Enabling Qos Pre-Classify - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (132 pages)
Table of Contents
Advertisement
If the source interface bound to an IPsec policy is removed, the IPsec policy becomes a common
•
IPsec policy.
If no local address is specified for an IPsec policy that has been bound to a source interface, the
•
IPsec policy uses the IP address of the bound source interface to perform IKE negotiation. If a local
address is specified, the IPsec policy uses the local address to perform IKE negotiation.
To bind a source interface to an IPsec policy:
Step
1.
Enter system view.
2.
Bind a source interface to an
IPsec policy.
Enabling QoS pre-classify
CAUTION:
If you configure both IPsec and QoS on an interface, make sure the IPsec traffic classification rules match
the QoS traffic classification rules. If the rules do not match, QoS might classify the packets of one IPsec SA
to different queues, causing packets to be sent out of order. When IPsec anti-replay is enabled, IPsec will
drop the incoming packets that are out of the anti-replay window, resulting in packet loss.
If you apply both an IPsec policy and a QoS policy to an interface, QoS classifies packets by using the
new headers added by IPsec. If you want QoS to classify packets by using the headers of the original IP
packets, enable the QoS pre-classify feature.
IPsec traffic classification rules are determined by the referenced ACL rules. For information about QoS
policy and QoS traffic classification rules, see ACL and QoS Configuration Guide.
To enable the QoS pre-classify feature:
Step
1.
Enter system view.
2.
Enter IPsec policy view or
IPsec policy template view.
3.
Enable QoS pre-classify.
Command
system-view
ipsec { ipv6-policy | policy }
policy-name local-address
interface-type interface-number
Command
system-view
•
To enter IPsec policy view:
ipsec { policy | ipv6-policy }
policy-name seq-number
[ isakmp | manual ]
•
To enter IPsec policy template
view:
ipsec { policy-template |
ipv6-policy-template }
template-name seq-number
qos pre-classify
267
Remarks
N/A
By default, no source interface is
bound to an IPsec policy.
Remarks
N/A
N/A
By default, QoS pre-classify is
disabled.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
