No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - QoS

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Packet Filtering Based on the Server Port Number

Example for Configuring Packet Filtering Based on the Server Port Number

Networking Requirements

In Figure 8-3, the enterprise office connects to servers through SwitchA, the FTP server and email server belong to the same network segment, while the web server belongs to another network segment.

The enterprise wants their R&D department and administrative department to be able to access only the FTP server.

Figure 8-3 Networking of packet filtering

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure SwitchB to differentiate traffic from the FTP, web, and email servers based on the port number and network segment.
  2. Configure SwitchB to discard traffic from the web and email servers so that the R&D department and administrative department can access only the FTP server.


  1. Create VLANs and configure interfaces on SwitchA, SwitchB, and switches in the enterprise office area to implement network connectivity. The configuration details are not mentioned here.
  2. Configure ACLs.

    # Create ACL 3001 on SwitchB, and configure rules in ACL 3001 to permit traffic from the web server based on the web server's network segment and traffic from the email server based on the email server's network segment and port number.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*HUAWEI] commit
    [~SwitchB] acl 3001
    [*SwitchB-acl4-advance-3001] rule permit ip source 24
    [*SwitchB-acl4-advance-3001] rule permit tcp source-port eq pop2 source 24 
    [*SwitchB-acl4-advance-3001] quit
    [*SwitchB] commit

  3. Configure a traffic classifier.

    # Create a traffic classifier named c1 on SwitchB and reference ACL 3001 in the traffic classifier.

    [~SwitchB] traffic classifier c1
    [*SwitchB-classifier-c1] if-match acl 3001
    [*SwitchB-classifier-c1] quit
    [*SwitchB] commit

  4. Configure a traffic behavior.

    # Configure a traffic behavior named b1 on SwitchB and define the deny action.

    [~SwitchB] traffic behavior b1
    [*SwitchB-behavior-b1] deny
    [*SwitchB-behavior-b1] quit
    [*SwitchB] commit

  5. Configure a traffic policy and apply the traffic policy to 10GE1/0/1 in the outbound direction.

    # Create a traffic policy named p1 on SwitchB and bind the traffic policy to the traffic classifier and traffic behavior.

    [~SwitchB] traffic policy p1
    [*SwitchB-trafficpolicy-p1] classifier c1 behavior b1
    [*SwitchB-trafficpolicy-p1] quit
    [*SwitchB] commit

    # Apply the traffic policy p1 to 10GE1/0/1 in the outbound direction.

    [~SwitchB] interface 10ge 1/0/1
    [~SwitchB-10GE1/0/1] traffic-policy p1 outbound
    [*SwitchB-10GE1/0/1] quit
    [*SwitchB] commit
    [~SwitchB] quit

  6. Verify the configuration.

    # Check the ACL configuration.

    <SwitchB> display acl 3001
    Advanced ACL 3001, 2 rules                                                       
    ACL's step is 5                                                                 
     rule 5 permit ip source (0 times matched)               
     rule 10 permit tcp source source-port eq pop2 (0 times matched) 

    # Check the traffic classifier configuration.

    <SwitchB> display traffic classifier c1
      Traffic Classifier Information:
        Classifier: c1
          Type: OR
            if-match acl 3001

    # View the traffic policy configuration.

    <SwitchB> display traffic policy p1
      Traffic Policy Information:
        Policy: p1
          Classifier: c1
            Type: OR
          Behavior: b1

Configuration Files

SwitchB configuration file

sysname SwitchB
acl number 3001
 rule 5 permit ip source                                 
 rule 10 permit tcp source source-port eq pop2  
traffic classifier c1 type or
 if-match acl 3001
traffic behavior b1
traffic policy p1
 classifier c1 behavior b1 precedence 5 
interface 10GE1/0/1
 traffic-policy p1 outbound
Updated: 2019-03-21

Document ID: EDOC1000166640

Views: 51457

Downloads: 221

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next