H3C SR6600 SPE-FWM Command Reference Manual

H3C SR6600 Routers

ACL and QoS

Command Reference

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Software version: SR6600-CMW520-R2603

Document version: 20110627-C-1.11

No part of this manual may be reproduced or transmitted in any form or by any means without prior

written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C,

, Aolynk, , H

3

Care,

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

2

G, V

n

G, PSPT,

XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,

Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

Notice

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C SR6600 documentation set includes 13 command references, which describe the commands

and command syntax options available for the H3C SR6600 Routers.

The ACL and QoS Command Reference describes the QoS configuration commands.

This preface includes:

•

Audience

•

Conventions

•

About the H3C SR6600 documentation set

•

Obtaining documentation

•

Technical support

•

Documentation feedback

Audience

This documentation is intended for:

• Network planners

• Field technical support and servicing engineers

• Network administrators working with the SR6600

Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which

you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from

which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical

bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical

bars, from which you may select multiple choices or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can

be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

Symbols

Convention Description

WARNING

An alert that calls attention to important information that if not understood or followed can

result in personal injury.

CAUTION

An alert that calls attention to important information that if not understood or followed can

result in data loss, data corruption, or damage to hardware or software.

IMPORTANT

An alert that calls attention to essential information.

NOTE

An alert that contains additional or supplementary information.

TIP

An alert that provides helpful information.

About the H3C SR6600 documentation set

The H3C SR6600 documentation set includes:

Category Documents Purposes

Marketing brochures Describe product specifications and benefits.

Technology white papers

Provide an in-depth description of software features

and technologies.

Product description and

specifications

Card datasheets

Describe card specifications, features, and

standards.

Compliance and safety

manual

Provides regulatory information and the safety

instructions that must be followed during installation.

Installation guide

Provides a complete guide to hardware installation

and hardware specifications.

Card manuals Provide the hardware specifications of cards.

Hardware specifications

and installation

H3C N68 Cabinet

Installation and Remodel

Introduction

Guides you through installing and remodeling H3C

N68 cabinets.

Configuration guides

Describe software features and configuration

procedures.

Software configuration

Command references

Provide a quick reference to all available

commands.

H3C SR6602 Release

notes

Operations and

maintenance

H3C SR6608 Release

notes

Provide information about the product release,

including the version history, hardware and software

compatibility matrix, version upgrade information,

technical support information, and software

upgrading.

Obtaining documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download] – Provides the documentation released with the

software version.

Technical support

customer_service@h3c.com

http://www.h3c.com

Documentation feedback

You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

i

Contents

ACL configuration commands····································································································································· 1

acl ··············································································································································································1

acl accelerate ···························································································································································2

acl copy·····································································································································································3

acl ipv6······································································································································································3

acl ipv6 copy····························································································································································4

acl ipv6 name···························································································································································5

acl name····································································································································································6

description·································································································································································6

display acl·································································································································································7

display acl accelerate··············································································································································8

display acl ipv6 ····················································································································································· 10

display acl resource ·············································································································································· 11

display time-range················································································································································· 13

reset acl counter ···················································································································································· 14

reset acl ipv6 counter············································································································································ 15

rule (Ethernet frame header ACL view) ··············································································································· 15

rule (IPv4 advanced ACL view)···························································································································· 16

rule (IPv4 basic ACL view)···································································································································· 21

rule (IPv6 advanced ACL view)···························································································································· 22

rule (IPv6 basic ACL view)···································································································································· 26

rule comment·························································································································································· 27

step·········································································································································································· 27

time-range ······························································································································································ 28

QoS policy configuration commands·······················································································································31

Class configuration commands····································································································································· 31

display traffic classifier ········································································································································· 31

if-match ··································································································································································· 32

traffic classifier······················································································································································· 38

Traffic behavior configuration commands··················································································································· 39

accounting······························································································································································ 39

car··········································································································································································· 40

display traffic behavior········································································································································· 42

filter ········································································································································································· 43

gts············································································································································································ 44

redirect ··································································································································································· 45

remark dot1p ························································································································································· 46

remark drop-precedence ······································································································································ 46

remark dscp ··························································································································································· 47

remark ip-precedence ··········································································································································· 48

remark local-precedence ······································································································································ 48

remark qos-local-id ················································································································································ 49

traffic behavior ······················································································································································ 50

traffic-policy···························································································································································· 50

QoS policy configuration and application commands ······························································································ 51

classifier behavior ················································································································································· 51

display qos policy ················································································································································· 52

display qos policy interface ································································································································· 54

ii

display qos vlan-policy ········································································································································· 56

qos apply policy (interface view) ························································································································ 58

qos apply policy (user-profile view)····················································································································· 60

qos policy······························································································································································· 60

qos vlan-policy······················································································································································· 61

reset qos vlan-policy·············································································································································· 62

Priority mapping configuration commands ··············································································································63

Priority mapping table configuration commands········································································································ 63

display qos map-table··········································································································································· 63

import······································································································································································ 65

qos map-table ························································································································································ 65

Port priority configuration commands·························································································································· 66

qos priority····························································································································································· 66

Per-port priority trust mode configuration commands ································································································ 67

display qos trust interface····································································································································· 67

qos trust ·································································································································································· 68

Traffic policing, GTS and line rate configuration commands·················································································69

Traffic policing configuration commands ···················································································································· 69

display qos car interface ······································································································································ 69

display qos carl ····················································································································································· 70

qos car···································································································································································· 71

qos carl··································································································································································· 73

qos resequencing ·················································································································································· 75

GTS configuration commands ······································································································································ 75

display qos gts interface······································································································································· 75

qos gts ···································································································································································· 77

Line rate configuration commands ······························································································································· 78

display qos lr interface ········································································································································· 78

qos lr······································································································································································· 79

Congestion management configuration commands ································································································81

FIFO queuing configuration commands······················································································································· 81

qos fifo queue-length············································································································································· 81

PQ configuration commands ········································································································································ 82

display qos pq interface ······································································································································· 82

display qos pql ······················································································································································ 83

qos pq····································································································································································· 84

qos pql default-queue············································································································································ 84

qos pql protocol ···················································································································································· 85

qos pql queue························································································································································ 86

CQ configuration commands ······································································································································· 87

display qos cq interface ······································································································································· 87

display qos cql ······················································································································································ 88

qos cq····································································································································································· 89

qos cql default-queue ············································································································································ 90

qos cql protocol····················································································································································· 90

qos cql queue ························································································································································ 91

qos cql queue serving··········································································································································· 92

WFQ configuration commands ···································································································································· 93

display qos wfq interface ····································································································································· 93

qos wfq··································································································································································· 94

CBQ configuration commands ····································································································································· 95

display qos cbq interface ····································································································································· 95

qos max-bandwidth··············································································································································· 96

iii

qos reserved-bandwidth ······································································································································· 97

queue af ································································································································································· 98

queue ef·································································································································································· 99

queue wfq ····························································································································································100

queue-length·························································································································································100

wred······································································································································································101

wred dscp ····························································································································································102

wred ip-precedence ············································································································································103

wred weighting-constant·····································································································································104

RTP queuing configuration commands·······················································································································105

display qos rtpq interface···································································································································105

qos rtpq ································································································································································106

QoS token configuration commands ·························································································································107

qos qmtoken·························································································································································107

Packet information pre-extraction configuration command ·····················································································108

qos pre-classify ····················································································································································108

Hardware congestion management configuration commands············································································ 109

SP queuing configuration commands ························································································································109

display qos sp······················································································································································109

qos sp ···································································································································································110

WRR queuing configuration commands ····················································································································110

display qos wrr interface····································································································································110

qos wrr ·································································································································································112

qos wrr group sp·················································································································································112

qos wrr weight·····················································································································································113

WFQ configuration commands ··································································································································114

display qos wfq interface ···································································································································114

qos bandwidth queue ·········································································································································115

qos wfq·································································································································································116

qos wfq weight ····················································································································································116

CBQ configuration commands ···································································································································117

queue af ·······························································································································································117

queue ef································································································································································118

queue wfq ····························································································································································118

wred······································································································································································119

Congestion avoidance configuration commands ································································································· 121

WRED configuration commands ································································································································121

display qos wred interface·································································································································121

qos wred enable··················································································································································122

qos wred dscp ·····················································································································································123

qos wred ip-precedence ·····································································································································124

qos wred weighting-constant ·····························································································································124

DAR configuration commands································································································································ 126

dar enable····························································································································································126

dar p2p signature-file··········································································································································126

dar protocol-group ··············································································································································127

dar protocol-statistic ············································································································································127

display dar protocol-statistic·······························································································································128

protocol ································································································································································129

reset dar protocol-statistic ···································································································································130

QPPB configuration command······························································································································· 131

QPPB configuration command····································································································································131

iv

bgp-policy ····························································································································································131

MPLS QoS configuration commands ····················································································································· 133

MPLS QoS configuration commands ·························································································································133

if-match mpls-exp ·················································································································································133

qos cql protocol mpls exp ··································································································································133

qos pql protocol mpls exp··································································································································134

remark mpls-exp ··················································································································································135

FR QoS configuration commands ·························································································································· 136

FR QoS configuration commands·······························································································································136

cbs·········································································································································································136

cir ··········································································································································································136

cir allow································································································································································137

congestion-threshold············································································································································138

display fr class-map·············································································································································139

display fr fragment-info·······································································································································140

display fr switch-table ·········································································································································142

display qos policy interface ·······························································································································143

ebs ········································································································································································145

fifo queue-length ··················································································································································146

fr class···································································································································································146

fr congestion-threshold ········································································································································147

fr de del································································································································································148

fr del inbound-interface·······································································································································148

fr del protocol ······················································································································································149

fr traffic-policing···················································································································································150

fr traffic-shaping···················································································································································151

fragment ·······························································································································································151

fr-class···································································································································································152

traffic-shaping adaptation ··································································································································153

Index ········································································································································································ 154

1

ACL configuration commands

acl

Syntax

acl number acl-number [ name acl-name ] [ match-order { auto | config } ]

undo acl { all | name acl-name | number acl-number }

View

System view

Default level

2: System level

Parameters

number acl-number: Specifies the number of an IPv4 access control list (ACL):

• 1

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name acl-name: Assigns a name for the IPv4 ACL for easy identification. The acl-name argument takes

a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,

cannot be all.

match-order: Sets the order in which ACL rules are compared against packets:

• auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For

more information, see the ACL and QoS Configuration Guide.

• config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher

priority. If no match order is specified, the config order applies by default.

all: Deletes all IPv4 ACLs.

Description

Use the acl command to create an IPv4 ACL and enter its view. If the ACL has been created, you enter its

view directly.

Use the undo acl command to delete the specified IPv4 ACL or all IPv4 ACLs.

By default, no ACL exists.

You can assign a name for an IPv4 ACL only when you create it. After an ACL is created with a name,

you cannot rename it or remove its name.

You can change match order only for ACLs that do not contain any rules.

To display any ACLs you have created, use the display acl command.

Examples

# Create IPv4 basic ACL 2000, and enter its view.

2

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000]

# Create IPv4 basic ACL 2001 with the name flow, and enter its view.

<Sysname> system-view

[Sysname] acl number 2001 name flow

[Sysname-acl-basic-2001-flow]

acl accelerate

Syntax

acl accelerate number acl-number

undo acl accelerate number acl-number

View

System view

Default level

2: System level

Parameters

number acl-number: Specifies the number of an existing IPv4 ACL:

• 2000 to 2999 for IPv4 basic ACL

• 3000 to 3999 for IPv4 advanced ACL

Description

Use the acl accelerate command to enable ACL acceleration for an IPv4 ACL.

Use the undo acl accelerate command to disable ACL acceleration for an IPv4 ACL.

By default, ACL acceleration is disabled.

ACL acceleration speeds up ACL lookup. The acceleration effect increases with the number of ACL rules.

ACL acceleration uses memory. To achieve the best trade-off between memory and ACL processing

performance, H3C recommends you enable ACL acceleration for large ACLs.

For example, when you use a large ACL for a session-based service, such as NAT or ASPF, you can

enable ACL acceleration to avoid session timeouts caused by ACL processing delays.

Enable ACL acceleration in an ACL after you have finished editing ACL rules. ACL acceleration always

uses ACL criteria that have been set before it is enabled for rule matching. It does not synchronize with

any subsequent match criterion changes.

ACL acceleration is not available for ACLs that contain a non-contiguous wildcard mask.

Related commands: display acl accelerate.

Examples

# Enable ACL acceleration for IPv4 advanced ACL 3000.

<Sysname> system-view

[Sysname] acl accelerate number 3000

3

acl copy

Syntax

acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }

View

System view

Default level

2: System level

Parameters

source-acl-number: Specifies a source IPv4 ACL that already exists by its number:

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name source-acl-name: Specifies a source IPv4 ACL that already exists by its name. The source-acl-name

argument takes a case insensitive string of 1 to 63 characters.

dest-acl-number: Assigns a unique number for the IPv4 ACL you are creating. This number must be from

the same ACL category as the source ACL. Available value ranges include:

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name dest-acl-name: Assigns a unique name for the IPv4 ACL you are creating. The dest-acl-name takes

a case insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion,

cannot be all. For this ACL, the system automatically picks the smallest number from all available

numbers in the same ACL category as the source ACL.

Description

Use the acl copy command to create an IPv4 ACL by copying an IPv4 ACL that already exists. Except for

the number and name (if any), the new ACL has the same configuration as the source ACL.

You can assign a name for an IPv4 ACL only when you create it. After an IPv4 ACL is created with a name,

you cannot rename it or remove its name.

Examples

# Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001.

<Sysname> system-view

[Sysname] acl copy 2001 to 2002

acl ipv6

Syntax

acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ]

undo acl ipv6 { all | name acl6-name | number acl6-number }

View

System view

4

Default level

2: System level

Parameters

number acl6-number: Specifies the number of an IPv6 ACL:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name acl6-name: Assigns a name for the IPv6 ACL for easy identification. The acl6-name argument takes

a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,

cannot be all.

match-order: Sets the order in which ACL rules are compared against packets:

• auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For

more information, see the ACL and QoS Configuration Guide.

• config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher

priority. If no match order is specified, the config order applies by default.

all: Delete all IPv6 ACLs.

Description

Use the acl ipv6 command to create an IPv6 ACL and enter its ACL view. If the ACL has been created, you

enter its view directly.

Use the undo acl ipv6 command to delete the specified IPv6 ACL or all IPv6 ACLs.

By default, no ACL exists.

You can assign a name for an IPv6 ACL only when you create it. After an IPv6 ACL is created, you cannot

rename it or remove its name.

You can change match order only for ACLs that do not contain any rules.

To display any ACLs you have created, use the display acl ipv6 command.

Examples

# Create IPv6 ACL 2000 and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000]

# Create IPv6 basic ACL 2001 with the name flow, and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 number 2001 name flow

[Sysname-acl6-basic-2001-flow]

acl ipv6 copy

Syntax

acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name

dest-acl6-name }

View

System view

5

Default level

2: System level

Parameters

source-acl6-number: Specifies a source IPv6 ACL that already exists by its number:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name source-acl6-name: Specifies a source IPv6 ACL that already exists by its name. The

source-acl6-name argument takes a case insensitive string of 1 to 63 characters.

dest-acl6-number: Assigns a unique number for the IPv6 ACL you are creating. This number must be from

the same ACL category as the source ACL. Available value ranges include:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name dest-acl6-name: Assigns a unique name for the IPv6 ACL you are creating. The dest-acl6-name

takes a case insensitive string of 1 to 63 characters. It must start with an English letter and to avoid

confusion, cannot be all. For this ACL, the system automatically picks the smallest number from all

available numbers in the same ACL category as the source ACL.

Description

Use the acl ipv6 copy command to create an IPv6 ACL by copying an IPv6 ACL that already exists.

Except for the number and name (if any), the new ACL has the same configuration as the source ACL.

You can assign a name for an IPv6 ACL only when you create it. After an ACL is created with a name,

you cannot rename it or remove its name.

Examples

# Create IPv6 basic ACL 2002 by copying IPv6 basic ACL 2001.

<Sysname> system-view

[Sysname] acl ipv6 copy 2001 to 2002

acl ipv6 name

Syntax

acl ipv6 name acl6-name

View

System view

Default level

2: System level

Parameters

acl6-name: Specifies the name of an existing IPv6 ACL, a case insensitive string of 1 to 63 characters. It

must start with an English letter.

Description

Use the acl ipv6 name command to enter the view of an IPv6 ACL that has a name.

Related commands: acl ipv6.

6

Examples

# Enter the view of IPv6 ACL flow.

<Sysname> system-view

[Sysname] acl ipv6 name flow

[Sysname-acl6-basic-2001-flow]

acl name

Syntax

acl name acl-name

View

System view

Default level

2: System level

Parameters

acl-name: Specifies the name of an existing IPv4 ACL, which is a case insensitive string of 1 to 63

characters. It must start with an English letter.

Description

Use the acl name command to enter the view of an IPv4 ACL that has a name.

Related commands: acl.

Examples

# Enter the view of IPv4 ACL flow.

<Sysname> system-view

[Sysname] acl name flow

[Sysname-acl-basic-2001-flow]

description

Syntax

description text

undo description

View

IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view

Default level

2: System level

Parameters

text: ACL description, a case sensitive string of 1 to 127 characters.

Description

Use the description command to configure a description for an ACL.

Use the undo description command to remove the ACL description.

7

By default, an ACL has no ACL description.

Related commands: display acl and display acl ipv6.

Examples

# Configure a description for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] description This is an IPv4 basic ACL.

# Configure a description for IPv6 basic ACL 2000.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000] description This is an IPv6 basic ACL.

display acl

Syntax

On a centralized device:

display acl { acl-number | all | name acl-name } [ | { begin | exclude | include } regular-expression ]

On a distributed device:

display acl { acl-number | all | name acl-name } [ slot slot-number ] [ | { begin | exclude | include }

regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

acl-number: Specifies an IPv4 ACL by its number:

• 2000 to 2999 for basic ACLs

• 3000 to 3999 for advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

all: Displays information for all IPv4 ACLs.

name acl-name: Specifies an IPv4 ACL by its name. The acl-name argument takes a case insensitive

string of 1 to 63 characters. It must start with an English letter.

slot slot-number: Displays the match statistics for IPv4 ACLs on a card. The slot-number argument specifies

a card by its slot number. If no slot is provided, the command displays the configurations of IPv4 ACLs on

the device. (On a distributed device)

|: Filters command output by specifying a regular expression. For more information about regular

expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

8

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display acl command to display configuration and match statistics for the specified or all IPv4

ACLs.

This command displays ACL rules in config or depth-first order, whichever is configured.

Examples

# Display the configuration and match statistics for all IPv4 ACLs.

<Sysname> display acl all

Basic ACL 2000, named flow, 3 rules,

ACL's step is 5

rule 0 permit

rule 5 permit source 1.1.1.1 0 (2 times matched)

rule 10 permit vpn-instance mk

Basic ACL 2001, named -none-, 3 rules, match-order is auto,

ACL's step is 5

rule 10 permit vpn-instance rd

rule 10 comment This rule is used in VPN rd.

rule 5 permit source 2.2.2.2 0

rule 0 permit

Table 1 Output description

Field

Description

Basic ACL 2000

Category and number of the ACL. The following field information is

about IPv4 basic ACL 2000.

named flow The name of the ACL is flow. "-none-" means the ACL is not named.

3 rules

The ACL contains three rules.

match-order is auto

The match order for the ACL is auto, which sorts ACL rules in depth-first

order. This field is not present when the match order is config.

ACL's step is 5 The rule numbering step is 5.

rule 0 permit Content of rule 0

5 times matched

There have been five matches for the rule. The statistic counts only ACL

matches performed by software.

This field is not displayed when no packets have matched the rule.

Uncompleted

Applying the rule to hardware failed because no sufficient resources

were available or the hardware does not support the rule. This event

might occur when you modify a rule in an ACL that has been applied.

rule 10 comment This rule is used in

VPN rd.

