< Home

Configuring ACL-based Traffic Policing (Rate Limiting and Re-Marking)

Context

ACL-based traffic policing allows the device to limit the rate of packets matching ACLs and take different actions for packets of different colors.

On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S, if traffic policing and traffic statistics collection based on the same ACL are configured, only statistics on the number of packets matching an ACL, namely, value of matched in the display traffic-statistics command output, are correct.

Procedure

  • Configuring traffic policing globally or in a VLAN
    1. Run system-view

      The system view is displayed.

    2. Run the following commands as required.

      • On the S2720-EI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI:

        • Run traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Traffic policing is configured for incoming packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] } cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Traffic policing is configured for outgoing packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Or run traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Or run traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.

      • On the S5720-EI, S6720-EI, and S6720S-EI:

        • Run traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.

      • On the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S:

        • Run traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching an ACL.

        • Run traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.

        • Run traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.

      Traffic policing can define packet colors:

      • When the size of a packet is less than the CBS, the packet is colored green.
      • When the size of a packet is greater than or equal to the CBS but less than the PBS, the packet is colored yellow.
      • When the size of a packet is greater than or equal to the PBS, the packet is colored red.

      By default, green packets and yellow packets are allowed to pass through, and red packets are discarded.

  • Configuring traffic policing on an interface
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run the following commands as required.

      • On the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI:

        • Run traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Traffic policing is configured for incoming packets matching an ACL.

        • Run traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] } cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Traffic policing is configured for outgoing packets matching an ACL.

        • Run traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Or run traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ]

          Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.

        • Run traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Or run traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ]

          Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.

      • On the S5720-EI, S6720-EI, and S6720S-EI:

        • Run traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching an ACL.

        • Run traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching an ACL.

        • Run traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for incoming packets matching Layer 2 and Layer 3 ACLs.

        • Run traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Or run traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ]

          Traffic policing is configured for outgoing packets matching Layer 2 and Layer 3 ACLs.

      Traffic policing can define packet colors:

      • When the size of a packet is less than the CBS, the packet is colored green.
      • When the size of a packet is greater than or equal to the CBS but less than the PBS, the packet is colored yellow.
      • When the size of a packet is greater than or equal to the PBS, the packet is colored red.

      By default, green packets and yellow packets are allowed to pass through, and red packets are discarded.

Parent Topic: ACL-based Simplified Traffic Policy Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >