Configuring traffic filtering, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual
Page 64
55
Configuring traffic filtering
You can filter in or filter out a class of traffic by associating the class with a traffic filtering action. For
example, you can filter packets sourced from a specific IP address according to network status.
Configuration procedure
To configure traffic filtering:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create a class and enter
class view.
traffic classifier tcl-name [ operator { and
| or } ]
N/A
3.
Configure match criteria.
if-match match-criteria
N/A
4.
Return to system view.
quit
N/A
5.
Create a behavior and
enter behavior view.
traffic behavior behavior-name N/A
6.
Configure the traffic
filtering action.
filter { deny | permit }
•
deny: Drops packets.
•
permit: Permits packets to
pass through.
7.
Return to system view.
quit
N/A
8.
Create a policy and enter
policy view.
qos policy policy-name
N/A
9.
Associate the class with the
traffic behavior in the QoS
policy.
classifier tcl-name behavior
behavior-name
N/A
10.
Return to system view.
quit
N/A
11.
Apply the QoS policy.
•
•
Applying the QoS policy to a VLAN
•
Applying the QoS policy globally
•
Applying the QoS policy to the control
Choose one application
destination as needed.
12.
Display the traffic filtering
configuration.
display traffic behavior user-defined
[ behavior-name ] [ | { begin | exclude |
include } regular-expression ]
Optional.
Available in any view.
NOTE:
With filter deny configured for a traffic behavior, the other actions (except class-based accounting) in the
traffic behavior do not take effect. Whether traffic filtering can work with class-based accounting depends
on your card model: the two commands are mutually exclusive on an Ethernet interface card, and the two
commands can co-exist on an interface subcard.