< Home

Configuration Examples for SAC

Networking Requirements

As shown in Figure 1, Telnet packets enter SwitchA through GE0/0/1. The customer wants SwitchA to identify and collect statistics on Telnet packets.

Figure 1 Networking diagram for configuring SAC

Configuration Roadmap

  1. Configure SA on SwitchA. Set the resource allocation mode to sac for SwitchA, enable the IAE, and enable SA on the inbound interface of packets so that the switch can identify the application of packets.
  2. Configure an SAC traffic policy on SwitchA. Collect statistics on traffic of Telnet packets on the inbound interface.

Procedure

  1. Configure SA.

    # Set the resource allocation mode to sac for SwitchA.

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] assign resource-mode sac
[SwitchA] quit

    After the resource allocation mode is set to sac, you need to save the configuration and restart the switch for the configuration to take effect.

    # Enable the IAE on SwitchA.

    <SwitchA> system-view
[SwitchA] defence engine enable

    # Enable SA on GE0/0/1 of SwitchA.

    [SwitchA] interface gigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] service-awareness enable
[SwitchA-GigabitEthernet0/0/1] quit

  2. Configure an SAC traffic policy.

    # Configure traffic classifier c1 on SwitchA. Create a matching rule for classifying traffic based on the application name in the traffic classifier.

    [SwitchA] traffic classifier c1
[SwitchA-classifier-c1] if-match application name Telnet
[SwitchA-classifier-c1] quit

    # Configure traffic behavior b1 on SwitchA. Define the action of collecting statistics on traffic in the traffic behavior so that the packet statistics can be displayed after the traffic policy is applied.

    [SwitchA] traffic behavior b1
[SwitchA-behavior-b1] statistic enable
[SwitchA-behavior-b1] quit

    # Configure traffic policy p1 on SwitchA. Associate traffic classifier c1 with traffic behavior b1.

    [SwitchA] traffic policy p1
[SwitchA-trafficpolicy-p1] classifier c1 behavior b1
[SwitchA-trafficpolicy-p1] quit

    # Apply traffic policy p1 to the inbound direction of GE0/0/1 on SwitchA.

    [SwitchA] interface gigabitEthernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] traffic-policy p1 inbound
[SwitchA-GigabitEthernet0/0/1] quit

  3. Verify the configuration.

    # Check application identification entries on SwitchA.

    [SwitchA] display engine session application
Source IP       Destination IP  SPort  DPort  ProtocolID AppName      AppID  Expire(S)
--------------------------------------------------------------------------------------
10.1.1.10       10.1.1.20       65146  23     6          Telnet       415    300   
10.1.1.10       10.1.1.20       65146  23     6          Telnet       415    150   
10.1.1.10       10.1.1.20       65063  23     6          Telnet       415    175   
10.1.1.10       10.1.1.20       64997  23     6          Telnet       415    185   
10.1.1.10       10.1.1.20       64970  23     6          Telnet       415    45    
--------------------------------------------------------------------------------------
Total:5

    # Check traffic statistics on Telnet packets.

    [SwitchA] display traffic policy statistics interface gigabitethernet 0/0/1 inbound

 Interface: GigabitEthernet0/0/1
 Traffic policy inbound: p1
 Rule number: 1
 Current status: success
 Statistics interval: 300
---------------------------------------------------------------------
 Board : 0
---------------------------------------------------------------------
 Matched          |      Packets:                            21
                  |      Bytes:                           1,986
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Passed         |      Packets:                            21
                  |      Bytes:                           1,986
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
   Dropped        |      Packets:                             0
                  |      Bytes:                               0
                  |      Rate(pps):                           0
                  |      Rate(bps):                           0
---------------------------------------------------------------------
     Filter       |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------
     Car          |      Packets:                             0
                  |      Bytes:                               0
---------------------------------------------------------------------

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
assign resource-mode sac slot 0
#                                                                               
defence engine enable                                                                   
#
traffic classifier c1 operator or
 if-match application name Telnet
#
traffic behavior b1
 statistic enable
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface GigabitEthernet0/0/1                                                  
 traffic-policy p1 inbound
 service-awareness enable
#                                                                                                                                                               
return
Parent Topic: SAC Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic