< Home

traffic-remark (system view)

Function

The traffic-remark command configures ACL-based re-marking globally or in a VLAN.

The undo traffic-remark command cancels ACL-based re-marking globally or in a VLAN.

By default, ACL-based re-marking is not configured globally or in a VLAN.

Format

To configure ACL-based re-marking in the inbound direction on a switch, use the following command:

traffic-remark [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

traffic-remark inbound acl { name acl-name | ucl-acl } local-precedence local-precedence-value

The function of re-marking the internal priority of packets based on a user ACL is available only on the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S.

To configure ACL-based re-marking in the outbound direction on a switch, use the following command:

traffic-remark [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

If both Layer 2 and Layer 3 ACLs are configured and re-marking is used in the inbound direction on a switch, use the following command:

traffic-remark [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

traffic-remark [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

traffic-remark [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | destination-mac mac-address | dscp { dscp-name | dscp-value } | ip-precedence ip-precedence-value | local-precedence local-precedence-value | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p | destination-mac | dscp | ip-precedence | local-precedence | vlan-id }

If both Layer 2 and Layer 3 ACLs are configured and re-marking is used in the outbound direction on a switch, use the following command:

traffic-remark [ vlan vlan-id ] outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

traffic-remark [ vlan vlan-id ] outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

traffic-remark [ vlan vlan-id ] outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p 8021p-value | cvlan-id cvlan-id | dscp { dscp-name | dscp-value } | vlan-id vlan-id }

undo traffic-remark [ vlan vlan-id ] outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] { 8021p | cvlan-id | dscp | vlan-id }

Parameters

Parameter

Description

Value

vlan vlan-id

Configures ACL-based re-marking in a specified VLAN.

The value is an integer in the range from 1 to 4094.

inbound

Re-marks packets in the inbound direction.

-

outbound

Re-marks packets in the outbound direction.

-

acl

Re-marks packets based on the IPv4 ACL.

-

ipv6

Re-marks packets based on the IPv6 ACL.

-

bas-acl

Re-marks packets based on a specified basic ACL.

The value is an integer in the range from 2000 to 2999.

adv-acl

Re-marks packets based on a specified advanced ACL.

The value is an integer in the range from 3000 to 3999.

l2-acl

Re-marks packets based on a specified Layer 2 ACL.

The value is an integer in the range from 4000 to 4999.

user-acl

Re-marks packets based on a specified user-defined ACL.

The value is an integer in the range from 5000 to 5999.

ucl-acl

Specifies the user ACL for re-marking packets based on a user ACL.

The value is an integer in the range from 6000 to 9999.

name acl-name

Re-marks packets based on a specified named ACL. acl-name specifies the name of the ACL.

The value must be the name of an existing ACL.

rule rule-id

Re-marks packets based on a specified ACL rule.

The value is an integer in the range from 0 to 4294967294.

8021p 8021p-value

Re-marks the 802.1p priority in packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.

cvlan-id cvlan-id

Re-marks the inner VLAN tag in QinQ packets.

NOTE:

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730S-H, S6730-S, and S6730S-S support cvlan-id cvlan-id.

The value is an integer in the range from 1 to 4094.

destination-mac mac-address

Re-marks the destination MAC address in packets.

NOTE:

Only the S5720-EI, S6720-EI, and S6720S-EI support destination-mac mac-address.

The value is in H-H-H format. An H is a hexadecimal number of 1 to 4 digits.

dscp { dscp-name | dscp-value }

Re-marks the DSCP priority in packets.

The value can be an integer in the range of 0 to 63, or DSCP service name, for example, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1 to cs7, default, or ef.

The values corresponding to DSCP service names are as follows:

  • af11: 10
  • af12: 12
  • af13: 14
  • af21: 18
  • af22: 20
  • af23: 22
  • af31: 26
  • af32: 28
  • af33: 30
  • af41: 34
  • af42: 36
  • af43: 38
  • cs1: 8
  • cs2: 16
  • cs3: 24
  • cs4: 32
  • cs5: 40
  • cs6: 48
  • cs7: 56
  • default: 0
  • ef: 46

By default, the dscp-value is 0.

local-precedence local-precedence-value

Re-marks the local IP precedence in packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.

ip-precedence ip-precedence-value

Re-marks the IP precedence in packets.

The value is an integer that ranges from 0 to 7. A larger value indicates a higher priority.

vlan-id vlan-id

Re-marks the VLAN ID in packets.

The value is an integer in the range from 1 to 4094.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the traffic-remark command is executed on a device, the device re-marks packets matching an ACL rule, for example, 802.1p priority, inner VLAN tag in QinQ packets, destination MAC address, DSCP service type, local precedence, IP precedence, and VLAN ID.

Precautions

If name acl-name is specified in the command, you need to run the acl name or acl ipv6 name command to create the corresponding ACL. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If rule rule-id is specified in the command, you need to create an ACL and configure the corresponding rule. Otherwise, the ACL-based simplified traffic policy fails to be configured.

If both the traffic-remark (interface view) and traffic-remark (system view) commands are used, the traffic-remark (interface view) command takes effect.

When both the traffic-remark (system view) command and the traffic-filter (interface view) command or the traffic-filter (system view) command are used, and the two commands are associated with the same ACL rule:

  • If the deny action is configured in the ACL rule, traffic is discarded.
  • If the permit action is configured in the ACL rule, traffic is re-marked.
Outbound ACL-based re-marking on an interface does not take effect on the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI if:
  • Outbound ACL-based re-marking is configured, and the ACL is based on VLAN IDs.
  • VLAN mapping is also configured on the interface, and the mapped VLAN ID is the same as the VLAN ID in ACL-based re-marking.

Example

# Configure ACL-based re-marking in the inbound direction in VLAN 100, and re-mark the VLAN ID in packets from source MAC address 0-0-1 with 101.

<HUAWEI> system-view
[HUAWEI] acl 4001
[HUAWEI-acl-L2-4001] rule 5 permit source-mac 0-0-1
[HUAWEI-acl-L2-4001] quit
[HUAWEI] traffic-remark vlan 100 inbound acl 4001 rule 5 vlan-id 101
Parent Topic: ACL-based Simplified Traffic Policy Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >