HP MSR Router Series ACL and QoS Command Reference(V7) Part number: 5998-5696 Software version: CMW710-R0106 Document version: 6PW100-20140607
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL commands ···························································································································································· 1 acl ·············································································································································································· 1 acl copy ·············································································································································
display qos policy control-plane management··································································································· 65 display qos policy control-plane management pre-defined ·············································································· 66 display qos policy control-plane pre-defined ····································································································· 68 display qos policy interface ·················································
Congestion avoidance commands························································································································· 103 WRED commands ························································································································································ 103 display qos wred interface ································································································································· 103 qos wred enable··········
ACL commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. acl Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified or all ACLs.
Usage guidelines You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name. You can change the match order only for ACLs that do not contain any rules. Examples # Create IPv4 basic ACL 2000, and enter its view. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] # Create IPv4 basic ACL 2001 with the name flow, and enter its view.
• 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. name dest-acl-name: Assigns a unique name to the ACL you are creating.
Usage guidelines The system collects packet filtering logs for only IPv4 basic, IPv4 advanced, IPv6 basic, and IPv6 advanced ACL rules that have the logging keyword. • When the ipv6 keyword is not specified, this command sets the interval for generating and outputting IPv4 packet filtering logs. • When the ipv6 keyword is specified, this command sets the interval for generating and outputting IPv6 packet filtering logs.
description Use description to configure a description for an ACL. Use undo description to delete an ACL description. Syntax description text undo description Default An ACL has no description. Views IPv4 basic/advanced ACL view IPv6 basic/advanced ACL view Ethernet frame header ACL view Predefined user roles network-admin Parameters text: Configures a description for the ACL, a case-sensitive string of 1 to 127 characters. Examples # Configure a description for IPv4 basic ACL 2000.
• 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. all: Displays information about all IPv4 basic, IPv4 advanced, and Ethernet frame header ACLs if you do not specify the ipv6 keyword, or displays information about all IPv6 basic and IPv6 advanced ACLs if you specify the ipv6 keyword.
display packet-filter NOTE: Support for this command depends on the device model. Use display packet-filter to display ACL application information for packet filtering.
Interface: GigabitEthernet2/1/0 In-bound policy: ACL 2001 ACL6 2002 (Failed) ACL 4003 (Failed) ACL 2004 IPv4 default action: Deny # Display ACL application information for interzone packet filtering from source zone office to destination zone library. display packet-filter interzone source office destination library Interzone: source office destination library ACL 2001 ACL 2002 Table 2 Command output Field Description Interface Interface to which the ACL applies.
Parameters interface interface-type interface-number: Displays the statistics of an interface specified by its type and number. interzone source source-zone-name destination destination-zone-name: Displays the statistics of an interzone instance. The source-zone-name argument specifies a source zone by its name. The destination-zone-name argument specifies a destination zone by its name. A zone name is a case-insensitive string of 1 to 31 characters.
ACL 4000 From 2011-06-04 10:25:34 to 2011-06-04 10:35:57 rule 0 permit ACL ipv6 2000 IPv4 default action: Deny From 2011-06-04 10:25:21 to 2011-06-04 10:35:57 Totally 7 packets IPv6 default action: Deny From 2011-06-04 10:25:41 to 2011-06-04 10:35:57 Totally 0 packets MAC default action: Deny From 2011-06-04 10:25:34 to 2011-06-04 10:35:57 Totally 0 packets # Display statistics of IPv4 advanced ACL 3000 for interzone packet filtering from source zone office to destination zone library.
Field Description Packet filter default action for packets that do not match any IPv4 ACLs: • Deny—The default action deny has been successfully applied IPv4 default action for packet filtering.Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. • Permit—The default action permit has been successfully applied for packet filtering.
outbound: Displays the statistics in the outbound direction. acl-number: Specifies the number of an ACL: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified.
Syntax MSR2000/MSR3000: display packet-filter verbose { interface interface-type interface-number { inbound | outbound } | interzone source source-zone-name destination destination-zone-name } [ [ ipv6 ] { acl-number | name acl-name } ] MSR4000: display packet-filter verbose { interface interface-type interface-number { inbound | outbound } | interzone source source-zone-name destination destination-zone-name } [ [ ipv6 ] { acl-number | name acl-name } ] [ slot slot-number ] Views Any view Predefined user
Examples # Display application details of all IPv4 ACLs (IPv4 basic, IPv4 advanced, and Ethernet frame header ACLs) for incoming packet filtering on GigabitEthernet 2/1/0. display packet-filter verbose interface gigabitethernet 2/1/0 inbound Interface: GigabitEthernet2/1/0 In-bound policy: ACL 2001 (Failed) rule 0 permit rule 5 permit source 1.1.1.
