Example for Configuring an ACL-based Simplified Traffic Policy to Implement Priority Mapping
Networking Requirements
As shown in Figure 1, GE0/0/3 on the Switch connects to the router. Enterprise departments 1 and 2 access the Internet through the Switch and router. Enterprise departments 1 and 2 belong to VLAN 100 and VLAN 200 respectively.
Enterprise department 1 requires better QoS guarantee. 802.1p priorities of packets from enterprise departments 1 and 2 are both 0. Priority mapping needs to be configured to map the priority of packets from enterprise department 1 to 4 and the priority of packets enterprise department 2 to 2, so that differentiated services are provided.
Configuration Roadmap
- Create VLANs and configure interfaces so that users can connect to the Internet through the Switch.
- Configure ACLs to differentiate packets from different enterprise departments based on the VLAN ID.
- Configure priority mapping on inbound interfaces GE0/0/1 and GE0/0/2 of the Switch.
Procedure
- Create VLANs and configure interfaces.
# Create VLAN 100 and VLAN 200.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 200
# Configure GE0/0/1, GE0/0/2, and GE0/0/3 as trunk interfaces, add GE0/0/1 and GE0/0/2 to VLAN 100 and VLAN 200, and add GE0/0/3 to VLAN 100 and VLAN 200.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 200 [Switch-GigabitEthernet0/0/2] quit [Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] port link-type trunk [Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/3] quit
- Configure priority mapping.
# Configure ACLs 4001 and 4002 on the Switch to differentiate packets from enterprise departments based on the VLAN ID.
[Switch] acl 4001 [Switch-acl-L2-4001] rule permit vlan-id 100 [Switch-acl-L2-4001] quit [Switch] acl 4002 [Switch-acl-L2-4002] rule permit vlan-id 200 [Switch-acl-L2-4002] quit
- Configure priority mapping on inbound interfaces GE0/0/1 and GE0/0/2 of the Switch.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] traffic-remark inbound acl 4001 8021p 4 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] traffic-remark inbound acl 4002 8021p 2 [Switch-GigabitEthernet0/0/2] quit
- Verify the configuration.
# Check information about the ACL rule and action on the interface in the inbound direction.
[Switch] display traffic-applied interface gigabitethernet 0/0/1 inbound ----------------------------------------------------------- ACL applied inbound interface GigabitEthernet0/0/1 ACL 4001 rule 5 permit vlan-id 100 ACTIONS: remark 8021p 4 -----------------------------------------------------------
[Switch] display traffic-applied interface gigabitethernet 0/0/2 inbound ----------------------------------------------------------- ACL applied inbound interface GigabitEthernet0/0/2 ACL 4002 rule 5 permit vlan-id 200 ACTIONS: remark 8021p 2 -----------------------------------------------------------
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 100 200 # acl number 4001 rule 5 permit vlan-id 100 acl number 4002 rule 5 permit vlan-id 200 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 traffic-remark inbound acl 4001 8021p 4 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 200 traffic-remark inbound acl 4002 8021p 2 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 100 200 # return