Example for Configuring ACL-based Traffic Statistics
Networking Requirements
As shown in Figure 1, the MAC address of PC1 is 0000-0000-0003, and PC1 connects to GE0/0/1 on the Switch. The Switch is required to collect statistics on packets with the source MAC address of 0000-0000-0003.
Configuration Roadmap
- Configure interfaces so that the Switch can connect to the router and PC1.
- Configure an ACL to match packets with the source MAC address of 0000-0000-0003.
- Configure traffic statistics in the inbound direction of GE0/0/1 so that the statistics on packets with the source MAC address of 0000-0000-0003 are collected.
Procedure
- Create VLANs and configure interfaces.
# Create VLAN 20 on the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 20 [Switch-vlan20] quit
# Configure GE0/0/1 as an access interface and GE0/0/2 as a trunk interface, and add them to VLAN 20.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type access [Switch-GigabitEthernet0/0/1] port default vlan 20 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 20 [Switch-GigabitEthernet0/0/2] quit
# Create VLANIF 20 and configure IP address 10.10.10.2/24 for it.
[Switch] interface vlanif 20 [Switch-Vlanif20] ip address 10.10.10.2 24 [Switch-Vlanif20] quit
Configure IP address 10.10.10.1/24 for the router interface connected to the Switch.
- Configure ACLs.
# Create ACL 4000 (Layer 2 ACL) on the Switch to match packets with the source MAC address of 0000-0000-0003.
[Switch] acl 4000 [Switch-acl-L2-4000] rule permit source-mac 0000-0000-0003 ffff-ffff-ffff [Switch-acl-L2-4000] quit
- Configure traffic statistics.
# Configure ACL-based traffic statistics in the inbound direction of GE0/0/1.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] traffic-statistic inbound acl 4000 by-bytes [Switch-GigabitEthernet0/0/1] quit
- Verify the configuration.
# Check information about the ACL and action on the interface in the inbound direction.
[Switch] display traffic-applied interface gigabitethernet 0/0/1 inbound ----------------------------------------------------------- ACL applied inbound interface GigabitEthernet0/0/1 ACL 4000 rule 5 permit source-mac 0000-0000-0003 ACTIONS: statistic by bytes -----------------------------------------------------------
# Check the traffic statistics.
[Switch] display traffic-statistics interface gigabitethernet 0/0/1 inbound acl 4000 --------------------------------------------------------------------------- Interface GigabitEthernet0/0/1 ACL:4000 Rule:5 matched:681.575M Bytes, passed:681.575M Bytes, dropped:0 Bytes
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 20 # acl number 4000 rule 5 permit source-mac 0000-0000-0003 # interface Vlanif20 ip address 10.10.10.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type access port default vlan 20 traffic-statistic inbound acl 4000 by-bytes # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 20 # return