HP MSR2000/3000/4000 Router Series ACL and QoS Command Reference (V7) Part number: 5998-4016 Software version: CMW710-R0007P02 Document version: 6PW100-20130927
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL commands ···························································································································································· 1 acl ·············································································································································································· 1 acl copy ·············································································································································
qos apply policy (interface view) ························································································································ 61 qos policy ······························································································································································· 62 QoS policy-based traffic rate statistics collection period commands ······································································· 63 qos flow-interval····················
Time range commands ·············································································································································· 98 display time-range ················································································································································· 98 time-range ······························································································································································ 98 Supp
ACL commands acl Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified or all ACLs. Syntax acl [ ipv6 ] number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl [ ipv6 ] { all | name acl-name | number acl-number } Default No ACL exists.
Usage guidelines You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name. You can change the match order only for ACLs that do not contain any rules. Examples # Create IPv4 basic ACL 2000, and enter its view. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] # Create IPv4 basic ACL 2001 with the name flow, and enter its view.
smallest number from all available numbers in the same ACL category as the source ACL. Available value ranges include: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
Parameters interval: Specifies the interval in minutes at which packet filtering logs are generated and output. It must be a multiple of 5 and in the range of 0 to 1440. To disable generating packet filtering logs, assign 0 to the argument. Usage guidelines The system collects packet filtering logs for only IPv4 basic, IPv4 advanced, IPv6 basic, and IPv6 advanced ACL rules that have the logging keyword.
system-view [Sysname] acl ipv6 name flow [Sysname-acl6-basic-2001-flow] Related commands acl description Use description to configure a description for an ACL. Use undo description to delete an ACL description. Syntax description text undo description Default An ACL has no description.
Parameters acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. • 5000 to 5999 for user-defined ACLs.
Field Description rule 5 comment This rule is used on Ethernet 1/1. Comment of ACL rule 5. This field is not displayed when no comment is configured. display packet-filter Use display packet-filter to display whether an ACL has been successfully applied to an interface for packet filtering.
ACL 2002 (Failed) ACL 2003 (Failed) Table 2 Command output Field Description Interface Interface to which the ACL applies. In-bound policy ACL used for filtering incoming traffic. Out-bound policy ACL used for filtering outgoing traffic. ACL 2001 IPv4 basic ACL 2001 has been successfully applied. ACL 2002 (Failed) The device has failed to apply IPv4 basic ACL 2002. Default action for packet filtering: • Deny—The default action deny has been successfully applied for packet filtering.
• 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. • 5000 to 5999 for user-defined ACLs. This entry is not displayed if the ipv6 keyword is specified. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL.
Field 2 packets Description Two packets matched the rule. This field is not displayed when no packets matched the rule. rule 5 permit source 1.1.1.1 0 (Failed) The device has failed to apply rule 5. Totally 2 permitted, 0 packets denied Number of packets permitted and denied by the ACL. Totally 100% permitted, 0% denied Ratios of permitted and denied packets to all packets. Default action for packet filtering: • Deny—The default action deny has been successfully applied for packet filtering.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL; if you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL. brief: Displays brief accumulated packet filtering ACL statistics.
Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. inbound: Specifies the inbound direction. outbound: Specifies the outbound direction. acl-number: Specifies the number of an ACL: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
# Display application details of all IPv4 ACLs (including IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs) for incoming packet filtering on Ethernet 1/1. display packet-filter verbose interface ethernet 1/1 inbound Interface: Ethernet1/1 In-bound policy: ACL 2001, rule 0 permit rule 5 permit source 1.1.1.
Views Interface view Predefined user roles network-admin Parameters acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs s if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
Views System view Predefined user roles network-admin Usage guidelines The packet filter applies the default action to all ACL applications for packet filtering. The default action appears in the display command output for packet filtering. Examples # Set the packet filter default action to deny.
ACL or advanced ACL. If you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL. Examples # Clear statistics for IPv4 basic ACL 2001. reset acl counter 2001 Related commands display acl reset packet-filter statistics Use reset packet-filter statistics to clear the match statistics (including the accumulated statistics) and the default action statistics of ACLs for packet filtering.
• If the ipv6 keyword is not specified, all ACLs refer to all IPv4 basic, IPv4 advanced, Ethernet frame header, and user-defined ACLs. • If the ipv6 keyword is specified, all ACLs refer to all IPv6 basic and IPv6 advanced ACLs. Examples # Clear IPv4 basic ACL 2001 statistics for incoming packet filtering in VLAN 2.
lsap lsap-type lsap-type-mask: Matches the DSAP and SSAP fields in LLC encapsulation. The lsap-type argument is a 16-bit hexadecimal number that represents the encapsulation format. The lsap-type-mask argument is a 16-bit hexadecimal number that represents the LSAP mask. type protocol-type protocol-type-mask: Matches one or more protocols in the Ethernet frame header. The protocol-type argument is a 16-bit hexadecimal number that represents a protocol type in Ethernet_II and Ethernet_SNAP frames.
{ source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | { dscp | { precedence | tos } * } | fragment | icmp-type | logging | source | source-port | time-range | vpn-instance ] * Default An IPv4 advanced ACL does not contain any rule.
Parameters Function Description Specifies a ToS preference. The tos argument can be a number in the range of 0 to 15, or in words: max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0). dscp dscp Specifies a DSCP priority.
Parameters Function { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG. established Specifies the flags for indicating the established status of a TCP connection. Description Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ORed.
ICMP message name ICMP message type ICMP message code source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config.
• acl logging interval • display acl • step • time-range rule (IPv4 basic ACL view) Use rule to create or edit an IPv4 basic ACL rule. Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.
vpn-instance vpn-instance-name: Applies the rule to a VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If no VPN instance is specified, the rule applies only to non-VPN packets. Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails.
Default An IPv6 advanced ACL does not contain any rule. Views IPv6 advanced ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If no rule ID is provided when you create an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0.
Parameters Function Description logging Logs matching packets. This function requires that the module (for example, packet filtering) that uses the ACL supports logging. routing [ type routing-type ] time-range time-range-name routing-type: Value of the routing header type, in the range of 0 to 255. Specifies routing header types. If you specify the type routing-type option, the rule applies to the specified type of routing header. Otherwise, the rule applies to any type of routing header.
Parameters Function Description Parameter specific to TCP. established Specifies the flags for indicating the established status of a TCP connection. On a router, the rule matches TCP connection packets with the ACK or RST flag bit set. If the protocol argument is icmpv6 (58), set the parameters shown in Table 12. Table 12 ICMPv6-specific parameters for IPv6 advanced ACL rules Parameters Function Description The icmp6-type argument is in the range of 0 to 255.
If no optional keywords are provided in the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes. To view rules in an ACL and their rule IDs, use the display acl ipv6 all command. Examples # Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to FE80:5060::/96.
Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | routing | source | time-range | vpn-instance ] * Default An IPv6 basic ACL does not contain any rule.
Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config. If no optional keywords are provided in the undo rule command, you delete the entire rule. If optional keywords or arguments are provided, you delete the specified attributes.
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass. ipv4: Specifies that the offset is relative to the beginning of the IPv4 header. ipv6: Specifies that the offset is relative to the beginning of the IPv6 header. l2: Specifies that the offset is relative to the beginning of the Layer 2 frame header.
Use undo rule comment to delete an ACL rule comment. Syntax rule rule-id comment text undo rule rule-id comment Default An ACL has not rule comment. Views IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view, user-defined ACL view Predefined user roles network-admin Parameters rule-id: Specifies an ACL rule ID in the range of 0 to 65534. The ACL rule must already exist. text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters.
Usage guidelines The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can insert between two rules. Whenever the step changes, the rules are renumbered, starting from 0.
MPLS QoS commands if-match mpls-exp Use if-match mpls-exp to define a criterion to match the EXP field in the first (topmost) MPLS label. Use undo if-match mpls-exp to remove the match criterion. Syntax if-match [ not ] mpls-exp exp-value&<1-8> undo if-match [ not ] mpls-exp exp-value&<1-8> Default No criterion is defined to match the EXP field in the topmost MPLS label.
Predefined user roles network-admin Parameters exp-value: Specifies the EXP value in the range of 0 to 7. Examples # Set the EXP value to 0 for MPLS packets.
QoS policy commands Traffic class commands display traffic classifier Use display traffic classifier to display traffic class information. Syntax MSR2000/MSR3000: display traffic classifier { system-defined | user-defined } [ classifier-name ] MSR4000: display traffic classifier { system-defined | user-defined } [ classifier-name ] [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters system-defined: Displays system-defined traffic classes.
If-match not protocol ipv6 Classifier: 3 (ID 102) Operator: AND Rule(s) : -none- # Display the configuration of system-defined traffic class default-class. display traffic classifier system-defined default-class System-defined classifier information: Classifier: default-class (ID 0) Operator: AND Rule(s) : If-match any Table 14 Command output Field Description Classifier Traffic class name and its match criteria. Operator Match operator you set for the traffic class.
Table 15 Available match criteria Option Description Matches an ACL. acl [ ipv6 ] { acl-number | name acl-name } The acl-number argument ranges from 2000 to 5999 for an IPv4 ACL, and 2000 to 3999 for an IPv6 ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter, and to avoid confusion, it cannot be all. Matches an application group. app-group group-name The group-name argument specifies a system-defined application group by its name.
Option Description Matches the packet length. packet-length { min min-value | max max-value } * The min-value argument specifies the minimum packet length in the range of 1 to 2000 bytes, and the max-value argument specifies the maximum packet length in the range of 1 to 2000 bytes. Matches a protocol. protocol protocol-name The protocol-name argument can be ARP, IP, or IPv6. The MSR2000 routers do not support ARP as a match criterion.
Defining a criterion to match a source MAC address • You can configure multiple source MAC address match criteria for a traffic class. • A criterion to match a source MAC address is significant only to Ethernet interfaces. Defining a criterion to match DSCP values • You can configure multiple DSCP match criteria for a traffic class. All defined DSCP values are automatically sorted in ascending order. • You can configure up to eight DSCP values in one command line.
• To delete a criterion that matches MPLS EXP values, the specified MPLS EXP values in the command must be identical with those defined in the criterion (the sequence may be different).The MPLS EXP field exists only in MPLS packets, so this match criterion takes effect for only the MPLS packets. • As for software forwarding QoS, MPLS packets do not support IP-related matching rules. Defining a criterion to match CVLANs • You can configure multiple VLAN ID match criteria for a traffic class.
# Define a match criterion for traffic class class1 to match the ACL named flow. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow # Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 3101 # Define a match criterion for traffic class class1 to match the IPv6 ACL named flow.
# Define a match criterion for traffic class class1 to match the packets with a local QoS ID of 3. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match qos-local-id 3 # Define a match criterion for traffic class class1 to match the packets of the application group multimedia.
[Sysname-classifier-class1] Related commands display traffic classifier Traffic behavior commands car Use car to configure a CAR action in a traffic behavior. Use undo car to delete a CAR action from a traffic behavior. Syntax car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * undo car Default No CAR action is configured.
• remark-mpls-exp-pass new-exp: Sets the EXP field value of the MPLS packet to new-exp and permits the packet to pass through. The new-exp argument ranges from 0 to 7. • remark-prec-pass new-precedence: Sets the IP precedence of the packet to new-precedence and permits the packet to pass through. The new-precedence argument ranges from 0 to 7. Usage guidelines A QoS policy that references the traffic behavior can be applied in either the inbound direction or outbound direction of an interface.
Examples # Display information about user-defined traffic behaviors.
14 10 30 10 15 10 30 10 16 10 30 10 17 10 30 10 18 10 30 10 19 10 30 10 20 10 30 10 21 10 30 10 22 10 30 10 23 10 30 10 24 10 30 10 25 10 30 10 26 10 30 10 27 10 30 10 28 10 30 10 29 10 30 10 30 10 30 10 31 10 30 10 32 10 30 10 33 10 30 10 34 10 30 10 35 10 30 10 36 10 30 10 37 10 30 10 38 10 30 10 39 10 30 10 40 10 30 10 41 10 30 10 42 10 30 10 43 10 30 10 44 10 30 10 45 10 30 10
62 10 30 10 63 10 30 10 # Display the configuration of system-defined traffic behaviors.
Field Description Primap pre-defined table Information about pre-defined priority maps. For more information, see Priority map commands. Assured Forwarding Assure forwarding (AF) information. Bandwidth Bandwidth of the queue. Filter enable Traffic filtering action. Expedited Forwarding Expedited forwarding (EF) information. none No other traffic behavior is configured. filter Use filter to configure a traffic filtering action in a traffic behavior.
Default No GTS action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters cir committed-information-rate: Sets the CIR in kbps, which specifies the average traffic rate. cbs committed-burst-size: Sets the CBS in bytes, which specifies the size of bursty traffic when the actual average rate is not greater than CIR. ebs excess-burst-size: Sets the EBS in bytes. The default is 0. queue-length queue-length: Sets the maximum queue length. The default is 50.
Predefined user roles network-admin Parameters cir cir-percent: Sets the CIR in percentage in the range of 0 to 100. The actual CIR value is cir-percent × interface bandwidth. cbs cbs-time: Sets the CBS in the specified time (in ms). The default cbs-time is 500 ms. The actual CBS value is cbs-time × the actual CIR value. ebs ebs-time: Sets the EBS in the specified time (in ms). The default ebs-time is 0 ms. The actual EBS value is ebs-time × the actual CIR value.
Parameters dot1p-value: Specifies the 802.1p priority to be marked for packets, in the range of 0 to 7. Examples # Configure traffic behavior database to mark matching traffic with 802.1p 2. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dot1p 2 remark dscp Use remark dscp to configure a DSCP marking action. Use undo remark dscp to restore the default. Syntax remark dscp dscp-value undo remark dscp Default No DSCP marking action is configured.
Keyword DSCP value (binary) DSCP value (decimal) cs1 001000 8 cs2 010000 16 cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples # Configure traffic behavior database to mark matching traffic with DSCP 6. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dscp 6 remark ip-precedence Use remark ip-precedence to configure an IP precedence marking action.
Use undo remark local-precedence to delete the action. Syntax remark local-precedence local-precedence-value undo remark local-precedence Default No local precedence marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters local-precedence-value: Sets the local precedence to be marked for packets, in the range of 0 to 7. Examples # Configure traffic behavior database to mark matching traffic with local precedence 2.
traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior. Syntax traffic behavior behavior-name undo traffic behavior behavior-name Default No traffic behavior exists. Views System view Predefined user roles network-admin Parameters behavior-name: Sets a traffic behavior name, a case-sensitive string of 1 to 31 characters. Examples # Create a traffic behavior named behavior1.
Parameters policy-name: Specifies a policy by its name, a string of 1 to 31 characters. If the policy does not exist, it is automatically created. Usage guidelines You can nest a QoS policy in a traffic behavior to re-classify the traffic class associated with the behavior and take actions defined in the policy on the re-classified traffic.
Predefined user roles network-admin Parameters classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters. Usage guidelines A traffic class can associate with only one traffic behavior in a QoS policy. If the specified traffic class or traffic behavior does not exist, the system defines a null traffic class or traffic behavior.
classifier classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters. If no traffic class is specified, this command displays information about all traffic classes. slot slot-number: Specifies a card by its slot number. If no card is specified, this command displays the QoS policies on all cards. (MSR4000.) Examples # Display the configuration information of all the user-defined QoS policies.
Behavior: be -noneClassifier: ef (ID 1) Behavior: ef Expedited Forwarding: Bandwidth 20 (%) Cbs-ratio 25 Classifier: af1 (ID 2) Behavior: af Assured Forwarding: Bandwidth 20 (%) Discard Method: Tail Classifier: af2 (ID 3) Behavior: af Assured Forwarding: Bandwidth 20 (%) Discard Method: Tail Classifier: af3 (ID 4) Behavior: af Assured Forwarding: Bandwidth 20 (%) Discard Method: Tail Classifier: af4 (ID 5) Behavior: af Assured Forwarding: Bandwidth 20 (%) Discard Method: Tail For the output description, se
outbound: Displays information about the QoS policy applied to the outgoing traffic of the specified interface. Usage guidelines If no direction is specified, the command displays information about the QoS policies applied to incoming traffic and outgoing traffic. Examples # Display information about the QoS policy applied to the incoming traffic of GigabitEthernet 2/0/2.
Rule(s) : If-match acl 3000 Behavior: 0 Marking: Remark dscp af11 Committed Access Rate: CIR 10000 (kbps), CBS 625000 (Bytes), EBS 0 (Bytes) Green action : pass Yellow action : pass Red action : discard Green packets : 0 (Packets) 0 (Bytes) Yellow packets: 0 (Packets) 0 (Bytes) Red packets : 0 (Packets) 0 (Bytes) Classifier: 1 Matched : 0 (Packets) 0 (Bytes) 1-minute statistics: Forwarded: 0/0 (pps/bps) Dropped : 0/0 (pps/bps) Operator: AND Rule(s) : If-match acl 3001 Behavior: 1 Expedited Forwardin
Syntax qos apply policy policy-name { inbound | outbound } undo qos apply policy policy-name { inbound | outbound } Default No QoS policy is applied to an interface. Views Interface view Predefined user roles network-admin Parameters policy-name: Specifies a QoS policy name, a case-sensitive string of 1 to 31 characters. inbound: Applies the QoS policy to the incoming traffic of an interface. outbound: Applies the QoS policy to the outgoing traffic of an interface.
Views System view Predefined user roles network-admin Parameters policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters. Usage guidelines To use the undo qos policy command to delete a QoS policy that has been applied to a certain object, you must first remove it from the object. Examples # Define QoS policy user1.
Usage guidelines You can enable collection of per-class traffic statistics over a period, including the average forwarding rate and drop rate. For example, if you set the statistics collection period to 10 minutes, the system collects traffic statistics for the most recent 10 minutes and refreshes the statistics every 2 minutes. The traffic rate statistics collection period of a subinterface is the same as the period configured on the main interface.
Priority mapping commands Priority map commands display qos map-table Use display qos map-table to display the configuration of a priority map. Syntax display qos map-table [ dot1p-lp | dscp-lp ] Views Any view Predefined user roles network-admin network-operator Parameters The router provides the following types of priority map. Table 19 Priority maps Priority map Description dot1p-lp 802.1p-local priority map. dscp-lp DSCP-local priority map. Examples # Display the configuration of the 802.
Field Description TYPE Type of the priority map. IMPORT Input values of the priority map. EXPORT Output values of the priority map. import Use import to configure mappings for a priority map. Use undo import to restore the specified or all mappings to the default for a priority map. Syntax import import-value-list export export-value undo import { import-value-list | all } Default The default priority maps are used. For more information, see ACL and QoS Configuration Guide.
Predefined user roles network-admin Parameters For the description of the keywords, see Table 19. Usage guidelines The priority map applies to both inbound and outbound traffic. Examples # Enter the dot1p-lp priority map view. system-view [Sysname] qos map-table inbound dot1p-lp [Sysname-maptbl-in-dot1p-lp] Related commands • display qos map-table • import Port priority commands The command in this section is supported only on routers installed with Layer 2 Ethernet switching modules.
Related commands display qos trust interface Priority trust mode commands The commands in this section are supported only on routers installed with Layer 2 Ethernet switching modules. For information about interface modules, see HP MSR Series Routers Interface Module Manual. display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface.
Use undo qos trust to restore the default priority trust mode. Syntax qos trust { dot1p | dscp } undo qos trust Default The port priority is trusted. Views Interface view Predefined user roles network-admin Parameters dot1p: Uses the 802.1p priority in incoming packets for priority mapping. dscp: Uses the DSCP value in incoming packets for priority mapping. Examples # Set the trusted packet priority type to 802.1p priority on Ethernet 1/1.
Traffic policing, GTS, and rate limit commands Traffic policing commands display qos car interface Use display qos car interface to display the CAR configuration and statistics on a specified interface. Syntax display qos car interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Field Description EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used. PIR PIR in kbps. Green action Action to take on green packets. Yellow action Action to take on yellow packets. Red action Action to take on red packets. display qos carl Use display qos carl to display a specified CAR list or all CAR lists.
Syntax qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action | red action | yellow action ] * undo qos car { inbound | outbound } { any | acl [ ipv6 ] acl-number | carl carl-index } Default No CAR policy is configured on an interface.
• remark-dscp-continue new-dscp: Remarks the packet with a new DSCP value and hands it over to the next CAR policy. The value range is 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef. • remark-dscp-pass new-dscp: Remarks the packet with a new DSCP value and permits the packet to pass through. The value range is 0 to 63.
Views System view Predefined user roles network-admin Parameters carl-index: Specifies a CAR list by its number in the range of 1 to 199. dscp dscp-list: Specifies a list of DSCP values. A DSCP value can be a number from 0 to 63 or any of the following keywords af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef. You can configure up to eight DSCP values in one command line.
Examples # Apply CAR list 1 to the outbound direction of Ethernet 1/1. CAR list 1 limits the rate of each host on the subnet 1.1.1.0/24 to 100 kbps, and traffic of IP addresses in the subnet does not share the remaining bandwidth. system-view [Sysname] qos carl 1 source-ip-address subnet 1.1.1.0 24 per-address [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] qos car outbound carl 1 cir 100 cbs 6250 ebs 0 green pass red discard # Apply CAR list 2 to the outbound direction of Ethernet 1/1.
Queue Length: 100 (Packets) Queue Size Passed : 98 (Packets) : 2013671 (Packets) 249695204 (Bytes) Discarded: 13214444 (Packets) 1638591056 (Bytes) Delayed : 1921029 (Packets) 238207596 (Bytes) Table 23 Command output Field Description Interface Interface type and interface number. Rule(s) Match criteria. CIR CIR in kbps. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic.
acl [ ipv6 ] acl-number: Performs GTS for packets matching an ACL specified by its number. The value range for the acl-number argument depends on the device model. If ipv6 is not specified, this option specifies an IPv4 ACL. If ipv6 is specified, this option specifies an IPv6 ACL. cir committed-information-rate: Specifies the CIR in kbps. The value range for this argument depends on the device model. cbs committed-burst-size: Specifies the CBS in bytes.
Delayed : 7163933 (Packets) 888327692 (Bytes) Active shaping: Yes Table 24 Command output Field Description Interface Interface type and interface number. Direction Direction to which the rate limit configuration is applied: inbound or outbound. CIR CIR in kbps. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used.
Examples # Limit the rate of outgoing packets on Ethernet 1/1, with CIR 200 kbps and CBS 50000 bytes.
Congestion management commands FIFO queuing commands display qos queue fifo interface Use display qos queue fifo interface to display the FIFO configuration and statistics of an interface. Syntax display qos queue fifo interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Use undo qos fifo queue-length to restore the default. Syntax qos fifo queue-length queue-length undo qos fifo queue-length Default The FIFO queue length is 75. Views Interface view Predefined user roles network-admin Parameters queue-length: Sets the queue length. The value range for this argument is 1 to 1024. Usage guidelines You must enable the rate limit function for the queuing function to take effect on a subinterface. Examples # Set the FIFO queue length to 100.
Examples # Display the WFQ configuration and statistics of Ethernet 1/1. display qos queue wfq interface ethernet 1/1 Interface: Ethernet1/1 Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - Weighted Fair queuing: Size/Length/Discards 0/64/0 Weight: IP Precedence Queues: Active/Max active/Total 0/0/128 Table 26 Command output Field Description Interface Interface type and interface number.
queue-length max-queue-length: Specifies the maximum number of packets a queue can hold. The value range for the max-queue-length argument is 1 to 1024, and the default is 64. queue-number total-queue-number: Specifies the total number of queues, which can be 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096. The default is 256. Usage guidelines If you do not specify a weight type, the default weight type is IP precedence.
AF Queues: Allocated 1 Bandwidth(kbps): Available/Max reserve 74992/75000 Table 27 Command output Field Description Interface Interface type and interface number. Output queue Information about the current output queue. Size Number of packets in the queue. Length Queue length. Discards Number of dropped packets. EF EF queue. AF AF queue. BE BE queue. Active Number of active BE queues. Max active Maximum number of active BE queues allowed. Total Total number of BE queues.
Usage guidelines The maximum reserved bandwidth is set on a per-interface basis and decides the maximum bandwidth assignable for the QoS queues on an interface. It is typically set no greater than 80% of available bandwidth, considering the bandwidth for control traffic and Layer 2 frame headers. Use the default maximum reserved bandwidth setting in most situations. If you adjust the setting, make sure the Layer 2 frame header plus the data traffic is under the maximum available bandwidth of the interface.
• The bandwidth assigned to AF and EF in a policy must use the same form, either as an absolute bandwidth value or as a percentage. Examples # Configure AF in traffic behavior database and assign the minimum guaranteed bandwidth 200 kbps to it.
After the queue ef bandwidth pct percentage [ cbs-ratio ratio ] command is used, CBS equals (Interface available bandwidth × percentage × ratio)/100/1000. After the queue ef bandwidth bandwidth [ cbs burst ] command is used, CBS equals burst. If the burst argument is not specified, CBS equals bandwidth × 25. Examples # Configure EF in traffic behavior database, with the maximum bandwidth as 200 kbps and CBS as 5000 bytes.
Related commands • display qos queue cbq interface • traffic behavior queue-length Use queue-length to configure the maximum queue length and use tail drop. Use undo queue-length to delete the configuration. Syntax queue-length queue-length undo queue-length queue-length Default Tail drop is used, and the queue length is 64. Views Traffic behavior view Predefined user roles network-admin Parameters queue-length: Specifies the maximum queue length in the range of 1 to 1024.
undo wred Default WRED is not enabled. Views Traffic behavior view Predefined user roles network-admin Parameters dscp: Uses the DSCP value for calculating the drop probability for a packet. ip-precedence: Uses the IP precedence value for calculating the drop probability for a packet. This keyword is used by default. Usage guidelines You can configure this command only after you have configured the queue af or queue wfq command. This command and the queue-length command are mutually exclusive.
Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 17. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 1 to 255.
Predefined user roles network-admin Parameters precedence: Specifies an IP precedence value in the range of 0 to 7. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 1 to 255.
Parameters exponent: Specifies the exponent in the range of 1 to 16. Usage guidelines Before configuring this command, make sure the queue af or queue wfq command is configured and WRED is enabled by using the wred command. Disabling WRED also removes the wred weighting-constant command configuration. Examples # Set the exponent for WRED to calculate the average queue size to 6.
Congestion avoidance commands WRED commands display qos wred interface Use display qos wred interface to display the WRED configuration and statistics for an interface. Syntax display qos wred interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Field Description Low Lower limit for a queue. High Upper limit for a queue. Dis-prob Drop probability. Random-discard Number of packets dropped by WRED. Tail-discard Number of packets dropped by tail drop. qos wred enable Use qos wred enable to enable WRED on an interface. Use undo qos wred enable to restore the default. Syntax qos wred [ dscp | ip-precedence ] enable undo qos wred [ dscp | ip-precedence ] enable Default Tail drop is used.
Use undo qos wred dscp to restore the default. Syntax qos wred dscp dscp-value low-limit low-limit high-limit high-limit discard-probability discard-prob undo qos wred dscp dscp-value Default The low-limit is 10, high-limit is 30, and discard-prob is 10. Views Interface view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 17.
Default The low-limit is 10, high-limit is 30, and discard-prob is 10. Views Interface view Predefined user roles network-admin Parameters ip-precedence precedence: Specifies an IP precedence value in the range of 0 to 7. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 0 to 255.
Predefined user roles network-admin Parameters exponent: Specifies the exponent for average queue length calculation, in the range of 1 to 16. Usage guidelines Before configuring this command, enable WRED on the interface with the qos wred enable command. Examples # Set the exponent for the average queue size calculation to 6 on Ethernet 1/1.
Time range commands display time-range Use display time-range to display time range configuration and status. Syntax display time-range { time-range-name | all } Views Any view Predefined user roles network-admin network-operator Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter. all: Displays the configuration and status of all existing time ranges.
Syntax time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 } undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ] Default No time range exists. Views System view Predefined user roles network-admin Parameters time-range-name: Specifies a time range name.
• Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week. • Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur. • Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ACDFGIPQRSTW A I acl,1 if-match,37 acl copy,2 if-match mpls-exp,34 acl logging interval,3 import,66 acl name,4 P C packet-filter,13 car,44 packet-filter default deny,14 classifier behavior,56 Q D qos apply policy (interface view),61 description,5 qos car (interface view),71 display acl,5 qos carl,73 display packet-filter,7 qos fifo queue-length,80 display packet-filter statistics,8 qos flow-interval,63 display packet-filter statistics sum,10 qos gts,76 display packet-filter
reset acl counter,15 T reset packet-filter statistics,16 time-range,98 rule (Ethernet frame header ACL view),17 traffic behavior,55 rule (IPv4 advanced ACL view),18 traffic classifier,43 rule (IPv4 basic ACL view),23 traffic-policy,55 rule (IPv6 advanced ACL view),24 W rule (IPv6 basic ACL view),28 Websites,101 rule (user-defined ACL view),30 wred,88 rule comment,31 wred dscp,89 S wred ip-precedence,90 step,32 wred weighting-constant,91 Subscription service,101 105
