H3C S9500 Series Operating Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S9500 Series
  6. Operating manual
H3C S9500 Series Operating Manual

H3C S9500 Series Operating Manual

Routing switches
Hide thumbs Also See for S9500 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Command Manual, Operating Manual
Operation Manual - QoS
H3C S9500 Series Routing Switches
Chapter 1 QoS Configuration....................................................................................................... 1-1
1.1 QoS Overview.................................................................................................................... 1-1
1.1.1 Introduction.............................................................................................................. 1-1
1.1.2 Terminology............................................................................................................. 1-1
1.2 QoS Configuration Task List.............................................................................................. 1-5
1.2.1 Configuring Service Parameter Allocation Rule...................................................... 1-7
1.2.2 Configuring Traffic Policing ..................................................................................... 1-9
1.2.3 Configuring Traffic Shaping................................................................................... 1-12
1.2.4 Configuring Traffic Priority..................................................................................... 1-13
1.2.5 Configuring Traffic Redirecting.............................................................................. 1-15
1.2.6 Configuring Queue Scheduling ............................................................................. 1-17
1.2.7 Configuring WRED Parameters ............................................................................ 1-18
1.2.8 Configuring Traffic Mirroring.................................................................................. 1-20
1.2.9 Configuring Port Mirroring ..................................................................................... 1-22
1.2.10 Configuring Traffic Accounting ............................................................................ 1-23
1.3 Displaying and Debugging QoS Configuration ................................................................ 1-24
1.4 QoS Configuration Examples .......................................................................................... 1-26
1.4.1 Traffic Policing Configuration Example ................................................................. 1-26
1.4.2 Traffic Shaping Configuration Example ................................................................ 1-27
1.4.3 Port Mirroring Configuration Example ................................................................... 1-27
1.4.4 Traffic Priority Marking Configuration Example..................................................... 1-28
1.4.5 Traffic Redirecting Configuration Example (I) ....................................................... 1-29
1.4.6 Traffic Redirecting Configuration Example (II) ...................................................... 1-30
1.4.7 Queue Scheduling Configuration Example ........................................................... 1-32
1.4.8 WRED Parameters Configuration Example .......................................................... 1-34
1.4.9 Traffic Accounting Configuration Example............................................................ 1-35
Chapter 2 Port Tokens Configuration ......................................................................................... 2-1
2.1 Overview ............................................................................................................................ 2-1
2.2 Port Tokens Configuration ................................................................................................. 2-1
2.2.1 Configuration Prerequisites..................................................................................... 2-1
2.2.2 Configuring the Number of Tokens for Port or Port Queue .................................... 2-2
2.3 Port Tokens Configuration Example .................................................................................. 2-2
Chapter 3 WAN-QoS Configuration ............................................................................................. 3-1
3.1 Overview ............................................................................................................................ 3-1
3.2 Configuring WAN-QoS....................................................................................................... 3-1
3.3 WAN-QoS Configuration Example..................................................................................... 3-2

Table of Contents

i
Table of Contents

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S9500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S9500 Series

Summary of Contents for H3C S9500 Series

  • Page 1: Table Of Contents

    Operation Manual – QoS H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 QoS Overview........................1-1 1.1.1 Introduction......................1-1 1.1.2 Terminology......................1-1 1.2 QoS Configuration Task List....................1-5 1.2.1 Configuring Service Parameter Allocation Rule............1-7 1.2.2 Configuring Traffic Policing ..................
  • Page 2 Operation Manual – QoS H3C S9500 Series Routing Switches Table of Contents Chapter 4 Logon User ACL Control Configuration..............4-1 4.1 Logon User ACL Control Overview..................4-1 4.2 Configuring ACL for Telnet/SSH Users ................4-1 4.2.1 Configuration Prerequisites..................4-1 4.2.2 Configuration Tasks ....................4-2 4.3 Layer 2 ACL Control Configuration Example..............

  • Page 3: Chapter 1 Qos Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration Chapter 1 QoS Configuration When configuring QoS, go to these sections for information you are interested in: QoS Overview QoS Configuration Task List Displaying and Debugging QoS Configuration QoS Configuration Examples 1.1 QoS Overview...
  • Page 4 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration address, IP protocol, source address, destination address and port ID. Classification rule often is limited to the information encapsulated at the packet header, rarely using packet contents.
  • Page 5 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration field. The first six bits denote DSCP (differentiated services codepoint) priority, in the range of 0 to 63, and the latter two bits are reserved. EXP priority, a number ranging from 0 to 7 which is obtained by a mapping of the first three bits (bit 0 to 2) of DSCP priority, lies in MPLS (multiprotocol label switching) header.
  • Page 6 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration High priority Queue 7 Packets sent via this interface Packets sent Queue 6 Queue 5~2 dequeue Sending Classify queue Queue 1 Low priority Queue 0 Figure 1-3 Priority queues SP algorithm is designed for key services.

  • Page 7: Qos Configuration Task List

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration Another merit for WRR algorithm: Though the queues are scheduled by turn, they are not configured with fixed time quantum. If a queue has no packets, the system immediately schedules the next queue.
  • Page 8 (LSB1NATB0 boards in the context of this document) is somewhat different from that for interface boards. See related description in the manual. The service processor boards now supported by the S9500 series have no egress interface. Therefore, they do not support the configuration commands in Ethernet port view.

  • Page 9: Configuring Service Parameter Allocation Rule

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration Table 1-1 QoS terms Term Remarks It has the same meaning as 802.1p priority. Both refer to the priority at packet header, with the value ranging from 0 to 7.
  • Page 10 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration mapping table to obtain the CoS value and searches the CoS-to-drop precedence mapping table to obtain the drop precedence for the packet. Note: To assign a local precedence to the tagged packets received on a port based on the 802.1p field, you must assign a local precedence (or port priority) with the priority...

  • Page 11: Configuring Traffic Policing

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... Configure local precedence on a port priority priority-level Restore the default local precedence on a port undo priority 1.2.2 Configuring Traffic Policing Traffic policing performs per-flow rate limiting.
  • Page 12 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration II. Configuring traffic parameters (optional) Use the following command to set the traffic parameters required before configuring traffic policing on service processor boards. Caution: This operation is not required for configuring traffic policing on common boards.
  • Page 13 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... undo traffic-limit inbound ip-group Remove traffic policing setting { acl-number | acl-name } { rule rule which applies IP group ACL and...

  • Page 14: Configuring Traffic Shaping

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration You must first define the corresponding ACL and configure the DSCP + Conform level-service parameters mapping table and Local precedence + Conform level mapping table before starting this configuration.

  • Page 15: Configuring Traffic Priority

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... traffic-shape [ queue queue-id ] Configure traffic shaping max-rate burst-size Remove traffic shaping setting undo traffic-shape [ queue queue-id ] The switch supports traffic shaping based on port, that is, all traffic on the port is shaped.
  • Page 16 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... traffic-priority inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { auto | Configure traffic priority which...

  • Page 17: Configuring Traffic Redirecting

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration Note: For MPLS packets, the dscp-value argument defines not only a DSCP priority but also an EXP (the three high-order bits of the value). When the S9500 switch is used as an ingress PE device, for IP packets, EXP is matched according to the DSCP-to-services mapping table for the conform level of the packets;...
  • Page 18 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... traffic-redirect inbound ip-group { acl-number | acl-name } rule rule link-group { acl-number | acl-name } [ rule rule ] { cpu | interface interface-type...

  • Page 19: Configuring Queue Scheduling

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration For service processor boards, perform the following configurations in VLAN view. To do... Use the command... traffic-redirect inbound ip-group { acl-number | acl-name } { { rule rule { cpu [ slot slot-id ] |...

  • Page 20: Configuring Wred Parameters

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration All-SP scheduling mode All-WRR mode: A queue is selected from each of the two WRR groups during scheduling, and then the two queues are compared for priority. The queue with higher priority will be scheduled.
  • Page 21 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration I. Configuring WRED parameters The switch provides four sets of default WRED parameters, respectively numbered as 0 to 3. Each set includes 80 parameters, 10 parameters for each of the eight queues.

  • Page 22: Configuring Traffic Mirroring

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... Configure drop algorithm drop-mode { tail-drop | wred } [ wred-index ] Restore the default algorithm undo drop-mode By default, tail drop mode is selected.
  • Page 23 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration but the index value may change while the system is running. However, you are not recommended to assign a system index if not urgently necessary. See the corresponding command manual for details of the commands.

  • Page 24: Configuring Port Mirroring

    Up to 20 mirroring groups can be configured at a port, with each group including one monitor port and multiple monitored ports. Note: The S9500 series support cross-board mirroring, that is, the monitoring and monitored ports can be at different boards. Note the following when configuring port mirroring: For intra-board mirroring, only one monitor port can be configured for the mirroring groups in the same direction.

  • Page 25: Configuring Traffic Accounting

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration On XP4B and XP4CA boards, there are the following limitations on port mirroring: Cross-board port mirroring is not supported. Port mirroring can only be configured between port 0 and 1, and between port 2 and 3. In each pair of ports (port 0 and 1, port 2 and 3), there can be one inbound monitor port and one outbound monitor port (other boards each can have only one inbound monitor port and one outbound monitor port).

  • Page 26: Displaying And Debugging Qos Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration command, but the index value may change while the system is running. However, you are not recommended to assign a system index if not urgently necessary. See the corresponding command manual for details on the commands.
  • Page 27 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration To do... Use the command... Remarks Display traffic policing display traffic-params Available in any configuration [ traffic-index ] view Display QoS configuration Available in any display qos-vlan [ vlan-id ] all...

  • Page 28: Qos Configuration Examples

    # Configure traffic policing on Ethernet 3/1/1 and GigabitEthernet 7/1/1 with the following parameters: CIR 2000, CBS 200000, EBS 300000, and dropping the exceeding packets. [H3C] interface Ethernet 3/1/1 [H3C-Ethernet3/1/1] traffic-limit inbound ip-group 3000 2000 200000 300000 conform remark-drop-priority exceed drop 1-26...

  • Page 29: Traffic Shaping Configuration Example

    H3C S9500 Series Routing Switches Chapter 1 QoS Configuration [H3C-Ethernet3/1/1] quit [H3C] interface GigabitEthernet 7/1/1 [H3C-GigabitEthernet7/1/1] traffic-limit inbound ip-group 3000 2000 200000 300000 conform remark-drop-priority exceed drop 1.4.2 Traffic Shaping Configuration Example I. Network requirements Set traffic shaping for the output queue 2 at the port GE7/1/8, with the maximum rate of 650 Kbps and the burst size of 12 KB.

  • Page 30: Traffic Priority Marking Configuration Example

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration II. Network diagram Figure 1-6 Network diagram for port mirroring configuration III. Configuration procedure # Define a mirroring group, with the monitor port as GigabitEthernet 3/1/8. <H3C> system-view...

  • Page 31: Traffic Redirecting Configuration Example (I)

    # Create ACL 2000 and enter the corresponding view. [H3C] acl number 2000 # Define an ACL rule for the traffic sourced from PC A. [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range test [H3C-acl-basic-2000] quit Modify the DSCP-to-services mapping table for conform level 0.

  • Page 32: Traffic Redirecting Configuration Example (Ii)

    # Create ACL 2000 and enter the corresponding view. [H3C] acl number 2000 # Define an ACL rule for the traffic sourced from PC A. [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range test [H3C-acl-basic-2000] quit Modify the next hop for the packets sourced from PC A.
  • Page 33 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration GigabitEthernet 2/1/1 belongs to VLAN 20 whose VLAN interface IP address is 20.20.20.2/24. The IP address of the connected interface on the ISP router is 20.20.20.1/24. Ethernet 3/1/1 belongs to VLAN 30 whose VLAN interface IP address is 20.20.30.2/24.

  • Page 34: Queue Scheduling Configuration Example

    H3C S9500 Series Routing Switches Chapter 1 QoS Configuration [H3C] acl number 3000 [H3C-acl-adv-3000] rule 0 permit ip precedence 7 [H3C-acl-adv-3000] rule 1 permit ip precedence 6 [H3C-acl-adv-3000] rule 2 permit ip precedence 5 [H3C-acl-adv-3000] rule 3 permit ip precedence 4...
  • Page 35 # Modify the mapping between 802.1p priority and local precedence. <H3C> system-view [H3C] qos cos-local-precedence-map 7 6 5 4 3 2 1 0 # Use WRR algorithm for the queues 0 through 5. Set the queues 0, 1, and 2 into WRR queue 1, with weight being 20, 20, and 30;...

  • Page 36: Wred Parameters Configuration Example

    # Configure parameters for WRED 0. <H3C> system-view [H3C] wred 0 [H3C-wred-0] queue 7 150 500 5 100 150 10 50 100 15 10 [H3C-wred-0] quit Set drop algorithm and thresholds. # Define the port GE7/1/1 in WRED drop mode, set the parameters of WRED 0.

  • Page 37: Traffic Accounting Configuration Example

    # Create ACL 2000 and define an ACL rule for the traffic sourced from PC A. [H3C] acl number 2000 [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0.0.0.0 time-range test [H3C-acl-basic-2000] quit Collect the statistics about the packets sourced from PC A and display the result using the display command.
  • Page 38 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 1 QoS Configuration 10000 packets 1-36...

  • Page 39: Chapter 2 Port Tokens Configuration

    Port Tokens Configuration Example 2.1 Overview In practical application of S9500 series routing switches, when Layer 3 multicast traffic needs to be copied to multiple VLANs configured on an outbound port, packet loss may occur if relatively few packets can be buffer due to insufficient tokens on the outbound port or lower queue-tail drop threshold.

  • Page 40: Configuring The Number Of Tokens For Port Or Port Queue

    System View: return to User View with Ctrl+Z. [H3C] qos token GigabitEthernet3/1/1 30 # Set the number of tokens for queue 2 on port GigabitEthernet 3/1/1 to 5. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] qos token GigabitEthernet3/1/1 queue 2 5...

  • Page 41: Chapter 3 Wan-Qos Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 WAN-QoS Configuration Chapter 3 WAN-QoS Configuration When configuring WAN-QoS, go to these section for information you are interested in: Overview Configuring WAN-QoS WAN-QoS Configuration Example 3.1 Overview WAN-QoS refers to QoS applied to WAN interfaces. You can configure QoS commands on a WAN interface to implement QoS functions in the downlink direction of the WAN interface.

  • Page 42: Wan-Qos Configuration Example

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 3 WAN-QoS Configuration To do… Use the command… Remarks Display the QoS configuration of display qos-interface the specified or all [ interface-type interface-number ] all WAN interfaces Display the drop...
  • Page 43 # Configure interface E1 8/1/1. <H3C> system-view [H3C] controller e1 8/1/1 [H3C-E18/1/1] clock slave [H3C-E18/1/1] channel-set 1 timeslot-list 1-31 [H3C] interface serial 8/1/1:1 [H3C-Serial8/1/1:1] ip address 202.117.1.2 24 [H3C-Serial8/1/1:1] qos enable [H3C-Serial8/1/1:1] queue-scheduler wrr group 0 5 1 5 2 10 3 15...

  • Page 44: Chapter 4 Logon User Acl Control Configuration

    Telnet Security shell (SSH) Simple network management protocol (SNMP) An S9500 series switch provides security control for these three access measures to prevent unauthorized users from logging in/and accessing it. There are two levels of security controls. The first level is implemented by applying ACLs to filter the users that are to connect to the switch.

  • Page 45: Configuration Tasks

    Operation Manual – QoS Chapter 4 Logon User ACL Control H3C S9500 Series Routing Switches Configuration 4.2.2 Configuration Tasks Follow these steps to configure ACL for Telnet/SSH users: To do… Use the command... Remarks Enter system view system-view — Required...
  • Page 46 Operation Manual – QoS Chapter 4 Logon User ACL Control H3C S9500 Series Routing Switches Configuration To do… Use the command... Remarks acl-number1 parameter Apply indicates the basic or acl acl-number1 { inbound | number of the Apply advanced outbound }...

  • Page 47: Layer 2 Acl Control Configuration Example

    System View: return to User View with Ctrl+Z. [H3C] acl number 4000 match-order config # Define ACL rules for ACL 4000. [H3C-acl-link-4000] rule 1 permit ingress 00a2-fc01-0101 0000-0000-0000 [H3C-acl-link-4000] rule 2 permit ingress 00a2-fc01-0303 0000-0000-0000 [H3C-acl-link-4000] rule 3 deny ingress any [H3C-acl-link-4000] quit # Enter user interface view.

  • Page 48: Applying An Acl For Snmp Users

    4.5 Applying an ACL for SNMP Users S9500 series switches can be managed remotely through network management software (NMS). Administrators can use SNMP to access an S9500 series switch. Proper ACL configuration can prevent unauthorized network management users from logging onto the switch.
  • Page 49 Operation Manual – QoS Chapter 4 Logon User ACL Control H3C S9500 Series Routing Switches Configuration To do… Use the command... Remarks rule [ rule-id ] { permit | deny } protocol [ packet-level { bridge | route } | source...
  • Page 50 Operation Manual – QoS Chapter 4 Logon User ACL Control H3C S9500 Series Routing Switches Configuration To do… Use the command... Remarks The SNMP community name is a feature of SNMP V1 and SNMP V2. Apply the snmp-agent community Applying an ACL in...

  • Page 51: Acl Control Over Snmp Users Configuration Example

    [H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [H3C-acl-basic-2000] rule 3 deny source any [H3C-acl-basic-2000] quit # Apply the ACL. [H3C] snmp-agent community read test acl 2000 [H3C] snmp-agent group v3 testgroup acl 2000 [H3C] snmp-agent usm-user v3 testuser testgroup acl 2000...

  • Page 52: Chapter 5 Vlan-Acl Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 VLAN-ACL Configuration Chapter 5 VLAN-ACL Configuration When configuring VLAN-ACL, go to these sections for information you are interested VLAN-ACL Overview VLAN-ACL Configuration VLAN-ACL Configuration Examples 5.1 VLAN-ACL Overview VLAN-ACL is VLAN-based ACL. You can configure QoS for a VLAN to control accesses made to all ports in the VLAN.
  • Page 53 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 VLAN-ACL Configuration To do… Use the command... Remarks VLAN-ACL is prohibited from being applied to the Enter VLAN view vlan vlan-id VLAN containing POS or MPLS intermixing ports. packet-filter inbound...
  • Page 54 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 5 VLAN-ACL Configuration To do… Use the command... Remarks traffic-statistic inbound ip-group { acl-number | Configure traffic acl-name } [ rule rule Optional accounting [ system-index index ] ] [ tc-index index ]...

  • Page 55: Vlan-Acl Configuration Examples

    Figure 5-1 Network diagram for VLAN-ACL configuration III. Configuration procedure Define the time range. # Define the time range from 8:00 to 18:00. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] time-range test 8:00 to 18:00 daily Define traffic rules.

  • Page 56: Vlan-Acl Traffic Policing Configuration Example

    # Set the next hop IP addresses of all the packets forwarded on the ports in VLAN 2 to 3.0.0.1. [H3C] vlan 2 [H3C-vlan2] traffic-redirect inbound ip-group 2000 rule 0 next-hop 3.0.0.1 Display configuration. # Display whether VLAN-ACL is configured on all ports in VLAN 2 (ports GigabitEthernet7/1/1 and GigabitEthernet7/1/2).
  • Page 57 [H3C-acl-adv-3000] rule 0 permit icmp [H3C-acl-adv-3000] quit # Configure traffic policing on VLAN 10 with the following parameters: CIR 2000, CBS 200000, EBS 300000, and dropping the exceeding packets. [H3C] vlan 10 [H3C-vlan10] traffic-limit inbound ip-group 3000 2000 200000 300000 conform remark-drop-priority exceed drop...

  • Page 58: Chapter 6 Eacl Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration Chapter 6 EACL Configuration When configuring EACL, go to these sections for information you are interested in: EACL Overview EACL Configuration Task List Configuration Example Note: The service processing board mentioned in this chapter refers to the LSB1NAMB0 board.
  • Page 59 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration To do… Use the command... Remarks Enter system view system-view — time-range time-name { start-time to end-time days-of-the-week [ from Configure a time start-time start-date ] [ to...

  • Page 60: Configuring Eacl-Reflexive Acl

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration To do… Use the command... Remarks Required Enter Ethernet port interface interface-type Enter Ethernet port view view interface-number to configure BT rate limit traffic-redirect inbound ip-group { acl-number |...
  • Page 61 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration To do… Use the command... Remarks Required acl { number acl-number | Create the rule used for name acl-name [ advanced | Enter ACL view reflexive ACL. This...

  • Page 62: Configuring Eacl-Outgoing Acl

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration 6.2.3 Configuring EACL-Outgoing ACL Follow these steps to configure EACL-Outgoing EACL: To do… Use the command... Remarks Enter system view system-view — time-range time-name { start-time to...

  • Page 63: Configuring Eacl-Incoming Acl

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration 6.2.4 Configuring EACL-Incoming ACL Follow these steps to configure EACL-Incoming EACL: To do… Use the command... Remarks Enter system view system-view — time-range time-name { start-time to...

  • Page 64: Configuration Example

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 6 EACL Configuration To do… Use the command... Remarks traffic-redirect inbound ip-group Required { acl-number | acl-name } rule rule “slotid” link-group { acl-number | acl-name } [ rule Configure packet...

  • Page 65: Eacl Bt Rate Limit Configuration Example

    [H3C-acl-adv-3001] rule permit icmp reflective [H3C-acl-adv-3001] quit # Configure a reflexive ACL in VLAN 40. [H3C] vlan 40 [H3C-vlan40] packet-filter outbound ip-group 3001 slot 5 [H3C-vlan40] quit # Define an ACL rule used for port redirection. [H3C] acl number 3002...
  • Page 66 <H3C> system-view [H3C] acl number 3000 [H3C-acl-adv-3000] rule permit tcp bt-flag [H3C-acl-adv-3000] quit # Define rate limit parameters. [H3C] traffic-params 1 cir 1000 cbs 2000 ebs 2000 # Configure BT rate limit in VLAN 40. [H3C] vlan 40 [H3C-vlan40] traffic-limit...

  • Page 67: Chapter 7 Global Acl Configuration

    ACL function. The OAP module does not support globally ACL configuration. The S9500 series routing switches do not support global ACL configuration on boards configured with cross-board link aggregation. If a user-defined flow template is used for global ACL, you need to apply the template both globally and on the ports where global ACL rules will be applied;...

  • Page 68: Global Acl Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 7 Global ACL Configuration 7.2 Global ACL Configuration Follow these steps to configure global ACL: To do... Use the command... Remarks Enter system view — system-view acl { number acl-number | name...

  • Page 69: Global Acl Configuration Example

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 7 Global ACL Configuration Caution: The global-acl maximum slot command applies to only D-type interface boards. Additionally, to make the command take effect, you must restart the interface board after configuring the command.
  • Page 70 # Create a time range worktime covering the period from 8:00 to 18:00 during working days. <H3C> system-view [H3C] time-range worktime 8:00 to 18:00 working-day # Create and configure VLAN 10 and VLAN 11. Create VLAN interface 10 and VLAN interface 11, and configure proper IP addresses for them, enabling PCs of the R&D department to access the salary server of the HR department.
  • Page 71 [H3C] acl number 3000 [H3C-acl-adv-3000] rule 0 permit ip source 10.10.10.2 0 [H3C-acl-adv-3000] rule 1 permit ip source 10.10.10.3 0 [H3C-acl-adv-3000] rule 2 deny ip source 10.10.10.0 0.0.0.255 destination 10.11.11.11 0 time-range worktime [H3C-acl-adv-3000] quit # Define a global flow template and apply it.

  • Page 72: Chapter 8 Wan-Acl Configuration

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 WAN-ACL Configuration Chapter 8 WAN-ACL Configuration When configuring WAN-ACL, go to these sections for information you are interested in: Overview Configuring WAN-ACL WAN-ACL Configuration Example 8.1 Overview A WAN-ACL refers to an ACL applied to WAN interfaces. You can configure QACL actions on a WAN interface to implement access control for the WAN interface.
  • Page 73 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 WAN-ACL Configuration To do… Use the command… Remarks packet-filter inbound ip-group Configure packet { acl-number | acl-name } [ rule rule Optional filtering [ system-index index ] ] traffic-limit inbound ip-group...
  • Page 74 Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 WAN-ACL Configuration To do… Use the command… Remarks Display traffic mirroring display qos-interface information on the [ interface-type interface-number ] specified or all mirrored-to WAN interfaces Display rate limiting...

  • Page 75: Wan-Acl Configuration Example

    Operation Manual – QoS H3C S9500 Series Routing Switches Chapter 8 WAN-ACL Configuration If a WAN-ACL and a global ACL are applied at the same time, traffic will be matched against the global ACL preferentially. If the global ACL is matched, the WAN-ACL will not be matched.
  • Page 76 [H3C-Serial8/1/1:1] ip address 202.117.1.2 24 [H3C-Serial8/1/1:1] quit [H3C] time-range test 8:00 to 18:00 daily [H3C] acl number 3000 [H3C-acl-adv-3000] rule deny ip source any destination 192.168.1.200 0.0.0.0 time-range test [H3C-acl-adv-3000] quit [H3C] interface serial 8/1/1:1 [H3C-Serial8/1/1:1] packet-filter inbound ip-group 3000 rule 0...

Table of Contents