How to configure a traffic policy on an AR

0

You can configure a traffic policy on an AR as follows:
1. Configure a traffic classifier.
2. Configure a traffic behavior.
3. Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy.
4. Apply the traffic policy on an interface.
For detailed configuration, click:
1.4 Configuring MQC

Other related questions:
How to configure a traffic policy on an AR
You can configure a traffic policy on an AR as follows: 1. Configure a traffic classifier. 2. Configure a traffic behavior. 3. Configure a traffic policy and bind the traffic classifier and traffic behavior to the traffic policy. 4. Apply the traffic policy on an interface. For detailed configuration, click: 1.4 Configuring MQC

Configure a CE series switch to filter packets using a traffic policy
- Prevent a specified host from accessing a network. In the following example, the switch is configured to prevent the PC with IP address 192.168.1.10 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.10 0.0.0.0 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Prevent all devices on a specified network segment from accessing a network. In the following example, the switch is configured to prevent all devices on the network segment 192.168.1.0 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Filter specified protocol packets. - Prevent SMTP packets with TCP destination port 25 from passing through a switch. - Prevent POP3 packets with TCP destination port 110 from passing through a switch. - Prevent HTTP packets with TCP destination port 80 from passing through a switch. <HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 25 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 110 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 80 [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 3000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit

How to check statistics about the traffic policy
Run the display traffic policy statistics command to check statistics on the interface where a traffic policy has been applied. Run the display cu command to check the configuration.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top