Huawei Quidway S2700 Series Configuration Manual page 181

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
Data Preparation
To complete the configuration, you need the following data:
l
l
l
l
Procedure
Step 1 Configure the traffic classifier that is based on the ACL rules.
# Define the ACL rules.
[Quidway] acl 2000
[Quidway-acl-basic-2000] rule permit source 10.0.0.2 0.0.0.255
[Quidway-acl-basic-2000] quit
# Configure the traffic classifier and define the ACL rules.
[Quidway] traffic classifier tc1
[Quidway-classifier-tc1] if-match acl 2000
[Quidway-classifier-tc1] quit
Step 2 Configure the traffic behavior.
[Quidway] traffic behavior tb1
[Quidway-behavior-tb1] deny
[Quidway-behavior-tb1] quit
Step 3 Configure the traffic policy.
# Define the traffic policy and associate the traffic classifier and traffic behavior with the traffic
policy.
[Quidway] traffic policy tp1
[Quidway-trafficpolicy-tp1] classifier tc1 behavior tb1
[Quidway-trafficpolicy-tp1] quit
# Apply the traffic policy to GE 0/0/1.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] traffic-policy tp1 inbound
[Quidway-GigabitEthernet0/0/1] quit
Step 4 Verify the configuration.
# Check the configuration of the ACL rules.
<Quidway> display acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 5 permit source 10.0.0.0 0.0.0.255
# Check the configuration of the traffic classifier.
<Quidway> display traffic classifier user-defined
User Defined Classifier Information:
# Check the configuration of the traffic policy.
Issue 01 (2011-07-15)
ACL number
IP address of user A
Names of traffic classifier, traffic behavior, and traffic policy
Interface where the traffic policy is applied
Classifier: tc1
Operator: AND
Rule(s) : if-match acl 2000
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 ACL Configuration
170