HP FlexFabric 11900 Switch Series ACL and QoS Command Reference Part number: 5998-5278 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL commands ···························································································································································· 1 acl ·············································································································································································· 1 acl copy ·············································································································································
display qos policy control-plane pre-defined ····································································································· 58 display qos policy global ····································································································································· 60 display qos policy interface ································································································································· 61 display qos vlan-policy ·············
Congestion avoidance commands···························································································································· 99 display qos wred interface ··································································································································· 99 display qos wred table ········································································································································· 99 qos wred apply ··············
ACL commands acl Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified or all ACLs. Syntax acl [ ipv6 ] number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl [ ipv6 ] { all | name acl-name | number acl-number } Default No ACL exists.
Usage guidelines You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name. You can change the match order only for ACLs that do not contain any rules. Examples # Create IPv4 basic ACL 2000, and enter its view. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] # Create IPv4 basic ACL 2001 with the name flow, and enter its view.
smallest number from all available numbers in the same ACL category as the source ACL. Available value ranges include: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
[Sysname-acl-basic-2001-flow] # Enter the view of IPv6 basic ACL flow, which already exists. system-view [Sysname] acl ipv6 name flow [Sysname-acl6-basic-2001-flow] Related commands acl description Use description to configure a description for an ACL. Use undo description to delete an ACL description. Syntax description text undo description Default An ACL has no description.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
Field Description rule 5 permit source 1.1.1.1 0 Content of rule 5. 5 times matched There have been five matches for the rule. The statistic counts only ACL matches performed in software. This field is not displayed when no packets matched the rule. rule 5 comment This rule is used on Ten-GigabitEthernet 1/0/1. Comment of ACL rule 5. display packet-filter Use display packet-filter to display whether an ACL has been successfully applied to an interface for packet filtering.
Usage guidelines If you specify neither the inbound keyword nor the outbound keyword, the command displays the ACL application information for both incoming and outgoing packet filtering. Examples # Display ACL application information for incoming packet filtering on interface Ten-GigabitEthernet 1/0/1.
mdc-admin mdc-operator Parameters interface interface-type interface-number: Displays the statistics of an interface specified by its type and number. inbound: Displays the statistics in the inbound direction. outbound: Displays the statistics in the outbound direction. acl-number: Specifies the number of an ACL: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
Table 2 Command output Field Description Interface Interface to which the ACL applies. In-bound policy ACL used for filtering incoming traffic. Out-bound policy ACL used for filtering outgoing traffic. ACL6 2000 IPv6 basic ACL 2000 has been successfully applied. ACL 2001 IPv4 basic ACL 2001 has been successfully applied. Hardware-count Successfully enables counting ACL rule matches. From 2011-06-04 10:25:21 to 2011-06-04 10:35:57 Start time and end time of the statistics.
acl-number: Specifies the number of an ACL: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. name acl-name: Specifies an ACL by its name.
display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ slot slot-number ] In IRF mode: display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface interface-type interface-number: Specifie
Examples # Display application details of all IPv4 ACLs (including IPv4 basic, IPv4 advanced, and Ethernet frame header ACLs) for incoming packet filtering on Ten-GigabitEthernet 1/0/1. display packet-filter verbose interface ten-gigabitethernet 1/0/1 inbound Interface: Ten-GigabitEthernet1/0/1 In-bound policy: ACL6 2000 rule 5 permit source 1::/64 ACL 2001, Hardware-count rule 0 permit source 2.2.2.2 0 rule 5 permit source 1.1.1.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies a card by its slot number. If no slot is specified, the command displays ACL QoS and ACL resource usage on all cards. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the ID of the IRF member device, and the slot-number argument represents the number of the slot that holds the card.
Table 5 Command output Field Description Interfaces Interface range for the resource. Resource type: • VFP ACL—ACL rules for local QoS ID remarking before Layer 2 forwarding. Type • IFP ACL—ACL rules applied to inbound traffic. • IFP Meter—Traffic policing rules for inbound traffic. • IFP Counter—Traffic counting rules for inbound traffic. • EFP Meter—Traffic policing rules for outbound traffic. • EFP Counter—Traffic counting rules for outbound traffic. Total Total number of resource.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL. If you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL. inbound: Filters incoming packets. outbound: Filters outgoing packets.
system-view [Sysname] packet-filter default deny Related commands • display packet-filter • display packet-filter statistics • display packet-filter verbose reset acl counter Use reset acl counter to clear statistics for ACLs.
Syntax reset packet-filter statistics interface [ interface-type interface-number ] { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] Views User view Predefined user roles network-admin mdc-admin Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, the command clears packet filtering ACL statistics on all interfaces. inbound: Specifies the inbound direction. outbound: Specifies the outbound direction.
Syntax rule [ rule-id ] { deny | permit } [ cos vlan-pri | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] * undo rule rule-id [ counting | time-range ] * Default An Ethernet frame header ACL does not contain any rule.
Usage guidelines When an Ethernet frame header ACL with the lsap keyword specified is for QoS traffic classification or packet filtering, the lsap-type argument must be AAAA and the lsap-type-mask argument must be FFFF. Otherwise, the ACL cannot be applied successfully. Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.
Predefined user roles network-admin mdc-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
Parameters Function Description dscp dscp Specifies a DSCP priority. The dscp argument can be a number in the range of 0 to 63, or in words: af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). fragment Applies the rule to only non-first fragments. Without this keyword, the rule applies to all fragments and non-fragments.
Parameters Function { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG. established Specifies the flags for indicating the established status of a TCP connection. Description Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ANDed.
ICMP message name ICMP message type ICMP message code source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config.
[Sysname-acl-adv-3003] rule permit udp source-port eq snmptrap [Sysname-acl-adv-3003] rule permit udp destination-port eq snmp [Sysname-acl-adv-3003] rule permit udp destination-port eq snmptrap Related commands • acl • display acl • step • time-range rule (IPv4 basic ACL view) Use rule to create or edit an IPv4 basic ACL rule. Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the timer range. For more information about time range, see ACL and QoS Configuration Guide. vpn-instance vpn-instance-name: Applies the rule to a VPN instance.
source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | dscp | flow-label | fragment | icmp6-type | routing | source | source-port | time-range | vpn-instance ] * Default An IPv6 advanced ACL does not contain any rule.
Table 11 Match criteria and other rule information for IPv6 advanced ACL rules Parameters Function Description source { source-address source-prefix | source-address/so urce-prefix | any } Specifies a source IPv6 address. The source-address and source-prefix arguments represent an IPv6 source address, and prefix length in the range of 1 to 128. destination { dest-address dest-prefix | dest-address/destprefix | any } Specifies a destination IPv6 address.
Table 12 TCP/UDP-specific parameters for IPv6 advanced ACL rules Parameters Function Description source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports. The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). destination-port operator port1 [ port2 ] Specifies one or more UDP or TCP destination ports. The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535.
ICMPv6 message name ICMPv6 message type ICMPv6 message code err-Header-field 4 0 frag-time-exceeded 3 1 hop-limit-exceeded 3 0 host-admin-prohib 1 1 host-unreachable 1 3 neighbor-advertisement 136 0 neighbor-solicitation 135 0 network-unreachable 1 0 packet-too-big 2 0 port-unreachable 1 4 redirect 137 0 router-advertisement 134 0 router-solicitation 133 0 unknown-ipv6-opt 4 2 unknown-next-hdr 4 1 Usage guidelines Within an ACL, the permit or deny statement of
[Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96 destination-port eq 80 # Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for FE80:5060:1001::/48. system-view [Sysname] acl ipv6 number 3001 [Sysname-acl6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48 [Sysname-acl6-adv-3001] rule permit ipv6 # Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.
mdc-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source 1001:: 16 [Sysname-acl6-basic-2000] rule permit source 3124:1123:: 32 [Sysname-acl6-basic-2000] rule permit source fe80:5060:1001:: 48 [Sysname-acl6-basic-2000] rule deny source any Related commands • acl • display acl • step • time-range rule comment Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand.
Use undo step to restore the default. Syntax step step-value undo step Default The rule numbering step is five. Views IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view Predefined user roles network-admin Parameters step-value: ACL rule numbering step in the range of 1 to 20. Usage guidelines The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5.
QoS policy commands Traffic class commands display traffic classifier Use display traffic classifier to display traffic class information.
If-match acl 2000 Classifier: 2 (ID 101) Operator: AND Rule(s) : If-match protocol ipv6 Classifier: 3 (ID 102) Operator: AND Rule(s) : -none- Table 15 Command output Field Description Classifier Traffic class name and its match criteria. Operator Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria.
Table 16 Available match criteria Option Description Matches an ACL. acl [ ipv6 ] { acl-number | name acl-name } any The acl-number argument is in the range of 2000 to 3999 for an IPv4 ACL, 2000 to 3999 for an IPv6 ACL, and 4000 to 4999 for an Ethernet frame header ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter, and to avoid confusion, it cannot be all. Matches all packets. Matches the control plane protocols.
Option Description Matches the service provider VLAN IDs (SVLANs). service-vlan-id vlan-id-list source-mac mac-address The vlan-id-list argument is in the format of vlan-id-list = { vlan-id | vlan-id1 to vlan-id2 }&<1-10>, where the vlan-id, vlan-id1, and vlan-id2 arguments represent the VLAN IDs and each range from 1 to 4094, vlan-id1 must be no greater than vlan-id2, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Matches a source MAC address.
Defining a criterion to match DSCP values • You can configure multiple DSCP match criteria for a traffic class. All defined DSCP values are automatically sorted in ascending order. • To delete a criterion that matches DSCP values, the specified DSCP values must be identical with those defined in the criterion (the sequence may be different). Defining a criterion to match 802.1p priority in customer or service provider VLAN tags • You can configure multiple 802.
# Define a match criterion for traffic class class1 to match the packets with their customer network 802.1p priority values being 3. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3 # Define a match criterion for traffic class class1 to match the packets with their service provider network 802.1p priority values being 5.
[Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match protocol ip # Define a match criterion for traffic class class1 to match the packets of customer network VLAN 1, 6, or 9. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-vlan-id 1 6 9 # Define a match criterion for traffic class class1 to match the packets of service provider network VLAN 2, 7, or 10.
operator: Sets the operator to logic AND (the default) or OR for the traffic class. and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria. or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria. Examples # Create a traffic class class1.
car Use car to configure a CAR action in a traffic behavior. Use undo car to delete a CAR action from a traffic behavior. Syntax car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * undo car Default No CAR action is configured.
• remark-lp-pass new-local-precedence: Sets the local precedence value of the packet to new-local-precedence and permits the packet to pass through. The new-local-precedence argument ranges from 0 to 7. Usage guidelines A QoS policy that references the traffic behavior can be applied in either the inbound direction or outbound direction of an interface. If you configure the car command multiple times in the same traffic behavior, the most recent configuration takes effect.
card. If no card is specified, this command displays the traffic behaviors on all cards of all member devices. (In IRF mode.) Examples # Display information about user-defined traffic behaviors.
Syntax filter { deny | permit } undo filter Default No traffic filtering action is configured. Views Traffic behavior view Predefined user roles network-admin mdc-admin Parameters deny: Drops packets. permit: Transmits the packets. Examples # Configure a traffic filtering action as deny in traffic behavior database.
If the traffic behavior already contains a VLAN tag adding action, the new one overwrites the old one. Examples # Configure traffic behavior b1 to add VLAN tag 123. system-view [Sysname] traffic behavior b1 [Sysname-behavior-b1] nest top-most vlan 123 redirect Use redirect to configure a traffic redirecting action in the traffic behavior. Use undo redirect to delete the traffic redirecting action.
remark customer-vlan-id Use remark customer-vlan-id to add a CVLAN marking action to a traffic behavior. Use undo remark customer-vlan-id to remove the action from the traffic behavior. Syntax remark customer-vlan-id vlan-id undo remark customer-vlan-id Default No CVLAN marking action is configured. Views Traffic behavior view Predefined user roles network-admin mdc-admin Parameters vlan-id: Specifies a CVLAN ID, ranging from 1 to 4094.
mdc-admin Parameters green: Specifies green packets. red: Specifies red packets. yellow: Specifies yellow packets. dot1p-value: Specifies the 802.1p priority to be marked for packets, which ranges from 0 to 7. customer-dot1p-trust: Copies the 802.1p priority value in the inner VLAN tag to the outer VLAN tag after the QoS policy is applied to an interface.
Usage guidelines The command applies to only incoming traffic. Examples # Configure traffic behavior database to mark matching traffic with drop priority 2. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark drop-precedence 2 remark dscp Use remark dscp to configure a DSCP marking action. Use undo remark dscp to restore the default.
Keyword DSCP value (binary) DSCP value (decimal) af32 011100 28 af33 011110 30 af41 100010 34 af42 100100 36 af43 100110 38 cs1 001000 8 cs2 010000 16 cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples # Configure traffic behavior database to mark matching traffic with DSCP 6.
Examples # Set the IP precedence to 6 for packets. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark ip-precedence 6 remark local-precedence Use remark local-precedence to configure a local precedence marking action. Use undo remark local-precedence to delete the action. Syntax remark [ green | red | yellow ] local-precedence local-precedence-value undo remark [ green | red | yellow ] local-precedence Default No local precedence marking action is configured.
Default No local QoS ID marking action is configured. Views Traffic behavior view Predefined user roles network-admin mdc-admin Parameters local-id-value: Specifies the local QoS ID to be marked for packets. The value range for this argument is 1 to 4095. The switch supports local QoS IDs in the range of 1 to 3999. Usage guidelines Remarking local QoS IDs combines different traffic classes into one new class, which is indicated by a local QoS ID.
system-view [Sysname] traffic behavior b1 [Sysname-behavior-b1] remark service-vlan-id 222 traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior. Syntax traffic behavior behavior-name undo traffic behavior behavior-name Default No traffic behavior exists.
Views QoS policy view Predefined user roles network-admin mdc-admin Parameters classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters. mode dcbx: Specifies that the class-behavior association applies only to the Data Center Bridging Exchange Protocol (DCBX). For more information about DCBX, see Layer 2—LAN Switching Configuration Guide.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides. (In IRF mode.) Examples # (In standalone mode.) Enter control plane view of card 3. system-view [Sysname] control-plane slot 3 [Sysname-cp-slot3] # (In IRF mode.) Enter the control plane view of card 3 on IRF member 1.
card. If no card is specified, this command displays the QoS policies on all cards of all member devices. (In IRF mode.) Examples # Display the configuration information of all the user-defined QoS policies.
Parameters slot slot-number: Displays information about the QoS policies applied to the control plane of the card specified by the slot number. (In standalone mode.) inbound: Displays information about the QoS policy applied to the incoming traffic of the control plane. chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides.
display qos policy control-plane pre-defined Use display qos policy control-plane pre-defined to display information about the pre-defined QoS policy applied to the control plane.
DHCP 18 256 normal 802.
HTTP 12 64 management HTTPS 12 64 management ARP Snooping 18 256 redirect ICMPv6 6 512 monitor DHCPv6 18 256 normal Table 20 Command output Field Description Pre-defined control plane policy Contents of the pre-defined control plane QoS policy. display qos policy global Use display qos policy global to display information about global QoS policies.
If no slot or IRF member ID is specified, this command displays the global QoS policies applied to the global active MPU. (In IRF mode.) Examples # Display information about the inbound global QoS policy.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number to display information about the QoS policies applied to it. inbound: Displays information about the QoS policy applied to the incoming traffic of the specified interface. outbound: Displays information about the QoS policy applied to the outgoing traffic of the specified interface.
Accounting enable: 0 (Packets) Filter enable: Permit Marking: Remark dot1p 1 Table 22 Command output Field Description Direction Direction in which the QoS policy is applied to the interface. Green packets Traffic statistics for green packets. Red packets Traffic statistics for red packets. For the output description, see Table 15 and Table 17. display qos vlan-policy Use display qos vlan-policy to display information about QoS policies applied to VLANs.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides. (In IRF mode.) Usage guidelines If no direction is specified, this command displays information about QoS policies applied to VLANs in both the inbound and outbound directions.
# Displays information about QoS policy 1 applied to VLANs. display qos vlan-policy name 1 Policy 1 Vlan 2: outbound Table 23 Command output Field Description Direction Direction in which the QoS policy is applied for the VLAN. Green packets Statistics about green packets. Red packets Statistics about red packets. Vlan 2: outbound The QoS policy is applied to the outgoing traffic of VLAN 2. For the output description, see Table 15 and Table 17.
Traffic filtering Yes Yes Traffic mirroring to an interface Yes Yes Outer VLAN tag encapsulation Yes No Traffic redirecting Yes No CVLAN marking Yes Yes SVLAN marking Yes Yes 802.1p priority marking Yes Yes Drop precedence marking Yes No DSCP marking Yes Yes IP precedence marking Yes Yes Local precedence marking Yes No Local QoS ID marking Yes No Examples # Apply QoS policy USER1 to the incoming traffic of Ten-GigabitEthernet 1/0/1.
inbound: Applies the QoS policy to the incoming packets on all interfaces. outbound: Applies the QoS policy to the outgoing packets on all interfaces. Usage guidelines An aggregate QoS policy takes effect on all incoming or outgoing traffic depending on the direction in which the QoS policy is applied. Examples # Apply the QoS policy user1 to the incoming traffic globally.
qos vlan-policy Use qos vlan-policy to apply a QoS policy to the specified VLANs. Use undo qos vlan-policy to remove the QoS policy from the specified VLANs. Syntax qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } undo qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } Default No QoS policy is applied to a VLAN.
Predefined user roles network-admin Parameters inbound: Clears the statistics of the QoS policy applied to the incoming traffic of the control plane. slot slot-number: Clears the statistics of the QoS policies applied to the control plane of the card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device.
Syntax reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ] Views User view Predefined user roles network-admin mdc-admin Parameters vlan vlan-id: Specifies a VLAN ID, which ranges from 1 to 4094. inbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN. outbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN.
Priority mapping commands Priority map commands display qos map-table Use display qos map-table to display the configuration of a priority map. Syntax display qos map-table [ dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters The device provides the following types of priority map. Table 25 Priority maps Priority mapping Description dot1p-dp 802.1p-drop priority map.
IMPORT : EXPORT 0 : 2 1 : 0 2 : 1 3 : 3 4 : 4 5 : 5 6 : 6 7 : 7 Table 26 Command output Field Description MAP-TABLE NAME Name of the priority map. TYPE Type of the priority map. IMPORT Input values of the priority map. EXPORT Output values of the priority map. import Use import to configure mappings for a priority map. Use undo import to restore the specified or all mappings to the default for a priority map.
Related commands display qos map-table qos map-table Use qos map-table to enter the specified priority map view. Syntax qos map-table { dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p } Views System view Predefined user roles network-admin mdc-admin Parameters For the description of the keywords, see Table 25. Usage guidelines The dscp-dot1p priority map does not take effect on interfaces on SF cards. EXP-related priority maps take effect only on MPLS-capable cards.
Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Parameters priority-value: Specifies the port priority value. The port priority ranges from 0 to 7. Examples # Set the port priority of interface Ten-GigabitEthernet 1/0/1 to 2.
Table 27 Command output Field Description Interface Interface type and interface number. Port priority Port priority set for the interface. Port priority trust type Priority trust mode on the interface: dot1p or dscp. qos trust Use qos trust to configure the priority trust mode for an interface. Use undo qos trust to restore the default priority trust mode. Syntax qos trust { dot1p | dscp } undo qos trust Default The switch trusts the 802.1p priority carried in packets.
GTS and rate limit commands GTS commands display qos gts interface Use display qos gts interface to view generic traffic shaping (GTS) configuration and statistics on a specified interface or all the interfaces. Syntax display qos gts interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
qos gts Use qos gts to set GTS parameters for the packets in a specific queue. Use undo qos gts to remove GTS parameters for traffic of a specific queue on the interface. Syntax qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ] undo qos gts queue queue-number Default No GTS parameters are configured on an interface.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the rate limit configuration and statistics on all the interfaces. Examples # Display the rate limit configuration and statistics on all the interfaces.
Predefined user roles network-admin mdc-admin Parameters inbound: Limits the rate of incoming packets on the interface. outbound: Limits the rate of outgoing packets on the interface. cir committed-information-rate: Specifies the CIR in kbps. The value range for the committed-information-rate argument is 8 to 1000000 for GE interfaces, 8 to 10000000 for 10-GE interfaces, and 8 to 40000000 for 40-GE interfaces. The values must be integral multiples of 8. cbs committed-burst-size: Specifies the CBS in bytes.
Congestion management commands SP commands display qos queue sp interface Use display qos queue sp interface to view the SP queuing configuration of an interface. Syntax display qos queue sp interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Syntax qos sp undo qos sp Default An interface uses the SP queuing algorithm. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin mdc-admin Examples # Enable SP queuing on Ten-GigabitEthernet 1/0/1.
Interface: Ten-GigabitEthernet1/0/1 Output queue: Weighted Round Robin queuing Queue ID Group Weight ----------------------------------------be sp NA af1 1 2 af2 1 3 af3 1 4 af4 1 5 ef 1 9 cs6 2 13 cs7 2 15 Table 31 Command output Field Description Interface Interface type and interface number. Output queue Type of the current output queue. Queue ID ID of a queue. Group Number of the group a queue is assigned to. By default, all queues belong to group 1.
Parameters byte-count: Allocates bandwidth to queues in terms of bytes. weight: Allocates bandwidth to queues in terms of packets. Usage guidelines You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface. Examples # Enable weight-based WRR queuing on Ten-GigabitEthernet 1/0/1.
schedule-value: Specifies a scheduling weight for the specified queue in WRR queuing, in the range of 1 to 15. Usage guidelines You must use the qos wrr command to enable WRR queuing before you can configure WRR queuing parameters for a queue on an interface. The queue-id argument can be either a number or a keyword. Table 32 shows the number-keyword map.
Predefined user roles network-admin mdc-admin Parameters queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 32. sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm. Usage guidelines This command is available only on a WRR-enabled interface. Queues in the SP group are scheduled with SP. The SP group has higher scheduling priority than the WRR group.
Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the WFQ configuration of all the interfaces. Examples # Display the WFQ configuration of Ten-GigabitEthernet 1/0/1.
Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID. A queue ID is a number in the range of 0 to 7 or a keyword in Table 32. min bandwidth-value: Sets the minimum guaranteed bandwidth in kbps for a queue when the interface is congested.
Usage guidelines You must use the qos wfq command to enable WFQ before you can configure WFQ queuing parameters for a queue on an interface. Examples # Enable weight-based WFQ on Ten-GigabitEthernet 1/0/1. system-view [Sysname] interface Ten-GigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq weight # Enable byte-count WFQ on Ten-GigabitEthernet 1/0/1.
Examples # Enable byte-count WFQ on interface Ten-GigabitEthernet 1/0/1, and assign queue 0 with a scheduling weight of 10 to WFQ group 1. system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq byte-count [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 0 group 1 byte-count 10 Related commands • display qos queue wfq interface • qos bandwidth queue • qos wfq qos wfq group sp Use qos wfq group sp to assign a queue to the SP group.
Examples # Enable weight-based WFQ on interface Ten-GigabitEthernet 1/0/1, and assign queue 0 to the SP group.
• Set the minimum guaranteed bandwidth to 100 kbps for queue 0. system-view [Sysname] qos qmprofile myprofile [Sysname-qmprofile-myprofile] queue 0 wfq group 1 weight 1 [Sysname-qmprofile-myprofile] bandwidth queue 0 min 100 Related commands • display qos qmprofile interface • qos qmprofile • queue display qos qmprofile configuration Use display qos qmprofile configuration to display queue scheduling profile configurations.
display qos qmprofile configuration myprofile Queue management profile: myprofile (ID 1) Queue ID Type Group Schedule-unit Schedule-value Bandwidth --------------------------------------------------------------------------be WFQ N/A weight 1 64 af1 WFQ 1 weight 1 64 af2 WFQ N/A weight 1 1000 af3 WFQ N/A weight 1 64 af4 SP N/A N/A N/A N/A ef WFQ N/A weight 1 64 cs6 WFQ 2 weight 56 64 cs7 SP N/A N/A N/A N/A Table 34 Command output Field Descript
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the queue scheduling profiles applied to all interfaces. Examples # Display the queue scheduling profile applied to Ten-GigabitEthernet 1/0/1.
Examples # Apply queue scheduling profile myprofile to Ten-GigabitEthernet 1/0/1. system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos apply qmprofile myprofile Related commands display qos qmprofile interface qos qmprofile Use qos qmprofile to create a queue scheduling profile and enter queue scheduling profile view. Use undo qos qmprofile to delete a queue scheduling profile.
Syntax queue queue-id { sp | wfq group group-id { byte-count | weight } schedule-value | wrr group group-id { byte-count | weight } schedule-value } undo queue queue-id Default In a queue scheduling profile, SP queuing is used for all queues. Views Queue scheduling profile view Predefined user roles network-admin mdc-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7. sp: Enables SP for the queue. wfq: Enables WFQ for the queue.
Queue statistics commands display qos queue-statistics interface Use display qos queue-statistics interface to display queue statistics for an interface. Syntax display qos queue-statistics interface [ interface-type interface-number ] outbound Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Forwarded: 0 packets, 0 bytes Dropped: 0 packets, 0 bytes Total queue length: 0 packets Current queue length: 0 packets, 0% use ratio Queue 4 Forwarded: 0 packets, 0 bytes Dropped: 0 packets, 0 bytes Total queue length: 0 packets Current queue length: 0 packets, 0% use ratio Queue 5 Forwarded: 0 packets, 0 bytes Dropped: 0 packets, 0 bytes Total queue length: 0 packets Current queue length: 0 packets, 0% use ratio Queue 6 Forwarded: 0 packets, 0 bytes Dropped: 0 packets, 0 bytes Total queue length: 0 packet
Predefined user roles network-admin mdc-admin Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, the command clears queue statistics for all interfaces. outbound: Clears outbound queue statistics. Examples # Clear the outbound queue statistics for Ten-GigabitEthernet 1/0/1.
Congestion avoidance commands display qos wred interface Use display qos wred interface to display the WRED configuration for an interface. Syntax display qos wred interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the WRED configuration and statistics for all interfaces.
slot slot-number: Specifies a card by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device. The slot-number argument refers to the number of the slot where the card resides. (In IRF mode.) Usage guidelines If no WRED table is specified, the command displays the configuration of all WRED tables.
qos wred apply Use qos wred apply to apply a WRED table on an interface. Use undo qos wred apply to restore the default. Syntax qos wred apply [ table-name ] undo qos wred apply Default No WRED table is applied to an interface, and the tail drop mode is used on an interface. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters table-name: Specifies a WRED table by its name.
Predefined user roles network-admin Parameters queue: Creates a queue-based WRED table, which drops packets based on the queue when congestion occurs. table table-name: Specifies a name for the WRED table. Usage guidelines You cannot delete a WRED table in use. To delete it, first remove it from the specified interface. Examples # Create a queue-based WRED table named queue-table1.
high-limit high-limit: Specifies the upper limit for the average queue length. The high-limit argument is in the range of 0 to 16383 and must be greater than the low-limit argument. discard-probability discard-prob: Specifies the numerator for drop probability calculation in percentage, in the range of 0 to 100. Usage guidelines When the average queue size is smaller than the lower threshold, no packet is dropped.
Examples # In WRED table queue-table1, enable ECN for queue 1. system-view [Sysname] qos wred queue table queue-table1 [Sysname-wred-table-queue-table1] queue 1 ecn Related commands • display qos wred table • qos wred queue table queue weighting-constant Use queue weighting-constant to specify an exponent for average queue length calculation for a queue. Use undo queue weighting-constant to restore the default.
Aggregate CAR commands car name Use car name to reference an aggregate CAR action in a traffic behavior. Use undo car to remove an aggregate CAR action from a traffic behavior. Syntax car name car-name undo car Default No aggregate CAR action is configured in a traffic behavior. Views Traffic behavior view Predefined user roles network-admin Parameters car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.
Parameters car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If no CAR action is specified, this command displays the configuration and statistics of all the aggregate CAR actions. Examples # (In standalone mode.) Display the configuration and statistics for aggregate CAR.
Field Description Action to take on red packets: Red action • discard—Drops the packets. • pass—Permits the packets to pass through. Green packet Statistics about green packets. Red packet Statistics about red packets. qos car Use qos car to configure an aggregate CAR action. Use undo qos car to remove an aggregate CAR action.
yellow action: Specifies the action to take on packets that conform to PIR but not to CIR. The default setting is pass. action: Specifies the action to take on packets: • discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dot1p-pass new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and permits the packet to pass through. The new-cos argument is in the range of 0 to 7.
Time range commands display time-range Use display time-range to display time range configuration and status. Syntax display time-range { time-range-name | all } Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter. all: Displays the configuration and status of all existing time ranges.
Use undo time-range to delete a time range or a statement in the time range. Syntax time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 } undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ] Default No time range exists.
You can create multiple statements in a time range. Each time statement can take one of the following forms: • Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week. • Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur. • Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format.
Before contacting HP, collect the following information: • Product model names and numbers • Technical support registration number (if applicable) • Product serial numbers • Error messages • Operating system type and revision level • Detailed questions Subscription service HP recommends that you register your product at the Subscriber's Choice for Business website: http://www.hp.
Convention Description [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one. [ x | y | ... ] Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none. { x | y | ...
Represents a generic network device, such as a router, switch, or firewall. Represents an access point. Represents a security product, such as a firewall, a UTM, or a load-balancing or security card that is installed in a device. Represents a security card, such as a firewall card, a load-balancing card, or a NetStream card. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDFINPQRSTW display qos wred interface,99 A display qos wred table,99 accounting,41 display qos-acl resource,12 acl,1 display time-range,109 acl copy,2 display traffic behavior,43 acl name,3 display traffic classifier,34 B Documents,112 bandwidth,90 F C filter,44 car,42 I car name,105 if-match,35 classifier behavior,53 import,72 control-plane,54 N D nest top-most,45 description,4 display acl,4 P display packet-filter,6 packet-filter,14 display packet-filter statistics,
qos wred queue table,101 reset qos policy control-plane,68 qos wrr,82 reset qos policy global,69 qos wrr { byte-count | weight },83 reset qos queue-statistics interface,97 qos wrr group sp,84 reset qos vlan-policy,69 queue,102 rule (Ethernet frame header ACL view),17 queue,94 rule (IPv4 advanced ACL view),19 queue ecn,103 rule (IPv4 basic ACL view),24 queue weighting-constant,104 rule (IPv6 advanced ACL view),25 R rule (IPv6 basic ACL view),30 rule comment,32 redirect,46 remark customer-vl
