


配置基于ACL的流量监管
操作步骤
- 在全局或VLAN上配置流量监管
- 执行命令system-view,进入系统视图。
- 请根据实际需要选择进行如下配置:
执行命令traffic-limit [ vlan vlan-id ] inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ],对匹配单个ACL规则的入方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ],对匹配单个ACL规则的出方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的入方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的入方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的入方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的出方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的出方向的报文进行流量监管。
执行命令traffic-limit [ vlan vlan-id ] outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层和三层ACL的出方向的报文进行流量监管。
报文的颜色可以在流量监管中定义:
- 报文的突发尺寸 < cbs-value时,报文被标记为绿色;
- cbs-value ≤ 报文的突发尺寸 < pbs-value时,报文被标记为黄色;
- 报文的突发尺寸 ≥ pbs-value时,报文被标记为红色。
缺省情况下,绿色、黄色报文被允许通过,红色报文被丢弃。
- 在接口上配置流量监管
- 执行命令system-view,进入系统视图。
- 执行命令interface interface-type interface-number,进入接口视图。
- 请根据实际需要选择进行如下配置:
执行命令traffic-limit inbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl | user-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ] ],对匹配单个ACL规则的入方向的报文进行流量监管。
执行命令traffic-limit outbound acl { [ ipv6 ] { bas-acl | adv-acl | name acl-name } | l2-acl } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] ],对匹配单个ACL规则的出方向的报文进行流量监管。
执行命令traffic-limit inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的入方向的报文进行流量监管。
执行命令traffic-limit inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的入方向的报文进行流量监管。
执行命令traffic-limit inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的入方向的报文进行流量监管。
执行命令traffic-limit outbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的出方向的报文进行流量监管。
执行命令traffic-limit outbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的出方向的报文进行流量监管。
执行命令traffic-limit outbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] cir cir-value [ pir pir-value ] [ cbs cbs-value pbs pbs-value ] [ green { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ yellow { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ] [ red { drop | pass [ remark-8021p 8021p-value | remark-dscp dscp-value ] } ],对同时匹配二层ACL和三层ACL规则的出方向的报文进行流量监管。
报文的颜色可以在流量监管中定义:
- 报文的突发尺寸 < cbs-value时,报文被标记为绿色;
- cbs-value ≤ 报文的突发尺寸 < pbs-value时,报文被标记为黄色;
- 报文的突发尺寸 ≥ pbs-value时,报文被标记为红色。
缺省情况下,绿色、黄色报文被允许通过,红色报文被丢弃。