Page 1 H3C S9500 Series Routing Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-081655-20080530-C-2.03 Product Version: S9500-CMW520-R2132...
Page 2 Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Page 3: About This Manual
About This Manual Related Documentation In addition to this manual, each H3C S9500 Series Routing Switches documentation set includes the following: Manual Description It introduces the installation procedure, H3C S9500 Series Routing Switches commissioning, maintenance Installation Manual monitoring of the S9500 series routing switches.
Page 4 Part Contents includes IP Routing Overview, BGP Configuration, IS-IS Configuration, OSPF Configuration, Configuration, Routing Policy Configuration, Static 03 IP Routing Volume Routing Configuration, IPv6 BGP Configuration, IPv6 IS-IS Configuration, IPv6 OSPFv3 Configuration, IPv6 RIPng Configuration, IPv6 Static Routing Configuration. includes Multicast Overview, Multicast Routing and Forwarding Configuration, IGMP...
Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by { x | y | ...
Page 6 III. Symbols Convention Description Means reader be extremely careful. Improper operation Warning may cause bodily injury. Means reader be careful. Improper operation may cause Caution data loss or damage to equipment. Note Means a complementary description.
Page 7 Operation Manual H3C S9500 Series Routing Switches QoS ACL Volume Organization Manual Version T2-081655-20080530-C-2.03 Product Version S9500-CMW520-R2132 Organization The QoS ACL Volume is organized as follows: Features (operation Description manual) The volume describes: QoS overview Traffic classification and traffic shaping configuration...
Page 8: Table Of Contents
Operation Manual – QoS H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 QoS Overview ......................1-1 1.1 Introduction ........................1-1 1.2 Traditional Packets Forwarding Application ..............1-1 1.3 New Requirements Caused by New Applications ............. 1-1 1.4 Congestion: Causes, Impact, and Countermeasures............
Page 9 Operation Manual – QoS H3C S9500 Series Routing Switches Table of Contents 4.3.1 Configuration Procedure ..................4-4 4.3.2 Configuration Examples ..................4-4 Chapter 5 Priority Mapping ......................5-1 5.1 Priority Mapping Overview....................5-1 5.2 Configuring a Priority Mapping Table ................5-2 5.2.1 Configuration Prerequisites..................
Page 10 Operation Manual – QoS H3C S9500 Series Routing Switches Table of Contents 9.2.1 Mirroring Traffic to a Port ..................9-1 9.2.2 Mirroring Traffic to the CPU ..................9-2 9.3 Displaying and Maintaining Traffic Mirroring ..............9-3 9.4 Traffic Mirroring Configuration Examples ................9-3 Chapter 10 EACL Configuration ....................
Page 11: Chapter 1 Qos Overview
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Overview Chapter 1 QoS Overview When configuring QoS, go to these sections for information you are interested in: Introduction Traditional Packets Forwarding Application New Requirements Caused by New Applications...
Page 12: Congestion: Causes, Impact, And Countermeasures
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Overview Apart from traditional applications of WWW, E-mail and FTP, network users try to expand some new applications, such as tele-education, telemedicine, video telephone, videoconference and Video-on-Demand (VoD), on the Internet. And the enterprise...
Page 13: Impact
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Overview When traffic arrives at wire speed, congestion may occur for network resource bottleneck. Besides the bottleneck of link bandwidth, congestion will also be caused by resources deficiency in normal packet forwarding, such as the deficiency of assignable processor time, buffer and memory.
Page 14 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Overview Traffic policing: polices the specification of particular traffics entering the switch. When the traffics exceed the specification, then some restriction or punishment measures can be taken to protect the commercial benefits of carriers and to prevent network resources from being damaged.
Page 15: Chapter 2 Traffic Classification And Traffic Shaping Configuration
Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration Chapter 2 Traffic Classification and Traffic Shaping Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in:...
Page 16: Priority
Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration 2.1.2 Priority Several priorities are described as follows: Figure 2-1 DS field and ToS byte As shown in Figure 2-1, the ToS byte of IP header contains 8 bits: the first three bits (0 to 2) indicates IP precedence, valued in the range 0 to 7;...
Page 17 Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration Figure 2-2 Measuring the traffic with a token bucket II. Measuring the traffic with Token Bucket Whether or not the token quantity of the Token Bucket can satisfy the packets forwarding is the basis for Token Bucket to measure the traffic specification.
Page 18 Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration PIR (Peak information rate) EBS (Excess burst size) It uses two token buckets, with the token-putting rate of every bucket set as CIR and PIR and the capability of every bucket set as CBS and EBS (CBS <...
Page 19: Traffic Shaping Configuration
Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration Figure 2-3 Traffic shaping diagram For example, Switch A sends packets to Switch B. Switch B implements traffic policing on those packets, and directly drops exceeding traffic.
Page 20 Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration I. Configuring queue-based traffic shaping Follow these steps to configure queue-based traffic shaping: To do… Use the command… Remarks — Enter system view...
Page 21 Operation Manual – QoS Chapter 2 Traffic Classification and Traffic H3C S9500 Series Routing Switches Shaping Configuration II. Configuring traffic shaping applicable to all traffics Follow these steps to configure traffic shaping applicable to all traffics: To do… Use the command…...
Page 22: Chapter 3 Qos Policy Configuration
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Chapter 3 QoS Policy Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: QoS Policy Overview QoS Policy Configuration Procedure...
Page 23: Configuring Qos Policy
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Apply the QoS policy. 3.3 Configuring QoS Policy 3.3.1 Configuration Prerequisites The class name and rules of the class are defined in a policy. The traffic behavior name and actions in the traffic behavior are defined, The policy name is defined.
Page 24: Defining A Traffic Behavior
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Configuration procedure # Enter system view. <Sysname> system-view # Define a class and enter class view. [Sysname] traffic classifier test # Configure the classification rule. [Sysname-classifier-test] if-match destination-mac 0050-ba27-bed3 [Sysname-classifier-test] 3.3.3 Defining a Traffic Behavior...
Page 25 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration To do... Use the command... Remarks Configure the traffic accounting accounting action car cir committed-information-rate Configure the traffic [ cbs committed-burst-size [ ebs policing action excess-burst-size ] ] [ pir...
Page 26 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration To do... Use the command... Remarks Optional Display traffic behavior display traffic behavior Available in any information user-defined [ behavior-name ] view Note that: For the description on the default values of CIR, CBS, EBS, and PIR, refer to the related part in QoS Commands.
Page 27: Defining A Policy
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration On all the boards, the 802.1p precedence marking action, the local precedence marking action, and the drop precedence marking action cannot be configured with the action of obtaining other precedence values through an uncolored priority mapping table at the same time.
Page 28: Applying A Policy
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration In a policy, multiple class-to-traffic-behavior mappings are configured, and these mapping are executed according to the order they are configured. Follow these steps to specify the traffic behavior for a class in the policy: To do...
Page 29 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Follow these steps to apply a policy to the interface: To do... Use the command... Remarks Enter system view system-view — Enter Use either the command...
Page 30: Implementing Qos In An Mpls Network
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Note: If a QoS policy is applied on the outbound direction of an interface, the QoS policy is not valid on a local packet (The following are the definition and functions of a local packet: some internal packets are the important protocol packets to maintain the normal operation of a device.
Page 31: Mapping Dot1P To Exp In L2Vpn
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration For L2VPN running on MPLS TE tunnels, 802.1p precedence, local precedence, and drop precedence are fixed to 0, 5, and 0. You cannot modify them through configuring policies.
Page 32 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration DSCP precedence marking The following table presents how an ingress PE makes DSCP precedence marking decisions for received packets: If packets are received Marking DSCP? Remarks from…...
Page 33 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Label operation Marking EXP? Remarks The P device marks the EXP in the outer label according to the adopted mapping. Swap When the remark dscp dscp-value command is configured, the EXP is the low-order three bits in dscp-value.
Page 34 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration Label operation Marking 802.1p? Remarks The P device marks the 802.1p precedence in the VLAN tag Swap depending on the adopted mapping action. The P device marks the 802.1p...
Page 35: Displaying And Maintaining Qos Policies
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 QoS Policy Configuration 802.1p precedence marking The following table presents how the egress PE makes 802.1p precedence marking decisions for received packets: If the packets are Marking 802.1p? Remarks intended for…...
Page 36: Chapter 4 Hardware-Based Congestion Management Configuration
Operation Manual – QoS Chapter 4 Hardware-based Congestion H3C S9500 Series Routing Switches Management Configuration Chapter 4 Hardware-based Congestion Management Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Congestion Management Overview...
Page 37: Wrr Queuing
Operation Manual – QoS Chapter 4 Hardware-based Congestion H3C S9500 Series Routing Switches Management Configuration disadvantage of SP mode 2 is that the bus bandwidth of the external memory is decreased. Note: Currently, only SP mode 0 (that is, SP queue scheduling algorithm) is available on the S9500 series.
Page 38: Configuring Sp Queues
Operation Manual – QoS Chapter 4 Hardware-based Congestion H3C S9500 Series Routing Switches Management Configuration 4.2 Configuring SP Queues 4.2.1 Configuration Procedure Follow these steps to configure SP queues: To do... Use the command... Remarks — Enter system view system-view...
Page 39: Configuration Examples
Operation Manual – QoS Chapter 4 Hardware-based Congestion H3C S9500 Series Routing Switches Management Configuration 4.3.1 Configuration Procedure I. Group-based WRR queue configuration task list Follow these steps to configure group-based WRR queues: To do... Use the command... Remarks —...
Page 40 Operation Manual – QoS Chapter 4 Hardware-based Congestion H3C S9500 Series Routing Switches Management Configuration <Sysname> system-view # Configure WRR queues on Ethernet 1/1/1. [Sysname] interface ethernet 1/1/1 [Sysname-Ethernet1/1/1] qos wrr [Sysname-Ethernet1/1/1] qos wrr 1 group 1 weight 1 [Sysname-Ethernet1/1/1] qos wrr 3 group 1 weight 5...
Page 41: Chapter 5 Priority Mapping
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping Chapter 5 Priority Mapping When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Priority Mapping Overview Configuring a Priority Mapping Table...
Page 42: Configuring A Priority Mapping Table
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping dot1p-dp: 802.1p-to-drop-precedence mapping table. dot1p-lp: 802.1p-to-local-precedence mapping table. dot1p-rpr: 802.1p-to-RPR-precedence mapping table. dscp-dot1p: DSCP-to-802.1p-precedence mapping table. dscp-dp: DSCP-to-drop-precedence mapping table. dscp-dscp: DSCP-to-DSCP mapping table. dscp-exp: DSCP-to-EXP-precedence mapping table.
Page 43: Configuration Prerequisites
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping Follow these steps to configure a priority mapping table: Enter priority mapping table view; Configure mapping table parameters. 5.2.1 Configuration Prerequisites New priority mapping relationship is determined.
Page 44: Configuration Examples
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping 5.2.3 Configuration Examples I. Uncolored mapping table configuration example Network requirements Modify the 802.1p-precedence-to-local-precedence mapping table as follows: Table 5-1 The specified 802.1p-precedence-to-local-precedence mapping table 802. 1p precedence...
Page 45: Configuring Port Priority
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping Green + EXP Local precedence Configuration procedure # Enter system view. <Sysname> system-view # Enter the view of the exp-lp mapping table for green packets. [Sysname] qos map-table color green exp-lp # Modify mapping entries.
Page 46: Configuration Procedure
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping 5.3.2 Configuration Procedure Follow these steps to configure port priority: To do... Use the command... Remarks — Enter system view system-view Enter Use either the command Enter...
Page 47: Configuring To Trust Packet Priority
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping II. Network diagram Figure 5-2 Network diagram for priority trust mode configuration III. Configuration procedure # Enter system view. <Sysname> system-view # Configure port priority for Ethernet 1/1/1.
Page 48: Configuration Examples
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping 5.4.1 Configuration Procedure Follow these steps to configure to trust packet priority: To do... Use the command... Remarks — Enter system view system-view Enter Use either the command...
Page 49 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping II. Network diagram Figure 5-3 Network diagram for priority trust mode configuration III. Configuration procedure # Enter system view <Sysname> system-view # Enter 802.1p-precedence-to-local-precedence mapping table view to modify the mapping table parameters.
Page 50 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 Priority Mapping [Sysname] interface ethernet 1/1/4 [Sysname-Ethernet1/1/4] qos trust dot1p 5-10...
Page 51: Chapter 6 Congestion Avoidance
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance Chapter 6 Congestion Avoidance When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Congestion Avoidance Overview Configuring WRED Displaying and Maintaining WRED WRED Configuration Examples 6.1 Congestion Avoidance Overview...
Page 52 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance When the queue length exceeds the maximum threshold, all the incoming packets are dropped. When the queue length is between the maximum threshold and the minimum threshold, the packets are dropped randomly. The longer the queue is, the higher the drop probability is, but a maximum drop probability exists.
Page 53: Configuring Wred
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance Figure 6-1 Relationship between WRED and queuing mechanisms Through associating WRED with WFQ, the flow-based WRED can be realized. Because different flow has its own queue during packet classification, the flow with small traffic always has a small queue length, so the packet drop probability is low.
Page 54: Configuration Procedure
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance The denominator used for calculating the drop probability: this argument functions as the denominator when the drop probability is calculated. The bigger the denominator is, the smaller the calculated drop probability is.
Page 55: Displaying And Maintaining Wred
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance Note: POS interfaces do not support WRED configuration. In the above table, when the exponent for calculating average queue length and other parameters for the WRED table are configured, the outgoing ports of XP4CA, XP4B, XP4DB, GV48D, and GP48D boards support four queues, that is, the queue-value argument is in the range of 0 to 3;...
Page 56 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 Congestion Avoidance [Sysname-Ethernet1/1/1] qos wred apply queue-table1...
Page 57: Chapter 7 Aggregation Car Configuration
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 7 Aggregation CAR Configuration Chapter 7 Aggregation CAR Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Aggregation CAR Overview Referencing Aggregation CAR in Traffic Behaviors 7.1 Aggregation CAR Overview...
Page 58: Configuration Examples
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 7 Aggregation CAR Configuration Note: For the description on the default value of CBS, refer to the related part in QoS Commands. For an aggregation CAR action referenced by a traffic behavior to take effect, you need to bind the traffic behavior to a class in a policy, and apply the policy to the specified interface.
Page 59: Chapter 8 Vlan Policy Configuration
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 VLAN Policy Configuration Chapter 8 VLAN Policy Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: VLAN Policy Overview Configuring a VLAN Policy...
Page 60: Configuring A Vlan Policy
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 VLAN Policy Configuration 8.2 Configuring a VLAN Policy 8.2.1 Configuration Prerequisites Configure a VLAN policy. Refer to Configuring QoS Policy for details. Apply the VLAN policy to the specified VLAN(s).
Page 61: Configuration Procedure
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 VLAN Policy Configuration Apply the VLAN policy to the inbound direction of VLAN 200, VLAN 300, VLAN 400, VLAN 500, VLAN 600, VLAN 700, and VLAN 800. 8.4.2 Configuration Procedure <Sysname>...
Page 62: Chapter 9 Traffic Mirroring Configuration
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 9 Traffic Mirroring Configuration Chapter 9 Traffic Mirroring Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Traffic Mirroring Overview Configuring Traffic Mirroring...
Page 63: Mirroring Traffic To The Cpu
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 9 Traffic Mirroring Configuration To do... Use the command... Remarks — Enter system view system-view — Enter traffic behavior view traffic behavior behavior-name Configure the destination mirror-to interface Required port for traffic mirroring...
Page 64: Displaying And Maintaining Traffic Mirroring
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 9 Traffic Mirroring Configuration 9.3 Displaying and Maintaining Traffic Mirroring Follow these steps to display and maintain traffic mirroring: To do... Use the command... Remarks Display information about display traffic behavior...
Page 65 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 9 Traffic Mirroring Configuration [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit # Configure a traffic behavior with the action of mirroring traffic to Ethernet 1/1/1. [Sysname] traffic behavior 1 [Sysname-behavior-1] mirror-to interface ethernet 1/1/1 [Sysname-behavior-1] quit # Configure a QoS policy and associate traffic behavior 1 with classifier 1.
Page 66: Chapter 10 Eacl Configuration
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration Chapter 10 EACL Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: EACL Overview EACL Configuration Task List...
Page 67 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration accesses the internal network. If the internal network does not access the external network, the external network cannot initiate access to the internal network. Follow these steps to configure a reflexive ACL policy: To do...
Page 68: Configuring Bt Traffic Limiting
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration To do... Use the command... Remarks Required Permitting the Configure the traffic filter permit conformance traffic is the filtering action only filtering action you can configure here.
Page 69 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration To do... Use the command... Remarks Create a VLAN interface interface vlan-interface and enter VLAN interface Required vlan-interface-id view Exit to system view quit — Create an advanced ACL acl number acl-number —...
Page 70: Configuring A Qos Policy
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration To do... Use the command... Remarks Associate the traffic classifier tcl-name behavior with the class in Required behavior behavior-name the policy — Exit to system view quit...
Page 71 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration To do… Use the command… Remarks Create a traffic behavior traffic behavior and enter traffic behavior — behavior-name view Required Only one action can be Configure the action of...
Page 72: Eacl Configuration Examples
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration 10.3 EACL Configuration Examples 10.3.1 Reflexive ACL Configuration Examples I. Network requirements Through configuring reflexive ACL, achieve the aim that the external network can access the internal network only after the internal network accesses the external network.
Page 73: Bt Traffic Limiting Configuration Examples
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration [Sysname-classifier-1] quit [Sysname] traffic behavior 1 [Sysname-behavior-1] filter permit [Sysname-behavior-1] quit [Sysname] qos policy 1 [Sysname-qospolicy-1] classifier 1 behavior 1 [Sysname-qospolicy-1] quit [Sysname] interface eacl 8/0/1.1 [Sysname-EACL8/0/1.1] qos apply policy 1 outbound [Sysname-EACL8/0/1.1] qos binding interface vlan-interface 3...
Page 74 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration II. Network diagram Figure 10-2 Network diagram for BT traffic limiting III. Configuration procedure # Enter system view and create the VLAN and VLAN interface. <Sysname> system-view...
Page 75: Troubleshooting Eacl
Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 10 EACL Configuration [Sysname-acl-basic-2000] rule permit [Sysname-acl-basic-2000] quit [Sysname] traffic classifier 2 [Sysname-classifier-2] if-match acl 2000 [Sysname-classifier-2] quit [Sysname] traffic behavior 2 [Sysname-behavior-2] redirect interface eacl 8/0/1 [Sysname-behavior-2] quit [Sysname] qos policy 2...
Page 76: Chapter 11 Outbound Traffic Accounting Configuration
Operation Manual – QoS Chapter 11 Outbound Traffic Accounting H3C S9500 Series Routing Switches Configuration Chapter 11 Outbound Traffic Accounting Configuration When configuring traffic classification and traffic shaping, go to these sections for information you are interested in: Outbound Traffic Accounting Overview...
Page 77: Displaying And Maintaining Outbound Traffic Accounting
Operation Manual – QoS Chapter 11 Outbound Traffic Accounting H3C S9500 Series Routing Switches Configuration 11.3 Displaying and Maintaining Outbound Traffic Accounting Follow these steps to display and maintain outbound traffic accounting: To do… Use the command… Remarks display qos...
Page 78 Operation Manual – ACL H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 ACL Overview ......................1-1 1.1 IPv4 ACL..........................1-1 1.1.1 IPv4 ACL Classification................... 1-1 1.1.2 IPv4 ACL Match Order .................... 1-2 1.1.3 IPv4 ACL Step......................1-3 1.1.4 Effective Period of an IPv4 ACL................
