0% found this document useful (0 votes)

109 views132 pages

HP 5700 Switch Config Acl

Uploaded by

Thuong Nguyen Hai

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

109 views132 pages

HP 5700 Switch Config Acl

Uploaded by

Thuong Nguyen Hai

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 132

HP FlexFabric 5700 Switch Series

ACL and QoS

Configuration Guide

Part number: 5998-6661

Software version: Release 2416
Document version: 6W100-20150130
Legal and notice information

© Copyright 2015 Hewlett-Packard Development Company, L.P.

No part of this documentation may be reproduced or transmitted in any form or by any means without
prior written consent of Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained
herein or for incidental or consequential damages in connection with the furnishing, performance, or
use of this material.
The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained
herein.
Contents

Configuring ACLs ························································································································································· 1

Overview············································································································································································ 1
Applications on the switch ······································································································································ 1
ACL categories ························································································································································· 1
Numbering and naming ACLs ································································································································ 2
Match order ······························································································································································ 2
Rule numbering ························································································································································· 3
Fragments filtering with ACLs ·································································································································· 3
Configuration task list ······················································································································································· 4
Configuring a basic ACL ·················································································································································· 4
Configuring an IPv4 basic ACL ······························································································································ 4
Configuring an IPv6 basic ACL ······························································································································ 5
Configuring an advanced ACL ········································································································································ 5
Configuring an IPv4 advanced ACL······················································································································· 6
Configuring an IPv6 advanced ACL······················································································································· 7
Configuring an Ethernet frame header ACL ···················································································································8
Configuring a user-defined ACL ······································································································································ 9
Copying an ACL ···························································································································································· 10
Configuring packet filtering with ACLs ························································································································ 10
Applying an ACL to an interface for packet filtering························································································· 11
Configuring the applicable scope of packet filtering on a VLAN interface ···················································· 11
Setting the interval for generating and outputting packet filtering logs··························································· 11
Setting the packet filtering default action ··········································································································· 12
Displaying and maintaining ACLs ································································································································ 12
ACL configuration example ·········································································································································· 12
Network requirements ··········································································································································· 12
Configuration procedure ······································································································································ 13
Verifying the configuration ··································································································································· 13

QoS overview····························································································································································· 15

QoS service models ······················································································································································· 15
Best-effort service model ······································································································································· 15
IntServ model ························································································································································· 15
DiffServ model ······················································································································································· 15
QoS techniques overview ············································································································································· 16
Deploying QoS in a network ········································································································································ 16

Configuring a QoS policy ········································································································································· 18

Non-MQC approach ····················································································································································· 18
MQC approach ····························································································································································· 18
Configuration procedure diagram ······························································································································· 18
Defining a traffic class ··················································································································································· 19
Configuration guidelines ······································································································································ 19
Configuration procedure ······································································································································ 19
Defining a traffic behavior ············································································································································ 20
Defining a QoS policy ··················································································································································· 21
Applying the QoS policy··············································································································································· 21
Applying the QoS policy to an interface ············································································································ 22
Applying the QoS policy to a VLAN ··················································································································· 22
Applying the QoS policy globally ······················································································································· 23

i
Applying the QoS policy to a control plane ······································································································ 23
Applying the QoS policy to a user profile ·········································································································· 24
Displaying and maintaining QoS policies ·················································································································· 24

Configuring priority mapping ··································································································································· 26

Configuring traffic policing, GTS, and rate limit ····································································································· 36

Configuring congestion management ······················································································································ 46

Overview········································································································································································· 46
SP queuing ····························································································································································· 46
WRR queuing ························································································································································· 47
WFQ queuing ························································································································································ 49
SP+WRR queuing ·················································································································································· 49
SP+WFQ queuing ················································································································································· 49
Congestion management configuration task list ········································································································· 50
Configuring queuing ······················································································································································ 50
Configuring SP queuing ········································································································································ 50
Configuring WRR queuing ··································································································································· 50
Configuring WFQ queuing ·································································································································· 51
Configuring SP+WRR queuing····························································································································· 52
Configuring SP+WFQ queuing···························································································································· 53
Displaying and maintaining queuing ·················································································································· 55
Configuring queue scheduling profiles ························································································································ 55
Configuring a queue scheduling profile ············································································································· 56
Displaying and maintaining queue scheduling profiles ···················································································· 56
Queue scheduling profile configuration example ······························································································ 57
Setting the queue aging time ········································································································································ 57

ii
Configuring congestion avoidance··························································································································· 58
Overview········································································································································································· 58
Tail drop ································································································································································· 58
RED and WRED ····················································································································································· 58
ECN ········································································································································································ 59
Configuring and applying a WRED table ··················································································································· 59
Configuration procedure ······································································································································ 60
Configuration example ········································································································································· 60
Displaying and maintaining WRED ····························································································································· 61

Configuring traffic filtering ········································································································································ 62

Configuration procedure ··············································································································································· 62
Configuration example ·················································································································································· 63
Network requirements ··········································································································································· 63
Configuration procedure ······································································································································ 63

Configuring priority marking ····································································································································· 64

Configuring nesting···················································································································································· 72

Configuration procedure ··············································································································································· 72
Configuration example ·················································································································································· 73
Network requirements ··········································································································································· 73
Configuration procedure ······································································································································ 73

Configuring traffic redirecting ··································································································································· 75

Configuration procedure ··············································································································································· 75
Configuration example ·················································································································································· 76
Network requirements ··········································································································································· 76
Configuration procedure ······································································································································ 77

Configuring aggregate CAR ····································································································································· 79

Configuration procedure ··············································································································································· 79
Displaying and maintaining aggregate CAR·············································································································· 79
Aggregate CAR configuration example ······················································································································ 79
Network requirements ··········································································································································· 79
Configuration procedure ······································································································································ 80

Configuring class-based accounting ························································································································· 82

Configuration procedure ··············································································································································· 82
Configuration example ·················································································································································· 83
Network requirements ··········································································································································· 83
Configuration procedure ······································································································································ 83

Appendixes································································································································································· 85
Appendix A Default priority maps ······························································································································· 85
Appendix B Introduction to packet precedences ········································································································ 86
IP precedence and DSCP values·························································································································· 86
802.1p priority ······················································································································································ 87

iii
Configuring time ranges ············································································································································ 89
Configuration procedure ··············································································································································· 89
Displaying and maintaining time ranges····················································································································· 89
Time range configuration example ······························································································································ 89

Configuring data buffers ··········································································································································· 91

Configuration task list ···················································································································································· 91
Enabling the Burst function ············································································································································ 92
Configuring data buffers manually ······························································································································ 92
Configuring the total shared-area ratio··············································································································· 93
Setting the maximum shared-area ratio for a queue ························································································· 93
Setting the fixed-area ratio for a queue ·············································································································· 94
Applying data buffer configuration ····················································································································· 94
Displaying and maintaining data buffers ···················································································································· 94

Configuring QCN ······················································································································································ 95

Basic concepts ································································································································································ 95
QCN message format ··················································································································································· 95
Data flow format ···················································································································································· 95
CNM format··························································································································································· 96
How QCN works ··························································································································································· 97
QCN algorithm ······························································································································································ 98
CP algorithm ·························································································································································· 98
RP algorithm ··························································································································································· 98
CND ················································································································································································ 99
CND defense mode ·············································································································································· 99
Priority mapping ···················································································································································· 99
Protocols and standards ················································································································································ 99
QCN configuration task list ········································································································································ 100
Enabling QCN globally ·············································································································································· 100
Configuration prerequisites ································································································································ 100
Configuration procedure ···································································································································· 100
Configuring CND settings ··········································································································································· 100
Configuring global CND settings ······················································································································ 101
Configuring CND settings for an interface ······································································································· 101
Configuring congestion detection parameters ·········································································································· 102
Displaying and maintaining QCN ····························································································································· 102
QCN configuration examples ···································································································································· 102
Basic QCN configuration example ··················································································································· 102
MultiCND QCN configuration example ··········································································································· 105

Support and other resources ·································································································································· 111

Contacting HP ······························································································································································ 111
Subscription service ············································································································································ 111
Related information ······················································································································································ 111
Documents ···························································································································································· 111
Websites······························································································································································· 111
Conventions ·································································································································································· 112

Index ········································································································································································ 114

iv
Configuring ACLs

Overview
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on
criteria such as source IP address, destination IP address, and port number.
ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs" provides an
example. You can use ACLs in QoS, security, routing, and other feature modules for identifying traffic.
The packet drop or forwarding decisions depend on the modules that use ACLs.

Applications on the switch

An ACL is implemented in hardware or software, depending on the module that uses it.
• If the module is implemented in hardware (for example, the packet filter or QoS module), the ACL
is applied to hardware to process traffic.
• If the module is implemented in software (for example, the routing module or the user interface
access control module such as Telnet, or SNMP), the ACL is applied to software to process traffic.
The user interface access control module denies packets that do not match any ACL. Some modules (QoS
for example) ignore the permit or deny action in ACL rules and do not base their drop or forwarding
decisions on the action set in ACL rules. See the specified module for information about ACL application.

ACL categories
Category ACL number IP version Match criteria
IPv4 Source IPv4 address.
Basic ACLs 2000 to 2999
IPv6 Source IPv6 address.

Source IPv4 address, destination IPv4 address,

IPv4 packet priority, protocol number, and other
Layer 3 and Layer 4 header fields.
Advanced ACLs 3000 to 3999
Source IPv6 address, destination IPv6 address,
IPv6 packet priority, protocol number, and other
Layer 3 and Layer 4 header fields.

Layer 2 header fields, such as source and

Ethernet frame
4000 to 4999 IPv4 and IPv6 destination MAC addresses, 802.1p priority,
header ACLs
and link layer protocol type.

User-defined User specified matching patterns in protocol

5000 to 5999 IPv4 and IPv6
ACLs headers.

1
Numbering and naming ACLs
Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a
number. In addition, you can assign the ACL a name for ease of identification. After creating an ACL with
a name, you cannot rename it or delete its name.
For an IPv4 basic or advanced ACLs, its ACL number and name must be unique in IPv4. For an IPv6 basic
or advanced ACL, its ACL number and name must be unique in IPv6.

Match order
The rules in an ACL are sorted in a specific order. When a packet matches a rule, the device stops the
match process and performs the action defined in the rule. If an ACL contains overlapping or conflicting
rules, the matching result and action to take depend on the rule order.
The following ACL match orders are available:
• config—Sorts ACL rules in ascending order of rule ID. A rule with a lower ID is matched before a
rule with a higher ID. If you use this method, check the rules and their order carefully.

NOTE:
The match order of user-defined ACLs can only be config.

• auto—Sorts ACL rules in depth-first order. Depth-first ordering makes sure any subset of a rule is
always matched before the rule. Table 1 lists the sequence of tie breakers that depth-first ordering
uses to sort rules for each type of ACL.
Table 1 Sort ACL rules in depth-first order

ACL category Sequence of tie breakers

1. More 0s in the source IPv4 address wildcard (more 0s means a narrower IPv4
IPv4 basic ACL address range).
2. Rule configured earlier.
1. Specific protocol number.
2. More 0s in the source IPv4 address wildcard mask.
IPv4 advanced ACL 3. More 0s in the destination IPv4 address wildcard.
4. Narrower TCP/UDP service port number range.
5. Rule configured earlier.
1. Longer prefix for the source IPv6 address (a longer prefix means a narrower
IPv6 basic ACL IPv6 address range).
2. Rule configured earlier.
1. Specific protocol number.
2. Longer prefix for the source IPv6 address.
IPv6 advanced ACL 3. Longer prefix for the destination IPv6 address.
4. Narrower TCP/UDP service port number range.
5. Rule configured earlier.
1. More 1s in the source MAC address mask (more 1s means a smaller MAC
Ethernet frame address).
header ACL 2. More 1s in the destination MAC address mask.
3. Rule configured earlier.

2
A wildcard mask, also called an inverse mask, is a 32-bit binary number represented in dotted
decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care"
bits, and the 1 bits represent "don't care" bits. If the "do care" bits in an IP address are identical
to the "do care" bits in an IP address criterion, the IP address matches the criterion. All "don't care"
bits are ignored. The 0s and 1s in a wildcard mask can be noncontiguous. For example,
0.255.0.255 is a valid wildcard mask.

Rule numbering
ACL rules can be manually numbered or automatically numbered. This section describes how automatic
ACL rule numbering works.

Rule numbering step

If you do not assign an ID to the rule you are creating, the system automatically assigns it a rule ID. The
rule numbering step sets the increment by which the system automatically numbers rules. For example, the
default ACL rule numbering step is 5. If you do not assign IDs to rules you are creating, they are
automatically numbered 0, 5, 10, 15, and so on. The wider the numbering step, the more rules you can
insert between two rules.
By introducing a gap between rules rather than contiguously numbering rules, you have the flexibility of
inserting rules in an ACL. This feature is important for a config-order ACL, where ACL rules are matched
in ascending order of rule ID.

Automatic rule numbering and renumbering

The ID automatically assigned to an ACL rule takes the nearest higher multiple of the numbering step to
the current highest rule ID, starting with 0.
For example, if the numbering step is 5 (the default), and there are five ACL rules numbered 0, 5, 9, 10,
and 12, the newly defined rule is numbered 15. If the ACL does not contain any rule, the first rule is
numbered 0.
Whenever the step changes, the rules are renumbered, starting from 0. For example, if there are five rules
numbered 5, 10, 13, 15, and 20, changing the step from 5 to 2 causes the rules to be renumbered 0, 2,
4, 6, and 8.

Fragments filtering with ACLs

Traditional packet filtering matches only first fragments of packets, and allows all subsequent non-first
fragments to pass through. Attackers can fabricate non-first fragments to attack networks.
To avoid the risks, the HP ACL implementation does the following:
• Filters all fragments by default, including non-first fragments.
• Allows for matching criteria modification for efficiency. For example, you can configure the ACL to
filter only non-first fragments.

3
Configuration task list
Tasks at a glance
(Required.) Perform at least one of the following tasks:
• Configuring a basic ACL
{ Configuring an IPv4 basic ACL
{ Configuring an IPv6 basic ACL
• Configuring an advanced ACL
{ Configuring an IPv4 advanced ACL
{ Configuring an IPv6 advanced ACL
• Configuring an Ethernet frame header ACL
• Configuring a user-defined ACL
(Optional.) Copying an ACL

(Optional.) Configuring packet filtering with ACLs

Configuring a basic ACL

This section describes procedures for configuring IPv4 and IPv6 basic ACLs.

Configuring an IPv4 basic ACL

IPv4 basic ACLs match packets based only on source IP addresses.
To configure an IPv4 basic ACL:

Step Command Remarks

1. Enter system view. system-view N/A

By default, no ACL exists.

IPv4 basic ACLs are numbered in
acl number acl-number [ name
2. Create an IPv4 basic ACL and the range of 2000 to 2999.
acl-name ] [ match-order { auto |
enter its view.
config } ] You can use the acl name acl-name
command to enter the view of a
named ACL.
3. (Optional.) Configure a
By default, an IPv4 basic ACL has
description for the IPv4 basic description text
no ACL description.
ACL.
4. (Optional.) Set the rule
step step-value The default setting is 5.
numbering step.

By default, an IPv4 basic ACL does

rule [ rule-id ] { deny | permit } not contain any rule.
[ counting | fragment | logging |
5. Create or edit a rule. source { source-address The logging keyword takes effect
source-wildcard | any } | only when the module (for
time-range time-range-name ] * example, packet filtering) that uses
the ACL supports logging.

4
Step Command Remarks
6. (Optional.) Add or edit a rule By default, no rule comments are
rule rule-id comment text
comment. configured.

Configuring an IPv6 basic ACL

IPv6 basic ACLs match packets based only on source IP addresses.
To configure an IPv6 basic ACL:

Step Command Remarks

1. Enter system view. system-view N/A

By default, no ACL exists.

IPv6 basic ACLs are numbered in
acl ipv6 number acl-number
2. Create an IPv6 basic ACL the range of 2000 to 2999.
[ name acl-name ] [ match-order
view and enter its view.
{ auto | config } ] You can use the acl ipv6 name
acl-name command to enter the
view of a named ACL.
3. (Optional.) Configure a
By default, an IPv6 basic ACL has
description for the IPv6 basic description text
no ACL description.
ACL.
4. (Optional.) Set the rule
step step-value The default setting is 5.
numbering step.

By default, an IPv6 basic ACL does

not contain any rule.
The logging keyword takes effect
only when the module (for
rule [ rule-id ] { deny | permit } example, packet filtering) that uses
[ counting | fragment | logging | the ACL supports logging.
routing [ type routing-type ] |
If an ACL is for QoS traffic
source { source-address
5. Create or edit a rule. classification or packet filtering:
source-prefix |
source-address/source-prefix | • Do not specify the fragment
any } | time-range keywords.
time-range-name ] * • Do not specify the routing
keyword if the ACL is for
outbound QoS traffic
classification or outbound
packet filtering.
6. (Optional.) Add or edit a rule By default, no rule comments are
rule rule-id comment text
comment. configured.

Configuring an advanced ACL

This section describes procedures for configuring IPv4 and IPv6 advanced ACLs.

5
Configuring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on the following criteria:
• Source IP addresses.
• Destination IP addresses.
• Packet priorities.
• Protocol numbers.
• Other protocol header information, such as TCP/UDP source and destination port numbers, TCP
flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:

Step Command Remarks

1. Enter system view. system-view N/A

By default, no ACL exists.

IPv4 advanced ACLs are
acl number acl-number [ name numbered in the range of 3000 to
2. Create an IPv4 advanced ACL
acl-name ] [ match-order { auto | 3999.
and enter its view.
config } ] You can use the acl name acl-name
command to enter the view of a
named ACL.
3. (Optional.) Configure a
By default, an IPv4 advanced ACL
description for the IPv4 description text
has no ACL description.
advanced ACL.
4. (Optional.) Set the rule
step step-value The default setting is 5.
numbering step.

rule [ rule-id ] { deny | permit }

protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst
rst-value | syn syn-value | urg By default, an IPv4 advanced ACL
urg-value } * | established } | does not contain any rule.
counting | destination
The logging keyword takes effect
{ dest-address dest-wildcard |
only when the module (for
any } | destination-port operator
example, packet filtering) that uses
5. Create or edit a rule. port1 [ port2 ] | { dscp dscp |
the ACL supports logging.
{ precedence precedence | tos tos }
* } | fragment | icmp-type If an ACL is for QoS traffic
{ icmp-type [ icmp-code ] | classification or packet filtering, do
icmp-message } | logging | source not specify neq for the operator
{ source-address source-wildcard | argument.
any } | source-port operator port1
[ port2 ] | time-range
time-range-name ] *
6. (Optional.) Add or edit a rule By default, no rule comments are
rule rule-id comment text
comment. configured.

6
Configuring an IPv6 advanced ACL
IPv6 advanced ACLs match packets based on the following criteria:
• Source IPv6 addresses.
• Destination IPv6 addresses.
• Packet priorities.
• Protocol numbers.
• Other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination port
number, ICMPv6 message type, and ICMPv6 message code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv6 advanced ACL:

Step Command Remarks

1. Enter system
system-view N/A
view.

By default, no ACL exists.

2. Create an IPv6 acl ipv6 number acl-number
IPv6 advanced ACLs are numbered in the range of
advanced ACL [ name acl-name ]
3000 to 3999.
and enter its [ match-order { auto |
view. config } ] You can use the acl ipv6 name acl-name command
to enter the view of a named ACL.
3. (Optional.)
Configure a
By default, an IPv6 advanced ACL has no ACL
description for description text
description.
the IPv6
advanced ACL.
4. (Optional.) Set
the rule step step-value The default setting is 5.
numbering step.

7
Step Command Remarks
rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value |
fin fin-value | psh psh-value |
rst rst-value | syn syn-value | By default, IPv6 advanced ACL does not contain any
urg urg-value } * | rule.
established } | counting | The logging keyword takes effect only when the
destination { dest-address module (for example, packet filtering) that uses the
dest-prefix | ACL supports logging.
dest-address/dest-prefix |
If an ACL is for QoS traffic classification or packet
any } | destination-port
filtering:
operator port1 [ port2 ] | dscp
5. Create or edit a dscp | flow-label • Do not specify the fragment keyword.
rule. flow-label-value | fragment | • Do not specify neq for the operator argument.
icmp6-type { icmp6-type • Do not specify the routing, hop-by-hop, or
icmp6-code | flow-label keyword if the ACL is for outbound
icmp6-message } | logging | QoS traffic classification or outbound packet
routing [ type routing-type ] | filtering.
hop-by-hop [ type hop-type ] | • Do not specify ipv6-ah for the protocol argument,
source { source-address nor set its value to 0, 43, 44, 51, or 60, if the ACL
source-prefix | is for outbound QoS traffic classification or
source-address/source-prefix outbound packet filtering.
| any } | source-port operator
port1 [ port2 ] | time-range
time-range-name ] *
6. (Optional.) Add
or edit a rule rule rule-id comment text By default, no rule comments are configured.
comment.

NOTE:
If an ACL is to match information in the IPv6 packet payload, it can only match packets with one extension
header. It cannot match packets with two or more extension headers or with the Encapsulating Security
Payload Header.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as:
• Source MAC address.
• Destination MAC address.
• 802.1p priority (VLAN priority).
• Link layer protocol type.
To configure an Ethernet frame header ACL:

Step Command Remarks

1. Enter system view. system-view N/A

8
Step Command Remarks
By default, no ACL exists.
Ethernet frame header ACLs are
2. Create an Ethernet frame acl number acl-number [ name numbered in the range of 4000 to
header ACL and enter its acl-name ] [ match-order { auto | 4999.
view. config } ] You can use the acl name acl-name
command to enter the view of a
named ACL.
3. (Optional.) Configure a By default, an Ethernet frame
description for the Ethernet description text header ACL has no ACL
frame header ACL. description.
4. (Optional.) Set the rule
step step-value The default setting is 5.
numbering step.

By default, an Ethernet frame

header ACL does not contain any
rule [ rule-id ] { deny | permit } [ cos
rule.
vlan-pri | counting | dest-mac
dest-address dest-mask | { lsap If an Ethernet frame header ACL is
lsap-type lsap-type-mask | type used for packet filtering or QoS
5. Create or edit a rule. traffic classification and the lsap
protocol-type protocol-type-mask }
| source-mac source-address keyword is used, the lsap-type
source-mask | time-range argument value must be AAAA,
time-range-name ] * and the lsap-type-mask argument
value must be FFFF. Otherwise, the
ACL does not take effect.
6. (Optional.) Add or edit a rule By default, no rule comments are
rule rule-id comment text
comment. configured.

Configuring a user-defined ACL

User-defined ACLs allow you to customize rules based on information in protocol headers. You can
define a user-defined ACL to match packets. A specific number of bytes after an offset (relative to the
specified header) are compared against a match pattern after being ANDed with a match pattern mask.
To configure a user-defined ACL:

Step Command Remarks

1. Enter system view. system-view N/A

By default, no ACL exists.

User-defined ACLs are numbered
2. Create a user-defined ACL acl number acl-number [ name in the range of 5000 to 5999.
and enter its view. acl-name ] You can use the acl name acl-name
command to enter the view of a
named ACL.
3. (Optional.) Configure a
By default, a user-defined ACL has
description for the description text
no ACL description.
user-defined ACL.

9
Step Command Remarks
By default, a user-defined ACL
rule [ rule-id ] { deny | permit } does not contain any rule.
[ { l2 rule-string rule-mask A user-defined ACL cannot be used
4. Create or edit a rule.
offset }&<1-8> ] [ counting | for outbound QoS traffic
time-range time-range-name ] * classification or outbound packet
filtering.
5. (Optional.) Add or edit a rule By default, no rule comments are
rule rule-id comment text
comment. configured.

NOTE:
If a user-defined ACL is to match packets with VLAN tags, the offset must include the length of the VLAN
tags. Each VLAN tag is 4 bytes long.

Copying an ACL
You can create an ACL by copying an existing ACL (source ACL). The new ACL (destination ACL) has the
same properties and content as the source ACL, but not the same ACL number and name.
To successfully copy an ACL, make sure:
• The destination ACL number is from the same category as the source ACL number.
• The source ACL already exists, but the destination ACL does not.
To copy an ACL:

Step Command
1. Enter system view. system-view

acl [ ipv6 ] copy { source-acl-number | name

2. Copy an existing ACL to create a new ACL. source-acl-name } to { dest-acl-number | name
dest-acl-name }

Configuring packet filtering with ACLs

This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets
on the specified interface.

NOTE:
The ACL-based packet filter function is available on Ethernet interfaces, VLAN interfaces, S-channel
interfaces, S-channel aggregate interfaces, VSI interfaces, and VSI aggregate interfaces. For more
information about S-channel interfaces, S-channel aggregate interfaces, VSI interfaces, and VSI
aggregate interfaces, see EVB Configuration Guide.

10
Applying an ACL to an interface for packet filtering
Step Command Remarks
1. Enter system view. system-view N/A

interface interface-type
2. Enter interface view. N/A
interface-number

By default, an interface does not

packet-filter [ ipv6 ] { acl-number | filter packets.
3. Apply an ACL to the interface
name acl-name } { inbound |
to filter packets. You can apply only one ACL to the
outbound } [ hardware-count ]
same direction of an interface.

Configuring the applicable scope of packet filtering on a VLAN

interface
You can configure the packet filtering on a VLAN interface to filter the following packets:
• Packets forwarded at Layer 3 by the VLAN interface.
• All packets, including packets forwarded at Layer 3 by the VLAN interface and packets forwarded
at Layer 2 by the physical ports associated with the VLAN interface.
To configure the applicable scope of packet filtering on a VLAN interface:

Step Command Remarks

1. Enter system view. system-view N/A

If the VLAN interface already exists,

2. Create a VLAN interface interface vlan-interface you directly enter its view.
and enter its view. vlan-interface-id
By default, no VLAN interface exists.
3. Specify the applicable
By default, the packet filtering filters
scope of packet filtering on packet-filter filter [ route | all ]
packets forwarded at Layer 3.
the VLAN interface.

Setting the interval for generating and outputting packet

filtering logs
After you set the interval, the device periodically generates and outputs the packet filtering logs to the
information center, including the number of matching packets and the matched ACL rules. For more
information about information center, see Network Management and Monitoring Configuration Guide.
To set the interval for generating and outputting packet filtering logs:

Step Command Remarks

1. Enter system view. system-view N/A
2. Set the interval for generating The default setting is 0 minutes,
and outputting packet filtering acl [ ipv6 ] logging interval interval which mean that no packet filtering
logs. logs are generated.

11
Setting the packet filtering default action
Step Command Remarks
1. Enter system view. system-view N/A

By default, the packet filter permits

2. Set the packet filtering default
packet-filter default deny packets that do not match any ACL
action to deny.
rule to pass.

Displaying and maintaining ACLs

Execute display commands in any view and reset commands in user view.

Task Command
display acl [ ipv6 ] { acl-number | all | name
Display ACL configuration and match statistics.
acl-name }

display packet-filter { interface [ interface-type

Display whether an ACL has been successfully applied interface-number ] [ inbound | outbound ] | interface
to an interface for packet filtering. vlan-interface vlan-interface-number [ inbound |
outbound ] [ slot slot-number ] }

display packet-filter statistics interface interface-type

Display match statistics for packet filtering ACLs. interface-number { inbound | outbound } [ [ ipv6 ]
{ acl-number | name acl-name } ] [ brief ]

display packet-filter statistics sum { inbound |

Display the accumulated statistics for packet filtering
outbound } [ ipv6 ] { acl-number | name acl-name }
ACLs.
[ brief ]

display packet-filter verbose interface interface-type

Display detailed ACL packet filtering information. interface-number { inbound | outbound } [ [ ipv6 ]
{ acl-number | name acl-name } ] [ slot slot-number ]

Display QoS and ACL resource usage. display qos-acl resource [ slot slot-number ]

reset acl [ ipv6 ] counter { acl-number | all | name

Clear ACL statistics.
acl-name }

reset packet-filter statistics interface [ interface-type

Clear match statistics (including the accumulated
interface-number ] { inbound | outbound } [ [ ipv6 ]
statistics) for packet filtering ACLs.
{ acl-number | name acl-name } ]

ACL configuration example

Network requirements
A company interconnects its departments through Device A. Configure an ACL to:
• Permit access from the President's office at any time to the financial database server.

12
• Permit access from the Financial department to the database server only during working hours (from
8:00 to 18:00) on working days.
• Deny access from any other department to the database server.
Figure 1 Network diagram

Configuration procedure
# Create a periodic time range from 8:00 to 18:00 on working days.
<DeviceA> system-view
[DeviceA] time-range work 08:0 to 18:00 working-day

# Create an IPv4 advanced ACL numbered 3000 and configure three rules in the ACL. One rule permits
access from the President's office to the financial database server, one rule permits access from the
Financial department to the database server during working hours, and one rule denies access from any
other department to the database server.
[DeviceA] acl number 3000
[DeviceA-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 destination
192.168.0.100 0
[DeviceA-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
[DeviceA-acl-adv-3000] rule deny ip source any destination 192.168.0.100 0
[DeviceA-acl-adv-3000] quit

# Apply IPv4 advanced ACL 3000 to filter outgoing packets on interface Ten-GigabitEthernet 1/0/1.
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] packet-filter 3000 outbound
[DeviceA-Ten-GigabitEthernet1/0/1] quit

Verifying the configuration

# Ping the database server from a PC in the Financial department during the working hours. (All PCs in
this example use Windows XP).
C:\> ping 192.168.0.100

13
Pinging 192.168.0.100 with 32 bytes of data:

Reply from 192.168.0.100: bytes=32 time=1ms TTL=255

Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255
Reply from 192.168.0.100: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.0.100:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

The output shows that the database server can be pinged.

# Ping the database server from a PC in the Marketing department during the working hours.
C:\> ping 192.168.0.100

Pinging 192.168.0.100 with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.100:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

The output shows the database server cannot be pinged.

# Display configuration and match statistics for IPv4 advanced ACL 3000 on Device A during the
working hours.
[DeviceA] display acl 3000
Advanced ACL 3000, named -none-, 3 rules,
ACL's step is 5
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.100 0
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work
(Active)
rule 10 deny ip destination 192.168.0.100 0

The output shows that rule 5 is active.

14
QoS overview

In data communications, Quality of Service (QoS) provides differentiated service guarantees for
diversified traffic in terms of bandwidth, delay, jitter, and drop rate, all of which can affect QoS.
Network resources are limited. When configuring a QoS scheme, you must consider the characteristics
of different applications. For example, when bandwidth is fixed, more bandwidth used by one user
leaves less bandwidth for others. QoS prioritizes traffic to balance the interests of users and manages
network resources.
The following section describes typical QoS service models and widely used QoS techniques.

QoS service models

This section describes several typical QoS service models.

Best-effort service model

The best-effort model is a single-service model. As the simplest service model, the best-effort model is not
as reliable as other models and does not guarantee delay-free delivery.
The best-effort service model is the default model for the Internet and applies to most network
applications. It uses the First In First Out (FIFO) queuing mechanism.

IntServ model
The integrated service (IntServ) model is a multiple-service model that can accommodate diverse QoS
requirements. This service model provides the most granularly differentiated QoS by identifying and
guaranteeing definite QoS for each data flow.
In the IntServ model, an application must request service from the network before it sends data. IntServ
signals the service request with the RSVP. All nodes receiving the request reserve resources as requested
and maintain state information for the application flow.
The IntServ model demands high storage and processing capabilities because it requires all nodes along
the transmission path to maintain resource state information for each flow. This model is suitable for
small-sized or edge networks, but not large-sized networks, for example, the core layer of the Internet,
where billions of flows are present.

DiffServ model
The differentiated service (DiffServ) model is a multiple-service model that can meet diverse QoS
requirements. It is easy to implement and extend. DiffServ does not signal the network to reserve
resources before sending data, as IntServ does.

15
QoS techniques overview
The QoS techniques include the following features:
• Traffic classification.
• Traffic policing.
• Traffic shaping.
• Rate limit.
• Congestion management.
• Congestion avoidance.
The following section briefly introduces these QoS techniques.
All QoS techniques in this document are based on the DiffServ model.

Deploying QoS in a network

Figure 2 Position of the QoS techniques in a network

As shown in Figure 2, traffic classification, traffic shaping, traffic policing, congestion management, and
congestion avoidance mainly implement the following features:
• Traffic classification—Uses match criteria to assign packets with the same characteristics to a traffic
class. Based on traffic classes, you can provide differentiated services.
• Traffic policing—Polices flows and imposes penalties to prevent aggressive use of network resources.
You can apply traffic policing to both incoming and outgoing traffic of a port.
• Traffic shaping—Adapts the output rate of traffic to the network resources available on the
downstream device to eliminate packet drops. Traffic shaping usually applies to the outgoing traffic
of a port.
• Congestion management—Provides a resource scheduling policy to determine the packet
forwarding sequence when congestion occurs. Congestion management usually applies to the
outgoing traffic of a port.

16
• Congestion avoidance—Monitors the network resource usage. It is usually applied to the outgoing
traffic of a port. When congestion worsens, congestion avoidance reduces the queue length by
dropping packets.

17
Configuring a QoS policy

You can configure QoS by using the MQC approach or non-MQC approach. Some features support
both approaches, but some support only one.

Non-MQC approach
In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For
example, you can use the rate limit feature to set a rate limit on an interface without using a QoS policy.

MQC approach
In the modular QoS configuration (MQC) approach, you configure QoS service parameters by using
QoS policies. A QoS policy defines the shaping, policing, or other QoS actions to take on different
classes of traffic. It is a set of class-behavior associations.
A traffic class is a set of match criteria for identifying traffic, and it uses the AND or OR operator.
• If the operator is AND, a packet must match all the criteria to match the traffic class.
• If the operator is OR, a packet matches the traffic class if it matches any of the criteria in the traffic
class.
A traffic behavior defines a set of QoS actions to take on packets, such as priority marking and redirect.
By associating a traffic behavior with a traffic class in a QoS policy, you apply QoS actions in the traffic
behavior to the traffic class.

Configuration procedure diagram

Figure 3 shows how to configure a QoS policy.
Figure 3 QoS policy configuration procedure

18
Defining a traffic class
Configuration guidelines
When you configure a traffic class, follow these restrictions and guidelines:
• If the traffic class includes the customer-vlan-id match criterion, a QoS policy that contains the
traffic class can be applied only to interfaces.
• If the traffic class includes both the control-plane protocol or control-plane protocol-group criterion
and other criteria, the QoS policy that contains the traffic class cannot be applied correctly.
• If the traffic class includes the control-plane protocol or control-plane protocol-group match
criterion, the QoS policy that contains the traffic class can be applied only to a control plane.
• To configure multiple values for a match criterion, perform the following tasks:
{ Set the logical operator to OR.
{ Configure multiple if-match commands for the match criterion.
For the customer-vlan-id and service-vlan-id match criteria, you can configure multiple values in
one if-match command when the logical operator is OR or AND.
• If the configured logical operator is AND for the traffic class, the actual logical operator for the rules
in an ACL match criterion is OR.

Configuration procedure
Step Command Remarks
1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name By default, no traffic class is
enter traffic class view. [ operator { and | or } ] configured.

By default, no match criterion is

configured.
3. Configure match criteria. if-match match-criteria For more information, see the
if-match command in ACL and
QoS Command Reference.

Table 2 Available match criteria

Option Description
Matches an ACL.
The acl-number argument has the following value ranges:
• 2000 to 3999 for IPv4 ACLs.
• 2000 to 3999 for IPv6 ACLs.
acl [ ipv6 ] { acl-number | name
acl-name } • 4000 to 4999 for Ethernet frame header ACLs.
• 5000 to 5999 for user-defined ACLs.
The acl-name argument is a case-insensitive string of 1 to 63 characters,
which must start with an English letter. To avoid confusion, make sure the
argument is not all.

any Matches all packets.

19
Option Description
Matches control plane protocols.
control-plane protocol
protocol-name&<1-8> The protocol-name&<1-8> argument specifies a space-separated list of up to
eight system-defined control plane protocols.

Matches a control plane protocol group.

control-plane protocol-group
protocol-group-name The protocol-group-name argument can be critical, important, management,
monitor, normal, or redirect.

Matches 802.1p priority values in inner VLAN tags of double-tagged

packets.
customer-dot1p
dot1p-value&<1-8> The dot1p-value&<1-8> argument specifies a space-separated list of up to
eight 802.1p priority values. The value range for the dot1p-value argument
is 0 to 7.

Matches VLAN IDs in inner VLAN tags of double-tagged packets.

The vlan-id-list argument specifies a space-separated list of up to 10 VLAN
customer-vlan-id vlan-id-list items. Each item specifies a VLAN or a range of VLANs in the form of
vlan-id1 to vlan-id2. The value for vlan-id2 must be equal to or greater than
the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.

destination-mac mac-address Matches a destination MAC address.

Matches DSCP values.

dscp dscp-value&<1-8> The dscp-value&<1-8> argument specifies a space-separated list of up to

eight DSCP values. The value range for the dscp-value argument is 0 to 63 or
keywords shown in Table 10.

Matches IP precedence values.

ip-precedence The ip-precedence-value&<1-8> argument specifies a space-separated list of
ip-precedence-value&<1-8> up to eight IP precedence values. The value range for the
ip-precedence-value argument is 0 to 7.

Matches a protocol.
protocol protocol-name
The protocol-name argument can be ARP, IP, or IPv6.

Matches a local QoS ID in the range of 1 to 4095. The switch supports local
qos-local-id local-id-value
QoS IDs in the range of 1 to 3999.

Matches 802.1p priority values in outer VLAN tags.

service-dot1p The dot1p-value&<1-8> argument specifies a space-separated list of up to
dot1p-value&<1-8> eight 802.1p priority values. The value range for the dot1p-value argument
is 0 to 7.

Matches VLAN IDs in outer VLAN tags.

The vlan-id-list argument specifies a space-separated list of up to 10 VLAN
service-vlan-id vlan-id-list items. Each item specifies a VLAN or a range of VLANs in the form of
vlan-id1 to vlan-id2. The value for vlan-id2 must be equal to or greater than
the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.

source-mac mac-address Matches a source MAC address.

Defining a traffic behavior

A traffic behavior is a set of QoS actions (such as traffic filtering, shaping, policing, and priority marking)
to perform on a traffic class.

20
To define a traffic behavior:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic behavior and By default, no traffic behavior is
traffic behavior behavior-name
enter traffic behavior view. configured.

See the subsequent chapters,

depending on the purpose of the
3. Configure actions in the traffic By default, no action is configured
traffic behavior: traffic policing,
behavior. for a traffic behavior.
traffic filtering, priority marking,
traffic accounting, and so on.

Defining a QoS policy

You associate a traffic behavior with a traffic class in a QoS policy to perform the actions defined in the
traffic behavior for the traffic class of packets.
When an ACL is used by a QoS policy for traffic classification, the action (permit or deny) in the ACL is
ignored, and the actions in the associated traffic behavior are performed.
To associate a traffic class with a traffic behavior in a QoS policy:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a QoS policy and By default, no QoS policy is
qos policy policy-name
enter QoS policy view. configured.

By default, a traffic class is not

associated with a traffic behavior.
Repeat this step to create more
3. Associate a traffic class with a classifier classifier-name behavior class-behavior associations.
traffic behavior to create a behavior-name [ mode dcbx | If a class-behavior association has
class-behavior association in insert-before the mode dcbx keyword, it applies
the QoS policy. before-classifier-name ] * only to DCBX. For more
information about DCBX, see
Layer 2—LAN Switching
Configuration Guide.

Applying the QoS policy

You can apply a QoS policy to the following destinations:
• Interface—The QoS policy takes effect on the traffic sent or received on the interface.
• VLAN—The QoS policy takes effect on the traffic sent or received on all ports in the VLAN.
• Globally—The QoS policy takes effect on the traffic sent or received on all ports.
• Control plane—The QoS policy takes effect on the traffic received on the control plane.
• User profile—The QoS policy takes effect on the traffic sent or received by the online users of the
user profile.

21
You can modify traffic classes, traffic behaviors, and class-behavior associations in a QoS policy even
after it is applied. If a traffic class uses an ACL for traffic classification, you can delete or modify the ACL
(such as add rules to, delete rules from, and modify rules of the ACL).
QoS policies applied to an interface, a VLAN, and globally are in descending order of priority. The
switch first matches the criteria in the QoS policy applied to an interface. If there is a match, the switch
executes the QoS policy applied to the interface and ignores the QoS policies applied to the VLAN and
globally.

Applying the QoS policy to an interface

You can apply QoS policies to the following interfaces:
• Ethernet interfaces.
• S-channel interfaces.
• S-channel aggregate interfaces.
• VSI interfaces.
• VSI aggregate interfaces.
For information about the preceding interfaces except Ethernet interfaces, see EVB Configuration Guide.
A QoS policy can be applied to multiple interfaces, but only one QoS policy can be applied in one
direction (inbound or outbound) of an interface.
The QoS policy applied to the outgoing traffic on an interface does not regulate local packets, which are
critical protocol packets sent by the local system for operation maintenance. The most common local
packets include link maintenance, routing, LDP, RSVP, and SSH packets.
To apply the QoS policy to an interface:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter Ethernet interface
interface interface-type interface-number N/A
view.
3. Apply the QoS policy to qos apply policy policy-name { inbound | By default, no QoS policy
the interface. outbound } is applied to an interface.

NOTE:
If both packet filtering with the permit statement and QoS policies are configured on an interface, the car
and filter actions in the QoS policies do not take effect. For information about packet filtering, see
"Configuring ACLs."

Applying the QoS policy to a VLAN

You can apply a QoS policy to a VLAN to regulate traffic of the VLAN.
QoS policies cannot be applied to dynamic VLANs.
To apply the QoS policy to a VLAN:

22
Step Command Remarks
1. Enter system view. system-view N/A
2. Apply the QoS policy to qos vlan-policy policy-name vlan By default, no QoS policy is applied
VLANs. vlan-id-list { inbound | outbound } to a VLAN.

Applying the QoS policy globally

You can apply a QoS policy globally to the inbound or outbound direction of all ports.
To apply the QoS policy globally:

Step Command Remarks

1. Enter system view. system-view N/A
2. Apply the QoS policy qos apply policy policy-name global By default, no QoS policy is applied
globally. { inbound | outbound } globally.

Applying the QoS policy to a control plane

A switch provides the data plane and the control plane.
• Data plane—The units (such as various dedicated forwarding chips) at the data plane are
responsible for receiving, transmitting, and switching (forwarding) packets. They deliver super
processing speeds and throughput.
• Control plane—The units (such as CPUs) at the control plane are processing units running most
routing and switching protocols. They are responsible for protocol packet resolution and calculation.
Compared with data plane units, the control plane units allow for great packet processing flexibility
but have lower throughput.
When the data plane receives packets that it cannot recognize or process, it transmits them to the control
plane. If the transmission rate exceeds the processing capability of the control plane, the control plane
will be busy handling undesired packets and fail to handle legitimate packets correctly or timely. As a
result, protocol performance is affected.
To address this problem, apply a QoS policy to the control plane to take QoS actions, such as traffic
filtering or rate limiting, on inbound traffic. This ensures that the control plane can correctly receive,
transmit, and process packets.
By default, the switch is configured with predefined control plane QoS policies, which take effect on the
control planes by default. A predefined control plane QoS policy uses the protocol type or protocol
group type to identify the type of packets sent to the control plane. You can use protocol types or protocol
group types in if-match commands in traffic class view for traffic classification. Then you can reconfigure
traffic behaviors for these traffic classes as required. You can use the display qos policy control-plane
pre-defined command to display predefined control plane QoS policies.

Configuration guidelines
If a QoS policy applied to the control plane uses if-match control-plane protocol-group or if-match
control-plane protocol for traffic classification in a class, the action in the associated traffic behavior can
only be car or the combination of car and accounting packet, and only the cir keyword in the car action
can be applied normally.

23
Configuration procedure
To apply the QoS policy to a control plane:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter control plane view. control-plane slot slot-number N/A

By default, no QoS policy

3. Apply the QoS policy to
qos apply policy policy-name inbound is applied to a control
the control plane.
plane.

Applying the QoS policy to a user profile

You can apply a QoS policy to multiple user profiles. In one direction of each user profile, only one policy
can be applied. To modify a QoS policy already applied to a user profile, first remove the applied QoS
policy.
When you apply a QoS policy to a user profile, follow these restrictions and guidelines:
• The QoS policy supports only the car and accounting actions in its behaviors.
• The QoS policy cannot be empty, because a user profile configured with an empty QoS policy
cannot be activated.
• The switch supports two authentication methods (802.1X and MAC) for online users.
To apply a QoS policy to a user profile:

Step Command Remarks

1. Enter system view. system-view N/A

The configuration made in user profile view

2. Enter user profile view. user-profile profile-name takes effect only after it is successfully issued to
the driver.

By default, no QoS policy is applied to a user

profile.

qos apply policy Use the inbound keyword to apply the QoS
3. Apply the QoS policy. policy-name { inbound | policy to the incoming traffic of the device
outbound } (traffic sent by the online users). Use the
outbound keyword to apply the QoS policy to
the outgoing traffic of the device (traffic
received by the online users).

Displaying and maintaining QoS policies

Execute display commands in any view and reset commands in user view.

Task Command
display traffic classifier user-defined [ classifier-name ] [ slot
Display traffic class configuration.
slot-number ]

24
display traffic behavior user-defined [ behavior-name ] [ slot
Display traffic behavior configuration.
slot-number ]

Display QoS and ACL resource usage. display qos-acl resource [ slot slot-number ]

display qos policy user-defined [ policy-name [ classifier

Display QoS policy configuration.
classifier-name ] ] [ slot slot-number ]

Display QoS policy configuration on the display qos policy interface [ interface-type interface-number ]
specified or all interfaces. [ inbound | outbound ]

Display information about QoS policies display qos vlan-policy { name policy-name | vlan vlan-id } [ slot
applied to VLANs. slot-number ] [ inbound | outbound ]

Display information about QoS policies display qos policy global [ slot slot-number ] [ inbound |
applied globally. outbound ]

Display information about QoS policies

display qos policy control-plane slot slot-number
applied to a control plane.

Display information about the predefined

display qos policy control-plane pre-defined [ slot slot-number ]
QoS policy applied to the control plane.

Clear the statistics of the QoS policy

reset qos vlan-policy [ vlan vlan-id ] [ inbound | outbound ]
applied in a certain direction of a VLAN.

Clear the statistics for a QoS policy

reset qos policy global [ inbound | outbound ]
applied globally.

Clear the statistics for the QoS policy

reset qos policy control-plane slot slot-number
applied to a control plane.

25
Configuring priority mapping

Overview
When a packet arrives, a device assigns a set of QoS priority parameters to the packet based on either
a priority field carried in the packet or the port priority of the incoming port. This process is called priority
mapping. During this process, the device can modify the priority of the packet according to the priority
mapping rules. The set of QoS priority parameters decides the scheduling priority and forwarding
priority of the packet.
Priority mapping is implemented with priority maps and involves the following priorities:
• 802.1p priority.
• DSCP.
• IP precedence.
• Local precedence.
• Drop priority.

Introduction to priorities
Priorities include the following types: priorities carried in packets, and priorities locally assigned for
scheduling only.
Packet-carried priorities include 802.1p priority, DSCP precedence, and IP precedence. These priorities
have global significance and affect the forwarding priority of packets across the network. For more
information about these priorities, see "Appendixes."
Locally assigned priorities only have local significance. They are assigned by the switch only for
scheduling. These priorities include the local precedence and drop priority, as follows:
• Local precedence—Used for queuing. A local precedence value corresponds to an output queue. A
packet with higher local precedence is assigned to a higher priority output queue to be
preferentially scheduled.
• Drop priority—Used for making packet drop decisions. Packets with the highest drop priority are
dropped preferentially.

Priority maps
The switch provides various types of priority maps. By looking through a priority map, the switch decides
which priority value to assign to a packet for subsequent packet processing. The switch provides the
following priority mapping tables:
• dot1p-dp—802.1p-to-drop priority mapping table.
• dot1p-lp—802.1p-to-local priority mapping table.
• dscp-dot1p—DSCP-to-802.1p priority mapping table, which is applicable only to IP packets.
• dscp-dp—DSCP-to-drop priority mapping table, which is applicable only to IP packets.
• dscp-dscp—DSCP-to-DSCP priority mapping table, which is applicable only to IP packets.

26
The default priority maps (as shown in "Appendix A Default priority maps") are available for priority
mapping. They are adequate in most cases. If a default priority map cannot meet your requirements, you
can modify the priority map as required.

Priority trust mode on a port

The priority trust mode on a port determines which priority is used for priority mapping table lookup. Port
priority was introduced to use for priority mapping in addition to the priority fields carried in packets. The
Switch Series provides the following priority trust modes:
• Using the 802.1p priority carried in packets for priority mapping.
Table 3 Priority mapping results of trusting the 802.1p priority (when the default dot1p-lp priority
mapping table is used)

802.1p priority carried in

Local precedence Queue ID
packets
0 2 2

1 0 0

2 1 1

3 3 3

4 4 4

5 5 5

6 6 6

7 7 7

NOTE:
When the 802.1p priority carried in packets is trusted, the port priority is used for priority mapping
for packets which do not carry VLAN tags (namely, do not carry 802.1p priorities.) The priority
mapping results are the same as not trusting packet priority, as shown in Table 5.

• Using the DSCP carried in packets for priority mapping.

Table 4 Priority mapping results of trusting the DSCP (when the default dscp-dot1p and dot1p-lp
priority mapping tables are used)

DSCP value carried in packets Local precedence Queue ID

0 to 7 2 2

8 to 15 0 0

16 to 23 1 1

24 to 31 3 3

32 to 39 4 4

40 to 47 5 5

48 to 55 6 6

56 to 63 7 7

27
• Using the port priority as the 802.1p priority for priority mapping. The port priority is user
configurable.
Table 5 Priority mapping results of not trusting packet priority (when the default dot1p-lp priority
mapping table is used)

Port priority Local precedence Queue ID

0 (default) 2 2

1 0 0

2 1 1

3 3 3

4 4 4

5 5 5

6 6 6

7 7 7

The priority mapping process varies with priority trust mode. For more information, see the subsequent
section.

Priority mapping process

On receiving an Ethernet packet on a port, the switch marks the scheduling priorities (local precedence
and drop precedence) for the Ethernet packet. This procedure is done according to the priority trust
mode of the receiving port and the 802.1Q tagging status of the packet, as shown in Figure 4.

28
Figure 4 Priority mapping process for an Ethernet packet
Receive a packet
on a port

Should the
packet be marked with Yes
local precedence or drop
priority?
Mark it with local
No
precedence or drop
priority

Which priority is
802.1p in packets Port priority
trusted on the port?

Use port priority as

Use port priority as No 802.1p priority for
Is the packet DSCP in packets
802.1q priority for priority mapping
802.1q tagged?
priority mapping

Yes
Look up dscp-dp,
dscp-dot1p, and Look up dot1p-dp
dscp-dscp mapping and dot1p-lp
Look up dot1p-dp Look up dot1p-dp tables mapping tables
and dot1p-lp and dot1p-lp
mapping tables mapping tables
Mark the packet
with 802.1p priority, Mark the packet
drop precedence, with local
and new DSCP precedence or drop
Mark the packet Mark the packet priority
with local with local precedence
precedence or drop precedence or drop
priority priority
Look up dot1p-lp
mapping table

Mark the packet

with local
precedence

Schedule the packet based

on its local precedence or
drop priority

For information about priority marking, see "Configuring priority marking."

Priority mapping configuration tasks

You can modify priority mappings by modifying priority mapping tables, priority trust mode on a port,
and port priority.
To configure priority mapping, perform the following tasks:

Tasks at a glance
(Optional.) Configuring a priority map

29
Tasks at a glance
(Required.) Perform one of the following tasks:
• Configuring an interface to trust packet priority for priority mapping
• Changing the port priority of an interface

Configuring a priority map

Step Command Remarks
1. Enter system view. system-view N/A
2. Enter priority map qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p |
N/A
view. dscp-dp | dscp-dscp }

By default, the default

priority maps are used.
For more information, see
3. Configure mappings
import import-value-list export export-value "Appendixes."
for the priority map.
Newly configured
mappings overwrite the
old ones.

Configuring an interface to trust packet priority for

priority mapping
You can configure the switch to trust a particular priority field carried in packets for priority mapping on
interfaces.
When you configure the following trusted packet priority type on an interface, use the following available
keywords:
• dot1p—Uses the 802.1p priority of received packets for mapping.
• dscp—Uses the DSCP precedence of received IP packets for mapping.
• none—Uses the port priority as the 802.1p priority for mapping.
To configure the trusted packet priority type on an interface:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter Ethernet interface interface interface-type
N/A
view. interface-number

30
• Configure the interface to trust
the DSCP precedence.
qos trust dscp
• Configure the interface to trust Use one of these commands.
3. Configure the trusted the 802.1p priority of received
packet priority type. packets. By default, an interface does not trust any
qos trust dot1p packet priority.
• Configure the interface not to
trust any packet priority.
undo qos trust

Changing the port priority of an interface

If an interface does not trust any packet priority, the switch uses its port priority to look for the set of
priority parameters for the incoming packets. By changing port priority, you can prioritize traffic received
on different interfaces.
To change the port priority of an interface:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter Ethernet interface
interface interface-type interface-number N/A
view.
3. Set the port priority of the
qos priority priority-value The default setting is 0.
interface.

Displaying and maintaining priority mapping

Execute display commands in any view.

Task Command
Display priority map display qos map-table { dot1p-dp | dot1p-lp | dscp-dot1p | dscp-dp |
configuration. dscp-dscp }

Display the trusted packet

display qos trust interface [ interface-type interface-number ]
priority type on a port.

Priority trust mode configuration example

Network requirements
As shown in Figure 5, the packets from Switch A and Switch B to Switch C are not VLAN tagged.
Configure Switch C to preferentially process packets from Switch A to Server when Ten-GigabitEthernet
1/0/3 of Switch C is congested.

31
Figure 5 Network diagram

Switch A
Internet

XG Server
E1
/0/
1
XGE1/0/3
2
/0/
G E1
X
Switch C

Switch B

Configuration procedure
# Assign port priority to Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2. Make sure the
following requirements are met:
• The port priority of Ten-GigabitEthernet 1/0/1 is higher than that of Ten-GigabitEthernet 1/0/2.
• No trusted packet priority type is configured on Ten-GigabitEthernet 1/0/1 and
Ten-GigabitEthernet 1/0/2.
<SwitchC> system-view
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] qos priority 3
[SwitchC-Ten-GigabitEthernet1/0/1] quit
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] qos priority 1
[SwitchC-Ten-GigabitEthernet1/0/2] quit

Priority mapping table and priority marking

configuration example
Network requirements
As shown in Figure 6:
• The Marketing department connects to Ten-GigabitEthernet 1/0/1 of the device, which sets the
802.1p priority of traffic from the Marketing department to 3.
• The R&D department connects to Ten-GigabitEthernet 1/0/2 of the switch, which sets the 802.1p
priority of traffic from the R&D department to 4.
• The Management department connects to Ten-GigabitEthernet 1/0/3 of the switch, which sets the
802.1p priority of traffic from the Management department to 5.
Configure port priority, 802.1p-to-local mapping table, and priority marking to implement the plan as
described in Table 6.

32
Table 6 Configuration plan

Traffic Queuing plan

Traffic priority order
destination Traffic source Output queue Queue priority
R&D department 6 High
R&D department >
Management Management
Public servers 4 Medium
department > Marketing department
department
Marketing department 2 Low

R&D department 2 Low

Management
department > Marketing Management
Internet 6 High
department > R&D department
department
Marketing department 4 Medium

Figure 6 Network diagram

Internet

Host Host

Server Server
/2
XG

/0
E1

E1
/0

Management department R&D department

/3
4

XG
/
/0

E1
E1

Data server Switch Host

/0
XG

Mail server Server

Public servers Marketing department

Configuration procedure
1. Enable trusting port priority:
# Set the port priority of Ten-GigabitEthernet 1/0/1 to 3.
<Switch> system-view
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] qos priority 3
[Switch-Ten-GigabitEthernet1/0/1] quit
# Set the port priority of Ten-GigabitEthernet 1/0/2 to 4.

33
[Switch] interface ten-gigabitethernet 1/0/2
[Switch-Ten-GigabitEthernet1/0/2] qos priority 4
[Switch-Ten-GigabitEthernet1/0/2] quit
# Set the port priority of Ten-GigabitEthernet 1/0/3 to 5.
[Switch] interface ten-gigabitethernet 1/0/3
[Switch-Ten-GigabitEthernet1/0/3] qos priority 5
[Switch-Ten-GigabitEthernet1/0/3] quit
2. Configure the 802.1p-to-local mapping table to map 802.1p priority values 3, 4, and 5 to local
precedence values 2, 6, and 4. This guarantees the R&D department, management department,
and marketing department decreased priorities to access the public server.
[Switch] qos map-table dot1p-lp
[Switch-maptbl-dot1p-lp] import 3 export 2
[Switch-maptbl-dot1p-lp] import 4 export 6
[Switch-maptbl-dot1p-lp] import 5 export 4
[Switch-maptbl-dot1p-lp] quit
3. Configure priority marking:
# Mark the HTTP traffic of the management department, marketing department, and R&D
department to the Internet with 802.1p priorities 4, 5, and 3, respectively. Use the priority
mapping table you have configured to map the 802.1p priorities to local precedence values 6, 4,
and 2, respectively, for differentiated traffic treatment.
# Create ACL 3000 to match HTTP traffic.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit tcp destination-port eq 80
[Switch-acl-adv-3000] quit
# Create class http and use ACL 3000 in the class.
[Switch] traffic classifier http
[Switch-classifier-http] if-match acl 3000
[Switch-classifier-http] quit
# Configure a priority marking policy for the management department, and apply the policy to the
incoming traffic of Ten-GigabitEthernet 1/0/3.
[Switch] traffic behavior admin
[Switch-behavior-admin] remark dot1p 4
[Switch-behavior-admin] quit
[Switch] qos policy admin
[Switch-qospolicy-admin] classifier http behavior admin
[Switch-qospolicy-admin] quit
[Switch] interface ten-gigabitethernet 1/0/3
[Switch-Ten-GigabitEthernet1/0/3] qos apply policy admin inbound
# Configure a priority marking policy for the marketing department, and apply the policy to the
incoming traffic of Ten-GigabitEthernet 1/0/1.
[Switch] traffic behavior market
[Switch-behavior-market] remark dot1p 5
[Switch-behavior-market] quit
[Switch] qos policy market
[Switch-qospolicy-market] classifier http behavior market
[Switch-qospolicy-market] quit
[Switch] interface ten-gigabitethernet 1/0/1

34
[Switch-Ten-GigabitEthernet1/0/1] qos apply policy market inbound
# Configure a priority marking policy for the R&D department, and apply the policy to the
incoming traffic of Ten-GigabitEthernet 1/0/2.
[Switch] traffic behavior rd
[Switch-behavior-rd] remark dot1p 3
[Switch-behavior-rd] quit
[Switch] qos policy rd
[Switch-qospolicy-rd] classifier http behavior rd
[Switch-qospolicy-rd] quit
[Switch] interface ten-gigabitethernet 1/0/2
[Switch-Ten-GigabitEthernet1/0/2] qos apply policy rd inbound

35
Configuring traffic policing, GTS, and rate limit

Overview
Traffic policing helps assign network resources (including bandwidth) and increase network performance.
For example, you can configure a flow to use only the resources committed to it in a certain time range.
This avoids network congestion caused by burst traffic.
Traffic policing, Generic Traffic Shaping (GTS), and rate limit control the traffic rate and resource usage
according to traffic specifications. You can use token buckets for evaluating traffic specifications.

Traffic evaluation and token buckets

Token bucket features
A token bucket is analogous to a container that holds a certain number of tokens. Each token represents
a certain forwarding capacity. The system puts tokens into the bucket at a constant rate. When the token
bucket is full, the extra tokens cause the token bucket to overflow.

Evaluating traffic with the token bucket

A token bucket mechanism evaluates traffic by looking at the number of tokens in the bucket. If the
number of tokens in the bucket is enough for forwarding the packets, the following events occur:
• The traffic conforms to the specification (called conforming traffic).
• The corresponding tokens are taken away from the bucket.
Otherwise, the traffic does not conform to the specification (called excess traffic).
A token bucket has the following configurable parameters:
• Mean rate at which tokens are put into the bucket, which is the permitted average rate of traffic. It
is usually set to the committed information rate (CIR).
• Burst size or the capacity of the token bucket. It is the maximum traffic size permitted in each burst.
It is usually set to the committed burst size (CBS). The set burst size must be greater than the
maximum packet size.
Each arriving packet is evaluated.

Complicated evaluation
You can set two token buckets, bucket C and bucket E, to evaluate traffic in a more complicated
environment and achieve more policing flexibility. For example, traffic policing can use the following
mechanisms:
• Single rate two color—Uses one token bucket and the following parameters:
{ CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or
forwarding rate allowed by bucket C.
{ CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward.
When a packet arrives, the following rules apply:
{ If bucket C has enough tokens to forward the packet, the packet is colored green.

36
{ Otherwise, the packet is colored red.
• Single rate three color—Uses two token buckets and the following parameters:
{ CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or
forwarding rate allowed by bucket C.
{ CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward.
{ EBS—Size of bucket E minus size of bucket C. The EBS specifies the transient burst of traffic that
bucket E can forward. The EBS cannot be 0. The size of E bucket is the sum of the CBS and EBS.
When a packet arrives, the following rules apply:
{ If bucket C has enough tokens, the packet is colored green.
{ If bucket C does not have enough tokens but bucket E has enough tokens, the packet is colored
yellow.
{ If neither bucket C nor bucket E has enough tokens, the packet is colored red.
• Two rate three color—Uses two token buckets and the following parameters:
{ CIR—Rate at which tokens are put into bucket C. It sets the average packet transmission or
forwarding rate allowed by bucket C.
{ CBS—Size of bucket C, which specifies the transient burst of traffic that bucket C can forward.
{ PIR—Rate at which tokens are put into bucket E, which specifies the average packet transmission
or forwarding rate allowed by bucket E.
{ EBS—Size of bucket E, which specifies the transient burst of traffic that bucket E can forward.
When a packet arrives, the following rules apply:
{ If bucket C has enough tokens, the packet is colored green.
{ If bucket C does not have enough tokens but bucket E has enough tokens, the packet is colored
yellow.
{ If neither bucket C nor bucket E has enough tokens, the packet is colored red.

Traffic policing
Traffic policing supports policing the inbound traffic and the outbound traffic.
A typical application of traffic policing is to supervise the specification of traffic entering a network and
limit it within a reasonable range. Another application is to "discipline" the extra traffic to prevent
aggressive use of network resources by an application. For example, you can limit bandwidth for HTTP
packets to less than 50% of the total. If the traffic of a session exceeds the limit, traffic policing can drop
the packets or reset the IP precedence of the packets. Figure 7 shows an example of policing outbound
traffic on an interface.

37
Figure 7 Traffic policing

Traffic policing is widely used in policing traffic entering the ISP networks. It can classify the policed traffic
and take predefined policing actions on each packet depending on the evaluation result as follows:
• Forwarding the packet if the evaluation result is "conforming."
• Dropping the packet if the evaluation result is "excess."
• Forwarding the packet with its precedence re-marked if the evaluation result is "conforming."
Priorities that can be re-marked include 802.1p priority, DSCP precedence, and local precedence.

GTS
GTS supports shaping the outbound traffic. GTS limits the outbound traffic rate by buffering exceeding
traffic. You can use GTS to adapt the traffic output rate on a device to the input traffic rate of its connected
device to avoid packet loss.
The differences between traffic policing and GTS are as follows:
• Packets to be dropped with traffic policing are retained in a buffer or queue with GTS, as shown
in Figure 8. When enough tokens are in the token bucket, the buffered packets are sent at an even
rate.
• GTS can result in additional delay and traffic policing does not.

38
Figure 8 GTS

For example, in Figure 9, Switch B performs traffic policing on packets from Switch A and drops packets
exceeding the limit. To avoid packet loss, you can perform GTS on the outgoing interface of Switch A so
that packets exceeding the limit are cached in Switch A. Once resources are released, GTS takes out the
cached packets and sends them out.
Figure 9 GTS application
Device A Device B

Physical link

Rate limit
Rate limit controls the rate of inbound and outbound traffic. The outbound traffic is taken for example.
The rate limit of a physical interface specifies the maximum rate for sending or receiving packets
(including critical packets).
Rate limit also uses token buckets for traffic control. When rate limit is configured on an interface, a token
bucket handles all packets to be sent through the interface for rate limiting. If enough tokens are in the
token bucket, packets can be forwarded. Otherwise, packets are put into QoS queues for congestion
management. In this way, the traffic passing the physical interface is controlled.

39
Figure 10 Rate limit implementation

The token bucket mechanism limits traffic rate when accommodating bursts. It allows bursty traffic to be
transmitted if enough tokens are available. If tokens are scarce, packets cannot be transmitted until
efficient tokens are generated in the token bucket. It restricts the traffic rate to the rate for generating
tokens.
Rate limit controls the total rate of all packets on a physical interface. It is easier to use than traffic policing
in controlling the total traffic rate on a physical interface.

Configuring traffic policing

Step Command Remarks
1. Enter system view. system-view N/A
2. Create a traffic class
traffic classifier classifier-name By default, no traffic class is
and enter traffic class
[ operator { and | or } ] configured.
view.

By default, no match criterion is

configured.
3. Configure match
if-match match-criteria For more information about the
criteria.
if-match command, see ACL and QoS
Command Reference.
4. Return to system view. quit N/A
5. Create a traffic
By default, no traffic behavior is
behavior and enter traffic behavior behavior-name
configured.
traffic behavior view.

40
Step Command Remarks
car cir committed-information-rate [ cbs
committed-burst-size [ ebs
excess-burst-size ] ] [ green action | red
action | yellow action ] * Use either of the commands.
6. Configure a traffic
policing action. car cir committed-information-rate [ cbs By default, no traffic policing action is
committed-burst-size ] pir configured.
peak-information-rate [ ebs
excess-burst-size ] [ green action | red
action | yellow action ] *
7. Return to system view. quit N/A
8. Create a QoS policy
By default, no QoS policy is
and enter QoS policy qos policy policy-name
configured.
view.
9. Associate the traffic
classifier classifier-name behavior
class with the traffic By default, a traffic class is not
behavior-name [ insert-before
behavior in the QoS associated with a traffic behavior.
before-classifier-name ]
policy.
10. Return to system view. quit N/A
• Applying the QoS policy to an
interface
• Applying the QoS policy to a VLAN
Choose one of the application
• Applying the QoS policy globally destinations as needed.
11. Apply the QoS policy.
• Applying the QoS policy to a
By default, no QoS policy is applied.
control plane
• Applying the QoS policy to a user
profile
12. (Optional.) Display
display traffic behavior user-defined
traffic policing Available in any view.
[ behavior-name ]
configuration.

Configuring GTS
The switch supports configuring queue-based GTS by using the non-MQC approach. In queue-based
GTS, you set GTS parameters for packets of a queue.
To configure GTS:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter Ethernet
interface interface-type interface-number N/A
interface view.

qos gts queue queue-id cir

3. Configure GTS for a By default, GTS is not configured
committed-information-rate [ cbs
queue. on an interface.
committed-burst-size ]

41
Configuring the rate limit
The rate limit of a physical interface specifies the maximum rate of incoming packets or outgoing packets.
To configure the rate limit:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter Ethernet interface
interface interface-type interface-number N/A
view.

qos lr { inbound | outbound } cir

3. Configure the rate limit By default, rate limit is not
committed-information-rate [ cbs
for the interface. configured on an interface.
committed-burst-size ]

Displaying and maintaining traffic policing, GTS,

and rate limit
Execute display commands in any view.

Task Command
Display QoS and ACL resource usage. display qos-acl resource [ slot slot-number ]

Display traffic behavior configuration. display traffic behavior user-defined [ behavior-name ]

Display GTS configuration on an interface. display qos gts interface [ interface-type interface-number ]

Display rate limit configuration on an

display qos lr interface [ interface-type interface-number ]
interface.

Traffic policing configuration example

Network requirements
As shown in Figure 11, configure traffic policing on Ten-GigabitEthernet 1/0/1 of Switch A to meet the
following requirements:
• Limit the rate of incoming traffic from the server to 102400 kbps: Transmit the conforming traffic
normally, mark the excess traffic with DSCP value 0, and then transmit the traffic.
• Limit the rate of incoming traffic from Host A to 25600 kbps: Transmit the conforming traffic
normally, and drop the excess traffic.
Configure traffic policing on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 of Switch B to
meet the following requirements:
• Limit the total incoming traffic rate of Ten-GigabitEthernet 1/0/1 to 204800 kbps and drop the
excess traffic.

42
• Limit the outgoing HTTP traffic (traffic accessing the Internet) rate of Ten-GigabitEthernet 1/0/2 to
102400 kbps and drop the excess traffic.
Figure 11 Network diagram

Server
Host A Internet

Switch B
XGE1/0/2
1.1.1.1/8 Ethernet 1.1.1.2/8 XGE1/0/1

XGE1/0/1 Host B
XGE1/0/3
Switch A
XGE1/0/2

Configuration procedures
1. Configure Switch A:
# Configure ACL 2001 and ACL 2002 to match traffic from the server and Host A, respectively.
<SwitchA> system-view
[SwitchA] acl number 2001
[SwitchA-acl-basic-2001] rule permit source 1.1.1.1 0
[SwitchA-acl-basic-2001] quit
[SwitchA] acl number 2002
[SwitchA-acl-basic-2002] rule permit source 1.1.1.2 0
[SwitchA-acl-basic-2002] quit
# Create a class named server and use ACL 2001 as the match criterion. Create a class named
host and use ACL 2002 as the match criterion.
[SwitchA] traffic classifier server
[SwitchA-classifier-server] if-match acl 2001
[SwitchA-classifier-server] quit
[SwitchA] traffic classifier host
[SwitchA-classifier-host] if-match acl 2002
[SwitchA-classifier-host] quit
# Create a behavior named server and configure the CAR action for the behavior as follows: Set
the CIR to 102400 kbps, and mark the excess packets (red packets) with DSCP value 0 and
transmit them.
[SwitchA] traffic behavior server
[SwitchA-behavior-server] car cir 102400 red remark-dscp-pass 0
[SwitchA-behavior-server] quit
# Create a behavior named host and configure the CAR action for the behavior as follows: Set the
CIR to 25600 kbps.
[SwitchA] traffic behavior host
[SwitchA-behavior-host] car cir 25600
[SwitchA-behavior-host] quit
# Create a QoS policy named car and associate class server with behavior server and class host
with behavior host.

43
[SwitchA] qos policy car
[SwitchA-qospolicy-car] classifier server behavior server
[SwitchA-qospolicy-car] classifier host behavior host
[SwitchA-qospolicy-car] quit
# Apply QoS policy car to the incoming traffic of port Ten-GigabitEthernet 1/0/1.
[SwitchA] interface Ten-GigabitEthernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound
2. Configure Switch B:
# Configure advanced ACL 3001 to match HTTP traffic.
<SwitchB> system-view
[SwitchB] acl number 3001
[SwitchB-acl-adv-3001] rule permit tcp destination-port eq 80
[SwitchB-acl-adv-3001] quit
# Create a class named http and use ACL 3001 as the match criterion.
[SwitchB] traffic classifier http
[SwitchB-classifier-http] if-match acl 3001
[SwitchB-classifier-http] quit
# Create a class named class and configure the class to match all packets.
[SwitchB] traffic classifier class
[SwitchB-classifier-class] if-match any
[SwitchB-classifier-class] quit
# Create a behavior named car_inbound and configure the CAR action for the behavior as follows:
Set the CIR to 204800 kbps.
[SwitchB] traffic behavior car_inbound
[SwitchB-behavior-car_inbound] car cir 204800
[SwitchB-behavior-car_inbound] quit
# Create a behavior named car_outbound and configure a CAR action for the behavior as follows:
Set the CIR to 102400 kbps.
[SwitchB] traffic behavior car_outbound
[SwitchB-behavior-car_outbound] car cir 102400
[SwitchB-behavior-car_outbound] quit
# Create a QoS policy named car_inbound and associate class class with traffic behavior
car_inbound in the QoS policy.
[SwitchB] qos policy car_inbound
[SwitchB-qospolicy-car_inbound] classifier class behavior car_inbound
[SwitchB-qospolicy-car_inbound] quit
# Create a QoS policy named car_outbound and associate class http with traffic behavior
car_outbound in the QoS policy.
[SwitchB] qos policy car_outbound
[SwitchB-qospolicy-car_outbound] classifier http behavior car_outbound
[SwitchB-qospolicy-car_outbound] quit
# Apply QoS policy car_inbound to the incoming traffic of port Ten-GigabitEthernet 1/0/1.
[SwitchB] interface Ten-GigabitEthernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] qos apply policy car_inbound inbound
# Apply QoS policy car_outbound to the outgoing traffic of port Ten-GigabitEthernet 1/0/2.
[SwitchB] interface Ten-GigabitEthernet 1/0/2

44
[SwitchB-Ten-GigabitEthernet1/0/2] qos apply policy car_outbound outbound

45
Configuring congestion management

Overview
Congestion occurs on a link or node when traffic size exceeds the processing capability of the link or
node. It is typical of a statistical multiplexing network and can be caused by link failures, insufficient
resources, and various other causes.
Figure 12 shows two typical congestion scenarios.
Figure 12 Traffic congestion scenarios

Congestion produces the following negative results:

• Increased delay and jitter during packet transmission.
• Decreased network throughput and resource use efficiency.
• Network resource (memory, in particular) exhaustion and even system breakdown.
Congestion is unavoidable in switched networks and multiuser application environments. To improve the
service performance of your network, take measures to manage and control it.
The key to congestion management is defining a resource dispatching policy to prioritize packets for
forwarding when congestion occurs.
Congestion management uses queuing and scheduling algorithms to classify and sort traffic leaving a
port.
The Switch Series supports the following queue-scheduling mechanisms.

SP queuing
SP queuing is designed for mission-critical applications that require preferential service to reduce the
response delay when congestion occurs.

46
Figure 13 SP queuing

In Figure 13, SP queuing classifies eight queues on a port into eight classes, numbered 7 to 0 in
descending priority order.
SP queuing schedules the eight queues in descending order of priority. SP queuing sends packets in the
queue with the highest priority first. When the queue with the highest priority is empty, it sends packets
in the queue with the second highest priority, and so on. You can assign mission-critical packets to a high
priority queue to make sure they are always served first. Common service packets can be assigned to low
priority queues to be transmitted when high priority queues are empty.
The disadvantage of SP queuing is that packets in the lower priority queues cannot be transmitted if
packets exist in the higher priority queues for a long time. In the worst case, lower priority traffic might
never get serviced.

WRR queuing
WRR queuing schedules all the queues in turn to ensure that every queue is served for a certain time, as
shown in Figure 14.

47
Figure 14 WRR queuing

Queue 0 Weight 1

Packets to be sent through

this port Queue 1 Weight 2 Sent packets

Interface

……
Queue N-2 Weight N-1

Queue Sending queue

Packet scheduling
classification
Queue N-1 Weight N

Assume a port provides eight output queues. WRR assigns each queue a weight value (represented by
w7, w6, w5, w4, w3, w2, w1, or w0) to decide the proportion of resources assigned to the queue.
The switch implements the weight of a queue by scheduling a certain number of bytes (byte-count WRR)
or packets (packet-based WRR) for that queue. Take byte-count WRR as an example: On a 10 Gbps port,
you can configure the weight values of WRR queuing to 5, 5, 3, 3, 1, 1, 1, and 1 (corresponding to w7,
w6, w5, w4, w3, w2, w1, and w0, respectively). In this way, the queue with the lowest priority can get
a minimum of 500 Mbps of bandwidth. WRR solves the problem that SP queuing might fail to serve
packets in low-priority queues for a long time.
The switch supports WRR priority queue groups. You can assign the output queues to WRR priority queue
group 1 and WRR priority queue group 2. You can set the weight for each queue and WRR schedules
queues in each group based on the weights in a round robin manner. WRR schedules the traffic of group
1 and the traffic of group 2 in the ratio of 1:1.

48
WFQ queuing
Figure 15 WFQ queuing

Queue 0 Weight 1

Packets to be sent through

this port Queue 1 Weight 2 Sent packets

Interface

……
Queue N-2 Weight N-1

Queue Sending queue

Packet scheduling
classification
Queue N-1 Weight N

WFQ is similar to WRR. The difference is that WFQ enables you to set guaranteed bandwidth that a
WFQ queue can get during congestion.
The switch supports WFQ priority queue groups. You can assign the output queues to WFQ priority
queue group 1 and WFQ priority queue group 2. You can configure the weight for each queue and
WFQ schedules queues in each group based on the weights in a round robin manner. WFQ schedules
the traffic of group 1 and the traffic of group 2 in the ratio of 1:1.

SP+WRR queuing
You can configure some queues on an interface to use SP queuing and others to use WRR queuing by
assigning the queues to the SP group and WRR groups (group 1 and group 2). With this SP+WRR
queuing method, the system first schedules the queues in the SP group and then schedules queues in the
WRR groups when all queues in the SP group are empty. The queues in the SP group are scheduled
based on their priorities. The queues in a WRR group are scheduled based on their weights, and the two
WRR groups are scheduled in the ratio of 1:1.

SP+WFQ queuing
You can configure some queues on an interface to use SP queuing and others to use WFQ queuing by
assigning the queues to the SP group and WFQ groups (group 1 and group 2). With this SP+WFQ
queuing method, the system schedules traffic as follows:
1. The system schedules the traffic conforming to the minimum guaranteed bandwidth in each WFQ
group and schedules the traffic of the two WFQ groups in the ratio of 1:1 in a round robin manner.
2. The system uses SP to schedule queues in the SP group.
3. If there is remaining bandwidth, the system schedules the traffic of queues in each WFQ group
based on their weights and schedules the traffic of the two WFQ groups in the ratio of 1:1 ratio in
a round robin manner.

49
Congestion management configuration task list
Tasks at a glance Remarks
(Required.) Configuring queuing
• Configuring SP queuing
• Configuring WRR queuing
Perform one of the tasks.
• Configuring WFQ queuing
• Configuring SP+WRR queuing
• Configuring SP+WFQ queuing

(Optional.) Configuring queue scheduling profiles N/A

(Optional.) Setting the queue aging time N/A

Configuring queuing
Configuring SP queuing
Configuration procedure
To configure SP queuing:

Step Command Remarks

1. Enter system view. system-view N/A

2. Enter Ethernet interface interface interface-type

N/A
view. interface-number

The default queuing algorithm on an

3. Configure SP queuing. qos sp
interface is WRR queuing.

Configuration example
Configure Ten-GigabitEthernet 1/0/1 to use SP queuing:
# Enter system view
<Sysname> system-view

# Configure Ten-GigabitEthernet1/0/1 to use SP queuing.

[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos sp

Configuring WRR queuing

Configuration procedure
To configure WRR queuing:

50
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Ethernet interface interface interface-type
N/A
view. interface-number
3. Enable byte-count or
packet-based WRR qos wrr { byte-count | weight } By default, byte-count WRR queuing is used.
queuing.

Select weight or byte-count according to the

4. Assign a queue to a
type (byte-count or packet-based) of WRR you
WRR group, and qos wrr queue-id group { 1 | have enabled.
configure scheduling 2 } { byte-count | weight }
parameters for the schedule-value By default, all queues are in group 1, and the
queue. weights of queues 0 through 7 are 1, 2, 3, 4,
5, 9, 13, and 15, respectively.

Configuration example
1. Network requirements
Enable packet-based WRR on port Ten-GigabitEthernet 1/0/1, assign queues 0 through 3 to WRR
group 1, with their weights being 1, 2, 4, 6, respectively, and assign queues 4 through 7 to WRR
group 2, with their weights being 1, 2, 4, 6, respectively.
2. Configuration procedure
# Enter system view.
<Sysname> system-view
# Configure WRR queuing on Ten-GigabitEthernet 1/0/1.
[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr weight
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 0 group 1 weight 1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 1 group 1 weight 2
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 2 group 1 weight 4
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 3 group 1 weight 6
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 4 group 2 weight 1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 5 group 2 weight 2
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 6 group 2 weight 4
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 7 group 2 weight 6

Configuring WFQ queuing

Configuration procedure
To configure WFQ queuing:

Step Command Remarks

1. Enter system view. system-view N/A

interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable byte-count or qos wfq { byte-count | The default queuing algorithm on an
packet-based WFQ queuing. weight } interface is WRR queuing.

51
Select weight or byte-count
according to the type (byte-count or
4. Assign a queue to a WFQ group, qos wfq queue-id group { 1 | packet-based) of WFQ you have
and configure scheduling 2 } { byte-count | weight } enabled.
parameters for the queue. schedule-value
By default, all queues are in WFQ
group 1 and have a weight of 1.
5. (Optional.) Set the minimum qos bandwidth queue
The default setting is 64 kbps for
guaranteed bandwidth for a queue-id min
each queue.
WFQ queue. bandwidth-value

Configuration example
1. Network requirements
{ Configure byte-count WFQ queuing on interface Ten-GigabitEthernet 1/0/1.
{ Assign queues 1, 3, 4, 5, and 6 to WFQ group 1, with their weights being 2, 5, 10, 10, and
10, respectively, and assign queues 0, 2, and 7 to WFQ group 2, with their weights being 1,
2, and 4, respectively.
{ Configure the minimum guaranteed bandwidth as 100 Mbps for each queue.
2. Configuration procedure
# Enter system view.
<Sysname> system-view
# Configure byte-count WFQ queuing on interface Ten-GigabitEthernet 1/0/1.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq byte-count
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 1 group 1 byte-count 2
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 3 group 1 byte-count 5
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 4 group 1 byte-count 10
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 5 group 1 byte-count 10
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 6 group 1 byte-count 10
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 0 group 2 byte-count 1
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 2 group 2 byte-count 2
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 7 group 2 byte-count 4
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 0 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 1 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 2 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 3 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 4 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 5 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 6 min 100000
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 7 min 100000

Configuring SP+WRR queuing

Configuration procedure
To configure SP+WRR queuing:

52
Step Command Remarks
1. Enter system view. system-view N/A

interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable byte-count or qos wrr { byte-count |
By default, all ports use WRR queuing.
packet-based WRR queuing. weight }
4. Assign a queue to the SP qos wrr queue-id group By default, all the queues of a WRR-enabled
group. sp port are in WRR group 1.

Select weight or byte-count according to the

5. Assign a queue to a WRR qos wrr queue-id group type (byte-count or packet-based) of WRR you
group, and configure the { 1 | 2 } { weight | have enabled.
scheduling weight for the byte-count } By default, all queues are in WRR group 1,
queue. schedule-value and the weights of queues 0 through 7 are 1,
2, 3, 4, 5, 9, 13, and 15, respectively.

Configuration example
1. Network requirements
{ Configure SP+WRR queuing on Ten-GigabitEthernet 1/0/1, and use byte-count WRR.
{ Assign queues 4 through 7 on Ten-GigabitEthernet 1/0/1 to the SP group.
{ Assign queues 0 and 1 on Ten-GigabitEthernet 1/0/1 to WRR group 1, with the weights being
1 and 2, respectively. Assign queues 2 and 3 to WRR group 2, with the weights being 1 and
3, respectively.
2. Configuration procedure
# Enter system view.
<Sysname> system-view
# Configure SP+WRR queuing on Ten-GigabitEthernet1/0/1.
[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr byte-count
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 4 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 5 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 6 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 7 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 0 group 1 byte-count 1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 1 group 1 byte-count 2
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 2 group 2 byte-count 1
[Sysname-Ten-GigabitEthernet1/0/1] qos wrr 3 group 2 byte-count 3

Configuring SP+WFQ queuing

Configuration procedure
To configure SP+WFQ queuing:

Step Command Remarks

1. Enter system view. system-view N/A

53
Step Command Remarks
interface interface-type
2. Enter Ethernet interface view. N/A
interface-number
3. Enable byte-count or
The default queuing algorithm on an
packet-based WFQ qos wfq [ byte-count | weight ]
interface is WRR.
queuing.

By default, all the queues of a

4. Assign a queue to the SP
qos wfq queue-id group sp WFQ-enabled port are in WFQ group
group.
1.

Select weight or byte-count according to

the type (byte-count or packet-based) of
5. Assign a queue to the WFQ
qos wfq queue-id group { 1 | WFQ you have enabled.
queue scheduling group,
2 } { weight | byte-count } If you have enabled WFQ on the port,
and configure a scheduling
schedule-value all the queues are in WFQ group 1 by
weight for the queue.
default and the default scheduling
weight is 1 for each queue.
6. (Optional.) Configure the
qos bandwidth queue queue-id The default setting is 64 kbps for each
minimum guaranteed
min bandwidth-value queue in a WFQ group.
bandwidth for a queue.

Configuration example
1. Network requirements
{ Configure SP+WFQ queuing on interface Ten-GigabitEthernet 1/0/1, and use packet-based
WFQ.
{ Assign queues 4 through 7 to the SP group.
{ Assign queues 0 and 1 to WFQ group 1, with the weights being 1 and 2, respectively. Assign
queues 2 and 3 to WFQ group 2, with the weights being 1 and 3, respectively.
{ Configure the minimum guaranteed bandwidth for each of the four queues as 128 Mbps.
2. Configuration procedure
# Enter system view.
<Sysname> system-view
# Configure SP+WFQ queuing on Ten-GigabitEthernet 1/0/1.
[Sysname] interface ten-gigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq weight
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 4 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 5 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 6 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 7 group sp
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 0 group 1 weight 1
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 4 min 128000
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 1 group 1 weight 2
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 5 min 128000
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 2 group 2 weight 1
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 6 min 128000
[Sysname-Ten-GigabitEthernet1/0/1] qos wfq 3 group 2 weight 3
[Sysname-Ten-GigabitEthernet1/0/1] qos bandwidth queue 7 min 128000

54
Displaying and maintaining queuing
Execute display commands in any view.

Task Command
display qos queue sp interface [ interface-type
Display SP queuing configuration.
interface-number ]

display qos queue wrr interface [ interface-type

Display WRR queuing configuration.
interface-number ]

display qos queue wfq interface [ interface-type

Display WFQ queuing configuration.
interface-number ]

Display queue-based outbound traffic display qos queue-statistics interface [ interface-type

statistics. interface-number ] outbound

Configuring queue scheduling profiles

In a queue scheduling profile, you can configure scheduling parameters for each queue. By applying the
queue scheduling profile to an interface, you can implement congestion management on the interface.
Queue scheduling profiles support three queue scheduling methods: SP, WRR, and WFQ. In a queue
scheduling profile, you can configure SP+WRR or SP+WFQ. When SP+WRR or SP+WFQ is configured,
the scheduling priority is as follows:
• The SP group has higher priority than WRR groups and WFQ groups.
• Queues in the SP group are scheduled in descending order of queue IDs.
• WRR or WFQ groups are scheduled in the 1:1 ratio.
• In a WRR or WFQ group, queues are scheduled based on their weights.
When SP and WRR groups are configured in a queue scheduling profile, Figure 16 shows the scheduling
order.
Figure 16 Queue scheduling profile configured with both SP and WRR

• Queue 7 has the highest priority. Its packets are sent preferentially.
• Queue 6 has the second highest priority. Packets in queue 6 are sent when queue 7 is empty.
• Queue 0 has the third highest priority, and it is scheduled when queue 7 and queue 6 are empty.
• Queues 3 through 5 in WRR group 1 are scheduled according to their weights when queue 7,
queue 6, and queue 0 are empty.

55
• Queues 1 and 2 in WRR group 2 are scheduled according to their weights when all other queues
are empty.

Configuring a queue scheduling profile

You can modify the scheduling parameters in a queue scheduling profile already applied to an interface.
The modification takes effect immediately.
To configure a queue scheduling profile:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a queue scheduling
By default, no queue
profile and enter queue qos qmprofile profile-name
scheduling profile exists.
scheduling profile view.
• Configure a queue to use SP:
queue queue-id sp
• Configure a queue to use WRR:
queue queue-id wrr group
By default, all queues use SP.
group-id { byte-count | weight }
3. Configure queue scheduling schedule-value You can configure all queues
parameters. to use one queuing method or
• Configure a queue to use WFQ:
different queuing methods
queue queue-id wfq group
(WRR+WFQ is not allowed).
group-id { byte-count | weight }
schedule-value
bandwidth queue queue-id min
bandwidth-value
4. Return to system view. quit N/A

interface interface-type
5. Enter Ethernet interface view. N/A
interface-number

Only one queue scheduling

6. Apply the queue scheduling
qos apply qmprofile profile-name profile can be applied an
profile to the interface.
interface.

Displaying and maintaining queue scheduling profiles

Execute display commands in any view.

Task Command
Display the configuration of queue scheduling display qos qmprofile configuration [ profile-name ] [ slot
profiles. slot-number ]

Display the queue scheduling profiles applied display qos qmprofile interface [ interface-type
to interfaces. interface-number ]

56
Queue scheduling profile configuration example
Network requirements
Configure a queue scheduling profile on interface Ten-GigabitEthernet 1/0/1 to meet the following
requirements:
• Queue 7 has the highest priority, and its packets are sent preferentially.
• Queue 4, queue 5, and queue 6 in WRR group 1 are scheduled according to their weights, which
are 1, 5, and 10, respectively. When queue 7 is empty, WRR group 1 is scheduled.
• Queues 0 through 3 in WRR group 2 are scheduled according to their weights, which are 1, 1, 10,
and 15, respectively. When queues 4 through 7 are all empty, WRR group 2 is scheduled.

Configuration procedure
# Enter system view.
<Sysname> system-view

# Create a queue scheduling profile named qm1.

[Sysname] qos qmprofile qm1
[Sysname-qmprofile-qm1]

# Configure queue 7 to use SP queuing.

[Sysname-qmprofile-qm1] queue 7 sp

# Assign queue 4, queue 5, and queue 6 to WRR group 1, with the weights of 1, 5, and 10, respectively.
[Sysname-qmprofile-qm1] queue 4 wrr group 1 weight 1
[Sysname-qmprofile-qm1] queue 5 wrr group 1 weight 5
[Sysname-qmprofile-qm1] queue 6 wrr group 1 weight 10

# Assign queues 0 through 3 to WRR group 2, with their weights as 1, 1, 10, and 15, respectively.
[Sysname-qmprofile-qm1] queue 0 wrr group 2 weight 1
[Sysname-qmprofile-qm1] queue 1 wrr group 2 weight 1
[Sysname-qmprofile-qm1] queue 2 wrr group 2 weight 10
[Sysname-qmprofile-qm1] queue 3 wrr group 2 weight 15
[Sysname-qmprofile-qm1] quit

# Apply the queue scheduling profile qm1 to interface Ten-GigabitEthernet 1/0/1.

[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qos apply qmprofile qm1

Setting the queue aging time

When the queue aging time expires, packets already in queues are dropped.
To set the queue aging time:

Step Command Remarks

1. Enter system view. system-view N/A

By default, the queue aging time is 0

2. Set the queue aging time. qos queue aging-time time-value milliseconds (the aging feature is
disabled).

57
Configuring congestion avoidance

Overview
Avoiding congestion before it occurs is a proactive approach to improving network performance. As a
flow control mechanism, congestion avoidance:
• Actively monitors network resources (such as queues and memory buffers).
• Drops packets when congestion is expected to occur or deteriorate.
When dropping packets from a source end, congestion avoidance cooperates with the flow control
mechanism at the source end to regulate the network traffic size. The combination of the local packet
drop policy and the source-end flow control mechanism helps maximize throughput and network use
efficiency and minimize packet loss and delay.

Tail drop
Congestion management techniques drop all packets that are arriving at a full queue. This tail drop
mechanism results in global TCP synchronization. If packets from multiple TCP connections are dropped,
these TCP connections go into the state of congestion avoidance and slow start to reduce traffic, but
traffic peak occurs later. Consequently, the network traffic jitters all the time.

RED and WRED

You can use Random Early Detection (RED) or Weighted Random Early Detection (WRED) to avoid
global TCP synchronization.
Both RED and WRED avoid global TCP synchronization by randomly dropping packets. When the
sending rates of some TCP sessions slow down after their packets are dropped, other TCP sessions
remain at high sending rates. Link bandwidth is efficiently used, because TCP sessions at high sending
rates always exist.
The RED or WRED algorithm sets an upper limit and lower limit for each queue, and processes the
packets in a queue as follows:
• When the queue size is shorter than the lower limit, no packet is dropped.
• When the queue size reaches the upper limit, all subsequent packets are dropped.
• When the queue size is between the lower limit and the upper limit, the received packets are
dropped based on the user-configured drop probability.
If the current queue size is compared with the upper limit and lower limit to determine the drop policy,
burst traffic is not fairly treated. To solve this problem, WRED compares the average queue size with the
upper limit and lower limit to determine the drop probability.
The average queue size reflects the queue size change trend but is not sensitive to burst queue size
changes, and burst traffic can be fairly treated.

58
ECN
By dropping packets, WRED alleviates the influence of congestion on the network. However, the network
resources for transmitting packets from the sender to the device which drops the packets are wasted.
When congestion occurs, it is a better idea to inform the sender of the congestion status and have the
sender proactively slow down the packet sending rate or decrease the window size of packets. This better
utilizes the network resources.
RFC 2482 defined an end-to-end congestion notification mechanism named Explicit Congestion
Notification (ECN). ECN uses the DS field in the IP header to mark the congestion status along the packet
transmission path. A ECN-capable terminal can determine whether congestion occurs on the
transmission path according to the packet contents, and then adjusts the packet sending speed to avoid
deteriorating congestion. ECN defines the last two bits (ECN field) in the DS field of the IP header as
follows:
• Bit 6 indicates whether the sending terminal device supports ECN, and is called the "ECN-Capable
Transport (ECT)" bit.
• Bit 7 indicates whether the packet has experienced congestion along the transmission path, and is
called the "Congestion Experienced (CE)" bit.
For more information about the DS field, see "Appendixes."
In actual applications, the packets with ECT set to 1 and CE set to 0 and the packets with ECT set to 0
and CE set to 1 are considered as packets that an ECN-capable endpoint transmits.
After you enable ECN on a device, congestion management processes packets as follows:
• When the average queue size is below the lower limit, no packet is dropped, and the ECN fields
of packets are not identified or marked.
• When the average queue size exceeds the lower limit and is below the upper limit, before the
device drops a packet which should be dropped according to the drop probability, the device
examines the ECN field of the packet.
{ If the ECN field shows that the packet is sent out of ECN-capable terminal, the device sets both
the ECT bit and the CE bit to 1 and forwards the packet.
{ If the ECN field shows that the packet has experienced congestion along the transmission path
(both the ECT bit and the CE bit are 1), the device forwards the packet without modifying the
ECN field.
{ If both the ECT bit and the CE bit are 0s, the device drops the packet.
• When the average queue size exceeds the upper limit, the device drops the packet, regardless of
whether the packet is sent out from an ECN-capable terminal.
ECN is enabled on a per-queue basis. You can configure the switch to identify and mark the ECN fields
of packets for a specific queue.

Configuring and applying a WRED table

The switch supports the queue-based WRED table. You can configure separate drop parameters for
different queues. When congestion occurs, packets of a queue are randomly dropped based on drop
parameters of the queue.
Determine the following parameters before configuring WRED:

59
• Upper limit and lower limit—When the average queue size is smaller than the lower limit, packets
are not dropped. When the average queue size is between the lower limit and the upper limit, the
packets are dropped based on the user-configured drop probability. When the average queue size
exceeds the upper limit, subsequent packets are dropped.
• Drop precedence—A parameter used for packet drop. The value 0 corresponds to green packets,
the value 1 corresponds to yellow packets, and the value 2 corresponds to red packets. Red packets
are dropped preferentially.
• Exponent for average queue size calculation—The greater the exponent, the less sensitive the
average queue size is to real-time queue size changes. The formula for calculating the average
queue size is average queue size = (previous average queue size x (1 – 2–n)) + (current queue size
x 2–n), where n is the exponent.
• Drop probability in percentage—The larger the value is, the greater the drop probability is.

Configuration procedure
A WRED table can be applied to multiple interfaces. For a WRED table already applied to an interface,
you can modify the values of the WRED table, but you cannot remove the WRED table.
To configure and apply a WRED table:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a WRED table and
qos wred queue table table-name N/A
enter its view.
3. (Optional.) Set the WRED
queue queue-id weighting-constant
exponent for average queue The default setting is 9.
exponent
size calculation.

queue queue-id [ drop-level drop-level ] By default, the low limit is 100,

4. (Optional.) Configure drop
low-limit low-limit high-limit high-limit the high limit is 1000, and the
parameters.
[ discard-probability discard-prob ] drop probability is 10%.
5. (Optional.) Enable ECN for By default, ECN is not enabled
queue queue-id ecn
a queue. on any queue.

interface interface-type
6. Enter Ethernet interface view. N/A
interface-number

By default, no WRED table is

7. Apply the WRED table to the
qos wred apply [ table-name ] applied to an interface, and tail
interface.
drop is used on an interface.

Configuration example
Network requirements
Apply a WRED table to interface Ten-GigabitEthernet 1/0/2, so that the packets are dropped as follows
when congestion occurs:
• For the interface to preferentially forward higher-priority traffic, set a lower drop probability for a
queue with a greater queue ID. Set different drop parameters for queue 0, queue 3, and queue 7.
• Drop packets according to their colors.

60
{ In queue 0, set the drop probability to 25%, 50%, and 75% for green, yellow, and red packets,
respectively.
{ In queue 3, set the drop probability to 5%, 10%, and 25% for green, yellow, and red packets,
respectively.
{ In queue 7, set the drop probability to 1%, 5%, and 10% for green, yellow, and red packets,
respectively.
• Enable ECN for queue 7.

Configuration procedure
# Configure a queue-based WRED table, and set different drop parameters for packets with different
drop levels in different queues.
<Sysname> system-view
[Sysname] qos wred queue table queue-table1
[Sysname-wred-table-queue-table1] queue 0 drop-level 0 low-limit 128 high-limit 512
discard-probability 25
[Sysname-wred-table-queue-table1] queue 0 drop-level 1 low-limit 128 high-limit 512
discard-probability 50
[Sysname-wred-table-queue-table1] queue 0 drop-level 2 low-limit 128 high-limit 512
discard-probability 75
[Sysname-wred-table-queue-table1] queue 3 drop-level 0 low-limit 256 high-limit 640
discard-probability 5
[Sysname-wred-table-queue-table1] queue 3 drop-level 1 low-limit 256 high-limit 640
discard-probability 10
[Sysname-wred-table-queue-table1] queue 3 drop-level 2 low-limit 256 high-limit 640
discard-probability 25
[Sysname-wred-table-queue-table1] queue 7 drop-level 0 low-limit 512 high-limit 1024
discard-probability 1
[Sysname-wred-table-queue-table1] queue 7 drop-level 1 low-limit 512 high-limit 1024
discard-probability 5
[Sysname-wred-table-queue-table1] queue 7 drop-level 2 low-limit 512 high-limit 1024
discard-probability 10
[Sysname-wred-table-queue-table1] queue 7 ecn
[Sysname-wred-table-queue-table1] quit

# Apply the queue-based WRED table to interface Ten-GigabitEthernet 1/0/2.

[Sysname] interface Ten-GigabitEthernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] qos wred apply queue-table1

Displaying and maintaining WRED

Execute display commands in any view.

Task Command
Display WRED configuration and statistics for display qos wred interface [ interface-type
interfaces. interface-number ]

display qos wred table [ name table-name ] [ slot

Display the configuration of WRED tables.
slot-number ]

61
Configuring traffic filtering

You can filter in or filter out traffic of a class by associating the class with a traffic filtering action. For
example, you can filter packets sourced from an IP address according to network status.

Configuration procedure
To configure traffic filtering:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic class is
enter traffic class view. { and | or } ] configured.

By default, no match criterion

3. Configure match criteria. if-match match-criteria
is configured.

4. Return to system view. quit N/A

5. Create a traffic behavior
By default, no traffic behavior
and enter traffic behavior traffic behavior behavior-name
is configured.
view.

By default, no traffic filtering

action is configured.

6. Configure the traffic If a traffic behavior has the

filter { deny | permit } filter deny action, all the other
filtering action.
actions except for class-based
accounting in the traffic
behavior do not take effect.
7. Return to system view. quit N/A
8. Create a QoS policy and By default, no QoS policy is
qos policy policy-name
enter QoS policy view. configured.
9. Associate the traffic class classifier classifier-name behavior By default, a traffic class is not
with the traffic behavior in behavior-name [ insert-before associated with a traffic
the QoS policy. before-classifier-name ] behavior.
10. Return to system view. quit N/A
• Applying the QoS policy to an
interface Choose one of the application
• Applying the QoS policy to a VLAN destinations as needed.
11. Apply the QoS policy.
• Applying the QoS policy globally By default, no QoS policy is
• Applying the QoS policy to a control applied.
plane

62
Step Command Remarks
12. (Optional.) Display the
display traffic behavior user-defined
traffic filtering Available in any view.
[ behavior-name ]
configuration.

Configuration example
Network requirements
As shown in Figure 17, configure traffic filtering on Ten-GigabitEthernet 1/0/1 to deny the incoming
packets with port 21 as the source port.
Figure 17 Network diagram

Configuration procedure
# Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21.
<Switch> system-view
[Switch] acl number 3000
[Switch-acl-adv-3000] rule 0 permit tcp source-port eq 21
[Switch-acl-adv-3000] quit

# Create a traffic class named classifier_1, and use ACL 3000 as the match criterion in the traffic class.
[Switch] traffic classifier classifier_1
[Switch-classifier-classifier_1] if-match acl 3000
[Switch-classifier-classifier_1] quit

# Create a traffic behavior named behavior_1, and configure the traffic filtering action to drop packets.
[Switch] traffic behavior behavior_1
[Switch-behavior-behavior_1] filter deny
[Switch-behavior-behavior_1] quit

# Create a QoS policy named policy, and associate traffic class classifier_1 with traffic behavior
behavior_1 in the QoS policy.
[Switch] qos policy policy
[Switch-qospolicy-policy] classifier classifier_1 behavior behavior_1
[Switch-qospolicy-policy] quit

# Apply the QoS policy named policy to the incoming traffic of Ten-GigabitEthernet 1/0/1.
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound

63
Configuring priority marking

Overview
Priority marking sets the priority fields or flag bits of packets to modify the priority of packets. For example,
you can use priority marking to set IP precedence or DSCP for a traffic class of IP packets to control the
forwarding of these packets.
To configure priority marking to set the priority fields or flag bits for a class of packets, perform the
following tasks:
1. Configure a traffic behavior with a priority marking action.
2. Associate the traffic class with the traffic behavior.
Priority marking can be used together with priority mapping. For more information, see "Configuring
priority mapping."

Color-based priority marking

Packet coloring methods
The color of a packet indicates the device's evaluation for the packet transmission priority. The device can
color a packet by using either of the following methods:
• Traffic policing
• Mapping drop precedence

Traffic policing
Traffic policing is a common traffic control technology. Traffic policing uses the token bucket mechanism
to evaluate the incoming or outgoing packets and colors the packets according to the evaluation result.
By configuring different traffic control polices for packets in different colors, you can provide
differentiated services for different traffic flows and ensure that the network resources are well utilized.
The device supports evaluating traffic by using two token buckets (bucket C and bucket E), and it colors
a packet according to the number of tokens in the token buckets.
The device supports coloring packets by using either of the following traffic policing functions: common
CAR and aggregate CAR. For more information about coloring packets by using token buckets and
about common CAR and aggregate CAR, see "Configuring traffic policing, GTS, and rate limit" and
"Configuring aggregate CAR."

Mapping drop precedence

Without traffic policing configured, a switch looks up the 802.1p priority of a packet in the
802.1p-to-drop priority mapping table, allocates the drop precedence value to the packet, and colors the
packet according to the drop precedence value. Drop precedence value 0 denotes green packets, 1
denotes yellow packets, and 2 denotes red packets. For more information about priority mapping tables,
see "Configuring priority mapping."

64
Configuring color-based priority marking
Configuring priority marking based on colors obtained through traffic policing
After traffic policing evaluates and colors packets, the switch can mark traffic with various priority values
(including DSCP values, 802.1p priority values, and local precedence values) by color. Configure
priority marking by using either of the following methods:
• Configuring the priority marking actions by color in the traffic policing action.
• Configuring the priority marking actions by color in the behavior where the traffic policing action is
configured.
You can use both methods to mark multiple priority values for packets in the same color. However, do not
use the two methods to mark different values of the same priority type for packets. Otherwise, the QoS
policy configured with the behavior cannot be applied normally.
In a traffic behavior, an aggregate CAR action cannot be configured together with a priority marking
action. Otherwise, the QoS policy configured with the behavior cannot be applied normally.
The switch implements both common CAR and aggregate CAR by using a QoS policy. For more
information about configuring classes and behaviors in a QoS policy, see "Configuring traffic policing,
GTS, and rate limit" and "Configuring aggregate CAR."

Configuring priority marking based on colors obtained through mapping drop precedence
When packets are colored based on drop precedence values, you can create priority marking actions
for packets in different colors in a traffic behavior and mark DSCP values, 802.1p priority values, and
local precedence values for packets.

Configuration procedure
To configure priority marking:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name [ operator { and By default, no traffic class
enter traffic class view. | or } ] is configured.

By default, no match
criterion is configured.
For more information
3. Configure match criteria. if-match match-criteria about the if-match
command, see ACL and
QoS Command
Reference.
4. Return to system view. quit N/A
5. Create a traffic behavior
By default, no traffic
and enter traffic behavior traffic behavior behavior-name
behavior is configured.
view.

65
Step Command Remarks
By default, no priority
• Set the DSCP value for packets: marking action is
remark [ green | red | yellow ] dscp configured.
dscp-value
The switch supports local
• Set the 802.1p priority for packets or
QoS IDs in the range of 1
configure the inner-to-outer tag priority
to 3999.
copying function:
remark [ green | red | yellow ] dot1p The remark
dot1p-value local-precedence, remark
remark dot1p customer-dot1p-trust qos-local-id, and remark
drop-precedence
• Set the drop priority for packets:
commands apply only to
remark drop-precedence
6. Configure a priority the incoming traffic.
drop-precedence-value
marking action. The customer VLAN
• Set the IP precedence for packets:
remark ip-precedence ip-precedence-value (CVLAN) is the private
network VLAN of the
• Set the local precedence for packets:
customer, and the service
remark[ green | red | yellow ]
provider VLAN (SVLAN)
local-precedence local-precedence-value
is the public network
• Set the local QoS ID for packets: VLAN assigned by the
remark qos-local-id local-id-value service provider to the
• Set the CVLAN for packets: customer. For more
remark customer-vlan-id vlan-id information about the
• Set the SVLAN for packets: CVLAN and SVLAN, see
remark service-vlan-id vlan-id Layer 2—LAN Switching
Configuration Guide.
7. Return to system view. quit N/A
8. Create a QoS policy and By default, no QoS policy
qos policy policy-name
enter QoS policy view. is configured.
9. Associate the traffic class classifier classifier-name behavior By default, a traffic class
with the traffic behavior in behavior-name [ insert-before is not associated with a
the QoS policy. before-classifier-name ] traffic behavior.
10. Return to system view. quit N/A

• Applying the QoS policy to an interface Choose one of the

application destinations
• Applying the QoS policy to a VLAN
11. Apply the QoS policy. as needed.
• Applying the QoS policy globally
By default, no QoS policy
• Applying the QoS policy to a control plane
is applied.
12. (Optional.) Display the
display traffic behavior user-defined
priority marking Available in any view.
[ behavior-name ]
configuration.

Priority marking configuration examples

Local precedence marking configuration example
Network requirements
As shown in Figure 18, configure priority marking on the switch to meet the following requirements:

66
Traffic source Destination Processing priority
Host A, B Data server High

Host A, B Mail server Medium

Host A, B File server Low

Figure 18 Network diagram

Configuration procedure
# Create advanced ACL 3000, and configure a rule to match packets with destination IP address
192.168.0.1.
<Switch> system-view
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit ip destination 192.168.0.1 0
[Switch-acl-adv-3000] quit

# Create advanced ACL 3001, and configure a rule to match packets with destination IP address
192.168.0.2.
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip destination 192.168.0.2 0
[Switch-acl-adv-3001] quit

# Create advanced ACL 3002, and configure a rule to match packets with destination IP address
192.168.0.3.
[Switch] acl number 3002
[Switch-acl-adv-3002] rule permit ip destination 192.168.0.3 0
[Switch-acl-adv-3002] quit

# Create a traffic class named classifier_dbserver, and use ACL 3000 as the match criterion in the traffic
class.
[Switch] traffic classifier classifier_dbserver
[Switch-classifier-classifier_dbserver] if-match acl 3000
[Switch-classifier-classifier_dbserver] quit

# Create a traffic class named classifier_mserver, and use ACL 3001 as the match criterion in the traffic
class.
[Switch] traffic classifier classifier_mserver
[Switch-classifier-classifier_mserver] if-match acl 3001

67
[Switch-classifier-classifier_mserver] quit

# Create a traffic class named classifier_fserver, and use ACL 3002 as the match criterion in the traffic
class.
[Switch] traffic classifier classifier_fserver
[Switch-classifier-classifier_fserver] if-match acl 3002
[Switch-classifier-classifier_fserver] quit

# Create a traffic behavior named behavior_dbserver, and configure the action of setting the local
precedence value to 4.
[Switch] traffic behavior behavior_dbserver
[Switch-behavior-behavior_dbserver] remark local-precedence 4
[Switch-behavior-behavior_dbserver] quit

# Create a traffic behavior named behavior_mserver, and configure the action of setting the local
precedence value to 3.
[Switch] traffic behavior behavior_mserver
[Switch-behavior-behavior_mserver] remark local-precedence 3
[Switch-behavior-behavior_mserver] quit

# Create a traffic behavior named behavior_fserver, and configure the action of setting the local
precedence value to 2.
[Switch] traffic behavior behavior_fserver
[Switch-behavior-behavior_fserver] remark local-precedence 2
[Switch-behavior-behavior_fserver] quit

# Create a QoS policy named policy_server, and associate traffic classes with traffic behaviors in the
QoS policy.
[Switch] qos policy policy_server
[Switch-qospolicy-policy_server] classifier classifier_dbserver behavior
behavior_dbserver
[Switch-qospolicy-policy_server] classifier classifier_mserver behavior
behavior_mserver
[Switch-qospolicy-policy_server] classifier classifier_fserver behavior
behavior_fserver
[Switch-qospolicy-policy_server] quit

# Apply the QoS policy named policy_server to the incoming traffic of Ten-GigabitEthernet 1/0/1.
[Switch] interface Ten-GigabitEthernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] qos apply policy policy_server inbound
[Switch-Ten-GigabitEthernet1/0/1] quit

Local QoS ID marking configuration example

Local QoS ID marking allows you to mark the same local QoS ID for packets of multiple classes and
configure a new class to match the local QoS ID to group these packets into the new class. With this
feature, you can perform QoS actions for the old classes respectively and perform other QoS actions for
the new class. In this way, you can perform layers of QoS actions for the specific packets.

Network requirements
As shown in Figure 19, configure local QoS ID marking and traffic policing to limit the outgoing traffic of
the Management department and the R&D department to 102400 kbps, respectively, and limit the
outgoing traffic of the Marketing department (containing two sub-departments) to 204800 kbps.

68
Figure 19 Network diagram

IP network

Switch A
XGE1/0/1

Management Marketing Marketing

R&D department
department department 1 department 2
192.168.2.0/24
192.168.1.0/24 192.168.3.0/24 192.168.4.0/24

Configuration considerations
• Configure two classes to match the traffic from the Management department and the R&D
department, respectively, and then configure traffic policing behaviors for the two classes.
• Mark the same local QoS ID for the traffic from the two sub-departments of the Marketing
department, configure a class to match packets with the local QoS ID, and then configure a traffic
policing behavior for the class to limit the outgoing traffic of the two sub-departments.

Configuration procedure
1. Limit the upstream traffic of the Management department and R&D department:
# Configure IPv4 basic ACL 2001 to match the outgoing traffic of the Management department.
<SwitchA> system-view
[SwitchA] acl number 2001
[SwitchA-acl-basic-2001] rule permit source 192.168.1.0 0.0.0.255
[SwitchA-acl-basic-2001] quit
# Configure IPv4 basic ACL 2002 to match the outgoing traffic of the R&D department.
[SwitchA] acl number 2002
[SwitchA-acl-basic-2002] rule permit source 192.168.2.0 0.0.0.255
[SwitchA-acl-basic-2002] quit
# Create class admin, and use ACL 2001 as the match criterion.
[SwitchA] traffic classifier admin
[SwitchA-classifier-admin] if-match acl 2001
[SwitchA-classifier-admin] quit
# Create class rd, and use ACL 2002 as the match criterion.
[SwitchA] traffic classifier rd

69
[SwitchA-classifier-rd] if-match acl 2002
[SwitchA-classifier-rd] quit
# Create traffic behavior car_admin_rd, and configure traffic policing to limit the traffic rate to
102400 kbps.
[SwitchA] traffic behavior car_admin_rd
[SwitchA-behavior-car_admin_rd] car cir 102400
[SwitchA-behavior-car_admin_rd] quit
# Create QoS policy car, and associate classes admin and rd with behavior car_admin_rd.
[SwitchA] qos policy car
[SwitchA-qospolicy-car] classifier admin behavior car_admin_rd
[SwitchA-qospolicy-car] classifier rd behavior car_admin_rd
[SwitchA-qospolicy-car] quit
2. Limit the upstream traffic of the marketing department:
# Configure IPv4 basic ACL 2003 to match the outgoing traffic of the sub-department 1 of the
marketing department.
[SwitchA] acl number 2003
[SwitchA-acl-basic-2003] rule permit source 192.168.3.0 0.0.0.255
[SwitchA-acl-basic-2003] quit
# Configure IPv4 basic ACL 2004 to match the outgoing traffic of the sub-department 2 of the
Marketing department.
[SwitchA] acl number 2004
[SwitchA-acl-basic-2004] rule permit source 192.168.4.0 0.0.0.255
[SwitchA-acl-basic-2004] quit
# Configure class marketing to match the outgoing traffic of the two sub-departments of the
marketing department.
[SwitchA] traffic classifier marketing operator or
[SwitchA-classifier-marketing] if-match acl 2003
[SwitchA-classifier-marketing] if-match acl 2004
[SwitchA-classifier-marketing] quit
# Configure behavior remark_local_id to mark traffic with local QoS ID 100.
[SwitchA] traffic behavior remark_local_id
[SwitchA-behavior-remark_local_id] remark qos-local-id 100
[SwitchA-behavior-remark_local_id] quit
# Configure class marketing_car to match the outgoing traffic of the two sub-departments of the
Marketing department.
[SwitchA] traffic classifier marketing_car
[SwitchA-classifier-marketing_car] if-match qos-local-id 100
[SwitchA-classifier-marketing_car] quit
# Create behavior marketing_car, and configure traffic policing to limit the traffic rate to 204800
kbps.
[SwitchA] traffic behavior marketing_car
[SwitchA-behavior-marketing_car] car cir 204800
[SwitchA-behavior-marketing_car] quit
# In QoS policy car, associate class marketing with behavior remark_local_id to mark the
outgoing traffic of the Marketing department with local QoS ID 100.
[SwitchA] qos policy car
[SwitchA-qospolicy-car] classifier marketing behavior remark_local_id

70
# In QoS policy car, associate class marketing_car with behavior marketing_car to limit the traffic
rate of traffic with local QoS ID 100.
[SwitchA-qospolicy-car] classifier marketing_car behavior marketing_car
[SwitchA-qospolicy-car] quit
# Apply QoS policy car to the incoming traffic of Ten-GigabitEthernet1/0/1.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy car inbound

71
Configuring nesting

Nesting adds a VLAN tag to the matching packets to allow the VLAN-tagged packets to pass through the
corresponding VLAN. For example, you can add an outer VLAN tag to packets from a customer network
to a service provider network. This allows the packets to pass through the service provider network by
carrying a VLAN tag assigned by the service provider.

Configuration procedure
To configure nesting:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name [ operator { and By default, no traffic class
enter traffic class view. | or } ] exists.

By default, no match
criterion is configured for
a traffic class.
For more information
3. Configure match criteria. if-match match-criteria about the match criteria,
see the if-match
command in ACL and
QoS Command
Reference.
4. Return to system view. quit N/A
5. Create a traffic behavior
By default, no traffic
and enter traffic behavior traffic behavior behavior-name
behavior exists.
view.

By default, no
9. Associate the traffic class classifier classifier-name behavior
class-behavior
with the traffic behavior in behavior-name [ insert-before
association is configured
the QoS policy. before-classifier-name ]
for a QoS policy.
10. Return to system view. quit N/A

72
Step Command Remarks
Choose one of the
• Applying the QoS policy to an interface application destinations
11. Apply the QoS policy. • Applying the QoS policy to a VLAN as needed.
• Applying the QoS policy globally By default, a QoS policy
is not applied.

Configuration example
Network requirements
As shown in Figure 20, Site 1 and Site 2 in VPN A are two branches of a company, and they use VLAN
5 to transmit traffic. Because Site 1 and Site 2 are located in different areas, the two sites use the VPN
access service of a service provider. The service provider assigns VLAN 100 to the two sites.
Configure nesting, so that the two branches can communicate through the service provider network.
Figure 20 Network diagram

Public network

XGE1/0/2 XGE1/0/2
PE 1 IP network PE 2

XGE1/0/1 VLAN 100 VLAN 5 Data VLAN 100 VLAN 5 Data XGE1/0/1

VLAN 5 Data VLAN 5 Data

VPN A VPN A
CE 1 CE 2
VLAN 5 Site 1 Site 2

Configuration procedure
Configuring PE 1
# Create a class named test to match packets with VLAN ID 5.
<PE1> system-view
[PE1] traffic classifier test
[PE1-classifier-test] if-match service-vlan-id 5
[PE1-classifier-test] quit

# Configure an action to add outer VLAN tag 100 in the traffic behavior named test.
[PE1] traffic behavior test
[PE1-behavior-test] nest top-most vlan 100
[PE1-behavior-test] quit

73
# Create a QoS policy named test, and associate class test with behavior test in the QoS policy.
[PE1] qos policy test
[PE1-qospolicy-test] classifier test behavior test
[PE1-qospolicy-test] quit

# Configure the downlink port Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign the port to VLAN
100 as an untagged member.
[PE1] interface Ten-GigabitEthernet 1/0/1
[PE1-Ten-GigabitEthernet1/0/1] port link-type hybrid
[PE1-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged

# Apply QoS policy test to the incoming traffic of the downlink port Ten-GigabitEthernet 1/0/1.
[PE1-Ten-GigabitEthernet1/0/1] qos apply policy test inbound
[PE1-Ten-GigabitEthernet1/0/1] quit

# Configure the uplink port Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100.
[PE1] interface Ten-GigabitEthernet 1/0/2
[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk
[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[PE1-Ten-GigabitEthernet1/0/2] quit

Configuring PE 2
Configure PE 2 in the same way PE 1 is configured.

74
Configuring traffic redirecting

Traffic redirecting redirects packets matching the specified match criteria to a location for processing.
The following redirect actions are supported:
• Redirecting traffic to the CPU—Redirects packets that require processing by the CPU to the CPU.
• Redirecting traffic to an interface—Redirects packets that require processing by an interface to the
interface. This action applies only to Layer 2 packets, and the target interface must be a Layer 2
interface.

Configuration procedure
To configure traffic redirecting:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name [ operator { and By default, no traffic class
enter traffic class view. | or } ] exists.

By default, no traffic
redirecting action is
configured for a traffic
behavior.
The actions of redirecting
6. Configure a traffic redirect { cpu | interface interface-type traffic to the CPU and
redirecting action. interface-number } redirecting traffic to an
interface are mutually
exclusive with each other
in the same traffic
behavior. The last
redirecting action
configured takes effect.
7. Return to system view. quit N/A

75
Step Command Remarks
8. Create a QoS policy and By default, no QoS policy
qos policy policy-name
enter QoS policy view. exists.

• Applying the QoS policy to an interface Choose one of the

application destinations
• Applying the QoS policy to a VLAN
11. Apply the QoS policy. as needed.
• Applying the QoS policy globally
By default, a QoS policy
• Applying the QoS policy to a control plane
is not applied.
12. (Optional.) Display traffic display traffic behavior user-defined
Available in any view.
redirecting configuration. [ behavior-name ]

Configuration example
Network requirements
As shown in Figure 21:
• Switch A is connected to Switch B through two links. Switch A and Switch B are each connected to
other devices.
• Ten-GigabitEthernet 1/0/2 of Switch A and Ten-GigabitEthernet 1/0/2 of Switch B belong to
VLAN 200.
• Ten-GigabitEthernet 1/0/3 of Switch A and Ten-GigabitEthernet 1/0/3 of Switch B belong to
VLAN 201.
• On Switch A, the IP address of VLAN-interface 200 is 200.1.1.1/24, and that of VLAN-interface
201 is 201.1.1.1/24.
• On Switch B, the IP address of VLAN-interface 200 is 200.1.1.2/24, and that of VLAN-interface
201 is 201.1.1.2/24.
Configure the actions of redirecting traffic to an interface to meet the following requirements:
• Packets with source IP address 2.1.1.1 received on Ten-GigabitEthernet 1/0/1 of Switch A are
forwarded to Ten-GigabitEthernet 1/0/2.
• Packets with source IP address 2.1.1.2 received on Ten-GigabitEthernet 1/0/1 of Switch A are
forwarded to Ten-GigabitEthernet 1/0/3.
• Other packets received on Ten-GigabitEthernet 1/0/1 of Switch A are forwarded according to the
routing table.

76
Figure 21 Network diagram
XGE1/0/2 XGE1/0/2
VLAN 200 VLAN 200
Vlan-int200 Vlan-int200
200.1.1.1/24 200.1.1.2/24
XGE1/0/1 XGE1/0/1

Switch A XGE1/0/3 XGE1/0/3

Switch B
VLAN 201 VLAN 201
Vlan-int201 Vlan-int201
201.1.1.1/24 201.1.1.2/24

Configuration procedure
# Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1.
<SwitchA> system-view
[SwitchA] acl number 2000
[SwitchA-acl-basic-2000] rule permit source 2.1.1.1 0
[SwitchA-acl-basic-2000] quit

# Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2.
[SwitchA] acl number 2001
[SwitchA-acl-basic-2001] rule permit source 2.1.1.2 0
[SwitchA-acl-basic-2001] quit

# Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class.
[SwitchA] traffic classifier classifier_1
[SwitchA-classifier-classifier_1] if-match acl 2000
[SwitchA-classifier-classifier_1] quit

# Create a traffic class named classifier_2, and use ACL 2001 as the match criterion in the traffic class.
[SwitchA] traffic classifier classifier_2
[SwitchA-classifier-classifier_2] if-match acl 2001
[SwitchA-classifier-classifier_2] quit

# Create a traffic behavior named behavior_1, and configure the action of redirecting traffic to
Ten-GigabitEthernet 1/0/2.
[SwitchA] traffic behavior behavior_1
[SwitchA-behavior-behavior_1] redirect interface ten-gigabitethernet 1/0/2
[SwitchA-behavior-behavior_1] quit

# Create a traffic behavior named behavior_2, and configure the action of redirecting traffic to
Ten-GigabitEthernet 1/0/3.
[SwitchA] traffic behavior behavior_2
[SwitchA-behavior-behavior_2] redirect interface ten-gigabitethernet 1/0/3
[SwitchA-behavior-behavior_2] quit

# Create a QoS policy named policy, associate traffic class classifier_1 with traffic behavior behavior_1,
and associate traffic class classifier_2 with traffic behavior behavior_2 in the QoS policy.
[SwitchA] qos policy policy
[SwitchA-qospolicy-policy] classifier classifier_1 behavior behavior_1
[SwitchA-qospolicy-policy] classifier classifier_2 behavior behavior_2
[SwitchA-qospolicy-policy] quit

# Apply the QoS policy named policy to the incoming traffic of Ten-GigabitEthernet 1/0/1.

77
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound

78
Configuring aggregate CAR

An aggregate CAR action is created globally and can be directly applied to interfaces or used in the
traffic behaviors associated with different traffic classes to police multiple traffic flows as a whole. The
total rate of the traffic flows must conform to the traffic policing specifications set in the aggregate CAR
action.

Configuration procedure
Step Command Remarks
1. Enter system view. system-view N/A

qos car car-name aggregative cir

committed-information-rate [ cbs
committed-burst-size [ ebs excess-burst-size ] ]
[ green action | red action | yellow action ] * Use either of the commands.
2. Configure an aggregate
CAR action. qos car car-name aggregative cir By default, no aggregate
committed-information-rate [ cbs CAR action is configured.
committed-burst-size ] pir
peak-information-rate [ ebs excess-burst-size ]
[ green action | red action | yellow action ] *
3. Enter traffic behavior
traffic behavior behavior-name N/A
view.
4. Use the aggregate CAR in
car name agg-car-name N/A
the traffic behavior.

Displaying and maintaining aggregate CAR

Execute display commands in any view and reset commands in user view.

Task Command
Display statistics for aggregate CAR actions. display qos car name [ car-name ]

Clear statistics for aggregate CAR actions. reset qos car name [ car-name ]

Aggregate CAR configuration example

Network requirements
As shown in Figure 22, configure an aggregate CAR to rate-limit the traffic of VLAN 10 and VLAN 100
received on Ten-GigabitEthernet 1/0/1 by using these parameters: CIR is 2560 kbps, CBS is 20480
bytes, and the action for red packets is discard.

79
Figure 22 Network diagram

Internet

Switch
XGE1/0/1

VLAN 10 VLAN 100

Configuration procedure
# Configure an aggregate CAR according to the rate limit requirements.
<Switch> system-view
[Switch] qos car aggcar-1 aggregative cir 2560 cbs 20480 red discard

# Create class 1 to match traffic of VLAN 10. Create behavior 1 and use the aggregate CAR in the
behavior.
[Switch] traffic classifier 1
[Switch-classifier-1] if-match customer-vlan-id 10
[Switch-classifier-1] quit
[Switch] traffic behavior 1
[Switch-behavior-1] car name aggcar-1
[Switch-behavior-1] quit

# Create class 2 to match traffic of VLAN 100. Create behavior 2 and use the aggregate CAR in the
behavior.
[Switch] traffic classifier 2
[Switch-classifier-2] if-match customer-vlan-id 100
[Switch-classifier-2] quit
[Switch] traffic behavior 2
[Switch-behavior-2] car name aggcar-1
[Switch-behavior-2] quit

# Create QoS policy car, associate class 1 with behavior 1, and associate class 2 with behavior 2.
[Switch] qos policy car
[Switch-qospolicy-car] classifier 1 behavior 1
[Switch-qospolicy-car] classifier 2 behavior 2
[Switch-qospolicy-car] quit

80
# Apply the QoS policy to the incoming traffic of Ten-GigabitEthernet 1/0/1.
[Switch] interface ten-gigabitethernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1]qos apply policy car inbound

81
Configuring class-based accounting

Class-based accounting collects statistics (in packets or bytes) on a per-traffic class basis. For example,
you can define the action to collect statistics for traffic sourced from a certain IP address. By analyzing
the statistics, you can determine whether anomalies have occurred and what action to take.

Configuration procedure
To configure class-based accounting:

Step Command Remarks

1. Enter system view. system-view N/A
2. Create a traffic class and traffic classifier classifier-name [ operator By default, no traffic class is
enter traffic class view. { and | or } ] configured.

By default, no match criterion is

configured.
3. Configure match criteria. if-match match-criteria For more information about the
if-match command, see ACL
and QoS Command Reference.
4. Return to system view. quit N/A
5. Create a traffic behavior
By default, no traffic behavior
and enter traffic behavior traffic behavior behavior-name
is configured.
view.

By default, no traffic
6. Configure the accounting
accounting { byte | packet } * accounting action is
action.
configured.
7. Return to system view. quit N/A
8. Create a QoS policy and By default, no QoS policy is
qos policy policy-name
enter QoS policy view. configured.
9. Associate the traffic class classifier classifier-name behavior By default, a traffic class is not
with the traffic behavior in behavior-name [ insert-before associated with a traffic
the QoS policy. before-classifier-name ] behavior.
10. Return to system view. quit N/A
• Applying the QoS policy to an
interface
• Applying the QoS policy to a VLAN Choose one of the application
• Applying the QoS policy globally destinations as needed.
11. Apply the QoS policy.
• Applying the QoS policy to a control By default, no QoS policy is
plane applied.
• Applying the QoS policy to a user
profile

82
Step Command Remarks
• display qos policy control-plane slot
slot-number
• display qos policy global [ slot
slot-number ] [ inbound | outbound ]
12. Display traffic accounting • display qos policy interface
Available in any view.
configuration. [ interface-type interface-number ]
[ inbound | outbound ]
• display qos vlan-policy { name
policy-name | vlan [ vlan-id ] } [ slot
slot-number ] [ inbound | outbound ]

Configuration example
Network requirements
As shown in Figure 23, configure class-based accounting on Ten-GigabitEthernet 1/0/1 to collect
statistics for the incoming packets with 1.1.1.1/24 as the source IP address.
Figure 23 Network diagram

Configuration procedure
# Create basic ACL 2000, and configure a rule to match packets with source IP address 1.1.1.1.
<Switch> system-view
[Switch] acl number 2000
[Switch-acl-basic-2000] rule permit source 1.1.1.1 0
[Switch-acl-basic-2000] quit

# Create a traffic class named classifier_1, and use ACL 2000 as the match criterion in the traffic class.
[Switch] traffic classifier classifier_1
[Switch-classifier-classifier_1] if-match acl 2000
[Switch-classifier-classifier_1] quit

# Create a traffic behavior named behavior_1, and configure the class-based accounting action.
[Switch] traffic behavior behavior_1
[Switch-behavior-behavior_1] accounting packet
[Switch-behavior-behavior_1] quit

# Apply the QoS policy named policy to the incoming traffic of Ten-GigabitEthernet 1/0/1.

83
[Switch] interface Ten-GigabitEthernet 1/0/1
[Switch-Ten-GigabitEthernet1/0/1] qos apply policy policy inbound
[Switch-Ten-GigabitEthernet1/0/1] quit

# Display traffic statistics to verify the configuration.

[Switch] display qos policy interface Ten-GigabitEthernet 1/0/1

Interface: Ten-GigabitEthernet1/0/1

Direction: Inbound

Policy: policy
Classifier: classifier_1
Operator: AND
Rule(s) :
If-match acl 2000
Behavior: behavior_1
Accounting enable:
28529 (Packets)

84
Appendixes

Appendix A Default priority maps

For the default dscp-dscp priority maps, an input value yields a target value equal to it.
Table 7 Default dot1p-lp and dot1p-dp priority maps

Input priority value dot1p-lp map dot1p-dp map

dot1p lp dp
0 2 0

1 0 0

2 1 0

3 3 0

4 4 0

5 5 0

6 6 0

7 7 0

Table 8 Default dscp-dp and dscp-dot1p priority maps

Input priority value dscp-dp map dscp-dot1p map

dscp dp dot1p
0 to 7 0 0

8 to 15 0 1

16 to 23 0 2

24 to 31 0 3

32 to 39 0 4

40 to 47 0 5

48 to 55 0 6

56 to 63 0 7

85
Appendix B Introduction to packet precedences
IP precedence and DSCP values
Figure 24 ToS and DS fields
Bits: 0 1 2 3 4 5 6 7 Bits: 0 1 2 3 4 5 6 7
M
Preced Type of
IPv4 ToS B DS-Field DSCP CU
ence Service Z (for IPv4,ToS
byte
octet,and for
IPv6,Traffic
Must Class octet ) Class Selector Currently
RFC 1349 Be codepoints Unused
RFC 1122
Zero

IP Type of Service (ToS) Differentiated Services

RFC 791 Codepoint (DSCP)
RFC 2474

As shown in Figure 24, the ToS field in the IP header contains eight bits. The first three bits (0 to 2)
represent IP precedence from 0 to 7. According to RFC 2474, the ToS field is redefined as the
differentiated services (DS) field, where a DSCP value is represented by the first six bits (0 to 5) and is in
the range 0 to 63. The remaining two bits (6 and 7) are reserved.
Table 9 IP precedence

IP precedence (decimal) IP precedence (binary) Description

0 000 Routine

1 001 priority

2 010 immediate

3 011 flash

4 100 flash-override

5 101 critical

6 110 internet

7 111 network

Table 10 DSCP values

DSCP value (decimal) DSCP value (binary) Description

46 101110 ef

10 001010 af11

12 001100 af12

14 001110 af13

18 010010 af21

20 010100 af22

22 010110 af23

26 011010 af31

86
DSCP value (decimal) DSCP value (binary) Description
28 011100 af32

30 011110 af33

34 100010 af41

36 100100 af42

38 100110 af43

8 001000 cs1

16 010000 cs2

24 011000 cs3

32 100000 cs4

40 101000 cs5

48 110000 cs6

56 111000 cs7

0 000000 be (default)

802.1p priority
802.1p priority lies in the Layer 2 header. It applies to occasions where Layer 3 header analysis is not
needed and QoS must be assured at Layer 2.
Figure 25 An Ethernet frame with an 802.1Q tag header

As shown in Figure 25, the 4-byte 802.1Q tag header consists of the 2-byte tag protocol identifier (TPID)
and the 2-byte tag control information (TCI). The value of the TPID is 0x8100. Figure 26 shows the format
of the 802.1Q tag header. The Priority field in the 802.1Q tag header is called the "802.1p priority",
because its use is defined in IEEE 802.1p. Table 11 shows the values for 802.1p priority.
Figure 26 802.1Q tag header

87
Table 11 Description on 802.1p priority

802.1p priority (decimal) 802.1p priority (binary) Description

0 000 best-effort

1 001 background

2 010 spare

3 011 excellent-effort

4 100 controlled-load

5 101 video

6 110 voice

7 111 network-management

88
Configuring time ranges

You can implement a service based on the time of the day by applying a time range to it. A time-based
service takes effect only in time periods specified by the time range. For example, you can implement
time-based ACL rules by applying a time range to them. If a time range does not exist, the service based
on the time range does not take effect.
The following basic types of time ranges are available:
• Periodic time range—Recurs periodically on a day or days of the week.
• Absolute time range—Represents only a period of time and does not recur.
A time range is uniquely identified by the time range name. You can create a maximum of 1024 time
ranges, each with a maximum of 32 periodic statements and 12 absolute statements. The active period
of a time range is calculated as follows:
1. Combining all periodic statements.
2. Combining all absolute statements.
3. Taking the intersection of the two statement sets as the active period of the time range.

Configuration procedure
Step Command Remarks
1. Enter system view. system-view N/A

time-range time-range-name { start-time to

2. Create or edit a time end-time days [ from time1 date1 ] [ to
No time range exists.
range. time2 date2 ] | from time1 date1 [ to
time2 date2 ] | to time2 date2 }

Displaying and maintaining time ranges

Execute the display command in any view.

Task Command
Display time range configuration and status. display time-range { time-range-name | all }

Time range configuration example

Network requirements
As shown in Figure 27, configure an ACL on Device A to allow Host A to access the server only during
8:00 and 18:00 on working days from June 2011 to the end of the year.

89
Figure 27 Network diagram

Server

Host A XGE1/0/1 XGE1/0/2

192.168.1.2/24

Device A 192.168.0.100/24

Host B
192.168.1.3/24

Configuration procedure
# Create a periodic time range during 8:00 and 18:00 on working days from June 2011 to the end of
the year.
<DeviceA> system-view
[DeviceA] time-range work 8:0 to 18:0 working-day from 0:0 6/1/2011 to 24:0 12/31/2011

# Create an IPv4 basic ACL numbered 2001, and configure a rule in the ACL to permit packets only from
192.168.1.2/32 during the time range work.
[DeviceA] acl number 2001
[DeviceA-acl-basic-2001] rule permit source 192.168.1.2 0 time-range work
[DeviceA-acl-basic-2001] rule deny source any time-range work
[DeviceA-acl-basic-2001] quit

# Apply IPv4 basic ACL 2001 to filter outgoing packets on interface Ten-GigabitEthernet 1/0/2.
[DeviceA] interface Ten-GigabitEthernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] packet-filter 2001 outbound
[DeviceA-Ten-GigabitEthernet1/0/2] quit

Verifying the configuration

# Display time range configuration and status on Device A.
[DeviceA] display time-range all
Current time is 13:58:35 6/20/2011 Monday

Time-range : work ( Active )

08:00 to 18:00 working-day
from 00:00 6/1/2011 to 00:00 1/1/2012

The output shows that the time range work is active.

90
Configuring data buffers

An interface stores outgoing packets in the egress buffer when congestion occurs.
An egress buffer uses the following types of resources:
• Cell resources—Store packets. The buffer uses cell resources based on packet sizes. Suppose a cell
resource provides 208 bytes. The buffer allocates one cell resource to a 128-byte packet and two
cell resources to a 300-byte packet.
• Packet resources—Store packet pointers. A packet pointer indicates where the packet is located in
cell resources. The buffer uses one packet resource for each incoming or outgoing packet.
Each type of resources has a fixed area and a shared area.
• Fixed area—Partitioned into queues, each of which is equally divided by all the interfaces on a
device, as shown in Figure 28. When congestion occurs, the following rules apply:
a. An interface first uses the relevant queues of the fixed area to store packets.
b. When a queue is full, the interface uses the space for the queue in the shared area.
c. When the queue in the shared area is also full, the interface discards subsequent packets.
The system allocates the fixed area among queues as specified by the user. Even if a queue is not
full, other queues cannot preempt its space. Similarly, the share of a queue for an interface cannot
be preempted by other interfaces even if it is not full.
• Shared area—Partitioned into queues, each of which is not equally divided by the interfaces, as
shown in Figure 28. The system determines the actual shared-area ratio for each queue according
to user configuration and the number of packets actually sent. If a queue is not full, other queues can
preempt its space.
The system puts packets received on all interfaces into a queue in the order they arrive. When the
queue is full, subsequent packets are dropped.
Figure 28 Fixed area and shared area

Configuration task list

You can configure data buffers either automatically by enabling the Burst function or manually.

91
If you have configured data buffers in one way, delete the configuration before using the other way.
Otherwise, the new configuration does not take effect.
To configure the data buffer, perform the following tasks:

Tasks at a glance
Perform one of the following tasks:
• Enabling the Burst function
• Configuring data buffers manually
{ Configuring the total shared-area ratio
{ Setting the maximum shared-area ratio for a queue
{ Setting the fixed-area ratio for a queue
{ Applying data buffer configuration

Enabling the Burst function

The Burst function enables the device to automatically allocate cell and packet resources. It is well suited
to the following scenarios:
• Broadcast or multicast traffic is intensive, resulting in bursts of traffic.
• Traffic enters and goes out in one of the following ways:
{ Enters from a high-speed interface and goes out of a low-speed interface.
{ Enters from multiple same-rate interfaces at the same time and goes out of an interface with the
same rate.
To enable the Burst function:

Step Command Remarks

1. Enter system view. system-view N/A

By default, the Burst function is

2. Enable the Burst function. burst-mode enable
disabled.

Configuring data buffers manually

CAUTION:
• To avoid impact on the forwarding function of the system, do not manually change data buffer settings.
If large buffer spaces are needed, use the Burst function.
• Manually configuring data buffers might cause generic flow control and PFC to operate incorrectly. For
more information about generic flow control and PFC, see Layer 2—LAN Switching Configuration
Guide.

The switch only supports configuring cell resources.

92
Configuring the total shared-area ratio
Each type of resources of a buffer, packet or cell, has a fixed size. After you set the total shared-area ratio
for a type of resources, the rest is automatically assigned to the fixed area.
To configure the total shared-area ratio:

Step Command Remarks

1. Enter system view. system-view N/A

By default, the total

2. Configure the total buffer egress [ slot slot-number ] cell
shared-area ratio is 84% of
shared-area ratio. total-shared ratio ratio-value
the buffer.

Setting the maximum shared-area ratio for a queue

By default, all queues have an equal share of the shared area. This task allows you to change the
maximum shared-area ratio for a queue. The unconfigured queues use the default setting.
The actual maximum shared-area ratio for each queue is determined by the chip based on your
configuration and the number of packets to be sent.
To set the maximum shared-area ratio for a queue:

Step Command Remarks

1. Enter system view. system-view N/A
2. Set the maximum shared-area buffer egress [ slot slot-number ] cell queue The default setting is 33%
ratio for a queue. queue-id shared ratio ratio-value for each queue.

For the maximum shared-area ratio for a queue, the percentage values 0 to 100 are divided into 10
ranges. Table 12 shows the effective values that correspond to the configured values of ratio-value.
Table 12 Mapping between values of ratio-value and effective values

Value of ratio-value Effective value

0 to 1 1

2 to 3 3

4 to 7 6

8 to 16 11

17 to 29 20

30 to 42 33

43 to 60 50

61 to 76 67

77 to 86 80

87 to 100 89

93
Setting the fixed-area ratio for a queue
By default, all queues have an equal share of the fixed area. This task allows you to change the fixed-area
ratio for a queue. The unconfigured queues equally share the remaining part.
The fixed-area space for a queue cannot be used by other queues. It is also called the minimum
guaranteed buffer.
When you set the fixed-area ratio for a queue, follow these restrictions and guidelines:
• The sum of ratios configured for all queues cannot be greater than or equal to 100%. Queues 5, 6,
and 7 must have available fixed-area space.
• After you configure the fixed-area ratios for some queues, the other queues each are assigned an
equal share of the remaining part of the fixed area. The display buffer queue command displays
the preceding whole number for each assignment result. Therefore, the sum of the ratios for all
queues might be less than 100%.
To set the fixed-area ratio for a queue:

Step Command Remarks

1. Enter system view. system-view N/A

The default setting is 12.5% for

buffer egress [ slot slot-number ] cell
2. Set the fixed-area ratio for a each queue, but the default value
queue queue-id guaranteed ratio
queue. in the display buffer queue
ratio-value
command output is 13%.

Applying data buffer configuration

Perform this task to apply the data buffer configuration.
You cannot directly modify the applied configuration. To modify the configuration, you must cancel the
application, reconfigure data buffers, and reapply the configuration.
To apply data buffer configuration:

Step Command
1. Enter system view. system-view
2. Apply data buffer configuration. buffer apply

Displaying and maintaining data buffers

Execute display commands in any view.

Task Command
Display data buffer configuration. display buffer [ slot slot-number ] [ queue [ queue-id ] ]

Display data buffer usage. display buffer usage [ slot slot-number ]

94
Configuring QCN

Quantized Congestion Notification (QCN) is an end-to-end congestion notification mechanism that can
reduce packet loss and delay in Layer 2 networks by actively sending reverse notifications. As part of
data center standards, QCN is primarily used in data center networks.

Basic concepts
• Reaction point (RP)—A source end host that supports QCN.
• Congestion point (CP)—A congestion detection device that is enabled with QCN.
• Congestion notification message (CNM)—A message transmitted by a CP to an RP when a queue
on the CP is congested.
• Congestion controlled flow (CCF)—A flow of frames with the same priority value. A CP assigns
frames of the same CCF to one queue before forwarding them.
• Congestion notification tag (CN tag)—Identifies a CCF. Devices in a CND must be able to process
packets with a CN tag.
• Congestion notification priority (CNP)—An 802.1p priority that is enabled with QCN. The value of
that 802.1p priority is called a Congestion Notification Priority Value (CNPV).
• Congestion notification domain (CND)—A set of RPs and CPs with QCN enabled for a CNPV.
• Congestion point identifier (CPID)—An 8-byte unique identifier for a CP in the network.
• Quantized feedback (QntzFb)—A 6-bit quantized feedback value indicating the extent of
congestion.

QCN message format

Data flow format
An RP can add CN tags to outgoing Ethernet frames to distinguish between CCFs. A CN tag defines a
CCF.
As shown in Figure 29, the CN tag contains the following fields:
• EtherType—Indicates the Ethernet type of the data packet, 2 bytes in length and assigned a value
of 0x22E9.
• RPID—Locally assigned and 2 bytes in length. When receiving a CNM, the RP uses this field to
identify the CCF that causes congestion and then rate limits that CCF.
When only one CCF exists, the RP may not add a CN tag to packets. In this case, the triggered CNM
carries a CN tag with the RPID as 0.
A CN tag is confined within its CND. When a packet leaves a CND, the CN tag is stripped off.

95
Figure 29 Data flow format

CNM format
When a CP detects the congestion state by sampling frames, it sends CNMs to the RPs.
The CP constructs a CNM as follows:
• Uses the source MAC address of the sampled frame as the destination MAC address.
• Uses the destination MAC address of the sampled frame as the source MAC addresses.
• Copies the VLAN tag and CN tag of the sampled frame.
• Places the data as shown in Figure 30.
{ PDU EtherType—2 bytes in length. It indicates the Ethernet type of the PDU and has a value of
0x22E7.
{ CNM PDU—24 to 88 bytes of payload of the PDU.
Figure 30 CNM PDU format

As shown in Figure 31, a payload contains the following fields:

Field Length Description

Version 4 bits Its value is fixed at 0.

ReserverV 6 bits Its value is fixed at 0.

Quantized Feedback 6 bits Quantized value indicating the extent of congestion.

CPID 8 bytes Identifies the CP where congestion occurs.

Indicates the difference between instantaneous queue

cnmQoffset 2 bytes
size at the sampling point and desired queue length.

Indicates the difference between instantaneous queue

cnmQdelta 2 bytes sizes at the current sampling point and at the previous
sampling point.

Encapsulated priority 2 bytes Priority of the sampled frame that triggered the CNM.

Encapsulated destination MAC Destination MAC address of the sampled frame that
6 bytes
address triggered the CNM.

Number of bytes in the Encapsulated MSDU field of the

Encapsulated MSDU length 2 bytes
sampled frame that triggered the CNM.

Initial bytes of the Encapsulated MSDU field of the

Encapsulated MSDU 0 to 64 bytes
sampled frame that triggered the CNM.

96
Figure 31 CNM PDU format
Octet Length
Version 1 4 bits
ReservedV 1, 2 6 bits
Quantized Feedback 2 6 bits

Congestion Point Identifier (CPID) 3 8

cnmQOffset 11 2
cnmQDelta 13 2

Encapsulated priority 15 2

Encapsulated destination MAC address 17 6

Encapsulated MSDU length 23 2

Encapsulated MSDU 25 0–64

How QCN works

Figure 32 shows how QCN works.
• The CP periodically samples frames from queues that are enabled with QCN and sends CNMs to
the RPs when congestion occurs.
• The RPs reduce their transmission rates when receiving CNMs. The RPs also periodically probe the
bandwidth and increase their transmission rates if they fail to receive CNMs for a specific period of
time.
Figure 32 How QCN works

97
QCN algorithm
The QCN algorithm includes the CP algorithm and the RP algorithm.

CP algorithm
The CP measures the queue size by periodically sampling frames and computes the congestion state
based on the sampling result.
As shown in Figure 33, the CP algorithm includes the following parameters:
• Q—Indicates the instantaneous queue size at the sampling point.
• Qeq—Indicates the desired queue size.
• Qold—Indicates the queue size at the previous sampling point.
• Fb—Indicates the extent of congestion in the form of a quantized value.
The following formulas apply:
• Qoff = Q – Qeq
• Qδ = Q – Qold
• Fb = – (Qoff + wQδ)
where w is a constant to control the weight of Qδ in determining the value of Fb.
The CP determines whether to generate CNMs based on the Fb value.
• When Fb ≥ 0, no congestion occurs, and the CP does not generate a CNM.
• When Fb < 0, congestion occurs, and the CP generates an CNM containing the QntzFb. QntzFb
is the quantized value of |Fb| and is calculated according to the following rules:
{ If Fb < – Qeq x (2 x w + 1), QntzFb takes the maximum value of 63.
{ Otherwise, QntzFb = – Fb x 63/(Qeq x (2 x w + 1)).
Figure 33 Congestion detection

RP algorithm
An RP decreases its transmission rate based on the value of |Fb| in the received CNM. The greater the
Fb value, the lower the RP reduces its transmission rate. After the RP reduces its transmission rate, the RP
gradually increases the transmission rate to the original level.

98
CND
A CND is a set of RPs and CPs enabled with QCN for a CNPV. CNDs are identified based on CNPVs.
Devices enabled with QCN for a CNPV are assigned to the corresponding CND. A CNPV-based CND
prevents traffic from outside the CND from entering the CND. If a frame from outside the CND includes
the CNPV, the 802.1p priority value of the frame is mapped to a configured alternate priority value.

CND defense mode

Each interface on a device in a CND has a defense mode, which is statically configured or negotiated
through LLDP.
The following defense modes are available:
• disabled—Disables congestion notification and performs priority mapping according to the priority
mapping table.
• edge—Maps the priority of incoming frames with a CNPV to an alternate priority and removes CN
tags before sending out the frames.
• interior—Does not alter the priority of incoming frames with a CNPV and removes CN tags before
sending out the frames.
• interiorReady—Does not alter the priority of incoming frames with a CNPV and retains CN tags
when sending out the frames.

Priority mapping
Incoming frames with a CNPV are assigned to the corresponding output queue enabled with QCN.
Traffic with other priority values cannot enter that output queue. Priority-to-queue mappings are
determined by the QoS priority mapping table (see "Configuring priority mapping").
Modifying the priority mapping table for traffic with specific CNPVs might cause the system to fail to
detect congestion.
When you map multiple 802.1p priorities to one queue, all packets with these 802.1p priorities will be
included when determining congestion conditions. Therefore, do not map 802.1p priorities not enabled
with QCN to a queue enabled with QCN.
Marking actions configured in QoS policies affect priority mapping. For information about marking
actions, see "Configuring priority marking."
The priority trust mode must be configured as the 802.1p priority. For information about configuring trust
modes, see "Configuring priority mapping."
The default port priority cannot be the same as the CNPV. For information about port priority, see
"Configuring priority mapping."

Protocols and standards

IEEE 802.1Qau, Congestion notification

99
QCN configuration task list
Tasks at a glance
(Required.) Enabling QCN globally

Configuring CND settings

• (Required.) Configuring global CND settings
• (Optional.) Configuring CND settings for an interface
(Optional.) Configuring congestion detection parameters

Enabling QCN globally

QCN settings take effect only after you enable QCN globally.

Configuration prerequisites
Before you enable QCN globally, enable LLDP. For more information about LLDP, see Layer 2—LAN
Switching Configuration Guide.

Configuration procedure
To enable QCN globally:

Step Command Remarks

1. Enter system view. system-view N/A

By default, QCN is disabled

globally.
When QCN is disabled globally,
the following events occur:
2. Enable QCN globally. qcn-enable • All QCN settings become
invalid but still exist.
• The switch stops LLDP
negotiation and does not
process or carry CN TLVs in LLDP
packets.

Configuring CND settings

You can configure CND settings both globally or for a specific interface. The interface-level CND settings
take precedence over global settings.

100
Configuring global CND settings
Perform this task to assign a switch to a CND identified by the specified CNPV.
After you assign a switch to a CND, the switch can detect congestion for packets within the CND.
You can assign a switch to multiple CNDs by specifying multiple CNPVs for the switch. For example, a
switch can be assigned to CND 1, CND 2, and CND 3 and have an alternate priority of 0 in all three
CNDs. The following table shows priority mappings:

dot1p CNPV Alternate priority

0 N/A N/A

1 1 0

2 2 0

3 3 0

4 N/A N/A

5 N/A N/A

6 N/A N/A

7 N/A N/A

To configure global CND settings:

Step Command Remarks

1. Enter system view. system-view N/A

qcn priority priority-value { admin

2. Configure global CND [ defense-mode { disabled | edge | By default, a switch does not
settings. interior | interior-ready } alternate belong to any CND.
alternate-value ] | auto }

Configuring CND settings for an interface

You can configure interface CND settings to meet your granular requirements.
You must assign a switch to a CND before you configure CND settings for individual interfaces.
To configure CND settings for an interface:

Step Command Remarks

1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type interface-number N/A

qcn port priority priority-value { admin

3. Configure CND settings for [ defense-mode { disabled | edge | interior By default, the global
the interface. | interior-ready } alternate alternate-value ] CND settings apply.
| auto }

101
Configuring congestion detection parameters
Perform this task to detect congestion for packets in a CND. You configure congestion detection
parameters in a profile.
Before you configure congestion detection parameters, you must assign the switch to the CND.
To configure congestion detection parameters:

Step Command Remarks

1. Enter system view. system-view N/A

By default, no user-created profiles exist.

The system automatically creates the
qcn profile profile-id set-point default profile (profile 0), which has a
2. Create a profile.
length-value weight weight-value desired queue length of 26000 bytes
and a weight value of 1. You cannot
modify the default profile.
3. Bind the profile to a qcn priority priority-value profile By default, the default profile is bound to
CND. profile-id a CND.

Displaying and maintaining QCN

Execute display commands in any view and reset commands in user view.

Task Command
Display global CND settings. display qcn global [ slot slot-number ]

Display the CND settings for an interface. display qcn global [ interface-type interface-number ]

display qcn profile [ profile-id | default ] [ slot

Display profile settings.
slot-number ]

display qcn cp interface [ interface-type

Display CP statistics for an interface.
interface-number ] [ priority priority-value ]

reset qcn cp interface [ interface-type interface-number ]

Clear CP statistics for an interface.
[ priority priority-value ]

QCN configuration examples

Basic QCN configuration example
Network requirements
As shown in Figure 34, RP 1 and RP 2 are in the same VLAN and both support QCN.
Configure QCN for CNPV 1 to meet the following requirements:
• Switch A, Switch B, and Switch C detect congestion for traffic with 802.1p priority 1.
• Switch A, Switch B, and Switch C do not detect congestion for all other traffic.

102
Figure 34 Network diagram

IP network

XGE1/0/2
CND 1 Switch B
XGE1/0/1 XGE1/0/3

XGE1/0/1 XGE1/0/2 XGE1/0/2 XGE1/0/1

Switch A Switch C
RP 1 RP 2

Configuration procedure
1. Configure Switch A:
# Create VLAN 100, and assign Ten-GigabitEthernet 1/0/1 to the VLAN.
<SwitchA> system-view
[SwitchA] vlan 100
[SwitchA-vlan100] port ten-gigabitethernet 1/0/1
[SwitchA-vlan100] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 100.
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# Enable LLDP globally.
[SwitchA] lldp global enable
# Enable CN TLV advertising on Ten-GigabitEthernet 1/0/1.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv congestion-notification
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# Enable CN TLV advertising on Ten-GigabitEthernet 1/0/2.
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] lldp tlv-enable dot1-tlv congestion-notification
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# Enable QCN globally.
[SwitchA] qcn enable
# Assign the switch to the CND with CNPV 1, and configure all interfaces to negotiate the defense
mode and alternate priority by using LLDP.
[SwitchA] qcn priority 1 auto

103
2. Configure Switch B:
# Create VLAN 100.
<SwitchB> system-view
[SwitchB] vlan 100
[SwitchB-vlan100] quit
# Configure the following interfaces as trunk ports, and assign all of them to VLAN 100:
{ Ten-GigabitEthernet 1/0/1.
{ Ten-GigabitEthernet 1/0/2.
{ Ten-GigabitEthernet 1/0/3.
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/1] quit
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/2] quit
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# Enable LLDP globally.
[SwitchB] lldp global enable
# Enable CN TLV advertising on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2.
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv congestion-notification
[SwitchB-Ten-GigabitEthernet1/0/1] quit
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] lldp tlv-enable dot1-tlv congestion-notification
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# Enable QCN globally.
[SwitchB] qcn enable
# Assign the switch to the CND with CNPV 1.
[SwitchB] qcn priority 1 auto
# Configure the CND defense mode edge and alternate value 0 for interface Ten-GigabitEthernet
1/0/2.
[SwitchB-Ten-GigabitEthernet1/0/2] qcn port priority 1 admin defense-mode edge
alternate 0
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# Assign the switch to the CND with CNPV 1, and configure all interfaces to negotiate the defense
mode and alternate priority by using LLDP.
[SwitchB] qcn priority 1 auto
3. Configure Switch C in the same way Switch A is configured. (Details not shown.)

Verifying the configuration

# Display the CND settings for interfaces on Switch A.

104
[SwitchA] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

# Display the CND settings for interfaces on Switch B.

[SwitchB] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 admin edge 0

Interface: Ten-GigabitEthernet1/0/3
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

# Display the CND settings for interfaces on Switch C.

[SwitchC] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

MultiCND QCN configuration example

Network requirements
As shown in Figure 35:
• RP 1 and RP 2 are in the same VLAN.
• RP 3 and RP 4 are in the same VLAN.
• RP 1, RP 2, Switch A, Switch B, and Switch C form a CND with CNPV 1.
• RP 3, RP 4, Switch C, Switch D, and Switch E form a CND with CNPV 5.

105
Configure QCN for CNPV 1 to meet the following requirements:
• Switch A, Switch B, and Switch C detect congestion for traffic with 802.1p priority 1.
• Switch A and Switch B do not detect congestion for traffic with 802.1p priority 5.
Configure QCN for CNPV 5 to meet the following requirements:
• Switch C, Switch D, and Switch E detect congestion for traffic with 802.1p priority 5.
• Switch D and Switch E do not detect congestion for traffic with 802.1p priority 1.
Figure 35 Network diagram

CND 1

Switch A Switch B
XGE1/0/1 XGE1/0/1

XGE1/0/2 XGE1/0/2

RP 1 RP 2
XGE1/0/1 XGE1/0/2

XGE1/0/3 XGE1/0/4
Switch C

XGE1/0/1 XGE1/0/2 XGE1/0/2 XGE1/0/1

Switch D Switch E
RP 3 RP 4
CND 2

106
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# Enable QCN globally.
[SwitchA] qcn enable
# Assign the switch to the CND with CNPV 1, and configure all interfaces to negotiate the defense
mode and alternate priority by using LLDP.
[SwitchA] qcn priority 1 auto
2. Configure Switch B in the same way Switch A is configured. (Details not shown.)
3. Configure Switch C:
# Create VLAN 100 and VLAN 200.
<SwitchC> system-view
[SwitchC] vlan 100
[SwitchC-vlan100] quit
[SwitchC] vlan 200
[SwitchC-vlan200] quit
# Configure the following interfaces as trunk ports, and assign all of them to VLAN 100 and VLAN
200:
{ Ten-GigabitEthernet 1/0/1.
{ Ten-GigabitEthernet 1/0/2.
{ Ten-GigabitEthernet 1/0/3.
{ Ten-GigabitEthernet 1/0/4.
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/1] quit
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/2] quit
[SwitchC] interface ten-gigabitethernet 1/0/3
[SwitchC-Ten-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/3] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/3] quit
[SwitchC] interface ten-gigabitethernet 1/0/4
[SwitchC-Ten-GigabitEthernet1/0/4] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/4] port trunk permit vlan 100 200
[SwitchC-Ten-GigabitEthernet1/0/4] quit
# Enable LLDP globally.
[SwitchC] lldp global enable
# Enable CN TLV advertising on the following interfaces:
{ Ten-GigabitEthernet 1/0/1.
{ Ten-GigabitEthernet 1/0/2.
{ Ten-GigabitEthernet 1/0/3.
{ Ten-GigabitEthernet 1/0/4.
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] lldp tlv-enable dot1-tlv congestion-notification

107
[SwitchC-Ten-GigabitEthernet1/0/1] quit
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] lldp tlv-enable dot1-tlv congestion-notification
[SwitchC-Ten-GigabitEthernet1/0/2] quit
[SwitchC] interface ten-gigabitethernet 1/0/3
[SwitchC-Ten-GigabitEthernet1/0/3] lldp tlv-enable dot1-tlv congestion-notification
[SwitchC-Ten-GigabitEthernet1/0/3] quit
[SwitchC] interface ten-gigabitethernet 1/0/4
[SwitchC-Ten-GigabitEthernet1/0/4] lldp tlv-enable dot1-tlv congestion-notification
[SwitchC-Ten-GigabitEthernet1/0/4] quit
# Enable QCN globally.
[SwitchC] qcn enable
# Assign the switch to the CNDs with CNPV 1 and CNPV 5.
[SwitchC] qcn priority 1 auto
[SwitchC] qcn priority 5 admin defense-mode interior-ready alternate 4
# Configure the CND defense mode edge and alternate value 4 for Ten-GigabitEthernet 1/0/1
and Ten-GigabitEthernet 1/0/2.
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] qcn port priority 5 admin defense-mode edge
alternate 4
[SwitchC-Ten-GigabitEthernet1/0/1] quit
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] qcn port priority 5 admin defense-mode edge
alternate 4
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# Assign the switch to the CND with CNPV 1, and configure all interfaces to negotiate the defense
mode and alternate priority by using LLDP.
[SwitchC] qcn priority 1 auto
4. Configure Switch D:
# Create VLAN 200, and assign Ten-GigabitEthernet 1/0/1 to the VLAN.
<SwitchD> system-view
[SwitchD] vlan 200
[SwitchD-vlan200] port ten-gigabitethernet 1/0/1
[SwitchD-vlan200] quit
# Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign it to VLAN 200.
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchD-Ten-GigabitEthernet1/0/2] port trunk permit vlan 200
[SwitchD-Ten-GigabitEthernet1/0/2] quit
# Enable QCN globally.
[SwitchD] qcn enable
# Assign the switch to the CND with CNPV 5.
[SwitchD] qcn priority 5 admin defense-mode interior-ready alternate 4
5. Configure Switch E in the same way Switch D is configured. (Details not shown.)

Verifying the configuration

# Display the CND settings for interfaces on Switch A.

108
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

# Display the CND settings for interfaces on Switch B.

[SwitchB] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior 0

# Display the CND settings for interfaces on Switch C.

[SwitchC] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior-ready 0
5 admin edge 4

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp interior-ready 0
5 admin edge 4

Interface: Ten-GigabitEthernet1/0/3
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp edge 0
5 comp interior-ready 4

Interface: Ten-GigabitEthernet1/0/4
CNPV Mode Defense-mode Alternate
---------------------------------------------------
1 comp edge 0
5 comp interior-ready 4

# Display the CND settings for interfaces on Switch D.

[SwitchD] display qcn interface

109
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
5 comp interior-ready 4

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
5 comp interior-ready 4

# Display the CND settings for interfaces on Switch E.

[SwitchE] display qcn interface
Interface: Ten-GigabitEthernet1/0/1
CNPV Mode Defense-mode Alternate
---------------------------------------------------
5 comp interior-ready 4

Interface: Ten-GigabitEthernet1/0/2
CNPV Mode Defense-mode Alternate
---------------------------------------------------
5 comp interior-ready 4

110
Support and other resources

Contacting HP
For worldwide technical support information, see the HP support website:
http://www.hp.com/support
Before contacting HP, collect the following information:
• Product model names and numbers
• Technical support registration number (if applicable)
• Product serial numbers
• Error messages
• Operating system type and revision level
• Detailed questions

Subscription service
HP recommends that you register your product at the Subscriber's Choice for Business website:
http://www.hp.com/go/wwalerts
After registering, you will receive email notification of product enhancements, new driver versions,
firmware updates, and other product resources.

Related information
Documents
To find related documents, browse to the Manuals page of the HP Business Support Center website:
http://www.hp.com/support/manuals
• For related documentation, navigate to the Networking section, and select a networking category.
• For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.

Websites
• HP.com http://www.hp.com
• HP Networking http://www.hp.com/go/networking
• HP manuals http://www.hp.com/support/manuals
• HP download drivers and software http://www.hp.com/support/downloads
• HP software depot http://www.software.hp.com
• HP Education http://www.hp.com/learn

111
Conventions
This section describes the conventions used in this documentation set.

Command conventions

Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[] Square brackets enclose syntax choices (keywords or arguments) that are optional.

Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.

Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.

Asterisk-marked braces enclose a set of required syntax choices separated by vertical

{ x | y | ... } *
bars, from which you select at least one.

Asterisk-marked square brackets enclose optional syntax choices separated by vertical

[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.

The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description
Window names, button names, field names, and menu items are in bold text. For
Boldface
example, the New User window appears; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Symbols

Convention Description
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.

An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.

IMPORTANT An alert that calls attention to essential information.

NOTE An alert that contains additional or supplementary information.

TIP An alert that provides helpful information.

112
Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the switching engine

on a unified wired-WLAN switch.

Represents an access point.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security gateway, or

load-balancing device.

Represents a security card, such as a firewall, load-balancing, NetStream, SSL VPN, IPS,
or ACG card.

Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your device.

113
Index

Numerics time range configuration, 89, 89

802 time range display, 89
QoS packet 802.1p priority, 87 user-defined configuration, 9
802.1p advanced ACL
priority marking configuration, 65 category, 1
QCN CND, 99 naming, 2
QCN CND priority mapping, 99 numbering, 2
802.1p priority aggregate CAR
drop precedence, 64 configuration, 79, 79, 79
priority marking configuration, 65
A
algorithm
absolute time range (ACL), 89, 89 QCN algorithm, 98
ACL QCN algorithm (CP), 98
advanced configuration, 5 QCN algorithm (RP), 98
automatic rule numbering, 3 QCN CND, 99
automatic rule renumbering, 3 Appendix A (Default priority maps), 85
basics configuration, 4 Appendix B (Packet precedence), 86
categories, 1 application
configuration, 1, 4, 12 ACL switch applications, 1
copying, 10 applying
display, 12 ACL packet filtering (interface), 11
Ethernet frame header configuration, 8 data buffer configuration, 94
IPv4 advanced configuration, 6 QoS congestion avoidance queue-based WRED
IPv4 basic configuration, 4 table, 59
IPv6 advanced configuration, 7 QoS policy, 21
IPv6 basic configuration, 5 QoS policy (control plane), 23
maintain, 12 QoS policy (global), 23
match order, 2 QoS policy (user profile), 24
naming, 2 QoS policy (VLAN), 22
numbering, 2 QoS policy to interface, 22
packet filtering applicable scope (VLAN area
interface), 11 data buffer fixed area, 91, 91
packet filtering application (interface), 11 data buffer shared area, 91, 91
packet filtering configuration, 10 QoS data buffer fixed-area max queue ratio, 94
packet filtering default action, 12 QoS data buffer shared-area max queue ratio, 93
packet filtering log interval, 11 QoS data buffer total shared-area ratio, 93
packet fragment filtering, 3 auto
rule numbering, 3 ACL auto match order sort, 2
rule numbering step, 3 ACL automatic rule numbering, 3
switch applications, 1
B

114
bandwidth committed access rate. Use CAR
QoS overview, 15 common CAR
QoS policy configuration, 18 priority marking configuration, 65
basic ACL configuring
category, 1 ACL, 1, 4, 12
configuration, 4 ACL (advanced), 5
behavior ACL (basic), 4
QoS traffic behavior definition, 20 ACL (Ethernet frame header), 8
best-effort QoS service model, 15 ACL (user-defined), 9
buffer ACL packet filtering, 10
data. See data buffer ACL packet filtering applicable scope (VLAN
burst function (data buffer), 92 interface), 11
aggregate CAR, 79
C
color-based priority marking, 65
CAR
data buffer, 91, 91
aggregate CAR configuration, 79, 79
data buffers manually, 92
global CAR configuration, 79
IPv4 ACL (advanced), 6
QoS aggregate CAR configuration, 79
IPv4 ACL (basic), 4
category
IPv6 ACL (advanced), 7
ACL advanced, 1
IPv6 ACL (basic), 5
ACL auto match order sort, 2
local precedence marking, 66
ACL basic, 1
local QoS ID marking, 68
ACL config match order sort, 2
multi-CND QCN, 105
ACL Ethernet frame header, 1
priority marking based on colors obtained through
ACL user-defined, 1 mapping drop precedence, 65
cell priority marking based on colors obtained through
data buffer burst function, 92 traffic policing, 65
data buffer configuration, 91, 91 QCN, 95, 100, 102
changing QCN basics, 102
QoS priority mapping interface port priority, 31 QCN CND congestion detection parameter, 102
classifying QCN CND settings, 100
QoS class-based accounting, 82, 83 QCN CND settings (global), 101
QoS traffic class definition, 19 QCN CND settings (interface), 101
CND QoS aggregate CAR, 79, 79
algorithms, 99 QoS class-based accounting, 82, 83
congestion detection parameter, 102 QoS congestion avoidance, 58
defense mode, 99 QoS congestion avoidance WRED, 60
multi-CND QCN configuration, 105 QoS congestion management, 46, 50
priority mapping, 99 QoS congestion management queue scheduling
settings configuration, 100 profile, 55, 57
settings configuration (global), 101 QoS congestion management queue-based WRED
settings configuration (interface), 101 table, 59
CNM QoS congestion management queuing, 50
CNM PDU format, 96 QoS congestion management SP queuing, 50
PDU EtherType format, 96 QoS congestion management SP+WFQ
queuing, 53
115
QoS congestion management SP+WRR Domain. Use CND
queuing, 52 Message. Use CNM
QoS congestion management WFQ control plane
queuing, 51 QoS policy application, 21
QoS congestion management WRR QoS policy application (control plane), 23
queuing, 50
copying
QoS data buffer total shared-area ratio, 93
ACL, 10
QoS global CAR, 79
D
QoS GTS, 36, 41
QoS nesting, 72, 73 data
QoS policy, 18 buffer. See data buffer
QoS priority mapping, 26, 29 multi-CND QCN configuration, 105
QoS priority mapping map, 30 QCN basic configuration, 102
QoS priority mapping priority trust mode, 31 QCN configuration, 95, 100, 102
QoS priority mapping table+priority QCN data flow format, 95
marking, 32 data buffer
QoS priority mapping trusted port packet burst function enable, 92
priority, 30 configuration, 91, 91
QoS priority marking, 64, 66 configuration (manual), 92
QoS rate limit, 36, 42, 42 configuration application, 94
QoS traffic filtering, 62, 63 display, 94
QoS traffic policing, 36, 40, 42 fixed-area max queue ratio, 94
QoS traffic redirection, 75, 76 shared-area max queue ratio, 93
time range, 89, 89 total shared-area ratio, 93
congestion avoidance default
configuration, 58 ACL packet filtering default action, 12
ECN, 59 defining
queue-based WRED table, 59 QoS policy, 21
RED, 58 QoS traffic behavior, 20
tail drop, 58 QoS traffic class, 19
WRED, 58 detecting
WRED configuration, 60 QCN CND congestion detection parameter, 102
congestion management QoS congestion avoidance RED, 58
configuration, 46, 50 QoS congestion avoidance WRED, 58
queue aging time setting, 57 device
queue scheduling profile, 55, 57, 88 ACL packet filtering applicable scope (VLAN
queuing, 50 interface), 11
SP queuing, 46, 50 ACL packet filtering application (interface), 11
SP+WFQ queuing, 49 ACL packet filtering configuration, 10
SP+WFQ queuing configuration, 53 ACL packet filtering default action, 12
SP+WRR queuing, 49 ACL packet filtering log interval, 11
SP+WRR queuing configuration, 52 ACL switch applications, 1
WFQ queuing, 49, 51 QoS congestion management configuration, 50
WRR queuing, 47, 50 QoS policy application (control plane), 23
Congestion Notification QoS policy application (global), 23

116
QoS policy application (user profile), 24 data buffer configuration, 91, 91
QoS policy application (VLAN), 22 QoS data buffer max queue ratio, 94
QoS policy interface application, 22 format
DiffServ QoS service model, 15 QCN CNM format, 96
displaying QCN data flow format, 95
ACL, 12 QCN message, 95
data buffer, 94 forwarding
QCN, 102 ACL configuration, 1, 4, 12
QoS aggregate CAR, 79 ACL configuration (advanced), 5
QoS congestion avoidance WRED, 61 ACL configuration (basic), 4
QoS congestion management queue ACL configuration (Ethernet frame header), 8
scheduling profile, 56 ACL configuration (user-defined), 9
QoS congestion management queuing, 55 QoS token bucket, 36
QoS GTS, 42 fragment filtering (ACL), 3
QoS policies, 24
G
QoS priority mapping, 31
General Traffic Shaping. Use GTS
QoS rate limit, 42
global
QoS traffic policing, 42
QoS policy application (global), 23
time range, 89
global CAR
drop precedence
aggregate CAR configuration, 79, 79
priority marking configuration, 65
configuration, 79
drop priority (QoS priority mapping), 26
green packet
DSCP
drop precedence, 64
QoS packet IP precedence and DSCP
values, 86 GTS
QoS ACL-based, 41
E
QoS all-traffic, 41
ECN QoS display, 42
QoS congestion avoidance, 59 QoS GTS configuration, 36
enabling QoS MQC GTS, 41
data buffer burst function, 92 QoS non-MQC GTS, 41
QCN, 100 QoS queue-based, 41
Ethernet frame header QoS traffic policing, 42
ACL category, 1 QoS traffic shaping, 38
ACL configuration, 8
I
evaluating
QoS traffic, 36 IntServ QoS service model, 15
QoS traffic with token bucket, 36, 36, 36 IP addressing
Explicit Congestion Notification. Use ECN ACL configuration, 1, 4, 12
ACL configuration (advanced), 5
F
ACL configuration (Ethernet frame header), 8
filtering ACL configuration (user-defined), 9
ACL packet fragments, 3 QoS class-based accounting configuration, 82, 83
QoS traffic filtering configuration, 62, 63 QoS traffic filtering configuration, 62, 63
QoS traffic redirection configuration, 75, 76 IPv4
fixed area ACL configuration (IPv4 advanced), 6

117
ACL configuration (IPv4 basic), 4 QCN CND defense interior, 99
ACL naming, 2 QCN CND defense interiorReady, 99
ACL numbering, 2 modular QoS. Use MQC
ACL packet filtering configuration, 10 MQC
IPv6 QoS GTS, 41
ACL configuration (IPv6 advanced), 7 MQC QoS
ACL configuration (IPv6 basic), 5 traffic policing, 40
ACL naming, 2 multi-CND QCN, 105
ACL numbering, 2 N
ACL packet filtering configuration, 10
naming
L ACL, 2
Layer 2 ACL copy, 10
multi-CND QCN configuration, 105 nesting
QCN basic configuration, 102 QoS configuration, 72, 73
QCN configuration, 95, 100, 102 network
limiting ACL configuration (basic), 4
QoS rate limit, 42 ACL configuration (Ethernet frame header), 8
local ACL configuration (user-defined), 9
QoS priority mapping local precedence, 26 ACL copy, 10
local precedence ACL packet filtering applicable scope (VLAN
priority marking configuration, 65 interface), 11
local precedence marking ACL packet filtering application (interface), 11
configuration, 66 ACL packet filtering configuration, 10
local QoS ID marking, 68 ACL packet filtering default action, 12
logging ACL packet filtering log interval, 11
ACL packet filtering log interval, 11 ACL packet fragment filtering, 3
ACL switch applications, 1
M
data buffer burst function, 92
maintaining
data buffer configuration application, 94
ACL, 12
multi-CND QCN configuration, 105
QCN, 102
QCN basic configuration, 102
QoS aggregate CAR, 79
QoS aggregate CAR configuration, 79, 79, 79
QoS policies, 24
QoS class-based accounting configuration, 82, 83
mapping
QoS congestion avoidance configuration, 58
QCN CND priority mapping, 99
QoS congestion avoidance WRED queue-based
match order table, 59
ACL auto, 2 QoS congestion avoidance+ECN, 59
ACL config, 2 QoS congestion management configuration, 46
message QoS congestion management queue scheduling
QCN CNM format, 96 profile, 55, 57, 88
QCN data flow format, 95 QoS congestion management queuing, 50
QCN format, 95 QoS congestion management SP queuing, 50
mode QoS congestion management SP+WFQ queuing
QCN CND defense disabled, 99 configuration, 53
QCN CND defense edge, 99

118
QoS congestion management SP+WRR QoS priority marking configuration, 66
queuing configuration, 52 QoS service models, 15
QoS congestion management WFQ QoS techniques, 16
queuing, 51 time range configuration, 89, 89
QoS congestion management WRR non-modular QoS. Use non-MQC
queuing, 50
non-MQC
QoS data buffer fixed-area max queue ratio, 94
QoS GTS, 41
QoS data buffer shared-area max queue
QoS traffic policing, 40
ratio, 93
notifying
QoS data buffer total shared-area ratio, 93
multi-CND QCN configuration, 105
QoS GTS, 38, 41
QCN basic configuration, 102
QoS GTS configuration, 36
QCN configuration, 95, 100, 102
QoS MQC, 18
QoS congestion avoidance+ECN, 59
QoS nesting configuration, 72, 73
numbering
QoS non-MQC, 18
ACL, 2
QoS policy application, 21
ACL automatic rule numbering, 3
QoS policy configuration, 18
ACL automatic rule renumbering, 3
QoS policy definition, 21
ACL copy, 10
QoS priority mapping configuration, 26, 29
ACL rule numbering, 3
QoS priority mapping drop priority, 26
ACL rule numbering step, 3
QoS priority mapping interface port priority, 31
QoS priority mapping map, 30 P
QoS priority mapping trusted port packet packet
priority, 30 ACL configuration, 4, 12
QoS priority marking configuration, 64 ACL filtering application (interface), 11
QoS rate limit, 39, 42 ACL packet fragment filtering, 3
QoS rate limit configuration, 36 ACL switch applications, 1
QoS traffic behavior definition, 20 data buffer burst function, 92
QoS traffic class definition, 19 data buffer configuration, 91, 91
QoS traffic evaluation, 36 local precedence marking configuration, 66
QoS traffic filtering configuration, 62, 63 multi-CND QCN configuration, 105
QoS traffic policing, 37, 40, 42 QCN basic configuration, 102
QoS traffic policing configuration, 36 QCN configuration, 95, 100, 102
QoS traffic redirection configuration, 75, 76 QoS aggregate CAR configuration, 79, 79, 79
network management QoS class-based accounting configuration, 82, 83
ACL configuration, 1, 4, 12 QoS congestion avoidance configuration, 58
ACL configuration (advanced), 5 QoS congestion avoidance+ECN, 59
data buffer configuration, 91, 91 QoS global CAR configuration, 79
local precedence marking configuration, 66 QoS GTS, 38
local QoS ID marking, 68 QoS nesting configuration, 72, 73
QCN configuration, 95, 100, 102 QoS overview, 15
QoS global CAR configuration, 79 QoS policy configuration, 18
QoS overview, 15 QoS priority mapping configuration, 26, 29
QoS priority mapping priority trust mode, 31 QoS priority mapping priority trust mode, 31
QoS priority mapping table+priority QoS priority mapping table+priority marking, 32
marking, 32
119
QoS priority marking configuration, 64, 66 marking. See priority marking
QoS rate limit, 39 QCN CND priority mapping, 99
QoS traffic evaluation, 36 QoS packet 802.1p priority, 87
QoS traffic filtering configuration, 62, 63 QoS packet IP precedence and DSCP values, 86
QoS traffic policing, 37 priority mapping
QoS traffic redirection configuration, 75, 76 configuration, 26, 29
QoS trusted port packet priority, 30 drop priority, 26
packet coloring interface port priority, 31
drop precedence, 64 local precedence, 26
traffic policing, 64 map, 26
packet filtering map configuration, 30
ACL applicable scope (VLAN interface), 11 mapping table+priority marking, 32
ACL configuration, 1, 10 priority trust mode, 27, 31
ACL configuration (advanced), 5 process, 28
ACL configuration (Ethernet frame header), 8 trusted port packet priority, 30
ACL configuration (user-defined), 9 user priority, 26
ACL default action, 12 priority mapping table
ACL log generation+output interval, 11 drop precedence, 64
parameter priority marking
QCN CND congestion detection, 102 configuration, 64, 66
QoS MQC, 18 procedure
QoS non-MQC, 18 applying ACL packet filtering (interface), 11
periodic time range (ACL), 89, 89 applying data buffer configuration, 94
policy applying QoS congestion avoidance queue-based
QoS application, 21 WRED table, 59
QoS application (control plane), 23 applying QoS policy, 21
QoS application (global), 23 applying QoS policy (control plane), 23
QoS application (user profile), 24 applying QoS policy (global), 23
QoS application (VLAN), 22 applying QoS policy (user profile), 24
QoS definition, 21 applying QoS policy (VLAN), 22
QoS interface application, 22 applying QoS policy to interface, 22
QoS MQC, 18 changing QoS priority mapping interface port
QoS non-MQC, 18 priority, 31
QoS policy configuration, 18 configuring ACL, 4, 12
port configuring ACL (advanced), 5
QoS priority mapping interface port priority, 31 configuring ACL (basic), 4
QoS trusted port packet priority, 30 configuring ACL (Ethernet frame header), 8
precedence configuring ACL (IPv4 advanced), 6
QoS priority mapping configuration, 26, 29 configuring ACL (IPv4 basic), 4
QoS priority mapping local precedence, 26 configuring ACL (IPv6 advanced), 7
QoS priority mapping priority trust mode, 31 configuring ACL (IPv6 basic), 5
QoS priority mapping table+priority configuring ACL (user-defined), 9
marking, 32 configuring ACL packet filtering, 10
priority configuring ACL packet filtering applicable scope
mapping. See priority mapping (VLAN interface), 11

120
configuring color-based priority marking, 65 configuring QoS priority mapping priority trust
configuring data buffer, 91 mode, 31
configuring data buffers manually, 92 configuring QoS priority mapping table+priority
configuring local precedence marking, 66 marking, 32
configuring multi-CND QCN, 105 configuring QoS priority mapping trusted port
packet priority, 30
configuring priority marking based on colors
obtained through mapping drop configuring QoS priority marking, 64, 66
precedence, 65 configuring QoS rate limit, 42
configuring priority marking based on colors configuring QoS traffic filtering, 62, 63
obtained through traffic policing, 65 configuring QoS traffic policing, 40, 42
configuring QCN, 100 configuring QoS traffic redirection, 75, 76
configuring QCN basics, 102 configuring time range, 89, 89
configuring QCN CND congestion detection copying ACL, 10
parameter, 102 defining QoS policy, 21
configuring QCN CND settings, 100 defining QoS traffic behavior, 20
configuring QCN CND settings (global), 101 defining QoS traffic class, 19
configuring QCN CND settings (interface), 101 displaying ACL, 12
configuring QoS aggregate CAR, 79, 79, 79 displaying data buffer, 94
configuring QoS class-based displaying QCN, 102
accounting, 82, 83 displaying QoS aggregate CAR, 79
configuring QoS congestion avoidance displaying QoS congestion avoidance WRED, 61
queue-based WRED table, 59
displaying QoS congestion management queue
configuring QoS congestion avoidance scheduling profile, 56
WRED, 60
displaying QoS congestion management
configuring QoS congestion management, 50 queuing, 55
configuring QoS congestion management displaying QoS GTS, 42
queue scheduling profile, 55, 57, 88
displaying QoS policies, 24
configuring QoS congestion management
displaying QoS priority mapping, 31
queuing, 50
displaying QoS rate limit, 42
configuring QoS congestion management SP
displaying QoS traffic policing, 42
queuing, 50
displaying time range, 89
configuring QoS congestion management
SP+WFQ queuing, 53 DSCP, 65
configuring QoS congestion management enabling data buffer burst function, 92
SP+WRR queuing, 52 enabling QCN, 100
configuring QoS congestion management maintaining ACL, 12
WFQ queuing, 51 maintaining QCN, 102
configuring QoS congestion management WRR maintaining QoS aggregate CAR, 79
queuing, 50 maintaining QoS policies, 24
configuring QoS data buffer total shared-area setting ACL packet filtering default action, 12
ratio, 93 setting ACL packet filtering log generation+output
configuring QoS global CAR, 79 interval, 11
configuring QoS GTS, 41 setting QoS congestion management queuing, 57
configuring QoS nesting, 72, 73 setting QoS data buffer fixed-area max queue
configuring QoS priority mapping, 29 ratio, 94
configuring QoS priority mapping map, 30 setting QoS data buffer shared-area max queue
ratio, 93

121
profile congestion avoidance WRED display, 61
QoS policy application (user profile), 24 congestion avoidance WRED queue-based
protocols and standards table, 59
QCN, 99 congestion avoidance+ECN, 59
congestion management configuration, 46, 50
Q
congestion management queue scheduling
QCN profile, 55, 57, 88
algorithm, 98 congestion management queuing, 50
algorithm (CP), 98 congestion management SP queuing, 46, 50
algorithm (RP), 98 congestion management SP+WFQ queuing
basic concepts, 95 configuration, 53
basic configuration, 102 congestion management SP+WRR queuing
CND, 99 configuration, 52
CND congestion detection parameter, 102 congestion management WFQ queuing, 49, 51
CND defense mode, 99 congestion management WRR queuing, 47, 50
CND priority mapping, 99 data buffer burst function, 92
CND settings configuration, 100 data buffer configuration, 91, 91
CNM format, 96 data buffer configuration (manual), 92
configuration, 95, 100, 102 data buffer configuration application, 94
data flow format, 95 data buffer display, 94
display, 102 data buffer fixed-area max queue ratio, 94
enabling, 100 data buffer shared-area max queue ratio, 93
how it works, 97 data buffer total shared-area ratio, 93
maintain, 102 DiffServ service model, 15
message format, 95 displaying aggregate CAR, 79
multi-CND configuration, 105 displaying congestion management queue
protocols and standards, 99 scheduling profile, 56
QoS displaying congestion management queuing, 55
ACL configuration, 1, 4, 12 global CAR configuration, 79
ACL configuration (advanced), 5 GTS, 38
ACL configuration (Ethernet frame header), 8 GTS configuration, 36, 41
ACL configuration (user-defined), 9 GTS display, 42
ACL switch applications, 1 IntServ service model, 15
aggregate CAR configuration, 79, 79, 79 local precedence marking configuration, 66
Appendix A (Default priority maps), 85 local QoS ID marking, 68
Appendix B (Packet precedence), 86 maintaining aggregate CAR, 79
best-effort service model, 15 MQC configuration, 18
class-based accounting configuration, 82, 83 multi-CND QCN configuration, 105
complicated traffic evaluation with token nesting configuration, 72, 73
bucket, 36 non-MQC, 18
congestion avoidance configuration, 58 overview, 15
congestion avoidance RED, 58 policy application, 21
congestion avoidance tail drop, 58 policy application (control plane), 23
congestion avoidance WRED, 58 policy application (global), 23
congestion avoidance WRED configuration, 60 policy application (user profile), 24

122
policy application (VLAN), 22 traffic evaluation, 36
policy configuration, 18 traffic evaluation with token bucket, 36, 36
policy definition, 21 traffic filtering configuration, 62, 63
policy display, 24 traffic policing, 37, 40, 42
policy interface application, 22 traffic policing configuration, 36
policy maintain, 24 traffic policing display, 42
priority mapping configuration, 26, 29 traffic redirection configuration, 75, 76
priority mapping display, 31 QoS policy
priority mapping drop priority, 26 priority marking configuration, 65
priority mapping interface port priority, 31 Quality of Service. Use QoS
priority mapping local precedence, 26 Quantized Congestion Notification. Use QCN
priority mapping map, 26, 30 queuing
priority mapping priority trust mode, 31 configuration, 50
priority mapping process, 28 data buffer burst function, 92
priority mapping table+priority marking, 32 data buffer configuration, 91, 91
priority mapping trusted port packet priority, 30 QoS congestion avoidance RED, 58
priority mapping user priority, 26 QoS congestion avoidance WRED, 58
priority marking configuration, 64, 66 QoS congestion management scheduling
priority trust mode, 27 profile, 55, 57, 88
QCN algorithm, 98 QoS congestion management SP queuing, 46, 50
QCN basic concepts, 95 QoS congestion management SP+WFQ queuing
QCN basic configuration, 102 configuration, 53
QCN CND, 99 QoS congestion management SP+WRR queuing
configuration, 52
QCN CND congestion detection
parameter, 102 QoS congestion management WFQ
queuing, 49, 51
QCN CND settings, 100
QoS congestion management WRR
QCN CNM format, 96
queuing, 47, 50
QCN configuration, 95, 100, 102
QoS data buffer fixed-area max queue ratio, 94
QCN data flow format, 95
QoS data buffer shared-area max queue ratio, 93
QCN display, 102
queue aging time setting, 57
QCN enable, 100
SP+WFQ queuing, 49
QCN maintain, 102
SP+WRR queuing, 49
QCN message format, 95
QCN protocols and standards, 99 R
queue aging time setting, 57 random early detection. Use RED
rate limit, 39, 42 rate limiting
rate limit configuration, 36 QoS rate limit, 42
rate limit display, 42 QoS rate limit display, 42
service models, 15 QoS rate limiting, 39
SP+WFQ queuing, 49 QoS rate limiting configuration, 36
SP+WRR queuing, 49 redirecting
techniques, 16 QoS traffic redirection to CPU, 75, 76
token bucket, 36 QoS traffic redirection to interface, 75, 76
traffic behavior definition, 20 routing
traffic class definition, 19 ACL configuration, 1, 4, 12

123
ACL configuration (advanced), 5 QoS models, 15
ACL configuration (basic), 4 QoS nesting configuration, 72, 73
ACL configuration (Ethernet frame header), 8 QoS overview, 15
ACL configuration (user-defined), 9 QoS policy configuration, 18
QoS congestion management configuration, 50 QoS priority marking configuration, 64, 66
QoS GTS configuration, 36 QoS techniques, 16
QoS priority mapping configuration, 26, 29 QoS traffic filtering configuration, 62, 63
QoS priority mapping priority trust mode, 31 setting
QoS priority mapping table+priority ACL packet filtering default action, 12
marking, 32 ACL packet filtering log interval, 11
QoS rate limit configuration, 36 QoS congestion management queue aging
QoS traffic policing, 42 time, 57
QoS traffic policing configuration, 36 QoS data buffer fixed-area max queue ratio, 94
rule QoS data buffer shared-area max queue ratio, 93
ACL auto match order sort, 2 shared area
ACL automatic rule numbering, 3 data buffer configuration, 91, 91
ACL automatic rule renumbering, 3 QoS data buffer max queue ratio, 93
ACL config match order sort, 2 QoS data buffer total ratio, 93
ACL naming, 2 SNMP
ACL numbering, 2 ACL switch applications, 1
ACL numbering step, 3 sorting
ACL rule numbering, 3 ACL auto match order sort, 2
S ACL config match order sort, 2
SP queuing
scheduling
classifications, 46
QoS congestion management queue
configuration, 50
scheduling profile, 55, 57, 88
SP+WFQ queuing
security
configuration, 53
ACL configuration, 1, 4, 12
SP+WRR queuing
ACL configuration (advanced), 5
configuration, 52
ACL configuration (basic), 4
statistics
ACL configuration (Ethernet frame header), 8
QoS class-based accounting configuration, 82, 83
ACL configuration (IPv4 advanced), 6
switch
ACL configuration (IPv4 basic), 4
ACL applications, 1
ACL configuration (IPv6 advanced), 7
switching
ACL configuration (IPv6 basic), 5
QoS congestion management configuration, 46
ACL configuration (user-defined), 9
service T
local precedence marking configuration, 66 tail drop (QoS), 58
QoS best-effort service model, 15 TCP
QoS congestion avoidance configuration, 58 QoS congestion avoidance RED, 58
QoS congestion management configuration, 46 QoS congestion avoidance tail drop, 58
QoS DiffServ service model, 15 Telnet
QoS global CAR configuration, 79 ACL switch applications, 1
QoS IntServ service model, 15 time

124
time range configuration, 89, 89 QoS policy application (control plane), 23
time range QoS policy application (global), 23
configuration, 89, 89 QoS policy application (user profile), 24
display, 89 QoS policy application (VLAN), 22
token bucket QoS policy configuration, 18
QoS complicated traffic evaluation, 36 QoS policy definition, 21
QoS traffic evaluation, 36, 36 QoS policy interface application, 22
QoS traffic forwarding, 36 QoS priority map, 26
traffic QoS priority mapping interface port priority, 31
ACL configuration, 1, 4, 12 QoS priority mapping map, 30
ACL configuration (advanced), 5 QoS priority mapping priority trust mode, 31
ACL configuration (Ethernet frame header), 8 QoS priority mapping process, 28
ACL configuration (user-defined), 9 QoS priority mapping table+priority marking, 32
ACL switch applications, 1 QoS priority mapping trusted port packet
local precedence marking configuration, 66 priority, 30
local QoS ID marking, 68 QoS priority marking configuration, 64, 66
QoS aggregate CAR configuration, 79, 79, 79 QoS priority trust mode, 27
QoS class-based accounting QoS rate limit, 39, 42
configuration, 82, 83 QoS rate limit configuration, 36
QoS congestion avoidance configuration, 58 QoS token bucket, 36
QoS congestion avoidance WRED QoS traffic behavior definition, 20
queue-based table, 59 QoS traffic class definition, 19
QoS congestion avoidance+ECN, 59 QoS traffic evaluation, 36
QoS congestion management, 46, See QoS traffic filtering configuration, 62, 63
also congestion management QoS traffic policing, 37, 40, 42
QoS congestion management configuration, 50 QoS traffic policing configuration, 36
QoS congestion management queue QoS traffic redirection configuration, 75, 76
scheduling profile, 55, 57, 88
traffic behavior
QoS congestion management queuing, 50
priority marking configuration, 65
QoS congestion management SP queuing, 50
traffic policing
QoS congestion management SP+WFQ
drop precedence, 64
queuing configuration, 53
drop precedence mapping, 64
QoS congestion management SP+WRR
priority marking configuration, 65
queuing configuration, 52
QoS display, 42
QoS congestion management WFQ
queuing, 51 trusted port packet priority (QoS), 30
QoS congestion management WRR U
queuing, 50
user
QoS global CAR configuration, 79
QoS policy application (user profile), 24
QoS GTS, 38, 41
QoS priority mapping user priority, 26
QoS GTS configuration, 36
user-defined ACL
QoS MQC, 18
category, 1
QoS nesting configuration, 72, 73
QoS non-MQC, 18 V
QoS overview, 15 VLAN
QoS policy application, 21

125
ACL packet filtering applicable scope (VLAN
interface), 11
QoS nesting configuration, 72, 73
QoS policy application, 21
QoS policy application (VLAN), 22
W
Web
ACL switch applications, 1
weighted
random early detection. Use WRED
WFQ queuing
bandwidth, 49
configuration, 51
WRED
configuration, 60
congestion avoidance+ECN, 59
display, 61
queue-based WRED table, 59
WRR queuing
basic queuing, 47
configuration, 50
group-based queuing, 47
Y
yellow packet
drop precedence, 64

126

IOT UNIT II New
100% (3)
IOT UNIT II New
105 pages
HP Opencall Ss7 Platform Operations Guide: For Release 3.2 On Hp-Ux Pa-Risc
No ratings yet
HP Opencall Ss7 Platform Operations Guide: For Release 3.2 On Hp-Ux Pa-Risc
430 pages
CCNA Cheat Sheet: Experts in Networking
No ratings yet
CCNA Cheat Sheet: Experts in Networking
8 pages
HP QoS
No ratings yet
HP QoS
112 pages
HPE FlexFabric 5945 Switch Series ACL and QoS Configuration Guide-Release 655x
No ratings yet
HPE FlexFabric 5945 Switch Series ACL and QoS Configuration Guide-Release 655x
138 pages
R13xx-HPE FlexNetwork 5510 HI ACL and QoS Configuration Guide-A00007121en_us
No ratings yet
R13xx-HPE FlexNetwork 5510 HI ACL and QoS Configuration Guide-A00007121en_us
106 pages
5200-8307-ACL and QoS Configuration Guide
No ratings yet
5200-8307-ACL and QoS Configuration Guide
112 pages
HPE FlexFabric 5700 Layer 2 - LAN_1
No ratings yet
HPE FlexFabric 5700 Layer 2 - LAN_1
150 pages
Manual HP 7900
No ratings yet
Manual HP 7900
159 pages
SJ-20110624091725-014 ZXR10 8900&8900E (V3.00.01) Series Switch Configuration Guide (Security)
No ratings yet
SJ-20110624091725-014 ZXR10 8900&8900E (V3.00.01) Series Switch Configuration Guide (Security)
153 pages
Download
No ratings yet
Download
136 pages
Arista ConfigGuide
No ratings yet
Arista ConfigGuide
564 pages
HPE_a00007129en_us_R13xx-HPE FlexNetwork 5510 HI Layer 2 - LAN Switching Configuration Guide
No ratings yet
HPE_a00007129en_us_R13xx-HPE FlexNetwork 5510 HI Layer 2 - LAN Switching Configuration Guide
329 pages
Switch Plugin Configuration Guide v8 16-3-2025!03!17-13-27-35
No ratings yet
Switch Plugin Configuration Guide v8 16-3-2025!03!17-13-27-35
145 pages
R13xx-HPE FlexNetwork 5510 HI Network Management and Monitoring Configuration Guide-A00007133en_us
No ratings yet
R13xx-HPE FlexNetwork 5510 HI Network Management and Monitoring Configuration Guide-A00007133en_us
341 pages
0 Notices HPE 5130 L2 Config Guide
No ratings yet
0 Notices HPE 5130 L2 Config Guide
289 pages
HPE FlexFabric 5945 Switch Series Network Management and Monitoring Configuration Guide-Release 655x
No ratings yet
HPE FlexFabric 5945 Switch Series Network Management and Monitoring Configuration Guide-Release 655x
506 pages
acl_feature_overview_guide
No ratings yet
acl_feature_overview_guide
51 pages
7
No ratings yet
7
15 pages
Manual Completo OLT Gpon FHL208B
No ratings yet
Manual Completo OLT Gpon FHL208B
186 pages
P2 - ACls (Seemeen Patel-CS23016)
No ratings yet
P2 - ACls (Seemeen Patel-CS23016)
19 pages
VLAN Configuration Examples (PDFDrive)
No ratings yet
VLAN Configuration Examples (PDFDrive)
1,121 pages
MN 7204BRA UserGuide
No ratings yet
MN 7204BRA UserGuide
204 pages
Advanced Traffic Management Guide
100% (1)
Advanced Traffic Management Guide
460 pages
CCNA 200 301 Portable Command Guide 5th Edition by Scott Empson 0135937825 9780135937822 download
100% (2)
CCNA 200 301 Portable Command Guide 5th Edition by Scott Empson 0135937825 9780135937822 download
71 pages
Flexfabric 5940 Series
No ratings yet
Flexfabric 5940 Series
334 pages
HPE FlexFabric 5945 Switch Series Network Management and Monitoring Configuration Guide-A00098731en - Us
No ratings yet
HPE FlexFabric 5945 Switch Series Network Management and Monitoring Configuration Guide-A00098731en - Us
513 pages
Configure A DHCP
No ratings yet
Configure A DHCP
15 pages
HP 5130 EI Switch Series ACL and QoS Command Reference-Release 31xx
No ratings yet
HP 5130 EI Switch Series ACL and QoS Command Reference-Release 31xx
115 pages
Barracuda Firewall (PDFDrive)
No ratings yet
Barracuda Firewall (PDFDrive)
339 pages
P2 - Acl
No ratings yet
P2 - Acl
19 pages
HP OCMP Operation Guide
No ratings yet
HP OCMP Operation Guide
320 pages
Dell Powerconnect 5548 Users Guide
No ratings yet
Dell Powerconnect 5548 Users Guide
728 pages
H3C Fixed Port Campus Network
No ratings yet
H3C Fixed Port Campus Network
32 pages
HPE - c03191756 - R2207-HP 5900 Layer 2 - LAN Switching Configuration Guide
No ratings yet
HPE - c03191756 - R2207-HP 5900 Layer 2 - LAN Switching Configuration Guide
200 pages
HPE FlexFabric 5945 Switch Series Configuration Guides Index
No ratings yet
HPE FlexFabric 5945 Switch Series Configuration Guides Index
630 pages
CommandReference NET126 SRWEv7
No ratings yet
CommandReference NET126 SRWEv7
33 pages
Introducing ACL Operation: Access Control Lists
No ratings yet
Introducing ACL Operation: Access Control Lists
38 pages
Netgear GS752TXS User Manual
No ratings yet
Netgear GS752TXS User Manual
318 pages
Brocade ServerIron ADX Administration Guide Supporting Brocade ServerIron ADX Version 12.5.02
No ratings yet
Brocade ServerIron ADX Administration Guide Supporting Brocade ServerIron ADX Version 12.5.02
208 pages
ZebOS Core Configuration Guide Version 75
No ratings yet
ZebOS Core Configuration Guide Version 75
84 pages
CCNAv3.3 210
No ratings yet
CCNAv3.3 210
52 pages
R13xx-HPE FlexNetwork 5510 HI Security Configuration Guide-A00007135en_us
No ratings yet
R13xx-HPE FlexNetwork 5510 HI Security Configuration Guide-A00007135en_us
613 pages
BrocadeConfigurationCheatSheet v0.6.2
No ratings yet
BrocadeConfigurationCheatSheet v0.6.2
2 pages
Network&Monitoring Conf Guide
No ratings yet
Network&Monitoring Conf Guide
234 pages
5200-8302-LAN Switching Configuration Guide
No ratings yet
5200-8302-LAN Switching Configuration Guide
414 pages
99-Book 723611 1285 0
No ratings yet
99-Book 723611 1285 0
745 pages
ConfigGuide Arista
No ratings yet
ConfigGuide Arista
742 pages
PC55xx UserGuide
No ratings yet
PC55xx UserGuide
739 pages
Sybex CCNA 640-802 Chapter 12
No ratings yet
Sybex CCNA 640-802 Chapter 12
30 pages
HP Guide
No ratings yet
HP Guide
263 pages
00d2331 Application Guide EN4093
No ratings yet
00d2331 Application Guide EN4093
488 pages
SIC Practical3 by STUD - Talks
No ratings yet
SIC Practical3 by STUD - Talks
10 pages
Access Control List
No ratings yet
Access Control List
9 pages
HPE FlexFabric 5945 Switch Series Security Configuration Guide-Release 655x
No ratings yet
HPE FlexFabric 5945 Switch Series Security Configuration Guide-Release 655x
733 pages
Ccna R&S 200-125 PDF
No ratings yet
Ccna R&S 200-125 PDF
168 pages
HP 830 Series PoE+ Unified Wired-WLAN Layer 3 Configuration Guide
No ratings yet
HP 830 Series PoE+ Unified Wired-WLAN Layer 3 Configuration Guide
152 pages
5200 8298 Configuration Guides Index
No ratings yet
5200 8298 Configuration Guides Index
563 pages
AZ-801 Exam Prep: Configuring Windows Server Hybrid Services
From Everand
AZ-801 Exam Prep: Configuring Windows Server Hybrid Services
Steve Brown
No ratings yet
PLC Programming & Implementation: An Introduction to PLC Programming Methods and Applications
From Everand
PLC Programming & Implementation: An Introduction to PLC Programming Methods and Applications
Ojula Technology Innovations
No ratings yet
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
From Everand
Google Cloud Professional Cloud Security Engineer 100+ Practice Exam Questions with Detailed Answers
vivian njoroge
No ratings yet
Check Point Currency ExchangeDo Not Remove
No ratings yet
Check Point Currency ExchangeDo Not Remove
2 pages
CPLease - Do Not - Erase
No ratings yet
CPLease - Do Not - Erase
2 pages
VSZ D 6.0.0 ConfigurationGuide RevF 20210405
No ratings yet
VSZ D 6.0.0 ConfigurationGuide RevF 20210405
106 pages
Ruckus Smartzone Cluster Redundancy Deployment Guide
No ratings yet
Ruckus Smartzone Cluster Redundancy Deployment Guide
34 pages
Ds Ruckus r610
No ratings yet
Ds Ruckus r610
5 pages
Ruijie RG-MACC-BASE - 3.2 - Build20180929 User Guide
No ratings yet
Ruijie RG-MACC-BASE - 3.2 - Build20180929 User Guide
90 pages
Phone Process
No ratings yet
Phone Process
1 page
Nse4 fgt-7.2 9 2
No ratings yet
Nse4 fgt-7.2 9 2
10 pages
dam_kvm_installation_guide_12-27-2024
No ratings yet
dam_kvm_installation_guide_12-27-2024
22 pages
IP Address Classes
No ratings yet
IP Address Classes
7 pages
Difference Between IPv4 and IPv6
No ratings yet
Difference Between IPv4 and IPv6
2 pages
h3c s5500v2 - ei-Cmw710-r6628p40 版本说明书（软件特性变更说明）
No ratings yet
h3c s5500v2 - ei-Cmw710-r6628p40 版本说明书（软件特性变更说明）
64 pages
Windows Server Networking
No ratings yet
Windows Server Networking
1,390 pages
ACN Chapter 2 - Part 2 Notes by Ur Engineering Friend
No ratings yet
ACN Chapter 2 - Part 2 Notes by Ur Engineering Friend
11 pages
OSI Model From Layer 1 to Layer 3
No ratings yet
OSI Model From Layer 1 to Layer 3
10 pages
15.4.8 Lab - Observe Dns Resolution
No ratings yet
15.4.8 Lab - Observe Dns Resolution
9 pages
Appendix
No ratings yet
Appendix
72 pages
Lesson 102.5 - Configuring Network Addresses and Internet Connections
No ratings yet
Lesson 102.5 - Configuring Network Addresses and Internet Connections
41 pages
CN Unit III
No ratings yet
CN Unit III
40 pages
HPE6-A85 Aruba Certified Campus Access Associate Exam Updated Dumps
No ratings yet
HPE6-A85 Aruba Certified Campus Access Associate Exam Updated Dumps
14 pages
Network and Security Iti
No ratings yet
Network and Security Iti
64 pages
CNCC Question Bank MRM 2K22
No ratings yet
CNCC Question Bank MRM 2K22
7 pages
Nova233 Installation Guide
No ratings yet
Nova233 Installation Guide
28 pages
b ACI-Fundamentals Chapter 010001 -POLICY MODEL
No ratings yet
b ACI-Fundamentals Chapter 010001 -POLICY MODEL
40 pages
Unit 4
No ratings yet
Unit 4
173 pages
DS 3E2528B Gigabit Industrial Switch
No ratings yet
DS 3E2528B Gigabit Industrial Switch
6 pages
Huawei - Pre .H12-811 V1.0.48q-DEMO
No ratings yet
Huawei - Pre .H12-811 V1.0.48q-DEMO
11 pages
IoT Lesson Plan
No ratings yet
IoT Lesson Plan
2 pages
Networking Cheat Sheet - by Codelivly
No ratings yet
Networking Cheat Sheet - by Codelivly
5 pages
4FE (GE) +2POTS+WiFi GPON HGU USER MANUAL - v1.2 - 1674672255
No ratings yet
4FE (GE) +2POTS+WiFi GPON HGU USER MANUAL - v1.2 - 1674672255
75 pages
Modul 1
No ratings yet
Modul 1
10 pages
CCNA Practicle Quiz-G4
No ratings yet
CCNA Practicle Quiz-G4
5 pages
Belimo Webserver Manual Energy Valve TEM En-Gb
No ratings yet
Belimo Webserver Manual Energy Valve TEM En-Gb
36 pages
TP1 Wifi. 2023
No ratings yet
TP1 Wifi. 2023
8 pages
Unit 2_ MOBILE COMPUTING
No ratings yet
Unit 2_ MOBILE COMPUTING
32 pages