Traffic filtering configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

8-3

Traffic direction (right)

Card category (below)

Inbound

Outbound

SD Supported

Supported

Traffic Filtering Configuration Example

Traffic Filtering Configuration Example

Network requirements

As shown in

Figure 8-1

, Host is connected to GigabitEthernet 2/0/1 of Device.

Configure traffic filtering to filter the packets whose source port is 21 received on GigabitEthernet 2/0/1.

Figure 8-1 Network diagram for traffic filtering configuration

Configuration procedure

# Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21.

<DeviceA> system-view

[DeviceA] acl number 3000

[DeviceA-acl-basic-3000] rule 0 permit tcp source-port eq 21

[DeviceA-acl-basic-3000] quit

# Create a class named classifier_1, and reference ACL 3000 in the class.

[DeviceA] traffic classifier classifier_1

[DeviceA-classifier-classifier_1] if-match acl 3000

[DeviceA-classifier-classifier_1] quit

# Create a behavior named behavior_1, and configure the traffic filtering action for the behavior to

drop packets.

[DeviceA] traffic behavior behavior_1

[DeviceA-behavior-behavior_1] filter deny

[DeviceA-behavior-behavior_1] quit

# Create a policy named policy, and associate class classifier_1 with behavior behavior_1 in the

policy.

[DeviceA] qos policy policy

[DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1

[DeviceA-qospolicy-policy] quit

# Apply the policy named policy to the incoming traffic of GigabitEthernet 2/0/1.

[DeviceA] interface gigabitethernet 2/0/1

[DeviceA-GigabitEthernet2/0/1] qos apply policy policy inbound