Hi, everyone
I have the issue. When I use the traffic policy into serial interface the acl on R2 does not work.
<R1>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AR1200 V200R003C00)
Copyright (C) 2011-2012 HUAWEI TECH CO., LTD
Huawei AR1220 Router uptime is 0 week, 0 day, 0 hour, 42 minutes
BKP 0 version information:
1. PCB Version : AR01BAK1A VER.NC
2. If Supporting PoE : No
3. Board Type : AR1220
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 2
MPU 0(Master) : uptime is 0 week, 0 day, 0 hour, 42 minutes
MPU version information :
1. PCB Version : AR01SRU1A VER.A
2. MAB Version : 0
3. Board Type : AR1220
4. BootROM Version : 0
<R2>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AR1200 V200R003C00)
Copyright (C) 2011-2012 HUAWEI TECH CO., LTD
Huawei AR1220 Router uptime is 0 week, 0 day, 0 hour, 42 minutes
BKP 0 version information:
1. PCB Version : AR01BAK1A VER.NC
2. If Supporting PoE : No
3. Board Type : AR1220
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 2
MPU 0(Master) : uptime is 0 week, 0 day, 0 hour, 42 minutes
MPU version information :
1. PCB Version : AR01SRU1A VER.A
2. MAB Version : 0
3. Board Type : AR1220
4. BootROM Version : 0
<R3>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AR1200 V200R003C00)
Copyright (C) 2011-2012 HUAWEI TECH CO., LTD
Huawei AR1220 Router uptime is 0 week, 0 day, 0 hour, 42 minutes
BKP 0 version information:
1. PCB Version : AR01BAK1A VER.NC
2. If Supporting PoE : No
3. Board Type : AR1220
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 2
MPU 0(Master) : uptime is 0 week, 0 day, 0 hour, 42 minutes
MPU version information :
1. PCB Version : AR01SRU1A VER.A
2. MAB Version : 0
3. Board Type : AR1220
4. BootROM Version : 0
Case 1 Serial Interface
[R1]dis cu
[V200R003C00]
#
sysname R1
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
ip address 12.1.1.1 255.255.255.0
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
#
interface LoopBack2
ip address 22.22.22.22 255.255.255.255
#
interface LoopBack3
ip address 33.33.33.33 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.11.11.11 0.0.0.0
network 12.1.1.0 0.0.0.255
network 22.22.22.22 0.0.0.0
network 33.33.33.33 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R2>dis cu
[V200R003C00]
#
sysname R2
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2001
rule 5 permit source 11.11.11.11 0
acl number 2002
rule 5 permit source 22.22.22.22 0
acl number 2003
rule 5 permit source 33.33.33.33 0
#
traffic classifier NETB operator or
if-match acl 2002
traffic classifier NETC operator or
if-match acl 2003
traffic classifier NETA operator or
if-match acl 2001
#
traffic behavior B3
remark dscp ef
statistic enable
traffic behavior B1
remark dscp af41
statistic enable
traffic behavior B2
remark dscp cs4
statistic enable
#
traffic policy POLICY
classifier NETA behavior B1
classifier NETB behavior B2
classifier NETC behavior B3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
ip address 12.1.1.2 255.255.255.0
traffic-policy POLICY inbound
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 23.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
network 23.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>dis cu
[V200R003C00]
#
sysname R3
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 11.11.11.11 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>
[R1]ping -a 11.11.11.11 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/38/50 ms
[R1]ping -a 22.22.22.22 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/30 ms
[R1]ping -a 33.33.33.33 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/36/40 ms
<R2>dis traffic policy statistics interface Serial 1/0/0 inbound
Interface: Serial1/0/0
Traffic policy inbound: POLICY
Rule number: 3
Current status: OK!
Item Sum(Packets/Bytes) Rate(pps/bps)
-------------------------------------------------------------------------------
Matched 0/ 0/
0 0
+--Passed 0/ 0/
0 0
+--Dropped 0/ 0/
0 0
+--Filter 0/ 0/
0 0
+--CAR 0/ 0/
0 0
+--Queue Matched 0/ 0/
0 0
+--Enqueued 0/ 0/
0 0
+--Discarded 0/ 0/
0 0
+--Car 0/ 0/
0 0
+--Green packets 0/ 0/
0 0
+--Yellow packets 0/ 0/
0 0
+--Red packets 0/ 0/
0 0
<R2>dis acl all
Total quantity of nonempty ACL number is 3
Basic ACL 2001, 1 rule
Acl's step is 5
rule 5 permit source 11.11.11.11 0
Basic ACL 2002, 1 rule
Acl's step is 5
rule 5 permit source 22.22.22.22 0
Basic ACL 2003, 1 rule
Acl's step is 5
rule 5 permit source 33.33.33.33 0
The acl does not have any match
But when I use the giga interface works.
Case 2 giga interface
[R1]dis cu
[V200R003C00]
#
sysname R1
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
#
interface LoopBack2
ip address 22.22.22.22 255.255.255.255
#
interface LoopBack3
ip address 33.33.33.33 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.11.11.11 0.0.0.0
network 12.1.1.0 0.0.0.255
network 22.22.22.22 0.0.0.0
network 33.33.33.33 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
[R2]dis cu
[V200R003C00]
#
sysname R2
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2001
rule 5 permit source 11.11.11.11 0
acl number 2002
rule 5 permit source 22.22.22.22 0
acl number 2003
rule 5 permit source 33.33.33.33 0
#
traffic classifier NETB operator or
if-match acl 2002
traffic classifier NETC operator or
if-match acl 2003
traffic classifier NETA operator or
if-match acl 2001
#
traffic behavior B3
remark dscp ef
statistic enable
traffic behavior B1
remark dscp af41
statistic enable
traffic behavior B2
remark dscp cs4
statistic enable
#
traffic policy POLICY
classifier NETA behavior B1
classifier NETB behavior B2
classifier NETC behavior B3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 23.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 12.1.1.2 255.255.255.0
traffic-policy POLICY inbound
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
network 23.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>dis cu
[V200R003C00]
#
sysname R3
#
board add 0/1 2SA
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
acl number 2000
rule 5 deny source 11.11.11.11 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Serial1/0/0
link-protocol ppp
#
interface Serial1/0/1
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R1]ping -a 11.11.11.11 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/32/40 ms
[R1]ping -a 22.22.22.22 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/36/40 ms
[R1]ping -a 33.33.33.33 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/32/40 ms
[R2]dis traffic policy statistics interface GigabitEthernet 0/0/1 inbound
Interface: GigabitEthernet0/0/1
Traffic policy inbound: POLICY
Rule number: 3
Current status: OK!
Item Sum(Packets/Bytes) Rate(pps/bps)
-------------------------------------------------------------------------------
Matched 15/ 1/
1,830 128
+--Passed 15/ 1/
1,830 128
+--Dropped 0/ 0/
0 0
+--Filter 0/ 0/
0 0
+--CAR 0/ 0/
0 0
+--Queue Matched 0/ 0/
0 0
+--Enqueued 0/ 0/
0 0
+--Discarded 0/ 0/
0 0
+--Car 0/ 0/
0 0
+--Green packets 0/ 0/
0 0
+--Yellow packets 0/ 0/
0 0
+--Red packets 0/ 0/
0 0
[
[R2]dis acl all
Total quantity of nonempty ACL number is 3
Basic ACL 2001, 1 rule
Acl's step is 5
rule 5 permit source 11.11.11.11 0 (5 matches)
Basic ACL 2002, 1 rule
Acl's step is 5
rule 5 permit source 22.22.22.22 0 (5 matches)
Basic ACL 2003, 1 rule
Acl's step is 5
rule 5 permit source 33.33.33.33 0 (5 matches)