In what order does an applied traffic policy take effect on S series switches

23

For S series switches (except the S1700), a traffic policy can be applied in the system view, interface view, and VLAN view simultaneously. When applying a traffic policy in multiple views, configure the traffic policy in the sequence of interface view, VLAN view, and system view.
When multiple traffic policies are applied in different views and packets simultaneously match different traffic policies, the traffic policies take effect in the following orders:
- If traffic classification rules in the traffic policies are of the same type, that is, the rules are all user-defined ACL rules, Layer 2 rules, or Layer 3 rules, only one traffic policy takes effect. The traffic policy that takes effect depends on the view in which the traffic policy has been applied. The view priority is as follows: interface view > VLAN view > system view.
- For cards of modular switches except X series cards and fixed switches S5700HI, S5700EI, S5710EI, S5720EI, S5710HI, S6700EI, S6720EI, and S6720S-EI, if traffic classification rules in the traffic policies are of different types and actions in traffic behaviors do not conflict, traffic policies in all views take effect. If actions in traffic behaviors conflict, only one traffic policy takes effect and the traffic policy that takes effect is relevant to rules. The rule priority is as follows: Layer 2 rule and Layer 3 rule > advanced ACL6 rule > basic ACL6 rule > Layer 3 rule > Layer 2 rule > user-defined ACL rule.
- For X series cards of modular switches and E series and S series fixed switches S600-E, S1720GFR, S1720GW-E, S1720GWR-E, S2720, S2750, 5700SI, S5700LI, S5700S-LI, S5720LI, S5720S-LI, S5710-X-LI, S5720SI, S5720S-SI, and S5720HI, if traffic classification rules in the traffic policies are of different types, the traffic policy in only one view takes effect and the traffic policy that takes effect is relevant to the view in which it is applied. The view priority is as follows: interface view > VLAN view > system view.
It is recommended that you configure the traffic policy based on the priority. Otherwise, the configured traffic policy may not take effect immediately.
Note: MQC cannot be configured on the S2700SI.

Other related questions:
Why a traffic policy does not take effect on an AR
Pay attention to the following points when configuring a traffic policy so that the traffic policy can take effect: - In a traffic behavior, when the permit action is configured with other actions, the device performs these actions one by one. The deny action cannot be used with other actions (except traffic statistics and traffic mirroring); even if they are configured together, only the deny action takes effect. - When packets are filtered based on an ACL rule, if the rule is configured to permit, the action taken on the packets is decided by the deny or permit action configured in the traffic behavior. If the rule is configured to deny, packets are discarded no matter whether the deny or permit action is configured in the traffic behavior. - A traffic policy that contains the following traffic behaviors can be applied only in the outbound direction of a WAN interface: traffic shaping, adaptive traffic shaping, congestion management, and congestion avoidance. - After fragmentation is configured on an AR, if the rule of the traffic classifier contains the non-first-fragment field, the rate limiting or statistics collection function cannot be configured for the fragmented packets sent to the AR. - If a traffic behavior is bound to an ACL that has no rule configured, the traffic policy referencing the ACL does not take effect.

Why does the egress policy configured on an RR not take effect on S series switches
Q: Why does the egress policy configured on an RR not take effect? A: The route reflection attribute of the reflector is the route attribute determined by the ingress policy and is not affected by either the egress policy or the peer { group-name | ipv4-address | ipv6-address } next-hop-local command.

Does the traffic-policy or traffic-filter command first take effect
The traffic-filter command is supported from V200R002C00. When the traffic-policy and traffic-filter commands are simultaneously executed, the traffic-filter command takes effect first.

Why does an inbound traffic policy fail to filter traffic or limit the rate of inbound packets on an S series modular switch
For S series modular switches, a traffic policy fails to filter traffic or limit the rate of packets for users matching DHCP snooping binding tables. You can run the following commands to check whether static or dynamic binding entries exist: - Run thedisplay dhcp { snooping | static } user-bind { interface interface-type interface-number | ip-address ip-address | mac-address mac-address | vlan vlan-id } * [ verbose ] command to check static or dynamic DHCP snooping binding entries on an interface. - Run the display dhcp { snooping | static } user-bind all [ verbose ] command to check static or dynamic DHCP snooping binding entries on all interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top