Summary

The Cloud Router Switch series are highly integrated switches with high-performance MIPS CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch, and wireless/wired unified packet processing. SeeCloud Router Switchconfiguration examples

This article applies to CRS1xx and CRS2xx series switches and not to CRS3xx series switches. For CRS3xx series devices, read theCRS3xx, CRS5xx series switches and CCR2116, CCR2216 routersmanual.


Features Description
Forwarding
  • Configurable ports for switching or routing
  • Full non-blocking wirespeed switching
  • Up to 16k MAC entries in Unicast FDB for Layer 2 unicast forwarding
  • Up to 1k MAC entries in Multicast FDB for multicast forwarding
  • Up to 256 MAC entries in Reserved FDB for control and management purposes
  • All Forwarding Databases support IVL and SVL
  • Configurable Port-based MAC learning limit
  • Jumbo frame support (CRS1xx: 4064 Bytes; CRS2xx: 9204 Bytes)
  • IGMP Snooping support
Mirroring
  • Various types of mirroring:
    • Port-based mirroring
    • VLAN-based mirroring
    • MAC-based mirroring
  • 2 independent mirroring analyzer ports
VLAN
  • Fully compatible with IEEE802.1Q and IEEE802.1ad VLAN
  • 4k active VLANs
  • Flexible VLAN assignment:
    • Port-based VLAN
    • Protocol-based VLAN
    • MAC-based VLAN
  • From any to any VLAN translation and swapping
  • 1:1 VLAN switching - VLAN to port mapping
  • VLAN filtering
Port Isolation and Leakage
  • Applicable for Private VLAN implementation
  • 3 port profile types: Promiscuous, Isolated, and Community
  • Up to 28 Community profiles
  • Leakage profiles allow bypassing egress VLAN filtering
Trunking
  • Supports static link aggregation groups
  • Up to 8 Port Trunk groups
  • Up to 8 member ports per Port Trunk group
  • Hardware automatic failover and load balancing
Quality of Service (QoS)
  • Flexible QoS classification and assignment:
    • Port-based
    • MAC-based
    • VLAN-based
    • Protocol-based
    • PCP/DEI based
    • DSCP based
    • ACL based
  • QoS remarking and remapping for QoS domain translation between a service provider and client networks
  • Overriding of each QoS assignment according to the configured priority
Shaping and Scheduling
  • 8 queues on each physical port
  • Shaping per port, per queue, per queue group
Access Control List
  • Ingress and Egress ACL tables
  • Up to 128 ACL rules (limited by RouterOS)
  • Classification based on ports, L2, L3, L4 protocol header fields
  • ACL actions include filtering, forwarding, and modifying the protocol header fields

Cloud Router Switch models

This table clarifies the main differences between Cloud Router Switch models.

Model Switch Chip CPU Wireless SFP+ port Access Control List Jumbo Frame (Bytes)
CRS105-5S-FB QCA-8511 400MHz - - + 9204
CRS106-1C-5S QCA-8511 400MHz - - + 9204
CRS112-8G-4S QCA-8511 400MHz - - + 9204
CRS210-8G-2S+ QCA-8519 400MHz - + + 9204
CRS212-1G-10S-1S+ QCA-8519 400MHz - + + 9204
CRS226-24G-2S+ QCA-8519 400MHz - + + 9204
CRS125-24G-1S QCA-8513L 600MHz - - - 4064
CRS125-24G-1S-2HnD QCA-8513L 600MHz + - - 4064
CRS109-8G-1S-2HnD QCA-8513L 600MHz + - - 4064

Abbreviations and Explanations

CVID - Customer VLAN id: inner VLAN tag id of the IEEE 802.1ad frame

SVID - Service VLAN id: outer VLAN tag id of the IEEE 802.1ad frame

IVL - Independent VLAN learning - learning/lookup is based on both MAC addresses and VLAN IDs.

SVL - Shared VLAN learning - learning/lookup is based on MAC addresses - not on VLAN IDs.

TPID - Tag Protocol Identifier

PCP - Priority Code Point: a 3-bit field which refers to the IEEE 802.1p priority

DEI - Drop Eligible Indicator

DSCP - Differentiated services Code Point

Drop precedence - internal CRS switch QoS attribute used for packet enqueuing or dropping.

Port Switching

In order to set up port switching on CRS1xx/2xx series switches, check theBridge Hardware Offloadingpage.

Dynamic reserved VLAN entries (VLAN4091; VLAN4090; VLAN4089; etc.) are created in the CRS switch when switched port groups are added when a hardware offloaded bridge is created. These VLANs are necessary for internal operation and have lower precedence than user-configured VLANs.

Multiple switch groups

The CRS1xx/2xx series switches allow you to use multiple bridges with hardware offloading, this allows you to easily isolate multiple switch groups. This can be done by simply creating multiple bridges and enabling hardware offloading.

Multiple hardware offloaded bridge configuration is designed as a fast and simple port isolation solution, but it limits a part of VLAN functionality supported by the CRS switch-chip. For advanced configurations use one bridge within the CRS switch chip for all ports, configure VLANs and isolate port groups with port isolation profile configuration.


CRS1xx/2xx series switches are capable of running multiple hardware offloaded bridges with (R)STP enabled, but it is not recommended since the device is not designed to run multiple (R)STP instances on a hardware level. To isolate multiple switch groups and have (R)STP enabled you should isolate port groups with port isolation profile configuration.

Global Settings

CRS switch chip is configurable from the/interface ethernet switchconsole menu.

Sub-menu:/interface ethernet switch

Property Description
name(string value;默认值:switch1) Name of the switch.
bridge-type(customer-vid-used-as-lookup-vid | service-vid-used-as-lookup-vid;默认值:customer-vid-used-as-lookup-vid) Bridge type defines which VLAN tag is used as Lookup-VID. Lookup-VID serves as the VLAN key for all VLAN-based lookup.
mac-level-isolation(yes | no;默认值:yes) Globally enables or disables MAC level isolation. Once enabled, the switch will check the source and destination MAC address entries and theirisolation-profilefrom the unicast forwarding table. By default, the switch will learn MAC addresses and place them into apromiscuousisolation profile. Other isolation profiles can be used when creating static unicast entries. If the source or destination MAC address is located on apromiscuousisolation profile, the packet is forwarded. If both source and destination MAC addresses are located on the samecommunity1orcommunity2isolation profile, the packet is forwarded. The packet is dropped when the source and destination MAC address isolation profile isisolated, or when the source and destination MAC address isolation profiles are from different communities (e.g. source MAC address iscommunity1and destination MAC address iscommunity2). When MAC level isolation is globally disabled, the isolation is bypassed.
use-svid-in-one2one-vlan-lookup(yes | no;默认值:no) Whether to use service VLAN id for 1:1 VLAN switching lookup.
use-cvid-in-one2one-vlan-lookup(yes | no;默认值:yes) Whether to use customer VLAN id for 1:1 VLAN switching lookup.
multicast-lookup-mode

(dst-ip-and-vid-for-ipv4 | dst-mac-and-vid-always;

默认值:dst-ip-and-vid-for-ipv4)		 Lookup mode for IPv4 multicast bridging.
  • dst-mac-and-vid-always- For all packet types lookup key is destination MAC and VLAN id.
  • dst-ip-and-vid-for-ipv4- For IPv4 packets lookup key is destination IP and VLAN id. For other packet types, lookup key is destination MAC and VLAN id.
unicast-fdb-timeout(time interval;默认值:5m) Timeout for Unicast FDB entries.
override-existing-when-ufdb-full(yes | no;默认值:no) Enable or disable to override existing entry which has the lowest aging value when UFDB is full.


Property Description
drop-if-no-vlan-assignment-on-ports(ports;默认值:none) Ports which drop frames if no MAC-based, Protocol-based VLAN assignment or Ingress VLAN Translation is applied.
drop-if-invalid-or-src-port-
-not-member-of-vlan-on-ports
(ports;默认值:none)		 Ports that drop invalid and other port VLAN id frames.
unknown-vlan-lookup-mode(ivl | svl;默认值:svl) Lookup and learning mode for packets with invalid VLAN.
forward-unknown-vlan(yes | no;默认值:yes) Whether to allow forwarding VLANs that are not members of the VLAN table.


Property Description
bypass-vlan-ingress-filter-for(protocols;默认值:none) Protocols that are excluded from Ingress VLAN filtering. These protocols are not dropped if they have invalid VLAN. (arp, dhcpv4, dhcpv6,
eapol, igmp, mld, nd, pppoe-discovery, ripv1)
bypass-ingress-port-policing-for(protocols;默认值:none) Protocols that are excluded from Ingress Port Policing. (arp, dhcpv4, dhcpv6, eapol, igmp, mld, nd, pppoe-discovery, ripv1)
bypass-l2-security-check-filter-for(protocols;默认值:none) Protocols that are excluded from Policy rule security check. (arp, dhcpv4, dhcpv6, eapol, igmp, mld, nd, pppoe-discovery, ripv1)


Property Description
ingress-mirror0(port | trunk,format;默认值:none,modified) The first ingress mirroring analyzer port or trunk and mirroring format:
  • analyzer-configured- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original- Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in the edge port.
ingress-mirror1(port | trunk,format;默认值:none,modified) The second ingress mirroring analyzer port or trunk and mirroring format:
  • analyzer-configured- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original- Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in the edge port.
ingress-mirror-ratio(1/32768..1/1;默认值:1/1) The proportion of ingress mirrored packets compared to all packets.
egress-mirror0(port | trunk,format;默认值:none,modified) The first egress mirroring analyzer port or trunk and mirroring format:
  • analyzer-configured- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original- Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in the edge port.
egress-mirror1(port | trunk,format;默认值:none,modified) The second egress mirroring analyzer port or trunk and mirroring format:
  • analyzer-configured- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified- The packet is the same as the packet to the destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original- Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in the edge port.
egress-mirror-ratio(1/32768..1/1;默认值:1/1) 出口的比例反映数据包相比all packets.
mirror-egress-if-ingress-mirrored(yes | no;默认值:no) When a packet is applied to both ingress and egress mirroring, only ingress mirroring is performed on the packet, if this setting is disabled. If this
setting is enabled both mirroring types are applied.
mirror-tx-on-mirror-port(yes | no;默认值:no)
mirrored-packet-qos-priority(0 . .7;默认值:0) Remarked priority in mirrored packets.
mirrored-packet-drop-precedence(drop | green | red | yellow;默认值:green) Remarked drop precedence in mirrored packets. This QoS attribute is used for mirrored packet enqueuing or dropping.
fdb-uses(mirror0 | mirror1;默认值:mirror0) Analyzer port used for FDB-based mirroring.
vlan-uses(mirror0 | mirror1;默认值:mirror0) Analyzer port used for VLAN-based mirroring.

Port Settings

Sub-menu:/interface ethernet switch port

Property Description
vlan-type(edge-port | network-port;默认值:network-port) Port VLAN type specifies whether VLAN id is used in UFDB learning. Network port learns VLAN id in UFDB, edge port does not - VLAN 0. It can be observed only in IVL learning mode.
isolation-leakage-profile-override(yes | no;默认值:

!isolation-leakage-profile-override)

isolation-leakage-profile(0 . .31;)		 Custom port profile for port isolation/leakage configurations.
  • Port-level isolation profile 0. Uplink port - allows the port to communicate with all ports in the device.
  • Port-level isolation profile 1. Isolated port - allows the port to communicate only with uplink ports.
  • Port-level isolation profile 2 - 31. Community port - allows communication among the same community ports and uplink ports.
learn-override(yes | no;默认值:!learn-override)
learn-limit(1..1023;默认值:!learn-limit)		 Enable or disable MAC address learning and set MAC limit on the port. MAC learning limit is disabled by default when !learn-override and !learn-limit. Propertylearn-overrideis replaced withlearnunder/interface bridge portmenu since RouterOS v6.42.
drop-when-ufdb-entry-src-drop(yes | no;默认值:yes) Enable or disable to drop packets when UFDB entry has actionsrc-drop.
allow-unicast-loopback(yes | no;默认值:no) Unicast loopback on port. When enabled, it permits sending back when source port and destination port are the same one for known unicast packets.
allow-multicast-loopback(yes | no;默认值:no) Multicast loopback on port. When enabled, it permits sending back when

source port and destination port are the same for registered multicast or

broadcast packets.
action-on-static-station-move(copy-to-cpu | drop | forward | redirect-to-cpu;默认值:forward) Action for packets when UFDB already contains static entry with such MAC but with a different port.
drop-dynamic-mac-move(yes | no;默认值:no) Prevents MAC relearning until UFDB timeout if MAC is already learned on other port.


Property Description
allow-fdb-based-vlan-translate(yes | no;默认值:no) Enable or disable MAC-based VLAN translation on the port.
allow-mac-based-service-vlan-assignment-for(all-frames | none |

tagged-frame-only | untagged-and-priority-tagged-frame-only;默认值:

none)		 Frame type for which applies MAC-based service VLAN translation.
allow-mac-based-customer-vlan-assignment-for(all-frames | none |

tagged-frame-only | untagged-and-priority-tagged-frame-only;默认值:

none)		 Frame type for which applies MAC-based customer VLAN translation.
default-customer-pcp(0 . .7;默认值:0) 默认的customer PCP of the port.
default-service-pcp(0 . .7;默认值:0) 默认的service PCP of the port.
pcp-propagation-for-initial-pcp(yes | no;默认值:no) Enables or disables PCP propagation for initial PCP assignment on ingress.
  • If the portvlan-typeis Edge port, the service PCP is copied from the customer PCP.
  • If the portvlan-typeis Network port, the customer PCP is copied from the service PCP.
filter-untagged-frame(yes | no;默认值:no) Whether to filter untagged frames on the port.
filter-priority-tagged-frame(yes | no;默认值:no) Whether to filter tagged frames with priority on the port.
filter-tagged-frame(yes | no;默认值:no) Whether to filter tagged frames on the port.


Property Description
egress-vlan-tag-table-lookup-key(according-to-bridge-type | egress-vid;默认值:egress-vid) Egress VLAN table (VLAN Tagging) lookup:
  • egress-vid- Lookup VLAN id is CVID when Edge port is configured, SVID when Network port is configured.
  • according-to-bridge-type- Lookup VLAN id is CVID when customer VLAN bridge is configured, SVID when service VLAN bridge is configured. Customer tag is unmodified for Edge port in service VLAN bridge.
egress-vlan-mode(tagged | unmodified | untagged;默认值:unmodified) Egress VLAN tagging action on the port.
egress-pcp-propagation(yes | no;默认值:no) Enables or disables egress PCP propagation.
  • If the portvlan-typeis Edge port, the service PCP is copied from the customer PCP.
  • If the portvlan-typeis Network port, the customer PCP is copied from the service PCP.


Property Description
ingress-mirror-to(mirror0 | mirror1 | none;默认值:none) Analyzer port for port-based ingress mirroring.
ingress-mirroring-according-to-vlan(yes | no;默认值:no)
egress-mirror-to(mirror0 | mirror1 | none;默认值:none) Analyzer port for port-based egress mirroring.


Property Description
qos-scheme-precedence(da-based | dscp-based | ingress-acl-based | pcp-based | protocol-based | sa-based | vlan-based;默认值:pcp-based, sa-based, da-based, dscp-based, protocol-based, vlan-based) Specifies applied QoS assignment schemes on ingress of the port.
  • da-based
  • dscp-based
  • ingress-acl-based
  • pcp-based
  • protocol-based
  • sa-based
  • vlan-based
pcp-or-dscp-based-qos-change-dei(yes | no;默认值:no) Enable or disable PCP or DSCP based DEI change on port.
pcp-or-dscp-based-qos-change-pcp(yes | no;默认值:no) Enable or disable PCP or DSCP based PCP change on port.
pcp-or-dscp-based-qos-change-dscp(yes | no;默认值:no) Enable or disable PCP or DSCP based DSCP change on port.
dscp-based-qos-dscp-to-dscp-mapping(yes | no;默认值:yes) Enable or disable DSCP to internal DSCP mapping on port.
pcp-based-qos-drop-precedence-mapping(PCP/DEI-range:drop-precedence;默认值:0-15:green) The new value of drop precedence for the PCP/DEI to drop precedence (drop | green | red | yellow) mapping. Multiple mappings allowed separated by comma e.g. "0-7:yellow,8-15:red".
pcp-based-qos-dscp-mapping(PCP/DEI-range:DEI;默认值:0-15:0) The new value of DSCP for the PCP/DEI to DSCP (0..63) mapping. Multiple mappings allowed separated by comma e.g. "0-7:25,8-15:50".
pcp-based-qos-dei-mapping(PCP/DEI-range:DEI;默认值:0-15:0) The new value of DEI for the PCP/DEI to DEI (0..1) mapping. Multiple mappings allowed separated by comma e.g. "0-7:0,8-15:1".
pcp-based-qos-pcp-mapping(PCP/DEI-range:DEI;默认值:0-15:0) The new value of PCP for the PCP/DEI to PCP (0..7) mapping. Multiple mappings allowed separated by comma e.g. "0-7:3,8-15:4".
pcp-based-qos-priority-mapping(PCP/DEI-range:DEI;默认值:0-15:0) The new value of internal priority for the PCP/DEI to priority (0..15) mapping. Multiple mappings allowed separated by comma e.g. "0-7:5,8-15:15".


Property Description
priority-to-queue(priority-range:queue;默认值:0-15:0,1:1,2:2,3:3) Internal priority (0..15) mapping to queue (0..7) per port.
per-queue-scheduling(Scheduling-type:Weight;

默认值:wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,

wrr-group0:64,wrr-group0:128)		 Set port to use either strict or weighted round robin policy for traffic shaping for each queue group, each queue is separated by a comma.


Property Description
ingress-customer-tpid-override(yes | no;

默认值:!ingress-customer-tpid-override)

ingress-customer-tpid(0 . .10000;默认值:0x8100)		 Ingress customer TPID override allows accepting specific frames with a custom customer tag TPID. Default value is for tag of 802.1Q frames.
egress-customer-tpid-override(yes | no;默认值:

!egress-customer-tpid-override)
egress-customer-tpid(0 . .10000;默认值:

0x8100)		 Egress customer TPID override allows custom identification for egress frames with a customer tag. Default value is for tag of 802.1Q frames.
ingress-service-tpid-override(yes | no;默认值:

!ingress-service-tpid-override)

ingress-service-tpid(0 . .10000;默认值:0x88A8)		 Ingress service TPID override allows accepting specific frames with a custom service tag TPID. Default value is for service tag of 802.1AD frames.
egress-service-tpid-override(yes | no;默认值:

!egress-service-tpid-override)
egress-service-tpid(0 . .10000;默认值:

0x88A8)		 Egress service TPID override allows custom identification for egress frames with a service tag. Default value is for service tag of 802.1AD frames.


Property Description
custom-drop-counter-includes(counters;默认值:none) Custom include to count dropped packets for switch portcustom-drop-packetcounter.
  • device-loopback
  • fdb-hash-violation
  • exceeded-port-learn-limitation
  • dynamic-station-move
  • static-station-move
  • ufdb-source-drop
  • host-source-drop
  • unknown-host
  • ingress-vlan-filtered
queue-custom-drop-counter0-includes(counters;默认值:none) Custom include to count dropped packets for switch porttx-queue-custom0-drop-packet

and bytes fortx-queue-custom0-drop-bytecounters.

  • red
  • yellow
  • green
  • queue0
  • ...
  • queue7
queue-custom-drop-counter1-includes(counters;默认值:none) Custom include to count dropped packets for switch porttx-queue-custom1-drop-packet

and bytes fortx-queue-custom1-drop-bytecounters.

  • red
  • yellow
  • green
  • queue0
  • ...
  • queue7
policy-drop-counter-includes(counters;默认值:none) Custom include to count dropped packets for switch portpolicy-drop-packetcounter.
  • ingress-policing
  • ingress-acl
  • egress-policing
  • egress-acl

Forwarding Databases

Unicast FDB

The unicast forwarding database supports up to 16318 MAC entries.

Sub-menu:/interface ethernet switch unicast-fdb

Property Description
action(action;默认值:forward) Action for UFDB entry:
  • dst-drop- Packets are dropped when their destination MAC match the entry.
  • dst-redirect-to-cpu- Packets are redirected to CPU when their destination MAC match the entry.
  • forward- Packets are forwarded.
  • src-and-dst-drop- Packets are dropped when their source MAC or destination MAC match the entry.
  • src-and-dst-redirect-to-cpu- Packets are redirected to CPU when their source MAC or destination MAC match the entry.
  • src-drop- Packets are dropped when their source MAC match the entry.
  • src-redirect-to-cpu- Packets are redirected to CPU when their source MAC match the entry.
disabled(yes | no;默认值:no) Enables or disables Unicast FDB entry.
isolation-profile(community1 | community2 | isolated | promiscuous;默认值:promiscuous) MAC level isolation profile.
mac-address(MAC address) Theactioncommand applies to the packet when the destination MAC or source MAC matches the entry.
mirror(yes | no;默认值:no) Enables or disables mirroring based on source MAC or destination MAC.
port(port) 的学习hing port for the Unicast FDB entry.
qos-group(none;默认值:none) Defined QoS group fromQoS groupmenu.
svl(yes | no;默认值:no) Unicast FDB learning mode:
  • Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses - not on VLAN IDs.
  • Independent VLAN Learning (ivl) - learning/lookup is based on both MAC addresses and VLAN IDs.
vlan-id(0 . .4095) Unicast FDB lookup/learning VLAN id.

Multicast FDB

CRS125 switch-chip supports up to 1024 entries in MFDB for multicast forwarding. For each multicast packet, destination MAC or destination IP lookup is performed in MFDB. MFDB entries are not automatically learned and can only be configured.

Sub-menu:/interface ethernet switch multicast-fdb

Property Description
address(X.X.X.X | XX:XX:XX:XX:XX:XX) 的学习hing IP address or MAC address for multicast packets.
bypass-vlan-filter(yes | no;默认值:no) Allow to bypass VLAN filtering for matching multicast packets.
disabled(yes | no;默认值:no) Enables or disables Multicast FDB entry.
ports(ports) Member ports for multicast traffic.
qos-group(none;默认值:none) Defined QoS group fromQoS groupmenu.
svl(yes | no;默认值:no) Multicast FDB learning mode:
  • Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses - not on VLAN IDs.
  • Independent VLAN Learning (ivl) - learning/lookup is based on both MAC addresses and VLAN IDs.
vlan-id(0 . .4095;默认值:0) Multicast FDB lookup VLAN id. If VLAN learning mode is IVL, VLAN id is lookup id, otherwise VLAN id = 0.

保留身上

Cloud Router Switch supports 256 RFDB entries. Each RFDB entry can store either Layer2 unicast or multicast MAC address with specific commands.

Sub-menu:/interface ethernet switch reserved-fdb

Property Description
action(copy-to-cpu | drop | forward | redirect-to-cpu;默认值:forward) Action for RFDB entry:
  • copy-to-cpu- Packets are copied to CPU when their destination MAC match the entry.
  • drop- Packets are dropped when their destination MAC match the entry.
  • forward- Packets are forwarded when their destination MAC match the entry.
  • redirect-to-cpu- Packets are redirected to CPU when their destination MAC match the entry.
bypass-ingress-port-policing(yes | no;默认值:no) Allow to bypass Ingress Port Policer for matching packets.
bypass-ingress-vlan-filter(yes | no;默认值:no) Allow to bypass VLAN filtering for matching packets.
disabled(yes | no;默认值:no) Enables or disables Reserved FDB entry.
mac-address(MAC address;默认值:00:00:00:00:00:00) 的学习hing MAC address for Reserved FDB entry.
qos-group(none;默认值:none) Defined QoS group fromQoS groupmenu.

VLAN

VLAN Table

The VLAN table supports 4096 VLAN entries for storing VLAN member information as well as other VLAN information such as QoS, isolation, forced VLAN, learning, and mirroring.

Sub-menu:/interface ethernet switch vlan

Property Description
disabled(yes | no;默认值:no) Indicate whether the VLAN entry is disabled. Only enabled entry is applied to lookup process and forwarding decision.
flood(yes | no;默认值:no) Enables or disables forced VLAN flooding per VLAN. If the feature is

enabled, the result of destination MAC lookup in the UFDB or MFDB is ignored,

and the packet is forced to flood in the VLAN.
ingress-mirror(yes | no;默认值:no) Enable the ingress mirror per VLAN to support the VLAN-based mirror function.
learn(yes | no;默认值:yes) Enables or disables source MAC learning for VLAN.
ports(ports) Member ports of the VLAN.
qos-group(none;默认值:none) Defined QoS group fromQoS groupmenu.
svl(yes | no;默认值:no) FDB lookup mode for lookup in UFDB and MFDB.
  • Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses - not on VLAN IDs.
  • Independent VLAN Learning (ivl) - learning/lookup is based on both MAC addresses and VLAN IDs.
vlan-id(0 . .4095) VLAN id of the VLAN member entry.

Egress VLAN Tag

Egress packets can be assigned different VLAN tag format. The VLAN tags can be removed, added, or remained as is when the packet is sent to the egress port (destination port). Each port has dedicated control on the egress VLAN tag format. The tag formats include:

  • Untagged
  • Tagged
  • Unmodified

The Egress VLAN Tag table includes 4096 entries for VLAN tagging selection.

Sub-menu:/interface ethernet switch egress-vlan-tag

Property Description
disabled(yes | no;默认值:no) Enables or disables Egress VLAN Tag table entry.
tagged-ports(ports) 标记在出口港口。
vlan-id(0 . .4095) VLAN id which is tagged in egress.

Ingress/Egress VLAN Translation

The Ingress VLAN Translation table allows for up to 15 entries for each port. One or multiple fields can be selected from the packet header for lookup in the Ingress VLAN Translation table. The S-VLAN or C-VLAN or both configured in the first matched entry are assigned to the packet.

Sub-menu:/interface ethernet switch ingress-vlan-translation

Sub-menu:/interface ethernet switch egress-vlan-translation

Property Description
customer-dei(0 . .1;默认值:none) 的学习hing DEI of the customer tag.
customer-pcp(0 . .7;默认值:none) 的学习hing PCP of the customer tag.
customer-vid(0 . .4095;默认值:none) 的学习hing VLAN id of the customer tag.
customer-vlan-format(any | priority-tagged-or-tagged | tagged | untagged-or-tagged;默认值:any) Type of frames with customer tag for which VLAN translation rule is valid.
disabled(yes | no;默认值:no) Enables or disables VLAN translation entry.
new-customer-vid(0 . .4095;默认值:none) The new customer VLAN id which replaces matching customer VLAN id. If set to 4095 and ingress VLAN translation is used, then traffic is dropped.
new-service-vid(0 . .4095;默认值:none) The new service VLAN id which replaces matching service VLAN id.
pcp-propagation(yes | no;默认值:no) Enables or disables PCP propagation.
  • If the port type is Edge, the customer PCP is copied from the service PCP.
  • If the port type is Network, the service PCP is copied from the customer PCP.
ports(ports) 的学习hing switch ports for VLAN translation rule.
protocol(protocols;默认值:none) 的学习hing Ethernet protocol.(only for Ingress VLAN Translation)
sa-learning(yes | no;默认值:no) Enables or disables source MAC learning after VLAN translation.(only for Ingress VLAN Translation)
service-dei(0 . .1;默认值:none) 的学习hing DEI of the service tag.
service-pcp(0 . .7;默认值:none) 的学习hing PCP of the service tag.
service-vid(0 . .4095;默认值:none) 的学习hing VLAN id of the service tag.
service-vlan-format(any | priority-tagged-or-tagged | tagged | untagged-or-tagged;默认值:any) Type of frames with service tag for which VLAN translation rule is valid.

Below is a table of traffic that triggers a rule that has a certain VLAN format set, note that traffic that is tagged with VLAN ID 0 is a special case that is also taken into account.

Property Description
any 接受:
  • Untagged traffic
  • Tagged traffic
  • Tagged traffic with priority set
  • VLAN 0 traffic
  • VLAN 0 traffic with priority set
priority-tagged-or-tagged 接受:
  • Tagged traffic
  • Tagged traffic with priority set
  • VLAN 0 traffic
  • VLAN 0 traffic with priority set
tagged 接受:
  • Tagged traffic
  • Tagged traffic with priority set
untagged-or-tagged 接受:
  • Untagged traffic
  • Tagged traffic
  • Tagged traffic with priority set

IfVLAN-formatis set toany, thencustomer-vid/service-vidset to0will trigger the switch rule with VLAN 0 traffic. In this case, the switch rule will be looking for untagged traffic or traffic with VLAN 0 tag, onlyuntagged-or-taggedwill filter out VLAN 0 traffic in this case.

Protocol Based VLAN

Protocol Based VLAN table is used to assign VID and QoS attributes to related protocol packet per port.

Sub-menu:/interface ethernet switch protocol-based-vlan

Property Description
disabled(yes | no;默认值:no) Enables or disables Protocol Based VLAN entry.
frame-type(ethernet | llc | rfc-1042;默认值:ethernet) Encapsulation type of the matching frames.
new-customer-vid(0 . .4095;默认值:0) The new customer VLAN id which replaces original customer VLAN id for the specified protocol. If set to 4095, then traffic is dropped.
new-service-vid(0 . .4095;默认值:0) The new service VLAN id which replaces the original service VLAN id for the specified protocol.
ports(ports) 的学习hing switch ports for Protocol-based VLAN rule.
protocol(protocol;默认值:0) 的学习hing protocol for Protocol-based VLAN rule.
qos-group(none;默认值:none) Defined QoS group fromQoS groupmenu.
set-customer-vid-for(all | none | tagged | untagged-or-priority-tagged;默认值:all) Customer VLAN id assignment command for different packet type.
set-qos-for(all | none | tagged | untagged-or-priority-tagged;默认值:none) Frame type for which QoS assignment command applies.
set-service-vid-for(all | none | tagged | untagged-or-priority-tagged;默认值:all) Service VLAN id assignment command for different packet type.

MAC Based VLAN

MAC Based VLAN table is used to assign VLAN based on source MAC.

Sub-menu:/interface ethernet switch mac-based-vlan

Property Description
disabled(yes | no;默认值:no) Enables or disables MAC Based VLAN entry.
new-customer-vid(0 . .4095;默认值:0) The new customer VLAN id which replaces original service VLAN id for matched packets. If set to 4095, then traffic is dropped.
new-service-vid(0 . .4095;默认值:0) The new service VLAN id which replaces original service VLAN id for matched packets.
src-mac-address(MAC address) 的学习hing source MAC address for MAC based VLAN rule.


