< Home

Example for Configuring a Traffic Policy to Implement Traffic Statistics

Overview

After MQC is used to implement traffic statistics, the device collects statistics on packets and bytes of packets matching traffic classification rules. The statistics on forwarded and discarded packets after a traffic policy is applied help you check whether the traffic policy is correctly applied and locate faults.

Interface-based traffic statistics in the inbound and outbound directions can be configured simultaneously or separately. The device collects traffic statistics in the inbound and outbound directions separately.

Configuration Notes

For applicable product models and versions, see Applicable Product Models and Versions.

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Networking Requirements

In Figure 1, the company has two departments, belonging to VLAN 10 and VLAN 20, respectively. The network administrator wants to determine whether the host at 192.168.2.200/24 in VLAN 20 can access the server at 192.168.1.100/24 in VLAN 10.

Figure 1 Configuring a traffic policy to implement traffic statistics

Device

Interface

VLAN

Layer 3 Interface

IP Address

SwitchA

GigabitEthernet1/0/1

VLAN 10

-

-

GigabitEthernet1/0/2

VLAN 20

-

-

GigabitEthernet1/0/3

VLAN 10 and VLAN 20

-

-

Switch

GigabitEthernet1/0/1

VLAN 10 and VLAN 20

VLANIF 10 and VLANIF 20

VLANIF 10: 192.168.1.1/24

VLANIF 20: 192.168.2.1/24

GigabitEthernet1/0/2

VLAN 30

VLANIF 30

10.1.20.2/24

Configuration Roadmap

The configuration roadmap is as follows:
  1. Create VLANs, and configure interfaces and a routing protocol to implement interworking.
  2. Configure an ACL on the Switch to match specified traffic.
  3. Configure a traffic classifier on the Switch to classify packets based on the ACL.
  4. Configure a traffic behavior on the Switch to collect statistics on matched packets.
  5. Configure a traffic policy on the Switch, bind the traffic policy to the traffic classifier and traffic behavior, and apply the traffic policy to GE1/0/1 connected to SwitchA in the inbound direction.

Procedure

  1. Create VLANs and configure interfaces.

    # Configure the switch.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10 20 30  //Create VLAN 10, VLAN 20, and VLAN 30.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type trunk  //Set the link type of the interface to trunk.
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20  //Add the interface to VLAN 10 and VLAN 20.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port link-type access  //Set the link type of the interface to access.
[Switch-GigabitEthernet1/0/2] port default vlan 30  //Add the interface to VLAN 30.
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface vlanif 10  //Create a VLANIF interface.
[Switch-Vlanif10] ip address 192.168.1.1 255.255.255.0  //Configure an IP address for the VLANIF interface. The IP address is the gateway address of network segment 192.168.1.0/24.
[Switch-Vlanif10] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 192.168.2.1 255.255.255.0
[Switch-Vlanif20] quit
[Switch] interface vlanif 30  //Create a VLANIF interface.
[Switch-Vlanif30] ip address 10.1.20.2 255.255.255.0  //Configure an IP address for the VLANIF interface to connect to the router.
[Switch-Vlanif30] quit
[Switch] ip route-static 0.0.0.0 0 10.1.20.1  //Configure a static route pointing to the external network to implement interworking.

    # Configure SwitchA.

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan batch 10 20  //Create VLAN 10 and VLAN 20.
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type access  //Set the link type of the interface to access.
[SwitchA-GigabitEthernet1/0/1] port default vlan 10  //Add the interface to VLAN 10.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-type access
[SwitchA-GigabitEthernet1/0/2] port default vlan 20
[SwitchA-GigabitEthernet1/0/2] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-type trunk  //Set the link type of the interface to trunk.
[SwitchA-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20  //Add the interface to VLAN 10 and VLAN 20.
[SwitchA-GigabitEthernet1/0/3] quit

    # Configure the router.

    Configure the IP address of 10.1.20.1/24 for the interface of the router connected to the switch.

  2. Configure an ACL.

    # Configure an ACL rule on the Switch to match traffic with the source IP address of 192.168.2.200 and destination IP address of 192.168.1.100.

    [Switch] acl 3000
[Switch-acl-adv-3000] rule permit ip source 192.168.2.200 0.0.0.0 destination 192.168.1.100 0.0.0.0
[Switch-acl-adv-3000] quit

  3. Configure a traffic classifier.

    # Configure a traffic classifier on the Switch to classify packets based on the ACL.

    [Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match acl 3000
[Switch-classifier-c1] quit

  4. Configure a traffic behavior.

    # Configure a traffic behavior on the Switch and define the traffic statistics action in the traffic behavior.

    [Switch] traffic behavior b1
[Switch-behavior-b1] statistic enable
[Switch-behavior-b1] quit

  5. Configure a traffic policy and apply the traffic policy to an interface.

    # Create a traffic policy on the Switch, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE1/0/1 connected to SwitchA.

