Contents Configuring ACLs··························································································· 1 Overview ···························································································································································· 1 ACL types ··················································································································································· 1 Numbering and naming ACLs ···················································································································· 1 Match order ················································································································································ 1 Rule numbering ·········································································································································· 2 Fragment filtering with ACLs ······················································································································ 3 Configuration task list ········································································································································· 3 Configuring a basic ACL ···································································································································· 3 Configuring an IPv4 basic ACL ··················································································································...
Page 4
Configuring an interface to trust packet priority for priority mapping ································································ 27 Changing the port priority of an interface ········································································································· 27 Displaying and maintaining priority mapping···································································································· 28 Priority mapping configuration examples ········································································································· 28 Port priority configuration example··········································································································· 28 Priority map and priority marking configuration example ········································································· 29 Configuring traffic policing, GTS, and rate limit ············································...
Configuring ACLs Overview An access control list (ACL) is a set of rules for identifying traffic based on criteria such as source IP address, destination IP address, and port number. The rules are also called permit or deny statements. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs"...
NOTE: The match order of user-defined ACLs can only be config. • auto—Sorts ACL rules in depth-first order. Depth-first ordering makes sure any subset of a rule is always matched before the rule. Table 1 lists the sequence of tie breakers that depth-first ordering uses to sort rules for each type of ACL.
By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility of inserting rules in an ACL. This feature is important for a config-order ACL, where ACL rules are matched in ascending order of rule ID. Automatic rule numbering and renumbering The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step to the current highest rule ID, starting with 0.
Step Command Remarks By default, no ACLs exist. The value range for a numbered IPv4 basic ACL is 2000 to 2999. Use the acl number acl-number or acl basic acl-number acl basic { acl-number | name command to create a numbered acl-name } [ match-order { auto | Create an IPv4 basic ACL IPv4 basic ACL.
Step Command Remarks (Optional.) Configure a By default, an IPv6 basic ACL description for the IPv6 basic description text does not have a description. ACL. (Optional.) Set the rule step step-value The default setting is 5. numbering step. rule [ rule-id ] { deny | permit } By default, no IPv6 basic ACL [ counting | logging | routing | rules exist.
Step Command Remarks By default, no ACLs exist. The value range for a numbered IPv4 advanced ACL is 3000 to 3999. Use the acl number acl-number or acl advanced acl-number acl advanced { acl-number | command to create a numbered name acl-name } [ match-order Create an IPv4 advanced IPv4 advanced ACL.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering. To configure an IPv6 advanced ACL: Step Command Remarks Enter system view. system-view By default, no ACLs exist. The value range for a numbered IPv6 advanced ACL is 3000 to 3999.
• Source MAC address. • Destination MAC address. • 802.1p priority (VLAN priority). • Link layer protocol type. To configure a Layer 2 ACL: Step Command Remarks Enter system view. system-view By default, no ACLs exist. The value range for a numbered Layer 2 ACL is 4000 to 4999.
Step Command Remarks By default, no ACLs exist. The value range for a numbered user-defined ACL is 5000 to 5999. Use the acl number acl-number or acl user-defined acl-number command to create a numbered acl user-defined { acl-number | user-defined ACL. name acl-name } Create a user-defined ACL Use the acl number acl-number...
Applying an ACL to an interface for packet filtering Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number packet-filter [ ipv6 | mac | Apply an ACL to the interface user-defined ] { acl-number | By default, an interface does not to filter packets.
Step Command Remarks The default setting is 0 minutes. Set the interval for outputting acl { logging | trap } interval By default, the device does not packet filtering logs or interval generate log entries or SNMP notifications. notifications for packet filtering. Setting the packet filtering default action Step Command...
QoS overview In data communications, Quality of Service (QoS) provides differentiated service guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS. QoS manages network resources and prioritizes traffic to balance system resources. The following section describes typical QoS service models and widely used QoS techniques.
• Congestion avoidance. The following section briefly introduces these QoS techniques. All QoS techniques in this document are based on the DiffServ model. Deploying QoS in a network Figure 2 Position of the QoS techniques in a network Traffic direction Traffic classification Traffic policing Traffic policing...
Page 22
Congestion management when congestion occurs. Figure 3 QoS processing flow Tokens Drop Other Classify the proce traffic Remark ssing Packets received Token bucket on the interface Classification Traffic policing Priority marking Toekn Drop Drop Enqueue Queue 0 Dequeue Queue 1 Classify the Other traffic...
Configuring a QoS policy You can configure QoS by using the MQC approach or non-MQC approach. Some features support both approaches, but some support only one. Non-MQC approach In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.
Defining a traffic class Step Command Remarks Enter system view. system-view Create a traffic class and traffic classifier classifier-name By default, no traffic class exists. enter traffic class view. [ operator { and | or } ] (Optional.) Configure a By default, no description is description for the traffic description text...
Applying the QoS policy You can apply a QoS policy to the following destinations: • Interface—The QoS policy takes effect on the traffic sent or received on the interface. • VLAN—The QoS policy takes effect on the traffic sent or received on all ports in the VLAN. •...
Step Command Remarks Enter system view. system-view Apply the QoS policy to qos vlan-policy policy-name vlan By default, no QoS policy is applied VLANs. vlan-id-list { inbound | outbound } to a VLAN. Applying the QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all interfaces. If the hardware resources of an interface card are insufficient, applying a QoS policy globally might fail on the interface card.
Configuration procedure To apply the QoS policy to the control plane: Step Command Remarks Enter system view. system-view In standalone mode: QoS policies cannot be control-plane slot slot-number applied to the control planes Enter control plane of MPUs (except In IRF mode: view.
Page 28
Task Command (In standalone mode.) Display information about QoS policies applied display qos policy control-plane slot slot-number to a control plane. display qos policy control-plane chassis chassis-number slot (In IRF mode.) Display information about QoS policies applied to a control plane. slot-number (In standalone mode.) Display display qos policy control-plane pre-defined [ slot...
Configuring priority mapping Overview When a packet arrives, the switch assigns a set of QoS priority parameters to the packet based on either of the following: • A priority field carried in the packet. • The port priority of the incoming port. This process is called priority mapping.
By looking through a priority map, the switch decides which priority value to assign to a packet for subsequent packet processing. The default priority maps (as shown in Appendix B Default priority maps) are available for priority mapping. They are adequate in most cases. If a default priority map cannot meet your requirements, you can modify the priority map as required.
Page 31
Figure 5 Priority mapping process for an Ethernet packet Receive a packet on a port Should the packet be marked with local precedence or drop priority? Mark it with local precedence and drop priority Which priority is DSCP in packets trusted on the port? Look up dscp-dp and dscp-dscp...
Figure 6 Priority mapping process for an MPLS packet Receive a packet with MPLS labels Should the packet be marked with local precedence and drop priority? Mark it with local precedence and Look up the drop priority exp-dot1p priority Mark the packet with 802.1p priority Look up the Look up the...
Step Command Remarks Enter system view. system-view qos map-table { dot1p-dp | Enter priority map view. dot1p-exp | dot1p-lp | dscp-dp | dscp-dscp | exp-dot1p } By default, the default priority maps are used. For more information, see Configure mappings for import import-value-list export "Appendixes."...
To change the port priority of an interface: Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Set the port priority of the qos priority priority-value The default setting is 0. interface. Displaying and maintaining priority mapping Execute display commands in any view.
[SwitchC] interface Ten-GigabitEthernet 1/0/2 [SwitchC-Ten-GigabitEthernet1/0/2] qos priority 1 [SwitchC-Ten-GigabitEthernet1/0/2] quit Priority map and priority marking configuration example Network requirements As shown in Figure • The Marketing department connects to Ten-GigabitEthernet 1/0/1 of the switch, which sets the 802.1p priority of traffic from the Marketing department to 3. •...
Page 36
Figure 8 Network diagram Internet Host Host Server Server XGE1/0/2 Management department R&D department XGE1/0/3 XGE1/0/1 XGE1/0/4 Switch Data server Host Server Mail server Public servers Marketing department Configuration procedure Configure trusting port priority: # Set the port priority of Ten-GigabitEthernet 1/0/1 to 3. <Switch>...
Page 37
Configuring priority marking: # Create ACL 3000 to match HTTP packets. [Switch] acl advanced 3000 [Switch-acl-ipv4-adv-3000] rule permit tcp destination-port eq 80 [Switch-acl-ipv4-adv-3000] quit # Create a class named http, and use ACL 3000 as the match criterion. [Switch] traffic classifier http [Switch-classifier-http] if-match acl 3000 [Switch-classifier-http] quit # Create a QoS policy named admin to mark HTTP packets of the Management department...
Configuring traffic policing, GTS, and rate limit Overview Traffic policing helps assign network resources (including bandwidth) and increase network performance. For example, you can configure a flow to use only the resources committed to it in a certain time range. This avoids network congestion caused by burst traffic. Traffic policing, Generic Traffic Shaping (GTS), and rate limit control the traffic rate and resource usage according to traffic specifications.
CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or forwarding rate allowed by bucket C. CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward. EBS—Size of bucket E minus size of bucket C, which specifies the transient burst of traffic ...
Figure 9 Traffic policing Put tokens into the bucket at the set rate Packets to be sent out this interface Packets sent Classify Token bucket Drop Traffic policing is widely used in policing traffic entering the ISP networks. It can classify the policed traffic and take predefined policing actions on each packet depending on the evaluation result: •...
Figure 10 GTS Tokens are put into the bucket at the set rate Packets to be sent through this interface Packets sent Packet classification Token bucket Queue Packets dropped For example, in Figure 11, Switch B performs traffic policing on packets from Switch A and drops packets exceeding the limit.
Figure 12 Rate limit implementation Put tokens to the bucket at the set rate Packets to be sent Packets sent Token Queue bucket Buffer The token bucket mechanism limits traffic rate when accommodating bursts. It allows bursty traffic to be transmitted if enough tokens are available. If tokens are scarce, packets cannot be transmitted until efficient tokens are generated in the token bucket.
Step Command Remarks Return to system view. quit Create a QoS policy and enter QoS policy qos policy policy-name By default, no QoS policy exists. view. Associate the traffic class with the traffic classifier classifier-name By default, a traffic class is not behavior in the QoS behavior behavior-name associated with a traffic behavior.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, rate limiting is not qos lr outbound cir configured on an interface. Configure the rate limit committed-information-rate [ cbs for the interface. The CIR must be an integral committed-burst-size ] multiple of 8.
Figure 13 Network diagram Server Internet Host A Switch B XGE1/0/2 XGE1/0/1 Ethernet 1.1.1.1/8 1.1.1.2/8 Host B XGE1/0/1 XGE1/0/3 Switch A XGE1/0/2 Configuration procedure Configure Switch A: # Configure ACL 2001 and ACL 2002 to match the packets from the server and Host A, respectively.
Page 46
[SwitchA] interface Ten-GigabitEthernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound Configure Switch B: # Configure ACL 3001 to match HTTP packets. <SwitchB> system-view [SwitchB] acl advanced 3001 [SwitchB-acl-ipv4-adv-3001] rule permit tcp destination-port eq 80 [SwitchB-acl-ipv4-adv-3001] quit # Create a traffic class named http, and use ACL 3001 as the match criterion. [SwitchB] traffic classifier http [SwitchB-classifier-http] if-match acl 3001 [SwitchB-classifier-http] quit...
Configuring congestion management Overview Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient resources, and various other causes. Figure 14 shows typical congestion scenarios.
Figure 15 SP queuing Queue 7 High priority Packets to be sent through this port Queue 6 Sent packets Interface …… Queue 1 Sending queue Packet Queue classification scheduling Queue 0 Low priority Figure 15, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in descending priority order.
Assume a port provides eight output queues. WRR assigns each queue a weight value (represented by w7, w6, w5, w4, w3, w2, w1, or w0). The weight value of a queue decides the proportion of resources assigned to the queue. On a 10 Gbps port, you can set the weight values to 5, 3, 1, 1, 5, 3, 1, and 1 for w7 through w0.
d. Schedules queues in the WRR group based on their weights when all queues in the SP group are empty. SP+WFQ queuing You can implement SP+WFQ queuing by assigning some queues to the SP group and others to WFQ groups. •...
Configuring SP queuing Configuration procedure To configure SP queuing: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, SP queuing is used Configure SP queuing. qos sp on an interface. Configuration example Configure interface Ten-GigabitEthernet 1/0/1 to use SP queuing: # Enter system view <Sysname>...
Assign queues 0 through 3 to WRR group 1, with their weights as 1, 2, 4, and 6, respectively. Assign queues 4 through 7 to WRR group 2, with their weights as 1, 2, 4, and 6, respectively. Configuration procedure # Enter system view.
Page 53
Step Command Remarks Enable WFQ qos wfq { byte-count | By default, SP queuing is used on an interface. queuing. weight } By default, all queues of a WRR-enabled interface are in WFQ group 1 and have a weight of 1. qos wfq queue-id Select byte-count or weight according to the WFQ Configure a WFQ...
Configuration example for other interface modules Network requirements Configure packet-based WFQ queuing on interface Ten-GigabitEthernet 1/0/1. Assign weights 1, 2, 4, 6, and 8 to queues 1, 3, 4, 5, and 6, respectively. Configuration procedure # Enter system view. <Sysname>...
Page 55
Configuration example for LSQ1QGS4SC0 (JC792A) and LSQM2TGS16SF0 (JH214A, JH222A) interface modules This example uses LSQM2TGS16SF0 (JH214A, JH222A) interface modules. Network requirements Configure SP+WRR queuing on interface Ten-GigabitEthernet 1/0/1, and use byte-count WRR. Assign queues 0, 1, 2, and 3 on Ten-GigabitEthernet 1/0/1 to the SP group. ...
Configuring SP+WFQ queuing Configuration procedure To configure SP+WFQ queuing: Step Command Remarks Enter system view. system-view Enter interface interface interface-type view. interface-number Enable byte-count qos wfq { byte-count | or packet-based By default, SP queuing is used on an interface. weight } WFQ queuing.
# Configure SP+WFQ queuing on Ten-GigabitEthernet 1/0/1. [Sysname] interface Ten-GigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq weight [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 0 group sp [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 1 group sp [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 2 group sp [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 3 group sp [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 4 group 1 weight 1 [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 4 min 128000 [Sysname-Ten-GigabitEthernet1/0/1] qos wfq 5 group 1 weight 2 [Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 5 min 128000...
Page 58
Queue scheduling profiles support three queue scheduling algorithms: SP, WRR, and WFQ. In a queue scheduling profile, you can configure SP+WRR or SP+WFQ. When the three queue scheduling algorithms are configured, SP queues, WRR groups, and WFQ groups are scheduled in descending order of queue ID.
Configuration procedure When you configure a queue scheduling profile, follow these restrictions and guidelines: • Only one queue scheduling profile can be applied to an interface. • You can modify the scheduling parameters in a queue scheduling profile already applied to an interface.
Network requirements Configure a queue scheduling profile on interface Ten-GigabitEthernet 1/0/1 to meet the following requirements: • Queue 7 has the highest priority, and its packets are sent preferentially. • Queue 4, queue 5, and queue 6 in WRR group 1 are scheduled according to their weights, which are 1, 5, and 10, respectively.
Configuration procedure # Enter system view. <Sysname> system-view # Create a queue scheduling profile named qm1. [Sysname] qos qmprofile qm1 [Sysname-qmprofile-qm1] # Configure queue 7 to use SP queuing. [Sysname-qmprofile-qm1] queue 7 sp # Assign queue 1 through queue 6 to WRR group 1, with their weights as 1, 2, 4, 6, 8, and 10. [Sysname-qmprofile-qm1] queue 1 wrr group 1 weight 1 [Sysname-qmprofile-qm1] queue 2 wrr group 1 weight 2 [Sysname-qmprofile-qm1] queue 3 wrr group 1 weight 4...
Page 62
Task Command (In standalone mode.) Display the display qos qmprofile configuration [ profile-name ] [ slot configuration of queue scheduling slot-number ] profiles. (In IRF mode.) Display the configuration display qos qmprofile configuration [ profile-name ] [ chassis of queue scheduling profiles. chassis-number slot slot-number ] display qos qmprofile interface [ interface-type Display the queue scheduling profiles...
Configuring congestion avoidance Overview Avoiding congestion before it occurs is a proactive approach to improving network performance. As a flow control mechanism, congestion avoidance: • Actively monitors network resources (such as queues and memory buffers). • Drops packets when congestion is expected to occur or deteriorate. When dropping packets from a source end, congestion avoidance cooperates with the flow control mechanism at the source end to regulate the network traffic size.
• Have the sender proactively slow down the packet sending rate or decrease the window size of packets. This better utilizes the network resources. RFC 2482 defined an end-to-end congestion notification mechanism named Explicit Congestion Notification (ECN). ECN uses the DS field in the IP header to mark the congestion status along the packet transmission path.
• Upper threshold and lower threshold—When the average queue size is smaller than the lower threshold, packets are not dropped. When the average queue size is between the lower threshold and the upper threshold, the packets are dropped at random. The longer the queue, the higher the drop probability.
Configuring traffic filtering You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For example, you can filter packets sourced from an IP address according to network status. Configuration procedure To configure traffic filtering: Step Command...
Figure 20 Network diagram Host Switch GE1/0/1 Configuration procedure # Create advanced ACL 3000, and configure a rule to match packets whose source port number is not 21. <Switch> system-view [Switch] acl advanced 3000 [Switch-acl-ipv4-adv-3000] rule 0 permit tcp source-port neq 21 [Switch-acl-ipv4-adv-3000] quit # Create a traffic class named classifier_1, and use ACL 3000 as the match criterion in the traffic class.
Configuring priority marking Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example, you can use priority marking to set IP precedence or DSCP for a class of IP packets to control the forwarding of these packets.
Configuring priority marking based on colors obtained through traffic policing After traffic policing evaluates and colors packets, the switch can mark traffic with various priority values (including DSCP values, 802.1p priority values, and local precedence values) by color. Configure priority marking by using either of the following methods: •...
Page 72
Step Command Remarks • Set the DSCP value for packets: remark [ green | red | yellow ] dscp dscp-value • Set the 802.1p priority for packets or configure the inner-to-outer tag priority Use one of the commands. copying feature: By default, no priority marking remark [ green | red | yellow ] action is configured.
Action Inbound Outbound DSCP marking IP precedence marking Local precedence marking Local QoS ID marking CVLAN marking SVLAN marking Priority marking configuration example Network requirements As shown in Figure 21, configure priority marking on the switch to meet the following requirements: Traffic source Destination Processing priority...
Page 74
[Switch-acl-ipv4-adv-3001] rule permit ip destination 192.168.0.2 0 [Switch-acl-ipv4-adv-3001] quit # Create advanced ACL 3002, and configure a rule to match packets with destination IP address 192.168.0.3. [Switch] acl advanced 3002 [Switch-acl-ipv4-adv-3002] rule permit ip destination 192.168.0.3 0 [Switch-acl-ipv4-adv-3002] quit # Create a traffic class named classifier_dbserver, and use ACL 3000 as the match criterion in the traffic class.
Configuring nesting Nesting adds a VLAN tag to the matching packets to allow the VLAN-tagged packets to pass through the corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network to a service provider network. This allows the packets to pass through the service provider network by carrying a VLAN tag assigned by the service provider.
• Because Site 1 and Site 2 are located in different areas, the two sites use the VPN access service of a service provider. The service provider assigns VLAN 100 to the two sites. Configure nesting, so that the two branches can communicate through the service provider network. Figure 22 Network diagram Public network GE1/0/2...
Page 78
[PE1-GigabitEthernet1/0/2] port trunk permit vlan 100 [PE1-GigabitEthernet1/0/2] quit Configuring PE 2 Configure PE 2 in the same way PE 1 is configured.
Configuring traffic redirecting Traffic redirecting redirects packets matching the specified match criteria to a location for processing. You can redirect packets to the following destinations: • CPU. • Interface. • Next hop. Configuration procedure To configure traffic redirecting: Step Command Remarks Enter system view.
Step Command Remarks Choose one of the application destinations as needed. • Applying the QoS policy to an By default, no QoS policy is interface 11. Apply the QoS policy. applied. • Applying the QoS policy to a VLAN The switch supports •...
Page 81
[SwitchA-acl-ipv4-basic-2000] rule permit source 2.1.1.1 0 [SwitchA-acl-ipv4-basic-2000] quit # Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. [SwitchA] acl basic 2001 [SwitchA-acl-ipv4-basic-2001] rule permit source 2.1.1.2 0 [SwitchA-acl-ipv4-basic-2001] quit # Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class.
Configuring global CAR Overview Global committed access rate (CAR) is an approach to policing traffic flows globally. It adds flexibility to common CAR where traffic policing is performed only on a per-traffic class or per-interface basis. In this approach, CAR actions are created in system view and each can be used to police multiple traffic flows as a whole.
• Use common CAR actions to limit the rates of Internet access flow 1 and flow 2 to both 128 kbps. • Use a hierarchical CAR action to limit their total traffic rate to 192 kbps. • Use the hierarchical CAR action for both flow 1 and flow 2 in AND mode. When flow 1 is not present, flow 2 is transmitted at the maximum rate, 128 kbps.
Step Command Remarks • Aggregate CAR: car name car-name hierarchy-car hierarchy-car-name [ mode { and | or } ] • Common CAR: car cir committed-information-rate [ cbs committed-burst-size [ ebs By default, no hierarchical CAR excess-burst-size ] ] [ green action action is used in a traffic Use the hierarchical | red action | yellow action ] *...
Figure 24 Network diagram Internet Switch XGE1/0/1 VLAN10 VLAN100 Configuration procedure # Configure aggregate CAR according to the rate limit requirements. <Switch> system-view [Switch] qos car aggcar-1 aggregative cir 2560 cbs 20480 red discard # Create class 1 to match traffic of VLAN 10. Create behavior 1 and use the aggregate CAR in the behavior.
Configuring class-based accounting Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example, you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing the statistics, you can determine whether anomalies have occurred and what action to take.
Page 89
# Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class. [Switch] traffic classifier classifier_1 [Switch-classifier-classifier_1] if-match acl 2000 [Switch-classifier-classifier_1] quit # Create a traffic behavior named behavior_1, and configure the class-based accounting action. [Switch] traffic behavior behavior_1 [Switch-behavior-behavior_1] accounting [Switch-behavior-behavior_1] quit...
Table 7 Default dot1p-lp and dot1p-dp priority maps Input priority value dot1p-lp map dot1p-dp map dot1p Table 8 Default dscp-dp priority map Input priority value dscp-dp map dscp 0 to 7 8 to 15 16 to 23 24 to 31 32 to 39 40 to 47 48 to 55...
Page 92
services (DS) field. A DSCP value is represented by the first 6 bits (0 to 5) of the DS field and is in the range 0 to 63. The remaining 2 bits (6 and 7) are reserved. Table 9 IP precedence IP precedence (decimal) IP precedence (binary) Description...
802.1p priority 802.1p priority lies in the Layer 2 header. It applies to occasions where Layer 3 header analysis is not needed and QoS must be assured at Layer 2. Figure 27 An Ethernet frame with an 802.1Q tag header 802.1Q header Destination...
Page 94
As shown in Figure 29, the EXP field is 3-bit long and is in the range of 0 to 7.
Configuring time ranges You can implement a service based on the time of the day by applying a time range to it. A time-based service takes effect only in time periods specified by the time range. For example, you can implement time-based ACL rules by applying a time range to them. If a time range does not exist, the service based on the time range does not take effect.
Page 96
Figure 30 Network diagram Server Host A GE1/0/1 GE1/0/2 192.168.1.2/24 Device A 192.168.0.100/24 Host B 192.168.1.3/24 Configuration procedure # Create a time range for the period from 8:00 to 18:00 on working days from June 2015 to the end of the year.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 101
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 102
Index configuration, 77, 78 Numerics priority marking configuration, QoS global CAR, QoS packet 802.1p priority, Appendix A (Acronyms), 802.1p Appendix B (Default priority maps), priority marking configuration, Appendix C (Packet precedence), 802.1p priority applying drop precedence, ACL packet filtering (interface), QoS congestion avoidance queue-based WRED table, absolute time range (ACL),...
Page 111
drop precedence mapping, priority marking configuration, QoS display, trapping ACL packet filtering logging+SNMP notifications, trusted port packet priority (QoS), type ACL advanced, ACL auto match order sort, ACL basic, ACL config match order sort, ACL Layer 2, ACL user-defined, user QoS priority mapping user priority, user-defined ACL type,...