HP MSR Router Series ACL and QoS Command Reference(V5) Part number: 5998-2045 Software version: CMW520-R2511 Document version: 6PW103-20140128
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL configuration commands ····································································································································· 1 acl ·············································································································································································· 1 acl copy ······················································································································································
qos apply policy (user-profile view) ···················································································································· 65 qos policy ······························································································································································· 66 Policy-based traffic rate statistics collecting interval commands ··············································································· 67 qos flow-interval···············
queue af ······························································································································································· 105 queue ef································································································································································ 106 queue wfq ····························································································································································
cq ·········································································································································································· 147 display fr class-map············································································································································· 147 display fr fragment-info ······································································································································· 149 dis
ACL configuration commands acl Use acl to create a WLAN, IPv4 basic, IPv4 advanced, Ethernet frame header, or user-defined ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified ACLs. Syntax acl number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl { all | name acl-name | number acl-number } Default No ACL exists.
match-order: Sets the order in which ACL rules are compared against packets: • auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For more information, see ACL and QoS Configuration Guide. • config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher priority. If no match order is specified, the config order applies by default. The match-order keyword is not available for user-defined or WLAN ACLs.
name source-acl-name: Specifies an existing source ACL by its name. The source-acl-name argument takes a case-insensitive string of 1 to 63 characters. The name option is not available for WLAN ACLs. dest-acl-number: Assigns a unique number to the ACL you are creating. This number must be from the same ACL category as the source ACL.
Views System view Default command level 2: System level Parameters number acl6-number: Specifies the number of an ACL: • 2000 to 2999 for IPv6 basic ACLs • 3000 to 3999 for IPv6 advanced ACLs • 10000 to 42767 for simple ACLs name acl6-name: Assigns a name to the ACL for easy identification. The acl6-name argument takes a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The name option is not available for simple ACLs.
Views System view Default command level 2: System level Parameters source-acl6-number: Specifies an existing source ACL by its number: • 2000 to 2999 for IPv6 basic ACLs • 3000 to 3999 for IPv6 advanced ACLs name source-acl6-name: Specifies an existing source ACL by its name. The source-acl6-name argument takes a case-insensitive string of 1 to 63 characters. dest-acl6-number: Assigns a unique number to the ACL you are creating. This number must be from the same ACL category as the source ACL.
[Sysname] acl ipv6 name flow [Sysname-acl6-basic-2001-flow] Related commands acl ipv6 acl name Use acl name to enter the view of an IPv4 basic, IPv4 advanced, Ethernet frame header, or user-defined ACL that has a name. Syntax acl name acl-name Views System view Default command level 2: System level Parameters acl-name: Specifies an IPv4 basic, IPv4 advanced, Ethernet frame header, or user-defined ACL name, a case-insensitive string of 1 to 63 characters. It must start with an English letter.
Parameters text: ACL description, a case-sensitive string of 1 to 127 characters. Usage guidelines The MPU-G2 of an MSR50 router and the MSR93X router do not support WLAN ACL view. Examples # Configure a description for IPv4 basic ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] description This is an IPv4 basic ACL. # Configure a description for IPv6 basic ACL 2000.
Hardware Number ranges for acl-number MSR20 All ranges. MSR30 All ranges. MSR50 All ranges except that MPU-G2 does not support WLAN ACLs. MSR1000 All ranges. all: Displays information for all WLAN, IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs. name acl-name: Specifies an ACL by its name. The acl-name argument takes a case-insensitive string of 1 to 63 characters. It must start with an English letter. |: Filters command output by specifying a regular expression.
Field Description named flow The name of the ACL is flow. "-none-" means the ACL is not named. This field is not present for a WLAN ACL. 3 rules The ACL contains three rules. match-order is auto The match order for the ACL is auto, which sorts ACL rules in depth-first order. This field is not present when the match order is config. This is an IPv4 basic ACL. Description of the ACL. ACL's step is 5 The rule numbering step is 5. rule 0 permit Content of rule 0.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines This command displays ACL rules in config or depth-first order, whichever is configured.
Field Description rule 10 comment This rule is used in VPN rd Comment about ACL rule 10. display time-range Use display time-range to display the configuration and status of the specified time range or all time ranges. Syntax display time-range { time-range-name | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters.
reset acl counter Use reset acl counter to clear statistics for one or all WLAN, IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs.
Syntax reset acl ipv6 counter { acl6-number | all | name acl6-name } Views User view Default command level 2: System level Parameters acl6-number: Specifies an ACL by its number: • 2000 to 2999 for IPv6 basic ACLs • 3000 to 3999 for IPv6 advanced ACLs all: Clears statistics for all IPv6 basic and advanced ACLs. name acl6-name: Specifies an ACL by its name. The acl6-name argument takes a case-insensitive string of 1 to 63 characters. It must start with an English letter.
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass. cos vlan-pri: Matches an 802.1p priority. The vlan-pri argument can be a number in the range 0 to 7, or in words, best-effort (0), background (1), spare (2), excellent-effort (3), controlled-load (4), video (5), voice (6), or network-management (7).
rule (IPv4 advanced ACL view) Use rule to create or edit an IPv4 advanced ACL rule. You can edit ACL rules only when the match order is config. Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule. If no optional keywords are provided, this command deletes the entire rule. If optional keywords or arguments are provided, this command deletes the specified attributes.
Parameters Function Description destination { dest-address dest-wildcard | any } Specifies a destination address The dest-address dest-wildcard arguments represent a destination IP address and wildcard mask in dotted decimal notation. An all-zero wildcard specifies a host address. counting Counts the number of times the ACL rule has been matched. This option is disabled by default.
Table 5 TCP/UDP-specific parameters for IPv4 advanced ACL rules Parameters Function Description The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range). source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports. destination-port operator port1 [ port2 ] Specifies one or more UDP or TCP destination ports.
ICMP message name ICMP message type ICMP message code host-redirect 5 1 host-tos-redirect 5 3 host-unreachable 3 1 information-reply 16 0 information-request 15 0 net-redirect 5 0 net-tos-redirect 5 2 net-unreachable 3 0 parameter-problem 12 0 port-unreachable 3 3 protocol-unreachable 3 2 reassembly-timeout 11 1 source-quench 4 0 source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 Usage guidelines Within an ACL, the perm
[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp-data [Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp [Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp-data # Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.
fragment: Applies the rule only to non-first fragments. A rule without this keyword applies to both fragments and non-fragments. logging: Logs matching packets. This function is available only when the application module that uses the ACL supports the logging function. source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation.
dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destinatio
Parameters Function Description dscp dscp Specifies a DSCP preference. The dscp argument can be a number in the range of 0 to 63, or in words, af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). flow-label flow-label-value Specifies a flow label value in an IPv6 packet header.
Parameters Function Description { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * Specifies one or more TCP flags, including ACK, FIN, PSH, RST, SYN, and URG. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). Parameter specific to TCP. established Specifies the flags for indicating the established status of a TCP connection. Parameters specific to TCP. The TCP flags in a rule are ORed.
Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. To view rules in an ACL and their rule IDs, use the display acl ipv6 all command. Examples # Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to FE80:5060::/96, and enable logging matching packets.
Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | routing | source | time-range | vpn-instance ] * Default An IPv6 basic ACL does not contain any rule.
Examples # Create an IPv6 basic ACL rule to deny the packets from any source IP segment but 1001::/16, 3124:1123::/32, or FE80:5060:1001::/48.
Table 12 Match criteria and other rule information for simple ACL rules Parameters Function Description The addr-flag argument is in the range of 1 to 6, where: • 1—64-bit source address prefix + 64-bit destination address prefix addr-flag addr-flag Specifies an IPv6 source-destination address combination mode.
Table 13 TCP/UDP-specific parameters for simple ACL rules Parameters Function Description source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports. The operator argument can be lt (lower than), gt (greater than), eq (equal to), or range (inclusive range). destination-port operator port1 [ port2 ] Specifies one or more UDP or TCP destination ports. tcp-type { tcpurg | tcpack | tcppsh | tcprst | tcpsyn | tcpfin } Specifies a TCP flag.
ICMPv6 message name ICMPv6 message type ICMPv6 message code neighbor-solicitation 135 0 network-unreachable 1 0 packet-too-big 2 0 port-unreachable 1 4 redirect 137 0 router-advertisement 134 0 router-solicitation 133 0 unknown-ipv6-opt 4 2 unknown-next-hdr 4 1 Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique.
Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
Syntax rule [ rule-id ] { deny | permit } [ ssid ssid-name ] undo rule rule-id Default A WLAN ACL does not contain any rule. Views WLAN ACL view Default command level 2: system level Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0.
[Sysname-acl-wlan-100] quit [Sysname] user-interface vty 0 [Sysname-ui-vty0] acl 100 inbound Related commands • acl • display acl • step rule comment Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand. Use undo rule comment to delete the ACL rule comment. Syntax rule rule-id comment text undo rule rule-id comment Default An ACL rule has no rule comment.
[Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0 [Sysname-acl-basic-2000] rule 0 comment This rule is used on Ethernet 1/1. # Create a rule in IPv6 basic ACL 2000 and add a comment about the rule. system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule 0 permit source 1001::1 128 [Sysname-acl6-basic-2000] rule 0 comment This rule is used on Ethernet 1/1.
• Use the undo rule remark text command to remove all remarks that are the same as the text argument. • Use the undo rule rule-id remark command to delete a specific rule range remark. If you also specify the text argument, you must type in the remark the same as was specified to successfully remove the remark. When adding an end remark for a rule range, you can specify the end rule number plus 1 for the rule-id argument so all rules in this range appears between the two remarks.
step Use step to set a rule numbering step for an ACL. The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert between two rules. Whenever the step changes, the rules are renumbered, starting from 0.
system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] step 2 Related commands • display acl • display acl ipv6 time-range Use time-range to configure a time range. If you provide an existing time range name, the command adds a statement to the time range. Use undo time-range to delete a time range or a statement in the time range.
and YYYY is the year in the calendar in the range of 1970 to 2100. If not specified, the start time is 01/01/1970 00:00 AM, the earliest time available in the system. to time2 date2: Specifies the end time and date of the absolute time statement. The time2 argument has the same format as the time1 argument, but its value is in the range of 00:00 to 24:00. The date2 argument has the same format and value range as the date1 argument. The end time must be greater than the start time.
QoS policy commands Class commands display traffic classifier Use display traffic classifier to display class information. Syntax display traffic classifier { system-defined | user-defined } [ classifier-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters system-defined: Displays system-defined classes. user-defined: Displays user-defined classes. classifier-name: Class name, a string of 1 to 31 characters.
Table 16 Command output Field Description Classifier Class name and its match criteria. Operator Match operator you set for the class. If the operator is AND, the class matches the packets that match all its match criteria. If the operator is OR, the class matches the packets that match any of its match criteria. Rule(s) Match criteria. if-match Use if-match to define a match criterion. Use undo if-match to delete a match criterion.
Keyword and argument combination classifier classifier-name Description Matches a QoS class. The classifier-name argument is the name of the class. Matches the 802.1p priority of the customer network. customer-dot1p 8021p-list The 8021p-list argument is a list of up to eight 802.1p priority values. An 802.1p priority is in the range of 0 to 7. Matches the VLAN IDs of customer networks. customer-vlan-id { vlan-id-list | vlan-id1 to vlan-id2 } The vlan-id-list argument is a list of up to eight VLAN IDs.
Defining a criterion to match a source MAC address You can configure multiple source MAC address match criteria for a class. A criterion to match a source MAC address is significant only to Ethernet interfaces. Defining the relationships between match criteria This subsection describes how to use both AND and OR operators to define the match relationships between the criteria for a class. For example, define class classA with three match criteria.
Defining a criterion to match IP precedence values • You can configure multiple IP precedence match criteria for a class. The defined IP precedence values are automatically arranged in ascending order. • You can configure up to eight IP precedence values in one command line. If the same IP precedence is specified multiple times, the system considers them as one. If a packet matches one of the defined IP precedence values, it matches the if-match clause.
# Define a match criterion for class class1 to match the packets with their destination MAC addresses being 0050-ba27-bed3. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3 # Define a match criterion for class class2 to match the packets with their source MAC addresses being 0050-ba27-bed2.
# Define a match criterion for class class1 to match the packets with their DSCP values being 1, 6 or 9. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match dscp 1 6 9 # Define a match criterion for class class1 to match the FR packets with DE flags. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match fr-de # Define a match criterion for class class1 to match the packets received on interface Ethernet 1/1.
traffic classifier Use traffic classifier to create a class and enter class view. Use undo traffic classifier to delete a class. Syntax traffic classifier classifier-name [ operator { and | or } ] undo traffic classifier classifier-name Views System view Default command level 2: System level Parameters classifier-name: Specifies a class name, a string of 1 to 31 characters. operator: Sets the operator to logic AND or OR for the class. and: Specifies the logic AND operator.
Syntax car cir { committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] | percent percentage [ cbs committed-burst-size-ms [ ebs excess-burst-size-ms ] ] } [ green action ] [ red action ] undo car Default CBS is the amount of traffic transmitted at the rate of CIR over 500 ms.
Examples # Configure a CAR action in traffic behavior database (set the CIR to 200 kbps, CBS to 50000 bytes, and EBS to 0, and permit the conforming packets to pass, and mark the excess packets with IP precedence 0 and forward them.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Table 18 Command output Field Description User Defined Behavior Information User-defined behavior information. Behavior Name of a behavior. Assured Forwarding Information about an assured forwarding (AF) queue. Bandwidth Bandwidth of a queue. Discard Method Drop mode used when traffic exceeds the queue bandwidth: tail drop, IP precedence-based WRED, or DSCP-based WRED. General Traffic Shape GTS configuration information. Queue length Length of a queue.
undo filter Views Traffic behavior view Default command level 2: System level Parameters deny: Drops packets. permit: Permits packet to pass through. Examples # Configure the traffic filtering action as deny in traffic behavior database. system-view [Sysname] traffic behavior database [Sysname-behavior-database] filter deny gts Use gts to configure a GTS action in absolute value in a traffic behavior. Use undo gts to delete a GTS action.
Examples # Configure a GTS action in absolute value in traffic behavior database. The GTS parameters are as follows: CIR is 200 kbps, CBS is 50000 bytes, EBS is 0, and the maximum buffer queue length is 100.
Related commands • gts • qos policy • traffic behavior • classifier behavior redirect Use redirect to configure a traffic redirecting action in the traffic behavior. Use undo redirect to delete the traffic redirecting action. Syntax redirect { cpu | interface interface-type interface-number } undo redirect { cpu | interface interface-type interface-number } Views Traffic behavior view Default command level 2: System level Parameters cpu: Redirects traffic to the CPU.
remark dot1p Use remark dot1p to configure an 802.1p priority marking action. Use undo remark dot1p to delete the action. Syntax remark dot1p 8021p undo remark dot1p Views Traffic behavior view Default command level 2: System level Parameters 8021p: 802.1p priority to be marked for packets, in the range of 0 to 7. Examples # Configure traffic behavior database to mark matching traffic with 802.1p 2.
Table 19 DSCP keywords and values Keyword DSCP value (binary) DSCP value (decimal) default 000000 0 af11 001010 10 af12 001100 12 af13 001110 14 af21 010010 18 af22 010100 20 af23 010110 22 af31 011010 26 af32 011100 28 af33 011110 30 af41 100010 34 af42 100100 36 af43 100110 38 cs1 001000 8 cs2 010000 16 cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples # Configure traffic behavior database to mark m
Syntax remark ip-precedence ip-precedence-value undo remark ip-precedence Views Traffic behavior view Default command level 2: System level Parameters ip-precedence-value: IP precedence value to be marked for packets, in the range of 0 to 7. Examples # Set the IP precedence to 6 for packets.
traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior. Syntax traffic behavior behavior-name undo traffic behavior behavior-name Views System view Default command level 2: System level Parameters behavior-name: Sets a behavior name, a string of 1 to 31 characters. The specified behavior-name must not be a system-defined traffic behavior name like ef, af, be, or be-flow-based.
Parameters policy-name: Policy name, a string of 1 to 31 characters. The policy must already exist. Usage guidelines You can reference a QoS policy in a traffic behavior to re-classify the traffic class associated with the behavior and take action on the re-classified traffic as defined in the policy.
undo classifier classifier-name Views Policy view Default command level 2: System level Parameters classifier-name: Class name, a string of 1 to 31 characters. behavior-name: Behavior name, a string of 1 to 31 characters. Usage guidelines You cannot remove a default class. You can perform a set of QoS actions on a traffic class by associating a traffic behavior with the traffic class.
classifier-name: Class name, a string of 1 to 31 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Behavior Behavior associated with the class. A behavior is associated with a class. It can be configured with multiple actions. For more information, see the traffic behavior command in "Traffic behavior commands." display qos policy interface Use display qos policy interface to display information about the QoS policy or policies applied to an interface/PVC or all interfaces/PVCs.
Interface: Ethernet1/1 Direction: Outbound Policy: test Classifier: default-class Matched : 0(Packets) 0(Bytes) 5-minute statistics: Forwarded: 0/0 (pps/bps) Dropped : 0/0 (pps/bps) Rule(s) : If-match any Behavior: be Default Queue: Flow Based Weighted Fair Queuing Max number of hashed queues: 256 Matched : 0/0 (Packets/Bytes) Enqueued : 0/0 (Packets/Bytes) Discarded: 0/0 (Packets/Bytes) Discard Method: Tail Classifier: USER1 Matched : 0(Packets) 0(Bytes) 5-minute statistics: Forwarded: 0/0 (pps/bps) Dr
General Traffic Shape: CIR 300 (kbps), CBS 15000 (byte), EBS 0 (byte) Queue Length: 50 (Packets) Queue size Passed : 0 (Packets) : 0(Packets) 0(Bytes) Discarded: 0(Packets) 0(Bytes) Delayed : 0(Packets) 0(Bytes) Discard Method: Tail Marking: 0(Packets) Remark MPLS EXP 3 Assured Forwarding: Bandwidth 30 (Kbps) Matched : 0/0 (Packets/Bytes) Enqueued : 0/0 (Packets/Bytes) Discarded: 0/0 (Packets/Bytes) Discard Method: Tail Nest Policy: Traffic policy son1 Classifier: default-class Matched : 0/0 (Packets
Expedited Forwarding: Bandwidth 1000 (Kbps), CBS 25000 (Bytes) Matched : 0/0 (Packets/Bytes) Enqueued : 0/0 (Packets/Bytes) Discarded: 0/0 (Packets/Bytes) Table 21 Command output Field Description Interface Interface type and interface number. Direction Direction in which the policy is applied to the interface. Policy Name of the policy applied to the interface. Classifier Class name and configuration information. Matched Number of packets meeting the match criteria.
Field Description Queue Length Number of packets that the buffer queue can hold. Queue Size Number of packets in the buffer. Passed Number of packets/bytes permitted to pass through. Discarded Number of packets/bytes dropped. Delayed Number of packets/bytes delayed. Nest Policy Child policy of the policy applied to the interface. Traffic policy son1 The name of the child policy is son1. qos apply policy (interface view, port group view, PVC view) Use qos apply policy to apply a QoS policy.
• You can apply a QoS policy configured with various QoS actions (such as remark, car, gts, queue af, queue ef, queue wfq, and wred) to common physical interfaces, PVCs, and VT interfaces used by Multilink PPP (MP). • An inbound QoS policy cannot contain a GTS action or any of these queuing actions: queue ef, queue af, or queue wfq.
Usage guidelines You can only edit or remove the configurations in a disabled user profile. Disabling a user profile logs out the users that are using the user profile. The QoS policy applied to a user profile takes effect when the user-profile is activated and the users are online. Only the remark, car, and filter actions are supported in the QoS policies applied in user profile view. A null policy cannot be applied in user profile view.
Policy-based traffic rate statistics collecting interval commands qos flow-interval Use qos flow-interval to configure the QoS policy-based traffic rate statistics collecting interval for an interface. Use undo qos flow-interval to restore the default. Syntax qos flow-interval interval undo qos flow-interval Default QoS policy-based traffic rate statistics collecting interval is 5 minutes on an interface.
Priority mapping commands Priority mapping table commands display qos map-table Use display qos map-table to display the configuration of a priority mapping table. Syntax display qos map-table [ dot11e-lp | dot1p-lp | dscp-lp | lp-dot11e | lp-dot1p ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dot11e-lp: 802.11e-to-local mapping table. dot1p-lp: 802.1p-to-local mapping table. dscp-lp: DSCP-to-local mapping table.
Keyword MSR90 0 No dscp-lp MSR93 X Yes MSR20-1X No MSR20 MSR30 MSR50 MSR1000 No Yes with only MSR30-11E and MSR30-11F routers No Yes If no priority mapping table is specified, this command displays the configuration information of all priority mapping tables. If no direction is specified, this command displays the priority mapping tables in any direction. Examples # Display the configuration of the 802.1p-to-local mapping table.
Default command level 2: System level Parameters import-value-list: List of input values. export-value: Output value. all: Deletes all the mappings in the priority mapping table. Examples # Configure the 802.1p-to-local mapping table to map 802.1p priority values 4 and 5 to local precedence 1.
Keyword dot11e-lp, lp-dot11e, and lp-dot1p dscp-lp MSR900 Yes No MSR93 X MSR20-1X Yes Yes with WLAN-capabl e models and with WLAN modules Yes No MSR20 MSR30 MSR50 MSR1000 Yes with WLAN modules Yes with WLAN modules Yes with WLAN modules except for routers installed with MPU-G2 Yes No Yes with only MSR30-1 1E and MSR30-1 1F routers No Yes The priority mapping table for traffic in both directions applies. Examples # Enter the 802.1p-to-local mapping table view.
Examples # Set the port priority of interface Ethernet 1/1 to 2. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] qos priority 2 Per-port priority trust mode commands display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface.
Field Description Port priority trust type Priority trust mode on the interface, which can only be dot1p. qos trust Use qos trust to configure an interface to use a particular priority field carried in packets for priority mapping. Use undo qos trust to restore the default priority trust mode. Syntax qos trust { dot1p | dscp } undo qos trust Default The function is disabled. Views Layer 2 Ethernet interface view, port group view Default command level 2: System level Parameters dot1p: Uses the 802.
Traffic policing, GTS and line rate commands Traffic policing commands display qos car interface Use display qos car interface to display the CAR settings and operational statistics on a specified interface. Syntax display qos car interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Red : 0(Packets) 0(Bytes) Direction: Outbound Rule(s): If-match ACL CIR 10 (kbps), 2002 CBS 1875 (byte), EBS 0 (byte) Green Action: pass Red Action : discard Green : 0(Packets) 0(Bytes) Red : 0(Packets) 0(Bytes) Table 24 Command output Field Description Interface Interface name, including interface type and interface number. Direction Direction in which traffic policing is applied. Rule(s) Match criteria. CIR CIR in kbps.
Usage guidelines If no carl-index is specified, this command displays information about all the CAR lists. Examples # Display the rule indexed 1 in the CARL. display qos carl 1 Current CARL Configuration: List Params -----------------------------------------------------1 MAC Address 0001-0001-0001 Table 25 Command output Field Description List CAR list number. Params Match object.
pir peak-information-rate: PIR in kbps. The default is 0. green: Action conducted to packets when the traffic rate conforms to CIR. The default is pass. red: Action conducted to packets when the traffic rate exceeds CIR. The default is discard. action: Action conducted to packets: • continue—Continues to process the packet using the next CAR policy. • discard—Drops the packet. • pass—Permits the packet to pass through.
Views System view Default command level 2: System level Parameters carl-index: CAR list number in the range of 1 to 199. precedence precedence: Specifies a precedence value in the range of 0 to 7. mac mac-address: Specifies a MAC address in hexadecimal format. dscp dscp-list: Specifies a list of DSCP values. A DSCP value is in the range of 0 to 63 or any of the following keywords af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.
• If both the per-address keyword and the shared-bandwidth keyword are specified, the CIR specifies the total shared bandwidth for the network segment, and will be dynamically and evenly allocated to the traffic by IP address. For example, apply a CAR list to an interface with 10 Mbps of total bandwidth to perform per-address rate limiting for the network segment 192.168.0.1 to 192.168.0.100. If the shared-bandwidth keyword is specified for the CAR list, you can set the CIR to 10 Mbps at maximum.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
qos gts Use qos gts to set GTS parameters for a specific class of traffic or all the traffic on the interface or port group. Use qos gts acl to set GTS parameters for the traffic matching the specific ACL. You can set GTS parameters for different traffic flows by using different ACLs. Use qos gts any to set GTS parameters for all the traffic on the interface or port group. Use undo qos gts to remove GTS parameters for a specific class of traffic or all the traffic on the interface or port group.
Related commands acl Line rate commands display qos lr interface Use display qos lr interface to view the line rate configuration information and operational statistics on a specified interface or all the interfaces. Syntax display qos lr interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Delayed: 0(Packets) 0(Bytes) Active Shaping: NO Table 27 Command output Field Description Interface Interface type and interface number. Direction Direction in which the line rate configuration is applied: inbound or outbound. CIR CIR in kbps. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS Excessive burst size (EBS) in bytes, which specifies the traffic exceeding CBS when two token buckets are used.
Keyword inbound MSR900 No MSR93X No MSR20-1 X No MSR20 MSR30 MSR50 MSR100 0 No Yes with fixed Layer 2 Ethernet interfaces on only MSR30-11E and MSR30-11F routers and with MIM-16FSW and DMIM-24FSW Layer 2 Ethernet switching modules Yes with only FIC-16FS W and DFIC-24FS W Layer 2 Ethernet switching modules No Settings in interface view take effect on the current interface. Settings in port group view take effect on all ports in the port group.
Congestion management commands FIFO queuing commands qos fifo queue-length Use qos fifo queue-length to set the FIFO queue length. Use undo qos fifo queue-length to restore the default. Syntax qos fifo queue-length queue-length undo qos fifo queue-length Views Interface view, PVC view Default command level 2: System level Parameters queue-length: Queue length threshold. The value range for this argument varies by device model.
Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. pvc { pvc-name [ vpi/vci ] | vpi/vci }: Specifies a PVC on an ATM interface. pvc-name specifies the PVC by its name. vpi/vci specifies the PVC by its VPI/VCI pair. This option is only available for ATM interfaces. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Field Description Bottom Bottom priority queue. Related commands qos pq display qos pql Use display qos pql to display the configuration information of a PQ list or all the PQ lists. Syntax display qos pql [ pql-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters pql-number: Priority queue list number. |: Filters command output by specifying a regular expression.
qos pq Use qos pq to apply a PQ list to an interface. Use undo qos pq to restore the default. Syntax qos pq pql pql-index undo qos pq Default The congestion management policy of an interface is FIFO. Views Interface view, PVC view Default command level 2: System level Parameters pql: Specifies a PQ list. pql-index: PQ list index in the range of 1 to 16. Usage guidelines All physical interfaces, except interfaces with X.25 or LAPB encapsulation enabled, can use PQ.
Use undo qos pql default-queue to restore the default. Syntax qos pql pql-index default-queue { bottom | middle | normal | top } undo qos pql pql-index default-queue Views System view Default command level 2: System level Parameters pql-index: PQ list index in the range of 1 to 16. top, middle, normal, bottom: Corresponds to the four queues in PQ in descending priority order. The default queue is the normal queue.
Default command level 2: System level Parameters pql-index: PQ list index in the range of 1 to 16. interface-type interface-number: Specifies an interface by its type and number. top, middle, normal, bottom: Corresponds to the four queues in PQ in descending priority order. Usage guidelines You can execute this command multiple times with the same pql-index argument to create different match criteria for packets received from different interfaces.
Table 29 Values of the queue-key argument and the key-value argument queue-key key-value Description acl ACL number from 2000 to 3999 IP packets matching the specified ACL are enqueued. fragments — Fragmented IP packets are enqueued. greater-than Length from 0 to 65535 IP packets larger than a specified value are enqueued. less-than Length (0 to 65535) IP packets smaller than a specified value are enqueued.
Default command level 2: System level Parameters pql-index: PQL index in the range of 1 to 16. queue-length: Queue length for the specified queue, in the range of 1 to 1024. • 20 for the top queue • 40 for the middle queue • 60 for the normal queue • 80 for the bottom queue Usage guidelines If a queue is full, all subsequent packets to this queue are dropped. Examples # Set the length of the top queue in PQL 10 to 10.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters cql-index: CQ list index in the range of 1 to 16. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Default command level 2: System level Parameters cql-index: CQ list index in the range of 1 to 16. Usage guidelines Except interfaces with X.25 or LAPB encapsulation enabled, all physical interfaces can use CQ. An interface can use only one CQ list. You can configure multiple match criteria for a CQ list. During traffic classification, the system matches packets with the rules in the CQ list. If a packet matches a certain rule, the packet is assigned to the queue, and the matching process is over.
Parameters cql-index: CQ list index in the range of 1 to 16. queue-number: Queue number in the range of 1 to 16. Usage guidelines Packets that match no match criterion are allocated to the default queue. Examples # Specify queue 2 as the default queue for CQ list 5.
system-view [Sysname] qos cql 5 inbound-interface ethernet 1/1 queue 3 Related commands • qos cql default-queue • qos cql protocol • qos cql queue serving • qos cql queue qos cql protocol Use qos cql protocol to assign a custom queue for IP packets that match a certain criterion. Use undo qos cql protocol to delete the match criterion.
Usage guidelines The system matches a packet with match criteria of a CQ list in the order configured. When the packet matches a certain criterion, it is allocated to the queue and the matching process is over. You can execute this command multiple times with the same cql-index argument to create multiple match criteria for IP packets. Examples # Configure a rule in CQ list 5 to assign packets matching ACL 3100 to queue 3.
• qos cql inbound-interface • qos cql protocol • qos cql queue serving • qos cq qos cql queue serving Use qos cql queue serving to set the byte count for a custom queue on a CQ list. Use undo qos cql queue serving to restore the default. Syntax qos cql cql-index queue queue-number serving byte-count undo qos cql cql-index queue queue-number serving Views System view Default command level 2: System level Parameters cql-index: CQ list index in the range of 1 to 16.
Syntax display qos wfq interface [ interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. pvc { pvc-name [ vpi/vci ] | vpi/vci }: Specifies a PVC on an ATM interface. pvc-name specifies the PVC by its name. The vpi/vci argument specifies the PVC by its VPI/VCI pair.
Field Description Hashed by Weight type: IP precedence or DSCP. Hashed queues Information about hashed queues. Active Number of active hashed queues. Max active Maximum number of active hashed queues. Total Total number of hashed queues. Related commands qos wfq qos wfq Use qos wfq to apply WFQ to an interface or modify WFQ parameters on an interface/PVC. Use undo qos wfq to restore the default congestion management mechanism FIFO on the interface/PVC.
[Sysname] interface ethernet1/1 [Sysname-Ethernet1/1] qos wfq queue-length 100 queue-number 512 Related commands • display interface • display qos wfq interface CBQ commands display qos cbq interface Use display qos cbq interface to display the class-based queue (CBQ) configuration and operational information of an interface/PVC or all interfaces/PVCs.
Output queue : (Class Based Queuing : Size/Discards) Queue Size: 0/0/0 (EF/AF/BE) BE Queues: 0/0/256 (Active/Max active/Total) AF Queues: 1 (Allocated) 0/0 Bandwidth(Kbps): 74992/75000 (Available/Max reserve) Table 33 Command output Field Description Interface Interface type and interface number. Output queue Information about the current output queue. Size Number of packets in the queue. Length Queue length. Discards Number of dropped packets. EF EF queue. AF AF queue. BE BE queue.
If the maximum available bandwidth is not configured, the base QoS bandwidth used for CBQ calculation is as follows: • Actual baudrate or rate of a physical interface. • 1000000 kbps for VLAN interfaces. • Total bandwidth of a logical serial interface formed by binding, such as T1/E1 interfaces, MFR interfaces, and MP interfaces. • 1000000 kbps for template interfaces such as VT, dialer, BRI, and PRI interfaces. • 384 kbps for cellular interfaces.
undo qos reserved-bandwidth Views Interface view, PVC view Default command level 2: System level Parameters pct percent: Specifies the percentage of available bandwidth to be reserved. The value range for percent is 1 to 100, and the default is 80. Usage guidelines The maximum reserved bandwidth is set on a per-interface basis. It decides the maximum bandwidth assignable for the QoS queues on an interface.
• The total percentage of the maximum available bandwidth assigned for AF and EF in a policy must be no more than 100. • The bandwidth assigned to AF and EF in a policy must use the same form, either as an absolute bandwidth value or as a percentage. Examples # Configure AF in traffic behavior database and assign the minimum guaranteed bandwidth 200 kbps for it.
The bandwidths assigned for AF and EF in a policy must have the same type, bandwidth or percentage. After the queue ef bandwidth pct percentage [ cbs-ratio ratio ] command is used, CBS equals (Interface available bandwidth × percentage × ratio)/100/1000. After the queue ef bandwidth bandwidth [ cbs burst ] command is used, CBS equals burst. If the burst argument is not specified, CBS equals bandwidth×25.
Related commands • qos policy • traffic behavior • classifier behavior queue-length Use queue-length to configure the maximum queue length and use tail drop. Use undo queue-length to delete the configuration. Syntax queue-length queue-length undo queue-length queue-length Default Tail drop is used, and the queue length is 64. Views Traffic behavior view Default command level 2: System level Parameters queue-length: Maximum queue length in the range of 1 to 512.
Use undo wred to delete the configuration. Syntax wred [ dscp | ip-precedence ] undo wred Views Traffic behavior view Default command level 2: System level Parameters dscp: Uses the DSCP value for calculating drop probability for a packet. ip-precedence: Uses the IP precedence value for calculating drop probability of a packet. This keyword is the default. Usage guidelines You can configure this command only after you have configured the queue af command or the queue wfq command.
Parameters dscp-value: DSCP value in the range of 0 to 63. This argument can also be represented using one of the keywords listed in Table 19. low limit low-limit: Specifies the lower WRED limit value in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit value in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability denominator in the range of 1 to 255.
low limit low-limit: Specifies the lower WRED limit value in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit value in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability denominator in the range of 1 to 255. Usage guidelines Before configuring this command, make sure the IP precedence-based WRED drop is enabled using the wred command. The wred ip-precedence command configuration is removed when the wred command configuration is removed.
The wred weighting-constant command configuration is removed if the wred command configuration is removed. Examples # Set the exponent for calculating the average queue length to 6.
If a VT interface is specified, this command displays QoS RTP priority queuing information of all VA interfaces inheriting the VT interface, but does not display QoS information about the VT interface. Examples # Display the information of the current IP RTP priority queue. display qos rtpq interface Interface: Ethernet1/1 Output queue : (RTP queuing : Size/Max/Outputs/Discards) 0/0/0/0 Table 34 Command output Field Description Interface Interface type and interface number.
Set the bandwidth argument to a value greater than the total bandwidth that the real-time application requires to allow bursty traffic. You must enable the line rate function for the queuing function to take effect on these interfaces: tunnel interfaces, subinterfaces, HDLC link bundle interfaces, and VT/dialer interfaces configured with PPPoE, PPPoA, PPPoEoA, PPPoFR, or MPoFR (frame relay traffic shaping is not enabled on the frame relay interface).
Examples # Set the number of QoS tokens to 1. system-view [Sysname] interface serial 2/0 [Sysname-Serial2/0] qos qmtoken 1 [Sysname-Serial2/0] shutdown [Sysname-Serial2/0] undo shutdown Packet information pre-extraction commands qos pre-classify Use qos pre-classify to enable packet information pre-extraction on the tunnel interface. Use undo qos pre-classify to disable packet information pre-extraction on the tunnel interface.
Views Interface view Default command level 2: System level Usage guidelines If the first fragment of local fragments is dropped, all subsequent fragments are dropped. Local fragment pre-drop applies to IPv4 and IPv6 local fragments. Examples # Enable local fragment pre-drop on interface Ethernet 1/1.
Congestion avoidance commands WRED commands display qos wred interface Use display qos wred interface to display the WRED configuration and statistics of an interface/PVC. Syntax display qos wred interface [ interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
1 100 1000 1 0 0 2 10 30 10 0 0 3 10 30 10 0 0 4 10 30 10 0 0 5 10 30 10 0 0 6 10 30 10 0 0 7 10 30 10 0 0 Table 35 Command output Field Description Interface Interface type and interface number. Exponent WRED exponent for average queue length calculation. Precedence IP precedence. Random discard Number of packets randomly dropped. Tail discard Number of packets dropped using tail drop. Low limit Lower limit for a queue.
Examples # Enable WRED on Ethernet 1/1, and use the IP precedence for drop probability calculation. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] qos wfq queue-length 100 queue-number 512 [Sysname-Ethernet1/1] qos wred ip-precedence enable Related commands • qos wfq • display qos wred interface qos wred dscp Use qos wred dscp to configure the lower limit, upper limit, and drop probability for a DSCP value. Use undo qos wred dscp to restore the default.
qos wred ip-precedence Use qos wred ip-precedence to configure the lower limit, upper limit, and drop probability for an IP precedence value. Use undo qos wred ip-precedence to restore the default. Syntax qos wred ip-precedence ip-precedence low-limit low-limit high-limit high-limit discard-probability discard-prob undo qos wred ip-precedence ip-precedence Views Interface view, PVC view Default command level 2: System level Parameters ip-precedence precedence: IP precedence value in the range of 0 to 7.
Views Interface view, PVC view Default command level 2: System level Parameters exponent: Exponent for average queue length calculation, in the range of 1 to 16. This argument is 9 by default. Usage guidelines Before this configuration, enable WRED on the interface/PVC with the qos wred enable command first. Examples # Set the exponent for the average queue length calculation to 6 on Ethernet 1/1.
Usage guidelines If no WRED table name is specified, this command displays the configuration of all the WRED tables. Examples # Display the configuration of WRED table 1.
undo qos wred table table-name Default No global WRED table is created. Views System view Default command level 2: System level Parameters queue: Creates a queue-based table. Packets are dropped based on the queue when congestion occurs. table table-name: Specifies a name for the table. Usage guidelines A WRED table in use cannot be removed. A queue-based WRED table applies to only Layer 2 ports, and vice versa. Examples # Create a queue-based WRED table named queue-table1.
low limit low-limit: Specifies the lower WRED limit value in the range of 1 to 128. discard-probability discard-prob: Specifies the drop probability denominator in the range of 1 to 16. Examples # Configure the drop probability of queue 1 for the global queue-based WRED table queue-table1.
In interface view, the setting takes effect on the current port only. In port group view, the setting takes effect on all the ports in the port group. Examples # Apply the queue-based WRED table queue-table1 to the Layer 2 port Ethernet 1/1.
DAR commands dar enable Use dar enable to enable DAR for traffic recognition on the current interface. Use undo dar enable to disable DAR on the current interface. Syntax dar enable undo dar enable Default DAR is disabled on an interface. Views Interface view Default command level 2: System level Examples # Enable DAR for traffic recognition on Ethernet 1/1.
and RTCP. After the limitation is reached, DAR marks all incoming packets of these applications as unrecognizable. For the packets of other TCP/UDP protocols, DAR continues to perform packet recognition. Examples # Set the maximum number of sessions that DAR can recognize to 1000. system-view [Sysname] dar max-session-count 1000 dar p2p signature-file Use dar p2p signature-file to load the specified P2P signature file. Use undo dar p2p signature-file to unload the specified P2P signature file.
Table 37 Default port numbers of protocols Protocol name Protocol type Default port numbers BGP TCP/UDP 179 Cifs TCP 445 Citrix TCP 1494 Citrix UDP 1604 CUSeeMe TCP 7648, 7649 CUSeeMe UDP 7648, 7649, 24032 DHCP UDP 67, 68 DNS TCP/UDP 53 Exchange TCP 135 Fasttrack TCP 1214 Finger TCP 79 FTP TCP 21 Gnutella TCP 6346, 6347, 6348, 6349, 6355, 5634 Gopher TCP/UDP 70 H323 TCP 1300, 1718, 1719, 1720, 11000 through 11999 H323 UDP 1300, 1718, 1719, 1720, 11720 HTTP
Protocol name Protocol type Default port numbers PCAnywhere UDP 22, 5632 POP3 TCP/UDP 110 PPTP TCP 1723 Printer TCP/UDP 515 RCMD TCP 512, 513, 514 RIP UDP 520 RSVP UDP 1698, 1699 RTSP TCP 554 Secure-FTP TCP 990 Secure-HTTP TCP 443 Secure-IMAP TCP/UDP 585, 993 Secure-IRC TCP/UDP 994 Secure-LDAP TCP/UDP 636 Secure-NNTP TCP/UDP 563 Secure-POP3 TCP/UDP 995 Secure-TELNET TCP 992 SIP TCP/ UDP 5060 Skinny TCP 2000, 2001, 2002 SMTP TCP 25 SNMP TCP/UDP 16
Default command level 2: System level Parameters protocol: Protocol type, which can be one of the protocols listed in Table 37, RTP, RTCP, user-defined01, user-defined02, …, or user-defined10. No port is specified for the ten user-defined protocols (user-defined01 through user-defined10) in the initial state. A user-defined protocol takes effect after a port is specified for it. You can use the dar protocol-rename command to change the name of a user-defined protocol. tcp: TCP-based protocol.
[Sysname-protocol-group-1] dar protocol-rename Use dar protocol-rename to change the name of a user-defined protocol. Use undo dar protocol-rename to restore the default. Syntax dar protocol-rename old-name user-defined-name undo dar protocol-rename user-defined-name Default The names of the user-defined protocols are user-defined01, user-defined02, …, user-defined10.
Default command level 2: System level Parameters flow-interval time: Specifies the accounting interval in minutes. The value range for time is 1 to 30, and the default is 5. Usage guidelines The packet accounting function of DAR collects the traffic statistics on a per-application basis on interfaces. It helps you identify aggressive applications. Examples # Enable the packet accounting function of DAR for Ethernet 1/1, setting the accounting interval to 7 minutes.
display dar protocol Use display dar protocol to display information about a protocol or all protocols in DAR. Syntax display dar protocol { protocol-name | all } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters protocol-name: Displays information about a protocol. The range for this argument is the same as that in the dar protocol command. all: Displays information about all the protocols.
gnutella tcp 5634 6355 range 6346 6349 gopher tcp 70 udp 70 tcp 1300 1718 1719 1720 range 11000 11999 h323 udp 1300 1718 1719 1720 11720 http tcp 80 imap tcp 143 220 udp 143 220 tcp 194 udp 194 tcp 88 749 udp 88 749 l2tp udp 1701 ldap tcp 389 udp 389 tcp 2427 2428 2727 irc kerberos mgcp udp 2427 2727 napster tcp 6699 8875 8888 7777 6700 6666 6677 6688 4444 5555 netbios tcp 137 138 139 udp 137 138 139 netshow tcp 1755 nfs tcp 2049 udp 2049 tcp 119
secure-irc tcp 994 udp 994 tcp 636 udp 636 tcp 563 udp 563 tcp 995 udp 995 secure-telnet tcp 992 sip tcp 5060 secure-ldap secure-nntp secure-pop3 udp 5060 skinny tcp 2000 2001 2002 smtp tcp 25 snmp tcp 161 162 udp 161 162 socks tcp 1080 sqlnet tcp 1521 sqlserver tcp 1433 ssh tcp 22 streamwork udp 1558 sunrpc tcp 111 udp 111 syslog udp 514 telnet tcp 23 tftp udp 69 vdolive tcp 7000 winmx tcp 6699 xwindows tcp range 6000 6003 user-def
display dar protocol-rename Use display dar protocol-rename to display information about renamed user-defined protocols. Syntax display dar protocol-rename [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Syntax display dar protocol-statistic [ p2p | protocol protocol-name | top top-number | all ] [ interface interface-type interface-number ] [ direction { in | out } ] [ | { begin | exclude | include } regular-expression ] Default This command displays both inbound and outbound traffic. Views Any view Default command level 1: Monitor level Parameters p2p: Displays P2P traffic statistics. protocol protocol-name: Displays the packet statistics of the protocol specified for the protocol-name argument.
