No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - QoS

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Packet Filtering

Example for Configuring Packet Filtering

Networking Requirements

Figure 7-2 shows an example where the campus and server are located in different place and need to communicate with each other through the Internet.

The intention is that the PC in the multimedia room can connect to only the FTP server and the PC in the teacher's office can connect to both the FTP server and the web server.

Figure 7-2 Networking of packet filtering

Configuration Roadmap

  1. Configure the device to differentiate traffic sent from the web server to the PC in the multimedia room based on source and destination IP addresses.
  2. Configure the device to discard traffic sent from the web server to the PC in the multimedia room so that the PC in the multimedia room can access only the FTP server.

Procedure

  1. Create VLANs and configure interfaces on SwitchA.

    # Create VLAN 100 and VLAN 200.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan batch 100 200
    [*SwitchA] commit
    

    # 10GE1/0/2 and 10GE1/0/3 on SwitchB are access interfaces by default. Add 10GE1/0/2 to VLAN 100 and 10GE1/0/3 to VLAN 200, and configure 10GE1/0/1 as a trunk interface and add 10GE1/0/1 to VLAN 100 and VLAN 200.

    [~SwitchA] interface 10ge 1/0/1
    [~SwitchA-10GE1/0/1] port link-type trunk
    [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 100 200
    [*SwitchA-10GE1/0/1] quit
    [*SwitchA] interface 10ge 1/0/2
    [*SwitchA-10GE1/0/2] port default vlan 100
    [*SwitchA-10GE1/0/2] quit
    [*SwitchA] interface 10ge 1/0/3
    [*SwitchA-10GE1/0/3] port default vlan 200
    [*SwitchA-10GE1/0/3] quit
    [*SwitchA] commit
    

  2. Create VLANs and configure interfaces on SwitchB.

    # Create VLAN 100 and VLAN 200.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [*SwitchB] vlan batch 100 200
    [*SwitchB] commit
    

    # Configure 10GE1/0/1 as a trunk interface and add 10GE1/0/1 to VLAN 100 and VLAN 200.

    [~SwitchB] interface 10ge 1/0/1
    [~SwitchB-10GE1/0/1] port link-type trunk
    [*SwitchB-10GE1/0/1] port trunk allow-pass vlan 100 200
    [*SwitchB-10GE1/0/1] quit
    [*SwitchB] commit
    

  3. Configure an ACL rule.

    # Create ACL 3001 on SwitchB to match flows with source IP address 192.168.4.1 and destination IP address 192.168.2.1 (flows sent from the web server to the PC in the multimedia room).

    [~SwitchB] acl 3001
    [*SwitchB-acl4-advance-3001] rule permit ip destination 192.168.2.1 24 source 192.168.4.1 24
    [*SwitchB-acl4-advance-3001] quit
    [*SwitchB] commit

  4. Configure a traffic classifier.

    # Create a traffic classifier named c1 on SwitchB and reference ACL 3001 in the traffic classifier.

    [~SwitchB] traffic classifier c1
    [*SwitchB-classifier-c1] if-match acl 3001
    [*SwitchB-classifier-c1] quit
    [*SwitchB] commit

  5. Configure a traffic behavior.

    # Configure a traffic behavior named b1 on SwitchB and define the deny action.

    [~SwitchB] traffic behavior b1
    [*SwitchB-behavior-b1] deny
    [*SwitchB-behavior-b1] quit
    [*SwitchB] commit

  6. Configure a traffic policy and apply the traffic policy to 10GE1/0/1 in the inbound direction.

    # Create a traffic policy named p1 on SwitchB and bind the traffic policy to the traffic classifier and traffic behavior.

    [~SwitchB] traffic policy p1
    [*SwitchB-trafficpolicy-p1] classifier c1 behavior b1
    [*SwitchB-trafficpolicy-p1] quit
    [*SwitchB] commit

    # Apply the traffic policy p1 to 10GE1/0/1 in the inbound direction.

    [~SwitchB] interface 10ge 1/0/1
    [~SwitchB-10GE1/0/1] traffic-policy p1 inbound
    [*SwitchB-10GE1/0/1] quit
    [*SwitchB] commit
    [~SwitchB] quit

  7. Verify the configuration.

    # Check the ACL rule configuration.

    <SwitchB> display acl 3001
    Advanced ACL 3001, 1 rule                                                                                                           
    ACL's step is 5                                                                                                                     
     rule 5 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 (0 times matched)                                 
    

    # View the traffic classifier configuration.

    <SwitchB> display traffic classifier c1
      Traffic Classifier Information:
        Classifier: c1
          Type: OR
          Rule(s):
            if-match acl 3001

    # View the traffic policy configuration.

    <SwitchB> display traffic policy p1
      Traffic Policy Information:
        Policy: p1
          Classifier: c1
            Type: OR
          Behavior: b1
            Deny

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 100 200
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 200
    #
    interface 10GE1/0/2
     port default vlan 100
    #
    interface 10GE1/0/3
     port default vlan 200
    #
    return
    
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    vlan batch 100 200
    #
    acl number 3001
     rule 5 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
    # 
    traffic classifier c1 type or
     if-match acl 3001
    #
    traffic behavior b1
     deny
    #
    traffic policy p1
     classifier c1 behavior b1 precedence 5 
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100 200
     traffic-policy p1 inbound
    #
    return
    
Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004202

Views: 32111

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next