Example for Configuring Rate Limiting for Services from Different VLANs
Networking Requirements
Voice, video, and data services are transmitted in VLAN 120, VLAN 110, and VLAN 100 respectively.
Traffic policing needs to be configured on the Switch to police packets of different services so that traffic is limited within a proper range and bandwidth of each service is guaranteed.
Table 1 describes QoS required by different services.
Traffic Type |
CIR (kbit/s) |
PIR (kbit/s) |
|---|---|---|
Voice |
2000 |
10000 |
Video |
4000 |
10000 |
Data |
4000 |
10000 |
Configuration Roadmap
- Create VLANs and configure interfaces so that users can access the Internet through the Switch.
- Configure ACLs on the Switch to match services from different VLANs.
- Configure ACL-based traffic policing on the Switch to rate-limit packets.
Procedure
- Create VLANs and configure interfaces.
# Create VLAN 100, VLAN 110, and VLAN 120 on the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 110 120
# Configure GE0/0/1 and GE0/0/2 as trunk interfaces, and add GE0/0/1 and GE0/0/2 to VLAN 100, VLAN 110, and VLAN 120.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 110 120 [Switch-GigabitEthernet0/0/2] quit
- Configure ACLs.
# Configure Layer 2 ACLs on the Switch to classify different service flows based on the VLAN ID.
[Switch] acl 4001 [Switch-acl-L2-4001] rule 1 permit vlan-id 120 [Switch-acl-L2-4001] quit [Switch] acl 4002 [Switch-acl-L2-4002] rule 1 permit vlan-id 110 [Switch-acl-L2-4002] quit [Switch] acl 4003 [Switch-acl-L2-4003] rule 1 permit vlan-id 100 [Switch-acl-L2-4003] quit
- Configure traffic policing.
# Configure traffic policing in the inbound direction of GE0/0/1 on the Switch to rate-limit different packets.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] traffic-limit inbound acl 4001 cir 2000 pir 10000 [Switch-GigabitEthernet0/0/1] traffic-limit inbound acl 4002 cir 4000 pir 10000 [Switch-GigabitEthernet0/0/1] traffic-limit inbound acl 4003 cir 4000 pir 10000 [Switch-GigabitEthernet0/0/1] quit
- Verify the configuration.
# Check information about ACLs and actions on the interface in the inbound direction.
[Switch] display traffic-applied interface gigabitethernet 0/0/1 inbound ----------------------------------------------------------- ACL applied inbound interface GigabitEthernet0/0/1 ACL 4001 rule 1 permit vlan-id 120 ACTIONS: limit cir 2000 ,cbs 250000 pir 10000 ,pbs 1250000 green : pass yellow : pass red : drop ----------------------------------------------------------- ACL 4002 rule 1 permit vlan-id 110 ACTIONS: limit cir 4000 ,cbs 500000 pir 10000 ,pbs 1250000 green : pass yellow : pass red : drop ----------------------------------------------------------- ACL 4003 rule 1 permit vlan-id 100 ACTIONS: limit cir 4000 ,cbs 500000 pir 10000 ,pbs 1250000 green : pass yellow : pass red : drop -----------------------------------------------------------
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 100 110 120 # acl number 4001 rule 1 permit vlan-id 120 acl number 4002 rule 1 permit vlan-id 110 acl number 4003 rule 1 permit vlan-id 100 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 110 120 traffic-limit inbound acl 4001 cir 2000 pir 10000 cbs 250000 pbs 1250000 traffic-limit inbound acl 4002 cir 4000 pir 10000 cbs 500000 pbs 1250000 traffic-limit inbound acl 4003 cir 4000 pir 10000 cbs 500000 pbs 1250000 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 110 120 # return