HP FlexFabric 11900 Switch Series ACL and QoS Command Reference Part number: 5998-4080 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL commands ···························································································································································· 1 acl ·············································································································································································· 1 acl copy ·············································································································································
display qos policy control-plane ·························································································································· 53 display qos policy control-plane pre-defined ····································································································· 55 display qos policy global ····································································································································· 57 display qos policy interface ···········
queue ecn ······························································································································································· 93 queue weighting-constant ····································································································································· 94 Aggregate CAR commands······································································································································· 96 car name ······
ACL commands acl Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified or all ACLs. Syntax acl [ ipv6 ] number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl [ ipv6 ] { all | name acl-name | number acl-number } Default No ACL exists.
You can change the match order only for ACLs that do not contain any rules. Examples # Create IPv4 basic ACL 2000, and enter its view. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] # Create IPv4 basic ACL 2001 with the name flow, and enter its view. system-view [Sysname] acl number 2001 name flow [Sysname-acl-basic-2001-flow] Related commands display acl acl copy Use acl copy to create an ACL by copying an ACL that already exists.
• 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. name dest-acl-name: Assigns a unique name to the ACL you are creating. The dest-acl-name takes a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. If no ACL name is specified, the system does not name the ACL.
When the ipv6 keyword is specified, this command sets the interval for generating and outputting IPv6 packet filtering logs. Examples # Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals. system-view [Sysname] acl logging interval 10 Related commands • rule (IPv4 advanced ACL view) • rule (IPv4 basic ACL view) • rule (IPv6 advanced ACL view) • rule (IPv6 basic ACL view) acl name Use acl name to enter the view of an ACL that has a name.
Syntax description text undo description Default An ACL has no description. Views IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view Predefined user roles network-admin Parameters text: Configures a description for the ACL, a case-sensitive string of 1 to 127 characters. Examples # Configure a description for IPv4 basic ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] description This is an IPv4 basic ACL.
name acl-name: Specifies an ACL by its name. The acl-name argument takes a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL. If you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL. Usage guidelines This command displays ACL rules in config or depth-first order, whichever is configured.
display packet-filter { interface [ interface-type interface-number ] [ inbound | outbound ] | interface vlan-interface vlan-interface-number [ inbound | outbound ] [ chassis chassis-number slot slot-number ] } Views Any view Predefined user roles network-admin network-operator Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number. VLAN interfaces are not supported.
display packet-filter statistics Use display packet-filter statistics to display match statistics of ACLs for packet filtering. Syntax display packet-filter statistics interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ brief ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the statistics of an interface specified by its type and number.
ACL 2001, Hardware-count From 2012-11-16 09:07:29 to 2012-11-16 09:14:03 rule 0 permit Totally 0 packets, 0% permitted Totally 0 packets, 0% denied Default action: Deny Table 3 Command output Field Description Interface Interface to which the ACL applies. In-bound policy ACL used for filtering incoming traffic. Out-bound policy ACL used for filtering outgoing traffic. ACL 2001 IPv4 basic ACL 2001 has been successfully applied. Hardware-count Successfully enables counting ACL rule matches.
acl-number: Specifies the number of an ACL: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. name acl-name: Specifies an ACL by its name.
display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ slot slot-number ] Distributed devices–In IRF mode: display packet-filter verbose interface interface-type interface-number { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies a
In-bound policy: ACL 2001, Hardware-count rule 0 permit source 2.2.2.2 0 rule 5 permit source 1.1.1.1 0 Default action: Deny Table 5 Command output Field Description Interface Interface to which the ACL applies. In-bound policy ACL used for filtering incoming traffic. Out-bound policy ACL used for filtering outgoing traffic. ACL 2001 IPv4 basic ACL 2001 has been successfully applied. Hardware-count Successfully enables counting ACL rule matches.
