Configuring an SAC Traffic Policy

Procedure

1. Configure a traffic classifier.
   1. Run system-view

      The system view is displayed.

   2. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.

   3. Run if-match application name appname

      A matching rule for classifying traffic based on the application name is created.

      

      The matching rule can classify traffic based only on applications in the signature database. To check the supported application names, run the display application command.

   4. Run quit

      Exit from the traffic classifier view.

2. Configure a traffic behavior.
   1. Run traffic behavior behavior-name

      A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.

   2. Define actions in the traffic behavior. You can configure multiple non-conflicting actions in a traffic behavior.

      Table 1 Actions in a traffic behavior

      Action	Command	Remarks
      Packet filtering	deny | permit	In the same traffic behavior, the deny action cannot be used together with other traffic actions except for traffic statistics collection and traffic mirroring. For details on how to configure packet filtering, see Packet Filtering Configuration.
      Priority re-marking	Re-marking the 802.1p priority of VLAN packets: remark 8021p [ 8021p-value | inner-8021p ] Re-marking the DSCP priority of IP packets: remark dscp { dscp-name | dscp-value } Re-marking the internal priority of packets: remark local-precedence { local-precedence-name | local-precedence-value } [ green | yellow | red ] Re-marking the IP precedence of packets: remark ip-precedence ip-precedence	For details on how to configure MQC-based priority re-marking, see Configuring MQC-based Priority Re-marking.
      Flow ID re-marking	remark flow-id flow-id	-
      Redirection	Redirecting packets to the CPU: redirect cpu Redirecting packets to a specified interface: redirect interface interface-type interface-number [ forced ] Redirecting packets to a VPN instance: redirect vpn-instance vpn-instance-name	A traffic policy containing redirect interface and redirect cpu can only be applied to the inbound direction. For details on how to configure redirection, see Redirection Configuration.
      Traffic policing	car	For details on how to configure MQC-based traffic policing, see Configuring MQC to Implement Traffic Policing.
      Hierarchical traffic policing	car car-name share	A traffic policy containing car share can only be applied to the inbound direction.
      Traffic mirroring	mirroring to observe-port observe-port-index	For details on how to configure MQC-based traffic mirroring, see Configuring Mirroring in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Network Management and Monitoring Configuration Guide.
      PBR	Redirecting packets to a next hop IP address: redirect ip-nexthop Redirecting packets to a next hop IPv6 address: redirect ipv6-nexthop Redirecting packets to multiple next hop IP addresses: redirect ip-multihop Redirecting packets to multiple next hop IPv6 addresses: redirect ipv6-multihop	A traffic policy containing PBR takes effect only for IP packets. For details on how to configure PBR, see Configuring PBR in "PBR Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - IP Unicast Routing Configuration Guide.
      Disabling MAC address learning	mac-address learning disable	-
      VLAN mapping	Re-marking the VLAN tag in VLAN packets: remark vlan-id vlan-id Re-marking the inner VLAN tag in QinQ packets: remark cvlan-id cvlan-id	When a traffic classifier defines if-match outbound-interface interface-type interface-number, VLAN mapping cannot be defined in the bound traffic behaviors. For details on how to configure MQC-based VLAN mapping, see Configuring MQC-based VLAN Mapping in "VLAN Mapping Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Ethernet Switching Configuration Guide.
      Traffic statistics collection	statistic enable	For details on how to configure traffic statistics collection, see Traffic Statistics Collection Configuration.
      Making the deny rule in an ACL or ACL6 ineffective	rule-deny-skip-action	A traffic behavior configured with this action must be bound to a traffic classifier configured with the ACL or ACL6 rule.

   3. Run quit

      Exit from the traffic behavior view.

3. Configure a traffic policy.
   1. Run traffic policy policy-name [ match-order { auto | config } ]

      A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

   2. Run classifier classifier-name behavior behavior-name

      A traffic behavior is bound to a traffic classifier in the traffic policy.

   3. Run quit

      Exit from the traffic policy view.

4. Apply the traffic policy.
   

   If the resource allocation mode is set to sac for a switch, a traffic policy containing a matching rule for classifying traffic based on the application name can be applied only to the inbound direction globally or on a physical or a VLANIF interface. That is, the inbound parameter must be specified.

   • Applying a traffic policy to an interface
     1. Run interface interface-type interface-number[.subinterface-number ]

        The interface view or sub-interface view is displayed.

     2. Run traffic-policy policy-name inbound

        The traffic policy is applied to the interface or sub-interface.

   • Applying a traffic policy to a VLANIF interface

     1. Run interface vlanif vlan-id

        The VLANIF interface view is displayed.

     2. Run traffic-policy policy-name inbound

        The traffic policy is applied to the VLANIF interface.

        Only one traffic policy can be applied to the inbound direction of a VLANIF interface. A single traffic policy can be applied to the inbound direction on one or more VLANIF interfaces.

        A traffic policy cannot be applied to a VLANIF interface corresponding to the super-VLAN or MUX VLAN.

        A traffic policy applied to a VLANIF interface takes effect only for unicast packets on the VLANIF interface.

        

        A traffic policy cannot be applied to a VLANIF interface when the bound traffic behaviors define the following actions:

        • remark vlan-id
        • remark cvlan-id
        • remark 8021p
        • remark flow-id
        • mac-address learning disable
   • Applying the traffic policy globally (using the traffic-policy policy-name global inbound [ slot slot-id ] command)

     The inbound direction can be configured with only one traffic policy globally or in a slot. A traffic policy cannot be applied to the inbound direction in both the system and slot. For example, if a traffic policy is applied to the inbound direction globally, it cannot be applied to the inbound direction in a slot.

     • In a stack, a traffic policy applied to the system takes effect on all the interfaces and VLANs of all the member switches in the stack. The system then performs QoS management for all the incoming packets that match traffic classification rules on all the member switches. A traffic policy applied to a specified slot takes effect on all the interfaces and VLANs of the member switch with the specified stack ID. The system then performs QoS management for all the incoming packets that match traffic classification rules on this member switch.
     • On a standalone switch, a traffic policy applied to the system takes effect on all the interfaces and VLANs of the local switch. The system then performs QoS management for all the incoming packets that match traffic classification rules on the local switch. Traffic policies applied to the slot and system have the same functions.