All CRS1xx/2xx series switches support up to 1024 MAC Based VLAN table entries.

1:1 VLAN Switching

1:1 VLAN switching can be used to replace the regular L2 bridging for matched packets. When a packet hits a 1:1 VLAN switching table entry, the destination port information in the entry is assigned to the packet. The matched destination information in UFDB and MFDB entry no longer applies to the packet.

Sub-menu:/interface ethernet switch one2one-vlan-switching

Property Description
customer-vid(0 . .4095;默认值:0) 的学习hing customer VLAN id for 1:1 VLAN switching.
disabled(yes | no;默认值:no) Enables or disables 1:1 VLAN switching table entry.
dst-port(port) Destination port for matched 1:1 VLAN switching packets.
service-vid(0 . .4095;默认值:0) 的学习hing customer VLAN id for 1:1 VLAN switching.

Port Isolation/Leakage

The CRS switches support flexible multi-level isolation features, which can be used for user access control, traffic engineering and advanced security and network management. The isolation features provide an organized fabric structure allowing user to easily program and control the access by port, MAC address, VLAN, protocol, flow and frame type. The following isolation and leakage features are supported:

  • Port-level isolation
  • MAC-level isolation
  • VLAN-level isolation
  • Protocol-level isolation
  • Flow-level isolation
  • Free combination of the above

Port-level isolation supports different control schemes on source port and destination port. Each entry can be programmed with access control for either source port or destination port.

  • When the entry is programmed with source port access control, the entry is

applied to the ingress packets.

  • When the entry is programmed with destination port access control, the entry

is applied to the egress packets.

Port leakage allows bypassing egress VLAN filtering on the port. Leaky port is allowed to access other ports for various applications such as security, network control and management. Note: When both isolation and leakage is applied to the same port, the port is isolated.

Sub-menu:/interface ethernet switch port-isolation

Sub-menu:/interface ethernet switch port-leakage

Property Description
disabled(yes | no;默认值:no) Enables or disables port isolation/leakage entry.
flow-id(0 . .63;默认值:none)
forwarding-type(bridged; routed;默认值:bridged,routed) 的学习hing traffic forwarding type on Cloud Router Switch.
mac-profile(community1 | community2 | isolated | promiscuous;默认值:none) 的学习hing MAC isolation/leakage profile.
port-profile(0 . .31;默认值:none) 的学习hing Port isolation/leakage profile.
ports(ports;默认值:none) Isolated/leaked ports.
protocol-type(arp; nd; dhcpv4; dhcpv6; ripv1;默认值:arp,nd,dhcpv4,dhcpv6,ripv1) Included protocols for isolation/leakage.
registration-status(known; unknown;默认值:known,unknown) Registration status for matching packets. Known are present in UFDB and MFDB, unknown are not.
traffic-type(unicast; multicast; broadcast;默认值:unicast,multicast,broadcast) 的学习hing traffic type.
type(dst | src;默认值:src) Lookup type of the isolation/leakage entry:
  • src- Entry applies to ingress packets of the ports.
  • dst- Entry applies to egress packets of the ports.
vlan-profile(community1 | community2 | isolated | promiscuous;默认值:none) 的学习hing VLAN isolation/leakage profile.

Trunking

The Trunking in the Cloud Router Switches provides static link aggregation groups with hardware automatic failover and load balancing. IEEE802.3ad and IEEE802.1ax compatible Link Aggregation Control Protocol is not supported. Up to 8 Trunk groups are supported with up to 8 Trunk member ports per Trunk group. CRS Port Trunking calculates transmit-hash based on all following parameters: L2 src-dst MAC + L3 src-dst IP + L4 src-dst Port.

Sub-menu:/interface ethernet switch trunk

Property Description
disabled(yes | no;默认值:no) Enables or disables port trunking entry.
member-ports(ports) Member ports of the Trunk group.
name(string value;默认值:trunkX) Name of the Trunk group.

Quality of Service

Shaper

Traffic shaping restricts the rate and burst size of the flow which is transmitted out from the interface. The shaper is implemented by a token bucket. If the packet exceeds the maximum rate or the burst size, which means no enough token for the packet, the packet is stored to buffer until there is enough token to transmit it.

Sub-menu:/interface ethernet switch shaper

Property Description
burst(integer;默认值:100k) 最大数据速率可以transmitted while the burst is allowed.
disabled(yes | no;默认值:no) Enables or disables traffic shaper entry.
meter-unit(bit | packet;默认值:bit) Measuring units for traffic shaper rate.
port(port) Physical port for traffic shaper.
rate(integer;默认值:1M) Maximum data rate limit.
target(port | queueX | wrr-groupX;默认值:port) Three levels of shapers are supported on each port (including CPU port):
  • Port level- Entry applies to the port of the switch-chip.
  • WRR group level- Entry applies to one of the 2 Weighted Round Robin queue groups (wrr-group0, wrr-group1) on the port.
  • Queue level- Entry applies to one of the 8 queues (queue0 - queue7) on the port.

Ingress Port Policer

Sub-menu:/interface ethernet switch ingress-port-policer

Property Description
burst(integer;默认值:100k) 最大数据速率可以transmitted while the burst is allowed.
disabled(yes | no;默认值:no) Enables or disables ingress port policer entry.
meter-len(layer-1 | layer-2 | layer-3;默认值:layer-1) Packet classification which sets the packet byte length for metering.
  • layer-1- includes entire layer-2 frame + FCS + inter-packet gap + preamble.
  • layer-2- includes layer-2 frame + FCS.
  • layer-3- includes only layer-3 + ethernet padding without layer-2 header and FCS.
meter-unit(bit | packet;默认值:bit) Measuring units for traffic ingress port policer rate.
new-dei-for-yellow(0 . .1 |重新映射;默认值:none) Remarked DEI for exceeded traffic if yellow-action is remark.
new-dscp-for-yellow(0 . .63 | remap;默认值:none) Remarked DSCP for exceeded traffic if yellow-action is remark.
new-pcp-for-yellow(0 . .7 | remap;默认值:none) Remarked PCP for exceeded traffic if yellow-action is remark.
packet-types(packet-types;默认值:all types from description) 的学习hing packet types for which ingress port policer entry is valid.
port(port) Physical port or trunk for ingress port policer entry.
rate(integer) Maximum data rate limit.
yellow-action(drop | forward | remark;默认值:drop) Performed action for exceeded traffic.

QoS Group

The global QoS group table is used for VLAN-based, Protocol-based and MAC-based QoS group assignment configuration.

Sub-menu:/interface ethernet switch qos-group

Property Description
dei(0 . .1;默认值:none) The new value of DEI for the QoS group.
disabled(yes | no;默认值:no) Enables or disables protocol QoS group entry.
drop-precedence(drop | green | red | yellow;默认值:green) Drop precedence is internal QoS attribute used for packet enqueuing or dropping.
dscp(0 . .63;默认值:none) The new value of DSCP for the QoS group.
name(string value;默认值:groupX) Name of the QoS group.
pcp(0 . .7;默认值:none) The new value of PCP for the QoS group.
priority(0 . .15;默认值:0) Internal priority is a local significance of priority for classifying traffics to different egress queues on a port. (1 is highest, 15 is lowest)

DSCP QoS Map

The global DSCP to QOS mapping table is used for mapping from the DSCP of the packet to new QoS attributes configured in the table.

Sub-menu:/interface ethernet switch dscp-qos-map

Property Description
dei(0 . .1) The new value of DEI for the DSCP to QOS mapping entry.
drop-precedence(drop | green | red | yellow) The new value of Drop precedence for the DSCP to QOS mapping entry.
pcp(0 . .7) The new value of PCP for the DSCP to QOS mapping entry.
priority(0 . .15) The new value of internal priority for the DSCP to QOS mapping entry.

DSCP To DSCP Map

The global DSCP to DSCP mapping table is used for mapping from the packet's original DSCP to new DSCP value configured in the table.

Sub-menu:/interface ethernet switch dscp-to-dscp

Property Description
new-dscp(0 . .63) The new value of DSCP for the DSCP to DSCP mapping entry.

Policer QoS Map

Sub-menu:/interface ethernet switch policer-qos-map

Property Description
dei-for-red(0 . .1;默认值:0) Policer DEI remapping value for red packets.
dei-for-yellow(0 . .1;默认值:0) Policer DEI remapping value for yellow packets.
dscp-for-red(0 . .63;默认值:0) Policer DSCP remapping value for red packets.
dscp-for-yellow(0 . .63;默认值:0) Policer DSCP remapping value for yellow packets.
pcp-for-red(0 . .7;默认值:0) Policer PCP remapping value for red packets.
pcp-for-yellow(0 . .7;默认值:0) Policer PCP remapping value for yellow packets.

Access Control List

Access Control List contains of ingress policy and egress policy engines and allows to configure up to 128 policy rules (limited by RouterOS). It is advanced tool for wire-speed packet filtering, forwarding, shaping and modifying based on Layer2, Layer3 and Layer4 protocol header field conditions.

See Summary section for Access Control List supported Cloud Router Switch devices.

Due to hardware limitations, it is not possible to match broadcast/multicast traffic on specific ports. You should use port isolation, drop traffic on ingress ports or use VLAN filtering to prevent certain broadcast/multicast traffic from being forwarded.

Sub-menu:/interface ethernet switch acl

ACL condition part for MAC-related fields of packets.

Property Description
disabled(yes | no;默认值:no) Enables or disables ACL entry.
table(egress | ingress;默认值:ingress) Selects policy table for incoming or outgoing packets.
invert-match(yes | no;默认值:no) Inverts whole ACL rule matching.
src-ports(ports,trunks) 的学习hing physical source ports or trunks.
dst-ports(ports,trunks) 的学习hing physical destination ports or trunks. It is not possible to match broadcast/multicast traffic on the egress port due to a hardware limitation.
mac-src-address(MAC address/Mask) Source MAC address and mask.
mac-dst-address(MAC address/Mask) Destination MAC address and mask.
dst-addr-registered(yes | no) Defines whether to match packets with registered state - packets which destination MAC address is in UFDB/MFDB/RFDB. Valid only in egress table.
mac-protocol(802.2 | arp | homeplug-av | ip | ip-or-ipv6 | ipv6 | ipx | lldp | loop-protect | mpls-multicast | mpls-unicast | non-ip | packing-compr | packing-simple | pppoe | pppoe-discovery | rarp | service-vlan | vlan or integer: 0..65535 decimal format or 0x0000-0xffff hex format) Ethernet payload type (MAC-level protocol)
  • 802.2- 802.2 Frames (0x0004)
  • arp- Address Resolution Protocol (0x0806)
  • homeplug-av- HomePlug AV MME (0x88E1)
  • ip- Internet Protocol version 4 (0x0800)
  • ip-or-ipv6- IPv4 or IPv6 (0x0800 or 0x86DD)
  • ipv6- Internet Protocol Version 6 (0x86DD)
  • ipx- Internetwork Packet Exchange (0x8137)
  • lldp- Link Layer Discovery Protocol (0x88CC)
  • loop-protect- Loop Protect Protocol (0x9003)
  • mpls-multicast- MPLS multicast (0x8848)
  • mpls-unicast- MPLS unicast (0x8847)
  • non-ip- Not Internet Protocol version 4 (not 0x0800)
  • packing-compr- Encapsulated packets with compressedIP packing(0x9001)
  • packing-simple- Encapsulated packets with simpleIP packing(0x9000)
  • pppoe- PPPoE Session Stage (0x8864)
  • pppoe-discovery- PPPoE Discovery Stage (0x8863)
  • rarp- Reverse Address Resolution Protocol (0x8035)
  • service-vlan- Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aq (0x88A8)
  • vlan- VLAN-tagged frame (IEEE 802.1Q) and Shortest Path Bridging IEEE 802.1aq with NNI compatibility (0x8100)
drop-precedence(drop | green | red | yellow) 的学习hing internal drop precedence. Valid only in egress table.
custom-fields

ACL condition part for VLAN-related fields of packets.

