manualshive.com logo in svg

H3C WX Series, Configuration Manual

The H3C WX Series is a cutting-edge network equipment designed to provide seamless connectivity. Unlock its full potential by accessing the Command Reference Manual, a comprehensive guide offering detailed instructions and configurations. Download this valuable manual for free from our website, ensuring smooth operations and optimal performance for your network. Visit manualshive.com to grab your free copy now.

Share
Download
background image

 

1

 

ACL configuration 

An access control list (ACL) is a set of rules (or permit or deny statements) for identifying 
traffic based on criteria such as the source IP address, destination IP address, and port 
number.  

ACLs are essentially used for packet filtering. A packet filter drops packets that match a 
deny rule and permits packets that match a permit rule. ACLs are also widely used by 
many modules, for example, QoS and IP routing, for traffic identification. 

NOTE: 

Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document. 

ACL classification 

ACLs fall into four categories, as shown in 

Table 1 

Table 1 

ACL categories 

Category 

ACL number 

IP version 

Match criteria 

WLAN ACLs 

100 to 199 

IPv4 

Wireless client SSID 

Basic ACLs 

2000 to 2999 

IPv4 

Source IPv4 address 

IPv6 

Source IPv6 address 

Advanced 
ACLs 

3000 to 3999 

IPv4 

Source/destination IPv4 address, 
protocols over IPv4, and other Layer 3 
and Layer 4 header fields 

IPv6 

Source/destination IPv6 address, 
protocols over IPv6, and other Layer 3 
and Layer 4 header fields 

Ethernet 
frame header 
ACLs 

4000 to 4999 

IPv4 

Layer 2 header fields, such as source 
and destination MAC addresses, 802.1p 
priority, and link layer protocol type 

 

ACL numbering and naming 

Each ACL category has a unique range of ACL numbers. When creating an ACL, you 
must assign it a number for identification, and in addition, you can also assign the ACL a 

Summary of Contents for WX Series

Page 1: ...fy traffic in your network and implement flow control based on traffic classes With ACL and QoS you can well allocate the limited network resources and improve network usage The intended audience incl...

Page 2: ...he statements information and recommendations in this document do not constitute a warranty of any kind express or implied Hangzhou H3C Technologies Co Ltd and its licensors shall not be liable for te...

Page 3: ...task list 12 IPv4 ACL configuration task list 12 IPv6 ACL configuration task list 12 Configuring an ACL 13 Creating a time range 13 Configuring a WLAN ACL 13 Configuring a basic ACL 14 Configuring an...

Page 4: ...verview 35 Priority mapping tables 35 Priority mapping configuration tasks 37 Configuring priority mapping 38 Configuring a priority mapping table 38 Configuring a port to trust packet priority for pr...

Page 5: ...ngestion management policies 53 FIFO 53 Priority queuing 54 Custom queuing 55 Congestion management technology comparison 55 Configuring PQ 56 PQ configuration procedure 57 PQ configuration example on...

Page 6: ...6 Command conventions 65 Document conventions 65 Symbols 66 Index 67...

Page 7: ...our local sales office for the models applicable to your region Support of the H3C WX series access controllers ACs for features may vary by AC model For more information see Feature Matrix in About t...

Page 8: ...ies as shown in Table 1 Table 1 ACL categories Category ACL number IP version Match criteria WLAN ACLs 100 to 199 IPv4 Wireless client SSID Basic ACLs 2000 to 2999 IPv4 Source IPv4 address IPv6 Source...

Page 9: ...esult and action to take depend on the rule order Two ACL match orders are available config Sorts ACL rules in ascending order of rule ID A rule with a lower ID is matched before a rule with a higher...

Page 10: ...The rule configured with a longer prefix for the source IPv6 address has a higher priority 3 The rule configured with a longer prefix for the destination IPv6 address takes precedence 4 The rule with...

Page 11: ...tep to the current highest rule ID starting with 0 For example if the numbering step is 5 the default and there are five ACL rules numbered 0 5 9 10 and 12 the newly defined rule is numbered 15 If the...

Page 12: ...lt mode It considers only Layer 3 attributes Exact match considers all header attributes defined in IPv4 ACL rules ACL configuration task list IPv4 ACL configuration task list Complete the following t...

Page 13: ...ng absolute ones and ANDing periodic and absolute ones You may create a maximum of 256 uniquely named time ranges each with 32 periodic time ranges at most and 12 absolute time ranges at most Configur...

Page 14: ...on only source IP address Follow these steps to configure an IPv4 basic ACL To do Use the command Remarks Enter system view system view Create an IPv4 basic ACL and enter its view acl number acl numbe...

Page 15: ...le has no rule description Configuring an IPv6 basic ACL Follow these steps to configure an IPv6 basic ACL To do Use the command Remarks Enter system view system view Create an IPv6 basic ACL view and...

Page 16: ...n IP addresses protocols over IP and other protocol header information such as TCP UDP source and destination port numbers TCP flags ICMP message types and ICMP message codes IPv4 advanced ACLs also a...

Page 17: ...e range name tos tos Required By default an IPv4 advanced ACL does not contain any rule To create or edit multiple rules repeat this step The logging keyword takes effect only when the module using th...

Page 18: ...tablished destination dest dest prefix dest dest prefix any destination port operator port1 port2 dscp dscp fragment icmp6 type icmp6 type icmp6 code icmp6 message logging source source source prefix...

Page 19: ...tep step step value Optional 5 by default Create or edit a rule rule rule id deny permit cos vlan pri dest mac dest addr dest mask lsap lsap type lsap type mask type protocol type protocol type mask s...

Page 20: ...6 copy source acl6 number name source acl6 name to dest acl6 number name dest acl6 name Required Displaying and maintaining ACLs To do Use the command Remarks Display configuration and match statistic...

Page 21: ...CL to deny access from the wireless users in R D department to the salary server during office hours from 8 00 to 18 00 on working days Figure 1 Network diagram for ACL configuration AC GE 1 0 1 Serve...

Page 22: ...C WLAN ESS1 qos apply policy test inbound IPv6 ACL configuration example Network requirements Perform IPv6 packet filtering in the inbound direction of interface WLAN ESS 1 to deny all IPv6 packets bu...

Page 23: ...e qospolicy deny2000 classifier ipv6 2000 behavior deny Sysname qospolicy deny2000 quit 5 Apply the policy to filter incoming packets on interface WLAN ESS 1 Sysname interface WLAN ESS1 Sysname WLAN E...

Page 24: ...controller may appear different in type and number from the GE interfaces used in the examples in this manual To ensure that the precedence mapping function can operate properly use the undo l2fw fas...

Page 25: ...s that all nodes along the transmission path maintain resource state information for each flow The model is suitable for small sized or edge networks but not large sized networks for example the core...

Page 26: ...lows entering or leaving an AC and can be applied to the incoming traffic and outgoing traffic of a port When a flow exceeds the pre set threshold some restriction or punishment measures can be taken...

Page 27: ...oken bucket Traffic policing Traffic shaping Congestion avoidance CAR GTS WRED Congestion management Figure 3 shows how the QoS module processes traffic Traffic classifier identifies and classifies tr...

Page 28: ...policy defines the shaping policing or other QoS actions to take on different classes of traffic It is a set of class behavior associations A class is a set of match criteria for identifying traffic I...

Page 29: ...riteria in class view Follow these steps to define a class To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl name operator and or R...

Page 30: ...steps to define a traffic behavior To do Use the command Remarks Enter system view system view Create a traffic behavior and enter traffic behavior view traffic behavior behavior name Required Config...

Page 31: ...ate a policy and enter policy view qos policy policy name Required Associate a class with a behavior in the policy classifier tcl name behavior behavior name Required Repeat this step to create more c...

Page 32: ...group view take effect on all ports in the port group Enter port group view port group manual port group name Apply the policy to the interface port group qos apply policy policy name inbound outboun...

Page 33: ...Configuration Guide Apply the QoS policy qos apply policy policy name inbound outbound Required Use the inbound keyword to apply the QoS policy to the traffic received by the online users Use the out...

Page 34: ...any view Display QoS policy configuration on the specified or all interfaces display qos policy interface interface type interface number inbound outbound Available in any view Display traffic class c...

Page 35: ...is of only local significance Local precedence is used for queuing A local precedence value corresponds to an output queue A packet with higher local precedence is assigned to a higher priority outpu...

Page 36: ...3 3 4 4 5 5 6 6 7 7 Table 4 The default dscp lp priority mapping table DSCP Local precedence lp 0 to 7 0 8 to 15 1 16 to 23 2 24 to 31 3 32 to 39 4 40 to 47 5 48 to 55 6 56 to 63 7 Table 5 The defaul...

