traffic-policy match-type interface-acl

Function

The traffic-policy match-type interface-acl command configures interface ACL policies to preferentially take effect.

The undo traffic-policy match-type interface-acl command restores the default configuration.

By default, an interface-based ACL is not configured to take effect preferentially.

This command is supported only on the NetEngine 8000 F1A.

Format

traffic-policy match-type interface-acl

undo traffic-policy match-type interface-acl

Parameters

None

Views

Slot view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
qos write

Usage Guidelines

Usage Scenario

By default, the global UCL and interface ACL rules take effect as follows:

  1. User-side upstream traffic can be matched against U2N rules in the global UCL but not U2U rules in the global UCL or interface ACL rules.
  2. User-side downstream traffic can be matched against N2U rules in the global UCL but not interface ACL rules.
  3. For network-side upstream traffic, the interface ACL takes precedence over the global UCL. If no interface ACL is configured, the global UCL takes effect. Traffic from the network side to the user side can be matched against N2U rules in the global UCL, and traffic from the network side to the network side can be matched against N2N rules in the global UCL.
  4. For network-side downstream traffic, the interface ACL takes precedence over the global UCL. If no interface ACL is configured, the global UCL takes effect. Network-side downstream traffic can only be matched against N2N rules in the global UCL.

    After you run the traffic-policy match-type interface-acl command in the slot view, network-side global UCL and interface ACL rules take effect as follows (user-side global UCL and interface ACL rules take effect as usual):
  5. User-side upstream traffic can be matched against U2N rules in the global UCL but not U2U rules in the global UCL or interface ACL rules.
  6. User-side downstream traffic can be matched against N2U rules in the global UCL but not interface ACL rules.
  7. Network-side upstream traffic can be matched against interface ACL rules but not global UCL rules.
  8. Network-side downstream traffic can be matched against interface ACL rules but not global UCL rules.
  • In a U2U rule, the source and destination are both user groups.
  • In a U2N rule, the source is a user group and the destination is an IP address.
  • In an N2U rule, the source is an IP address and the destination is a user group.
  • In an N2N rule, the source and destination are both IP addresses.

Precautions

This command is supported only on the admin VS.

The traffic-policy match-type interface-acl command and traffic-policy match-type destination-user inbound command are mutually exclusive.

Example

# Configure interface ACL rules to take precedence over global UCL rules in slot 1.
<HUAWEI> system-view
[~HUAWEI] slot 1
[~HUAWEI-slot-1] traffic-policy match-type interface-acl
Parent Topic: Class-based QoS Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >