Does the traffic-policy or traffic-filter command first take effect


The traffic-filter command is supported from V200R002C00.

When the traffic-policy and traffic-filter commands are simultaneously executed, the traffic-filter command takes effect first.

Other related questions:
Why a traffic policy does not take effect on an AR
Pay attention to the following points when configuring a traffic policy so that the traffic policy can take effect: - In a traffic behavior, when the permit action is configured with other actions, the device performs these actions one by one. The deny action cannot be used with other actions (except traffic statistics and traffic mirroring); even if they are configured together, only the deny action takes effect. - When packets are filtered based on an ACL rule, if the rule is configured to permit, the action taken on the packets is decided by the deny or permit action configured in the traffic behavior. If the rule is configured to deny, packets are discarded no matter whether the deny or permit action is configured in the traffic behavior. - A traffic policy that contains the following traffic behaviors can be applied only in the outbound direction of a WAN interface: traffic shaping, adaptive traffic shaping, congestion management, and congestion avoidance. - After fragmentation is configured on an AR, if the rule of the traffic classifier contains the non-first-fragment field, the rate limiting or statistics collection function cannot be configured for the fragmented packets sent to the AR. - If a traffic behavior is bound to an ACL that has no rule configured, the traffic policy referencing the ACL does not take effect.

Can a traffic policy be configured in a super-VLAN or sub-VLAN to make the traffic policy take effect
The packets received and sent by the switch configured with VLAN aggregation carry sub-VLAN tags but not super-VLAN tags, so a traffic policy must be configured in all sub-VLANs of a super-VLAN. A traffic policy in the super-VLAN does not take effect.

Why does an inbound traffic policy fail to filter traffic or limit the rate of inbound packets on an S series modular switch
For S series modular switches, a traffic policy fails to filter traffic or limit the rate of packets for users matching DHCP snooping binding tables. You can run the following commands to check whether static or dynamic binding entries exist: - Run thedisplay dhcp { snooping | static } user-bind { interface interface-type interface-number | ip-address ip-address | mac-address mac-address | vlan vlan-id } * [ verbose ] command to check static or dynamic DHCP snooping binding entries on an interface. - Run the display dhcp { snooping | static } user-bind all [ verbose ] command to check static or dynamic DHCP snooping binding entries on all interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top