Can a traffic policy be configured in a super-VLAN or sub-VLAN to make the traffic policy take effect

11

The packets received and sent by the switch configured with VLAN aggregation carry sub-VLAN tags but not super-VLAN tags, so a traffic policy must be configured in all sub-VLANs of a super-VLAN. A traffic policy in the super-VLAN does not take effect.

Other related questions:
Configure a VLAN-based traffic policy on S series switch
In what order does an applied traffic policy take effect on S series switches
For S series switches (except the S1700), a traffic policy can be applied in the system view, interface view, and VLAN view simultaneously. When applying a traffic policy in multiple views, configure the traffic policy in the sequence of interface view, VLAN view, and system view. When multiple traffic policies are applied in different views and packets simultaneously match different traffic policies, the traffic policies take effect in the following orders: - If traffic classification rules in the traffic policies are of the same type, that is, the rules are all user-defined ACL rules, Layer 2 rules, or Layer 3 rules, only one traffic policy takes effect. The traffic policy that takes effect depends on the view in which the traffic policy has been applied. The view priority is as follows: interface view > VLAN view > system view. - For cards of modular switches except X series cards and fixed switches S5700HI, S5700EI, S5710EI, S5720EI, S5710HI, S6700EI, S6720EI, and S6720S-EI, if traffic classification rules in the traffic policies are of different types and actions in traffic behaviors do not conflict, traffic policies in all views take effect. If actions in traffic behaviors conflict, only one traffic policy takes effect and the traffic policy that takes effect is relevant to rules. The rule priority is as follows: Layer 2 rule and Layer 3 rule > advanced ACL6 rule > basic ACL6 rule > Layer 3 rule > Layer 2 rule > user-defined ACL rule. - For X series cards of modular switches and E series and S series fixed switches S600-E, S1720GFR, S1720GW-E, S1720GWR-E, S2720, S2750, 5700SI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S5710-X-LI, S5720SI, S5720S-SI, and S5720HI, if traffic classification rules in the traffic policies are of different types, the traffic policy in only one view takes effect and the traffic policy that takes effect is relevant to the view in which it is applied. The view priority is as follows: interface view > VLAN view > system view. It is recommended that you configure the traffic policy based on the priority. Otherwise, the configured traffic policy may not take effect immediately. Note: MQC cannot be configured on the S2700SI.

Can I apply a traffic policy to a VLAN on an S series switch
For S series switches (except the S1700), a traffic policy can be applied to a VLAN. The application procedure is as follows: 1. Run the system-view command to enter the system view. 2. Run the vlan vlan-id command to enter the VLAN view. 3. Run the traffic-policy policy-name { inbound | outbound } command to apply a traffic policy to the VLAN. Only one traffic policy can be applied to a VLAN in the inbound or outbound direction. After a traffic policy is applied to a VLAN, the system performs traffic policing for all the incoming or outgoing packets that belong to the VLAN and match traffic classification rules in the VLAN. Note: MQC cannot be configured on the S2700SI.

Why a traffic policy does not take effect on an AR
Pay attention to the following points when configuring a traffic policy so that the traffic policy can take effect: - In a traffic behavior, when the permit action is configured with other actions, the device performs these actions one by one. The deny action cannot be used with other actions (except traffic statistics and traffic mirroring); even if they are configured together, only the deny action takes effect. - When packets are filtered based on an ACL rule, if the rule is configured to permit, the action taken on the packets is decided by the deny or permit action configured in the traffic behavior. If the rule is configured to deny, packets are discarded no matter whether the deny or permit action is configured in the traffic behavior. - A traffic policy that contains the following traffic behaviors can be applied only in the outbound direction of a WAN interface: traffic shaping, adaptive traffic shaping, congestion management, and congestion avoidance. - After fragmentation is configured on an AR, if the rule of the traffic classifier contains the non-first-fragment field, the rate limiting or statistics collection function cannot be configured for the fragmented packets sent to the AR. - If a traffic behavior is bound to an ACL that has no rule configured, the traffic policy referencing the ACL does not take effect.

Does the traffic-policy or traffic-filter command first take effect
The traffic-filter command is supported from V200R002C00. When the traffic-policy and traffic-filter commands are simultaneously executed, the traffic-filter command takes effect first.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top