ group 1 or 2 If you do not specify a group group 1 applies byte count Allocates bandwidth to queues in terms of bytes weight Allocates bandwidth to queues in terms of packets schedule value Specifies a scheduling weight for the specified queue in WFQ queuing in the range of l to 15 Usage guidelines You must use the qos wfg command to enable WFQ first before you configure this command Examples Enable byte count WFQ on interface FortyGigE 1 1 1 assign queue 0 with the scheduling weight 10 to WFQ group 1 and assign queue 1 with the scheduling weight 5 to WFQ group 2 lt Sysname gt system view Sysname interface FortyGigE 1 1 1 Sysname FortyGigE1 1 1 qos wfq byte count Sysnam
124. spare 2 excellent effort 3 controlled load 4 video 5 voice 6 or network management 7 counting Counts the number of times the Ethernet frame header ACL rule has been matched The counting keyword enables match counting specific to rules and the hardware count keyword in the packet filter command enables match counting for all rules in an ACL If the counting keyword is not specified matches for the rule are not counted dest mac dest address dest mask Matches a destination MAC address range The dest address and destmask arguments represent a destination MAC address and mask in the H H H format Isap Isap type Isap type mask Matches the DSAP and SSAP fields in LLC encapsulation The Isap type argument is a 16 bit hexadecimal number that represents the encapsulation format The Isap type mask argument is a 16 bit hexadecimal number that represents the LSAP mask type protocol type protocol type mask Matches one or more protocols in the Ethernet frame header The protocol type argument is a 16 bit hexadecimal number that represents a protocol type in Ethernet_ll and Ethernet_SNAP frames The protocol type mask argument is a 16 bit hexadecimal number that represents a protocol type mask source mac source address source mask Matches a source MAC address range The source address argument represents a source MAC address and the sour mask argument represents a mask in the H H H format time range time range name Specifies a t
125. ssifiername Specifies a traffic class by its name a case sensitive string of 1 to 31 characters If you do not specify a traffic class this command displays all traffic classes slot slot number Specifies an IRF member device by its member ID slot number If you do not specify an IRF member device this command displays QoS policies on all IRF member devices Examples Display all user defined QoS policies 57 lt Sysname gt display gos policy user defined User defined QoS policy information Policy 1 ID 100 Classifier 1 ID 100 Behavior 1 Marking Remark dscp 3 Committed Access Rate CIR 128 kbps CBS 8192 Bytes EBS 512 Bytes Green action pass Yellow action pass Red action discard Classifier 2 ID 101 Behavior 2 Accounting enable Packet Filter enable Permit Marking Remark dotlp 4 Classifier 3 ID 102 Behavior 3 hone display gos policy control plane Use display qos policy control plane to display the QoS policy applied to a control plane Syntax display qos policy control plane slot slot number Views Any view Predefined user roles network admin network operator Parameters slot slot number Specifies an IRF member device by its member ID slot number Examples Display the QoS policy applied to the control plane of IRF member device 1 lt Sysname gt display gos policy control plane slot 1 Control plane Direction Inbound 58 Policy 1 Classifier 1 Operator
126. t specify the ipv keyword this option specifies the name of an IPv4 basic ACL or advanced ACL If you specify the ipv keyword this option specifies the name of an IPv basic ACL or advanced ACL Examples Enter the view of IPv4 basic ACL flow which already exists lt Sysname gt system view Sysname acl name flow Sysname acl basic 2001 flow Enter the view of IPv basic ACL flow which already exists lt Sysname gt system view Sysname acl ipv name flow Sysname acl6 basic 2001 flow Related commands acl description Use description to configure a description for an ACL Use undo description to delete an ACL description Syntax description text undo description Default An ACL has no description Views IPv4 IPv basic ACL view IPv4 IPv advanced ACL view Ethernet frame header ACL view User defined ACL view Predefined user roles network admin Parameters text Configures a description for the ACL a case sensitive string of 1 to 127 characters Examples Configure a description for IPv4 basic ACL 2000 lt Sysname gt system view Sysname acl number 2000 Sysname acl basic 2000 description This is an IPv4 basic ACL Related commands display acl display acl Use display acl to display configuration and match statistics for ACLs Syntax display acl ipv acl number all name acl name Views Any view Predefined user roles network admin network operator Parameters ipv6 Specifie
