< Home

Configuring ACL-based Re-marking

Context

ACL-based re-marking allows the device to re-mark packets matching an ACL, for example, 802.1p priority, inner VLAN tag in QinQ packets, destination MAC address, DSCP service type, local IP precedence, IP precedence, and VLAN ID.

Procedure

  • Configuring ACL-based re-marking globally or in a VLAN
    1. Run system-view

      The system view is displayed.

    2. Run the following commands as required.

      • Run traffic-remark [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching an ACL.

      • Run traffic-remark [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching an ACL.

      • Run traffic-remark [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark [ vlan vlan-id ] outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark [ vlan vlan-id ] outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark [ vlan vlan-id ] outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      Only the S5720-EI, S6720-EI, and S6720S-EI support destination-mac mac-address.

      Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support cvlan-id cvlan-id.

  • Configuring ACL-based re-marking on an interface
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run the following commands as required.

      • Run traffic-remark inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching an ACL.

      • Run traffic-remark outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching an ACL.

      • Run traffic-remark inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

        The device is configured to re-mark incoming packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      • Run traffic-remark outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

        The device is configured to re-mark outgoing packets matching Layer 2 and Layer 3 ACLs.

      Only the S5720-EI, S6720-EI, and S6720S-EI support destination-mac mac-address.

      Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support cvlan-id cvlan-id.

Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >