Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Rate Limiting in a Specified Time Range
Networking Requirements
As shown in Figure 4-12, users connect to the Internet devices through GE2/0/1 of the switch.
During work hours from 08:30 to 18:00, the rate of traffic sent to the external network cannot exceed 4 Mbit/s.
Configuration Roadmap
A time-range-based traffic policy can be used to implement rate limiting. The configuration roadmap is as follows:
- Configure interfaces to enable the users to connect to the Internet through the Switch.
- Configure a time range, which will be applied to an ACL.
- Configure an ACL to match traffic passing through the Switch in the specified time range.
- Configure an ACL to match HTTP traffic for accessing the Internet in the specified time range.
- Configure a traffic policy to limit the rate of packets matching the ACL.
- Apply the traffic policy to the inbound direction of GE1/0/1.
Procedure
- Create VLANs and configure interfaces.
# Create VLAN 10 on the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 10 [Switch-vlan10] quit
# Configure GE1/0/1 and GE2/0/1 on the Switch as trunk interfaces and add them to VLAN 10.
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 2/0/1 [Switch-GigabitEthernet2/0/1] port link-type trunk [Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 10 [Switch-GigabitEthernet2/0/1] quit
![]()
NOTE: Configure the interface of the LSW connected to the Switch as a trunk interface and add it to VLAN 10.
# Create VLANIF 10 and assign IP address 192.168.1.1/24 to it.
[Switch] interface vlanif 10 [Switch-Vlanif10] ip address 192.168.1.1 24 [Switch-Vlanif10] quit
![]()
NOTE: Configure IP address 192.168.1.2/24 for the router interface connected to the Switch.
- Create a time range working_time that defines work hours from 08:30 to 18:00.
[Switch] time-range working_time 08:30 to 18:00 working-day - Configure ACL 2001 and define two rules to rate-limit traffic from 192.168.1.11 and 192.168.1.12 during work hours.
[Switch] acl number 2001 [Switch-acl-basic-2001] rule permit source 192.168.1.11 0 time-range working_time [Switch-acl-basic-2001] rule permit source 192.168.1.12 0 time-range working_time [Switch-acl-basic-2001] quit
- Configure ACL 3000 and define one rule to rate-limit HTTP traffic (port 80) from the source IP address 192.168.1.10 to the Internet during work hours.
[Switch] acl number 3000 [Switch-acl-adv-3000] rule permit tcp destination-port eq 80 source 192.168.1.10 0 time-range working_time [Switch-acl-adv-3000] quit
- Apply ACL 2001 to a traffic classifier.
[Switch] traffic classifier c1 operator or [Switch-classifier-c1] if-match acl 2001 [Switch-classifier-c1] if-match acl 3000 [Switch-classifier-c1] quit
- Configure a traffic behavior and set the rate limit to 4 Mbit/s.
[Switch] traffic behavior b1 [Switch-behavior-b1] car cir 4096 [Switch-behavior-b1] quit
- Configure a traffic policy and apply the traffic policy on GE1/0/1 in the inbound direction.
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound [Switch-GigabitEthernet1/0/1] quit
- Verify the configuration.
# View the traffic classifier configuration.
[Switch] display traffic classifier user-defined c1 User Defined Classifier Information: Classifier: c1 Precedence: 5 Operator: OR Rule(s) : if-match acl 2001 if-match acl 3000# View the traffic policy configuration.
[Switch] display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c1 Operator: OR Behavior: b1 Permit Committed Access Rate: CIR 4096 (Kbps), PIR 4096 (Kbps), CBS 770048 (byte), PBS 1282048 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 10 # time-range working_time 08:30 to 18:00 working-day # acl number 2001 rule 5 permit source 192.168.1.11 0 time-range working_time rule 10 permit source 192.168.1.12 0 time-range working_time # acl number 3000 rule 5 permit tcp source 192.168.1.10 0 destination-port eq www time-range working_time # traffic classifier c1 operator or precedence 5 if-match acl 2001 if-match acl 3000 # traffic behavior b1 permit car cir 4096 pir 4096 cbs 770048 pbs 1282048 mode color-blind green pass yellow pass red discard # traffic policy p1 match-order config classifier c1 behavior b1 # interface Vlanif10 ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 traffic-policy p1 inbound # interface GigabitEthernet2/0/1 port link-type trunk port trunk allow-pass vlan 10 # return
Previous
