Example for Configuring Traffic Policing to Limit All Traffic on a Network Segment

Created Dec 17, 2016 23:05:10Latest reply Dec 17, 2016 23:05:32 890 1 0 0

 Example for Configuring Traffic Policing to Limit All Traffic on a Network Segment

Applicability

This example applies to all AR models of V200R002C00 and later versions.

Networking Requirements

RouterA is deployed at the egress of an enterprise network. Users in the enterprise are located on two network segments and connect to the Internet through RouterA.

Traffic policing needs to be configured on RouterA to limit the rate of all the traffic on the network segment 192.168.1.0/24 to 512 kbit/s, and limit the rate of all the traffic on the network segment 192.168.2.0/24 to 128 kbit/s.

Figure 1  Traffic policing networking diagram

d822418a53d64d81a60a21f04e36d45f

Procedure

Configure RouterA.
#
 sysname RouterA
#
vlan batch 10 20
#
acl number 2000  // Create ACL 2000.
 rule 0 permit source 192.168.1.0 0.0.0.255  // Configure rule 0, which permits packets with source 
                                                addresses on network segment 192.168.1.0 to pass.
acl number 2001  // Create ACL 2001.
 rule 0 permit source 192.168.2.0 0.0.0.255  // Configure rule 0, which permits packets with source 
                                                addresses on network segment 192.168.2.0 to pass.
#
interface Vlanif10
 ip address 192.168.1.1 255.255.255.0
#
interface Vlanif20
 ip address 192.168.2.1 255.255.255.0
#
interface Ethernet2/0/0
 port link-type trunk  // Set the link type of the interface to trunk.
 port trunk allow-pass vlan 10 20  // Add the trunk interface to VLAN 10 and VLAN 20.
#
interface GigabitEthernet3/0/0
 ip address 1.2.0.2 255.255.255.0
 qos car outbound acl 2000 cir 512 cbs 96256 pbs 160256 green pass yellow pass red discard // Configure traffic 
                                                                                              policing for outgoing 
                                                                                              packets that match ACL 
                                                                                              2000 on the interface. 
                                                                                              Set the CIR to 512 kbit/s.
 qos car outbound acl 2001 cir 128 cbs 24064 pbs 40064 green pass yellow pass red discard  // Configure traffic 
                                                                                             policing for outgoing 
                                                                                             packets that match ACL 
                                                                                             2001 on the interface. 
                                                                                             Set the CIR to 128 kbit/s.
#

Verify the configuration.

Run the display qos car statistics interface GigabitEthernet 3/0/0 outbound command to check the traffic statistics on GE3/0/0 where traffic policing is configured. You can see that the rate of outgoing packets on the interface is within the rate limit and excess packets are discarded.



  • x
  • convention:

SherryL  Adept   Created Dec 17, 2016 23:05:32 Helpful(0) Helpful(0)

Configuration Notes
•On the Switch, set the link type of the interfaces connected to the user network segments to access, and add the interfaces to service VLANs of users.
•Configure the interface of the Switch connected to RouterA as a trunk interface and add the interface to service VLANs.
•Configure RouterB to ensure that it can communicate with RouterA.
•This example configures traffic policing for outgoing packets on a WAN-side interface. You can also configure traffic policing for incoming packets on a LAN-side interface.
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top