Configuring traffic policies for the USG9000

Traffic policy configuration for the USG9000:
Configure priority re-marking based on multi-field (MF) classification.
The following is an example of configuring priority re-marking based on MF classification.
Configuration procedure:
1. Configure an access control list (ACL).
2. Configure traffic classes.
3. Configure traffic actions.
4. Configure traffic policies based on traffic classes and actions.
5. Apply traffic policies.
Configuration example:
The USG9000 functions as the gateway on the internal network for accessing the Internet.
(3)(4)Internal network----(1)USG9000(2)---Internet

(1) GE interface 1/0/0: 1.1.1.1/24
(2) GE interface 2/0/0: 2.1.1.1/24
(3) Server: 1.1.1.3
(4) PC: 1.1.1.4
On the USG9000, apply the following priority re-marking policies for packets received by GE interface 1/0/0 from the server and PC:
Re-mark the differentiated services code point (DSCP) priority of packets sent from the server to AF43 (38).
Re-mark the DSCP priority of packets sent from the PC to CS5 (40).
Procedure:
1. Perform basic configuration. Specifically, configure interface IP addresses, add interfaces to zones, and configure inter-zone filtering policies.
2. Configure ACL rules for packets sent from the server and PC.
[USG9000] acl number 2001
[USG9000-acl-basic-2001] rule permit source 1.1.1.2 0.0.0.0
[USG9000] acl number 2002
[USG9000-acl-basic-2002] rule permit source 1.1.1.3 0.0.0.0
3. Define traffic classes.
[USG9000] traffic classifier class1
[USG9000-classifier-class1] if-match acl 2001
[USG9000] traffic classifier class2
[USG9000-classifier-class2] if-match acl 2002
[USG9000-classifier-class2] quit
4. Define traffic actions.
[USG9000] traffic behavior behavior1
[USG9000-behavior-behavior1] remark dscp af43
[USG9000-behavior-behavior1] quit
[USG9000] traffic behavior behavior2
[USG9000-behavior-behavior2] remark dscp cs5
[USG9000-behavior-behavior2] quit
5. Define traffic policies.
[USG9000] traffic policy policy1
[USG9000-trafficpolicy-policy1] classifier class1 behavior behavior1
[USG9000-trafficpolicy-policy1] classifier class2 behavior behavior2
6. Apply traffic policies.
[USG9000] interface GigabitEthernet 1/0/0
[USG9000-GigabitEthernet1/0/0] traffic-policy policy1 inbound
[USG9000-GigabitEthernet1/0/0] quit

Scroll to top