if-match
Use if-match to define a match criterion.
Use undo if-match to delete a match criterion.
Syntax
if-match match-criteria
undo if-match match-criteria
Default
No match criterion is configured.
Views
Traffic class view
Predefined user roles
network-admin
mdc-admin
Parameters
match-criteria: Specifies a match criterion. Table 18 shows the available match criteria.
Table 18: Available match criteria
Option | Description |
---|---|
acl [ ipv6 ] { acl-number | name acl-name } | Matches an ACL. The acl-number argument ranges from 2000 to 5999 for an IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6 ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter, and to avoid confusion, it cannot be all. If a QoS policy references a user-defined ACL for traffic classification, the user-defined ACL takes effect only when the QoS policy is applied to the inbound direction. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses IPv6 ACLs or user-defined ACLs as match criteria. |
control-plane protocol protocol-name&<1-8> | Matches the control plane protocols. The protocol-name&<1-8> argument is a list of system-defined control plane protocols. For available system-defined control plane protocols, see Table 19. &<1-8> indicates that you can enter up to eight system-defined control plane protocols. If a QoS policy that uses this match criterion in a class is to be applied to the control plane, the class cannot use any other match criterion, and the traffic behavior for the class can only have the rate limiting action (configured by using the packet-rate command). If a QoS policy that uses this match criterion in a class is to be applied to the management interface control plane, the class cannot use any other match criterion, and the traffic behavior for the class can only have the traffic policing action (configured by using the car command). |
customer-dot1p dot1p-value&<1-8> | Matches the 802.1p priority of the customer network. The dot1p-value&<1-8> argument is a list of 802.1p priority values. An 802.1p priority ranges from 0 to 7. &<1-8> indicates that you can enter up to eight 802.1p priority values. This option is not supported in a global or VLAN QoS policy. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the 802.1p priority values of the customer network as match criteria. |
customer-vlan-id vlan-id-list | Matches the customer VLAN IDs (CVLANs). The vlan-id-list argument is in the format of vlan-id-list = { vlan-id | vlan-id1 to vlan-id2 }&<1-10>, where the vlan-id, vlan-id1, and vlan-id2 arguments represent the VLAN IDs and each range from 1 to 4094, vlan-id1 must be no greater than vlan-id2, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. This option is not supported in a global or VLAN QoS policy. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the VLAN IDs of customer networks as match criteria. |
destination-mac mac-address | Matches a destination MAC address. On an EB, or FD card operating in basic ACL mode:
|
dscp dscp-value&<1-8> | Matches DSCP values. The dscp-value&<1-8> argument is a list of DSCP values. A DSCP value can be a number in the range of 0 to 63 or can be a keyword shown in Table 22. &<1-8> indicates that you can enter up to eight DSCP values. |
forwarding-layer { bridge | route } | Matches Layer 2 forwarded packets or Layer 3 forwarded packets. Specify the bridge keyword to match Layer 2 forwarded packets or the route keyword to match Layer 3 forwarded packets. |
inbound-interface interface-type interface-number | Matches an incoming interface specified by its type and number. A QoS policy configured with this match criterion can only be applied to control planes. To apply the QoS policy successfully, make sure the inbound interface specified and the control plane to which you apply the QoS policy belong to the same card. When you use this match criterion for a class, you can only configure a traffic filtering (filter) or traffic policing (car) action in the behavior associated with the class. |
ip-precedence ip-precedence-value&<1-8> | Matches IP precedence. The ip-precedence-value&<1-8> argument is a list of IP precedence values. An IP precedence ranges from 0 to 7. &<1-8> indicates that you can enter up to eight IP precedence values. |
mpls-exp exp-value&<1-8> | Matches MPLS EXP values. The exp-value&<1-8> argument is a list of EXP values. An EXP value ranges from 0 to 7. &<1-8> indicates that you can enter up to eight EXP values. On EB, or FD card operating in basic ACL mode, a QoS policy applied to the outgoing traffic does not support a class that uses the MPLS EXP values as match criteria. |
mpls-label { label-value&<1-8> | label-value1 to label-value2 } | Matches MPLS labels. The label-value&<1-8> argument specifies a list of MPLS label values. &<1-8> indicates that you can enter up to eight MPLS label values. label-value1 to label-value2 specifies an MPLS label value range, where label-value1 must be smaller than label-value2. An MPLS label value ranges from 1 to 1048575. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the MPLS labels as match criteria. |
protocol protocol-name | Matches a protocol. The protocol-name argument can be ARP, IP, or IPv6. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the IPv6 protocol as the match criterion. |
second-mpls-exp exp-value&<1-8> | Matches inner MPLS EXP values. The exp-value&<1-8> argument is a list of EXP values. An EXP value ranges from 0 to 7. &<1-8> indicates that you can enter up to eight inner MPLS EXP values. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the inner MPLS EXP values as match criteria. |
second-mpls-label { label-value&<1-8> | label-value1 to label-value2 } | Matches inner MPLS labels. The label-value&<1-8> argument specifies a list of MPLS label values. &<1-8> indicates that you can enter up to eight inner MPLS label values. label-value1 to label-value2 specifies an MPLS label range, where label-value1 must be smaller than label-value2. An MPLS label ranges from 1 to 1048575. On an EB, or FD card operating in basic ACL mode, a QoS policy does not support a class that uses the inner MPLS labels as match criteria. |
service-dot1p dot1p-value&<1-8> | Matches the 802.1p priority of the service provider network. The dot1p-value&<1-8> argument is a list of 802.1p priority values. An 802.1p priority ranges from 0 to 7. &<1-8> indicates that you can enter up to eight 802.1p priority values. |
service-vlan-id vlan-id-list | Matches the service provider VLAN IDs (SVLANs). The vlan-id-list argument is in the format of vlan-id-list = { vlan-id | vlan-id1 to vlan-id2 }&<1-10>, where the vlan-id, vlan-id1, and vlan-id2 arguments represent the VLAN IDs and each range from 1 to 4094, vlan-id1 must be no greater than vlan-id2, and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. |
source-mac mac-address | Matches a source MAC address. On an EB, or FD card operating in basic ACL mode:
|
Table 19: Available system-defined control plane protocols
Protocol | Description |
---|---|
default | Protocol packets other than those listed in this table |
arp | ARP packets |
bgp | BGP packets |
bgp4+ | IPv6 BGP packets |
dhcp | DHCP packets |
dhcp-snooping | DHCP snooping packets |
dhcp6 | IPv6 DHCP packets |
dldp | DLDP packets |
ftp | FTP packets |
mvrp | MVRP packets |
http | HTTP packets |
https | HTTPS packets |
icmp | ICMP packets |
icmp6 | IPv6 ICMP packets |
igmp | IGMP packets |
isis | IS-IS packets |
lacp | LACP packets |
ldp | LDP packets |
lldp | LLDP packets |
mld | MLD packets |
ntp | NTP packets |
oam | OAM packets |
ospf-multicast | OSPF multicast packets |
ospf-unicast | OSPF unicast packets |
ospf3-multicast | OSPFv3 multicast packets |
ospf3-unicast | OSPFv3 unicast packets |
pim-multicast | PIM multicast packets |
pim-unicast | PIM unicast packets |
pim6-multicast | IPv6 PIM multicast packets |
pim6-unicast | IPv6 PIM unicast packets |
portal | Portal packets |
radius | RADIUS packets |
rip | RIP packets |
ripng | RIPng packets |
snmp | SNMP packets |
ssh | SSH packets |
stp | STP packets |
tacacs | TACACS packets |
telnet | Telnet packets |
tftp | TFTP packets |
udp-helper | UDP helper packets |
vrrp | VRRP packets |
Usage guidelines
When defining match criteria, use the usage guidelines described in these subsections.
Defining an ACL-based match criterion
If the ACL referenced in the if-match command does not exist, the traffic class cannot be applied to hardware.
You can configure multiple ACLs for a class.
For a class with the operator as OR, you can reference an ACL twice, respectively by its name and number. For a class with the operator as AND, you can reference an ACL only once by its name or number.
The deny action in an ACL rule means not executing the behavior of the corresponding class-behavior association, and the permit action in an ACL rule means executing the behavior of the corresponding class-behavior association.
Defining a criterion to match a destination MAC address
You can configure multiple destination MAC address match criteria for a traffic class.
A destination MAC address match criterion is significant only to Ethernet interfaces.
Defining a criterion to match a source MAC address
You can configure multiple source MAC address match criteria for a traffic class.
A criterion to match a source MAC address is significant only to Ethernet interfaces.
Defining a criterion to match DSCP values
You can configure multiple DSCP match criteria for a traffic class. All defined DSCP values are automatically sorted in ascending order.
You can configure up to eight DSCP values in one command line. If the same DSCP value is specified multiple times, the system considers the values as one. If a packet matches one of the defined DSCP values, it matches the if-match clause.
To delete a criterion that matches DSCP values, the specified DSCP values must be identical with those defined in the criterion (the sequence can be different).
Defining a criterion to match 802.1p priority in customer or service provider VLAN tags
You can configure multiple 802.1p priority match criteria for a traffic class. All the defined 802.1p values are automatically arranged in ascending order.
