< Home

traffic-limit (system view)

Function

The traffic-limit command configures ACL-based traffic policing globally or in a VLAN.

The undo traffic-limit command cancels ACL-based traffic policing globally or in a VLAN.

By default, ACL-based traffic policing is not configured globally or in a VLAN.

Format

To configure ACL-based traffic policing in the inbound direction on a switch, use the following command:

traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

undo traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ]

To configure ACL-based traffic policing in the outbound direction on a switch, use the following command:

traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ] (S5720-EI, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, S5735S-S)

traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

undo traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ]

If both Layer 2 and Layer 3 ACLs are configured and traffic policing is used in the inbound direction on a switch, use the following command:

traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

undo traffic-limit [ vlan vlan-id ] inbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]

undo traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ]

If both Layer 2 and Layer 3 ACLs are configured and traffic policing is used in the outbound direction on a switch, use the following command:

traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ] (S5720-EI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI)

traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass } ] [ yellow { drop | pass } ] [ red { drop | pass } ] ] (S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S)

traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green pass ] [ yellow pass ] [ red { drop | pass } ] (S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI)

undo traffic-limit [ vlan vlan-id ] outbound acl { l2-acl | name acl-name } [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ]

undo traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ]

Parameters

Parameter

Description

Value

vlan vlan-id

Specifies a VLAN ID.

The value is an integer that ranges from 1 to 4094.

inbound

Performs traffic policing for packets in the inbound direction.

-

outbound

Performs traffic policing for packets in the outbound direction.

-

acl

Performs traffic policing for packets based on the IPv4 ACL.

-

ipv6

Performs traffic policing for packets based on the IPv6 ACL.

-

bas-acl

Performs traffic policing for packets based on a specified basic ACL.

The value is an integer that ranges from 2000 to 2999.

adv-acl

Performs traffic policing for packets based on a specified advanced ACL.

The value is an integer that ranges from 3000 to 3999.

l2-acl

Performs traffic policing for packets based on a specified Layer 2 ACL.

The value is an integer that ranges from 4000 to 4999.

user-acl

Performs traffic policing for packets based on a specified user-defined ACL.

The value is an integer that ranges from 5000 to 5999.

name acl-name

Performs traffic policing for packets based on a specified named ACL. acl-name specifies the name of the ACL.

The value must be the name of an existing ACL.

rule rule-id

Performs traffic policing for packets based on a specified ACL rule.

The value is an integer that ranges from 0 to 4294967294.

cir cir-value

Specifies the committed information rate (CIR), which is the guaranteed average transmission rate.

The value is an integer that ranges from 8 to 4294967295, in kbit/s.

pir pir-value

Specifies the peak information rate (PIR), which is the maximum rate at which traffic can pass through.

The value is an integer that ranges from 8 to 4294967295, in kbit/s.

The PIR must be greater than or equal to the CIR. The default PIR is equal to the CIR.

cbs cbs-value

Specifies the committed burst size (CBS), which is the average volume of burst traffic that can pass through an interface.

The value is an integer that ranges from 4000 to 4294967295, in bytes. The default CBS is 125 times the CIR. If the CIR multiplied by 125 is smaller than 4000, the default CBS is 4000.

pbs pbs-value

Specifies the peak burst size (PBS), which is the maximum volume of burst traffic that can pass through an interface.

The value is an integer that ranges from 4000 to 4294967295, in bytes. If the PIR is not set, the default PBS is 125 times the CIR. If the PIR is set, the default PBS is 125 times the PIR. If the CIR or PIR multiplied by 125 is smaller than 4000, the default PBS is 4000.

green

Performs traffic policing for green packets. By default, green packets are allowed to pass through.

-

yellow

Performs traffic policing for yellow packets. By default, yellow packets are allowed to pass through.

-

red

Performs traffic policing for red packets. By default, red packets are discarded.

-

remark-8021p 8021p-value

Re-marks the 802.1p priority in packets.

The value is an integer that ranges from 0 to 7.

remark-dscp dscp-value

Re-marks the DSCP priority in packets.

The value is an integer that ranges from 0 to 63.

drop

Indicates that packets are discarded.

-

pass

Indicates that packets are allowed to pass through.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-limit command is executed on the device, the device limits the rate and remarks the 802.1p or DSCP priority of packets matching an ACL.

Precautions

If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If the traffic-limit (interface view) and traffic-limit (system view) commands are used simultaneously, the traffic-limit (interface view) command takes effect.

When the traffic-limit (system view) command and the traffic-filter (interface view) command or the traffic-filter (system view) command are used simultaneously, and the two commands are associated with the same ACL rule:

  • If the deny action is configured in the ACL rule, traffic is discarded.
  • If the permit action is configured in the ACL rule, the traffic rate is limited.

After traffic policing is configured on an interface, the number of packets that can be forwarded on the interface every second is relevant to the packet length calculation method. By default, the device calculates the 20-byte inter-frame gap and preamble. That is, the device calculates the actual packet length plus 20-byte inter-frame gap and preamble.

Outbound ACL-based traffic policing on an interface does not take effect on the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI if:
  • Outbound ACL-based traffic policing is configured, and the ACL is based on VLAN IDs.
  • VLAN mapping is also configured on the interface, and the mapped VLAN ID is the same as the VLAN ID in ACL-based traffic policing.

Example

# In the inbound direction in VLAN 100, configure traffic policing based on ACL 3000, set the CIR to 10000 kbit/s, and configure the device to permit green and yellow packets to pass through and to discard red packets.

<HUAWEI> system-view
[HUAWEI] traffic-limit vlan 100 inbound acl 3000 cir 10000 green pass yellow pass red drop
Parent Topic: ACL-based Simplified Traffic Policy Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >