Example for Configuring Rate Limiting for Users on Different Network Segments Highlighted

Created Jun 22, 2017 19:42:09Latest reply May 02, 2018 13:39:29 1314 2 0 0

Example for Configuring Rate Limiting for Users on Different Network Segments

Networking Requirements

As shown in Figure 1-1, the Switch connects to the router through GE3/0/1, and the enterprise connects to the Internet through the Switch and router.

Users on different floors connect to the network through different access switches and belong to different network segments. Different bandwidth needs to be provided for users on different network segments. The users belonging to the same network segment share the bandwidth.

Table 1-1 describes the QoS requirements.

Table 1-1 QoS guarantee for uplink traffic on the Switch

User

CIR (kbit/s)

PIR (kbit/s)

All users on the first floor

4000

10000

All users on the second floor

6000

10000

 

Figure 1-1 Networking for rate limiting for users on different network segments

20170622194146133001.png

 

Configuration Roadmap

The configuration roadmap is as follows:

1.         Create VLANs and configure interfaces to enable the enterprise to connect to the Internet through the Switch.

2.         Configure ACLs to match different network segments on the Switch.

3.         Configure traffic classifiers and apply the ACLs to the traffic classifiers on the Switch.

4.         Configure traffic behaviors on the Switch to limit the rates of packets from users on different floors.

5.         Configure a traffic policy on the Switch, associate the traffic behaviors with the traffic classifiers in the traffic policy, and apply the traffic policy to the interface on the Switch connected to the router.

Procedure

                               Step 1     Create VLANs and configure interfaces.

# Create VLAN 100 and VLAN 200 on the Switch.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200

# Configure GE1/0/1 and GE2/0/1 as trunk interfaces and add them to VLAN 100 and VLAN 200. Configure GE3/0/1 as a trunk interface and add it to VLAN 100 and VLAN 200.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 2/0/1
[Switch-GigabitEthernet2/0/1] port link-type trunk
[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 200
[Switch-GigabitEthernet2/0/1] quit
[Switch] interface gigabitethernet 3/0/1
[Switch-GigabitEthernet3/0/1] port link-type trunk
[Switch-GigabitEthernet3/0/1] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet3/0/1] quit

                               Step 2     Configure ACLs.

# Configure ACLs to match different network segments.

[Switch] acl 2000
[Switch-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Switch-acl-basic-2000] quit
[Switch] acl 2001
[Switch-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.255
[Switch-acl-basic-2001] quit

                               Step 3     Configure traffic classifiers.

# Configure traffic classifiers c1 and c2 on the Switch to classify packets from users in different floors.

[Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match acl 2000
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator and
[Switch-classifier-c2] if-match acl 2001
[Switch-classifier-c2] quit

                               Step 4     Configure traffic behaviors.

# Create traffic behaviors b1 and b2 on the Switch to limit the rates of different service flows.

[Switch] traffic behavior b1
[Switch-behavior-b1] car cir 4000 pir 10000 green pass
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] car cir 6000 pir 10000 green pass
[Switch-behavior-b2] quit

                               Step 5     Configure a traffic policy and apply the traffic policy to the interface connected to the router.

# Create a traffic policy named p1 on the Switch, associate traffic classifiers with traffic behaviors in the traffic policy, and apply the traffic policy to the outbound direction of GE3/0/1 to police packets from the enterprise.

[Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 3/0/1
[Switch-GigabitEthernet3/0/1] traffic-policy p1 outbound
[Switch-GigabitEthernet3/0/1] quit

                               Step 6     Verify the configuration.

# View the traffic classifier configuration.

[Switch] display traffic classifier user-defined
  User Defined Classifier Information:                                          
   Classifier: c2                                                               
    Precedence: 10                                                              
    Operator: AND                                                                
    Rule(s) : if-match acl 2001                                                 
                                                                                
   Classifier: c1                                                                
    Precedence: 5                                                               
    Operator: AND                                                               
    Rule(s) : if-match acl 2000                                                  
                                                                                
Total classifier number is 2                                                   

# View the traffic policy configuration.

[Switch] display traffic policy user-defined p1
  User Defined Traffic Policy Information:                                      
  Policy: p1                                                                    
   Classifier: c1                                                                
    Operator: AND                                                               
     Behavior: b1                                                               
      Permit                                                                    
      Committed Access Rate:                                                    
        CIR 4000 (Kbps), PIR 10000 (Kbps), CBS 500000 (byte), PBS 1250000 (byte)
        Color Mode: color Blind                                                 
        Conform Action: pass                                                    
        Yellow  Action: pass                                                    
        Exceed  Action: discard                                                 
   Classifier: c2                                                                
    Operator: AND                                                               
     Behavior: b2                                                               
      Permit                                                                     
      Committed Access Rate:                                                    
        CIR 6000 (Kbps), PIR 10000 (Kbps), CBS 750000 (byte), PBS 1250000 (byte)
        Color Mode: color Blind                                                  
        Conform Action: pass                                                    
        Yellow  Action: pass                                                    
        Exceed  Action: discard                                                 

----End

Configuration Files

l   Switch configuration file

#
sysname Switch
#
vlan batch 100 200
#
acl number 2000  
 rule 5 permit source 192.168.1.0 0.0.0.255 
acl number 2001  
 rule 5 permit source 192.168.2.0 0.0.0.255 
#
traffic classifier c1 operator and precedence 5
 if-match acl 2000
traffic classifier c2 operator and precedence 10
 if-match acl 2001
#
traffic behavior b1
 permit
 car cir 4000 pir 10000 cbs 500000 pbs 1250000 mode color-blind green pass yellow pass red discard
traffic behavior b2
 permit
 car cir 6000 pir 10000 cbs 750000 pbs 1250000 mode color-blind green pass yellow pass red discard
#
traffic policy p1 match-order config
 classifier c1 behavior b1
 classifier c2 behavior b2
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface GigabitEthernet2/0/1
 port link-type trunk
 port trunk allow-pass vlan 200
#
interface GigabitEthernet3/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
 traffic-policy p1 outbound
#
return

  • x
  • convention:

gululu  Admin   Created Jun 23, 2017 08:40:09 Helpful(0) Helpful(0)

good!
  • x
  • convention:

Come on!
wissal     Created May 02, 2018 13:39:29 Helpful(0) Helpful(0)


useful document, thanks
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top