No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - IP Services
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an MPLS-based ACL

Configuring an MPLS-based ACL

An MPLS-based ACL defines rules to filter packets.

Usage Scenario

Figure 3-10 Configuring an MPLS-based ACL

As shown in Figure 3-10, an MPLS-based ACL is created for QoS services on Device D to allow Device D to allocate 54000 bit/s bandwidth to the MPLS packets with an EXP value smaller than 3 sent from Network A and to allocate 8000 bit/s bandwidth to the MPLS packets with an EXP value greater than 3 sent from Network B.

Configuration Procedures

Figure 3-11 Flowchart for configuring an MPLS-based ACL

Creating an MPLS-based ACL

You can create an MPLS-based ACL and configure parameters for the ACL.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run acl { name mpls-acl-name { mpls | [ mpls ] number mpls-acl-number } | [ number ] mpls-acl-number }

    An MPLS-based ACL is created.

    The MPLS-based ACL number ranges from 10000 to 10999.

  3. (Optional) Run step step

    An ACL step is set.

    You can use an ACL step to maintain ACL rules and add new ACL rules conveniently.
    NOTE:
    Assume that a user has created four rules numbered from 1 to 4 in an ACL. The user can reconfigure the ACL step, for example, to 2 by running the step 2 command in the ACL view. The original rule numbers 1, 2, 3, and 4 are renumbered as 2, 4, 6, and 8, respectively. After that, the user can run the rule 3 command to add a rule numbered 3 between the renumbered rules 2 and 4.

  4. (Optional) Run description text

    The ACL description is configured.

    The description command configures a description for an ACL in any of the following situations:

    • A large number of ACLs are configured, and their functions are difficult to identify.
    • An ACL is used at a long interval, and its function may be left forgotten.
    • Names of named ACLs cannot fully explain the ACLs' functions.

  5. Run commit

    The configuration is committed.

Configuring an MPLS-based ACL Rule

MPLS-based ACL rules are defined based on MPLS packets' EXP, label, or TTL values to filter packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run acl { name mpls-acl-name { mpls | [ mpls ] number mpls-acl-number } | [ number ] mpls-acl-number }

    The MPLS-based ACL view is displayed.

  3. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ exp { exp-value | any } &<1-4> | label { label-value | any } &<1-4> | ttl { { lt | eq | gt } ttl-value | range ttl-value1 ttl-value2 | any } &<1-3> ] *

    Rules for the MPLS-based ACL are configured.

    • Adding new rules to an ACL will not affect the existing rules.

    • When an existing rule is edited and the edited contents conflict with the original contents, the edited contents take effect.

    NOTE:
    When you configure an MPLS-based ACL:
    • If an EXP value is specified by configuring exp, a label value is specified by configuring label, and a TTL value is specified by configuring ttl, the system filters only the packets with the specified EXP, label, and TTL values.
    • If all EXP, label, and TTL values are specified by configuring any, the system does not check MPLS packets' EXP, label, and TTL values, and considers that all packets have matched the rule and directly takes an action (deny or permit) on the packets.

  4. (Optional) Run rule description text

    The description for an ACL rule is configured.

    The description of an ACL rule can contain the functions of the ACL rule. Configuring a description for an ACL rule is recommended to prevent misuse of the rule in the following situations:
    • A large number of ACLs are configured, and their functions are difficult to identify.
    • An ACL is used at a long interval, and its function may be left forgotten.

  5. Run commit

    The configuration is committed.

Applying an MPLS-based ACL

MPLS-based ACLs can be used in QoS services.

Context

Table 3-7 describes the typical applications of MPLS-based ACLs.

Table 3-7 Typical applications of MPLS-based ACLs

Typical Application

Usage Scenario

Operation

QoS services

To process different types of traffic, configure an MPLS-based ACL to perform traffic policing, traffic shaping, or traffic classification on traffic that matches the ACL rules.

For details on how to process different types of traffic, see Configuring the Traffic Policing Policy, Configuring Traffic Shaping, and Configuring Traffic Behaviors.

Typical Cases of Applying an MPLS-based ACL

Cases of applying an MPLS-based ACL in QoS services

For example, a user configures a device as follows:
  • Configuring an MPLS-based ACL in firewall traffic behavior (packet filtering)
    acl number 10001
     rule 5 permit exp 3 label 2048 ttl eq 23
     rule 10 deny 
    traffic classifier acl 
     if-match acl 10001
    traffic behavior test
     permit
    traffic policy test
     classifier acl behavior test
    interface GigabitEthernet0/2/0
     traffic-policy test inbound

    Matching result: Only MPLS packets with the EXP value 3, label value 2048, and TTL value 23 are permitted.

  • Configuring an MPLS-based ACL in common traffic behavior
    acl number 10001
     rule 5 permit exp 3 label 2048 ttl eq 23
     rule 10 deny 
    traffic classifier acl 
     if-match acl 10001
    traffic behavior test
     remark mpls-exp 7
    traffic policy test
     classifier acl behavior test
    interface GigabitEthernet0/2/0
     traffic-policy test inbound

    Matching result: Only MPLS packets with the EXP value 3, label value 2048, and TTL value 23 are permitted, and the packet EXP value is re-marked 7.

Verifying the Configuration of an MPLS-based ACL

After configuring an MPLS-based ACL, verify the configuration.

Prerequisites

An MPLS-based ACL has been configured.

Procedure

  • Run the display acl { acl-number | name acl-name | all } command to check MPLS-based ACL configurations.
  • Run the display time-range { time-name | all } command to check the configuration of a specified or all validity periods.

Example

Run the display acl command. The command output shows the ACL number, ACL rule number, ACL step, and rule contents.

<HUAWEI> display acl 10000
Mpls ACL 10000, 2 rules
ACL's step is 5
 rule 5 permit exp 2 any any any (0 times matched)
 rule 10 permit ttl gt 2 any any (0 times matched)

Run the display time-range command. The command output shows validity period configurations.

<HUAWEI> display time-range time1
Current time is 2006-3-15 14:19:16 Wednesday

Time-range : time1 ( Inactive )
 10:00 to 12:00 daily
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055376

Views: 17493

Downloads: 35

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next