No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the ACL

Configuring the ACL

This topic describes how to configure the access control list (ACL) for the port that connects to the fibre channel over Ethernet (FCoE) gateway. This avoids the Ethernet traffic burst to affect FCoE traffic. The basic rule is to discard outgoing traffic of VLAN 1 on the port without sending the traffic to the FCoE gateway. However, the FCoE Initialization Protocol (FIP) negotiation packets of VLAN 1 can be sent to the FCoE gateway.

Prerequisites

Before configuring the ACL, ensure that the following prerequisites are met:
  • The device is operating properly, users can locally or remotely log in to the device.

Configuration Process

Perform one or some of the following tasks based on site requirements:
  • Define the ACL rule and traffic strategies.
  • Apply the ACL rule to the port that connects to the FCoE gateway.

Procedure

  1. Run system-view to go to the system view.
  2. Run acl { [ number ] acl-number | name acl-name [ [ number ] acl-number | link ] } to create a layer 2 ACL and go to the ACL view.
  3. Run rule [ rule-id ] { deny | permit } [ type type [ type-mask ] | source-mac source-mac [ source-mac-mask ] | destination-mac dest-mac [ dest-mac-mask ] | [ ether-ii | 802.3 | snap ] | vlan vlan-id [ vlan-mask ] | 8021p 8021p | inner-vlan inner-vlan-id [ inner-vlan-mask ] | inner-8021p inner-8021p | double-tag | time-range time-name ] * to configure a layer 2 ACL rule. This allows FIP packets to pass through the port.
  4. Run rule [ rule-id ] { deny | permit } [ type type [ type-mask ] | source-mac source-mac [ source-mac-mask ] | destination-mac dest-mac [ dest-mac-mask ] | [ ether-ii | 802.3 | snap ] | vlan vlan-id [ vlan-mask ] | 8021p 8021p | inner-vlan inner-vlan-id [ inner-vlan-mask ] | inner-8021p inner-8021p | double-tag | time-range time-name ] * to configure a layer 2 ACL rule. This forbids packets of VLAN 1 to pass through the port.
  5. Run traffic classifier classifier-name [ type { and | or } ] to create traffic classification and go to the traffic classification view.
  6. Run if-match acl { acl-number | acl-name } to match traffic classification rules with the ACL rules.
  7. Run traffic behavior behavior-name to create a traffic behavior and go to the traffic behavior view.
  8. Run traffic policy policy-name to create a traffic policy and go to the traffic policy view.
  9. Run classifier classifier-name behavior behavior-name [ precedence precedence-value ] to correlate the traffic policy with the traffic behavior.
  10. Run commit.
  11. Run interface interface-type interface-number to go to the interface view for the port that connects to the FCoE gateway.
  12. Run traffic-policy policy-name { inbound | outbound } to apply the traffic policy to handling of outgoing traffic on the port.
  13. Run port-isolate enable group group-id to add the port connected to the FCoE gateway to the port isolation group.
  14. Run stp disable to disable the STP function on the port connected to the FCoE gateway.
  15. Run storm suppression broadcast block outbound to suppress the broadcast packets in the outbound direction of the port connected to the FCoE gateway.
  16. Run storm suppression multicast block outbound to suppress the multicast packets in the outbound direction of the port connected to the FCoE gateway.
  17. Run storm suppression unknown-unicast block outbound to suppress the unknown-unicast packets in the outbound direction of the port connected to the FCoE gateway.
  18. Run commit.

Checking the Configuration Result

Perform the following steps to check the configuration result:

  1. Run display traffic classifier [ classifier-name ] to check the traffic classification.
  2. Run display acl{ acl-number | name acl-name | all } to check the ACL rule configuration.
  3. Run display traffic policy [ policy-name [ classifier classifier-name ] ] to check the traffic policy configuration.
  4. Run display traffic-policy applied-record [ policy-name ] to check the application status of a specified traffic policy.
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 60646

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next