1. Create a traffic classifier. 2. Creates a traffic behavior. 3. Creates a traffic policy. 4. Apply the traffic policy. For example, you can configure rate limiting for the network segment 192.168.1.0 as follows: # acl number 3000 //Create ACL 3000 to match the network segment to which the rate of packets needs to be limited. rule 5 permit ip source 192.168.1.0 0.0.0.255 # traffic classifier c1 operator or //Configure the matching condition of the traffic classifier to ACL 3000. if-match acl 3000 # traffic behavior b1 //Configure the action of the traffic behavior to rate limiting: Set the CIR to 384 kbit/s and the PIR to 768 kbit/s, permit green packets to be sent, forward yellow packets after marking the DSCP priority of yellow packets as 0, and discard red packets. car cir 384 pir 768 cbs 48000 pbs 96000 mode color-blind green pass yellow pass remark-dscp default red discard # traffic policy test //Create a traffic policy and bind it to the traffic classifier and traffic behavior. classifier c1 behavior b1 # interface GigabitEthernet0/0/0 ip address 192.168.1.254 255.255.255.0 traffic-policy test inbound //Apply the traffic policy test to the inbound direction of an intranet interface. # return
For details about the configuration on S series switches (except S1700 switches), click Typical Configuration Examples and choose Typical Security Configuration > Typical ACL Configuration > Example for Using ACLs to Restrict Mutual Access Between Network Segments.