Interfaces: M-GE0/0/0 --------------------------------------------------------------------Type Total Reserved Configured Remaining Usage --------------------------------------------------------------------VFP ACL 2048 512 0 1536 25% IFP ACL 4096 1024 0 3072 25% IFP Meter 2048 512 0 1536 25% IFP Counter 2048 512 0 1536 25% EFP ACL 512 0 0 512 0% EFP Meter 256 0 0 256 0% EFP Counter 512 0 0 512 0% Interfaces: GE2/0/1 to GE2/0/24, XGE2/0/25 to XGE2/0/26 ----------
Field Description Total Total number of resources. Reserved Number of reserved resources. Configured Number of resources that has been applied. Remaining Number of resources that you can apply. Usage Percent of the used resources. packet-filter Use packet-filter to apply an ACL to an interface to filter packets. Use undo packet-filter to remove an ACL application from an interface.
Examples # Apply IPv4 basic ACL 2001 to filter incoming traffic on Ten-GigabitEthernet 1/0/1, and enable counting ACL rule matches performed in hardware.
Syntax reset acl counter [ ipv6 ] { acl-number | all | name acl-name } Views User view Predefined user roles network-admin Parameters acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs.
inbound: Specifies the inbound direction. outbound: Specifies the outbound direction. acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is specified when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass. cos vlan-pri: Matches an 802.1p priority.
system-view [Sysname] acl number 4000 [Sysname-acl-ethernetframe-4000] rule permit type 0806 ffff [Sysname-acl-ethernetframe-4000] rule deny type 8035 ffff Related commands • acl • display acl • step • time-range rule (IPv4 advanced ACL view) Use rule to create or edit an IPv4 advanced ACL rule. Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule.
Table 7 Match criteria and other rule information for IPv4 advanced ACL rules Parameters source { source-address source-wildcard | any } Function Description Specifies a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. The any keyword specifies any source IP address.
Table 8 TCP/UDP-specific parameters for IPv4 advanced ACL rules Parameters Function Description The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports. destination-port operator port1 [ port2 ] Specifies one or more UDP or TCP destination ports.
ICMP message name ICMP message type ICMP message code host-redirect 5 1 host-tos-redirect 5 3 host-unreachable 3 1 information-reply 16 0 information-request 15 0 net-redirect 5 0 net-tos-redirect 5 2 net-unreachable 3 0 parameter-problem 12 0 port-unreachable 3 3 protocol-unreachable 3 2 reassembly-timeout 11 1 source-quench 4 0 source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 Usage guidelines Within an ACL, the perm
# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for 192.168.1.0/24. system-view [Sysname] acl number 3001 [Sysname-acl-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255 [Sysname-acl-adv-3001] rule permit ip # Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets.
Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
[Sysname-acl-basic-2000] rule deny source any Related commands • acl • acl logging interval • display acl • step • time-range rule (IPv6 advanced ACL view) Use rule to create or edit an IPv6 advanced ACL rule. Use undo rule to delete an entire IPv6 advanced ACL rule or some attributes in the rule.
Table 11 Match criteria and other rule information for IPv6 advanced ACL rules Parameters Function Description source { source-address source-prefix | source-address/so urce-prefix | any } Specifies a source IPv6 address. The source-address and source-prefix arguments represent an IPv6 source address, and prefix length in the range of 1 to 128. destination { dest-address dest-prefix | dest-address/destprefix | any } Specifies a destination IPv6 address.
Table 12 TCP/UDP-specific parameters for IPv6 advanced ACL rules Parameters Function Description source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports. The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). destination-port operator port1 [ port2 ] The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. port2 is needed only when the operator argument is range.
ICMPv6 message name ICMPv6 message type ICMPv6 message code frag-time-exceeded 3 1 hop-limit-exceeded 3 0 host-admin-prohib 1 1 host-unreachable 1 3 neighbor-advertisement 136 0 neighbor-solicitation 135 0 network-unreachable 1 0 packet-too-big 2 0 port-unreachable 1 4 redirect 137 0 router-advertisement 134 0 router-solicitation 133 0 unknown-ipv6-opt 4 2 unknown-next-hdr 4 1 Usage guidelines Within an ACL, the permit or deny statement of each rule must be uniqu
# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for FE80:5060:1001::/48. system-view [Sysname] acl ipv6 number 3001 [Sysname-acl6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48 [Sysname-acl6-adv-3001] rule permit ipv6 # Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.
Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source 1001:: 16 [Sysname-acl6-basic-2000] rule permit source 3124:1123:: 32 [Sysname-acl6-basic-2000] rule permit source fe80:5060:1001:: 48 [Sysname-acl6-basic-2000] rule deny source any Related commands • acl • acl logging interval • display acl • step • time-range rule comment Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand.
step Use step to set a rule numbering step for an ACL. Use undo step to restore the default. Syntax step step-value undo step Default The rule numbering step is five. Views IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view Predefined user roles network-admin Parameters step-value: ACL rule numbering step in the range of 1 to 20. Usage guidelines The rule numbering step sets the increment by which the system numbers rules automatically.
QoS policy commands Traffic class commands display traffic classifier Use display traffic classifier to display traffic class information. Syntax display traffic classifier user-defined [ classifier-name ] Views Any view Predefined user roles network-admin network-operator Parameters user-defined: Displays user-defined traffic classes. classifier-name: Traffic class name, a case-sensitive string of 1 to 31 characters.
Table 15 Command output Field Description Classifier Traffic class name and its match criteria. Operator Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria. Rule(s) Match criteria. if-match Use if-match to define a match criterion. Use undo if-match to delete a match criterion.
Option Description Matches the 802.1p priority of the customer network. customer-dot1p dot1p-value&<1-8> The dot1p-value&<1-8> argument is a list of 802.1p priority values. An 802.1p priority is in the range of 0 to 7. &<1-8> indicates that you can enter up to eight 802.1p priority values. Matches the customer VLAN IDs (CVLANs).
• customer-dot1p 8021p-list • destination-mac mac-address • dscp dscp-list • ip-precedence ip-precedence-list • service-dot1p 8021p-list • source-mac mac-address • control-plane protocol protocol-name To create multiple if-match clauses for these match criteria or specify multiple values for the list arguments, specify the operator of the class as OR and use the if-match command multiple times.
• You can configure multiple VLAN IDs in one command line. If the same VLAN ID is specified multiple times, the system considers the VLAN IDs as one. If a packet matches one of the defined VLAN IDs, it matches the if-match clause. • To delete a criterion that matches VLAN IDs, the specified VLAN IDs in the command must be identical with those defined in the criterion (the sequence may be different).
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 3101 # Define a match criterion for traffic class class1 to match the IPv6 ACL named flow. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 name flow # Define a match criterion for traffic class class1 to match all packets.
[Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol-group normal traffic classifier Use traffic classifier to create a traffic class and enter traffic class view. Use undo traffic classifier to delete a traffic class. Syntax traffic classifier classifier-name [ operator { and | or } ] undo traffic classifier classifier-name Default No traffic class exists.
Default No traffic accounting action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters byte: Counts traffic in bytes. packet: Counts traffic in packets. Examples # Configure a traffic accounting action in traffic behavior database to count traffic in bytes. system-view [Sysname] traffic behavior database [Sysname-behavior-database] accounting byte car Use car to configure a CAR action in a traffic behavior.
pir peak-information-rate: Specifies the peak information rate (PIR) in kbps. The value range for the peak-information-rate argument is an integral multiple of 8 between 8 and 160000000. green action: Specifies the action to take on packets that conform to CIR. The default setting is pass. red action: Specifies the action to take on the packet that conforms to neither CIR nor PIR. The default setting is discard. yellow action: Action to take on packets that conform to PIR but not to CIR.
Parameters user-defined: Displays user-defined traffic behaviors. behavior-name: Behavior name, a case-sensitive string of 1 to 31 characters. Usage guidelines If no traffic behavior name is specified, this command displays information about all the user-defined traffic behaviors. Examples # Display information about user-defined traffic behaviors.
filter Use filter to configure a traffic filtering action in a traffic behavior. Use undo filter to delete a traffic filtering action from a traffic behavior. Syntax filter { deny | permit } undo filter Default No traffic filtering action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters deny: Drops packets. permit: Transmits the packets. Examples # Configure a traffic filtering action as deny in traffic behavior database.
Usage guidelines If a QoS policy contains a VLAN tag adding action, apply it only to the incoming traffic of an interface. If the traffic behavior already contains a VLAN tag adding action, the new one overwrites the old one. Examples # Configure traffic behavior b1 to add VLAN tag 123. system-view [Sysname] traffic behavior b1 [Sysname-behavior-b1] nest top-most vlan 123 redirect Use redirect to configure a traffic redirecting action in the traffic behavior.
remark customer-vlan-id Use remark customer-vlan-id to add a CVLAN marking action to a traffic behavior. Use undo remark customer-vlan-id to remove the action from the traffic behavior. Syntax remark customer-vlan-id vlan-id undo remark customer-vlan-id Default No CVLAN marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters vlan-id: Specifies a CVLAN ID in the range of 1 to 4094.
red: Specifies red packets. yellow: Specifies yellow packets. dot1p-value: Specifies the 802.1p priority to be marked for packets, in the range of 0 to 7. customer-dot1p-trust: Copies the 802.1p priority value in the inner VLAN tag to the outer VLAN tag after the QoS policy is applied to an interface. Usage guidelines Using both the remark dot1p dot1p-value command and the remark dot1p customer-dot1p-trust command will cause them to override each other. The most recent configuration of them takes effect.
[Sysname-behavior-database] remark drop-precedence 2 remark dscp Use remark dscp to configure a DSCP marking action. Use undo remark dscp to restore the default. Syntax remark [ green | red | yellow ] dscp dscp-value undo [ green | red | yellow ] remark dscp Default No DSCP marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters green: Specifies green packets. red: Specifies red packets. yellow: Specifies yellow packets.
Keyword DSCP value (binary) DSCP value (decimal) cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples # Configure traffic behavior database to mark matching traffic with DSCP 6. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dscp 6 remark ip-precedence Use remark ip-precedence to configure an IP precedence marking action. Use undo remark ip-precedence to delete the action.
Syntax remark [ green | red | yellow ] local-precedence local-precedence-value undo remark [ green | red | yellow ] local-precedence Default No local precedence marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters green: Specifies green packets. red: Specifies red packets. yellow: Specifies yellow packets. local-precedence-value: Sets the local precedence to be marked for packets, in the range of 0 to 7.
Usage guidelines Remarking local QoS IDs combines different traffic classes into one new class, which is indicated by a local QoS ID. You can configure a traffic behavior for this new class to implement two levels of actions on a traffic class. Remarking local QoS IDs applies to only the incoming traffic. Examples # Configure the action of marking packet with local QoS ID 2.
Views System view Predefined user roles network-admin Parameters behavior-name: Sets a traffic behavior name, a case-sensitive string of 1 to 31 characters. Examples # Create a traffic behavior named behavior1. system-view [Sysname] traffic behavior behavior1 [Sysname-behavior-behavior1] Related commands display traffic behavior QoS policy commands classifier behavior Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy.
Examples # Associate traffic class database with traffic behavior test in QoS policy user1. system-view [Sysname] qos policy user1 [Sysname-qospolicy-user1] classifier database behavior test Related commands qos policy control-plane Use control-plane to enter control plane view.
Views Any view Predefined user roles network-admin network-operator Parameters user-defined: Displays user-defined QoS policies. policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. If no QoS policy name is specified, this command displays configuration information of all the user-defined QoS policies. classifier classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.
display qos policy control-plane slot slot-number [ inbound ] In IRF mode: display qos policy control-plane chassis chassis-number slot slot-number [ inbound ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays information about the QoS policies applied to the control plane of the card specified by the slot number. (In standalone mode.) inbound: Displays information about the QoS policy applied to the incoming traffic of the control plane.
Filter enable: Permit Table 19 Command output Field Description Direction Direction (inbound) in which the QoS policy is applied. Green packets Statistics about green packets. Red packets Statistics about red packets. For the output description, see Table 15 and Table 17. display qos policy control-plane pre-defined Use display qos policy control-plane pre-defined to display information about the pre-defined QoS policy applied to the control plane.
IS-IS 29 512 critical VRRP 36 512 important OSPF Multicast 30 256 critical OSPF Unicast 30 256 critical IGMP 18 512 important OSFPv3 Unicast 30 256 critical OSPFv3 Multicast 30 256 critical VRRPv6 36 512 important ARP 12 256 normal DHCP Snooping 18 256 redirect DHCP 18 256 normal STP 36 256 critical LACP 36 64 critical GVRP 18 256 critical BGP 24 256 critical ICMP 7 512 monitor IPOPTION 18 64 normal BGPv6 24 256 critical IPOPTIONv6 18
ICMP 7 512 monitor IPOPTION 18 64 normal BGPv6 24 256 critical IPOPTIONv6 18 64 normal LLDP 24 64 important DLDP 24 64 critical TELNET 6 512 management SSH 6 512 management HTTP 12 64 management HTTPS 12 64 management ARP Snooping 18 256 redirect ICMPv6 6 512 monitor DHCPv6 18 256 normal Table 20 Command output Field Description Pre-defined control plane policy Contents of the pre-defined control plane QoS policy.
Usage guidelines If no direction is specified, this command displays information about both inbound and outbound global QoS policies. If no slot number is specified, this command displays the global QoS policies on the main processing unit. (In standalone mode.) If no slot or IRF member ID is specified, this command displays the global QoS policies applied to the global active MPU of the IRF fabric. (In IRF mode.) Examples # Display information about the inbound global QoS policy.
display qos policy interface Use display qos policy interface to display information about the QoS policies applied to an interface or all interfaces. Syntax display qos policy interface [ interface-type interface-number ] [ inbound | outbound ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number to display information about the QoS policies applied to it.
Classifier: 2 Operator: AND Rule(s) : If-match protocol ipv6 Behavior: 2 Accounting enable: 0 (Packets) Filter enable: Permit Marking: Remark dot1p 1 Table 22 Command output Field Description Direction Direction in which the QoS policy is applied to the interface. Green packets Traffic statistics for green packets. Red packets Traffic statistics for red packets. For the output description, see Table 15 and Table 17.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides. (In IRF mode.) Usage guidelines If no direction is specified, this command displays information about QoS policies applied to VLANs in both the inbound and outbound directions.
# Display information about QoS policy named 1 applied to VLANs. display qos vlan-policy name 1 Policy 1 Vlan 2: outbound Table 23 Command output Field Description Direction Direction in which the QoS policy is applied for the VLAN. Green packets Statistics about green packets. Red packets Statistics about red packets. Vlan 2: outbound The QoS policy is applied to the outbound direction of VLAN 2. For the output description, see Table 15 and Table 17.
Traffic mirroring to an interface Yes Yes Outer VLAN tag encapsulation Yes No Traffic redirecting Yes No CVLAN marking Yes Yes SVLAN marking Yes Yes 802.1p priority marking Yes Yes Drop precedence marking Yes No DSCP marking Yes Yes IP precedence marking Yes Yes Local precedence marking Yes No Local QoS ID marking Yes No Examples # Apply QoS policy USER1 to the incoming traffic of Ten-GigabitEthernet 1/0/1.
Usage guidelines A global QoS policy takes effect on all incoming or outgoing traffic depending on the direction in which the QoS policy is applied. Examples # Apply the QoS policy user1 to the incoming traffic globally. system-view [Sysname] qos apply policy user1 global inbound qos policy Use qos policy to create a QoS policy and enter QoS policy view. Use undo qos policy to delete a QoS policy. Syntax qos policy policy-name undo qos policy policy-name Default No QoS policy is configured.
Syntax qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } undo qos vlan-policy policy-name vlan vlan-id-list { inbound | outbound } Default No QoS policy is applied to a VLAN. Views System view Predefined user roles network-admin Parameters policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters. vlan-id-list: Specifies a list of up to eight VLAN IDs. A VLAN ID is in the range of 1 to 4094.
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides. (In IRF mode.) Examples # (In standalone mode.) Clear the statistics of the QoS policy applied to the incoming traffic of the control plane of card 3. reset qos policy control-plane slot 3 inbound # (In IRF mode.
inbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN. outbound: Clears the statistics of the QoS policy applied to the incoming traffic of the specified VLAN. Usage guidelines If no direction is specified, this command clears the statistics of the QoS policies in both directions of the VLAN. Examples # Clear the statistics of QoS policies applied to VLAN 2.
Priority mapping commands Priority map commands display qos map-table Use display qos map-table to display the configuration of a priority map. Syntax display qos map-table [ dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p ] Views Any view Predefined user roles network-admin network-operator Parameters The device provides the following types of priority map. Table 25 Priority maps Priority mapping Description dot1p-dp 802.1p-drop priority map. dot1p-exp 802.
3 : 3 4 : 4 5 : 5 6 : 6 7 : 7 Table 26 Command output Field Description MAP-TABLE NAME Name of the priority map. TYPE Type of the priority map. IMPORT Input values of the priority map. EXPORT Output values of the priority map. import Use import to configure mappings for a priority map. Use undo import to restore the specified or all mappings to the default for a priority map.
Syntax qos map-table { dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p } Views System view Predefined user roles network-admin Parameters For the description of keywords, see Table 25. Usage guidelines The dscp-dot1p priority map does not take effect on interfaces on SF cards. Examples # Enter the 802.1p-drop priority map view.
system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos priority 2 Related commands display qos trust interface Priority trust mode commands display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface.
undo qos trust Default The switch trusts the 802.1p priority carried in packets. Views Ethernet interface view Predefined user roles network-admin Parameters dot1p: Uses the 802.1p priority in incoming packets for priority mapping. dscp: Uses the DSCP value in incoming packets for priority mapping. Usage guidelines The interfaces of SF cards do not support the DSCP-to-802.1p priority mapping table.
GTS and rate limit commands GTS commands display qos gts interface Use display qos gts interface to view generic traffic shaping (GTS) configuration and statistics on a specified interface or all the interfaces. Syntax display qos gts interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Syntax qos gts queue queue-number cir committed-information-rate [ cbs committed-burst-size ] undo qos gts queue queue-number Default No GTS parameters are configured on an interface. Views Ethernet interface view Predefined user roles network-admin Parameters queue queue-number: Shapes the packets in the specified queue. The value range for the queue-number argument is 0 to 7. cir committed-information-rate: Specifies the CIR in kbps.
Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the rate limit configuration on all the interfaces. Examples # Display the rate limit configuration on all the interfaces.
cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 128000000. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512 that is greater than the product and smaller than 128000000.
Congestion management commands SP commands display qos sp Use display qos sp interface to view the SP queuing configuration of an interface. Syntax display qos sp interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the SP queuing configuration of all the interfaces.
Default An interface uses the SP queuing algorithm. Views Layer 2 Ethernet interface view Predefined user roles network-admin Examples # Enable SP queuing on Ten-GigabitEthernet 1/0/1. system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos sp Related commands display qos sp interface WRR commands display qos wrr interface Use display qos wrr interface to display the WRR queuing configuration on an interface.
ef 1 9 cs6 2 13 cs7 2 15 Table 31 Command output Field Description Interface Interface type and interface number. Output queue Type of the current output queue. Queue ID ID of a queue. Group Number of the group a queue is assigned to. By default, all queues belong to group 1. Weight Packet-based queue scheduling weight of a queue. N/A is displayed for a queue that uses the SP queue scheduling algorithm.
