H3C s5800 series Acl And Qos Command Reference

H3C S5820X&S5800 Switch Series

ACL and QoS Command Reference

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Software version: Release 1211

Document version: 6W100-20110415

No part of this manual may be reproduced or transmitted in any form or by any means without prior

written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C,

, Aolynk, , H

3

Care,

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

2

G, V

n

G, PSPT,

XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,

Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

Notice

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C S5800&S5820X documentation set includes 12 command references, which describe the

commands and command syntax options for the S5800&S5820X Release 1211.

The ACL and QoS Command Reference describes ACL and QoS configuration commands. It covers the

commands for creating ACLs, using ACLs for packet filtering, configuring QoS policies, and configuring

common QoS techniques, such as traffic policing, traffic shaping, congestion management, and

congestion avoidance.

This preface includes:

•

Audience

•

Added and modified commands

•

Conventions

•

About the H3C S5800&S5820X documentation set

•

Obtaining documentation

•

Technical support

•

Documentation feedback

Audience

This documentation is intended for:

• Network planners

• Field technical support and servicing engineers

• Network administrators working with the S5800 and S5820X Switch Series

Added and modified commands

Compared to Release1110, Release 1211 adds and modifies the following commands:

Configuration guide Added and modified features

ACL

Added commands:

• hardware-count enable

• rule remark

Modified commands: rule—Added support for the counting keyword

QoS policy

Added commands:

• control-plane

• display qos policy control-plane

• reset qos policy control-plane

Modified commands:

• if-mtach—Added support for the system-index keyword

• remark dot1p—Added support for the green, red and yellow

keywords

• remark dscp—Added support for the green, red and yellow

keywords

• remark local-precedence—Added support for the green, red and

yellow keywords

• classifier behavior—Added support for the dcbx keyword

• qos apply policy—Now available in control plane view

Deleted commands: undo if-match acl

Priority mapping

Modified commands:

• display qos map-table—Added support for the dot1p-exp,

exp-dot1p and exp-dp keywords

• qos map-table—Added support for the dot1p-exp, exp-dot1p

and exp-dp keywords

GTS and line rate —

Congestion management

Added commands: qos wrr weight

Modified commands: qos wrr—Added support for the weight and

byte-count keywords

Congestion avoidance Added commands: queue weighting-constant

Global CAR —

Data buffer —

HQoS All HQoS related commands are newly added to this release.

Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which

you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from

which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical

bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical

bars, from which you select one choice, multiple choices, or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can

be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For

example, the New User window appears; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Convention Description

< > Button names are inside angle brackets. For example, click <OK>.

[ ]

Window names, menu items, data table and field names are inside square brackets. For

example, pop up the [New User] window.

/ Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

Symbols

Convention Description

WARNING

An alert that calls attention to important information that if not understood or followed can

result in personal injury.

CAUTION

An alert that calls attention to important information that if not understood or followed can

result in data loss, data corruption, or damage to hardware or software.

IMPORTANT

An alert that calls attention to essential information.

NOTE

An alert that contains additional or supplementary information.

TIP

An alert that provides helpful information.

About the H3C S5800&S5820X documentation set

The H3C S5800&S5820X documentation set includes:

Category Documents Purposes

Marketing brochures

Describe product specifications and benefits.

Product description and

specifications

Technology white papers

Provide an in-depth description of software

features and technologies.

Pluggable module

description

PSR150-A [ PSR150-D ]

Power Modules User

Manual

Describes the appearances, features, specifications,

installation, and removal of the pluggable 150W

power modules available for the products.

PSR300-12A

[ PSR300-12D1 ] Power

Modules User Manual

Describes the appearances, features, specifications,

installation, and removal of the pluggable 300W

power modules available for the products.

PSR750-A [ PSR750-D ]

Power Modules User

Manual

Describes the appearances, features, specifications,

installation, and removal of the pluggable 750W

power modules available for the products.

RPS User Manual

Describes the appearances, features, and

specifications of the RPS units available for the

products.

LSW1FAN and

LSW1BFAN Installation

Manual

Describes the appearances, specifications,

installation, and removal of the pluggable fan

modules available for the products.

LSW148POEM Module

User Manual

Describes the appearance, features, installation,

and removal of the pluggable PoE module available

for the products.

S5820X [ S5800 ] Series

Ethernet Switches

Interface Cards User

Manual

Describes the models, hardware specifications,

installation, and removal of the interface cards

available for the products.

H3C OAP Cards User

Manual

Describes the benefits, features, hardware

specifications, installation, and removal of the OAP

cards available for the products.

H3C Low End Series

Ethernet Switches

Pluggable Modules

Manual

Describes the models, appearances, and

specifications of the pluggable modules available

for the products.

S5800-60C-PWR

Ethernet Switch Hot

Swappable Power

Module Ordering Guide

Guides you through ordering the hot-swappable

power modules available for the S5800-60C-PWR

switches in different cases.

Power configuration

RPS Ordering Information

for H3C Low-End Ethernet

Switches

Provides the RPS and switch compatibility matrix and

RPS cable specifications.

• S5800 Series Ethernet

Switches Quick Start

• S5820X Series

Ethernet Switches

Quick Start

• S5800 Series Ethernet

Switches CE DOC

• S5820X Series

Ethernet Switches CE

DOC

Provides regulatory information and the safety

instructions that must be followed during installation.

• S5800 Series Ethernet

Switches Quick Start

• S5820X Series

Ethernet Switches

Quick Start

Guides you through initial installation and setup

procedures to help you quickly set up and use your

device with the minimum configuration.

• S5800 Series Ethernet

Switches Installation

Manual

• S5820X Series

Ethernet Switches

Installation Manual

Provides a complete guide to hardware installation

and hardware specifications.

Pluggable SFP[SFP+][XFP]

Transceiver Modules

Installation Guide

Guides you through installing SFP/SFP+/XFP

transceiver modules.

Hardware installation

• S5800-60C-PWR

Switch Video

Installation Guide

• S5820X-28C Switch

Video Installation

Guide

Shows how to install the H3C S5800-60C-PWR and

H3C S5820X-28C Ethernet switches.

Configuration guide

Describe software features and configuration

procedures.

Software configuration

Command reference

Provide a quick reference to all available

commands.

H3C Series Ethernet

Switches Login Password

Recovery Manual

Tells how to find the lost password or recover the

password when the login password is lost.

Operations and

maintenance

Release notes

Provide information about the product release,

including the version history, hardware and software

compatibility matrix, version upgrade information,

technical support information, and software

upgrading.

Obtaining documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download] – Provides the documentation released with the

software version.

Technical support

customer_service@h3c.com

http://www.h3c.com

Documentation feedback

You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

i

Contents

ACL configuration commands ····································································································································· 1

acl ··············································································································································································1

acl copy·····································································································································································2

acl ipv6······································································································································································3

acl ipv6 copy····························································································································································4

acl ipv6 logging frequence ·····································································································································4

acl ipv6 name···························································································································································5

acl logging frequence··············································································································································6

acl name····································································································································································6

description·································································································································································7

display acl·································································································································································7

display acl ipv6 ························································································································································9

display acl resource ·············································································································································· 11

display packet-filter ··············································································································································· 12

display time-range················································································································································· 13

hardware-count enable········································································································································· 14

packet-filter····························································································································································· 15

packet-filter ipv6 ···················································································································································· 16

reset acl counter ···················································································································································· 17

reset acl ipv6 counter············································································································································ 17

rule (Ethernet frame header ACL view) ··············································································································· 18

rule (IPv4 advanced ACL view)···························································································································· 19

rule (IPv4 basic ACL view)···································································································································· 23

rule (IPv6 advanced ACL view)···························································································································· 24

rule (IPv6 basic ACL view)···································································································································· 28

rule comment·························································································································································· 29

rule remark····························································································································································· 30

step·········································································································································································· 31

time-range ······························································································································································ 32

QoS policy configuration commands·······················································································································35

Class configuration commands····································································································································· 35

display traffic classifier ········································································································································· 35

if-match ··································································································································································· 36

traffic classifier······················································································································································· 41

Traffic behavior configuration commands··················································································································· 42

accounting······························································································································································ 42

car··········································································································································································· 42

display traffic behavior········································································································································· 44

filter ········································································································································································· 46

redirect ··································································································································································· 46

remark dot1p ························································································································································· 47

remark drop-precedence ······································································································································ 48

remark dscp ··························································································································································· 49

remark ip-precedence ··········································································································································· 50

remark local-precedence ······································································································································ 50

remark qos-local-id ················································································································································ 51

traffic behavior ······················································································································································ 52

QoS policy configuration and application commands ······························································································ 52

ii

classifier behavior ················································································································································· 52

control-plane ·························································································································································· 53

display qos policy ················································································································································· 54

display qos policy control-plane·························································································································· 55

display qos policy control-plane pre-defined ····································································································· 57

display qos policy global ····································································································································· 58

display qos policy interface ································································································································· 60

display qos vlan-policy ········································································································································· 61

qos apply policy (interface view, port group view, control plane view)························································· 64

qos apply policy (user-profile view)····················································································································· 65

qos apply policy global········································································································································ 65

qos policy······························································································································································· 66

qos vlan-policy······················································································································································· 67

reset qos policy control-plane ······························································································································ 67

reset qos policy global·········································································································································· 68

reset qos vlan-policy·············································································································································· 68

Priority mapping configuration commands ··············································································································70

Priority mapping table configuration commands········································································································ 70

display qos map-table··········································································································································· 70

import······································································································································································ 71

qos map-table ························································································································································ 72

Port priority configuration commands·························································································································· 73

qos priority····························································································································································· 73

Per-port priority trust mode configuration commands ································································································ 73

display qos trust interface····································································································································· 73

qos trust ·································································································································································· 74

GTS and line rate configuration commands ············································································································76

GTS configuration commands ······································································································································ 76

display qos gts interface······································································································································· 76

qos gts ···································································································································································· 77

Line rate configuration commands ······························································································································· 78

display qos lr interface ········································································································································· 78

qos lr······································································································································································· 79

Congestion management configuration commands ································································································80

SP queuing configuration commands ·························································································································· 80

display qos sp························································································································································ 80

qos sp ····································································································································································· 81

WRR queuing configuration commands ······················································································································ 81

display qos wrr interface······································································································································ 81

qos wrr ··································································································································································· 83

qos wrr byte-count················································································································································· 83

qos wrr group sp··················································································································································· 84

qos wrr weight······················································································································································· 85

WFQ configuration commands ···································································································································· 86

display qos wfq interface ····································································································································· 86

qos bandwidth queue ··········································································································································· 87

qos wfq··································································································································································· 88

qos wfq weight ······················································································································································ 88

Congestion avoidance configuration commands ····································································································90

WRED configuration commands ·································································································································· 90

display qos wred interface··································································································································· 90

display qos wred table ········································································································································· 91

iii

qos wred apply ····················································································································································· 92

qos wred queue table ··········································································································································· 93

queue······································································································································································ 93

queue weighting-constant ····································································································································· 94

Global CAR configuration commands······················································································································96

car name ································································································································································ 96

display qos car name ··········································································································································· 97

qos car aggregative·············································································································································· 98

qos car hierarchy ·················································································································································· 99

reset qos car name··············································································································································100

Data buffer configuration commands ···················································································································· 101

Automatic data buffer configuration commands ······································································································101

burst-mode enable···············································································································································101

Manual data buffer configuration commands ··········································································································101

buffer apply··························································································································································102

buffer egress queue guaranteed························································································································103

buffer egress queue shared································································································································104

buffer egress shared············································································································································105

buffer egress total-shared ···································································································································105

HQoS configuration commands····························································································································· 107

bandwidth ····························································································································································107

display qos forwarding-group····························································································································107

display qos forwarding-profile···························································································································108

display qos scheduler-policy diagnosis interface·····························································································109

display qos scheduler-policy interface ··············································································································111

display qos scheduler-policy ······························································································································112

forwarding-group group ·····································································································································114

forwarding-group match ·····································································································································114

forwarding-group profile (forwarding-group view)··························································································116

forwarding-group profile (scheduler-policy view) ····························································································116

gts cir ····································································································································································117

layer······································································································································································118

qos apply scheduler-policy·································································································································118

qos copy forwarding-group································································································································119

qos copy scheduler-policy ··································································································································120

qos forwarding-group ·········································································································································121

qos forwarding-profile ········································································································································121

qos scheduler-policy············································································································································122

sp···········································································································································································122

wrr·········································································································································································123

Index ········································································································································································ 124

1

ACL configuration commands

NOTE:

The Layer 3 Ethernet interface in this document refers to the Ethernet port that can perform IP routin

g

and

inter-VLAN routing. You can set an Ethernet port as a Layer 3 Ethernet interface by using the port

link-mode route command (see the

Layer 2—LAN Switching Configuration Guide

).

acl

Syntax

acl number acl-number [ name acl-name ] [ match-order { auto | config } ]

undo acl { all | name acl-name | number acl-number }

View

System view

Default level

2: System level

Parameters

number acl-number: Specifies the number of an IPv4 access control list (ACL):

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name acl-name: Assigns a name for the IPv4 ACL for easy identification. The acl-name argument takes

a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,

cannot be all.

match-order: Sets the order in which ACL rules are compared against packets:

• auto—Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For

more information, see the ACL and QoS Configuration Guide.

• config—Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher

priority. If no match order is specified, the config order applies by default.

all: Deletes all IPv4 ACLs.

Description

Use the acl command to create an IPv4 ACL and enter its view. If the ACL has been created, you enter its

view directly.

Use the undo acl command to delete the specified IPv4 ACL or all IPv4 ACLs.

By default, no ACL exists.

You can assign a name for an IPv4 ACL only when you create it. After a named ACL is created, you

cannot rename it or remove its name.

2

You can change match order only for ACLs that do not contain any rules.

To display any ACLs you have created, use the display acl command.

Examples

# Create IPv4 basic ACL 2000, and enter its view.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000]

# Create IPv4 basic ACL 2001 with the name flow, and enter its view.

<Sysname> system-view

[Sysname] acl number 2001 name flow

[Sysname-acl-basic-2001-flow]

acl copy

Syntax

acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name }

View

System view

Default level

2: System level

Parameters

source-acl-number: Specifies a source IPv4 ACL that already exists by its number:

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name source-acl-name: Specifies a source IPv4 ACL that already exists by its name. The source-acl-name

argument takes a case insensitive string of 1 to 63 characters.

dest-acl-number: Assigns a unique number for the IPv4 ACL you are creating. This number must be from

the same ACL category as the source ACL. Available value ranges include:

• 2000 to 2999 for IPv4 basic ACLs

• 3000 to 3999 for IPv4 advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

name dest-acl-name: Assigns a unique name for the IPv4 ACL you are creating. The dest-acl-name takes

a case insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion,

cannot be all. For this ACL, the system automatically picks the smallest number from all available

numbers in the same ACL category as the source ACL.

Description

Use the acl copy command to create an IPv4 ACL by copying an IPv4 ACL that already exists. Except for

the number and name (if any), the new ACL has the same configuration as the source ACL.

You can assign a name for an IPv4 ACL only when you create it. After a named IPv4 ACL is created, you

cannot rename it or remove its name.

3

Examples

# Create IPv4 basic ACL 2002 by copying IPv4 basic ACL 2001.

<Sysname> system-view

[Sysname] acl copy 2001 to 2002

acl ipv6

Syntax

acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ]

undo acl ipv6 { all | name acl6-name | number acl6-number }

View

System view

Default level

2: System level

Parameters

number acl6-number: Specifies the number of an IPv6 ACL:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name acl6-name: Assigns a name for the IPv6 ACL for easy identification. The acl6-name argument takes

a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid confusion,

cannot be all.

match-order: Sets the order in which ACL rules are compared against packets:

• auto: Compares ACL rules in depth-first order. The depth-first order differs with ACL categories. For

more information, see the ACL and QoS Configuration Guide.

• config: Compares ACL rules in ascending order of rule ID. The rule with a smaller ID has higher

priority. If no match order is specified, the config order applies by default.

all: Delete all IPv6 ACLs.

Description

Use the acl ipv6 command to create an IPv6 ACL and enter its ACL view. If the ACL has been created, you

enter its view directly.

Use the undo acl ipv6 command to delete the specified IPv6 ACL or all IPv6 ACLs.

By default, no ACL exists.

You can assign a name for an IPv6 ACL only when you create it. After a named IPv6 ACL is created, you

cannot rename it or remove its name.

You can change match order only for ACLs that do not contain any rules.

To display any ACLs you have created, use the display acl ipv6 command.

Examples

# Create IPv6 ACL 2000 and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000]

4

# Create IPv6 basic ACL 2001 with the name flow, and enter its view.

<Sysname> system-view

[Sysname] acl ipv6 number 2001 name flow

[Sysname-acl6-basic-2001-flow]

acl ipv6 copy

Syntax

acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name

dest-acl6-name }

View

System view

Default level

2: System level

Parameters

source-acl6-number: Specifies a source IPv6 ACL that already exists by its number:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name source-acl6-name: Specifies a source IPv6 ACL that already exists by its name. The

source-acl6-name argument takes a case insensitive string of 1 to 63 characters.

dest-acl6-number: Assigns a unique number for the IPv6 ACL you are creating. This number must be from

the same ACL category as the source ACL. Available value ranges include:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

name dest-acl6-name: Assigns a unique name for the IPv6 ACL you are creating. The dest-acl6-name

takes a case insensitive string of 1 to 63 characters. It must start with an English letter, and to avoid

confusion, cannot be all. For this ACL, the system automatically picks the smallest number from all

available numbers in the same ACL category as the source ACL.

Description

Use the acl ipv6 copy command to create an IPv6 ACL by copying an IPv6 ACL that already exists.

Except the number and name (if any), the new ACL has the same configuration as the source ACL.

You can assign a name for an IPv6 ACL only when you create it. After a named IPv6 ACL is created, you

cannot rename it or remove its name.

Examples

# Create IPv6 basic ACL 2002 by copying IPv6 basic ACL 2001.

<Sysname> system-view

[Sysname] acl ipv6 copy 2001 to 2002

acl ipv6 logging frequence

Syntax

acl ipv6 logging frequence frequence

5

undo acl ipv6 logging frequence

View

System view

Default level

2: System level

Parameters

frequence: Specifies the interval in minutes at which IPv6 packet filtering logs are generated and output.

It must be a multiple of 5, in the range 0 to 1440. To disable generating IPv6 logs, assign 0 for the

argument.

Description

Use the acl ipv6 logging frequence command to set the interval for generating and outputting IPv6

packet filtering logs. The log information includes the number of matching IPv6 packets and the matching

IPv6 ACL rules. This command logs only for IPv6 basic and advanced ACL rules that have the logging

keyword.

Use the undo acl ipv6 logging frequence command to restore the default.

By default, the interval is 0. No IPv6 packet filtering logs are generated.

Related commands: packet-filter ipv6, rule (IPv6 advanced ACL view), and rule (IPv6 basic ACL view).

Examples

# Enable the device to generate and output IPv6 packet filtering logs at 10-minute intervals.

<Sysname> system-view

[Sysname] acl ipv6 logging frequence 10

acl ipv6 name

Syntax

acl ipv6 name acl6-name

View

System view

Default level

2: System level

Parameters

acl6-name: Specifies the name of an existing IPv6 ACL, a case insensitive string of 1 to 63 characters. It

must start with an English letter.

Description

Use the acl ipv6 name command to enter the view of an IPv6 ACL that has a name.

Related commands: acl ipv6.

Examples

# Enter the view of IPv6 ACL flow.

<Sysname> system-view

[Sysname] acl ipv6 name flow

[Sysname-acl6-basic-2001-flow]

6

acl logging frequence

Syntax

acl logging frequence frequence

undo acl logging frequence

View

System view

Default level

2: System level

Parameters

frequence: Specifies the interval in minutes at which IPv4 packet filtering logs are generated and output.

It must be a multiple of 5, in the range 0 to 1440. To disable generating IPv4 logs, assign 0 for the

argument.

Description

Use the acl logging frequence command to set the interval for generating and outputting IPv4 packet

filtering logs. The log information includes the number of matching IPv4 packets and the matching IPv4

ACL rules. This command logs only for IPv4 basic and advanced ACL rules that have the logging

keyword.

Use the undo acl logging frequence command to restore the default.

By default, the interval is 0. No IPv4 packet filtering logs are generated.

Related commands: packet-filter, rule (IPv4 advanced ACL view), and rule (IPv4 basic ACL view).

Examples

# Enable the device to generate and output IPv4 packet filtering logs at 10-minute intervals.

<Sysname> system-view

[Sysname] acl logging frequence 10

acl name

Syntax

acl name acl-name

View

System view

Default level

2: System level

Parameters

acl-name: Specifies the name of an existing IPv4 ACL, which is a case insensitive string of 1 to 63

characters. It must start with an English letter.

Description

Use the acl name command to enter the view of an IPv4 ACL that has a name.

Related commands: acl.

7

Examples

# Enter the view of IPv4 ACL flow.

<Sysname> system-view

[Sysname] acl name flow

[Sysname-acl-basic-2001-flow]

description

Syntax

description text

undo description

View

IPv4 basic/advanced ACL view, IPv6 basic/advanced ACL view, Ethernet frame header ACL view

Default level

2: System level

Parameters

text: ACL description, a case sensitive string of 1 to 127 characters.

Description

Use the description command to configure a description for an ACL.

Use the undo description command to remove the ACL description.

By default, an ACL has no ACL description.

Related commands: display acl and display acl ipv6.

Examples

# Configure a description for IPv4 basic ACL 2000.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] description This is an IPv4 basic ACL.

# Configure a description for IPv6 basic ACL 2000.

<Sysname> system-view

[Sysname] acl ipv6 number 2000

[Sysname-acl6-basic-2000] description This is an IPv6 basic ACL.

display acl

Syntax

display acl { acl-number | all | name acl-name } [ slot slot-number ] [ | { begin | exclude | include }

regular-expression ]

View

Any view

Default level

1: Monitor level

8

Parameters

acl-number: Specifies an IPv4 ACL by its number:

• 2000 to 2999 for basic ACLs

• 3000 to 3999 for advanced ACLs

• 4000 to 4999 for Ethernet frame header ACLs

all: Displays information for all IPv4 ACLs.

name acl-name: Specifies an IPv4 ACL by its name. The acl-name argument takes a case insensitive

string of 1 to 63 characters. It must start with an English letter.

slot slot-number: Displays ACL rule match statistics on an IRF member switch. The slot-number argument

represents the member ID of the device in the IRF virtual device. Available values for the slot-number

argument are member IDs already assigned in the IRF virtual device. You can use the display irf

command to display information about the member switches in an IRF virtual device.

|: Filters command output by specifying a regular expression. For more information about regular

expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description

Use the display acl command to display configuration and match statistics for the specified IPv4 ACL or

all IPv4 ACLs.

This command displays ACL rules in config or depth-first order, whichever is configured.

Examples

# Display the configuration and match statistics for all IPv4 ACLs.

<Sysname> display acl all

Basic ACL 2000, named flow, 3 rules,

Statistics is enabled

ACL's step is 5

rule 0 permit

rule 5 permit source 1.1.1.1 0 (5 times matched)

rule 10 permit vpn-instance mk

Basic ACL 2001, named -none-, 3 rules, match-order is auto,

ACL's step is 5

rule 10 permit vpn-instance rd

rule 10 comment This rule is used in VPN rd.

rule 5 permit source 2.2.2.2 0

rule 0 permit

Table 1 Output description

Field

Description

Basic ACL 2000

Category and number of the ACL. The following field information is

about IPv4 basic ACL 2000.

9

Field Description

named flow The name of the ACL is flow. "-none-" means the ACL is not named.

3 rules

The ACL contains three rules.

match-order is auto

The match order for the ACL is auto, which sorts ACL rules in depth-first

order. This field is not present when the match order is config.

Statistics is enabled The rule match counting is enabled for this ACL.

ACL's step is 5 The rule numbering step is 5.

rule 0 permit Content of rule 0

5 times matched

There have been five matches for the rule. If the counting keyword is

configured for the rule or the hardware-count enable command is

enabled for the ACL, the statistic counts both rule matches performed

in both software and hardware. Otherwise, the statistics counts only

rule matches performed in software.

rule 10 comment This rule is used in

VPN rd.

The description of ACL rule 10 is "This rule is used in VPN rd."

display acl ipv6

Syntax

display acl ipv6 { acl6-number | all | name acl6-name } [ slot slot-number ] [ | { begin | exclude |

include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

acl6-number: Specifies an IPv6 ACL by its number:

• 2000 to 2999 for IPv6 basic ACLs

• 3000 to 3999 for IPv6 advanced ACLs

all: Displays information for all IPv6 ACLs.

name acl6-name: Specifies an IPv6 ACL by its name. The acl6-name argument takes a case insensitive

string of 1 to 63 characters. It must start with an English letter.

slot slot-number: Displays ACL rule match statistics on an IRF member switch. The slot-number argument

represents the member ID of the device in the IRF virtual device. Available values for the slot-number

argument are member IDs already assigned in the IRF virtual device. You can use the display irf

command to display information about the member switches in an IRF virtual device.

|: Filters command output by specifying a regular expression. For more information about regular

expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

Page is loading ...

H3C s5800 series, s5820x series Acl And Qos Command Reference

Related papers

Other documents