Field Description Packet filter default action for packets that do not match any IPv4 ACLs: • Deny—The default action deny has been successfully applied for packet filtering.Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. IPv4 default action • Permit—The default action permit has been successfully applied for packet filtering.
• 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified. • 3000 to 3999 for IPv4 advanced ACLs if the ipv6 keyword is not specified and for IPv6 advanced ACLs if the ipv6 keyword is specified. • 4000 to 4999 for Ethernet frame header ACLs. This entry is not displayed if the ipv6 keyword is specified. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or an advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL. If you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL.
reset acl counter Use reset acl counter to clear statistics for ACLs. Syntax reset acl counter [ ipv6 ] { acl-number | all | name acl-name } Views User view Predefined user roles network-admin Parameters acl-number: Specifies an ACL by its number: • 2000 to 2999 for IPv4 basic ACLs if the ipv6 keyword is not specified and for IPv6 basic ACLs if the ipv6 keyword is specified.
Predefined user roles network-admin Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number. If you do not specify any interface, the command clears packet filtering ACL statistics on all interfaces. interzone [ source source-zone-name destination destination-zone-name ]: Specifies an interzone instance. The source-zone-name argument specifies a source zone by its name. The destination-zone-name argument specifies a destination zone by its name.
Syntax rule [ rule-id ] { deny | permit } [ cos vlan-pri | counting | dest-mac dest-address dest-mask | { lsap lsap-type lsap-type-mask | type protocol-type protocol-type-mask } | source-mac source-address source-mask | time-range time-range-name ] * undo rule rule-id [ counting | time-range ] * Default An Ethernet frame header ACL does not contain any rule. Views Ethernet frame header ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534.
Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. You can edit ACL rules only when the match order is config. • If you do not specify any optional keywords, the undo rule command deletes the entire rule. • If you specify optional keywords or arguments, the undo rule command deletes the specified attributes.
Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
Parameters time-range time-range-name Function Description Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the time range. For more information about time range, see ACL and QoS Configuration Guide.
Table 8 ICMP-specific parameters for IPv4 advanced ACL rules Parameters Function Description The icmp-type argument is in the range of 0 to 255. icmp-type { icmp-type icmp-code | icmp-message } Specifies the ICMP message type and code. The icmp-code argument is in the range of 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 9.
• If you specify optional keywords or arguments, the undo rule command deletes the specified attributes. To view rules in an ACL and their rule IDs, use the display acl all command. Examples # Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from 129.9.0.0/16 to 202.38.160.0/24. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.
undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Default An IPv4 basic ACL does not contain any rule. Views IPv4 basic ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0.
Examples # Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8, 172.17.0.0/16, or 192.168.1.0/24. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.0.0.0 0.255.255.255 [Sysname-acl-basic-2000] rule permit source 172.17.0.0 0.0.255.255 [Sysname-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.
permit: Allows matching packets to pass. protocol: Specifies one of the following values: • A protocol number in the range of 0 to 255. • A protocol by its name: gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), or udp (17). The ipv6 keyword specifies all protocols. Table 10 describes the parameters that you can specify regardless of the value for the protocol argument.
Parameters time-range time-range-name Function Description Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the timer range. For more information about time range, see ACL and QoS Configuration Guide.
Table 12 ICMPv6-specific parameters for IPv6 advanced ACL rules Parameters Function Description The icmp6-type argument is in the range of 0 to 255. icmp6-type { icmp6-type icmp6-code | icmp6-message } Specifies the ICMPv6 message type and code. The icmp6-code argument is in the range of 0 to 255. The icmp6-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 13.
Examples # Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to FE80:5060::/96. system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96 destination-port eq 80 # Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for FE80:5060:1001::/48.
Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | routing | source | time-range | vpn-instance ] * Default An IPv6 basic ACL does not contain any rule.
Usage guidelines Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, your creation or editing attempt fails. The object group you specify when creating or editing a rule must exist. Otherwise, your creation or editing attempt fails. You can edit ACL rules only when the match order is config.
Predefined user roles network-admin Parameters rule-id: Specifies an ACL rule ID in the range of 0 to 65534. The ACL rule must already exist. text: Specifies a comment about the ACL rule, a case-sensitive string of 1 to 127 characters. Examples # Create a rule for IPv4 basic ACL 2000, and add a comment about the rule. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 0 deny source 1.1.1.1 0 [Sysname-acl-basic-2000] rule 0 comment This rule is used on GigabitEthernet 2/1/0.
system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] step 2 Related commands display acl 35
QoS policy commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Traffic class commands display traffic classifier Use display traffic classifier to display traffic class information.
Operator: AND Rule(s) : If-match not protocol ipv6 Classifier: 3 (ID 102) Operator: AND Rule(s) : -none- # Display the configuration of system-defined traffic class default-class. display traffic classifier system-defined default-class System-defined classifier information: Classifier: default-class (ID 0) Operator: AND Rule(s) : If-match any Table 14 Command output Field Description Classifier Traffic class name and its match criteria.
Table 15 Available match criteria Option Description Matches an ACL. acl [ ipv6 ] { acl-number | name acl-name } The acl-number argument ranges from 2000 to 5999 for an IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6 ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, the argument cannot be all. Matches an application group.
Option Description Matches local precedence values. local-precedence local-precedence-value&<1-8> The local-precedence-value&<1-8> argument is a list of local precedence values. A local precedence ranges from 0 to 7. &<1-8> indicates that you can enter up to eight local precedence values. Matches MPLS EXP values. mpls-exp exp-value&<1-8> packet-length { min min-value | max max-value } * protocol protocol-name qos-local-id local-id-value The exp-value&<1-8> argument is a list of EXP values.
Protocol Description https HTTPS packets icmp ICMP packets icmpv6 ICMP snooping packets igmp IGMP packets igmp-snooping IGMP snooping packets ip-option IPv4 packets with the Options field ipv6-option IPv6 packets with the Options field irdp IRDP packets isis IS-IS packets lacp LACP packets ldp LDP packets ldp6 IPv6 LDP packets lldp LLDP packets mld MLD packets msdp MSDP packets mvrp MVRP packets (including GVRP packets) ntp NTP packets oam OAM packets ospf-multicast OS
Protocol Description ssh SSH packets stp STP packets tacacs TACACS packets telnet Telnet packets tftp TFTP packets ttl-expires TTL expire packets udld UDLD packets udp-helper UDP helper packets vrrp VRRP packets vrrp6 IPv6 VRRP packets vtp VTP packets Usage guidelines When defining match criteria, use the usage guidelines described in these subsections.
Defining a criterion to match a source MAC address • You can configure multiple source MAC address match criteria for a traffic class. • A criterion to match a source MAC address is significant only to Ethernet interfaces. Defining a criterion to match DSCP values • You can configure multiple DSCP match criteria for a traffic class. All defined DSCP values are automatically sorted in ascending order. • You can configure up to eight DSCP values in one command line.
• To delete a criterion that matches MPLS EXP values, the specified MPLS EXP values in the command must be identical with those defined in the criterion (the sequence can be different).The MPLS EXP field exists only in MPLS packets, so this match criterion takes effect for only the MPLS packets. • As for software forwarding QoS, MPLS packets do not support IP-related matching rules. Defining a criterion to match CVLANs • You can configure multiple VLAN ID match criteria for a traffic class.
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3 # Define a match criterion for traffic class class1 to match the advanced ACL 3101. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 3101 # Define a match criterion for traffic class class1 to match the ACL named flow.
# Define a match criterion for traffic class class1 to match the packets with customer network VLAN ID 1, 6, or 9. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-vlan-id 1 6 9 # Define a match criterion for traffic class class1 to match the packets with local QoS ID 3.
Predefined user roles network-admin Parameters classifier-name: Specifies the name of the traffic class, a case-sensitive string of 1 to 31 characters. operator: Sets the operator to logic AND (the default) or OR for the traffic class. and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria. or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria. Examples # Create a traffic class class1.
pir peak-information-rate: Specifies the peak information rate (PIR) in the range of 8 to 10000000 kbps. green action: Specifies the action to take on packets that conform to CIR. The default setting is pass. red action: Specifies the action to take on packets that conform to neither CIR nor PIR. The default setting is discard. yellow action: Specifies the action to take on packets that conform to PIR but not to CIR. The default setting is pass. action: Action to take on packets: • discard: Drops packets.
