华为交换机用流策略根据IP限速
基于IP网段的限速配置.pptx
根据 IP 地址进行限速
对IP地址为192.168.1.10的PC限速,带宽限制为4M。
system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 192.168.1.100.0.0.0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 4096
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
acl 3001
rule permit ip destination 1.1.1.1 0.0.0.0
rule permit ip source 1.1.1.1 0.0.0.0
=============================================
企业网用户的IP为10.0.0.2/24,通过Switch连接Internet。Switch为运营商设备。企业网用户只租用了1Mbps的上行带宽和2Mbps的下行带宽。
图1 普通CAR配置组网
配置思路
流量监管功能是通过QoS命令行实现。本案例中,用户采用固定IP,因此可以通过匹配用户IP地址的方法匹配用户流量,并对其做流量监管。
配置步骤
# 配置ACL规则匹配源IP为10.0.0.2的流量
<H3C> system-view
[H3C] acl number 3001
[H3C-acl-adv-3001] rule permit ip source 10.0.0.2 0
[H3C-acl-adv-3001] quit
# 配置ACL规则匹配目的IP为10.0.0.2的流量
[H3C] acl number 3002
[H3C-acl-adv-3002] rule permit ip destination 10.0.0.2 0
[H3C-acl-adv-3002] quit
# 配置流分类,匹配ACL规则3001,即匹配源IP为10.0.0.2的流量
[H3C] traffic classifier source_hostA
[H3C-classifier-source_hostA] if-match acl 3001
[H3C-classifier-source_hostA] quit
# 配置流分类,匹配ACL规则3002,即匹配目的IP为10.0.0.2的流量
[H3C] traffic classifier destination_hostA
[H3C-classifier-destination_hostA] if-match acl 3002
[H3C-classifier-destination_hostA] quit
# 配置流行为,用于对上行流量进行流量监管,速率为1000kbps
[H3C] traffic behavior uplink
[H3C-behavior-uplink] car cir 1000
[H3C-behavior-uplink] quit
# 配置流行为,用于对下行流量进行流量监管,速率为2000kbps
[H3C] traffic behavior downlink
[H3C-behavior-downlink] car cir 2000
[H3C-behavior-downlink] quit
# 配置QoS策略,用于端口入方向,即用户的上行方向
[H3C] qos policy uplink
[H3C-qospolicy-uplink] classifier source_hostA behavior uplink
[H3C-qospolicy-uplink] quit
# 配置QoS策略,用于端口出方向,即用户的下行方向
[H3C] qos policy downlink
[H3C-qospolicy-downlink] classifier destination_hostA behavior downlink
[H3C-qospolicy-downlink] quit
# 在端口上下发QoS策略,匹配出入方向的流量
[H3C] interface GigabitEthernet 3/0/1
[H3C-GigabitEthernet3/0/1] qos apply policy uplink inbound
[H3C-GigabitEthernet3/0/1] qos apply policy downlink outbound
=======================================
S系列交换机(S1700除外)和E系列交换机基于IP网段配置限速
是通过ACL和MQC实现的,关键配置如下:
基于源地址
system-view //进入系统视图
[HUAWEI] acl 3000 //创建ACL
[HUAWEI-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 //通过配置规则(rule)匹配数据流
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1 //创建流分类
[HUAWEI-classifier-c1] if-match acl 3000 //匹配ACL
[HUAWEI-classifier-c1] quit //退出
[HUAWEI] traffic behavior b1 //创建流行为
[HUAWEI-behavior-b1] car cir 4000 pir 10000 green pass //配置流策略做限速
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1 //创建流策略
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 //匹配流分类和流行为
[HUAWEI-trafficpolicy-p1]quit
[HUAWEI] interface ethernet 0/0/2
[HUAWEI-Ethernet0/0/2] traffic-policy p1 inbound //在接口Eth/0/2(数据流进入设备的接口)入方向上调用流策略p1
[HUAWEI-Ethernet0/0/2] quit
基于目的地址
acl number 3200
rule 5 permit ip destination 192.168.0.0 0.0.255.255
rule 10 permit ip source 192.168.0.0 0.0.255.255
traffic classifier cvpn operator or
if-match acl 3200
traffic behavior bvpn
car cir 15000 pir 15000 cbs 1875000 pbs 1875000 mode color-blind green pass yellow pass red discard
traffic policy pvpn match-order config
classifier cvpn behavior bvpn
vlan 3
traffic-policy pvpn outbound
vlan 7
traffic-policy pvpn outbound
————————————————
原文链接:https://blog.csdn.net/u011775882/article/details/120460778
===================================================
Qos-限速实例 根据不通的IP地址来限速
acl number 3999
rule 0 permit ip source 10.88.1.8 0
acl number 3998
rule 0 permit ip source 10.88.1.9 0
traffic classifier ACL3999 operator and
if-match acl 3999
traffic classifier ACL3998 operator and
if-match acl 3998
traffic behavior 7M //流量模板
car cir 7000 cbs 437500 ebs 0 green pass red discard yellow pass
traffic behavior 4M
car cir 4000 cbs 250000 ebs 0 green pass red discard yellow pass
qos policy LIMIT
classifier ACL3999 behavior 7M
classifier ACL3998 behavior 4M
interface GigabitEthernet1/0/20
qos apply policy LIMIT inbound
————————————————
原文链接:
https://blog.csdn.net/eighteenxu/article/details/80284334
Qos限速、流量监管、流量整形原理和实验(华为设备)
原文链接:https://blog.csdn.net/tushanpeipei/article/details/112201996
==============================================
配置接口限速
在接口视图下执行命令qos lr inbound cir cir-value [ cbs cbs-value ]
在接口视图下执行命令qos lr outbound cir cir-value [ cbs cbs-value ]
使用流策略进行限速
(1)根据IP地址进行限速
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 192.168.1.10 0.0.0.0
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 4096 //带宽限制为4M
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound
(2)根据IP地址和协议进行限速
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule permit tcp destination-port eq 80 source 192.168.1.0 0.0.0.255
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 10240 //限速10M
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
使用流策略对报文进行过滤
(1)禁止指定主机访问网络
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 192.168.1.10 0.0.0.0
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1]classifier c1 behavior b1
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound
(2)过滤指定应用协议报文
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 25
[HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 110
[HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 80
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound
使用流策略配置流量统计
(1)配置指定主机的统计信息
[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 0000-0000-0003 ffff-ffff-ffff
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 4000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound
[HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 outbound
(2)配置对ICMP报文进行统计
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000]rule 0 permit icmp source 192.168.1.1 0 destination 192.168.2.1 0
[HUAWEI-acl-adv-3000]rule 5 permit icmp source 192.168.2.1 0 destination 192.168.1.1 0
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 outbound
(3)配置对ARP报文进行统计
[HUAWEI] traffic classifier arp-request
[HUAWEI-classifier-arp-request]if-match l2-protocol arp
[HUAWEI-classifier-arp-request]if-match source-mac 1111-1111-1111
[HUAWEI-classifier-arp-request]if-match destination-mac ffff-ffff-ffff
[HUAWEI] traffic classifier arp-reply
[HUAWEI-classifier-arp-reply]if-match l2-protocol arp
[HUAWEI-classifier-arp-reply]if-match source-mac 2222-2222-2222
[HUAWEI-classifier-arp-reply]if-match destination-mac 1111-1111-1111
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI] traffic policy arp-request
[HUAWEI-trafficpolicy-arp-request]classifier arp-request behavior b1
[HUAWEI] traffic policy arp-reply
[HUAWEI-trafficpolicy-arp-reply]classifier arp-reply behavior b1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-request inbound
[HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-reply outbound
(4)查看报文统计信息
display traffic policy statistics interface gigabitethernet 0/0/1 inbound verbose rule-base //显示全局入方向应用流策略后基于匹配规则的报文统计信息
————————————————
原文链接:https://blog.csdn.net/Tony_long7483/article/details/120978662
![[模拟AP] 无线终端搜索到信号连不上怎么办?](https://h266.vip/zb_users/upload/2024/11/20241111103258173129237886805.png)
![无线网卡]提示配置ICS失败,怎么办?](https://h266.vip/zb_users/upload/2024/11/20241111103058173129225851883.png)
