Example for Configuring IP-based Complex Traffic Classification
This section provides an example of how to configure IP-based complex traffic classification.
Networking Requirements
As shown in Figure 1, MF classification is configured on Device C to implement access control between Device A and Device B. In addition, traffic statistics can be collected to verify packet sending and receiving.
Interfaces 1 and 2 in this example are GE 0/1/0 and GE 0/1/8, respectively.
Configuration Roadmap
The configuration roadmap is as follows:
Configure an ACL rule.
Configure a traffic classifier.
Configure a traffic behavior.
Configure a traffic policy.
Apply the traffic policy.
Data Preparation
To complete the configuration, you need the following data:
ACL number
Names of the traffic classifier, traffic behavior, and traffic policy, and number of the interface to which the traffic policy is applied
Procedure
- Configure an ACL rule.
<HUAWEI> system-view [~HUAWEI] sysname DeviceC [*HUAWEI] commit [~DeviceC] acl number 3333 [*DeviceC-acl-advance-3333] rule 5 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 [*DeviceC-acl-advance-3333] rule 10 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 [*DeviceC-acl-advance-3333] commit [~DeviceC-acl-advance-3333] quit
- Configure a traffic classifier.
[~DeviceC] traffic classifier c1 [*DeviceC-classifier-c1] if-match acl 3333 [*DeviceC-classifier-c1] commit [~DeviceC-classifier-c1] quit
- Configure a traffic behavior.
[~DeviceC] traffic behavior b1 [*DeviceC-behavior-b1] permit [*DeviceC-behavior-b1] commit [~DeviceC-behavior-b1] quit
- Configure a traffic policy.
[~DeviceC] traffic policy p1 [*DeviceC-trafficpolicy-p1] classifier c1 behavior b1 [*DeviceC-trafficpolicy-p1] share-mode [*DeviceC-trafficpolicy-p1] statistics enable [*DeviceC-trafficpolicy-p1] commit [~DeviceC-trafficpolicy-p1] quit
- Apply the traffic policy.
[~DeviceC] interface gigabitethernet 0/1/0 [~DeviceC-GigabitEthernet0/1/0] traffic-policy p1 inbound [*DeviceC-GigabitEthernet0/1/0] traffic-policy p1 outbound [*DeviceC-GigabitEthernet0/1/0] commit [~DeviceC-GigabitEthernet0/1/0] quit
[~DeviceC] interface gigabitethernet 0/1/8 [~DeviceC-GigabitEthernet0/1/8] traffic-policy p1 inbound [*DeviceC-GigabitEthernet0/1/8] traffic-policy p1 outbound [*DeviceC-GigabitEthernet0/1/8] commit [~DeviceC-GigabitEthernet0/1/8] quit
- Verify the configuration.
After completing the configurations, run the ping 2.2.2.2 command on Device A to ping Device B, and run the display traffic policy statistics command on Device C to view statistics about traffic exchanged between Device A and Device B.
[~DeviceC] display traffic policy statistics interface gigabitethernet 0/1/0 inbound Info: The statistics is shared because the policy is shared. Interface: GigabitEthernet0/1/0 Traffic policy inbound: p1 Traffic policy applied at 2017-08-30 18:30:20 Statistics enabled at 2017-08-30 18:30:20 Statistics last cleared: Never Rule number: 1 IPv4, 0 IPv6 Current status: OK! Item Packets Bytes ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0 Last 30 seconds rate Item pps bps ------------------------------------------------------------------- Matched 5 500 +--Passed 4 400 +--Dropped 1 100 Missed 0 0
Configuration File on Device C
# sysname DeviceC # acl number 3333 rule 5 permit ip source 1.1.1.1 0 destination 2.2.2.2 0 rule 10 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 # traffic classifier c1 operator or if-match acl 3333 # traffic behavior b1 # traffic policy p1 share-mode statistics enable classifier c1 behavior b1 precedence 1 # interface GigabitEthernet0/1/0 undo shutdown traffic-policy p1 inbound traffic-policy p1 outbound # interface GigabitEthernet0/1/8 undo shutdown traffic-policy p1 inbound traffic-policy p1 outbound # return