HP Moonshot-45XGc Switch ACL and QoS Command Reference Part Number: 785507-001 Software version: ESS 2407 Document version: 5W100-20140912
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ACL commands ···························································································································································· 1 acl ·············································································································································································· 1 acl copy ···········································································································································
display qos policy ················································································································································· 57 display qos policy control-plane ·························································································································· 58 display qos policy control-plane pre-defined ····································································································· 59 display qos policy global ······
Queue-based accounting commands ··························································································································· 95 display qos queue-statistics interface outbound ································································································· 95 Congestion avoidance commands···························································································································· 96 WRED commands ·····························
ACL commands acl Use acl to create an ACL, and enter its view. If the ACL has been created, you directly enter its view. Use undo acl to delete the specified or all ACLs. Syntax acl [ ipv6 ] number acl-number [ name acl-name ] [ match-order { auto | config } ] undo acl [ ipv6 ] { all | name acl-name | number acl-number } Default No ACL exists. Views System view Predefined user roles network-admin Parameters ipv6: Specifies IPv6 ACLs. number acl-number: Specifies the number of an ACL.
Usage guidelines You can assign a name to an ACL only when you create it. After an ACL is created with a name, you cannot rename it or remove its name. You can change the match order only for ACLs that do not contain any rules. Examples # Create IPv4 basic ACL 2000, and enter its view. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] # Create IPv4 basic ACL 2001 with the name flow, and enter its view.
• 2000 to 2999 for basic ACLs. • 3000 to 3999 for advanced ACLs. • 4000 to 4999 for Ethernet frame header ACLs. You cannot create an Ethernet frame header ACL if the ipv6 keyword is specified. • 5000 to 5999 for user-defined ACLs. You cannot create a user-defined ACL if the ipv6 keyword is specified. name dest-acl-name: Assigns a unique name to the ACL you are creating. The dest-acl-name is a case-insensitive string of 1 to 63 characters.
• When the ipv6 keyword is not specified, this command sets the interval for generating and outputting IPv4 packet filtering logs. • When the ipv6 keyword is specified, this command sets the interval for generating and outputting IPv6 packet filtering logs. Examples # Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals.
description Use description to configure a description for an ACL. Use undo description to delete an ACL description. Syntax description text undo description Default An ACL has no description. Views IPv4/IPv6 basic ACL view IPv4/IPv6 advanced ACL view Ethernet frame header ACL view User-defined ACL view Predefined user roles network-admin Parameters text: Configures a description for the ACL, a case-sensitive string of 1 to 127 characters. Examples # Configure a description for IPv4 basic ACL 2000.
acl-number: Specifies an ACL by its number. • 2000 to 2999 for basic ACLs. • 3000 to 3999 for advanced ACLs. • 4000 to 4999 for Ethernet frame header ACLs. You cannot specify an Ethernet frame header ACL if the ipv6 keyword is specified. • 5000 to 5999 for user-defined ACLs. You cannot specify a user-defined ACL if the ipv6 keyword is specified.
display packet-filter Use display packet-filter to display whether an ACL has been successfully applied to an interface for packet filtering.
Field Description ACL 2001 IPv4 basic ACL 2001 has been successfully applied. Hardware-count Successfully enables counting ACL rule matches. IPv4 default action Packet filter default action for packets that do not match any IPv4 ACLs. This field is displayed only when the default action is deny. IPv6 default action Packet filter default action for packets that do not match any IPv6 ACLs. This field is displayed only when the default action is deny.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. brief: Displays brief statistics. Usage guidelines When none of acl-number and name acl-name is specified, this command displays match statistics of all ACLs for packet filtering. • If the ipv6 keyword is not specified, all ACLs refer to all IPv4 basic, IPv4 advanced, and Ethernet frame header ACLs.
Related commands reset packet-filter statistics display packet-filter statistics sum Use display packet-filter statistics sum to display accumulated packet filtering ACL statistics. Syntax display packet-filter statistics sum { inbound | outbound } [ ipv6 ] { acl-number | name acl-name } [ brief ] Views Any view Predefined user roles network-admin network-operator Parameters inbound: Displays the statistics in the inbound direction. outbound: Displays the statistics in the outbound direction.
Table 4 Command output Field Description Sum Accumulated packet filtering ACL statistics. In-bound policy Accumulated ACL statistics used for filtering incoming traffic. Out-bound policy Accumulated ACL statistics used for filtering outgoing traffic. ACL 2001 Accumulated ACL statistics used for IPv4 basic ACL 2001. 2 packets Two packets matched the rule. This field is not displayed when no packets matched the rule.
name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. slot slot-number: Specifies an IRF member device. The slot-number argument represents the ID of the IRF member device. If you do not specify an IRF member device, this command displays ACL application details for packet filtering on the master.
Field Description MAC default action Packet filter default action for packets that do not match any Ethernet frame header ACLs. This field is displayed only when the default action is deny. display qos-acl resource Use display qos-acl resource to display QoS and ACL resource usage. Syntax display qos-acl resource [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device.