    [Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound
[Switch-GigabitEthernet1/0/1] quit

  6. Verify the configuration.

    # Check the ACL configuration.

    [Switch] display acl 3000
Advanced ACL 3000, 1 rule
Acl's step is 5
 rule 5 permit ip source 192.168.2.200 0 destination 192.168.1.100 0 (match-counter 0)

    # Check the traffic policy configuration.

    [Switch] display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: AND
     Behavior: b1
      Permit
      Statistic: enable

    # Check the traffic statistics.

    [Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound
                                                                                
 Interface: GigabitEthernet1/0/1                                                       
 Traffic policy inbound: p1                                                     
 Rule number: 1                                                                 
 Current status: success                                                            
 Statistics interval: 300                         
---------------------------------------------------------------------           
 Board : 1                           
---------------------------------------------------------------------       
 Matched          |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------           
   Passed         |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------           
   Dropped        |      Packets:                             0                 
                  |      Bytes:                               0                 
                  |      Rate(pps):                           0                 
                  |      Rate(bps):                           0                 
---------------------------------------------------------------------           
     Filter       |      Packets:                             0                 
                  |      Bytes:                               0                 
---------------------------------------------------------------------           
     Car          |      Packets:                             0                 
                  |      Bytes:                               0                 
---------------------------------------------------------------------

    Matched indicates the numbers of packets and bytes matching the traffic classifier, and Passed indicates the numbers of forwarded packets and bytes matching the traffic classifier. If the values of Matched and Passed are not 0, the host at 192.168.2.200 in VLAN 20 has accessed the server at 192.168.1.100 in VLAN 10.

Configuration Files

  • Switch configuration file

    #
sysname Switch
#
vlan batch 10 20 30
#
acl number 3000
 rule 5 permit ip source 192.168.2.200 0 destination 192.168.1.100 0
#
traffic classifier c1 operator and precedence 5
 if-match acl 3000
#
traffic behavior b1
 permit
 statistic enable
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface Vlanif10
 ip address 192.168.1.1 255.255.255.0
#
interface Vlanif20
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif30
 ip address 10.1.20.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-type trunk
 port trunk allow-pass vlan 10 20
 traffic-policy p1 inbound
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 30
#
ip route-static 0.0.0.0 0.0.0.0 10.1.20.1
#
return

  • SwitchA configuration file

    #
sysname SwitchA
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type access
 port default vlan 20
#
interface GigabitEthernet1/0/3
 port link-type trunk
 port trunk allow-pass vlan 10 20
#
return

Applicable Product Models and Versions

Table 1 Applicable product models and versions

Product

Product Model

Software Version

S2700

S2752EI

V100R006C05

S2710-SI

V100R006C05

S2720-EI

V200R006C10, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S2750-EI

V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S3700

S3700-SI, S3700-EI

V100R006C05

S3700-HI

V200R001C00

S5700

S5700-LI

V200R001C00, V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5700S-LI

V200R001C00, V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5700-SI

V200R001C00, V200R002C00, V200R003C00, V200R005C00

S5700-EI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)

S5700-HI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)

S5710-C-LI

V200R001C00

S5710-X-LI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00

S5710-EI

V200R001C00, V200R002C00, V200R003C00, V200R005(C00&C02)

S5710-HI

V200R003C00, V200R005(C00&C02&C03)

S5720-LI, S5720S-LI

V200R010C00, V200R011C00, V200R011C10, V200R012(C00&C20), V200R013C00, V200R019C00, V200R019C10

S5720-SI, S5720S-SI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720I-SI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720-EI

V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5720-HI

V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730-HI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730-SI

V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5730S-EI

V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S5731-H

V200R013C02, V200R019C00, V200R019C10

S5731-S, S5731S-S

V200R019C00, V200R019C10

S5731S-H

V200R019C00, V200R019C10

S5732-H

V200R019C00, V200R019C10

S5735-L, S5735S-L

V200R019C00, V200R019C10

S5735S-L-M

V200R019C00, V200R019C10

S5735-S, S5735S-S

V200R019C00, V200R019C10

S5700

S5735-S-I

V200R019C10

S6700

S6700-EI

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005(C00&C01&C02)

S6720-LI, S6720S-LI

V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-SI, S6720S-SI

V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-EI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720S-EI

V200R009C00, V200R010C00, V200R011C00, V200R011C10, V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6720-HI

V200R012C00, V200R013C00, V200R019C00, V200R019C10

S6730-H

V200R013C02, V200R019C00, V200R019C10

S6730-S, S6730S-S

V200R019C00, V200R019C10

S6730S-H

V200R019C10

S7700

S7703, S7706, S7712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00, V200R013C02, V200R019C00, V200R019C10

S7703 PoE

V200R013C00, V200R019C00, V200R019C10

S7706 PoE

V200R013C00, V200R019C00, V200R019C10

S9700

S9703, S9706, S9712

V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00, V200R013C00
Parent Topic: Typical QoS Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >