Huawei device configuration QOS to limit the intranet IP address
- Spoto
- |
- Posted on: 2019-05-13
- |
- Views: 2860
Huawei device configuration QOS to limit the intranet IP address
Networking requirements RouterA is deployed at the egress of the enterprise network. Enterprise users connect to RouterA through two different network segments to access the server 222.1.1.1.24. It is required to control the access of the internal network of the enterprise network to the server 192.168.10.0/24, and the rate is limited to 64 kbit/s.
Configure a network diagram for limiting the rate based on the intranet IP address.
Steps
RouterA configuration
#
Sysname RouterA
#
Vlan batch 10 20
#
Acl number 3001 //Configure the numbered access control list numbered 3001
Rule 5 permit ip source 192.168.10.0 0.0.0.255 //Configure rule 5 to allow packets with the source address of 192.168.10.0 to pass the network segment.
Rule 10 permit ip source 192.168.20.0 0.0.0.255 //Configure rule 10 to allow packets with the source address of 192.168.20.0 to pass the network segment.
Acl number 3002 //Configure the numbered access control list numbered 3002
Rule 5 permit ip source 192.168.10.0 0.0.0.255 //Configure rule 5 to allow packets with the source address of 192.168.10.0 to pass the network segment.
#
Qos queue-profile limit //Create queue template limit
Queue 3 gts cir 64 cbs 1600 //Configure queue 3's committed information rate to 64kbit/s
#
Traffic classifier c1 operator or
If-match acl 3002 //Configure the traffic class c1: match the rule to ACL 3002
#
Traffic behavior b1
If the traffic is classified as permit or deny, the default is permit.
#
Traffic policy p1
Classifier c1 behavior b1 //Configure the traffic policy p1: Bind traffic class c1 and traffic behavior b1
#
Interface Vlanif10
Ip address 192.168.10.1 255.255.255.0
#
Interface Vlanif20
Ip address 192.168.20.1 255.255.255.0
#
Interface Ethernet2/0/0
Port link-type trunk //Configure the link type of the interface as trunk
Port trunk allow-pass vlan 10 20 //Configure the trunk type interface to join vlan 10 and vlan 20
Traffic-policy p1 inbound //Apply the traffic policy p1 in the inbound direction of the interface.
#
Interface GigabitEthernet3/0/0
Ip address 222.0.1.1 255.255.255.0
Qos queue-profile limit //Apply the queue template limit on the interface.
Nat outbound 3001 //Do NAT on the interface matching the ACL 3001
#
Ip route-static 0.0.0.0 0.0.0.0 222.0.1.2
#
Verify the configuration result
# Run the display qos queue statistics interface gigabitethernet 3/0/0 command to check the statistics of the packets that have been configured with the queue template limit on GE 3/0/0. You can see that the output rate of queue 3 is limited to the specified range. After the queue is full, the packets that cannot be cached are discarded.
Configuration considerations
Configure the interface connected to the network segment as an Access interface and add it to the corresponding VLAN.
Configure the interface that connects the Switch to RouterA as a trunk interface and add it to the corresponding VLAN.
More you may be interested:
Information about CISCO CERTIFICATION EXAM latest dumps this week
First one to pass CCIE Data Center v2.1Lab Exam and DC workbook