# Display the P2P traffic statistics on Ethernet 1/1. display dar protocol-statistic p2p interface ethernet 1/1 Interface: Ethernet1/1 Protocol In/Out Packet Count Byte Count Bit Rate in MSN Yahoo Message Total 5 min Max Bit Rate in 5 min (bps) (bps) IN 0 0 0 0 OUT 0 0 0 0 IN 0 0 0 0 OUT 0 0 0 0 IN 0 0 0 0 OUT 3 126 0 0 Table 41 Command output Field Description Protocol Protocol name. In/Out Direction of packets (inbound/outbound).
smtp, snmp, socks, sqlnet, sqlserver, ssh, streamwork, sunrpc , syslog, telnet, tftp, vdolive, winmx, xwindows, unknown-tcp, unknown-udp, unknown-others, user-defined01, user-defined02…user-defined10 (if the names of user-defined01 through user-defined10 are modified, the new names are used). Among these protocols names, unknown-tcp identifies unknown TCP protocol packets, unknown-udp identifies unknown UDP protocol packets, and unknown-others identifies other unknown IP protocol packets.
Wildcard Description (|) Matches either the string on the right or the string on the left within the specified range. For example, "index.(htm|jsp)" is to match both index htm and index jsp. [] Matches any character specified in the square brackets, or matches a special character, including *, #, [, (, |, and ). For example, "[0-9]" is to match any number, "[*]" is to match *, and "[[] is to match [. Examples # Define a criterion to match HTTP packets with the host name *.abc.com for class http-class.
system-view [Sysname] traffic classifier rtp-class2 [Sysname-classifier-rtp-class2] if-match protocol rtp payload-type 0 1 4 5 6 10 64 protocol Use protocol to add the specified protocol to the current protocol group. Use undo protocol to delete the specified protocol from the protocol group. Syntax protocol protocol-name undo protocol protocol-name Default No protocol exists in a protocol group.
protocol protocol-name: Clears the statistics of a protocol. The range for the protocol-name argument is the same as that in the if-match protocol command. interface-type interface-number: Specifies an interface by its type and number. all: Clears the statistics of all protocols. Examples # Clear the FTP statistics of Ethernet 1/1. reset dar protocol-statistic protocol ftp interface ethernet 1/1 # Clear the statistics of all the protocols.
FR QoS configuration commands apply policy outbound Use apply policy outbound to apply a QoS policy. Use undo apply policy outbound to cancel the application. Syntax apply policy policy-name outbound undo apply policy outbound Views FR class view Default command level 2: System level Parameters policy-name: Name of the applied policy, a string of 1 to 31 characters. Examples # Define a class class1.
undo cbs [ inbound | outbound ] Views FR class view Default command level 2: System level Parameters inbound: Sets the CBS for the incoming packets. This argument is available when FR traffic policing is enabled on interfaces. outbound: Sets the CBS for the outgoing packets. This argument is available when FR traffic policing is enabled on interfaces. committed-burst-size: CBS in the range of 300 to 16000000 bits. The default value of CBS is 56000 bits.
Usage guidelines CIR is the minimum transmit rate that a PVC can provide. When congestion occurs to the network, the user can still send data at the rate of CIR. When congestion occurs to the network, DCE sends packets with the BECN flag bit 1 to DTE. On receiving the packets, DTE gradually decreases the transmit rate of PVCs from CIR ALLOW to CIR. If DTE receives no packets with the BECN flag bit 1 within 125 ms, DTE restores the transmit rate of PVCs to CIR ALLOW.
Examples # Set CIR ALLOW to 64000 bps for the FR class test1. system-view [Sysname] fr class test1 [Sysname-fr-class-test1] cir allow 64000 Related commands • cbs • ebs • cir congestion-threshold Use congestion-threshold to enable congestion management for FR PVCs. Use undo congestion-threshold to disable the congestion management function.
Related commands fr congestion-threshold cq Use cq to apply CQ to the FR PVCs. Use undo cq to restore the default queuing (FIFO queuing). Syntax cq cql cql-index undo cq Default PVCs use FIFO queuing. Views FR class view Default command level 2: System level Parameters cql cql-index: CQL index in the range of 1 to 16. Usage guidelines If this command is executed multiple times for an FR class, the new configuration overwrites the previous one. Examples # Apply CQL 10 to the FR class test1.
Default command level 1: Monitor level Parameters fr-class class-name: Displays the mapping relationship between the specified FR class and interfaces. The class-name argument is the name of an FR class, and is a string of 1 to 30 characters. interface interface-type interface-number: Displays the mapping relationship between FR classes and the specified interface. The interface-type interface-number argument specifies an interface by its type and number.
fr dlci 100 Serial2/0 fr-class ts fr dlci 222 Serial2/0.1 fr-class ts display fr fragment-info Use display fr fragment-info to display the FR fragmentation information.
display fr fragment-info interface serial 2/0:1 200 Type : FRF12(End to End) Size : 80 Data-level: 200 Voice-level: 0 Pre-fragment: out pkts : 0 out bytes :0 Fragmented: in pkts : 0 out pkts : 0 in bytes: 0 out bytes: 0 Assembled: in pkts : 0 Dropped in bytes :0 : in pkts : 0 out pkts :0 in bytes: 0 out bytes: 0 Out-of-sequence pkts: 0 Table 45 Command output Field Description Type Fragment type: FRF.12, FRF.11 Annex C, or Motorola fragment. Size Fragment size in bytes.
Parameters all: Displays the information about all the switching PVC. name switch-name: Displays the information about the switching PVC specified by the switch-name argument, which is a string of 1 to 256 characters. interface interface-type interface-number: Displays the information about switching PVCs on the interface specified by the interface-type interface-number argument. |: Filters command output by specifying a regular expression.
dlci dlci-number: Displays information about CBQ applied to a DLCI specified by the dlci-number argument, which is in the range of 16 to 1007. inbound: Displays the information about CBQ applied in the inbound direction. outbound: Displays the information about CBQ applied in the outbound direction. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Discarded: 0/0 (Packets/Bytes) Table 47 Command output Field Description Interface Interface with CBQ applied. Direction Direction in which the policy is applied to the interface. Policy Name of the policy applied to the interface. Classifier Classification rules in the policy and the configuration information. Matched Number of packets matching the classification rules. Traffic rate statistics collected in the last 5 minutes.
Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
undo ebs [ inbound | outbound ] Views FR class view Default command level 2: System level Parameters inbound: Sets the EBS for the incoming packets. This argument is available when FR traffic policing is enabled on interfaces. outbound: Sets the EBS for the outgoing packets. This argument is available when FR traffic policing is enabled on interfaces. excess-burst-size: EBS in the range of 0 to 16000000 bits. The default value of EBS is 0 bits.
Usage guidelines Set the FIFO queue length for a DLCI if the device functions as the DCE and an FR class is applied to the DLCI. Examples # Set the FIFO queue length to 80 for the FR class test1. system-view [Sysname] fr class test1 [Sysname-fr-class-test1] fifo queue-length 80 Related commands fr class fr class Use fr class to create an FR class and enter FR class view. Use undo fr class to remove the specified FR class.
fr congestion-threshold Use fr congestion-threshold to enable congestion management for an FR interface. Use undo fr congestion-threshold to disable the congestion management function. Syntax fr congestion-threshold { de | ecn } queue-percentage undo fr congestion-threshold { de | ecn } Default The congestion management function is disabled for FR interfaces.
undo fr de del list-number dlci dlci-number Default No DE rule list is applied to FR PVCs. Views FR interface (primary interface or subinterface) view, MFR interface view Default command level 2: System level Parameters list-number: DE rule list number in the range of 1 to 10. dlci-number: FR PVC number in the range of 16 to 1007. Usage guidelines Configured in primary interface view, this command applies a specific DE rule list only to the FR PVC of the primary interface.
Parameters list-number: DE rule list number in the range of 1 to 10. interface-type interface-number: Specifies an interface by its type and number. Usage guidelines Execute this command multiple times to add new rules to a DE rule list. Up to 100 rules can be configured for a DE rule list. Executed once, the undo fr del inbound-interface command removes only one DE rule. To remove a DE rule list, make sure that all the DE rules in the DE rule list are removed. Examples # Add a rule to DE rule list 1.
less-than bytes: IP packets with the length less than the bytes argument. The value range for the bytes argument is 0 to 65535. tcp ports: IP packets with the source or destination TCP port number as the ports argument. The value range for the ports argument is 0 to 65535. The ports argument can be either a port name or the associated port number. udp ports: IP packets with the source or destination UDP port number as the ports argument. The value range for the ports argument is 0 to 65535.
normal-limit: Normal queue length in the number of packets, in the range of 1 to 1024. This argument is 60 by default. bottom-limit: Bottom queue length in the number of packets, in the range of 1 to 1024. This argument is 80 by default. Usage guidelines With FR traffic policing enabled on an interface, only FIFO queuing or PVC PQ is available. PVC PQ is a new queuing mechanism for FR classes. Similar to PQ, PVC PQ includes four queue types: top, middle, normal, bottom, in the descending priority order.
Related commands fr class fr traffic-shaping Use fr traffic-shaping to enable FRTS. Use undo fr traffic-shaping to disable FRTS. Syntax fr traffic-shaping undo fr traffic-shaping Default FRTS is disabled. Views FR interface view, MFR interface view Default command level 2: System level Usage guidelines FRTS is applied to the outgoing interfaces and are usually applied to the DCE of an FR network. Examples # Enable FRTS on Serial 2/0.
Default command level 2: System level Parameters fragment-size: Fragment size in the range of 16 to 1600 bytes. This argument is 45 bytes by default. data-level: Specifies the fragment size for data packets. voice-level: Specifies the fragment size for voice packets. Usage guidelines If neither data-level nor voice-level is specified, the fragment size is specified for data packets. Examples # Enable the packet fragmentation function with the fragment size of 128 bytes for the FR class test1.
Examples # Associate the FR class test1 with an FR PVC with DLCI 200. system-view [Sysname] interface serial 2/0 [Sysname-Serial2/0] fr dlci 200 [Sysname-fr-dlci-Serial2/0-200] fr-class test1 Related commands • fr class • fr dlci (Layer 2—WAN Command Reference) pq Use pq to apply PQ to the FR PVCs. Use undo pq to restore the default queuing (FIFO queuing). Syntax pq pql pql-index undo pq Default FR PVCs adopt FIFO queuing.
undo pvc-pq Default Packets from the FR PVC are assigned to the normal queue. Views FR class view Default command level 2: System level Parameters bottom: Specifies the bottom queue. middle: Specifies the middle queue. normal: Specifies the normal queue. top: Specifies the top queue. Usage guidelines PVC PQ queues include the top queue, the middle queue, the normal queue, and the bottom queue, in descending priority order. The packets of a given PVC can only be assigned to a specific queue.
end-port max-dest-port: Upper threshold for destination UDP port numbers, in the range of 2000 to 65535. The value of the max-dest-port argument cannot be smaller than that of the min-dest-port argument. bandwidth: Specifies the RTP priority queue bandwidth in the range of 8 to 1000000 kbps. cbs committed-burst-size: CBS in the range of 1500 to 2000000 bytes. The default is 55550 bytes.
Examples # Enable FRTS adaptation to regulate the traffic of the FR packets with the BECN flag bit 1 and regulate 20% of the total traffic every time. system-view [Sysname] fr class test1 [Sysname-fr-class-test1] traffic-shaping adaptation becn 20 Related commands • fr traffic-shaping • cir allow • cir wfq Use wfq to apply WFQ to the FR PVC. Use undo wfq to restore the default queuing (FIFO queuing) on the PVC.
MPLS QoS commands if-match mpls-exp Use if-match mpls-exp to define an MPLS EXP-based match criterion. Use undo if-match mpls-exp to remove the match criterion. Syntax if-match [ not ] mpls-exp exp-value-list undo if-match [ not ] mpls-exp exp-value-list Views Traffic class view Default command level 2: System level Parameters not: Matches packets not conforming to the specified criterion. exp-value-list: List of EXP values. Up to eight EXP values can be input. An EXP value is in the range of 0 to 7.
queue queue: Specifies a custom queue by its number in the range of 0 to 16. exp-value-list: List of EXP values in the range of 0 to 7. You can enter up to eight EXP values for this argument. Usage guidelines This command can be executed multiple times with the same cql-index argument to create multiple classification rules for the CQ list. The classification rules of a CQ list are matched in the order configured.
Related commands qos pql protocol remark mpls-exp Use remark mpls-exp to configure an EXP value marking action in a traffic behavior. Use undo remark mpls-exp to delete the action. Syntax remark mpls-exp exp-value undo remark mpls-exp Views Traffic behavior view Default command level 2: System level Parameters exp-value: EXP value in the range of 0 to 7. Examples # Set the EXP value to 0 for MPLS packets.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ACDEFGIPQRSTW display qos cq interface,92 A display qos cql,93 acl,1 display qos gts interface,79 acl copy,2 display qos lr interface,82 acl ipv6,3 display qos map-table,68 acl ipv6 copy,4 display qos policy,58 acl ipv6 name,5 display qos policy interface,60 acl name,6 display qos policy interface,151 apply policy outbound,143 display qos pq interface,85 C display qos pql,87 car,45 display qos pvc-pq interface,153 cbs,143 display qos rtpq interface,112 cir,144 display qos trust
gts percent,51 qos rtpq,113 I qos trust,73 qos wfq,101 if-match,39 qos wred apply,124 if-match mpls-exp,168 qos wred dscp,119 if-match protocol,138 qos wred enable,118 if-match protocol http,139 qos wred ip-precedence,120 if-match protocol rtp,140 qos wred table,122 import,69 qos wred weighting-constant,120 P queue,123 pq,164 queue af,105 protocol,141 queue ef,106 pvc-pq,164 queue wfq,107 Q queue-length,108 qos apply policy (interface view, port group view, PVC view),64 R qos app
wred,108 traffic-policy,56 traffic-shaping adaptation,166 wred dscp,109 W wred ip-precedence,110 wred weighting-constant,111 Websites,171 wfq,167 176
