if-match
Use if-match to define a match criterion.
Use undo if-match to delete a match criterion.
Syntax
if-match [ not ] match-criteria
undo if-match [ not ] match-criteria
Default
No match criterion is configured.
Views
Traffic class view
Predefined user roles
network-admin
Parameters
not: Matches packets that do not conform to the specified criterion.
match-criteria: Specifies a match criterion. Table 16 shows the available match criteria.
Table 16: Available match criteria
Option | Description |
|---|---|
acl [ ipv6 ] { acl-number | name acl-name } | Matches an ACL. The value range for the acl-number argument is 2000 to 5999 for IPv4 ACLs and 2000 to 5999 for IPv6 ACLs. The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all. |
app-group group-name | Matches an application group. The group-name argument specifies a system-defined application group by its name. |
application app-name | Matches an application. The app-name argument specifies a system-defined application by its name. |
any | Matches all packets. |
classifier classifier-name | Matches a class. The classifier-name argument specifies a class by its name. |
control-plane protocol protocol-name&<1-8> | Matches control plane protocols. The protocol-name&<1-8> argument specifies a space-separated list of up to eight system-defined control plane protocols. For available system-defined control plane protocols, see Table 17. |
control-plane protocol-group protocol-group-name | Matches a control plane protocol group. The protocol-group-name argument can be critical, exception, important, management, monitor, normal, or redirect. |
customer-dot1p dot1p-value&<1-8> | Matches 802.1p priority values in inner VLAN tags of double-tagged packets. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7. |
customer-vlan-id vlan-id-list | Matches VLAN IDs in inner VLAN tags of double-tagged packets. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be greater than or equal to the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. |
destination-mac mac-address | Matches a destination MAC address. |
dscp dscp-value&<1-8> | Matches DSCP values. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 19. |
inbound-interface interface-type interface-number | Matches an input interface specified by its type and number. |
ip-precedence ip-precedence-value&<1-8> | Matches IP precedence values. The ip-precedence-value&<1-8> argument specifies a space-separated list of up to eight IP precedence values. The value range for the ip-precedence-value argument is 0 to 7. |
local-precedence local-precedence-value&<1-8> | Matches local precedence values. The local-precedence-value&<1-8> argument specifies a space-separated list of up to eight local precedence values. The value range for the local-precedence-value argument is 0 to 7. |
mpls-exp exp-value&<1-8> | Matches MPLS EXP values. The exp-value&<1-8> argument specifies a space-separated list of up to eight EXP values. The value range for the exp-value argument is 0 to 7. |
packet-length { min min-value | max max-value } * | Matches the packet length. The min-value argument specifies the minimum packet length in bytes. The max-value argument specifies the maximum packet length in bytes. |
protocol protocol-name | Matches a protocol. The protocol-name argument can be arp, ip, or ipv6. |
qos-local-id local-id-value | Matches a local QoS ID in the range of 1 to 4095. |
rtp start-port start-port-number end-port end-port-number | Matches RTP protocol ports. The value ranges for the start-port-number and end-port-number arguments are both 2000 to 65535. This criterion matches RTP packets with an even UDP destination port number in the specified RTP port number range. |
source-mac mac-address | Matches a source MAC address. |
Table 17: Available system-defined control plane protocols
Protocol | Description |
|---|---|
default | Protocol packets other than the following packet types |
arp | ARP packets |
arp-snooping | ARP snooping packets |
bgp | BGP packets |
bgp4+ | IPv6 BGP packets |
ftp | FTP packets |
http | HTTP packets |
https | HTTPS packets |
icmp | ICMP packets |
icmpv6 | ICMPv6 packets |
igmp | IGMP packets |
isis | IS-IS packets |
ldp | LDP packets |
ldp6 | IPv6 LDP packets |
msdp | MSDP packets |
ntp | NTP packets |
oam | OAM packets |
ospf-multicast | OSPF multicast packets |
ospf-unicast | OSPF unicast packets |
ospf3-multicast | OSPFv3 multicast packets |
ospf3-unicast | OSPFv3 unicast packets |
pim-multicast | PIM multicast packets |
pim-unicast | PIM unicast packets |
pim6-multicast | IPv6 PIM multicast packets |
pim6-unicast | IPv6 PIM unicast packets |
radius | RADIUS packets |
rip | RIP packets |
ripng | RIPng packets |
rsvp | RSVP packets |
snmp | SNMP packets |
ssh | SSH packets |
tacacs | TACACS packets |
telnet | Telnet packets |
tftp | TFTP packets |
vrrp | VRRP packets |
vrrp6 | IPv6 VRRP packets |
Usage guidelines
In a traffic class with the logical OR operator, you can configure multiple if match commands for any of the available match criteria.
When you configure ACL-based match criteria, follow these restrictions and guidelines:
If the ACL used as a match criterion does not exist, the traffic class cannot be applied to hardware.
In a traffic class, you can add two if-match statements that use the same ACL as the match criterion. In one statement, specify the ACL by its name. In the other statement, specify the ACL by its number.
If the ACL contains deny rules, the if-match command is ignored and the matching process continues.
The source MAC address and destination MAC address match criteria are applicable only to Ethernet interfaces.
You can use both AND and OR operators to define the match relationships between the criteria for a class. For example, you can define relationships among three match criteria in traffic class classA as follows:
traffic classifier classB operator and if-match criterion 1 if-match criterion 2 traffic classifier classA operator or if-match criterion 3 if-match classifier classB
When you configure the packet length match criterion, follow these restrictions and guidelines:
If you configure only the min min-value option, the match criterion matches packets longer than min-value.
If you configure only the max max-value option, the match criterion matches packets shorter than max-value.
If you configure both min min-value and max max-value (max-value must be greater than min-value), the match criterion matches packets longer than min-value and shorter than max-value.
When you configure a match criterion that can have multiple values in one if-match command, follow these restrictions and guidelines:
You can specify up to eight values for any of the following match criteria in one if-match command:
Control plane protocol.
802.1p priority.
DSCP.
IP precedence.
Local precedence.
MPLS EXP.
VLAN ID.
If a packet matches one of the specified values, it matches the if-match command.
To delete a criterion that has multiple values, the specified values in the undo if-match command must be identical with those specified in the if-match command. The order of the values can be different.
When you configure the MPLS EXP match criterion, follow these additional restrictions and guidelines:
The MPLS EXP match criterion takes effect only on MPLS packets.
For software forwarding QoS, MPLS packets do not support IP-related match criteria.
For the VLAN ID match criterion, you can use the VLAN ID in the outer VLAN tag to match single-tagged packets.
Examples
# Define a match criterion for traffic class class1 to match the packets with a destination MAC address of 0050-ba27-bed3.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3
# Define a match criterion for traffic class class2 to match the packets with a source MAC address of 0050-ba27-bed2.
<Sysname> system-view [Sysname] traffic classifier class2 [Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2
# Define a match criterion for traffic class class1 to match the double-tagged packets with 802.1p priority 3 in the inner VLAN tag.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3
# Define a match criterion for traffic class class1 to match the advanced ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 3101
# Define a match criterion for traffic class class1 to match the ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow
# Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 3101
# Define a match criterion for traffic class class1 to match the IPv6 ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 name flow
# Define a match criterion for traffic class class1 to match all packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match any
# Define a match criterion for traffic class class1 to match the packets with a DSCP value of 1, 6, or 9.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match dscp 1 6 9
# Define a match criterion for traffic class class1 to match the packets with an IP precedence value of 1 or 6.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match ip-precedence 1 6
# Define a match criterion for traffic class class1 to match the packets with a local precedence value of 1 or 6.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match local-precedence 1 6
# Define a match criterion for traffic class class1 to match IP packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match protocol ip
# Define a match criterion for traffic class class1 to match the RTP packets with even UDP destination port numbers in the range of 16384 to 32767.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match rtp start-port 16384 end-port 32767
# Define a match criterion for traffic class class1 to match double-tagged packets with VLAN ID 1, 6, or 9 in the inner VLAN tag.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-vlan-id 1 6 9
# Define a match criterion for traffic class class1 to match the packets with a local QoS ID of 3.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match qos-local-id 3
# Define a match criterion for traffic class class1 to match the packets of the application group multimedia.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match app-group multimedia
# Define a match criterion for traffic class class1 to match the packets of the application 3link.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match app-name 3link
# Define a match criterion for traffic class class1 to match ARP protocol packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol arp
# Define a match criterion for traffic class class1 to match packets of the protocols in protocol group normal.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol-group normal
# Define a match criterion for traffic class class1 to match packets with the length in the range of 100 to 200 bytes.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match packet-length min 100 max 200