How to configure and apply IP-based traffic policies on CE series switches

When a CE series switch needs to classify received Internet traffic, you can configure an IP-based traffic policy in the inbound direction of the switch interface connected to the Internet.
For example, 10GE1/0/1 on a CE series switch is connected to the Internet. The switch needs to forward received packets with the source IP address on the network segment 192.168.1.0/24 to 10GE1/0/2 and discard other packets.
<HUAWEI> system-view
[~HUAWEI] acl 3000 //Create an ACL to match packets with the source IP address on the network segment 192.168.1.0/24.

[*HUAWEI-acl4-advance-3000] rule permit ip source 192.168.1.0 0.0.0.255
[*HUAWEI-acl4-advance-3000] quit
[*HUAWEI] traffic classifier redirect1
[*HUAWEI-classifier-redirect1] if-match acl 3000 [*HUAWEI-classifier-redirect1] quit
[*HUAWEI] traffic behavior redirect1
[*HUAWEI-behavior-redirect1] redirect interface 10ge 1/0/2
[*HUAWEI-behavior-redirect1] quit
[*HUAWEI] traffic classifier redirect2
[*HUAWEI-classifier-redirect2] if-match any //Configure a rule to match all packets.
[*HUAWEI-classifier-redirect2] quit
[*HUAWEI] traffic behavior redirect2
[*HUAWEI-behavior-redirect2] deny
[*HUAWEI-behavior-redirect2] quit
[*HUAWEI] traffic policy redirect //Create a traffic policy and bind it to different traffic classifiers and traffic behaviors.
[*HUAWEI-trafficpolicy-redirect] classifier redirect1 behavior redirect1 precedence 5 //The traffic classifier that matches packets with the source IP address on the network segment 192.168.1.0/24 has a higher priority, so this traffic classifier is preferentially matched.

[*HUAWEI-trafficpolicy-redirect] classifier redirect2 behavior redirect2 precedence 10
[*HUAWEI-trafficpolicy-redirect] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy redirect inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] commit

Scroll to top