127. ted commands e display packet filter e display packet filter statistics e display packet filter verbose reset acl counter Use reset acl counter to clear statistics for ACLs Syntax reset acl counter ipv acl number all name acl name Views User view Predefined user roles network admin Parameters ipv6 Specifies IPv ACLs acl number Specifies an ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified all Clears statistics for all IPv4 basic IPv4 advanced and Ethernet frame header ACLs if you do not specify the ipv6 keyword or clears statistics for all IPv basic and IPv advanced ACLs if you specify the ipv keyword name aclname Clears statistics of an ACL specified by its name The acl name argument is a case insensitive string of 1 to 63 characters It must start with an English letter Examples Clear statistics for IPv4 basic ACL 2001 lt Sysname gt reset acl counter 2001 Related commands display acl reset packetilter statistics Use reset packet filter statistics to clear the match statistics including the accumulated statistics of ACLs for packet filtering Syntax reset packet filter statistics interface inte
128. tel argument specifies a date in MM DD YYYY or YYYY MM DD format where MM is the month of the year in the range of 1 to 12 DD is the day of the month with the range varying by MM and YYYY is the year in the calendar in the range of 1970 to 2100 If you do not specify this option the start time is 01 01 1970 00 00 AM the earliest time available in the system to time2 date2 Specifies the end time and date of the absolute time statement The time2 argument has the same format as the time argument but its value is in the range of 00 00 to 24 00 The date2 argument has the same format and value range as the date argument The end time must be greater than the start time If you do not specify this option the end time is 12 31 2100 24 00 PM the maximum time available in the system Usage guidelines If an existing time range name is provided this command adds a statement to the time range You can create multiple statements in a time range Each time statement can take one of the following forms 108 e Periodic statement in the start time to end time days format A periodic statement recurs periodically on a day or days of the week e Absolute statement in the from time date 1 to time2 date2 format An absolute statement does not recur e Compound statement in the starf time to end time days from time date to time2 date2 format A compound statement recurs on a day or days of the week only within the specified period For example
129. tframe 4000 rule deny type 8035 ffff Related commands e ad e display acl e step e time range rule IPv4 advanced ACL view Syntax Use rule to create or edit an IPv4 advanced ACL rule Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule rule rule id deny permit protocol ack ack value fin fin value psh psh value rst rst value syn syn value urg urg value established counting destination dest address dest wildcard any destination port operator port port2 dscp dscp precedence precedence tos tos fragment icmp type icmp type icmp code icmp message logging source source address source wildcard any source port operator port port2 time range time range name vpn instance vpn instance name undo rule rule id ack fin psh rst syn urg established counting destination destination port dscp precedence tos fragment icmp type logging source source port time range vpn instance Default An IPv4 advanced ACL does not contain any rule Views IPv4 advanced ACL view Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the curre
130. the QoS policy user1 to the incoming traffic globally lt Sysname gt system view Sysname qos apply policy userl global inbound qos policy Use qos policy to create a QoS policy and enter QoS policy view Use undo qos policy to delete a QoS policy Syntax qos policy policy name undo qos policy policy name 67 Default No QoS policy is configured Views System view Predefined user roles network admin Parameters policy name QoS policy name a case sensitive string of 1 to 31 characters Usage guidelines To use the undo qos policy command to delete a QoS policy that has been applied to an object you must first remove it from the object Examples Define QoS policy user1 lt Sysname gt system view Sysname qos policy userl Sysname qospolicy userl Related commands e classifier behavior e qos apply policy e qos apply policy global e qos vlan policy qos vlan policy Use qos vlan policy to apply a QoS policy to the specified VLANs Use undo gos vlan policy to remove the QoS policy from the specified VLANs Syntax gos vlan policy policy name vlan vlan id list inbound outbound undo qos vlan policy policy name vlan vlan id list inbound outbound Default No QoS policy is applied to a VLAN Views System view Predefined user roles network admin Parameters policy name Specifies a QoS policy name a case sensitive string of 1 to 31 characters vlan id list Specifies a list of up to eight VLAN IDs A V
131. to create a time range that is active from 08 00 to 12 00 on Monday between January 1 2011 00 00 and December 31 2011 23 59 use the time range test 08 00 to 12 00 mon from 00 00 01 01 2011 to 23 59 12 31 2011 command You can create a maximum of 1024 time ranges each with a maximum of 32 periodic statements and 12 absolute statements The active period of a time range is calculated as follows 1 Combining all periodic statements 2 Combining all absolute statements 3 Taking the intersection of the two statement sets as the active period of the time range Examples Create a periodic time range tl setting it to be active between 8 00 to 18 00 during working days lt Sysname gt system view Sysname time range t1 08 00 to 18 00 working day Create an absolute time range t2 setting it to be active in the whole year of 2013 lt Sysname gt system view Sysname time range t2 from 00 00 1 1 2013 to 24 00 12 31 2013 Create a compound time range setting it to be active from 08 00 to 12 00 on Saturdays and Sundays of the year 2013 lt Sysname gt system view Sysname time range t3 08 00 to 12 00 off day from 00 00 1 1 2013 to 24 00 12 31 2013 Create a compound time range 4 setting it to be active from 10 00 to 12 00 on Mondays and from 14 00 to 16 00 on Wednesdays in January and June of the year 2013 lt Sysname gt system view Sysname time range t4 10 00 to 12 00 1 from 00 00 1 1 2013 to 24 00 1 31 2013 S
132. u can change the match order only for ACLs that do not contain any rules Examples Create IPv4 basic ACL 2000 and enter its view lt Sysname gt system view Sysname acl number 2000 Sysname acl basic 2000 Create IPv4 basic ACL 2001 with the name flow and enter its view lt Sysname gt system view Sysname acl number 2001 name flow Sysname acl basic 2001 flow Related commands display acl acl copy Use acl copy to create an ACL by copying an ACL that already exists Syntax acl ipv copy source acl number name source acl name to destacl number name dest acl name Views System view Predefined user roles network admin Parameters ipv6 Specifies IPv ACLs source acl number Specifies an existing source ACL by its number e 2000 to 2999 for basic ACLs e 3000 to 3999 for advanced ACLs e 4000 to 4999 for Ethernet frame header ACLs You cannot specify an Ethernet frame header ACL if the ipv keyword is specified e 5000 to 5999 for user defined ACLs You cannot specify a user defined ACL if the ipv6 keyword is specified name source acl name Specifies an existing source ACL by its name The source acl name argument is a case insensitive string of 1 to 63 characters dest acl number Assigns a unique number to the ACL you are creating This number must be from the same ACL category as the source ACL If you do not specify an ACL number the system automatically picks the smallest number from a
133. und packet filtering do not specify the vpn instance keyword Within an ACL the permit or deny statement of each rule must be unique If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL the rule will not be created or changed You can edit ACL rules only when the match order is config e If you do not specify any optional keywords the undo rule command deletes the entire rule e If you specify optional keywords or arguments the undo rule command deletes the specified attributes To view rules in an ACL and their rule IDs use the display acl all command Examples Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10 0 0 0 8 172 17 0 0 16 or 192 168 1 0 24 lt Sysname gt system view Sysname acl number 2000 Sysname acl basic 2000 rule permit source 10 0 0 0 0 255 255 255 rule permit source 172 17 0 0 0 0 255 255 Sysname acl basic 2000 Sysname acl basic 2000 rule permit source 192 168 1 0 0 0 0 255 Sysname acl basic 2000 rule deny source any Related commands e ad e acl logging interval e display acl e step e time range rule IPv advanced ACL view Use rule to create or edit an IPv6 advanced ACL rule Use undo rule to delete an entire IPv advanced ACL rule or some attributes in the rule 25 Syntax Default Views rule rule id deny permit protocol ack ack
134. value fin fin value psh psh value rst rst value syn syn value urg urg value established counting destination dest address dest prefix destaddress destprefix any destination port operator port port2 dscp dscp flow label flow label value fragment icmp6 type icmp type icmp code icmp message logging routing type routing type hop by hop type hop type source source address source prefix source address source prefix any source port operator port port2 time range time range name vpn instance vpn instance name undo rule rule id ack fin psh rst syn urg established counting destination destination port dscp flow label fragment icmp6 type logging routing hop by hop source source port time range vpn instance An IPv advanced ACL does not contain any rule IPv advanced ACL view Predefined user roles network admin Parameters rule id Specifies a rule ID in the range of O to 65534 If you do not specify a rule ID when creating an ACL rule the system automatically assigns it a rule ID This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID starting from 0 For example if the rule numbering step is 5 and the current highest rule ID is 28 the rule is numbered 30 deny Denies matching packets permit Allows matching packets to pass protocol Specifies a pr
135. value range for the vlan id argument is 1 to 4094 destination mac mac address Matches a destination MAC address Matches DSCP values The dscp value amp lt 1 8 gt argument specifies a space separated list of up to eight DSCP values The value range for the dscp value argument is O to 63 or keywords shown in Table 20 dsep dscp value amp lt 1 8 gt Matches IP precedence values ip precedence The ip precedence value amp lt 1 8 gt argument specifies a space separated list of ip precedence value amp lt 1 8 gt up to eight IP precedence values The value range for the ip precedence value argument is 0 to 7 Matches a protocol protocol protocol name The protocol name argument can be IP or IPv Matches a local QoS ID in the range of 1 to 4095 The switch supports local doseer cone Vaye QoS IDs in the range of 1 to 3999 Matches 802 1p priority values in outer VLAN tags service dot1p The dot p value amp lt 1 8 gt argument specifies a space separated list of up to dot p value amp lt 1 8 gt eight 802 1p priority values The value range for the dot p value argument is Oto 7 Matches VLAN IDs in outer VLAN tags The vlan id list argument specifies a space separated list of up to 10 VLAN service vlan id vlan id list items Each item specifies a VLAN or a range of VLANS in the form of vlan id1 to vlan id2 The value for vlan id2 must be equal to or greater than the value for vlan id1 The value ran
136. wice by its name and number with the if match command respectively Defining a criterion to match a destination MAC address You can configure multiple destination MAC address match criteria for a traffic class Defining a criterion to match a source MAC address You can configure multiple source MAC address match criteria for a traffic class Defining a criterion to match DSCP values e You can configure multiple DSCP match criteria for a traffic class All defined DSCP values are automatically sorted in ascending order e To delete a criterion that matches DSCP values the specified DSCP values must be identical with those defined in the criterion the sequence can be different Defining a criterion to match 802 1p priority values in inner or outer VLAN tags e You can configure multiple 802 1 p priority match criteria for a traffic class All the defined 802 1p values are automatically arranged in ascending order e To delete a criterion that matches 802 1p priority values the specified 802 1 p priority values in the command must be identical with those defined in the criterion the sequence can be different Defining a criterion to match IP precedence values e You can configure multiple IP precedence match criteria for a traffic class The defined IP precedence values are automatically arranged in ascending order 40 e To delete a criterion that matches IP precedence values the specified IP precedence values in the command must
137. ype hoptype Specifies an IPv Hop by Hop Options header type hop type Value of the IPv Hop by Hop Options header type in the range of O to 255 If you specify the type hop type option the rule applies to the specified type of IPv Hop by Hop Options header Otherwise the rule applies to all types of IPv Hop by Hop Options header time range time range name Specifies a time range for the rule 27 The time range name argument is a case insensitive string of 1 to 32 characters It must start with an English letter If the time range is not configured the system creates the rule However the rule using the time range can take effect only atter you configure the timer range For more information about time range see ACL and QoS Configuration Guide Parameters Function Description The vpn instance name argument is a case sensitive string vpn instance Applies the rule to a VPN of 1 fo 31 characters vpn instance name instance If you do not specity a VPN instance the rule applies only to non VPN packets If the protocol argument is tep 6 or udp 17 set the parameters shown in Table 13 Table 13 TCP UDP specific parameters for IPv advanced ACL rules Parameters Function Description source port Specifies one or more The operator argument can be It lower than gt greater than eq operator port UDP or TCP source equal to neg not equal to or range inclusive range port2 ports T
138. ysname time range t4 14 00 to 16 00 3 from 00 00 6 1 2013 to 24 00 6 30 2013 Related commands display time range Data buffer commands Inappropriate data buffer changes can cause system problems Before manually changing data buffer settings make sure you understand its impact on your device If the system requires large buffer spaces HP recommends that you use the burst mode enable command This command cannot be configured together with any other command in this chapter butter apply Use buffer apply to apply manually configured data buffer settings 109 Use undo buffer apply to cancel the application Syntax buffer apply undo buffer apply Views System view Predefined user roles network admin Usage guidelines After applying manually configured data buffer settings you cannot directly modify the applied settings To modify them you must cancel the application reconfigure data buffer settings and reapply the new settings Examples Apply manually configured data buffer settings lt Sysname gt system view Sysname buffer apply buffer queue guaranteed Use buffer queue guaranteed to set the fixed area ratio for a queue Use undo buffer queue guaranteed to restore the default Syntax buffer egress slot slotnumber cell queue queve id guaranteed ratio ratio value undo buffer egress slot slotnumber cell queue queve id guaranteed Default The fixed area ratio for a queue is 12 5 but the default value
Download Pdf Manuals
Related Search