Why does an inbound traffic policy fail to filter traffic or limit the rate of inbound packets on an S series modular switch

1

For S series modular switches, a traffic policy fails to filter traffic or limit the rate of packets for users matching DHCP snooping binding tables.
You can run the following commands to check whether static or dynamic binding entries exist:
- Run thedisplay dhcp { snooping | static } user-bind { interface interface-type interface-number | ip-address ip-address | mac-address mac-address | vlan vlan-id } * [ verbose ] command to check static or dynamic DHCP snooping binding entries on an interface.
- Run the display dhcp { snooping | static } user-bind all [ verbose ] command to check static or dynamic DHCP snooping binding entries on all interfaces.

Other related questions:
How to configure rate limiting based on the SAC signature database on an AR?
The SAC signature database contains thousands of application protocols. An SAC traffic classifier defines the rule for matching packets. Users configure different SAC traffic classifiers to classify packets, and limit the rate of traffic in the traffic behavior. The traffic policy then can be applied in the inbound or outbound direction on the interface.

How to limit the rate of packets through traffic-filter
Configure Eth2/0/0 to filter packets based on the ACL and configure it to allow packets with the source IP address of 192.168.0.2/32. system-view [Huawei] acl 3000 [Huawei-acl-adv-3000] rule 5 permit ip source 192.168.0.2 0 [Huawei-acl-adv-3000] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] traffic-filter inbound acl 3000

Why are a large number of packets discarded on an inbound interface of an S series modular switch
S9300 series switches running V100R001 and V100R002 send protocol packets to the CPU for processing and discard the packets at the hardware layer. The number of these discarded protocol packets is counted on inbound interfaces, which does not comply with RFC 2863. For switches running V100R002, patches in V100R002SPH009 and later versions can be installed to fix this problem. According to RFC 2863 and industry norms, only packets discarded due to buffer overflows is counted as discarded packets.

Meanings of the inbound and outbound parameters in the command used to apply a traffic policy on S series switches
For S series switches (except the S1700), if the inbound parameter in the command used to apply a traffic policy is specified, the traffic policy is applied to the inbound direction. If the outbound parameter is specified, the traffic policy is applied to the outbound direction. For example, if a traffic policy is applied to the inbound direction of an interface, the traffic policy takes effect for traffic received by the interface from the remote device. If a traffic policy is applied to the outbound direction of an interface, the traffic policy takes effect for traffic sent from the interface to the remote device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top