The description of ACL rule 10 is "This rule is used in VPN rd."

display acl accelerate

Syntax

display acl accelerate { acl-number | all } [ | { begin | exclude | include } regular-expression ]

9

View

Any view

Default level

1: Monitor level

Parameters

acl-number: Specifies an IPv4 ACL number:

• 2000 to 2999 for IPv4 basic ACL

• 3000 to 3999 for IPv4 advanced ACL

all: Displays ACL acceleration status information for all IPv4 ACLs.

|: Filters command output by specifying a regular expression. For more information about regular

expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display acl accelerate command to display ACL acceleration status for one or all IPv4 ACLs.

Examples

# Display ACL acceleration status for all IPv4 ACLs.

<Sysname> display acl accelerate all

Status: UTD -- up to date, OOD -- out of date

Accelerate: ACC -- accelerated, UNACC -- unaccelerated

Group Accelerate Status

--------------------------------------------------

2000 ACC UTD

3000 ACC OOD

3001 ACC UTD

3002 UNACC UTD

Table 2 Output description

Field Description

Group IPv4 ACL number

Accelerate

Whether ACL acceleration is enabled:

• ACC—Enabled

• UNACC—Disabled

10

Field Description

Status

Whether ACL acceleration is using up to date criteria for rule matching:

• UTD—The ACL criteria are up to date and have not changed since ACL acceleration

was enabled.

• OOD—The ACL criteria are out of date. This state is displayed, if you have modified the

ACL after ACL acceleration was enabled. ACL acceleration matches packets still

against the old criteria. To ensure correct packet matching, disable and re-enable ACL

acceleration.

display acl ipv6

Syntax

On a centralized device:

display acl ipv6 { acl6-number | all | name acl6-name } [ | { begin | exclude | include }

regular-expression ]

On a distributed device:

display acl ipv6 { acl6-number | all | name acl6-name } [ slot slot-number ] [ | { begin | exclude |

include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

acl6-number: Specifies an IPv6 ACL by its number:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

all: Displays information for all IPv6 ACLs.

name acl6-name: Specifies an IPv6 ACL by its name. The acl6-name argument takes a case insensitive

string of 1 to 63 characters. It must start with an English letter.

slot slot-number: Displays the match statistics for IPv6 ACLs on a card. The slot-number argument

represents the slot number of the card. If no slot number is provided, the command displays configuration

information about all IPv6 ACLs on the device. (On a distributed device)

|: Filters command output by specifying a regular expression. For more information about regular

expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display acl ipv6 command to display the configuration and match statistics for the specified IPv6

ACL or all IPv6 ACLs.

11

This command displays ACL rules in config or depth-first order, whichever is configured.

Examples

# Display the configuration and match statistics for all IPv6 ACLs.

<Sysname> display acl ipv6 all

Basic IPv6 ACL 2000, named flow, 3 rules,

ACL's step is 5

rule 0 permit

rule 5 permit source 1::/64

rule 10 permit source 1::1/128 (2 times matched)

Basic IPv6 ACL 2001, named -none-, 3 rules, match-order is auto,

ACL's step is 5

rule 10 permit source 1::1/128

rule 10 comment This rule is used on GigabitEthernet 1/0/1.

rule 5 permit source 1::/64

rule 0 permit

Table 3 Output description

Field Description

Basic IPv6 ACL 2000

Category and number of the ACL. The following field information is

about this IPv6 basic ACL 2000.

named flow The name of the ACL is flow. "-none-" means the ACL is not named.

3 rules The ACL contains three rules.

match-order is auto

The match order for the ACL is auto, which sorts ACL rules in depth-first

order. This field is not present when the match order is config.

ACL's step is 5 The rule numbering step is 5.

rule 0 permit Content of rule 0

5 times matched

There have been five matches for the rule. The statistic counts only IPv6

ACL matches performed by software.

This field is not displayed when no packets have matched the rule.

Uncompleted

Applying the rule to hardware failed because no sufficient resources

were available or the hardware does not support the rule. This event

might occur when you modify a rule in an ACL that has been applied.

rule 10 comment This rule is used on

GigabitEthernet 1/0/1.

The description of ACL rule 10 is " This rule is used on GigabitEthernet

1/0/1."

display acl resource

Syntax

display acl resource [ slot slot-number ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Page is loading ...

H3C SR6600 SPE-FWM Command Reference Manual

H3C SR6600 SPE-FWM Command Reference Manual

Related papers

Other documents