traffic-remark (interface view)

Function

The traffic-remark command configures ACL-based re-marking on an interface.

The undo traffic-remark command cancels ACL-based re-marking on an interface.

By default, ACL-based re-marking is not configured on an interface.

Format

To configure ACL-based re-marking in the inbound direction on a switch interface, use the following command:

traffic-remark inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

To configure ACL-based re-marking in the outbound direction on a switch interface, use the following command:

traffic-remark outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

If both Layer 2 and Layer 3 ACLs are configured and re-marking is used in the inbound direction on a switch interface, use the following command:

traffic-remark inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

traffic-remark inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

traffic-remark inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

If both Layer 2 and Layer 3 ACLs are configured and re-marking is used in the outbound direction on a switch interface, use the following command:

traffic-remark outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

traffic-remark outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

traffic-remark outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

Parameters

Parameter	Description	Value
inbound	Re-marks packets in the inbound direction.	-
outbound	Re-marks packets in the outbound direction.	-
acl	Re-marks packets based on the IPv4 ACL.	-
ipv6	Re-marks packets based on the IPv6 ACL.	-
bas-acl	Re-marks packets based on a specified basic ACL.	The value is an integer that ranges from 2000 to 2999.
adv-acl	Re-marks packets based on a specified advanced ACL.	The value is an integer that ranges from 3000 to 3999.
l2-acl	Re-marks packets based on a specified Layer 2 ACL.	The value is an integer that ranges from 4000 to 4999.
user-acl	Re-marks packets based on a specified user-defined ACL.	The value is an integer that ranges from 5000 to 5999.
name acl-name	Re-marks packets based on a specified named ACL. acl-name specifies the name of the ACL.	The value must be the name of an existing ACL.
rule rule-id	Re-marks packets based on a specified ACL rule.	The value is an integer that ranges from 0 to 4294967294.
8021p 8021p-value	Re-marks the 802.1p priority in packets.	The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.
cvlan-id cvlan-id	Re-marks the inner VLAN tag in QinQ packets. NOTE: Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support cvlan-id cvlan-id.	The value is an integer that ranges from 1 to 4094.
destination-mac mac-address	Re-marks the destination MAC address in packets. NOTE: Only the S5720-EI, S6720-EI, and S6720S-EI support destination-mac mac-address.	The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.
dscp { dscp-name \| dscp-value }	Re-marks the DSCP service type in packets.	The value can be an integer in the range of 0 to 63, or DSCP service name, for example, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1 to cs7, default, or ef. The values corresponding to DSCP service names are as follows: af11: 10 af12: 12 af13: 14 af21: 18 af22: 20 af23: 22 af31: 26 af32: 28 af33: 30 af41: 34 af42: 36 af43: 38 cs1: 8 cs2: 16 cs3: 24 cs4: 32 cs5: 40 cs6: 48 cs7: 56 default: 0 ef: 46 By default, the dscp-value is 0.
local-precedence local-precedence-value	Re-marks the local IP precedence in packets.	The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.
ip-precedence ip-precedence-value	Re-marks the IP precedence in packets.	The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.
vlan-id vlan-id	Re-marks the VLAN ID in packets.	The value is an integer that ranges from 1 to 4094.

Views

VLANIF interface view, Ethernet interface view, MultiGE interface view, GE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-remark command is executed on an interface, the device re-marks packets matching an ACL, for example, 802.1p priority, inner VLAN tag in QinQ packets, destination MAC address, DSCP service type, local IP precedence, IP precedence, and VLAN ID.

Precautions

If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support ACL-based simplified traffic policy configuration on a VLANIF interface.

The destination MAC address and VLAN ID in packets cannot be re-marked.
The VLAN corresponding to the VLANIF interface cannot be a Super-VLAN or MUX VLAN.
For the S5720-EI, S6720-EI, and S6720S-EI, an ACL-based simplified traffic policy that is applied to a VLANIF interface is only valid for unicast packets and Layer 3 multicast packets on the VLANIF interface.
For the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S, an ACL-based simplified traffic policy that is applied to a VLANIF interface is only valid for unicast packets on the VLANIF interface.

If the traffic-remark (system view) and traffic-remark (interface view) commands are used simultaneously, the traffic-remark (interface view) command takes effect.

When the traffic-remark (interface view) command and the traffic-filter (interface view) command or the traffic-filter (system view) command are used simultaneously, and the two commands are associated with the same ACL rule:

If the deny action is configured in the ACL rule, traffic is discarded.
If the permit action is configured in the ACL rule, traffic is re-marked.

Outbound ACL-based re-marking on an interface does not take effect on the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI if:

Outbound ACL-based re-marking is configured, and the ACL is based on VLAN IDs.
VLAN mapping is also configured on the interface, and the mapped VLAN ID is the same as the VLAN ID in ACL-based re-marking.

Example

# Configure ACL-based re-marking in the inbound direction on GE0/0/1, and re-mark the VLAN ID in packets from source MAC address 0-0-1 with 100.

<HUAWEI> system-view
[HUAWEI] acl 4001
[HUAWEI-acl-L2-4001] rule 5 permit source-mac 0-0-1
[HUAWEI-acl-L2-4001] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-remark inbound acl 4001 rule 5 vlan-id 100