No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

After an ME60 Is Configured with ACL or UCL Is Bound to a Traffic Policy, the Configuration Applied to the Outbound Direction Does Not Take Effect

Publication Date:  2019-03-27 Views:  55 Downloads:  0
Issue Description

Software version: V600R009C20SPC900

Symptom: After an ME60 is configured with an ACL or the UCL is bound to a traffic policy, the configuration applied to the outbound direction does not take effect.

Handling Process

1. The differences between ACL and UCL are as follows:
(1) ACL cannot contain user-group, but UCL must contain user-group.

(2) ACL traffic-policy is used in the interface view, but URL traffic-policy is used in the global view.

(3) At Layer 3, the ACL number is below 3999, but the UCL number is above 6000.

2. The QoS configuration matches QoS users only through user-group.

Root Cause

UCL must be used globally and bound to a user group.

Solution

Correctly configure a UCL.
user-group <name>
#
aaa
domain pub_biz_aaa_d6a6b_1540
user-group <name>
#
acl number 6621
rule 5 permit ip source user-group <name> destination ip-address xx.xx.12.0 0.0.0.255 time-range PM
rule 10 permit ip source ip-address xx.xx.12.0 0.0.0.255 destination user-group <name> time-range PM
#
acl number 6622
rule 5 permit ip source user-group <name> destination ip-address any time-range PM
rule 10 permit ip destination ip-address user-group <name> time-range PM
#
#
traffic classifier Local-Cl-1 operator or
if-match acl 6621
traffic behavior Local-Be
car cir xx cbs xxxx green pass red discard
#
traffic classifier Internet-Cl-1 operator or
if-match acl 6622
traffic behavior Internet-Be
car cir yy cbs yyyy green pass red discard
#
#
traffic policy DoubleSpeed1540
share-mode
classifier Local-Cl-1 behavior Local-Be
classifier Internet-Cl-1 behavior Internet-Be
#
traffic-policy DoubleSpeed1540 inbound
traffic-policy DoubleSpeed1540 outbound
#

Suggestions

1. The differences between ACL and UCL are as follows:
(1) ACL cannot contain user-group, but UCL must contain user-group.

(2) ACL traffic-policy is used in the interface view, but URL traffic-policy is used in the global view.

(3) At Layer 3, the ACL number is below 3999, but the UCL number is above 6000.

2. The QoS configuration matches QoS users only through user-group.

END