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr weight # Enable byte-count WRR queuing on Ten-GigabitEthernet 1/0/1. system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos wrr byte-count Related commands display qos wrr interface qos wrr { byte-count | weight } Use qos wrr { byte-count | weight } to configure the WRR queuing parameters for a queue on an interface. Use undo qos wrr to restore the default WRR queuing parameters of a queue on an interface.
Number Keyword 3 af3 4 af4 5 ef 6 cs6 7 cs7 Examples # Enable byte-count WRR queuing on Ten-GigabitEthernet 1/0/1, assign queue 0, with the scheduling weight 10, to WRR group 1, and assign queue 1, with the scheduling weight 5, to WRR group 2.
You must use the qos wrr command to enable WRR queuing before you can configure this command on an interface. The queue-id argument can be either a number or a keyword. Table 32 shows the number-keyword map. Examples # Enable packet-based WRR queuing on Ten-GigabitEthernet 1/0/1, and assign queue 0 to the SP group.
cs6 2 1 64 cs7 2 1 64 Table 33 Command output Field Description Interface Interface type and interface number. Output queue Type of the current output queue. Queue ID ID of a queue. Group Number of the group that holds the queue. By default, all queues are in group 1. Byte-count Byte-count scheduling weight of the queue. Min-Bandwidth Minimum guaranteed bandwidth.
system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq weight [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 0 min 100 Related commands qos wfq qos wfq Use qos wfq to enable WFQ and specify the WFQ weight type on an interface. Use undo qos wfq to disable WFQ and restore the default queuing algorithm on an interface.
Use undo qos wfq to restore the default. Syntax qos wfq queue-id group { 1 | 2 } { byte-count | weight } schedule-value undo qos wfq queue-id Default When WFQ queuing is used on an interface, all the queues are in WFQ group 1 and have a weight of 1. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7. group { 1 | 2 }: Specifies WFQ group 1 or 2. byte-count: Allocates bandwidth to queues in terms of bytes.
undo qos wfq queue-id Default When WFQ queuing is used on an interface, all the queues are in the WFQ group. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7. sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm. Usage guidelines This command is available only on a WFQ-enabled interface. Queues in the SP group are scheduled with SP, instead of WFQ.
Predefined user roles 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. outbound: Displays queue-based outbound traffic statistics. Examples # Display queue-based traffic statistics in the outbound direction of GigabitEthernet 1/0/1.
Table 34 Command output Field Description Interface Interface for which queue-based traffic statistics are displayed. Direction Direction of traffic for which statistics are collected. Forwarded Statistics for forwarded packets of all queues on the interface. Dropped Statistics for dropped packets of all queues on the interface. Queue Queue ID Forwarded: ..Statistics for forwarded packets of the queue Dropped: ..Statistics for dropped packets of the queue Current queue length: ..
Congestion avoidance commands display qos wred interface Use display qos wred interface to display the WRED configuration and statistics of an interface. Syntax display qos wred interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the WRED configuration and statistics of all the interfaces.
Predefined user roles network-admin network-operator Parameters name table-name: Specifies the name of the WRED table to be displayed. slot slot-number: Specifies a card by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device, and the slot-number argument refers to the number of the slot where the card resides. (In IRF mode.
Field Description yprob Drop probability for yellow packets. rmin Lower limit for red packets. rmax Upper limit for red packets. rprob Drop probability for red packets. exponent Exponent for average queue length calculation. Indicates whether ECN is enabled for the queue: ECN • Y—Enabled. • N—Disabled. qos wred apply Use qos wred apply to apply a WRED table on an interface. Use undo qos wred apply to restore the default.
qos wred queue table Use qos wred queue table to create a WRED table and enter WRED table view. Use undo qos wred queue table to delete a WRED table. Syntax qos wred queue table table-name undo qos wred queue table table-name Default No WRED table exists on the switch. Views System view Predefined user roles network-admin Parameters queue: Creates a queue-based WRED table, which drops packets based on the queue when congestion occurs. table table-name: Specifies a name for the WRED table.
Views WRED table view Predefined user roles network-admin Parameters queue-value: Specifies a queue number in the range of 0 to 7. drop-level drop-level: Specifies a drop level. This argument is a consideration for dropping packets. The value 0 corresponds to green packets, the value 1 corresponds to yellow packets, and the value 2 corresponds to red packets. If this argument is not specified, the subsequent configuration takes effect on the packets in the queue regardless of the drop level.
Views WRED table view Predefined user roles network-admin Parameters queue-value: Queue number in the range of 0 to 7. Usage guidelines When both the receiver and sender support ECN, the device can notify the peer end of the congestion status by identifying and setting the ECN flag. ECN avoids deteriorating congestion. Examples # In WRED table queue-table1, enable ECN for queue 1.
size × (1-2-n) + current queue size × 2-n, where n can be configured with the qos wred weighting-constant command. Examples # In WRED table queue-table1, set the exponent for average queue length calculation to 12 for queue 1.
Aggregate CAR commands car name Use car name to reference an aggregate CAR action in a traffic behavior. Use undo car to remove an aggregate CAR action from a traffic behavior. Syntax car name car-name undo car Default No aggregate CAR action is configured in a traffic behavior. Views Traffic behavior view Predefined user roles network-admin Parameters car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.
network-operator Parameters car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If no CAR action is specified, this command displays the configuration and statistics of all the aggregate CAR actions. Examples # (In standalone mode.) Display the configuration and statistics for aggregate CAR.
Field Description Action to take on yellow packets: Yellow action • discard—Drops the packets. • pass—Permits the packets to pass through. Action to take on red packets: Red action • discard—Drops the packets. • pass—Permits the packets to pass through. Green packet Statistics about green packets. Red packet Statistics about red packets. qos car Use qos car to configure an aggregate CAR action. Use undo qos car to remove an aggregate CAR action.
red action: Specifies the action to take on the packet that conforms to neither CIR nor PIR. The default setting is discard. yellow action: Specifies the action to take on packets that conform to PIR but not to CIR. The default setting is pass. action: Specifies the action to take on packets: • discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dot1p-pass new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and permits the packet to pass through.
Time range commands display time-range Use display time-range to display time range configuration and status. Syntax display time-range { time-range-name | all } Views Any view Predefined user roles network-admin network-operator Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter. all: Displays the configuration and status of all existing time ranges.
Syntax time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 } undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ] Default No time range exists. Views System view Predefined user roles network-admin Parameters time-range-name: Specifies a time range name.
• Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week. • Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur. • Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ACDFINPQRSTW display traffic behavior,41 A display traffic classifier,33 accounting,39 Documents,103 acl,1 acl copy,2 F acl logging interval,3 filter,43 acl name,4 I C if-match,34 car,40 import,69 car name,96 N classifier behavior,51 nest top-most,43 control-plane,52 P D packet-filter,14 description,4 packet-filter default deny,15 display acl,5 display packet-filter,6 Q display packet-filter statistics,8 display packet-filter statistics sum,9 qos apply policy (interface vie
queue ecn,93 reset qos vlan-policy,66 queue weighting-constant,94 rule (Ethernet frame header ACL view),17 R rule (IPv4 advanced ACL view),19 rule (IPv4 basic ACL view),23 redirect,44 rule (IPv6 advanced ACL view),25 remark customer-vlan-id,45 rule (IPv6 basic ACL view),29 remark dot1p,45 rule comment,31 remark drop-precedence,46 remark dscp,47 S remark ip-precedence,48 step,32 remark local-precedence,48 Subscription service,103 remark qos-local-id,49 T remark service-vlan-id,50 time-ra