Page 37: ...t mode In this approach you can configure a port to look up a certain priority 802 1p for example in incoming packets in the priority mapping tables If an incoming packet does not carry the trusted pr...

Page 38: ...ocal to DSCP priority mapping table Follow these steps to configure a priority mapping table To do Use the command Remarks Enter system view system view Enter priority mapping table view qos map table...

Page 39: ...r port group view port group manual port group name Configure the port to use a type of packet priority for priority mapping qos trust dot11e dot1p dscp Required By default port priority is trusted Su...

Page 40: ...ce you must log off all online users to stop the service the interface is providing On a WLAN ESS interface configured with the qos priority command the assignment of DSCP precedence varies by packet...

Page 41: ...ccess controller modules Access controller modules LS8M1WCMA0 LSQM1WCMB0 LSBM1WCM2A0 LSRM1WCM2A1 No special requirements You can directly configure Ethernet interfaces on the switch To configure wirel...

Page 42: ...gure 5 Network diagram for trusted priority type configuration AC GE 1 0 1 IP network AP 1 AP 3 AP 2 Configuration procedure 1 Enter system view AC system view 2 Enter dot1p lp priority mapping table...

Page 43: ...nd that of AP 3 is WLAN ESS 3 Figure 6 Network diagram for trusting port priority configuration AC GE 1 0 1 IP network AP 1 AP 3 AP 2 Configuration procedure 1 Enter system view AC system view 2 Disab...

Page 44: ...os priority 5 AC WLAN ESS3 quit 6 Enable service template 1 Sysname wlan service template 1 Sysname wlan st 1 service template enable NOTE For more information about WLAN ESS interfaces see WLAN Inter...

Page 45: ...ch token represents a certain forwarding capacity typically a one bit forwarding authority The system puts tokens into the bucket at a set rate When the token bucket is full the extra tokens overflow...

Page 46: ...ecifies the average packet transmission or forwarding rate allowed by bucket E Excess burst size EBS Size of bucket E which specifies the transient burst of traffic that bucket E can forward The two t...

Page 47: ...whose evaluation result is conforming Dropping the packets whose evaluation result is excess Modifying the IP precedence of the packets whose evaluation result is conforming and forwarding them Modif...

Page 48: ...packets cannot be transmitted until efficient tokens are generated in the token bucket It restricts the traffic rate to the rate for generating tokens Line rate limits the total rate of all packets on...

Page 49: ...icy and enter policy view qos policy policy name Associate the class with the traffic behavior in the QoS policy classifier tcl name behavior behavior name Exit policy view quit Apply the QoS policy T...

Page 50: ...on rate Required The conforming traffic is permitted to pass through while the exceeding traffic is dropped Support for the keywords of the command varies by AC model For more information see QoS in t...

Page 51: ...ction properly make sure the committed burst size argument in the qos lr outbound cir command is greater than or equal to 1875 or committed information rate 100 16 whichever is greater Otherwise the p...

Page 52: ...n congestion scenarios Figure 10 Traffic congestion causes 100M 10M 100M 10M 50M 100M 100M 100M 100M 50M 10M 10M 1 2 Congestion may bring these negative results Increased delay and jitter during packe...

Page 53: ...uses a single queue and does not classify traffic or schedule queues FIFO delivers packets depending on their arrival order with the one arriving earlier scheduled first The only concern of FIFO is q...

Page 54: ...gned to the normal queue Each of the four queues is a FIFO queue Priority queuing schedules the four queues strictly according to the descending order of priority as shown in Figure 12 It sends packet...

Page 55: ...number of packets based on the percentage of interface bandwidth assigned for each queue out of each queue in the ascending order of queue 1 to queue 16 CQ guarantees normal packets of a certain amou...

Page 56: ...for real time and mission critical applications Need to configure low processing speed If there are no restrictions on bandwidth assigned to high priority packets low priority packets may fail to get...

Page 57: ...edence value queue bottom middle normal top Required Use a command as needed Specify the default queue for the PQ list qos pql pql index default queue bottom middle normal top Optional This command sp...

Page 58: ...WM1WCM20 No special requirements You can directly configure Ethernet interfaces on the switch To configure wireless features during the configuration process log in to the access controller module wit...

