traffic-policy match-type destination-user inbound

Function

The traffic-policy match-type destination-user inbound command enables user-to-user matching rules.

The undo traffic-policy match-type destination-user inbound command restores the default configuration.

By default, the user-to-user matching rules are not enabled.

This command is supported only on the NetEngine 8000 F1A.

Format

traffic-policy match-type destination-user inbound

undo traffic-policy match-type destination-user inbound

Parameters

None

Views

Slot view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
qos write

Usage Guidelines

Usage Scenario

By default, the global UCL and interface ACL rules take effect as follows:

  1. User-side upstream traffic can be matched against U2N rules in the global UCL but not U2U rules in the global UCL or interface ACL rules.
  2. User-side downstream traffic can be matched against N2U rules in the global UCL but not interface ACL rules.
  3. For network-side upstream traffic, the interface ACL takes precedence over the global UCL. If no interface ACL is configured, the global UCL takes effect. Traffic from the network side to the user side can be matched against N2U rules in the global UCL, and traffic from the network side to the network side can be matched against N2N rules in the global UCL.
  4. For network-side downstream traffic, the interface ACL takes precedence over the global UCL. If no interface ACL is configured, the global UCL takes effect. Network-side downstream traffic can only be matched against N2N rules in the global UCL.

    After you run the traffic-policy match-type destination-user inbound command in the slot view, the global UCL and interface ACL function as follows:
  5. User-side upstream traffic can be matched against both U2N and U2U rules in the global UCL but not interface ACL rules.
  6. User-side downstream traffic can be matched against N2U rules in the global UCL but not interface ACL rules.
  7. Network-side upstream traffic can be matched against global UCL rules but not interface ACL rules.
  8. Network-side downstream traffic can be matched against interface ACL rules but not global UCL rules.
  • In a U2U rule, the source and destination are both user groups.
  • In a U2N rule, the source is a user group and the destination is an IP address.
  • In an N2U rule, the source is an IP address and the destination is a user group.
  • In an N2N rule, the source and destination are both IP addresses.

Precautions

This command is supported only on the admin VS.

This command is mutually exclusive with the traffic-policy match-type interface-acl command.

Example

# Enable user-to-user rules for slot 1.
<HUAWEI> system-view
[~HUAWEI] slot 1
[~HUAWEI-slot-1] traffic-policy match-type destination-user inbound
Parent Topic: Class-based QoS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >