Configuring Link Aggregation, Congestion Control, And Security Policies - Huawei SmartAX MA5603T Configuration Manual

SmartAX MA5600T/MA5603T/MA5608T Multi-service
Access Module
Commissioning and Configuration Guide
huawei(config)#save
----End

11.3.1.9 Configuring Link Aggregation, Congestion Control, and Security Policies

The global configuration of upstream link aggregation and queue scheduling based on priorities
ensures service reliability. The global configuration of security policies ensures service security.
Context
Link aggregation provides a higher bandwidth and uplink reliability for optical line terminals
(OLTs) by aggregating multiple uplink Ethernet ports to one link aggregation group (LAG).
Link aggregation is recommended.
Congestion control places the packets to be sent from a port into multiple queues that are marked
with different priorities. Then, the packets are sent based on queue priorities. Congestion control
is recommended.
Security policies ensure system, user, and service security.
NOTE
Enable a service security function based on the service type. For details, see
Plan.
Procedure
l
l
l
Issue 01 (2014-04-30)
Configure link aggregation.
The following configurations are used as an example to configure link aggregation:
– Uplink ports 0/19/0 and 0/19/1 are added to a LAG.
– The two ports send packets upstream based on the packets' source MAC addresses.
– The LAG works in Link Aggregation Control Protocol (LACP) static aggregation mode.
huawei(config)#link-aggregation 0/19 0-1 ingress workmode lacp-static
Configure queue scheduling.
According to quality of service (QoS) planning principles, all packets are scheduled in strict
priority (SP) mode and mapped to queues according to the packets' priorities. For details
about QoS planning principles, see
huawei(config)#queue-scheduler strict-priority
huawei(config)#cos-queue-map cos0 0 cos4 4 cos5 5 cos6 6
Configure system security.
– Enable deny of service (DoS) anti-attack on both the OLT and optical network units
(ONUs).
1. Run the security anti-dos enable command to globally enable DoS anti-attack.
2. Run the security anti-dos control-packet policy command to configure a
protocol packet processing policy that will be used when a DoS attack occurs.
3. Run the security anti-dos control-packet rate command to configure the
threshold for the rate of sending protocol packets to the CPU.
– Enable IP address anti-attack on both the OLT and ONUs.
Run the security anti-ipattack enable command to enable IP address anti-attack.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11 FTTB and FTTC Solution Configuration
11.2.2 Principle of QoS Data
11.2.7 Principle of Security Data
Plan.
876