Configuring user-based traffic control on the USG6000 series

7

User-based traffic policies can be configured on the USG6000 series if users are authenticated on the device. If users are authenticated on other devices, user- or account-based traffic control cannot be implemented. The configuration procedure is as follows:
1. Configure a traffic profile and specify the bandwidth resources available for users.
system-view
[sysname] traffic-policy
[sysname-policy-traffic] profile traffic_profile
[sysname-policy-traffic-profile-traffic_profile] bandwidth maximum-bandwidth whole upstream 2000
2. Configure a traffic policy and enable the traffic policy to reference the configured traffic profile.
[sysname-policy-traffic] rule name traffic_rule
[sysname-policy-traffic-rule-traffic_rule] source-zone trust
[sysname-policy-traffic-rule-traffic_rule] destination-zone untrust
[sysname-policy-traffic-rule-traffic_rule] user username user1
[sysname-policy-traffic-rule-traffic_rule] action qos profile traffic_profile

Other related questions:
Whether traffic policy-based traffic reports on the USG6000 series rely on hard disks
Traffic policy-based traffic reports on the USG6000 series do not rely on hard disks.

Configure a CE series switch to filter packets using a traffic policy
- Prevent a specified host from accessing a network. In the following example, the switch is configured to prevent the PC with IP address 192.168.1.10 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.10 0.0.0.0 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Prevent all devices on a specified network segment from accessing a network. In the following example, the switch is configured to prevent all devices on the network segment 192.168.1.0 from accessing the network. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule deny source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Filter specified protocol packets. - Prevent SMTP packets with TCP destination port 25 from passing through a switch. - Prevent POP3 packets with TCP destination port 110 from passing through a switch. - Prevent HTTP packets with TCP destination port 80 from passing through a switch. <HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 25 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 110 [*HUAWEI-acl4-advance-3000] rule deny tcp destination-port eq 80 [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 3000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] deny [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit

Configuration of traffic mirroring on the CLI for the USG6000 series
The USG6000 series does not support traffic mirroring.

Configuring traffic shaping on interfaces of the USG6000 series
Traffic shaping can be configured on Ethernet interfaces, Eth-Trunk interfaces, POS interfaces, and IP-Trunk interfaces.

Configure rate limiting on the S1728GWR-4P switch
Configure rate limiting on an S1728GWR-4P switch as follows: 1. Choose Traffic > Rate Limit. 2. Select Enable in the Status column of the ports to be enabled with rate limiting. 3. Set limits for the ports. 4. Click Apply.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top