No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - QoS

AR100-S, AR110-S, AR120-S, AR150-S, AR160-S, AR200-S, AR1200-S, AR2200-S, and AR3200-S V200R009

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Packet Filtering

Example for Configuring Packet Filtering

Networking Requirements

In Figure 7-2, voice, video, and data services on the enterprise's LAN are transmitted to Eth2/0/0 and Eth2/0/1 of RouterA through SwitchA and SwitchB, and to the WAN through GE1/0/0 of RouterA.

Packets of different services are identified by 802.1p priorities on the LAN. When packets reach the WAN through GE1/0/0, it is required that data packets be filtered and voice and video services be ensured.

Figure 7-2  Networking of packet filtering

Configuration Roadmap

You can define the deny action in a traffic policy to filter packets. The configuration roadmap is as follows:
  1. Configure interfaces so that enterprise users can access the WAN through RouterA.
  2. Configure traffic classifiers to classify packets based on 802.1p priorities.
  3. Configure traffic behaviors so that the device permits or rejects packets matching rules.
  4. Configure a traffic policy, bind the traffic policy to the traffic classifiers and traffic behaviors, and apply the traffic policy to Eth2/0/0 and Eth2/0/1 in the inbound direction to filter packets.

Procedure

  1. Create VLANs and configure interfaces.

    # Create VLAN 10 and VLAN 20 on RouterA.

    <Huawei> system-view
    [Huawei] sysname RouterA
    [RouterA] vlan batch 10 20

    # Configure Eth2/0/0 and Eth2/0/1 on RouterA as trunk interfaces, and add Eth2/0/0 to VLAN 10 and Eth2/0/1 to VLAN 20. Configure IP address 192.168.4.1/24 for GE1/0/0.

    [RouterA] interface ethernet 2/0/0
    [RouterA-Ethernet2/0/0] port link-type trunk
    [RouterA-Ethernet2/0/0] port trunk allow-pass vlan 10
    [RouterA-Ethernet2/0/0] quit
    [RouterA] interface ethernet 2/0/1
    [RouterA-Ethernet2/0/1] port link-type trunk
    [RouterA-Ethernet2/0/1] port trunk allow-pass vlan 20
    [RouterA-Ethernet2/0/1] quit
    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] ip address 192.168.4.1 24
    [RouterA-GigabitEthernet1/0/0] quit
    NOTE:

    Configure the interface on SwitchA connected to RouterA as a trunk interface and add it to VLAN 10.

    Configure the interface on SwitchB connected to RouterA as a trunk interface and add it to VLAN 20.

    # Create VLANIF 10 and VLANIF 20, and assign IP address 192.168.2.1/24 to VLANIF 10 and IP address 192.168.3.1/24 to VLANIF 20.

    [RouterA] interface vlanif 10
    [RouterA-Vlanif10] ip address 192.168.2.1 24
    [RouterA-Vlanif10] quit
    [RouterA] interface vlanif 20
    [RouterA-Vlanif20] ip address 192.168.3.1 24
    [RouterA-Vlanif20] quit
    

    # Configure IP address 192.168.4.2/24 for GE1/0/0 on RouterB.

    <Huawei> system-view
    [Huawei] sysname RouterB
    [RouterB] interface gigabitethernet 1/0/0
    [RouterB-GigabitEthernet1/0/0] ip address 192.168.4.2 24
    [RouterB-GigabitEthernet1/0/0] quit

    # Configure RouterB to interwork with the network layer of the LAN.

    [RouterB] ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
    [RouterB] ip route-static 192.168.3.0 255.255.255.0 192.168.4.1
    NOTE:

    Configure the default gateway address 192.168.2.1/24 for enterprise users connected to SwitchA.

    Configure the default gateway address 192.168.3.1/24 for enterprise users connected to SwitchB.

  2. Configure traffic classifiers.

    # Create and configure traffic classifiers c1, c2, and c3 on RouterA to classify packets based on 802.1p priorities.

    [RouterA] traffic classifier c1
    [RouterA-classifier-c1] if-match 8021p 2
    [RouterA-classifier-c1] quit
    [RouterA] traffic classifier c2
    [RouterA-classifier-c2] if-match 8021p 5
    [RouterA-classifier-c2] quit
    [RouterA] traffic classifier c3
    [RouterA-classifier-c3] if-match 8021p 6
    [RouterA-classifier-c3] quit
    

  3. Configure traffic behaviors.

    # Configure a traffic behavior named b1 on RouterA and define the deny action.

    [RouterA] traffic behavior b1
    [RouterA-behavior-b1] deny
    [RouterA-behavior-b1] quit
    

    # Configure traffic behaviors b2 and b3 on RouterA and define the permit action.

    [RouterA] traffic behavior b2
    [RouterA-behavior-b2] permit
    [RouterA-behavior-b2] quit
    [RouterA] traffic behavior b3
    [RouterA-behavior-b3] permit
    [RouterA-behavior-b3] quit
    

  4. Configure a traffic policy and apply the traffic policy to interfaces.

    # Create a traffic policy named p1 on RouterA, bind the traffic behaviors and traffic classifiers to the traffic policy, and apply the traffic policy to Eth2/0/0 and Eth2/0/1 in the inbound direction to filter packets.

