评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置针对不同网段用户限速示例
配置思路
采用如下的思路配置针对不同网段用户限速:
- 创建VLAN,并配置各接口,使用户能够通过Switch访问网络。
- 在Switch上配置ACL分别匹配不同的网段。
- 在Switch上配置流分类匹配ACL规则。
- 在Switch上配置流行为,对来自不同楼层的用户报文进行限速。
- 在Switch上配置限速策略,绑定已配置的流行为和流分类,并应用到Switch与路由器连接的接口上。
操作步骤
- 创建VLAN并配置各接口
# 在Switch上创建VLAN 100、200。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 200
# 将接口GE1/0/1、GE2/0/1的接入类型分别配置为Trunk,并分别将接口GE1/0/1和GE2/0/1加入VLAN 100、VLAN 200。将接口GE3/0/1的接入类型配置为Trunk,并加入VLAN100和VLAN200。
[Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 2/0/1 [Switch-GigabitEthernet2/0/1] port link-type trunk [Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 200 [Switch-GigabitEthernet2/0/1] quit [Switch] interface gigabitethernet 3/0/1 [Switch-GigabitEthernet3/0/1] port link-type trunk [Switch-GigabitEthernet3/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet3/0/1] quit
- 配置ACL
# 配置ACL规则匹配不同的网段。
[Switch] acl 2000 [Switch-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255 [Switch-acl-basic-2000] quit [Switch] acl 2001 [Switch-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.255 [Switch-acl-basic-2001] quit
- 配置流分类
# 在Switch上创建流分类c1、c2,对来自不同楼层的用户进行分类。
[Switch] traffic classifier c1 operator and [Switch-classifier-c1] if-match acl 2000 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator and [Switch-classifier-c2] if-match acl 2001 [Switch-classifier-c2] quit
- 配置流量监管行为
# 在Switch上创建流行为b1、b2,对不同业务流进行流量监管。
[Switch] traffic behavior b1 [Switch-behavior-b1] car cir 4000 pir 10000 green pass [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] car cir 6000 pir 10000 green pass [Switch-behavior-b2] quit
- 配置流量监管策略并应用到接口上
# 在Switch上创建流策略p1,将流分类和对应的流行为进行绑定,并将流策略应用到接口GE3/0/1出方向上,对报文进行流量监管。
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] classifier c2 behavior b2 [Switch-trafficpolicy-p1] quit [Switch] interface gigabitethernet 3/0/1 [Switch-GigabitEthernet3/0/1] traffic-policy p1 outbound [Switch-GigabitEthernet3/0/1] quit
- 验证配置结果
# 查看流分类的配置信息。
[Switch] display traffic classifier user-defined User Defined Classifier Information: Classifier: c2 Precedence: 10 Operator: AND Rule(s) : if-match acl 2001 Classifier: c1 Precedence: 5 Operator: AND Rule(s) : if-match acl 2000 Total classifier number is 2# 查看流策略的配置信息。
[Switch] display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c1 Operator: AND Behavior: b1 Permit Committed Access Rate: CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard Classifier: c2 Operator: AND Behavior: b2 Permit Committed Access Rate: CIR 6000 (Kbps), PIR 10000 (Kbps), CBS 750000 (byte), PBS 1250000 (byte) Color Mode: color Blind Conform Action: pass Yellow Action: pass Exceed Action: discard
配置文件
Switch的配置文件
# sysname Switch # vlan batch 100 200 # acl number 2000 rule 5 permit source 192.168.1.0 0.0.0.255 acl number 2001 rule 5 permit source 192.168.2.0 0.0.0.255 # traffic classifier c1 operator and precedence 5 if-match acl 2000 traffic classifier c2 operator and precedence 10 if-match acl 2001 # traffic behavior b1 permit car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard traffic behavior b2 permit car cir 6000 pir 10000 cbs 750000 pbs 1250000 mode color-blind green pass yellow pass red discard # traffic policy p1 match-order config classifier c1 behavior b1 classifier c2 behavior b2 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 100 # interface GigabitEthernet2/0/1 port link-type trunk port trunk allow-pass vlan 200 # interface GigabitEthernet3/0/1 port link-type trunk port trunk allow-pass vlan 100 200 traffic-policy p1 outbound # return
