No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Configure Bandwidth Limit Without Effects on Mutual Access Between Intranet Segments (Using the Web Platform)?

How Do I Configure Bandwidth Limit Without Effects on Mutual Access Between Intranet Segments (Using the Web Platform)?

Networking Requirements

In Figure 29-70, Router serves as the egress gateway of the enterprise and connects to the Internet through GE0/0/1. GE0/0/1 uses a static IP address 10.1.1.110/24; the gateway address of Router is 10.1.1.1; the DNS server addresses of Router are 201.10.1.150 and 202.1.1.148. Intranet users access the Internet after address translation through the network address translation (NAT) service deployed on Router. The customer wants to limit the uplink bandwidth of Internet access traffic to 20 Mbit/s and 30 Mbit/s respectively for the network segments 192.168.10.0/24 and 192.168.20.0/24, and the downlink bandwidth to 20 Mbit/s and 30 Mbit/s respectively. In addition, the customer requires that the bandwidth limit of Internet access traffic do not affect the mutual access between users in the two network segments.

Figure 29-70 Networking diagram for configuring traffic policing

Configuration Roadmap

The configuration roadmap is as follows:
  1. Complete basic network configurations. (If basic network configurations have been completed, skip this step and go to step 2. You only need to perform rate limit configurations.)
    • Set parameters, such as the interface IP address and gateway address on GE0/0/1.

    • Create VLAN 10 and VLANIF 10 and use VLANIF 10 as the gateway of the network segment 192.168.10.0/24. Create VLAN 20 and VLANIF 20 and use VLANIF 20 as the gateway of the network segment 192.168.20.0/24. Add the Layer 2 Ethernet interface Eth0/0/2 connecting to Switch to VLAN 10 and VLAN 20 as a trunk interface.

  2. Configure a traffic policy to limit the rate on the VLANIF interfaces. In the policy, configure traffic classifiers to distinguish traffic of mutual access between intranet segments from Internet access traffic, and configure a traffic behavior to limit the Internet access traffic rate.

Procedure

  1. Configure GE0/0/1, add the Layer 2 Ethernet interface Eth0/0/2 to VLANs, and create VLANIF interfaces.

    1. Configure GE0/0/1.
      Choose WAN Access > Ethernet Interface and click Create. In the displayed dialog box, set parameters according to Figure 29-71 and click OK.
      Figure 29-71 Creating an Ethernet interface

    2. Choose LAN Access > LAN > VLAN Interface and click Create. In the displayed dialog box, set parameters according to Figure 29-72 and click OK. Figure 29-72 shows the settings for VLANIF 10. The settings for VLANIF 20 are similar, and are not mentioned here.
      Figure 29-72 Creating a VLAN interface

    3. Configure VLANIF 20 by referring to the settings in the previous step.

  2. Configure traffic policies to implement the bandwidth limit.

    The traffic policy configuration method of VLANIF 10 is the same as that of VLANIF 20. In this topic, VLANIF 10 is used as an example to describe the traffic policy configuration method. The traffic policy of VLANIF 20 can be configured by referring to the configuration method of VLANIF 10.

    1. Limit the uplink bandwidth to 20 Mbit/s for the network segment 192.168.10.0/24.

      1. On the web platform, choose Security > ACL. On the Advanced ACL Setting page, click Create. Configure ACL rules to control traffic of mutual access between intranet segments and Internet access traffic identified by traffic classifiers.
        Configure ACL rules to match traffic of mutual access between intranet segments according to Figure 29-73.
        Figure 29-73 Configuring ACL rules to match traffic of mutual access between intranet segments

        Configure an ACL rule to match Internet access traffic according to Figure 29-74.
        Figure 29-74 Configuring an ACL rule to match Internet access traffic

      2. On the web platform, choose QoS > Traffic Management. On the Policy Parameter Setting page, click Create. In the displayed dialog box, set the policy name, and then configure other information about the uplink traffic policy for the network segment 192.168.10.0/24.

        Configure a traffic classifier and a traffic behavior for mutual access between intranet segments on VLANIF 10 according to Figure 29-75. Select innerFlow configured in the previous step for Matched IPv4 ACL. Use the default values for other parameters to make mutual access between intranet segments unlimited. Click Confirm.
        Figure 29-75 Adding the traffic classifier for mutual access between intranet segments to the inbound traffic policy

        Click Add Traffic Classifier and create a traffic classifier. Configure the traffic classifier and traffic behavior for Internet access on VLANIF 10 according to Figure 29-76. Select acl3001 configured in the previous step for Matched IPv4 ACL. In the Configure Traffic Policing area, set CIR to 20000, indicating that the uplink bandwidth is limited to 20 Mbit/s. Click Confirm. Click OK.
        Figure 29-76 Adding the traffic classifier for Internet access to the inbound traffic policy

      3. On the web platform, choose QoS > Traffic Management. On the Policy Application page, click Create. Apply the traffic policy to VLANIF 10 to implement the uplink bandwidth limit on Internet access for the network segment 192.168.10.0/24.
        Figure 29-77 Applying the inbound traffic policy

    2. Limit the downlink bandwidth to 20 Mbit/s for the network segment 192.168.10.0/24.

      1. Configure ACL rules to control traffic of mutual access between intranet segments and Internet access traffic identified by traffic classifiers.

        The ACL rules for the traffic classifier for the downlink bandwidth limit are the same those for the traffic classifier for the uplink bandwidth limit, and consequently do not need to be configured again.

      2. On the web platform, choose QoS > Traffic Management. On the Policy Parameter Setting page, click Create. In the displayed dialog box, set the policy name, and then configure other information about the downlink traffic policy for the network segment 192.168.10.0/24.

        Configure a traffic classifier and a traffic behavior for mutual access between intranet segments on VLANIF 10 according to Figure 29-78. Select innerFlow configured in the previous step for Matched IPv4 ACL. Use the default values for other parameters to make mutual access between intranet segments unlimited. Click Confirm.
        Figure 29-78 Adding the traffic classifier for mutual access between intranet segments to the downlink traffic policy

        Click Add Traffic Classifier and create a traffic classifier. Configure the traffic classifier and traffic behavior for Internet access on VLANIF 10 according to Figure 29-79. Select acl3001 configured in the previous step for Matched IPv4 ACL. In the Configure Traffic Policing area, set CIR to 20000, indicating that the downlink bandwidth is limited to 20 Mbit/s. Click Confirm. Click OK.
        Figure 29-79 Adding the traffic classifier for Internet access to the downlink traffic policy

      3. On the web platform, choose QoS > Traffic Management. On the Policy Application page, click Create. Apply the traffic policy to VLANIF 10 to implement the downlink bandwidth limit on Internet access for the network segment 192.168.10.0/24.
        Figure 29-80 Applying the downlink traffic policy

      4. Complete the traffic policy configuration on VLANIF 20 by referring to the configuration in the previous step.

Precautions

  1. This example uses an AR1220 running V200R007C00SPCb00.
  2. During the configuration, traffic policies are used to differentiate traffic between intranet segments from Internet access traffic. Only the Internet access traffic bandwidth is limited. The bandwidth for traffic between intranet segments is not limited. This configuration method is applicable in the scenario where there is a large amount of mutual access between intranet segments and the Internet access rate needs to be limited. If there is a small amount of mutual access between intranet segments, rate limit can be configured on the intranet interface on the Interface Rate Limit web page. For details, see How Do I Limit the Sharing Bandwidth of Some Intranet IP Address Segments (Using the Web Platform)? or How Do I Limit the Maximum Upload Rate of Each Intranet User (Using the Web Platform)?.
  3. In this example, rate limit is configured on an intranet interface (a router interface connecting to the intranet). Typically, rate limit by intranet user or network segment is configured on an intranet interface. As the NAT service is deployed on an extranet interface, configuring rate limit for intranet users on the same extranet interface will increase the device cost and reduce the device performance due to complex configurations.
  4. Set Direction to Inbound or Outbound based on the direction of the traffic to be limited.
    • On an intranet interface, Inbound indicates traffic passing through the intranet interface to the router. The traffic is sent by a PC to the Internet, so the limited rate is the upload rate or uplink bandwidth. Similarly, Outbound indicates traffic passing out of the intranet interface of the router. The traffic is sent by the Internet to a PC, so the limited rate is the download rate or downlink bandwidth.
    • On an extranet interface, Inbound indicates traffic passing through the extranet interface to the router. The traffic is sent by the Internet to a PC, so the limited rate is the download rate or downlink bandwidth. Similarly, Outbound indicates traffic passing out of the extranet interface of the router. The traffic is sent by a PC to the Internet, so the limited rate is the upload rate or uplink bandwidth.
  5. If the web platform of the EasyOperation edition is displayed after your login, as shown in Figure 29-81, click in the upper right corner to switch to the web page of the Classics edition.
    Figure 29-81 Login page of the web platform of the EasyOperation edition

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000079719

Views: 495768

Downloads: 4534

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next