The traffic-limit command configures ACL-based traffic policing on an interface.
The undo traffic-limit command cancels ACL-based traffic policing on an interface.
By default, ACL-based traffic policing is not configured on an interface.
Use the following command in the inbound direction on a switch interface:
traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)
traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
undo traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ]
Use the following command in the outbound direction on a switch interface:
traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ] (S5720-EI, S6720-EI, S6720S-EI)
traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S)
traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
undo traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ]
If both Layer 2 and Layer 3 ACLs are configured and traffic policing is used in the inbound direction on a switch interface, use the following command:
traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)
traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)
traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
undo traffic-limit inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]
undo traffic-limit inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ]
If both Layer 2 and Layer 3 ACLs are configured and traffic policing is used in the outbound direction on a switch interface, use the following command:
traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)
traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)
traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)
traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)
undo traffic-limit outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]
undo traffic-limit outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ]
Parameter |
Description |
Value |
|---|---|---|
inbound |
Performs traffic policing for packets in the inbound direction of an interface. |
- |
outbound |
Performs traffic policing for packets in the outbound direction of an interface. |
- |
acl |
Performs traffic policing for packets based on the IPv4 ACL. |
- |
ipv6 |
Performs traffic policing for packets based on the IPv6 ACL. |
- |
bas-acl |
Performs traffic policing for packets based on a specified basic ACL. |
The value is an integer that ranges from 2000 to 2999. |
adv-acl |
Performs traffic policing for packets based on a specified advanced ACL. |
The value is an integer that ranges from 3000 to 3999. |
l2-acl |
Performs traffic policing for packets based on a specified Layer 2 ACL. |
The value is an integer that ranges from 4000 to 4999. |
user-acl |
Performs traffic policing for packets based on a specified user-defined ACL. |
The value is an integer that ranges from 5000 to 5999. |
name acl-name |
Performs traffic policing for packets based on a specified named ACL. acl-name specifies the name of the ACL. |
The value must be the name of an existing ACL. |
rule rule-id |
Performs traffic policing for packets based on a specified ACL rule. |
The value is an integer that ranges from 0 to 4294967294. |
cir cir-value |
Specifies the committed information rate (CIR), which is the guaranteed average transmission rate. |
The value is an integer that ranges from 8 to 4294967295, in kbit/s. |
pir pir-value |
Specifies the peak information rate (PIR), which is the maximum rate at which traffic can pass through. |
The value is an integer that ranges from 8 to 4294967295, in kbit/s. The PIR must be greater than or equal to the CIR. The default PIR is equal to the CIR. |
cbs cbs-value |
Specifies the committed burst size (CBS), which is the average volume of burst traffic that can pass through an interface. |
The value is an integer that ranges from 4000 to 4294967295, in bytes. The default CBS is 125 times the CIR. If the CIR multiplied by 125 is smaller than 4000, the default CBS is 4000. |
pbs pbs-value |
Specifies the peak burst size (PBS), which is the maximum volume of burst traffic that can pass through an interface. |
The value is an integer that ranges from 4000 to 4294967295, in bytes. If the PIR is not set, the default PBS is 125 times the CIR. If the PIR is set, the default PBS is 125 times the PIR. If the CIR or PIR multiplied by 125 is smaller than 4000, the default PBS is 4000. |
green |
Performs traffic policing for green packets. By default, green packets are allowed to pass through. |
- |
yellow |
Performs traffic policing for yellow packets. By default, yellow packets are allowed to pass through. |
- |
red |
Performs traffic policing for red packets. By default, red packets are discarded. |
- |
remark-8021p 8021p-value |
Re-marks the 802.1p priority in packets. |
The value is an integer that ranges from 0 to 7. |
remark-dscp dscp-value |
Re-marks the DSCP priority in packets. |
The value is an integer that ranges from 0 to 63. |
drop |
Indicates that packets are discarded. |
- |
pass |
Indicates that packets are allowed to pass through. |
- |
VLANIF interface view, Ethernet interface view, MultiGE interface view, GE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Scenario
After the traffic-limit command is executed on an interface, the device limits the rate and remarks the 802.1p or DSCP priority of packets matching an ACL.
Precautions
If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.
If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.
Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support ACL-based simplified traffic policy configuration on a VLANIF interface.
The VLAN corresponding to the VLANIF interface cannot be a Super-VLAN or MUX VLAN.
For the S5720-EI, S6720-EI, and S6720S-EI, an ACL-based simplified traffic policy that is applied to a VLANIF interface is only valid for unicast packets and Layer 3 multicast packets on the VLANIF interface.
For the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S, an ACL-based simplified traffic policy that is applied to a VLANIF interface is only valid for unicast packets on the VLANIF interface.
If the traffic-limit (system view) and traffic-limit (interface view) commands are used simultaneously, the traffic-limit (interface view) command takes effect.
When the traffic-limit (interface view) command and the traffic-filter (interface view) command or the traffic-filter (system view) command are used simultaneously, and the two commands are associated with the same ACL rule:
If the traffic-limit command with the same ACL rule specified is executed two or more times in the interface view, the system displays the following information:
Error:Sacl does not support config the same acl or rule repeatedly.
After traffic policing is configured on an interface, the number of packets that can be forwarded on the interface every second is relevant to the packet length calculation method. By default, the device calculates the 20-byte inter-frame gap and preamble. That is, the device calculates the actual packet length plus 20-byte inter-frame gap and preamble.
# Configure ACL-based traffic policing in the inbound direction on GE0/0/1, set the CIR to 10000 kbit/s for packets matching ACL 3000, configure GE0/0/1 to allow green packets, yellow packets, and red packets to pass through, and re-mark the DSCP priority of red packets with 5.
<HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] traffic-limit inbound acl 3000 cir 10000 green pass yellow pass red pass remark-dscp 5