Predefined user roles network-admin network-operator Parameters system-defined: Displays system-defined traffic behaviors. user-defined: Displays user-defined traffic behaviors. behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters. If no traffic behavior is specified, this command displays information about all traffic behaviors. slot slot-number: Specifies a card by its slot number.
1 10 30 10 2 10 30 10 3 10 30 10 4 10 30 10 5 10 30 10 6 10 30 10 7 10 30 10 8 10 30 10 9 10 30 10 10 10 30 10 11 10 30 10 12 10 30 10 13 10 30 10 14 10 30 10 15 10 30 10 16 10 30 10 17 10 30 10 18 10 30 10 19 10 30 10 20 10 30 10 21 10 30 10 22 10 30 10 23 10 30 10 24 10 30 10 25 10 30 10 26 10 30 10 27 10 30 10 28 10 30 10 29 10 30 10 30 10 30 10 31 10 30 10 32 10 30 10 33 10 3
49 10 30 10 50 10 30 10 51 10 30 10 52 10 30 10 53 10 30 10 54 10 30 10 55 10 30 10 56 10 30 10 57 10 30 10 58 10 30 10 59 10 30 10 60 10 30 10 61 10 30 10 62 10 30 10 63 10 30 10 # Display the configuration of system-defined traffic behaviors.
Table 17 Command output Field Description Behavior Name and contents of a traffic behavior. Marking Information about priority marking. Remark dscp Action of setting the DSCP value for packets. Committed Access Rate Information about the CAR action. Green action Action to take on green packets. Yellow action Action to take on yellow packets. Red action Action to take on red packets. Bandwidth Bandwidth of the queue. none No other traffic behavior is configured.
gts Use gts to configure a GTS action in absolute value in a traffic behavior. Use undo gts to delete a GTS action. Syntax gts cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] undo gts Default No GTS action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters cir committed-information-rate: Sets the CIR in kbps, which specifies the average traffic rate.
Syntax gts percent cir cir-percent [ cbs cbs-time [ ebs ebs-time ] ] [ queue-length queue-length ] undo gts Default No GTS action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters cir cir-percent: Sets the CIR in percentage in the range of 0 to 100. The actual CIR value is cir-percent × interface bandwidth. cbs cbs-time: Sets the CBS in the specified time (in ms). The default cbs-time is 500 ms. The actual CBS value is cbs-time × the actual CIR value.
Default No traffic redirecting action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters interface interface-type interface-number: Redirects traffic to an interface specified by its type and number. vlan vlan-id: Tags traffic redirected to an interface with the VLAN tag specified by vlan-id in the range of 1 to 4094.
Views Traffic behavior view Predefined user roles network-admin Parameters dot1p-value: Specifies an 802.1p priority value to be marked for packets, in the range of 0 to 7. Examples # Configure traffic behavior database to mark matching traffic with 802.1p priority 2. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark dot1p 2 remark dscp Use remark dscp to configure a DSCP marking action. Use undo remark dscp to delete the action.
Keyword DSCP value (binary) DSCP value (decimal) af33 011110 30 af41 100010 34 af42 100100 36 af43 100110 38 cs1 001000 8 cs2 010000 16 cs3 011000 24 cs4 100000 32 cs5 101000 40 cs6 110000 48 cs7 111000 56 ef 101110 46 Examples # Configure traffic behavior database to mark matching traffic with DSCP 6.
[Sysname-behavior-database] remark ip-precedence 6 remark local-precedence Use remark local-precedence to configure a local precedence marking action. Use undo remark local-precedence to delete the action. Syntax remark local-precedence local-precedence-value undo remark local-precedence Default No local precedence marking action is configured.
Usage guidelines You can mark packets with a local QoS ID in the inbound direction and associate a behavior with the marked packets in the outbound direction. Examples # Configure the action of marking packets with local QoS ID 2. system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark qos-local-id 2 traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior.
Default Policy nesting is not configured. Views Traffic behavior view Predefined user roles network-admin Parameters policy-name: Specifies a policy by its name, a string of 1 to 31 characters. If the policy does not exist, it is automatically created. Usage guidelines You can nest a QoS policy in a traffic behavior to reclassify traffic of the class associated with the behavior and take actions defined in the policy on the reclassified traffic.
QoS policy commands classifier behavior Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy. Use undo classifier to delete a class-behavior association from a QoS policy. Syntax classifier classifier-name behavior behavior-name undo classifier classifier-name Default No traffic behavior is associated with a traffic class.
MSR4000: control-plane slot slot-number Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. (MSR4000.) Examples # (MSR2000/MSR3000.) Enter control plane view. system-view [Sysname] control-plane [Sysname-cp] # (MSR4000.) Enter the control plane view of the card in slot 1.
[Sysname-cp-management] display qos policy Use display qos policy to display the configuration of QoS policies. Syntax MSR2000/MSR3000: display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] MSR4000: display qos policy { system-defined | user-defined } [ policy-name [ classifier classifier-name ] ] [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters system-defined: Displays system-defined QoS policies.
Accounting enable: Packet Filter enable: Permit Marking: Remark mpls-exp 4 Classifier: 3 (ID 102) Behavior: 3 -none- # Display the configuration of the system-defined QoS policy.
Syntax MSR2000/MSR3000: display qos policy control-plane MSR4000: display qos policy control-plane slot slot-number Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays information about the QoS policies applied to the control plane of the card specified by the slot number. (MSR4000.) Examples # Display information about the QoS policy applied to the control plane.
Filter enable: Permit Marking: Remark mpls-exp 4 Classifier: 3 Operator: AND Rule(s) : -noneBehavior: 3 -none- Table 19 Command output Field Description Direction Inbound direction on the control plane. Green packets Statistics about green packets. Yellow packets Statistics about yellow packets. Red packets Statistics about red packets. For the description of other fields, see Table 14 and Table 17.
Control plane management Direction: Inbound Policy: a Classifier: default-class Matched : 0 (Packets) 0 (Bytes) Operator: AND Rule(s) : If-match any Behavior: be -noneClassifier: a Matched : 3 (Packets) 180 (Bytes) Operator: OR Rule(s) : If-match control-plane protocol arp If-match control-plane protocol rip If-match control-plane protocol-group critical If-match acl 3001 If-match control-plane protocol bgp If-match control-plane protocol bgp4+ If-match control-plane protocol ftp If-match control-plane pro
Syntax display qos policy control-plane management pre-defined Views Any view Predefined user roles network-admin network-operator Usage guidelines The following matrix shows the support of MSR routers for the command: Hardware Command compatibility MSR2000 No MSR3000 No MSR4000 Yes A QoS policy applied to the management interface control plane takes effect on the packets sent from the management interface to the control plane.
Table 21 Command output Field Description Pre-defined control plane policy management Predefined QoS policy applied to the management interface control plane. Protocol System-defined protocol packet type. Group Protocol group to which the protocol belongs. display qos policy control-plane pre-defined Use display qos policy control-plane pre-defined to display information about predefined QoS policies applied to the control plane.
DHCP Snooping 1 9000 DHCPv6 2 10000 Table 22 Command output Field Description Pre-defined control plane policy Contents of the predefined control plane QoS policy. display qos policy interface Use display qos policy interface to display the configuration and statistics for the QoS policies applied to an interface or PVC.
Examples # Display information about the QoS policy applied to the incoming traffic of GigabitEthernet 2/1/0.
Yellow action : pass Red action : discard Green packets : 0 (Packets) 0 (Bytes) Yellow packets: 0 (Packets) 0 (Bytes) Red packets : 0 (Packets) 0 (Bytes) Classifier: 1 Matched : 0 (Packets) 0 (Bytes) 1-minute statistics: Forwarded: 0/0 (pps/bps) Dropped : 0/0 (pps/bps) Operator: AND Rule(s) : If-match acl 3001 Behavior: 1 Expedited Forwarding: Bandwidth 1000 (kbps) CBS 25000 (Bytes) Matched : 0 (Packets) 0 (Bytes) Enqueued : 0 (Packets) 0 (Bytes) Discarded: 0 (Packets) 0 (Bytes) Table 23 Command ou
Views Interface view, PVC view, control plane view, management interface control plane view Predefined user roles network-admin Parameters policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. inbound: Applies the QoS policy to the incoming traffic of an interface, PVC, or control plane. outbound: Applies the QoS policy to the outgoing traffic of an interface or PVC.
Default No QoS policy is configured. Views System view Predefined user roles network-admin Parameters policy-name: Specifies the name of the QoS policy, a case-sensitive string of 1 to 31 characters. Usage guidelines To use the undo qos policy command to delete a QoS policy that has been applied to an object, you must first remove it from the object. Examples # Define QoS policy user1.
reset qos policy control-plane slot 1 reset qos policy control-plane management Use reset qos policy control-plane management to clear the statistics of the QoS policy applied to the management interface control plane.
Views Interface view Predefined user roles network-admin Parameters interval: Specifies the QoS policy-based traffic rate statistics collection period in the range of 1 to 10 minutes. Usage guidelines You can enable collection of per-class traffic statistics over a period of time, including the average forwarding rate and drop rate.
Priority mapping commands Priority map commands display qos map-table Use display qos map-table to display the configuration of a priority map. Syntax display qos map-table [ dot1p-lp | dscp-lp ] Views Any view Predefined user roles network-admin network-operator Parameters inbound: Specifies the priority maps for incoming packets. outbound: Specifies the priority maps for outgoing packets. The router provides the following types of priority map.
5 : 5 6 : 6 7 : 7 Table 25 Command output Field Description MAP-TABLE NAME Name of the priority map. TYPE Type of the priority map. DIRECTION Direction of the priority map. IMPORT Input values of the priority map. EXPORT Output values of the priority map. import Use import to configure mappings for a priority map. Use undo import to restore the specified or all mappings to the default for a priority map.
Syntax qos map-table { dot1p-lp | dscp-lp } Views System view Predefined user roles network-admin Parameters For the description of the keywords, see Table 24. Examples # Enter the 802.1p-local priority map view. system-view [Sysname] qos map-table dot1p-lp [Sysname-maptbl-in-dot1p-lp] Related commands • display qos map-table • import Port priority commands qos priority Use qos priority to change the port priority of an interface. Use undo qos priority to restore the default.
Related commands display qos trust interface Priority trust mode commands display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface. Syntax display qos trust interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Default The port priority is trusted. Views Interface view Predefined user roles network-admin Parameters dot1p: Uses the 802.1p priority in incoming packets for priority mapping. dscp: Uses the DSCP value in incoming packets for priority mapping. Usage guidelines This command is supported only on routers installed with Layer 2 switching modules. Examples # Set the trusted packet priority type to 802.1p priority on GigabitEthernet 2/1/0.
Traffic policing, GTS, and rate limit commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Traffic policing commands display qos car interface Use display qos car interface to display the CAR configuration and statistics on a specified interface.
Field Description CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used. Green action Action to take on green packets. Yellow action Action to take on yellow packets. Red action Action to take on red packets. display qos carl Use display qos carl to display CAR lists.
qos car Use qos car to configure a CAR policy on an interface. Use undo qos car to delete a CAR policy from an interface.
• remark-dot1p-continue new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and continues to process the packet using the next CAR policy. The value range for new-cos is 0 to 7. • remark-dot1p-pass new-cos: Sets the 802.1p priority value of the 802.1p packet to new-cos and permits the packet to pass through. The value range for new-cos is 0 to 7. • remark-dscp-continue new-dscp: Remarks the packet with a new DSCP value and hands it over to the next CAR policy.
undo qos carl carl-index Default No CAR list is configured. Views System view Predefined user roles network-admin Parameters carl-index: Specifies a CAR list by its number in the range of 1 to 199. dscp dscp-list: Specifies a list of DSCP values. A DSCP value can be a number from 0 to 63 or any of the following keywords af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef. You can configure up to eight DSCP values in one command line.
To perform rate limiting for a single IP address, use the qos car acl command in interface view. Examples # Apply CAR list 1 to the outbound direction of GigabitEthernet 2/1/0. CAR list 1 limits the rate of each host on the subnet 1.1.1.0/24 to 100 kbps, and traffic of IP addresses in the subnet does not share the remaining bandwidth. system-view [Sysname] qos carl 1 source-ip-address subnet 1.1.1.
Rule: If-match acl 2001 CIR 200 (kbps), CBS 50000 (Bytes), EBS 0 (Bytes) Queue Length: 100 (Packets) Queue Size: 70 (Packets) Passed : 0 (Packets) 0 (Bytes) Discarded: 0 (Packets) 0 (Bytes) Delayed : 0 (Packets) 0 (Bytes) Table 28 Command output Field Description Interface Interface type and interface number. Rule Match criteria. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic.
acl [ ipv6 ] acl-number: Specifies packets matching an ACL specified by its number. The value range for the acl-number argument is 2000 to 4999. If ipv6 is not specified, this option specifies an IPv4 ACL. If ipv6 is specified, this option specifies an IPv6 ACL. queue queue-number: Specifies packets in the specified queue. cir committed-information-rate: Specifies the CIR in kbps. cbs committed-burst-size: Specifies the CBS in bytes.
