Outer VLAN ID or inner and outer VLAN IDs of QinQ packets
|
if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]
|
Only the S5720-EI, S5720-HI, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support the cvlan-id cvlan-id parameter.
|
Inner and outer VLAN IDs in QinQ packets
|
if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ]
|
Only the S5720-EI, S5720-HI, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720-LI, S6720S-EI, S6720S-LI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
|
802.1p priority in VLAN packets
|
if-match 8021p 8021p-value &<1-8>
|
If you specify multiple values for 8021p-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
|
Inner 802.1p priority in QinQ packets
|
if-match cvlan-8021p 8021p-value &<1-8>
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
|
Discarded packet
|
if-match discard
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
A traffic classifier containing this matching rule can only be bound to traffic behaviors containing the traffic statistics collection and flow mirroring actions.
|
Double tags in QinQ packets
|
if-match double-tag
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
|
EXP priority in MPLS packets
|
if-match mpls-exp exp-value &<1-8>
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
If you specify multiple values for exp-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
|
Destination MAC address
|
if-match destination-mac mac-address [ mac-address-mask ]
|
-
|
Source MAC address
|
if-match source-mac mac-address [ mac-address-mask ]
|
-
|
Protocol type in the Ethernet frame header
|
if-match l2-protocol { arp | ip | mpls | rarp | protocol-value }
|
-
|
All packets
|
if-match any
|
After the if-match any command is run, only the matching
rule configured using this command takes effect, and the other matching rules in the same traffic classifier will become ineffective.
|
DSCP priority in IP packets
|
if-match dscp dscp-value &<1-8>
|
If you specify multiple values for dscp-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
The if-match dscp and if-match ip-precedence commands cannot be configured in the same traffic classifier in which the relationship between rules is AND.
|
IP precedence in IP packets
|
if-match ip-precedence ip-precedence-value &<1-8>
|
If you specify multiple values for ip-precedence-value in one command, a packet matching any of the values matches the traffic classifier, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
The if-match dscp and if-match ip-precedence commands cannot be configured in the same traffic classifier in which the relationship between rules is AND.
|
Layer 3 protocol type
|
if-match protocol { ip | ipv6 }
|
-
|
SYN flag in the TCP packet
|
if-match tcp syn-flag { syn-flag-value | ack | fin | psh | rst | syn | urg }
|
-
|
Inbound interface
|
if-match inbound-interface interface-type interface-number
|
A traffic policy containing this matching rule cannot be applied to the outbound direction or in the interface view.
|
Outbound interface
|
if-match outbound-interface interface-type interface-number
|
The S2720-EI, S5720-LI, S5720S-LI, S5720-SI, S5720I-SI, S5720S-SI, S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI do not support this matching rule.
A traffic policy containing this matching rule cannot be applied to the inbound direction on the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S.
A traffic policy containing this matching rule cannot be applied in the interface view.
|
ACL rule
|
if-match acl { acl-number | acl-name }
|
- Before specifying an ACL in a matching rule, configure the ACL.
- If an ACL in a traffic classifier defines multiple rules and a packet matches any of the rules, the packet matches the ACL, regardless of whether the relationship between rules in the traffic classifier is AND or OR.
- If the vpn-instance parameter is specified in an ACL rule, a traffic policy that defines a traffic classifier matching this ACL rule does not take effect.
|
ACL6 rule
|
if-match ipv6 acl { acl-number | acl-name }
|
Before specifying an ACL6 in a matching rule, configure the ACL6.
If the vpn-instance parameter is specified in an ACL6 rule, a traffic policy that defines a traffic classifier matching this ACL6 rule does not take effect.
On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S, if a traffic policy is applied to the outbound direction, and an ACL6 rule for matching the source IPv6 address of packets and an ACL6 rule for matching the destination IPv6 address of packets are respectively configured in two traffic classifiers: - If the traffic behaviors corresponding to the two traffic classifiers do not conflict, the two traffic classifiers and their corresponding traffic behaviors take effect.
- If the traffic behaviors corresponding to the two traffic classifiers conflict, the traffic behavior and traffic classifier defining the ACL6 rule for matching the source IPv6 address of packets take effect.
|
Flow ID
|
if-match flow-id flow-id
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S, S6720-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S, and S6720S-EI support matching of flow IDs.
A traffic classifier containing if-match flow-id and a traffic behavior containing remark flow-id must be bound to different traffic policies.
A traffic policy containing if-match flow-id can be only applied to an interface, a VLAN, a VLANIF interface or the system in the inbound direction.
|
Inner information of VXLAN packets
|
if-match vxlan [ transit ] vni vni-id
|
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
A traffic policy containing this matching rule cannot be applied to the outbound direction.
If a traffic classifier contains this matching rule, it supports only traffic behaviors of traffic policing, packet filtering, and traffic statistics collection.
|
Application name
|
if-match application name appname
|
Only the S5730-HI, S6720-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, and S6730S-S support this matching rule.
A traffic policy containing this matching rule can be applied only to the inbound direction.
|
