H3C WX5500H series User Configuration Manual Download Page 16

Page: 16 / 57

Step

Command

Remarks

Create an IPv6 advanced

ACL and enter its view.

acl ipv6 advanced

{

acl-number

name

acl-name

} [

match-order

{

auto

config

} ]

By default, no ACL exists.
The value range for a numbered

IPv6 advanced ACL is 3000 to

3999.
Use the

acl ipv6 advanced

acl-number

command to enter the

view of a numbered IPv6

advanced ACL.
Use the

acl

ipv6 advanced

name

acl-name

command to

enter the view of a named IPv6

advanced ACL.

(Optional.) Configure a

description for the IPv6

advanced ACL.

description

text

By default, an IPv6 advanced

ACL does not have a description.

(Optional.) Set the rule

numbering step.

step

step-value

By default, the rule numbering

step is 5 and the start rule ID is 0.

Create or edit a rule.

rule

[

rule-id

] {

deny

permit

}

protocol

[ { {

ack

ack-value

fin

fin-value

psh

psh-value

rst

rst-value

syn

syn-value

urg

urg-value

} * |

established

} |

destination

{

dest-address

dest-prefix

dest-address/dest-prefix

any

} |

destination-port operator port1

[

port2

] |

dscp

dscp

flow-label

flow-label-value

fragment

icmp6-type

{

icmp6-type

icmp6-code

icmp6-message

} |

routing

[

type

routing-type

] |

hop-by-hop

[

type

hop-type

]

source

{

source-address

source-prefix

source-address/source-prefix |
any

} |

source-port operator

port1

[

port2

] |

time-range

time-range-name

] *

By default, IPv6 advanced ACL

does not contain any rules.

(Optional.) Add or edit a rule

comment.

rule

rule-id comment

text

By default, no rule comment is

configured.

Configuring a Layer 2 ACL

Layer 2 ACLs, also called "Ethernet frame header ACLs," match packets based on Layer 2 Ethernet

header fields, such as:

•

Source MAC address.

•

Destination MAC address.

•

802.1p priority (VLAN priority).

•

Link layer protocol type.

To configure a Layer 2 ACL:

Summary of Contents for WX5500H series

Page 1: ...H3C Access Controllers ACL and QoS Configuration Guide New H3C Technologies Co Ltd http www h3c com hk Document version 6W101 20171122...

Page 2: ...SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of New H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners...

Page 3: ...E5208P03 WX1810H CMW710 E5215P01 WX1820H CMW710 E5208P03 WX2500H series WX2510H WX2540H WX2560H WX2510H CMW710 R5215P01 WX2540H CMW710 R5215P01 WX2560H CMW710 R5215P01 WX3000H series WX3010H WX3010H L...

Page 4: ...nclose a set of optional syntax choices separated by vertical bars from which you select one or none x y Asterisk marked braces enclose a set of required syntax choices separated by vertical bars from...

Page 5: ...ents an access controller a unified wired WLAN module or the access controller engine on a unified wired WLAN switch Represents an access point Wireless terminator unit Wireless terminator Represents...

Page 6: ...com hk Technical_Documents To obtain software version information such as release notes click http www h3c com hk Software_Download Technical support service h3c com http www h3c com hk Documentation...

Page 7: ...iltering 11 Configuring SNMP notifications for packet filtering 12 Setting the packet filtering default action 12 Displaying and maintaining ACLs 13 ACL configuration example 14 Network requirements 1...

Page 8: ...he MQC approach 28 Configuring traffic policing for a user profile by using the non MQC approach 29 Displaying and maintaining traffic policing 30 Configuring traffic filtering 31 Configuration proced...

Page 9: ...umber and other Layer 3 and Layer 4 header fields Layer 2 ACLs 4000 to 4999 IPv4 and IPv6 Layer 2 header fields such as source and destination MAC addresses 802 1p priority and link layer protocol typ...

Page 10: ...rvice port number range 6 Rule configured earlier Layer 2 ACL 1 More 1s in the source MAC address mask more 1s means a smaller MAC address 2 More 1s in the destination MAC address mask 3 Rule configur...

Page 11: ...les 5 10 13 and 15 as rules 0 2 4 and 6 Fragments filtering with ACLs Traditional packet filtering matches only first fragments of packets and al lows all subsequent non first fragments to pass throug...

Page 12: ...ria and functions Source and destination IP addresses Source and destination ports Transport layer protocol ICMP or ICMPv6 message type message code and message name VPN instance Logging Time range Sl...

Page 13: ...asic ACL Use the acl basic name acl name command to enter the view of a named IPv4 basic ACL 3 Optional Configure a description for the IPv4 basic ACL description text By default an IPv4 basic ACL doe...

Page 14: ...ermit fragment routing type routing type source source address source prefix source address source prefix any time range time range name By default an IPv6 basic ACL does not contain any rules 6 Optio...

Page 15: ...syn value urg urg value established destination dest address dest wildcard any destination port operator port1 port2 dscp dscp precedence precedence tos tos fragment icmp type icmp type icmp code icmp...

Page 16: ...ny permit protocol ack ack value fin fin value psh psh value rst rst value syn syn value urg urg value established destination dest address dest prefix dest address dest prefix any destination port op...

Page 17: ...range name By default a Layer 2 ACL does not contain any rules 6 Optional Add or edit a rule comment rule rule id comment text By default no rule comment is configured Configuring a WLAN client ACL W...

Page 18: ...AN AP ACL 3 Optional Configure a description for the WLAN AP ACL description text By default a WLAN AP ACL does not have a description 4 Optional Set the rule numbering step step step value By default...

Page 19: ...egation member port Applying an ACL to an interface for packet filtering The following matrix shows the feature and hardware compatibility Hardware series Model Feature compatibility WX1800H series WX...

Page 20: ...tification instead of waiting for the next output The notification records the number of matching packets and the matched ACL rules For more information about the information center and SNMP see Netwo...

Page 21: ...ACL rule to pass Displaying and maintaining ACLs Execute display commands in any view Task Command Display ACL configuration and match statistics display acl ipv6 mac wlan acl number all name acl name...

Page 22: ...e work 08 0 to 18 00 working day Create an IPv4 advanced ACL numbered 3000 AC acl advanced 3000 Configure a rule to permit access from the President s office to the financial database server AC acl ip...

Page 23: ...100 bytes 32 time 1ms TTL 255 Ping statistics for 192 168 0 100 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 0ms Maximum 1ms Average 0ms Verify that a...

Page 24: ...chniques Compatibility information Feature and hardware compatibility Hardware series Model QoS compatibility WX1800H series WX1804H WX1810H WX1820H Yes WX2500H series WX2510H WX2540H WX2560H Yes WX30...

Page 25: ...uest service from the network before it sends data IntServ signals the service request with the RSVP All nodes receiving the request reserve resources as requested and maintain state information for t...

Page 26: ...fly describes how the QoS module processes traffic 1 Traffic classifier identifies and classifies traffic for subsequent QoS actions 2 The QoS module takes various QoS actions on classified traffic as...

Page 27: ...ng traffic and it uses the AND or OR operator If the operator is AND a packet must match all the criteria to match the traffic class If the operator is OR a packet matches the traffic class if it matc...

Page 28: ...g and priority marking By default no action is configured for a traffic behavior Defining a QoS policy To perform actions defined in a behavior for a class of packets associate the behavior with the c...

Page 29: ...ets include link maintenance RIP and SSH packets To apply a QoS policy to an interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interfac...

Page 30: ...o apply the QoS policy to the outgoing traffic of the device traffic received by the online users Displaying and maintaining QoS policies Execute display commands in any view Task Command Display traf...

Page 31: ...e information about these priorities see Appendixes Locally assigned priorities only have local significance They are assigned by the device only for scheduling The device supports only local preceden...

Page 32: ...priority map lp dot1p Local 802 1p priority map lp dscp Local DSCP priority map To configure a priority map Step Command Remarks 1 Enter system view system view N A 2 Enter priority map view qos map t...

Page 33: ...ter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Set the port priority of the interface qos priority priority value The default setting is 0 Displ...

Page 34: ...hernet 1 0 2 No trusted packet priority type is configured on GigabitEthernet 1 0 1 or GigabitEthernet 1 0 2 AC system view AC interface gigabitethernet 1 0 1 AC GigabitEthernet1 0 1 qos priority 3 AC...

Page 35: ...is colored green The corresponding tokens are taken away from the bucket Otherwise the packet does not conform to the specification called excess traffic and is colored red Traffic policing uses the...

Page 36: ...iew system view N A 2 Create a traffic class and enter traffic class view traffic classifier classifier name operator and or By default no traffic class exists 3 Configure match criteria if match not...

Page 37: ...rofile Choose one of the application destinations as needed By default no QoS policy is applied Configuring traffic policing for a user profile by using the non MQC approach The following matrix shows...

Page 38: ...Command Remarks 1 Enter system view system view N A 2 Enter user profile view user profile profile name The configuration made in user profile view takes effect when the users are online 3 Configure...

Page 39: ...igure the traffic filtering action filter deny permit By default no traffic filtering action is configured 7 Return to system view quit N A 8 Create a QoS policy and enter QoS policy view qos policy p...

Page 40: ...ifier classifier_1 quit Create a traffic behavior named behavior_1 and configure the traffic filtering action to drop packets AC traffic behavior behavior_1 AC behavior behavior_1 filter deny AC behav...

Page 41: ...match criteria if match not match criteria By default no match criterion is configured For more information about the if match command see ACL and QoS Command Reference 4 Return to system view quit N...

Page 42: ...ure Create advanced ACL 3000 and configure a rule to match packets with destination IP address 192 168 0 1 AC system view AC acl advanced 3000 AC acl ipv4 adv 3000 rule permit ip destination 192 168 0...

Page 43: ...erver remark local precedence 4 AC behavior behavior_dbserver quit Create a traffic behavior named behavior_mserver and configure the action of setting the local precedence value to 3 AC traffic behav...

Page 44: ...d Service DSCP Differentiated Services Code Point EBS Excess Burst Size IntServ Integrated Service ISP Internet Service Provider PIR Peak Information Rate QoS Quality of Service ToS Type of Service Ap...

Page 45: ...3 32 to 39 4 40 to 47 5 48 to 55 6 56 to 63 7 Table 6 Default lp dot1p lp dot11e and lp dscp priority maps Input priority value lp dot1p map lp dot11e map lp dscp map lp dot1p dot11e DSCP 0 1 1 0 1 2...

Page 46: ...3 The remaining 2 bits 6 and 7 are reserved Table 8 IP precedence IP precedence decimal IP precedence binary Description 0 000 Routine 1 001 priority 2 010 immediate 3 011 flash 4 100 flash override 5...

Page 47: ...s is not needed and QoS must be assured at Layer 2 Figure 10 An Ethernet frame with an 802 1Q tag header As shown in Figure 10 the 4 byte 802 1Q tag header contains the 2 byte tag protocol identifier...

Page 48: ...a MAC layer enhancement to IEEE 802 11 IEEE 802 11e adds a 2 byte QoS control field to the 802 11e MAC frame header The 3 bit QoS control field represents the 802 11e priority in the range of 0 to 7 F...

Page 49: ...name You can create a maximum of 1024 time ranges each with a maximum of 32 periodic statements and 12 absolute statements The active period of a time range is calculated as follows 1 Combining all pe...

Page 50: ...e1 date1 to time2 date2 from time1 date1 to time2 date2 to time2 date2 No time range exists Displaying and maintaining time ranges Execute the display command in any view Task Command Display time ran...

Page 51: ...AC acl ipv4 basic 2001 rule deny source any time range work AC acl ipv4 basic 2001 quit Apply IPv4 basic ACL 2001 to filter outgoing packets on interface GigabitEthernet 1 0 1 AC interface gigabitEth...

Page 52: ...s 36 Appendix B Default priority maps 36 Appendix C Packet precedence 38 applying ACL packet filtering to interface 11 QoS policy 20 QoS policy interface PVC 21 QoS policy user profile 21 auto ACL aut...

Page 53: ...CP values 38 E evaluating QoS traffic 27 QoS traffic with token bucket 27 27 F filtering ACL packet fragments 3 QoS traffic filtering configuration 31 31 forwarding ACL configuration 1 4 14 ACL config...

Page 54: ...fic policing 27 QoS traffic policing configuration 27 28 network management ACL configuration 1 4 14 QoS overview 16 QoS priority mapping configuration 25 QoS service models 17 QoS techniques 17 time...

Page 55: ...uring QoS priority mapping map uncolored 24 configuring QoS priority mapping trusted port packet priority 24 configuring QoS priority marking 33 34 configuring QoS traffic filtering 31 31 configuring...

Page 56: ...tion IPv4 basic 5 ACL configuration IPv6 advanced 7 ACL configuration IPv6 basic 5 ACL configuration Layer 2 8 ACL configuration WLAN AP 10 ACL configuration WLAN client 9 service QoS best effort serv...

Page 57: ...ing 18 27 QoS traffic policing configuration 27 28 QoS traffic shaping 18 traffic policing QoS display 30 trapping ACL packet filtering SNMP notifications 12 trusted port packet priority QoS 24 type A...

Search results

Summary of Contents for WX5500H series

Reviews:

Related manuals for WX5500H series

Brands by name

Popular brands

H3C WX5500H series, User Configuration Manual

Search results

Summary of Contents for WX5500H series

Reviews:

Related manuals for WX5500H series

Brands by name

Popular brands