How to configure and apply IP-based traffic policies on CE series switches

2

When a CE series switch needs to classify received Internet traffic, you can configure an IP-based traffic policy in the inbound direction of the switch interface connected to the Internet.
For example, 10GE1/0/1 on a CE series switch is connected to the Internet. The switch needs to forward received packets with the source IP address on the network segment 192.168.1.0/24 to 10GE1/0/2 and discard other packets.
<HUAWEI> system-view
[~HUAWEI] acl 3000 //Create an ACL to match packets with the source IP address on the network segment 192.168.1.0/24.

[*HUAWEI-acl4-advance-3000] rule permit ip source 192.168.1.0 0.0.0.255
[*HUAWEI-acl4-advance-3000] quit
[*HUAWEI] traffic classifier redirect1
[*HUAWEI-classifier-redirect1] if-match acl 3000 [*HUAWEI-classifier-redirect1] quit
[*HUAWEI] traffic behavior redirect1
[*HUAWEI-behavior-redirect1] redirect interface 10ge 1/0/2
[*HUAWEI-behavior-redirect1] quit
[*HUAWEI] traffic classifier redirect2
[*HUAWEI-classifier-redirect2] if-match any //Configure a rule to match all packets.
[*HUAWEI-classifier-redirect2] quit
[*HUAWEI] traffic behavior redirect2
[*HUAWEI-behavior-redirect2] deny
[*HUAWEI-behavior-redirect2] quit
[*HUAWEI] traffic policy redirect //Create a traffic policy and bind it to different traffic classifiers and traffic behaviors.
[*HUAWEI-trafficpolicy-redirect] classifier redirect1 behavior redirect1 precedence 5 //The traffic classifier that matches packets with the source IP address on the network segment 192.168.1.0/24 has a higher priority, so this traffic classifier is preferentially matched.

[*HUAWEI-trafficpolicy-redirect] classifier redirect2 behavior redirect2 precedence 10
[*HUAWEI-trafficpolicy-redirect] quit
[*HUAWEI] interface 10ge 1/0/1
[*HUAWEI-10GE1/0/1] traffic-policy redirect inbound
[*HUAWEI-10GE1/0/1] quit
[*HUAWEI] commit

Other related questions:
How to delete an applied traffic policy on an S series switch
For S series switches (except the S1700), a traffic policy that is not applied can be deleted directly. To delete a traffic policy that has been applied, unbind the traffic policy and then delete it. Example 1: The traffic policy p1 has been applied in the inbound direction of GE1/0/1. Run the following commands to delete the traffic policy p1: [HUAWEI] interface GigabitEthernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] undo traffic-policy p1 inbound [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] undo traffic policy p1 Example 2: The traffic policy p2 has been applied in the inbound direction of VLAN 100. Run the following commands to delete the traffic policy p2: [HUAWEI] vlan 100 [HUAWEI-vlan100] undo traffic-policy p2 inbound [HUAWEI-vlan100] quit [HUAWEI] undo traffic policy p2 Example 3: The traffic policy p3 has been applied in the inbound direction of the card in slot 6. Run the following commands to delete the traffic policy p3: [HUAWEI] undo traffic-policy p3 global inbound slot 6 [HUAWEI] undo traffic policy p3 Example 4: The traffic policy p4 has been applied in the inbound direction of the system. Run the following commands to delete the traffic policy p4: [HUAWEI] undo traffic-policy p4 global inbound [HUAWEI] undo traffic policy p4 Before deleting a traffic policy, ensure that you have unbound the traffic policy completely. You can run the display traffic-applied command to check information about applied traffic policies. Note: MQC cannot be configured on the S2700SI.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top