Page 79 Operation Manual – ACL H3C S9500 Series Routing Switches Table of Contents 3.2 Configuring a Basic IPv6 ACL ................... 3-1 3.2.1 Configuration Prerequisites..................3-1 3.2.2 Configuration Procedure ..................3-1 3.2.3 Configuration Example.................... 3-2 3.3 Configuring an Advanced IPv6 ACL .................. 3-3 3.3.1 Configuration Prerequisites..................
Page 80: Chapter 1 Acl Overview
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview Chapter 1 ACL Overview Note: Unless otherwise stated, ACLs refer to both IPv4 ACLs and IPv6 ACLs throughout this document. As network scale and network traffic are increasingly growing, network security and bandwidth allocation become more and more critical to network management.
Page 81: Ipv4 Acl Match Order
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview Ethernet frame header ACL, based on Layer 2 protocol header fields such as source MAC address, destination MAC address, 802.1p priority, and data link layer protocol type. Ethernet frame header ACLs are numbered 4000 through 4999.
Page 82: Ipv4 Acl Step
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview compare packets against the rule configured with more zeros in the destination IP address wildcard prior to the other. If the numbers of zeros in the destination IP address wildcards are the same, compare packets against the rule configured with a lower Layer 4 port number prior to the other.
Page 83: Effective Period Of An Ipv4 Acl
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview II. Benefits of using the step With the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers when defining them. The system will assign a newly defined rule a number that is the smallest multiple of the step bigger than the currently biggest number.
Page 84: Ipv6 Acl Classification
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview Effective Period of an IPv4 ACL 1.2.1 IPv6 ACL Classification IPv6 ACLs, identified by ACL numbers, fall into the following three categories: Basic IPv6 ACL, based on source IPv6 address. Basic IPv6 ACLs are numbered 2000 through 2999.
Page 85: Ipv6 Acl Step
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 1 ACL Overview If the prefix lengths in the destination IPv6 address wildcards are the same, look at the Layer 4 port number (TCP/UDP port number). Then compare packets against the rule configured with the lower port number prior to the other.
Page 86: Chapter 2 Ipv4 Acl Configuration
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration Chapter 2 IPv4 ACL Configuration When configuring an IPv4 ACL, go to these sections for information you are interested Creating a Time Range Configuring a Basic IPv4 ACL...
Page 87: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration may use the time-range test from 00:00 01/01/2004 to 23:59 12/31/2004 command. Compound time range created using the time-range time-name start-time to end-time days { from time1 date1 [ to time2 date2 ] | to time2 date2 } command. A time range thus created recurs on the day or days of the week only within the specified period.
Page 88: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration To do… Use the command… Remarks rule [ rule-id ] { deny | permit } [ fragment | logging | source Required { sour-addr sour-wildcard |...
Page 89: Configuring An Advanced Ipv4 Acl
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration # Verify the configuration. [Sysname-acl-basic-2000] display acl 2000 Basic ACL 2000, 1 rule, ACL's step is 5 rule 0 deny source 1.1.1.1 0 (5 times matched) 2.3 Configuring an Advanced IPv4 ACL...
Page 90: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration To do… Use the command… Remarks Optional Set a rule step step-value numbering step The default step is 5. Optional An advanced IPv4 Create an IPv4...
Page 91: Configuring An Ethernet Frame Header Acl
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration [Sysname-acl-adv-3000] display acl 3000 Advanced ACL 3000, 1 rule, ACL's step is 5 rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.2.255 destination-port eq www (5 times matched) 2.4 Configuring an Ethernet Frame Header ACL...
Page 92: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration Note that: You will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL rules.
Page 93: Configuration Prerequisites
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration 2.5.1 Configuration Prerequisites If you want to reference a time range to a rule, define it with the time-range command first. 2.5.2 Configuration Procedure Follow these steps to configure a user-defined IPv4 ACL: To do…...
Page 94: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration 2.5.3 Configuration Example # Configure user-defined ACL 5500, permitting any packet whose 13th and 14th bytes starting from the Layer 2 header are 0x0806 (that is, ARP packets) in time range t1.
Page 95 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration II. Network Diagram Figure 2-1 Network diagram for ACL configuration III. Configuration Procedure Create a time range for office hours # Create a periodic time range spanning 8:00 to 18:00 in working days.
Page 96 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 2 IPv4 ACL Configuration [Sysname-classifier-test_permit] quit [Sysname] traffic behavior test_permit [Sysname-behavior-test_permit] filter permit [Sysname-behavior-test_permit] quit [Sysname] traffic classifier test_deny [Sysname-classifier-test_deny] if-match acl 3001 [Sysname-classifier-test_deny] quit [Sysname] traffic behavior test_deny [Sysname-behavior-test_deny] filter deny [Sysname-behavior-test_deny] quit # Configure a QoS policy.
Page 97: Chapter 3 Ipv6 Acl Configuration
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration Chapter 3 IPv6 ACL Configuration When configuring IPv6 ACLs, go to these sections for information you are interested in: Creating a Time Range Configuring a Basic IPv6 ACL...
Page 98: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Remarks Optional Create an IPv6 ACL description text A basic IPv6 ACL has no description description by default. Optional Create a rule description...
Page 99: Configuring An Advanced Ipv6 Acl
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration 3.3 Configuring an Advanced IPv6 ACL Advanced ACLs filter packets based on the source IPv6 address, destination IPv6 address, protocol carried on IPv6, and other protocol header fields such as the TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP message code.
Page 100: Configuration Example
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Remarks Optional Create a rule description rule rule-id comment text A rule has no description by default. Note that: You will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule.
Page 101: Displaying And Maintaining Ipv6 Acls
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration 3.4 Displaying and Maintaining IPv6 ACLs To do… Use the command… Remarks Display information about display acl ipv6 a specified or all IPv6 { acl6-number | all | name...
Page 102 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 3 IPv6 ACL Configuration # Configure a traffic classification rule and a traffic behavior, denying the packets with any source IP addresses. [Sysname] traffic classifier c_deny [Sysname-classifier-c_deny] if-match acl ipv6 2001...
Page 103: Chapter 4 Flow Template Configuration
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 4 Flow Template Configuration Chapter 4 Flow Template Configuration This chapter covers these topics: Configuring a Flow Template Displaying and Maintaining Flow Templates Flow Template Configuration Example 4.1 Configuring a Flow Template Follow these steps to create a flow template and apply it to an interface: To do…...
Page 104 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 4 Flow Template Configuration Caution: When one of the following situations occurs, you cannot configure user-defined flow templates on interfaces: B-type and C-type boards have IPv6 unicast and mix-insertion enabled on the virtual interfaces of VLANs.
Page 105 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 4 Flow Template Configuration Table 4-1 Description on the size of every field Field Length in bytes Remarks Usually 8 bytes (4 bytes when the customer-vlan-id 4 or 8 ethernet-protocol field is configured) —...
Page 106: Displaying And Maintaining Flow Templates
Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 4 Flow Template Configuration Field Length in bytes Remarks 2 bytes for B-type or C-type boards; service-vlan-id 0 or 2 0 bytes for D-type boards — 0 bytes in a flow template sipv6 In fact, the field is 16-byte long.
Page 107 Operation Manual – ACL H3C S9500 Series Routing Switches Chapter 4 Flow Template Configuration [Sysname-Ethernet3/1/1] quit # Display information about flow template aaa. [Sysname] display flow-template user-defined aaa user-defined flow template: basic name:aaa, index:1, total reference counts:1 fields: customer-vlan-id # Display information about all user-defined flow templates.

H3C S9500 Operation Manual

Table of Contents

Chapter 1 Qos Overview

Chapter 2 Traffic Classification and Traffic Shaping Configuration

Chapter 3 Qos Policy Configuration

Chapter 4 Hardware-Based Congestion Management Configuration

Chapter 5 Priority Mapping

Chapter 6 Congestion Avoidance

Chapter 7 Aggregation CAR Configuration

Chapter 8 VLAN Policy Configuration

Chapter 9 Traffic Mirroring Configuration

Chapter 10 EACL Configuration

Chapter 11 Outbound Traffic Accounting Configuration

Table of Contents

Quick Links

Chapters

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C H3C S9500

Summary of Contents for H3C H3C S9500

Table of Contents