No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - QoS

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of QoS functions, including MQC, priority mapping, traffic policing, traffic shaping, interface-based rate limiting, congestion avoidance, congestion management, packet filtering, redirection, traffic statistics, and ACL-based simplified traffic policy.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL-based Packet Filtering

Configuring ACL-based Packet Filtering

Pre-configuration Tasks

Before configuring ACL-based filtering, complete the following tasks:
  • Configure link layer attributes of interfaces to ensure that the interfaces work properly.

  • Configure an ACL.

Context

ACL-based packet filtering enables the device to control network traffic by permitting or rejecting packets matching ACL rules.

If the traffic-filter (system view), traffic-filter (VLAN view), and traffic-filter (interface view) commands are configured simultaneously, the ACL-based simplified traffic policies applied to the interface, VLAN, and system take effect in descending order of priority.

NOTE:
  • If an ACL-based simplified traffic policy needs to be applied to multiple VLANs and interfaces or multiple rules for matching packets from different source IP addresses need to be bound to the same ACL-based simplified traffic policy, you are advised to add these VLANs, source IP addresses, and interfaces to the same QoS group and apply the ACL-based simplified traffic policy to the QoS group.

Procedure

  • Configure packet filtering in the system.
    1. Run system-view

      The system view is displayed.

    2. Run traffic-filter acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * global [ slot slot-id ] { inbound [ priority { low | high } ] | outbound }

      ACL-based packet filtering is configured in the system or a specified slot.

    3. Run commit

      The configuration is committed.

  • Configure packet filtering in a VLAN.
    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run traffic-filter acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * { inbound [ priority { low | high } ] | outbound }

      ACL-based packet filtering is configured in the VLAN.

    4. Run commit

      The configuration is committed.

  • Configure packet filtering on an interface.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run traffic-filter acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * { inbound [ priority { low | high } ] | outbound }

      ACL-based packet filtering is configured on the interface.

      NOTE:

      The ACL-based simplified traffic policy can be configured on only the physical interface, Eth-Trunk, and Layer 3 sub-interface in the outbound direction.

    4. Run commit

      The configuration is committed.

  • Configure packet filtering in a QoS group.
    1. Run system-view

      The system view is displayed.

    2. Run qos group group-name

      The QoS group view is displayed.

    3. Run the following commands as required.

      • Run the group-member interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8> command to add interfaces to the QoS group.

      • Run the group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8> command to add VLANs to the QoS group.

    4. Run traffic-filter acl { { { basic-acl | acl-name } | { advanced-acl | acl-name } } | { l2-acl | acl-name } } * inbound [ priority { low | high } ]

      ACL-based packet filtering is configured in the QoS group.

    5. Run commit

      The configuration is committed.

Verifying the Configuration

Run the display traffic-policy applied-record traffic-filter [ global [ slot slot-id ] | interface interface-type interface-number | vlan vlan-id | qos group group-id ] [ inbound | outbound ] command to check the application record of a specified traffic policy.

Follow-up Procedure

For the CE12800, if a low-priority traffic policy takes effect before you apply a high-priority traffic policy, ACL rules may be slow to take effect. Consequently, service processing will be delayed. You can run the traffic-policy fast-mode command in the system view to enable fast delivery of ACLs. This ensures that ACL rules take effect rapidly and services can be processed in real time.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004202

Views: 31534

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next