Table 29 Command output Field Description Interface Interface type and interface number. Direction Direction to which the rate limit configuration is applied: inbound or outbound. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used. Passed Number and bytes of packets that have passed. Delayed Number and bytes of delayed packets. Active shaping • Yes—Activated.
Congestion management commands FIFO queuing commands display qos queue fifo interface Use display qos queue fifo interface to display the FIFO configuration and statistics for an interface or PVC. Syntax display qos queue fifo interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
qos fifo queue-length Use qos fifo queue-length to set the FIFO queue length. Use undo qos fifo queue-length to restore the default. Syntax qos fifo queue-length queue-length undo qos fifo queue-length Default The FIFO queue length is 75. Views Interface view, PVC view Predefined user roles network-admin Parameters queue-length: Specifies the queue length in the range of 1 to 1024. Usage guidelines You must enable the rate limit function for the queuing function to take effect on a subinterface.
Parameters interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command displays the WFQ configuration and statistics for all interfaces. pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, the command displays the WFQ configuration and statistics for all PVCs on the ATM interface.
Views Interface view, PVC view Predefined user roles network-admin Parameters dscp: Specifies a DSCP weight. precedence: Specifies an IP precedence weight. queue-length max-queue-length: Specifies the maximum number of packets a queue can hold. The value range for the max-queue-length argument is 1 to 1024, and the default is 64. queue-number total-queue-number: Specifies the total number of queues, which can be 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096. The default is 256.
pvc { pvc-name | vpi/vci }: Specifies a PVC by its name or VPI/VCI value. You can specify a PVC only for an ATM interface. When you specify an ATM interface but do not specify a PVC, the command displays the CBQ configuration and operational information for all PVCs on the ATM interface. Examples # Display the CBQ configuration and operational information for all interfaces.
Views Interface view, PVC view Predefined user roles network-admin Parameters percent: Specifies the percentage of available bandwidth to be reserved. The value range for this argument is 1 to 100. Usage guidelines The maximum reserved bandwidth is set on a per-interface basis. It decides the maximum bandwidth assignable for the QoS queues on an interface. It is typically set no greater than 80% of available bandwidth, considering the bandwidth for control traffic and Layer 2 frame headers.
Usage guidelines To associate the traffic behavior configured with the queue af command with a class in a policy, you must follow these requirements: • The total bandwidth assigned to AF and EF in a policy must be no more than the maximum available bandwidth of the interface where the policy is applied. • The total percentage of bandwidth assigned to AF and EF in a policy must be no more than 100.
The total bandwidth assigned to AF and EF in a policy must be no more than the maximum available bandwidth of the interface where the policy is applied. The total percentage of the maximum available bandwidth assigned to AF and EF in a policy must be no more than 100. The bandwidths assigned to AF and EF in a policy must have the same type, bandwidth or percentage.
[Sysname] traffic behavior test [Sysname-behavior-test] queue wfq queue-number 16 [Sysname] qos policy user1 [Sysname-qospolicy-user1] classifier default-class behavior test Related commands • display qos queue cbq interface • traffic behavior queue-length Use queue-length to configure the maximum queue length and use tail drop. Use undo queue-length to delete the configuration. Syntax queue-length queue-length undo queue-length queue-length Default Tail drop is used, and the queue length is 64.
Use undo wred to restore the default. Syntax wred [ dscp | ip-precedence ] undo wred Default WRED is not enabled. Views Traffic behavior view Predefined user roles network-admin Parameters dscp: Uses the DSCP value for calculating the drop probability for a packet. ip-precedence: Uses the IP precedence value for calculating the drop probability for a packet. This keyword is used by default.
Views Traffic behavior view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 18. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 1 to 255.
Views Traffic behavior view Predefined user roles network-admin Parameters precedence: Specifies an IP precedence value in the range of 0 to 7. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 1 to 255.
Predefined user roles network-admin Parameters exponent: Specifies the exponent in the range of 1 to 16. Usage guidelines Before configuring this command, make sure the queue af or queue wfq command is configured and WRED is enabled by using the wred command. Disabling WRED also removes the wred weighting-constant command configuration. Examples # Set the exponent for WRED to calculate the average queue size to 6.
Congestion avoidance commands WRED commands display qos wred interface Use display qos wred interface to display the WRED configuration and statistics for an interface or PVC. Syntax display qos wred interface [ interface-type interface-number [ pvc { pvc-name | vpi/vci } ] ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Field Description Pre IP precedence of packets. Low Lower limit for a queue. High Upper limit for a queue. Dis-prob Drop probability. Random-discard Number of packets dropped by WRED. Tail-discard Number of packets dropped by tail drop. qos wred enable Use qos wred enable to enable WRED on an interface or PVC. Use undo qos wred enable to restore the default. Syntax qos wred [ dscp | ip-precedence ] enable undo qos wred [ dscp | ip-precedence ] enable Default Tail drop is used.
Use undo qos wred dscp to restore the default. Syntax qos wred dscp dscp-value low-limit low-limit high-limit high-limit discard-probability discard-prob undo qos wred dscp dscp-value Default The low-limit is 10, high-limit is 30, and discard-prob is 10. Views Interface view, PVC view Predefined user roles network-admin Parameters dscp-value: Specifies a DSCP value in the range of 0 to 63. This argument can also be represented by using one of the keywords listed in Table 18.
Default The low-limit is 10, high-limit is 30, and discard-prob is 10. Views Interface view, PVC view Predefined user roles network-admin Parameters ip-precedence precedence: Specifies an IP precedence value in the range of 0 to 7. low limit low-limit: Specifies the lower WRED limit (in packets) in the range of 1 to 1024. high-limit high-limit: Specifies the upper WRED limit (in packets) in the range of 1 to 1024. discard-probability discard-prob: Specifies the drop probability in the range of 0 to 255.
Predefined user roles network-admin Parameters exponent: Specifies the exponent for average queue length calculation, in the range of 1 to 16. Usage guidelines Before configuring this command, enable WRED on the interface or PVC with the qos wred enable command. Examples # Set the exponent for the average queue size calculation to 6 on GigabitEthernet 2/1/0.
QPPB commands bgp-policy Use bgp-policy to enable the QPPB function, which transmits the apply ip-precedence and apply qos-local-id configuration through BGP routing policies. Use undo bgp-policy to cancel the configuration. Syntax bgp-policy { destination | source } { ip-prec-map | ip-qos-map } * undo bgp-policy { destination | source } [ ip-prec-map | ip-qos-map ] * Default QPPB is disabled.
• apply qos-local-id (Layer 3—IP Routing Command Reference) • route-policy (Layer 3—IP Routing Command Reference) 109
MPLS QoS commands if-match mpls-exp Use if-match mpls-exp to define a criterion to match the EXP field in the first (topmost) MPLS label. Use undo if-match mpls-exp to remove the match criterion. Syntax if-match [ not ] mpls-exp exp-value&<1-8> undo if-match [ not ] mpls-exp exp-value&<1-8> Default No criterion is defined to match the EXP field in the topmost MPLS label.
Predefined user roles network-admin Parameters exp-value: Specifies an EXP value in the range of 0 to 7. Usage guidelines If MPLS packets have multiple labels, this command marks the topmost label. Examples # Set the EXP value to 0 for MPLS packets.
Time range commands display time-range Use display time-range to display time range configuration and status. Syntax display time-range { time-range-name | all } Views Any view Predefined user roles network-admin network-operator Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter. all: Displays the configuration and status of all existing time ranges.
Syntax time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 } undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ] Default No time range exists. Views System view Predefined user roles network-admin Parameters time-range-name: Specifies a time range name.
• Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week. • Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur. • Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point. Represents a mesh access point.
Index ABCDFGIPQRSTW display time-range,112 A display traffic behavior,47 acl,1 display traffic classifier,36 acl copy,2 Documents,115 acl logging interval,3 acl name,4 F B filter,51 bgp-policy,108 G C gts,52 gts percent,52 car,46 classifier behavior,60 I control-plane,60 if-match,37 control-plane management,61 if-match mpls-exp,110 D import,77 description,5 P display acl,5 packet-filter (interface view),15 display packet-filter,7 packet-filter (interzone instance view),16 displa
rule (IPv4 basic ACL view),25 qos wred ip-precedence,105 qos wred weighting-constant,106 rule (IPv6 advanced ACL view),27 queue af,95 rule (IPv6 basic ACL view),31 queue ef,96 rule comment,33 queue wfq,97 S queue-length,98 step,34 R Subscription service,115 redirect,53 T remark dot1p,54 time-range,112 remark dscp,55 traffic behavior,58 remark ip-precedence,56 traffic classifier,45 remark local-precedence,57 traffic-policy,58 remark mpls-exp,110 remark qos-local-id,57 W reset acl cou