You can configure up to eight 802.1p priority values in one command line. If the same 802.1p priority value is specified multiple times, the system considers the values as one. If a packet matches one of the defined 802.1p priority values, it matches the if-match clause.
To delete a criterion that matches 802.1p priority values, the specified 802.1p priority values in the command must be identical with those defined in the criterion (the sequence can be different).
Defining a criterion to match IP precedence values
You can configure multiple IP precedence match criteria for a traffic class. The defined IP precedence values are automatically arranged in ascending order.
You can configure up to eight IP precedence values in one command line. If the same IP precedence value is specified multiple times, the system considers the values as one. If a packet matches one of the defined IP precedence values, it matches the if-match clause.
To delete a criterion that matches IP precedence values, the specified IP precedence values in the command must be identical with those defined in the criterion (the sequence can be different).
Defining a criterion to match MPLS EXP values
You can configure multiple MPLS EXP match criteria for a traffic class. The defined MPLS EXP values are automatically arranged in ascending order.
You can configure up to eight MPLS EXP values in one command line. If the same MPLS EXP value is specified multiple times, the system considers the values as one. If a packet matches one of the defined MPLS EXP values, it matches the if-match clause.
To delete a criterion that matches MPLS EXP values, the specified MPLS EXP values in the command must be identical with those defined in the criterion (the sequence can be different).
The MPLS EXP field exists only in MPLS packets, so this match criterion takes effect for only the MPLS packets.
As for software forwarding QoS, MPLS packets do not support IP-related matching rules.
Defining a criterion to match MPLS labels
You can configure multiple MPLS label match criteria for a traffic class. The defined MPLS labels are automatically arranged in ascending order.
You can configure multiple MPLS label values in one command. If the same MPLS label value is specified multiple times, the system considers the values as one. If a packet matches one of the defined MPLS label values, it matches the if-match clause.
To delete a criterion that matches MPLS label values, the specified MPLS label values in the command must be identical with those defined in the criterion (the sequence can be different).
Defining a criterion to match CVLANs or SVLANs
You can configure multiple VLAN ID match criteria for a traffic class. The defined VLAN IDs are automatically arranged in ascending order.
You can configure multiple VLAN IDs in one command line. If the same VLAN ID is specified multiple times, the system considers the VLAN IDs as one. If a packet matches one of the defined VLAN IDs, it matches the if-match clause.
To delete a criterion that matches VLAN IDs, the specified VLAN IDs in the command must be identical with those defined in the criterion (the sequence can be different).
Defining a criterion to match control plane protocols
You can configure multiple control plane protocol match criteria for a traffic class.
You can configure up to eight control plane protocols in one command line for a class with the operator as OR. If the same control plane protocol is specified multiple times, the system considers them as one. If a packet matches one of the defined control plane protocols, it matches the if-match clause.
To delete a criterion that matches control plane protocols, the specified control plane protocols in the command must be identical with those defined in the criterion (the sequence can be different).
If you specify different rate limit values for the same protocol in multiple class-behavior associations, the smallest rate limit value takes effect.
Examples
# Define a match criterion for traffic class class1 to match the packets with 0050-ba27-bed3 as their destination MAC address.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3
# Define a match criterion for traffic class class2 to match the packets with 0050-ba27-bed2 as their source MAC address.
<Sysname> system-view [Sysname] traffic classifier class2 [Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2
# Define a match criterion for traffic class class1 to match the packets with a customer network 802.1p priority of 3.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3
# Define a match criterion for traffic class class1 to match the packets with a service provider network 802.1p priority of 5.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match service-dot1p 5
# Define a match criterion for traffic class class1 to match the advanced ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 3101
# Define a match criterion for traffic class class1 to match the ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow
# Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 3101
# Define a match criterion for traffic class class1 to match the IPv6 ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 name flow
# Define a match criterion for traffic class class1 to match the packets with a DSCP value of 1.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match dscp 1
# Define a match criterion for traffic class class1 to match the packets with an IP precedence value of 6.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match ip-precedence 6
# Define a match criterion for traffic class class1 to match the packets with a local precedence value of 1.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match local-precedence 1
# Define a match criterion for traffic class class1 to match IP packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match protocol ip
# Define a match criterion for traffic class class1 to match the packets of customer network VLAN 6.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-vlan-id 6
# Define a match criterion for traffic class class1 to match the packets of service provider network VLAN 7.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match service-vlan-id 7
# Define a match criterion for traffic class class1 to match packets with an MPLS label of 1.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match mpls-label 1
# Define a match criterion for traffic class class1 to match Layer 2 forwarded packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match forwarding-layer bridge
# Define a match criterion for the traffic class class1 to match ARP packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol arp