if-match
Use if-match to define a match criterion.
Use undo if-match to delete a match criterion.
Syntax
if-match match-criteria
undo if-match match-criteria
Default
No match criterion is configured.
Views
Traffic class view
Predefined user roles
network-admin
Parameters
match-criteria: Specifies a match criterion. Table 17 shows the available match criteria.
Table 17: Available match criteria
Option | Description |
|---|---|
acl [ ipv6 ] { acl-number | name acl-name } | Matches an ACL. The acl-number argument has the following value ranges:
The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all. |
any | Matches all packets. |
control-plane protocol protocol-name&<1-8> | Matches control plane protocols. The protocol-name&<1-8> argument specifies a space-separated list of up to eight system-defined control plane protocols. For available system-defined control plane protocols, see Table 18. |
control-plane protocol-group protocol-group-name | Matches a control plane protocol group. The protocol-group-name argument can be critical, important, management, monitor, normal, or redirect. |
customer-dot1p dot1p-value&<1-8> | Matches 802.1p priority values in inner VLAN tags of double-tagged packets. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7. |
customer-vlan-id vlan-id-list | Matches VLAN IDs in inner VLAN tags of double-tagged packets. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be greater than or equal to the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. |
destination-mac mac-address | Matches a destination MAC address. |
dscp dscp-value&<1-8> | Matches DSCP values. The dscp-value&<1-8> argument specifies a space-separated list of up to eight DSCP values. The value range for the dscp-value argument is 0 to 63 or keywords shown in Table 20. |
ip-precedence ip-precedence-value&<1-8> | Matches IP precedence values. The ip-precedence-value&<1-8> argument specifies a space-separated list of up to eight IP precedence values. The value range for the ip-precedence-value argument is 0 to 7. |
protocol protocol-name | Matches a protocol. The protocol-name argument can be ip or ipv6. |
qos-local-id local-id-value | Matches a local QoS ID in the range of 1 to 4095. The switch supports local QoS IDs in the range of 1 to 3999. |
service-dot1p dot1p-value&<1-8> | Matches 802.1p priority values in outer VLAN tags. The dot1p-value&<1-8> argument specifies a space-separated list of up to eight 802.1p priority values. The value range for the dot1p-value argument is 0 to 7. |
service-vlan-id vlan-id-list | Matches VLAN IDs in outer VLAN tags. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN or a range of VLANs in the form of vlan-id1 to vlan-id2. The value for vlan-id2 must be greater than or equal to the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. |
source-mac mac-address | Matches a source MAC address. |
Table 18: Available system-defined control plane protocols
Protocol | Description |
|---|---|
arp | ARP packets |
arp-snooping | ARP snooping packets |
bpdu-tunnel | BPDU tunnel packets |
dhcp | DHCP packets |
dhcp-snooping | DHCP snooping packets |
dhcp6 | IPv6 DHCP packets |
dldp | DLDP packets |
dot1x | 802.1X packets |
mvrp | MVRP packets (including GVRP packets) |
http | HTTP packets |
https | HTTPS packets |
icmp | ICMP packets |
icmp6 | ICMPv6 packets |
ip-option | IPv4 packets with the Options field |
ipv6-option | IPv6 packets with the Options field |
lacp | LACP packets |
lldp | LLDP packets |
ssh | SSH packets |
stp | STP packets |
telnet | Telnet packets |
Usage guidelines
If a traffic class in a QoS policy includes the customer-vlan-id match criterion, the QoS policy can be applied only to interfaces.
If a traffic class includes both the control-plane protocol or control-plane protocol-group criterion and other criteria, the QoS policy that contains the traffic class cannot be applied correctly.
If any traffic class in a QoS policy includes the control-plane protocol or control-plane protocol-group match criterion, the QoS policy can be applied only to a control plane.
For single-tagged packets, you can use the service-vlan-id criterion to match them.
To configure multiple values for a match criterion, perform the following tasks:
Set the logical operator to OR.
Configure multiple if-match commands for the match criterion.
For the customer-vlan-id and service-vlan-id match criteria, you can configure multiple values in one if-match command when the logical operator is OR or AND.
To delete multiple values configured in one if-match command, make sure the values specified in the undo if-match command are the same as the configured values. The order of the values can be different.
When you configure ACL-based match criteria for a traffic class, follow these restrictions and guidelines:
If the ACL used as a match criterion does not exist, the QoS policy that uses the traffic class cannot be applied correctly.
You can add two if-match statements that use the same ACL as the match criterion. In one statement, specify the ACL by its name. In the other statement, specify the ACL by its number.
If the configured logical operator is AND for the traffic class, the actual logical operator for the rules in an ACL is OR.
Examples
# Define a match criterion for traffic class class1 to match the packets with a destination MAC address of 0050-ba27-bed3.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match destination-mac 0050-ba27-bed3
# Define a match criterion for traffic class class2 to match the packets with a source MAC address of 0050-ba27-bed2.
<Sysname> system-view [Sysname] traffic classifier class2 [Sysname-classifier-class2] if-match source-mac 0050-ba27-bed2
# Define a match criterion for traffic class class1 to match double-tagged packets with 802.1p priority 3 in inner VLAN tags.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3
# Define a match criterion for traffic class class1 to match the packets with 802.1p priority 5 in outer VLAN tags.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match service-dot1p 5
# Define a match criterion for traffic class class1 to match the advanced ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 3101
# Define a match criterion for traffic class class1 to match the ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl name flow
# Define a match criterion for traffic class class1 to match the advanced IPv6 ACL 3101.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 3101
# Define a match criterion for traffic class class1 to match the IPv6 ACL named flow.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 name flow
# Define a match criterion for traffic class class1 to match all packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match any
# Define a match criterion for traffic class class1 to match the packets with a DSCP value of 1, 6, or 9.
<Sysname> system-view [Sysname] traffic classifier class1 operator or [Sysname-classifier-class1] if-match dscp 1 [Sysname-classifier-class1] if-match dscp 6 [Sysname-classifier-class1] if-match dscp 9
# Define a match criterion for traffic class class1 to match the packets with an IP precedence value of 1 or 6.
<Sysname> system-view [Sysname] traffic classifier class1 operator or [Sysname-classifier-class1] if-match ip-precedence 1 [Sysname-classifier-class1] if-match ip-precedence 6
# Define a match criterion for traffic class class1 to match IP packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match protocol ip
# Define a match criterion for traffic class class1 to match double-tagged packets with VLAN ID 1, 6, or 9 in inner VLAN tags.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-vlan-id 1 6 9
# Define a match criterion for traffic class class1 to match the packets with VLAN ID 2, 7, or 10 in outer VLAN tags.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match service-vlan-id 2 7 10
# Define a match criterion for traffic class class1 to match the packets with a local QoS ID of 3.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match qos-local-id 3
# Define a match criterion for traffic class class1 to match ARP protocol packets.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol arp
# Define a match criterion for traffic class class1 to match packets of the protocols in protocol group normal.
<Sysname> system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match control-plane protocol-group normal