Property Description
lookup-vid(0 . .4095) VLAN id used in lookup. It can be changed before reaching the egress table.
service-vid(0-4095) 的学习hing service VLAN id.
service-pcp(0 . .7) 的学习hing service PCP.
service-dei(0 . .1) 的学习hing service DEI.
service-tag(priority-tagged | tagged | tagged-or-priority-tagged | untagged) Format of the service tag.
customer-vid(0-4095) 的学习hing customer VLAN id.
customer-pcp(0 . .7) 的学习hing customer PCP.
customer-dei(0 . .1) 的学习hing customer DEI.
customer-tag(priority-tagged | tagged | tagged-or-priority-tagged | untagged) Format of the customer tag.
priority(0 . .15) 的学习hing internal priority. Valid only in egress table.

ACL condition part for IPv4 and IPv6 related fields of packets.

Property Description
ip-src(IPv4/0..32) 的学习hing source IPv4 address.
ip-dst(IPv4/0..32) 的学习hing destination IPv4 address.
ip-protocol(tcp | udp | udp-lite | other) IP protocol type.
src-l3-port(0-65535) 的学习hing Layer3 source port.
dst-l3-port(0-65535) 的学习hing Layer3 destination port.
ttl(0 | 1 | max | other) 的学习hing TTL field of the packet.
dscp(0 . .63) 的学习hing DSCP field of the packet.
ecn(0 . .3) 的学习hing ECN field of the packet.
fragmented(yes | no) Whether to match fragmented packets.
first-fragment(yes | no) YES matches not fragmented and the first fragments, NO matches other fragments.
ipv6-src(IPv6/0..128) 的学习hing source IPv6 address.
ipv6-dst(IPv6/0..128) 的学习hing destination IPv6 address.
mac-isolation-profile(community1 | community2 | isolated | promiscuous) 比赛基于UFDB隔离概要文件。有效的辊筒y in the egress policy table.
src-mac-addr-state(dynamic-station-move | sa-found | sa-not-found | static-station-move) Defines whether to match packets with registered state - packets which destination MAC address is in UFDB/MFDB/RFDB. Valid only in the egress policy table.
flow-id(0 . .63)

ACL rule action part.

Property Description
action(copy-to-cpu | drop | forward |

redirect-to-cpu | send-to-new-dst-ports;默认值:

forward)
  • copy-to-cpu- Packets are copied to CPU if they match the ACL conditions.
  • drop- Packets are dropped if they match the ACL conditions.
  • forward- Packets are forwarded if they match the ACL conditions.
  • redirect-to-cpu——包被重定向到CPU是否匹配ACL conditions.
  • send-to-new-dst-ports- Packets are sent to new destination ports if they match the ACL conditions.
new-dst-ports(ports,trunks) If the action is "send-to-new-dst-ports", then this property sets which ports/trunks are the new destinations.
mirror-to(mirror0 | mirror1) Mirroring destination for ACL packets.
policer(policer) Applied ACL Policer for ACL packets.
src-mac-learn(yes | no) Whether to learn source MAC of the matched ACL packets. Valid only in the ingress policy table.
new-service-vid(0 . .4095) New service VLAN id for ACL packets.
new-service-pcp(0 . .7) New service PCP for ACL packets.
new-service-dei(0 . .1) New service DEI for ACL packets.
new-customer-vid(0 . .4095) New customer VLAN id for ACL packets. If set to 4095, then traffic is dropped.
new-customer-pcp(0 . .7) 新客户卡式肺囊虫肺炎for ACL packets.
new-customer-dei(0 . .1) New customer DEI for ACL packets.
new-dscp(0 . .63) New DSCP for ACL packets.
new-priority(0 . .15) New internal priority for ACL packets.
new-drop-precedence(drop | green | red | yellow) New internal drop precedence for ACL packets.
new-registered-state(yes | no) Whether to modify packet status. YES sets packet status to registered, NO - unregistered. Valid only in the ingress policy table.
new-flow-id(0 . .63)

Filter bypassing part for ACL packets.

Property Description
attack-filter-bypass(yes | no;默认值:no)
ingress-vlan-filter-bypass(yes | no;默认值:no) Allows bypassing ingress VLAN filtering in the VLAN table for matching packets. Applies only to ingress policy table.
egress-vlan-filter-bypass(yes | no;默认值:no) Allows bypassing egress VLAN filtering in the VLAN table for matching packets. Applies only to ingress policy table.
isolation-filter-bypass(yes | no;默认值:no) Allows bypassing the Isolation table for matching packets. Applies only to ingress policy table.
egress-vlan-translate-bypass(yes | no;默认值:no) Allows bypassing egress VLAN translation table for matching packets.

ACL Policer

Sub-menu:/interface ethernet switch acl policer

Property Description
name(string;默认值:policerX) Name of the Policer used in ACL.
yellow-rate(integer) Maximum data rate limit for packets with yellow drop precedence.
yellow-burst(integer;默认值:0) 最大数据速率可以transmitted while the burst is allowed for packets with yellow drop precedence.
red-rate(integer); Default:0) Maximum data rate limit for packets with red drop precedence.
red-burst(integer;默认值:0) 最大数据速率可以transmitted while the burst is allowed for packets with red drop precedence.
meter-unit(bit | packet;默认值:bit) Measuring units for ACL traffic rate.
meter-len(layer-1 | layer-2 | layer-3;默认值:layer-1) Packet classification which sets the packet byte length for metering.
  • layer-1- includes entire layer-2 frame + FCS + inter-packet gap + preamble.
  • layer-2- includes layer-2 frame + FCS.
  • layer-3- includes only layer-3 + ethernet padding without layer-2 header and FCS.
color-awareness(yes | no;默认值:no) YES makes policer to take into account pre-colored drop precedence, NO - ignores drop precedence.
bucket-coupling(yes | no;默认值:no)
yellow-action(drop | forward | remark;默认值:drop) Performed action for exceeded traffic with yellow drop precedence.
new-dei-for-yellow(0 . .1 |重新映射) New DEI for yellow drop precedence packets.
new-pcp-for-yellow(0 . .7 | remap) New PCP for yellow drop precedence packets.
new-dscp-for-yellow(0 . .63 | remap) New DSCP for yellow drop precedence packets.
red-action(drop | forward | remark;默认值:drop) Performed action for exceeded traffic with red drop precedence.
new-dei-for-red(0 . .1 |重新映射) New DEI for red drop precedence packets.
new-pcp-for-red(0 . .7 | remap) New PCP for red drop precedence packets.
new-dscp-for-red(0 . .63 | remap) New DSCP for red drop precedence packets.

See also

  • No labels