组网需求
如图所示,企业用户通过Switch的接口GE2/0/1连接到外部网络设备。
每天8:30~18:00的时间段为工作时间,对员工访问外网的速率进行限制,要求工作时间访问外网的速率不超过4Mbit/s。
配置在指定时间段进行限速组网图
配置思路
采用匹配时间段的流策略方式实现限速,具体配置思路如下:
配置各接口,实现企业用户能通过Switch访问外部网络。
配置时间范围,用于在ACL中引用。
配置ACL,匹配指定时间段通过设备的流量。
配置流策略,对于符合ACL规则的报文进行限速。
在接口GE1/0/1的入方向应用流策略。
操作步骤
创建VLAN并配置各接口
# 在Switch上创建VLAN10。
<huawei> system-view[HUAWEI] sysname Switch[Switch] vlan 10[Switch-vlan10] quit/<huawei>
# 配置Switch上接口GE1/0/1和GE2/0/1为Trunk类型接口,并加入VLAN10。
[Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] port link-type trunk[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10[Switch-GigabitEthernet1/0/1] quit[Switch] interface gigabitethernet 2/0/1[Switch-GigabitEthernet2/0/1] port link-type trunk[Switch-GigabitEthernet2/0/1] port trunk allow-pass vlan 10[Switch-GigabitEthernet2/0/1] quit
创建周期时间段working_time,时间范围为工作日的8:30~18:00。
[Switch] time-range working_time 08:30 to 18:00 working-day //定义工作时间
配置ACL 2001,配置三条规则,分别限制源IP地址为192.168.1.10、192.168.1.11、192.168.1.12的报文在工作时间的带宽。
[Switch] acl number 2001[Switch-acl-basic-2001] rule permit source 192.168.1.10 0 time-range working_time //限制源IP为192.168.1.10的报文在工作时间的带宽[Switch-acl-basic-2001] rule permit source 192.168.1.11 0 time-range working_time //限制源IP为192.168.1.11的报文在工作时间的带宽[Switch-acl-basic-2001] rule permit source 192.168.1.12 0 time-range working_time //限制源IP为192.168.1.12的报文在工作时间的带宽[Switch-acl-basic-2001] quit
配置匹配ACL 2001的流分类规则,实现对报文的分类。
[Switch] traffic classifier c1[Switch-classifier-c1] if-match acl 2001[Switch-classifier-c1] quit
配置流行为,限制访问外网速率不超过4Mbit/s。
[Switch] traffic behavior b1[Switch-behavior-b1] car cir 4096 //限制工作时间访问外网的速率不超过4Mbit/s[Switch-behavior-b1] statistic enable[Switch-behavior-b1] quit
配置流策略,并在接口GE1/0/1的入方向应用该策略。
[Switch] traffic policy p1[Switch-trafficpolicy-p1] classifier c1 behavior b1[Switch-trafficpolicy-p1] quit[Switch] interface gigabitethernet 1/0/1[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound[Switch-GigabitEthernet1/0/1] quit
验证配置结果
# 查看流分类的配置信息。
[Switch] display traffic classifier user-defined c1
User Defined Classifier Information:
Classifier: c1
Precedence: 5
Operator: OR
Rule(s) : if-match acl 2001
# 查看流策略的配置信息。
[Switch] display traffic policy user-defined p1
User Defined Traffic Policy Information:
Policy: p1
Classifier: c1
Operator: OR
Behavior: b1
Permit
Committed Access Rate:
CIR 4096 (Kbps), PIR 4096 (Kbps), CBS 770048 (byte), PBS 1282048 (byte)
Color Mode: color Blind
Conform Action: pass
Yellow Action: pass
Exceed Action: discard
Statistic: enable
# 查看在接口上应用的流策略信息。在工作时间,当GE1/0/1的入方向来自各网段的报文速率之和大于4Mbit/s时会出现丢包,各网段报文的速率被限制在4Mbit/s。
[Switch] display traffic policy statistics interface gigabitethernet 1/0/1 inbound
Interface: GigabitEthernet1/0/1
Traffic policy inbound: p1
Rule number: 3
Current status: success
Statistics interval: 300
---------------------------------------------------------------------
Board : 1
---------------------------------------------------------------------
Matched | Packets: 38,761
| Bytes: -
| Rate(pps): 0
| Rate(bps): ----------------------------------------------------------------------
Passed | Packets: 25,534
| Bytes: -
| Rate(pps): 0
| Rate(bps): ----------------------------------------------------------------------
Dropped | Packets: 13,227
| Bytes: -
| Rate(pps): 0
| Rate(bps): ----------------------------------------------------------------------
Filter | Packets: 0
| Bytes: ----------------------------------------------------------------------
Car | Packets: 13,227
| Bytes: ----------------------------------------------------------------------
说明:
请配置LSW与Switch对接的接口为Trunk类型,并加入VLAN10。
# 创建VLANIF10,并为VLANIF10配置IP地址192.168.1.1/24。
[Switch] interface vlanif 10[Switch-Vlanif10] ip address 192.168.1.1 24[Switch-Vlanif10] quit
说明:
请配置Router与Switch对接的接口ip地址为192.168.1.2/24,并在该接口上配置子接口终结VLAN。
配置文件
Switch的配置文件
#
sysname Switch#
vlan batch 10
#
time-range working_time 08:30 to 18:00 working-day
#
acl number 2001
rule 5 permit source 192.168.1.10 0 time-range working_time
rule 10 permit source 192.168.1.11 0 time-range working_time
rule 15 permit source 192.168.1.12 0 time-range working_time
#
traffic classifier c1 operator or precedence 5
if-match acl 2001
#
traffic behavior b1
permit
car cir 4096 pir 4096 cbs 770048 pbs 1282048 mode color-blind green pass yellow pass red discard
statistic enable
#
traffic policy p1 match-order config
classifier c1 behavior b1
#
interface Vlanif10
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10
traffic-policy p1 inbound
#
interface GigabitEthernet2/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return