Page 59: ...C qos pql 1 local precedence 7 queue top AC qos pql 1 local precedence 1 queue bottom 3 Set the maximum queue length of the top queue to 1024 and set that of the bottom queue to 1024 AC qos pql 1 queu...

Page 60: ...gn packets with local precedence value 5 to the top queue AC qos pql 1 local precedence 5 queue top 4 Set the maximum length to 1000 for the middle queue in PQ list 1 AC qos pql 1 queue middle queue l...

Page 61: ...number Optional This command specifies the queue to which unmatched packets are assigned to By default the unmatched packets are assigned to queue 1 Set the length of a queue qos cql cql index queue q...

Page 62: ...1 inbound interface GigabitEthernet1 0 1 queue 1 3 Configure queue 1 to send 2000 bytes during a cycle of round robin queue scheduling in CQ list 1 Sysname qos cql 1 queue 1 serving 2000 4 Apply CQ li...

Page 63: ...ence value 4 to queue 1 Sysname qos cql 1 local precedence 4 queue 1 4 Set the maximum length of queue 1 to 1000 in CQ list 1 Sysname qos cql 1 queue 1 queue length 1000 5 Configure queue 1 to send 16...

Page 64: ...e Web at http www h3c com Click the links on the top navigation bar to obtain different categories of product documentation Technical Support Documents Technical Documents Provides hardware installati...

Page 65: ...erisk marked braces enclose a set of required syntax choices separated by vertical bars from which you select at least one x y Asterisk marked square brackets enclose optional syntax choices separated...

Page 66: ...text Emphasized monospace text Indication that example continues Symbols WARNING Indicates that failure to follow directions could result in bodily harm or death CAUTION Indicates that failure to foll...

Page 67: ...conventions 67 E Ethernet frame header ACL configuring 19 Ethernet interface configuration 41 60 F FIFO queuing 55 I inverse mask 10 IPv4 ACL configuration task list 12 configuration example 21 copyi...

Page 68: ...s in network 26 traffic classification 26 traffic policing polices 26 traffic shaping 26 QoS Quality of Service 24 QoS configuring defining class 29 defining policy 31 defining traffic behavior 30 dia...

Page 69: ...69 WLAN ESS interface 40...

Reviews:

No comments

Related manuals for WX Series

Hach SC4200c User Manual preview
SC4200c
Brand: Hach Pages: 36
Hans Grohe iBox Hub 25020180 Assembly Instruction And Instructions For Use preview
iBox Hub 25020180
Brand: Hans Grohe Pages: 36
KEB COMBIVERT F5 Safety Manual preview
COMBIVERT F5
Brand: KEB Pages: 16
xpr VPROX2-M User Manual preview
VPROX2-M
Brand: xpr Pages: 4
Westlock DIGITAL EPIC-2 DTM User Manual preview
DIGITAL EPIC-2 DTM
Brand: Westlock Pages: 33
Delta DZNT-104T Installation Manual preview
DZNT-104T
Brand: Delta Pages: 16
e-survey P8II Quick Start Manual preview
P8II
Brand: e-survey Pages: 12
Xilinx ML410 User Manual preview
ML410
Brand: Xilinx Pages: 101
HANYOUNG NUX TPR-3N Instruction Manual preview
TPR-3N
Brand: HANYOUNG NUX Pages: 4
ISC APECS Operational Instructions preview
APECS
Brand: ISC Pages: 20
B&K Reference 20 Plus A/V System Controller Owner'S Manual preview
Reference 20 Plus A/V System Controller
Brand: B&K Pages: 84
Zmotion ZMC306X Manual preview
ZMC306X
Brand: Zmotion Pages: 59
Flycolor Raptor S-Tower F4-20A User Manual preview
Raptor S-Tower F4-20A
Brand: Flycolor Pages: 2
ITRON RB 4000 Instruction Manual preview
RB 4000
Brand: ITRON Pages: 24
Linx Technologies HumPRO Series Quickstart Reference preview
HumPRO Series
Brand: Linx Technologies Pages: 2
Parker Porter MPC Series Installation, Programming, & User Manual preview
Porter MPC Series
Brand: Parker Pages: 30
PPA Citrox CX-4512 Instruction Manual preview
Citrox CX-4512
Brand: PPA Pages: 2
alpro EB1001 Instructions preview
EB1001
Brand: alpro Pages: 2

Brands by name

Popular brands

Load more brands