Huawei Quidway S5000 Series Operation Manual
Hide thumbs
Also See for Quidway S5000 Series:
- Operation manual - getting started (36 pages) ,
- Operation manual (7 pages) ,
- Routine maintenance (68 pages)
Table of Contents
Advertisement
Quick Links
Operation Manual - QoS/ACL
Quidway S5000 Series Ethernet Switches
Chapter 1 ACL Configuration.......................................................................................................
1.1 Brief Introduction to ACL....................................................................................................
1.1.1 ACL Overview .........................................................................................................
1.1.2 ACL Supported by Ethernet Switch.........................................................................
1.2 Configure ACL ...................................................................................................................
1.2.1 Configure Time-Range............................................................................................
1.2.2 Define ACL ..............................................................................................................
1.2.3 Activate ACL............................................................................................................
1.2.4 Display and Debug ACL..........................................................................................
1.3 ACL Configuration Example ..............................................................................................
1.3.1 Advanced ACL Configuration Example...................................................................
1.3.2 Basic ACL Configuration Example ..........................................................................
1.3.3 Link ACL Configuration Example ............................................................................
Chapter 2 QoS configuration .......................................................................................................
2.1 QoS Overview....................................................................................................................
2.1.1 Traffic ......................................................................................................................
2.1.2 Traffic Classification ................................................................................................
2.1.3 Packet Filter ............................................................................................................
2.1.4 Traffic Policing.........................................................................................................
2.1.5 Port traffic limit.........................................................................................................
2.1.6 Redirection ..............................................................................................................
2.1.7 Traffic Priority ..........................................................................................................
2.1.8 Queue Scheduling...................................................................................................
2.1.9 Traffic Mirroring .......................................................................................................
2.1.10 Traffic Counting .....................................................................................................
2.2 QoS Configuratoin .............................................................................................................
2.2.1 Setting Priority Level ...............................................................................................
2.2.2 Setting Traffic Limit .................................................................................................
2.2.3 Setting Line Limit.....................................................................................................
2.2.4 Setting Traffic Redirection.......................................................................................
2.2.5 Setting Priority Label ...............................................................................................
2.2.6 Setting Queue Scheduling ......................................................................................
2.2.7 Setting Traffic Mirroring...........................................................................................
2.2.8 Setting Port Mirroring ..............................................................................................
2.2.9 Setting Traffic Statistics.........................................................................................
2.2.10 Displaying and Debugging QoS Configuration ...................................................
2.3 QoS Configuration Example ............................................................................................
Table of Contents
i
Table of Contents
1-1
1-1
1-1
1-2
1-3
1-3
1-3
1-6
1-6
1-7
1-7
1-8
1-9
2-1
2-1
2-1
2-1
2-2
2-2
2-2
2-2
2-2
2-2
2-4
2-4
2-4
2-5
2-5
2-6
2-6
2-7
2-7
2-8
2-9
2-10
2-10
2-11
Advertisement
Table of Contents
Related Manuals for Huawei Quidway S5000 Series
Summary of Contents for Huawei Quidway S5000 Series
-
Page 1: Table Of Contents
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1.1 Brief Introduction to ACL....................1.1.1 ACL Overview ......................1.1.2 ACL Supported by Ethernet Switch................. 1.2 Configure ACL ........................1.2.1 Configure Time-Range.................... - Page 2 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Table of Contents Chapter 3 Logon User ACL Control Configuration..............3.1 Overview ..........................3.2 Configure ACL Control over the TELNET User ..............3.2.1 Define ACL ......................3.2.2 Call ACL to Control TELNET User ................
-
Page 3: Chapter 1 Acl Configuration
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Brief Introduction to ACL 1.1.1 ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered. -
Page 4: Acl Supported By Ethernet Switch
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration The case includes: ACL cited by route policy function, ACL used for control logon user, etc. Note: The depth-first principle is to put the statement specifying the smallest range of packets on the top of the list. -
Page 5: Configure Acl
The end time shall be later than the start time. 1.2.2 Define ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Defining ACL by following the steps below:... - Page 6 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration Note: 1) If a specific time rang is not defined, the ACL will always function after activated. 2) During the process of defining the ACL, you can use the rule command for several times to define multiple rules for an ACL.
- Page 7 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-4 Define advanced ACL Operation Command Enter advanced ACL view(from acl { number acl-number | name acl-name advanced } [ match-order system view) { config | auto } ]...
-
Page 8: Activate Acl
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration 1.2.3 Activate ACL The defined ACL can be active after activated globally on the switch. This function is used to activate the ACL filtering or classify the data transmitted by the hardware of switch. -
Page 9: Acl Configuration Example
In the following configurations, only the commands related to ACL configurations are listed. Define the work time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 working-day Define the ACL to access the payment server. # Enter the named advanced ACL, named as traffic-of-payserver. -
Page 10: Basic Acl Configuration Example
In the following configurations, only the commands related to ACL configurations are listed. Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which source IP is 10.1.1.1. # Enter the named basic ACL, named as traffic-of-host. -
Page 11: Link Acl Configuration Example
Chapter 1 ACL Configuration [Quidway] acl name traffic-of-host basic # Define the rules for packet which source IP is 10.1.1.1. [Quidway-acl-basic-traffic-of-host] rule 1 deny ip source 10.1.1.1 0 time-range huawei Activate ACL. # Activate the ACL traffic-of-host . [Quidway-GigabitEthernet0/1] packet-filter inbound ip-group traffic-of-host 1.3.3 Link ACL Configuration Example... - Page 12 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 1 ACL Configuration # Define the rules for packet which source MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303. [Quidway-acl-link-traffic-of-link] rule 1 deny ip ingress 00e0-fc01-0101 0-0-0 egress 00e0-fc01-0303 0-0-0 time-range huawei Activate ACL.
-
Page 13: Chapter 2 Qos Configuration
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration Chapter 2 QoS configuration 2.1 QoS Overview In the traditional IP network, all the packets are treated equally without priority difference. Every switch/router handles the packets following the First In First Out (FIFO) policy. -
Page 14: Packet Filter
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration application etc can be used for traffic classification. Generally the classification standards are encapsulated in the header of the packets. The packet content is seldom used as the classification standard. - Page 15 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration of queue scheduling algorithms are Strict-Priority Queue (SP), Round Robin (RR) and Weighted Round Robin (WRR). high priority queue 7 Packets sent via this queue 6 interface...
-
Page 16: Traffic Mirroring
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration The round robin scheduling ensures every queue gets some time of service of the switch port. Take 8 egress queues for each port as example, WRR gives every queue a same weight for resource obtaining. -
Page 17: Setting Priority Level
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration Set queue scheduling Set traffic mirroring Set traffic statistics You should first define an ACL before performing those QoS configurations. When the ACL is enabled, packet filtering is available. -
Page 18: Setting Line Limit
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration This configuration achieves rate control for those packets to match the ACL. If the traffic rate threshold is exceeded, corresponding measures will be taken, for example, dropping excessive packets. -
Page 19: Setting Priority Label
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration Note: Traffic redirection is only available to the permitted rules in ACL. For more details about the commands, see the corresponding contents in the Command Manual. 2.2.5 Setting Priority Label This configuration re-labels priority level for the packets match ACL. -
Page 20: Setting Traffic Mirroring
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration Table 2-6 Relationship between priority and queue CoS Value Queue ID The following commands are involved in configuring queue scheduling. Please perform the following configurations in system view. -
Page 21: Setting Port Mirroring
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration For more details about the commands, see the corresponding contents in the Command Manual. 2.2.8 Setting Port Mirroring Port mirroring means duplicating data on the monitored port to the designated monitor port, for purpose of data analysis and supervision. -
Page 22: Setting Traffic Statistics
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration 2.2.9 Setting Traffic Statistics Traffic statistics count packets of designated service traffic, that is, the packets match the defined ACL among those forwarded. After traffic statistics configuration, you can view the information with the display qos-interface traffic-statistic command. -
Page 23: Qos Configuration Example
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration 2.3 QoS Configuration Example I. Networking requirement The intranet is connected through Ethernet ports between departments and the wage query server is connected through the port GigabitEthernet0/1 (subnet address 129.110.1.2). - Page 24 Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 2 QoS configuration Set traffic limit for the wage server. # Limit average outbound traffic of the wage server at 20 Mbps and label over-threshold packets with priority level 4.
-
Page 25: Chapter 3 Logon User Acl Control Configuration
Chapter 3 Logon User ACL Control Configuration 3.1 Overview As the Ethernet switches launched by Huawei Technologies are used more and more widely over the networks, the security issue becomes even more important. The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access. -
Page 26: Call Acl To Control Telnet User
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Table 3-1 Define basic ACL Operation Command acl { number acl-number | name acl-name basic } Enter basic ACL view(from system view) [ match-order { config | auto } ]... -
Page 27: Configure Acl Control Over The Snmp Users
[Quidway-user-interface-vty0-4] acl 2000 inbound 3.3 Configure ACL Control over the SNMP Users Huawei Quidway Ethernet switch series support the remote management with the network management software. The network management users can access the switch with SNMP. Controlling such users with ACL can help filter the illegal NM users and prevent them from accessing the local switch. -
Page 28: Define An Acl
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.3.1 Define an ACL You can only call the numbered basic ACL, ranging from 2000 and 2999, to implement ACL control function. Use the same configuration commands introduced in the last section. -
Page 29: Configuration Example
[Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2000] quit # Call the basic ACLs. [Quidway] snmp-agent community read huawei acl 2000 [Quidway] snmp-agent group v2c huaweigroup acl 2000 [Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2000... -
Page 30: Configure Acl Control Over The Http Users
Chapter 3 Logon User ACL Control Configuration 3.4 Configure ACL Control over the HTTP Users Huawei Quidway Ethernet switch series support the remote management through WEB. The users can access the switch through HTTP. Controlling such users with ACL can help filter the illegal users and prevent them from accessing the local switch. After configuring ACL control over these users, the switch allows only one WEB user to access the Ethernet switch at one time. -
Page 31: Configuration Example
Operation Manual - QoS/ACL Quidway S5000 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.4.3 Configuration Example I. Networking requirements Only permit WEB NM user from 10.110.100.46 access switch. II. Networking diagram Internet Switch Figure 3-3 Control WEB NM user with ACL III.