No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Apply a Traffic Policy to a VLANIF Interface to Allow only TCP Packets in ESTABLISHED State to Pass Through?

How Do I Apply a Traffic Policy to a VLANIF Interface to Allow only TCP Packets in ESTABLISHED State to Pass Through?

Only the CE12800E equipped with FD-X series cards, CE6850HI, CE6850U-HI, CE6851HI, CE6855HI, CE6856HI, CE6857EI, CE6860EI, CE6865EI, CE7850EI, CE7855EI, CE8850EI, CE8861EI, CE8868EI, and CE8860EI support this mode.

Networking Requirements

You want to apply a traffic policy to allow only TCP packets in ESTABLISHED state to be sent from VLANIF 30 to VLANIF 150 and discard other packets sent in this direction.

Procedure

  1. Configure the traffic classifiers c1, c2, and c3.

    <HUAWEI> system-view
    [~HUAWEI] acl 3000
    [*HUAWEI-acl4-advance-3000] rule permit tcp tcp-flag established  
    [*HUAWEI-acl4-advance-3000] quit
    [*HUAWEI] traffic classifier c1
    [*HUAWEI-classifier-c1] if-match acl 3000
    [*HUAWEI-classifier-c1] quit
    [*HUAWEI] traffic classifier c2
    [*HUAWEI-classifier-c2] if-match vlan 30                          
    [*HUAWEI-classifier-c2] quit
    [*HUAWEI] traffic classifier c3
    [*HUAWEI-classifier-c3] if-match qos-local-id 1                   
    [*HUAWEI-classifier-c3] quit
    [*HUAWEI] commit
    
  2. Configure traffic behaviors b1, b2, and b3.

    [~HUAWEI] traffic behavior b1
    [*HUAWEI-behavior-b1] permit                                      
    [*HUAWEI-behavior-b1] quit
    [*HUAWEI] traffic behavior b2
    [*HUAWEI-behavior-b2] remark qos-local-id 1                       
    [*HUAWEI-behavior-b2] quit
    [*HUAWEI] traffic behavior b3
    [*HUAWEI-behavior-b3] deny                                        
    [*HUAWEI-behavior-b3] quit
    [*HUAWEI] commit
    
  3. Configure traffic policies p1 and p2.

    [~HUAWEI] traffic policy p1
    [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 precedence 1 
    [*HUAWEI-trafficpolicy-p1] classifier c2 behavior b2 precedence 5 
    [*HUAWEI-trafficpolicy-p1] quit
    [~HUAWEI] traffic policy p2
    [*HUAWEI-trafficpolicy-p2] classifier c3 behavior b3              
    [*HUAWEI-trafficpolicy-p2] quit
    [*HUAWEI] commit
    
  4. Apply the traffic policy p1 in the inbound direction of VLANIF 30.

    [~HUAWEI] interface Vlanif 30
    [~HUAWEI-Vlanif30] traffic-policy p1 inbound
    [*HUAWEI] commit
    
  5. Apply the traffic policy p2 in the outbound direction of VLANIF 150.

    [~HUAWEI] interface Vlanif 150
    [~HUAWEI-Vlanif150] traffic-policy p2 outbound
    [*HUAWEI] commit
    
Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 618391

Downloads: 2969

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next