    [RouterA] traffic policy p1
    [RouterA-trafficpolicy-p1] classifier c1 behavior b1
    [RouterA-trafficpolicy-p1] classifier c2 behavior b2
    [RouterA-trafficpolicy-p1] classifier c3 behavior b3
    [RouterA-trafficpolicy-p1] quit
    [RouterA] interface ethernet 2/0/0
    [RouterA-Ethernet2/0/0] traffic-policy p1 inbound
    [RouterA-Ethernet2/0/0] quit
    [RouterA] interface ethernet 2/0/1
    [RouterA-Ethernet2/0/1] traffic-policy p1 inbound
    [RouterA-Ethernet2/0/1] quit

  5. Verify the configuration.

    # Check the traffic classifier configuration.

    <RouterA> display traffic classifier user-defined
      User Defined Classifier Information:                                          
       Classifier: c2                                                               
        Operator: OR                                                               
        Rule(s) :
         if-match 8021p 5                                                  
       Classifier: c3                                                               
        Operator: OR                                                               
        Rule(s) :
         if-match 8021p 6                                                  
       Classifier: c1                                                               
        Operator: OR                                                               
        Rule(s) :
         if-match 8021p 2                                                  
    

    # Check the traffic policy record.

    <Router> display traffic-policy applied-record p1
    -------------------------------------------------                               
      Policy Name:   p1                                                             
      Policy Index:  0                                                              
         Classifier:c1     Behavior:b1                                              
         Classifier:c2     Behavior:b2                                              
         Classifier:c3     Behavior:b3                                              
    -------------------------------------------------                              
     *interface Ethernet2/0/0                                                       
        traffic-policy p1 inbound                                                   
          slot 0    :  success                                                      
          slot 2    :  success                                                      
       Classifier: c1                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 2                                                           
         Behavior: b1                                                               
          Deny                                                                      
       Classifier: c2                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 5                                                           
         Behavior: b2                                                               
       Classifier: c3                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 6                                                           
         Behavior: b3                                                               
     *interface Ethernet2/0/1                                                       
        traffic-policy p1 inbound                                                   
          slot 0    :  success                                                      
          slot 2    :  success                                                      
       Classifier: c1                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 2                                                           
         Behavior: b1                                                               
          Deny                                                                      
       Classifier: c2                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 5                                                           
         Behavior: b2                                                               
       Classifier: c3                                                               
        Operator: OR                                                                
        Rule(s) :                                                                   
         if-match 8021p 6                                                           
         Behavior: b3                                                               
       Behavior: Be                                                                 
          Assured Forwarding:                                                       
            Bandwidth 0 (Kbps)                                                  
    -------------------------------------------------                               
      Policy total applied times: 2.                                                

Configuration Files

  • RouterA configuration file

    #
     sysname RouterA
    #
    vlan batch 10 20
    #
    traffic classifier c3 operator or
     if-match 8021p 6
    traffic classifier c2 operator or
     if-match 8021p 5
    traffic classifier c1 operator or
     if-match 8021p 2
    #
    traffic behavior b3
    traffic behavior b2
    traffic behavior b1
     deny
    #
    traffic policy p1
     classifier c1 behavior b1
     classifier c2 behavior b2
     classifier c3 behavior b3
    #
    interface Vlanif10
     ip address 192.168.2.1 255.255.255.0
    #
    interface Vlanif20
     ip address 192.168.3.1 255.255.255.0
    #
    interface Ethernet2/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
     traffic-policy p1 inbound
    #
    interface Ethernet2/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
     traffic-policy p1 inbound
    #
    interface GigabitEthernet1/0/0
     ip address 192.168.4.1 255.255.255.0
    #
    return
    
  • RouterB configuration file

    #
     sysname RouterB
    #
    interface GigabitEthernet1/0/0
     ip address 192.168.4.2 255.255.255.0
    # 
    ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
    ip route-static 192.168.3.0 255.255.255.0 192.168.4.1
    #
    return
    
Translation
Download
Updated: 2019-05-17

Document ID: EDOC1000174115

Views: 39895

Downloads: 28

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next