Field Description Resource type: • VFP ACL—ACL rules for local QoS ID remarking before Layer 2 forwarding. Type • IFP ACL—ACL rules applied to inbound traffic. • IFP Meter—Traffic policing rules for inbound traffic. • IFP Counter—Traffic counting rules for inbound traffic. • EFP Meter—Traffic policing rules for outbound traffic. • EFP Counter—Traffic counting rules for outbound traffic. Total Total number of resource. Reserved Number of reserved resource.
• 4000 to 4999 for Ethernet frame header ACLs. You cannot specify an Ethernet frame header ACL if the ipv6 keyword is specified. • 5000 to 5999 for user-defined ACLs. You cannot specify a user-defined ACL if the ipv6 keyword is specified. name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. inbound: Filters incoming packets. outbound: Filters outgoing packets.
Examples # Set the packet filter default action to deny. system-view [Sysname] packet-filter default deny Related commands • display packet-filter • display packet-filter statistics • display packet-filter verbose reset acl counter Use reset acl counter to clear statistics for ACLs. Syntax reset acl counter [ ipv6 ] { acl-number | all | name acl-name } Views User view Predefined user roles network-admin Parameters ipv6: Specifies IPv6 ACLs. acl-number: Specifies an ACL by its number.
reset packet-filter statistics Use reset packet-filter statistics to clear the match statistics (including the accumulated statistics) of ACLs for packet filtering. Syntax reset packet-filter statistics interface [ interface-type interface-number ] { inbound | outbound } [ [ ipv6 ] { acl-number | name acl-name } ] Views User view Predefined user roles network-admin Parameters interface [ interface-type interface-number ]: Specifies an interface by its type and number.
rule (Ethernet frame header ACL view) Use rule to create or edit an Ethernet frame header ACL rule. Use undo rule to delete an Ethernet frame header ACL rule or some attributes in the rule.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not configured, the system creates the rule. However, the rule using the time range can take effect only after you configure the timer range. For more information about time range, see ACL and QoS Configuration Guide.
Default An IPv4 advanced ACL does not contain any rule. Views IPv4 advanced ACL view Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0.
Parameters Function Description dscp dscp Specifies a DSCP priority. The dscp argument can be a number in the range of 0 to 63, or in words, af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). fragment Applies the rule only to non-first fragments.
Parameters Function { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * Specifies one or more TCP flags including ACK, FIN, PSH, RST, SYN, and URG. established Specifies the flags for indicating the established status of a TCP connection. Description Parameters specific to TCP. The value for each argument can be 0 (flag bit not set) or 1 (flag bit set). The TCP flags in a rule are ANDed.
ICMP message name ICMP message type ICMP message code source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 Usage guidelines If an ACL is for QoS traffic classification or packet filtering: • Do not specify the vpn-instance keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering. • Do not specify neq for the operator argument. Within an ACL, the permit or deny statement of each rule must be unique.
[Sysname-acl-adv-3003] rule permit udp source-port eq snmptrap [Sysname-acl-adv-3003] rule permit udp destination-port eq snmp [Sysname-acl-adv-3003] rule permit udp destination-port eq snmptrap Related commands • acl • acl logging interval • display acl • step • time-range rule (IPv4 basic ACL view) Use rule to create or edit an IPv4 basic ACL rule. Use undo rule to delete an entire IPv4 basic ACL rule or some attributes in the rule.
source { source-address source-wildcard | any }: Matches a source address. The source-address source-wildcard arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard mask of zeros specifies a host address. The any keyword represents any source IP address. time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a case-insensitive string of 1 to 32 characters. It must start with an English letter.
Syntax rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-prefix | dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address sou
Table 12 Match criteria and other rule information for IPv6 advanced ACL rules Parameters Function Description source { source-address source-prefix | source-address/so urce-prefix | any } Specifies a source IPv6 address. The source-address and source-prefix arguments represent an IPv6 source address, and prefix length in the range of 1 to 128. destination { dest-address dest-prefix | dest-address/destprefix | any } Specifies a destination IPv6 address.
Parameters vpn-instance vpn-instance-name Function Description The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Applies the rule to a VPN instance. If you do not specify a VPN instance, the rule applies only to non-VPN packets. If the protocol argument is tcp (6) or udp (17), set the parameters shown in Table 13.
Table 15 ICMPv6 message names supported in IPv6 advanced ACL rules ICMPv6 message name ICMPv6 message type ICMPv6 message code echo-reply 129 0 echo-request 128 0 err-Header-field 4 0 frag-time-exceeded 3 1 hop-limit-exceeded 3 0 host-admin-prohib 1 1 host-unreachable 1 3 neighbor-advertisement 136 0 neighbor-solicitation 135 0 network-unreachable 1 0 packet-too-big 2 0 port-unreachable 1 4 redirect 137 0 router-advertisement 134 0 router-solicitation 133 0 un
Examples # Create an IPv6 advanced ACL rule to permit TCP packets with the destination port 80 from 2030:5060::/64 to FE80:5060::/96. system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::/64 destination fe80:5060::/96 destination-port eq 80 # Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for FE80:5060:1001::/48.
Syntax rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing [ type routing-type ] | source { source-address source-prefix | source-address/source-prefix | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | fragment | logging | routing | source | time-range | vpn-instance ] * Default An IPv6 basic ACL does not contain any rule.
Usage guidelines If an ACL is for QoS traffic classification or packet filtering: • Do not specify the fragment keyword. • Do not specify the vpn-instance or routing keyword if the ACL is for outbound QoS traffic classification or outbound packet filtering. Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created or changed.
Predefined user roles network-admin Parameters rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30. deny: Denies matching packets. permit: Allows matching packets to pass.
rule comment Use rule comment to add a comment about an existing ACL rule or edit its comment to make the rule easy to understand. Use undo rule comment to delete an ACL rule comment. Syntax rule rule-id comment text undo rule rule-id comment Default An ACL has not rule comment. Views IPv4/IPv6 basic ACL view IPv4/IPv6 advanced ACL view Ethernet frame header ACL view User-defined ACL view Predefined user roles network-admin Parameters rule-id: Specifies an ACL rule ID in the range of 0 to 65534.
Views IPv4/IPv6 basic ACL view IPv4/IPv6 advanced ACL view Ethernet frame header ACL view Predefined user roles network-admin Parameters step-value: ACL rule numbering step in the range of 1 to 20. Usage guidelines The rule numbering step sets the increment by which the system numbers rules automatically. For example, the default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are numbered 0, 5, 10, 15, and so on.
QoS policy commands Traffic class commands display traffic classifier Use display traffic classifier to display traffic classes. Syntax display traffic classifier user-defined [ classifier-name ] [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters user-defined: Displays user-defined traffic classes. classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.
Table 16 Command output Field Description Classifier Traffic class name and its match criteria. Operator Match operator you set for the traffic class. If the operator is AND, the traffic class matches the packets that match all its match criteria. If the operator is OR, the traffic class matches the packets that match any of its match criteria. Rule(s) Match criteria. if-match Use if-match to define a match criterion. Use undo if-match to delete a match criterion.
Option control-plane protocol-group protocol-group-name customer-dot1p dot1p-value&<1-8> Description Matches a control plane protocol group. The protocol-group-name argument can be critical, important, management, monitor, normal, or redirect. Matches 802.1p priority values in inner VLAN tags of double-tagged packets. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7.
Protocol Description bgp4+ IPv6 BGP packets bpdu-tunnel BPDU tunnel packets dhcp DHCP packets dhcp-snooping DHCP snooping packets dhcp6 IPv6 DHCP packets dldp DLDP packets dot1x 802.
If a class that uses the AND operator has multiple if-match acl, if-match acl ipv6, if-match customer-vlan-id or if-match service-vlan-id clauses, a packet that matches any of the clauses matches the class.
• To delete a criterion that matches IP precedence values, the specified IP precedence values in the command must be identical with those defined in the criterion (the sequence can be different). Defining a criterion to match VLAN IDs in inner or outer VLAN tags • You can configure multiple VLAN ID match criteria for a traffic class. The defined VLAN IDs are automatically arranged in ascending order. • You can configure multiple VLAN IDs in one command line.
[Sysname-classifier-class1] if-match acl 3101 # Define a match criterion for traffic class class1 to match the ACL named flow. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow # Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101.
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match qos-local-id 3 # Define a match criterion for traffic class class1 to match ARP protocol packets. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol arp # Define a match criterion for traffic class class1 to match packets of the protocols in protocol group normal.
Traffic behavior commands accounting Use accounting to configure a traffic accounting action in a traffic behavior. Use undo accounting to delete the action. Syntax accounting [ byte | packet ] * undo accounting Default No traffic accounting action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters byte: Counts traffic in bytes. packet: Counts traffic in packets.
Predefined user roles network-admin Parameters cir committed-information-rate: Specifies the committed information rate (CIR) in kbps, which specifies an average traffic rate. The value range for the committed-information-rate argument is an integral multiple of 8 between 8 and 160000000. cbs committed-burst-size: Specifies the committed burst size (CBS) in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 256000000.
[Sysname-behavior-database] car cir 200 cbs 51200 ebs 0 green pass red remark-dscp-pass 0 display traffic behavior Use display traffic behavior to display traffic behaviors. Syntax display traffic behavior user-defined [ behavior-name ] [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters user-defined: Displays user-defined traffic behaviors. behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters.
Table 19 Command output Field Description Behavior Name and contents of a traffic behavior. Marking Information about priority marking. Remark dscp Action of setting the DSCP value for packets. Committed Access Rate Information about the CAR action. CIR CIR in kbps, which specifies the average traffic rate. CBS CBS in bytes, which specifies the amount of bursty traffic allowed at a time. EBS EBS in bytes, which specifies the amount of traffic exceeding CBS when two token buckets are used.
[Sysname-behavior-database] filter deny nest top-most Use nest top-most to configure a VLAN tag adding action in a traffic behavior. Use undo nest top-most to delete the action. Syntax nest top-most vlan vlan-id undo nest top-most Default No VLAN tag adding action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters vlan-id vlan-id: Specifies the ID of the VLAN tag to be added. The vlan-id argument is in the range of 1 to 4094.
Predefined user roles network-admin Parameters cpu: Redirects traffic to the CPU. interface: Redirects traffic to an interface. interface-type interface-number: Specifies an interface by its type and number. Usage guidelines Redirecting traffic to the CPU and redirecting traffic to an interface are mutually exclusive with each other in the same traffic behavior. The most recently configured redirecting action takes effect.
remark dot1p Use remark dot1p to configure an 802.1p priority marking action or an inner-to-outer tag priority copying action in a traffic behavior.. Use undo remark dot1p to delete the action. Syntax remark [ green | red | yellow ] dot1p dot1p-value undo remark [ green | red | yellow ] dot1p remark dot1p customer-dot1p-trust undo remark dot1p Default No 802.1p priority marking action or inner-to-outer tag priority copying action is configured.
remark drop-precedence Use remark drop-precedence to configure a drop priority marking action in a traffic behavior.. Use undo remark drop-precedence to delete the action. Syntax remark drop-precedence drop-precedence-value undo remark drop-precedence Default No drop priority marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters drop-precedence-value: Specifies the drop priority to be marked for packets. This argument is in the range of 0 to 2.
Parameters green: Specifies green packets. red: Specifies red packets. yellow: Specifies yellow packets. dscp-value: DSCP value, which can be a number from 0 to 63 or a keyword in Table 20.
Use undo remark ip-precedence to delete the action. Syntax remark ip-precedence ip-precedence-value undo remark ip-precedence Default No IP precedence marking action is configured. Views Traffic behavior view Predefined user roles network-admin Parameters ip-precedence-value: Specifies the IP precedence value to be marked for packets, in the range of 0 to 7. Examples # Set the IP precedence to 6 for packets.
system-view [Sysname] traffic behavior database [Sysname-behavior-database] remark local-precedence 2 remark qos-local-id Use remark qos-local-id to configure a local QoS ID marking action in a traffic behavior. Use undo remark qos-local-id to delete the action. Syntax remark qos-local-id local-id-value undo remark qos-local-id Default No local QoS ID marking action is configured.
Views Traffic behavior view Predefined user roles network-admin Parameters vlan-id: Specifies an SVLAN ID in the range of 1 to 4094. Examples # Configure traffic behavior b1 to mark matching packets with SVLAN 222. system-view [Sysname] traffic behavior b1 [Sysname-behavior-b1] remark service-vlan-id 222 traffic behavior Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior.
QoS policy commands classifier behavior Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy. Use undo classifier to remove a traffic class from the QoS policy. Syntax classifier classifier-name behavior behavior-name [ mode dcbx | insert-before before-classifier-name ] * undo classifier classifier-name Default No traffic behavior is associated with a traffic class.
Related commands qos policy control-plane Use control-plane to enter control plane view. Syntax control-plane slot slot-number Views System view Predefined user roles network-admin Parameters slot slot-number: Specifies an IRF member device by its member ID (slot number). Examples # Enter control plane view of IRF member device 1. system-view [Sysname] control-plane slot 1 [Sysname-cp-slot1] display qos policy Use display qos policy to display user-defined QoS policies.
display qos policy user-defined User-defined QoS policy information: Policy: 1 (ID 100) Classifier: 1 (ID 100) Behavior: 1 Marking: Remark dscp 3 Committed Access Rate: CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes) Green action : pass Yellow action : pass Red action : discard Classifier: 2 (ID 101) Behavior: 2 Accounting enable: Packet Filter enable: Permit Marking: Remark dot1p 4 Classifier: 3 (ID 102) Behavior: 3 -none- display qos policy control-plane Use display qos policy control-p
Policy: 1 Classifier: 1 Operator: AND Rule(s) : If-match acl 2000 Behavior: 1 Marking: Remark dscp 3 Committed Access Rate: CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes) Green action : pass Yellow action : pass Red action : discard Green packets : 0 (Packets) 0 (Bytes) Red packets : 0 (Packets) 0 (Bytes) Classifier: 2 Operator: AND Rule(s) : If-match protocol ipv6 Behavior: 2 Accounting enable: 0 (Packets) Filter enable: Permit Table 21 Command output Field Description Direction Inbound direct
Parameters slot slot-number: Specifies an IRF member device by its member ID (slot number). If you do not specify an IRF member device, this command displays predefined QoS policies applied to control planes on all IRF member devices. Examples # Display the predefined QoS policy applied to the control plane of IRF member device 1.
Table 22 Command output Field Description Pre-defined policy information Contents of the predefined control plane QoS policy. Protocol System-defined control plane protocol. Group Control plane protocol group. display qos policy global Use display qos policy global to display global QoS policies.
CIR 128 (kbps), CBS 8192 (Bytes), EBS 512 (Bytes) Green action : pass Yellow action : pass Red action : discard Green packets : 0 (Packets) Red packets : 0 (Packets) Classifier: 2 Operator: AND Rule(s) : If-match protocol ipv6 Behavior: 2 Accounting enable: 0 (Packets) Filter enable: Permit Marking: Remark dot1p 4 Table 23 Command output Field Description Direction Direction (inbound or outbound ) in which the QoS policy is applied. Green packets Statistics about green packets.
Examples # Display the QoS policy applied to the incoming traffic of FortyGigE 1/1/1.
Views Any view Predefined user roles network-admin network-operator Parameters name policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters. vlan vlan-id: Specifies a VLAN by its ID. inbound: Displays QoS policies applied to incoming traffic. outbound: Displays QoS policies applied to outgoing traffic. slot slot-number: Specifies an IRF member device by its member ID (slot number).
Remark dot1p 1 Classifier: 3 Operator: AND Rule(s) : -noneBehavior: 3 -none- Table 25 Command output Field Description Direction Direction in which the QoS policy is applied for the VLAN. Green packets Statistics about green packets. Red packets Statistics about red packets. For the description of other fields, see Table 16 and Table 19. qos apply policy (interface view, control plane view) Use qos apply policy to apply a QoS policy. Use undo qos apply policy to remove an applied QoS policy.
Usage guidelines For information about S-channel interfaces, S-channel aggregate interfaces, VSI interfaces, and VSI aggregate interfaces, see EVB Configuration Guide. Examples # Apply QoS policy USER1 to the outgoing traffic of FortyGigE 1/1/1. system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos apply policy USER1 outbound # Apply QoS policy aaa to the incoming traffic of the control plane of IRF member device 1.
The QoS policy applied to a user profile takes effect only after the QoS policy is successfully issued to the driver. Examples # Apply QoS policy test to the outgoing traffic of user profile user. system-view [Sysname] user-profile user [Sysname-user-profile-user] qos apply policy test outbound qos apply policy global Use qos apply policy global to apply a QoS policy globally. Use undo qos apply policy global to remove the QoS policy.
Default No QoS policy is configured. Views System view Predefined user roles network-admin Parameters policy-name: QoS policy name, a case-sensitive string of 1 to 31 characters. Usage guidelines To use the undo qos policy command to delete a QoS policy that has been applied to an object, you must first remove it from the object. Examples # Define QoS policy user1.
the start VLAN ID must be smaller than the end VLAN ID. Each item in the VLAN list is separated by a space. You can specify up to eight VLAN IDs. inbound: Applies the QoS policy to the incoming packets in the specified VLANs. outbound: Applies the QoS policy to the outgoing packets in the specified VLANs. Examples # Apply the QoS policy test to the incoming traffic of VLAN 200, VLAN 300, VLAN 400, and VLAN 500.
Examples # Clear the statistics of the global QoS policy applied to the incoming traffic globally. reset qos policy global inbound reset qos vlan-policy Use reset qos vlan-policy to clear statistics for QoS policies applied to VLANs. Syntax reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ] Views User view Predefined user roles network-admin Parameters vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Priority mapping commands Priority map commands display qos map-table Use display qos map-table to display the configuration of a priority map. Syntax display qos map-table [ dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p | exp-dp ] Views Any view Predefined user roles network-admin network-operator Parameters The switch provides the following types of priority map. Table 26 Priority maps Priority mapping Description dot1p-dp 802.1p-drop priority map. dot1p-exp 802.
1 : 0 2 : 1 3 : 3 4 : 4 5 : 5 6 : 6 7 : 7 Table 27 Command output Field Description MAP-TABLE NAME Name of the priority map. TYPE Type of the priority map. IMPORT Input values of the priority map. EXPORT Output values of the priority map. import Use import to configure mappings for a priority map. Use undo import to restore the specified or all mappings to the default for a priority map.
qos map-table Use qos map-table to enter the specified priority map view. Syntax qos map-table { dot1p-dp | dot1p-exp | dot1p-lp | dscp-dot1p| dscp-dp | dscp-dscp | exp-dot1p | exp-dp } Views System view Predefined user roles network-admin Parameters For the description of the keywords, see Table 26. Examples # Enter the 802.1p-local priority map view.
Examples # Set the port priority of FortyGigE 1/1/1 to 2. system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos priority 2 Related commands display qos trust interface Priority trust mode commands display qos trust interface Use display qos trust interface to display priority trust mode and port priority information on an interface.
Use undo qos trust to restore the default priority trust mode. Syntax qos trust { dot1p | dscp } undo qos trust Default An interface does not trust any packet priority. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters dot1p: Uses the 802.1p priority in incoming packets for priority mapping. dscp: Uses the DSCP value in incoming packets for priority mapping. Examples # Set the trusted packet priority type to 802.
GTS and rate limit commands GTS commands display qos gts interface Use display qos gts interface to view generic traffic shaping (GTS) configuration of interfaces. Syntax display qos gts interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the GTS configuration of all interfaces.
Use undo qos gts to remove GTS parameters for traffic of a queue on an interface. Syntax qos gts queue queue-id cir committed-information-rate [ cbs committed-burst-size ] undo qos gts queue queue-id Default No GTS parameters are configured on an interface. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters queue queue-id: Specifies a queue by its ID in the range of 0 to 7. cir committed-information-rate: Specifies the CIR in kbps.
Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the rate limit configuration of all interfaces. Examples # Display the rate limit configuration of all interfaces.
cbs committed-burst-size: Specifies the CBS in bytes. The value range for the committed-burst-size argument is an integral multiple of 512 between 512 and 134217728. The default value for this argument is the product of 62.5 and the CIR and must be an integral multiple of 512. If the product is not an integral multiple of 512, it is rounded up to the nearest integral multiple of 512. Examples # Limit the rate of outgoing packets on FortyGigE 1/1/1, with CIR 25600 kbps and CBS 512000 bytes.
Congestion management commands SP commands display qos queue sp interface Use display qos queue sp interface to display the SP queuing configuration of an interface. Syntax display qos queue sp interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the SP queuing configuration of all the interfaces.
Default An interface uses the WRR queuing algorithm. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Examples # Enable SP queuing on FortyGigE 1/1/1. system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos sp Related commands display qos queue sp interface WRR commands display qos queue wrr interface Use display qos queue wrr interface to display the WRR queuing configuration on an interface.
ef 1 9 cs6 1 13 cs7 1 15 Table 32 Command output Field Description Interface Interface type and interface number. Output queue Type of the current output queue. Queue ID ID of a queue. Group Number of the group a queue is assigned to. By default, all queues belong to group 1. Weight Packet-based queue scheduling weight of a queue. N/A is displayed for a queue that uses the SP queue scheduling algorithm.
# Enable byte-count WRR queuing on FortyGigE 1/1/1. system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos wrr byte-count Related commands display qos queue wrr interface qos wrr { byte-count | weight } Use qos wrr { byte-count | weight } to configure the WRR queuing parameters for a queue on an interface. Use undo qos wrr to restore the default WRR queuing parameters of a queue on an interface.
Number Keyword 3 af3 4 af4 5 ef 6 cs6 7 cs7 Examples # Enable byte-count WRR queuing on FortyGigE 1/1/1, assign queue 0, with the scheduling weight 10, to WRR group 1, and assign queue 1, with the scheduling weight 5, to WRR group 2.
This command is available only on a WRR-enabled interface. Queues in the SP group are scheduled with SP. The SP group has higher scheduling priority than the WRR group. Queues in a WRR group are scheduled according to user-configured weights, and WRR groups are scheduled at a 1:1 ratio. Examples # Enable packet-based WRR queuing on FortyGigE 1/1/1, and assign queue 0 to the SP group.
cs7 1 1 64 Table 34 Command output Field Description Interface Interface type and interface number. Output queue Type of the current output queue. Queue ID ID of a queue. Group Number of the WFQ group that holds the queue. By default, all queues are in group 1. Byte-count Byte-count scheduling weight of the queue. Min-Bandwidth Minimum guaranteed bandwidth. qos bandwidth queue Use qos bandwidth queue to set the minimum guaranteed bandwidth for a queue on an interface.
Related commands qos wfq qos wfq Use qos wfq to enable WFQ and specify the WFQ weight type on an interface. Use undo qos wfq to disable WFQ and restore the default queuing algorithm on an interface. Syntax qos wfq { byte-count | weight } undo qos wfq { byte-count | weight } Default An interface uses the byte-count WRR queuing algorithm, and all the queues are in the WRR group.
undo qos wfq queue-id Default When WFQ queuing is used on an interface, all the queues are in WFQ group 1 and have a weight of 1. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID. The value is an integer in the range of 0 to 7 or a keyword listed in Table 33. group { 1 | 2 }: Specifies WFQ group 1 or 2. If you do not specify a group, group 1 applies.
Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID. The value is an integer in the range of 0 to 7 or a keyword listed in Table 33. sp: Assigns a queue to the SP group, which uses the SP queue scheduling algorithm. Usage guidelines You must use the qos wfq command to enable WFQ first before you configure this command. With this SP+WFQ queuing method, the system schedules traffic as follows: 1.
Views Queue scheduling profile view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID. The value can be an integer in the range of 0 to 7 or a keyword listed in Table 33. min bandwidth-value: Specifies the minimum guaranteed bandwidth in the range of 8 to 100000000 kbps. Usage guidelines You must configure a queue as a WFQ queue before you can configure the minimum guaranteed bandwidth for the queue.
slot slot-number: Specifies an IRF member device. The slot-number argument represents the ID of the IRF member device. If you do not specify an IRF member device, this command displays the configuration of queue scheduling profiles on the master. Examples # Display the configuration of the queue scheduling profile myprofile.
Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the queue scheduling profiles applied to all interfaces. Examples # Display the queue scheduling profile applied to FortyGigE 1/1/1.
system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos apply qmprofile myprofile Related commands display qos qmprofile interface qos qmprofile Use qos qmprofile to create a queue scheduling profile and enter queue scheduling profile view. Use undo qos qmprofile to delete a user-defined queue scheduling profile. Syntax qos qmprofile profile-name undo qos qmprofile profile-name Default No user-defined queue scheduling profile exists.
undo queue queue-id Default A queue uses SP queuing. Views Queue scheduling profile view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7. sp: Enables SP for the queue. wfq: Enables WFQ for the queue. wrr: Enables WRR for the queue. group group-id: Specifies a WFQ or WRR group by its ID. The value range is 1 and 2. byte-count: Allocates bandwidth to queues in terms of bytes. weight: Allocates bandwidth to queues in terms of packets.
