List Traffic Classifier in huawei s6720

Created: Jun 25, 2019 17:23:59Latest reply: Jun 27, 2019 06:42:00 114 3 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hi,

I was new to huawei devices, I have configured some traffic classifiers rules on huawei s6720.

I was trying to list down the rules but i wont found any comment for that. please help me to find out that


Thanks & Regards,

Tamil

  • x
  • convention:

Featured Answers
chenhui
Admin Created Jun 26, 2019 00:42:24 Helpful(0) Helpful(0)

@stamil hi,
Executing command display traffic classifier to display the traffic classifier you have configured.
  • x
  • convention:

All Answers
wissal
wissal MVE Created Jun 25, 2019 20:09:37 Helpful(0) Helpful(0)

Hi,

Please find below List Traffic Classifier in huawei s6720

Configuring a Traffic Classifier

Pre-configuration Tasks

Before configuring a traffic classifier, complete the following tasks:
  • Configure link layer attributes of interfaces to ensure that the interfaces work properly.

  • Configure an ACL if an ACL needs to be used to classify traffic.

Context

Non-conflicting rules can be configured in a traffic classifier.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run traffic classifier classifier-name [ operator { and | or } ]

    A traffic classifier is created and the traffic classifier view is displayed, or an existing traffic classifier view is displayed.

    and is the logical operator between the rules in the traffic classifier, which means that:
    • If the traffic classifier contains ACL rules, packets match the traffic classifier only when they match one ACL rule and all the non-ACL rules.

    • If the traffic classifier does not contain any ACL rules, packets match the traffic classifier only when they match all the rules in the classifier.

    The logical operator or means that packets match the traffic classifier if they match one of the rules in the classifier.

    By default, the relationship between rules in a traffic classifier is OR.

  3. Configure matching rules according to the following table.
    imgDownload?uuid=3cbe8f4282754bd592ffe31 NOTE:

    Only the S5720EI, S6720EI, and S6720S-EI support traffic classifiers with advanced ACLs containing the ttl-expired field.

    When a traffic classifier contains if-match ipv6 acl { acl-number | acl-name }, the S5720HI does not support remark 8021p [ 8021p-value | inner-8021p ], remark cvlan-id cvlan-idremark vlan-id vlan-id, or mac-address learning disable.

    Matching Rule

    Command

    Remarks

    Outer VLAN ID or inner and outer VLAN IDs of QinQ packets

    if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]

    Only the S1720X, S1720X-E, S5720EI, S5720HI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, and S6720S-EI support the cvlan-idcvlan-id parameter.

    Inner and outer VLAN IDs in QinQ packets

    if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ] (S1720X, S1720X-E, S5720EI, S5720HI, S5730SI, S5730S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI, S6720EI, S6720S-EI)

    -

    802.1p priority in VLAN packets

    if-match 8021p 8021p-value &<1-8>

    If you enter multiple 802.1p priority values in one command, a packet matches the traffic classifier if it matches any of the priorities, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

    Inner 802.1p priority in QinQ packets

    if-match cvlan-8021p 8021p-value &<1-8> (S5720EI, S5720HI, S6720EI, S6720S-EI)

    -

    Drop packet

    if-match discard (S5720EI, S5720HI, S6720EI, S6720S-EI)

    A traffic classifier containing this matching rule can only be bound to traffic behaviors containing traffic statistics collection and flow mirroring actions.

    Double tags in QinQ packets

    if-match double-tag (S5720EI, S5720HI, S6720EI, S6720S-EI)

    -

    Destination MAC address

    if-match destination-mac mac-address [ mac-address-mask ]

    -

    Source MAC address

    if-match source-mac mac-address [ mac-address-mask ]

    -

    Protocol type field in the Ethernet frame header

    if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }

    -

    All packets

    if-match any

    -

    DSCP priority in IP packets

    if-match dscp dscp-value &<1-8>

    • If you enter multiple DSCPvalues in one command, a packet matches the traffic classifier if it matches any of the DSCP values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

    • If the relationship between rules in a traffic classifier is AND, the if-match dscp and if-match ip-precedence commands cannot be used in the traffic classifier simultaneously.

    IP precedence in IP packets

    if-match ip-precedence ip-precedence-value &<1-8>
    • The if-match dscp and if-match ip-precedence commands cannot be configured in a traffic classifier in which the relationship between rules is AND.

    • If you enter multiple IP precedence values in one command, a packet matches the traffic classifier if it matches any of the IP precedence values, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

    Layer 3 protocol type

    if-match protocol { ip | ipv6 }

    -

    SYN Flag in the TCP packet

    if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }

    -

    Inbound interface

    if-match inbound-interface interface-typeinterface-number

    A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.

    Outbound interface

    if-match outbound-interface interface-type interface-number (S5720EI, S5720HI, S6720EI, S6720S-EI)

    A traffic policy containing this matching rule cannot be applied to the inbound direction on the S5720HI.

    The traffic policy containing this matching rule cannot be applied in the interface view.

    ACL rule

    if-match acl { acl-number | acl-name }
    • When an ACL is used to define a traffic classification rule, it is recommended that the ACL be configured first.
    • If an ACL in a traffic classifier defines multiple rules, a packet matches the ACL as long as it matches one of rules, regardless of whether the relationship between rules in the traffic classifier is AND or OR.

    ACL6 rule

    if-match ipv6 acl { acl-number | acl-name }

    Before specifying an ACL6 in a matching rule, configure the ACL6.

    Flow ID

    if-match flow-id flow-id (S5720EI, S6720EI, S6720S-EI)

    The traffic classifier containing if-match flow-id and the traffic behavior containing remark flow-id must be bound to different traffic policies.

    The traffic policy containing if-match flow-id can only be applied to an interface, a VLAN, or the system in the inbound direction.

  4. Run quit

    Exit from the traffic classifier view.

Thanks
  • x
  • convention:

Telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.
chenhui
chenhui Admin Created Jun 26, 2019 00:42:24 Helpful(0) Helpful(0)

@stamil hi,
Executing command display traffic classifier to display the traffic classifier you have configured.
  • x
  • convention:

Mohamed_Mostafa
Mohamed_Mostafa Created Jun 27, 2019 06:42:00 Helpful(0) Helpful(0)

Don't forget to apply it under the interface

Example :

rule 5 permit ip source 10.1.1.3 0 destination 10.1.1.10 0
#
traffic classifier test operator and
if-match acl 3999
#
traffic behavior test
statistic enable
#
traffic policy test
classifier test behavior test
#
interface g0/0/1
traffic-policy test inbound         // you can choose outbound also
#

To display the result , wait a so time then :

[S12700] display traffic policy statistics interface g0/0/1 inbound
  • x
  • convention:

Network%20%26%20Security%20Engineer

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login