CX91x traffic control configuration

4

Network congestion may lead to packet loss. Traffic control is a technology for preventing packet loss. If network congestion occurs on the local device, the local device sends a message to the peer device, instructing the peer device to reduce the packet sending rate. After receiving the message, the peer device reduces its packet sending rate, which prevents congestion.
For details about the CX91x traffic control configuration, see the following documents.
? C00 version:
http://support.huawei.com/enterprise/en/doc/DOC1000018101/?idPath=7919749|9856522|21782478|19955021|19961380
? C10 version:
http://support.huawei.com/enterprise/en/doc/DOC1000041694/?idPath=7919749|9856522|21782478|19955021|19961380

Other related questions:
Configure a CE series switch to filter packets using a traffic policy
- Prevent a specified host from accessing a network. In the following example, the switch is configured to prevent the PC with IP address 192.168.1.10 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.10 0.0.0.0 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Prevent all devices on a specified network segment from accessing a network. In the following example, the switch is configured to prevent all devices on the network segment 192.168.1.0 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Filter specified protocol packets. - Prevent SMTP packets with TCP destination port 25 from passing through a switch. - Prevent POP3 packets with TCP destination port 110 from passing through a switch. - Prevent HTTP packets with TCP destination port 80 from passing through a switch. <HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 25 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 110 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 80 [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 3000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit

Configuring user-based traffic control on the USG6000 series
User-based traffic policies can be configured on the USG6000 series if users are authenticated on the device. If users are authenticated on other devices, user- or account-based traffic control cannot be implemented. The configuration procedure is as follows: 1. Configure a traffic profile and specify the bandwidth resources available for users. system-view [sysname] traffic-policy [sysname-policy-traffic] profile traffic_profile [sysname-policy-traffic-profile-traffic_profile] bandwidth maximum-bandwidth whole upstream 2000 2. Configure a traffic policy and enable the traffic policy to reference the configured traffic profile. [sysname-policy-traffic] rule name traffic_rule [sysname-policy-traffic-rule-traffic_rule] source-zone trust [sysname-policy-traffic-rule-traffic_rule] destination-zone untrust [sysname-policy-traffic-rule-traffic_rule] user username user1 [sysname-policy-traffic-rule-traffic_rule] action qos profile traffic_profile

Default user name and password of the CX91x
The default user name and password of the BMC and onboard Ethernet switching plane of the CX91x are as follows: Default user name: root Default password: Huawei12#$ In some cases (such as serial port login and BIOS login), you only need to enter the password but do not need to enter the user name. The default user name and password of the FC switching plane (available only for CX911 and CX912) are as follows: Default user name: admin Default password: Huawei12#$

Configuring traffic suppression and storm control on S series switches
For S series switches (except S1700 switches): Traffic suppression and storm control are two security technologies used to limit rates of broadcast, unknown multicast, and unknown unicast packets to prevent storms caused by these packets. Traffic suppression limits traffic rates using traffic rate thresholds, while storm control prevents traffic storms by shutting down interfaces. You can run the following commands to configure traffic suppression: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression cir 100 //Configure broadcast traffic suppression and set the CIR, that is the allowed rate at which broadcast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression 80 //Configure unknown multicast traffic suppression and limit the rate of unknown multicast packets to 80%. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression cir 100 //Configure unknown unicast traffic suppression and set the CIR, that is the allowed rate at which unknown unicast traffic can pass through, to 100 kbit/s. [HUAWEI-GigabitEthernet1/0/0] quit To block outgoing packets on an interface, run the following commands: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] broadcast-suppression block outbound //Block outgoing broadcast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] multicast-suppression block outbound //Block outgoing unknown multicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] unicast-suppression block outbound //Block outgoing unknown unicast packets on the interface. [HUAWEI-GigabitEthernet1/0/0] quit You can run the following commands to configure storm control: [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] storm-control broadcast min-rate 1000 max-rate 2000 //Configure storm control on broadcast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control multicast min-rate 1000 max-rate 2000 //Configure storm control on unknown multicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control unicast min-rate 1000 max-rate 2000 //Configure storm control on unknown unicast packets. [HUAWEI-GigabitEthernet1/0/0] storm-control action block //Set the storm control action to block. [HUAWEI-GigabitEthernet1/0/0] storm-control enable log //Configure the device to record a log when detecting a storm. [HUAWEI-GigabitEthernet1/0/0] storm-control interval 90 //Set the interval for detecting storms. [HUAWEI-GigabitEthernet1/0/0] quit Note: If the storm control action on an interface is block, the interface restores the normal forwarding state when the traffic falls below the lower threshold. If the storm control action is shutdown, the interface cannot restore automatically and you need to run the undo shutdown command to restore it manually.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top