HPE FlexNetwork 5510 HI Series Security Configuration Manual page 469

Figure 137 Network diagram
User A
Domain: user
Configuration procedure
1. Configure a QoS policy to control the access time for User A:
# Create periodic time range for_usera, setting it to be active from 8:30 to 12:00 daily.
[Switch] time-range for_usera 8:30 to 12:00 daily
# Configure IPv4 basic ACL 2000 to identify packets in time range for_usera.
[Switch] acl number 2000
[Switch-acl-basic-2000] rule permit time-range for_usera
[Switch-acl-basic-2000] quit
# Create traffic class for_usera, and define a match criterion to match ACL 2000.
[Switch] traffic classifier for_usera
[Switch-classifier-for_usera] if-match acl 2000
[Switch-classifier-for_usera] quit
# Create traffic behavior for_usera, and configure a traffic filtering action as deny.
[Switch] traffic behavior for_usera
[Switch-behavior-for_usera] filter deny
[Switch-behavior-for_usera] quit
# Create QoS policy for_usera, and associate traffic class for_usera with traffic behavior
for_usera.
[Switch] qos policy for_usera
[Switch-qospolicy-for_usera] classifier for_usera behavior for_usera
[Switch-qospolicy-for_usera] quit
2. Configure a user profile for User A, and apply the QoS policy:
# Create user profile usera.
[Switch] user-profile usera
# Apply the QoS policy to the incoming traffic of the switch.
[Switch-user-profile-usera] qos apply policy for_usera inbound
[Switch-user-profile-usera] quit
3. Configure a QoS policy to limit the outgoing traffic rate of User B:
# Create traffic class class, and define a match criterion to match all packets.
[Switch] traffic classifier class
[Switch-classifier-class] if-match any
[Switch-classifier-class] quit
User B
User C
GE1/0/1
Switch
456
Internet