Queue-based accounting commands display qos queue-statistics interface outbound Use display qos queue-statistics interface outbound to display queue-based outgoing traffic statistics for interfaces. Syntax display qos queue-statistics interface [ interface-type interface-number ] outbound Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Queue 5 Forwarded: 0 packets, 0 bytes, 0 pps, 0 bps Dropped: 0 packets, 0 bytes Current queue length: 0 packets Queue 6 Forwarded: 0 packets, 0 bytes, 0 pps, 0 bps Dropped: 0 packets, 0 bytes Current queue length: 0 packets Queue 7 Forwarded: 1087 packets, 98466 bytes, 0 pps, 0 bps Dropped: 0 packets, 0 bytes Current queue length: 0 packets Table 37 Command output Field Description Interface Interface for which queue-based traffic statistics are displayed.
Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the WRED configuration and statistics for all interfaces. Examples # Display the WRED configuration for all interfaces. display qos wred interface Interface: FortyGigE1/1/1 Current WRED configuration: Applied WRED table name: 1 Table 38 Command output Field Description Interface Interface type and interface number.
6 100 1000 10 100 1000 10 100 1000 10 9 N 7 100 1000 10 100 1000 10 100 1000 10 9 N Table 39 Command output Field Description QID Queue ID. gmin Lower limit for green packets. gmax Upper limit for green packets. gprob Drop probability for green packets. ymin Lower limit for yellow packets. ymax Upper limit for yellow packets. yprob Drop probability for yellow packets. rmin Lower limit for red packets. rmax Upper limit for red packets.
Examples # Apply the queue-based WRED table table1 to interface FortyGigE 1/1/1. system-view [Sysname] interface FortyGigE 1/1/1 [Sysname-FortyGigE1/1/1] qos wred apply table1 Related commands • display qos wred interface • display qos wred table • qos wred table qos wred table Use qos wred table to create a WRED table and enter WRED table view. Use undo qos wred table to delete a WRED table.
Use undo queue to restore the default. Syntax queue queue-id [ drop-level drop-level ] low-limit low-limit high-limit high-limit [ discard-probability discard-prob ] undo queue { queue-id | all } Default After a WRED table is created, the low-limit argument is 100, the high-limit argument is 1000, and the discard-prob argument is 10. Views WRED table view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7.
• qos wred table queue ecn Use queue ecn to enable ECN for a queue. Use undo queue ecn to restore the default. Syntax queue queue-id ecn undo queue queue-id ecn Default ECN is not enabled on any queue. Views WRED table view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID in the range of 0 to 7. Usage guidelines When both the receiver and sender support ECN, the device can notify the peer end of the congestion status by identifying and setting the ECN flag.
Views WRED table view Predefined user roles network-admin Parameters queue-id: Specifies a queue by its ID. weighting-constant exponent: Specifies the WRED exponent for average queue length calculation, in the range of 0 to 15. Usage guidelines The bigger the exponent is, the less sensitive the average queue size is to real-time queue size changes.
Aggregate CAR commands car name Use car name to reference an aggregate CAR action in a traffic behavior. Use undo car to remove an aggregate CAR action from a traffic behavior. Syntax car name car-name undo car Default No aggregate CAR action is configured in a traffic behavior. Views Traffic behavior view Predefined user roles network-admin Parameters car-name: Specifies the name of an aggregate CAR action. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters.
Parameters car-name: Specifies an aggregate CAR action by its name. This argument must start with a letter, and is a case-sensitive string of 1 to 31 characters. If you do not specify an aggregate CAR action, this command displays the configuration and statistics for all aggregate CAR actions. Examples # Display the configuration and statistics for all aggregate CAR actions.
Syntax qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action | red action | yellow action ] * qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ green action | red action | yellow action ] * undo qos car car-name Default No aggregate CAR action is configured.
Usage guidelines An aggregate CAR action takes effect only after it is applied to an interface or referenced in a QoS policy. Examples # Configure the aggregate CAR action aggcar-1, where CIR is 25600, CBS is 512000, and red packets are dropped. system-view [Sysname] qos car aggcar-1 aggregative cir 25600 cbs 512000 red discard Related commands display qos car name reset qos car name Use reset qos car name to clear statistics for an aggregate CAR action.
Time range commands display time-range Use display time-range to display time range configuration and status. Syntax display time-range { time-range-name | all } Views Any view Predefined user roles network-admin network-operator Parameters time-range-name: Specifies a time range name, a case-insensitive string of 1 to 32 characters. It must start with an English letter. all: Displays the configuration and status of all existing time ranges.
Syntax time-range time-range-name { start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 } undo time-range time-range-name [ start-time to end-time days [ from time1 date1 ] [ to time2 date2 ] | from time1 date1 [ to time2 date2 ] | to time2 date2 ] Default No time range exists. Views System view Predefined user roles network-admin Parameters time-range-name: Specifies a time range name.
• Periodic statement in the start-time to end-time days format. A periodic statement recurs periodically on a day or days of the week. • Absolute statement in the from time1 date1 to time2 date2 format. An absolute statement does not recur. • Compound statement in the start-time to end-time days from time1 date1 to time2 date2 format. A compound statement recurs on a day or days of the week only within the specified period.
Use undo buffer apply to cancel the application. Syntax buffer apply undo buffer apply Views System view Predefined user roles network-admin Usage guidelines After applying manually configured data buffer settings, you cannot directly modify the applied settings. To modify them, you must cancel the application, reconfigure data buffer settings, and reapply the new settings. Examples # Apply manually configured data buffer settings.
Usage guidelines The fixed-area space for a queue cannot be used by other queues. It is also called the minimum guaranteed buffer. The sum of fixed-area ratios configured for queues cannot be greater than or equal to 100%. Queues 5, 6, and 7 must have available fixed-area space. After you configure the fixed-area ratios for some queues, the other queues each are assigned an equal share of the remaining part of the fixed area.
Table 42 Mapping between configured values of ratio-value and effective values Configured value of ratio-value Effective value 0 to 1 1 2 to 3 3 4 to 7 6 8 to 16 11 17 to 29 20 30 to 42 33 43 to 60 50 61 to 76 67 77 to 86 80 87 to 100 89 Examples # Configure queue 0 to use up to 5% shared-area space of cell resources in the egress buffer of IRF member device 2.
Usage guidelines After you configure the total shared-area ratio, the remaining buffer space is automatically assigned to the fixed area. Examples # Configure the shared area to use 65% space of cell resources in the egress buffer of IRF member device 2. system-view [Sysname] buffer egress slot 2 cell total-shared ratio 65 burst-mode enable Use burst-mode enable to enable the Burst function. Use undo burst-mode enable to disable the Burst function.
Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies an IRF member device by its member ID (slot number). If you do not specify an IRF member device, this command displays buffer size settings for all IRF member devices. queue queue-id: Specifies a queue by its ID in the range of 0 to 7. Usage guidelines If you do not specify the queue keyword, this command displays the total shared-area ratio.
Field Description Eg Egress buffer. (Total-shared) Total shared-area size. • Guaranteed—Fixed-area ratio for a queue. • Shared—Shared-area ratio for a queue. (Guaranteed , Shared) The default fixed-area ratio for a queue is 12.5%, but the default value in the display buffer queue command output is 13%. Unit for configuring the data buffer. The device supports only ratio. Unit display buffer usage Use display buffer usage to display buffer usage.
XGE1/0/11 0% 0% 0% XGE1/0/12 0% 0% 0% XGE1/0/13 0% 0% 0% XGE1/0/14 0% 0% 0% XGE1/0/15 0% 0% 0% XGE1/0/16 0% 0% 0% XGE1/0/17 0% 0% 0% XGE1/0/18 0% 0% 0% XGE1/0/19 0% 0% 0% XGE1/0/20 0% 0% 0% XGE1/0/21 0% 0% 0% XGE1/0/22 0% 0% 0% XGE1/0/23 0% 0% 0% XGE1/0/24 0% 0% 0% XGE1/0/25 0% 0% 0% XGE1/0/26 0% 0% 0% XGE1/0/27 0% 0% 0% XGE1/0/28 0% 0% 0% XGE1/0/29 0% 0% 0% XGE1/0/30 0% 0% 0% XGE1/0/31 0% 0% 0% XGE1/0/32 0% 0% 0% XGE1/0
Field Description Block 1 Block where the port resides. The block where the ports on the front panel of the device reside is fixed to Block 1. 5sec Percentage of the buffer that the port uses for the last 5 seconds. 1min Percentage of the buffer that the port uses for the last 1 minute. 5min Percentage of the buffer that the port uses for the last 5 minutes.
Index ABCDFINPQRST display qos qmprofile configuration,90 A display qos qmprofile interface,91 accounting,44 display qos queue sp interface,80 acl,1 display qos queue wfq interface,85 acl copy,2 display qos queue wrr interface,81 acl logging interval,3 display qos queue-statistics interface outbound,95 acl name,4 display qos trust interface,74 B display qos vlan-policy,63 bandwidth,89 display qos wred interface,96 buffer apply,109 display qos wred table,97 buffer queue guaranteed,110 dis
qos priority,73 remark local-precedence,53 qos qmprofile,93 remark qos-local-id,54 qos sp,80 remark service-vlan-id,54 qos trust,74 reset acl counter,16 qos vlan-policy,68 reset packet-filter statistics,17 qos wfq,87 reset qos car name,106 qos wfq { byte-count | weight },87 reset qos policy control-plane,69 qos wfq group sp,88 reset qos policy global,69 qos wred apply,98 reset qos vlan-policy,70 qos wred table,99 rule (Ethernet frame header ACL view),18 qos wrr,82 rule (IPv4 advanced AC
