Configuration guidelines, Acl and qos configuration example, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 440
427
Item
Description
Trust Mode
Select a priority trust mode for the port, which can be
•
Untrust: Not trusts packet priority.
•
CoS: Trusts the 802.1p priority of the incoming packets.
•
DSCP: Trusts the DSCP value of the incoming packets.
Configuration guidelines
When you configure ACL and QoS, follow these guidelines:
1.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an
existing rule in the ACL.
2.
You can only modify the existing rules of an ACL that uses the match order of config. When
modifying a rule of such an ACL, you may choose to change just some of the settings, in which
case the other settings remain the same.
3.
When you configure line rate and traffic policing for a behavior, make sure that the ratio of CBS
to CIR is more than 100:16. Otherwise, the handling for bursty traffic may be affected.
4.
If the outgoing port configured for a traffic redirecting action is bound to a NAT virtual interface,
packets are redirected to the L3 NAT card, which can cause traffic redirecting failure.
5.
If an ACL is referenced by a QoS policy for defining traffic classification rules, packets matching
the referenced ACL rule are organized as a class and the behavior defined in the QoS policy
applies to the class regardless of whether the referenced ACL rule is a deny or permit clause.
6.
If a QoS policy is applied in the outbound direction of a port, the QoS policy cannot influence
local packets. Local packets refer to the important protocol packets that maintain the normal
operation of the device. QoS must not process such packets to avoid packet drop. Commonly used
local packets are: link maintenance packets, ISIS packets, OSPF packets, RIP packets, BGP
packets, LDP packets, RSVP packets, and SSH packets and so on.
7.
When you configure queuing for a traffic behavior:
•
In a policy, a traffic behavior with EF configured cannot be associated with the default class, while
a traffic behavior with WFQ configured can only be associated with the default class.
•
In a policy, the total bandwidth assigned to the AF and EF classes cannot be greater than the
available bandwidth of the interface to which the policy applies; the total bandwidth percentage
assigned to the AF and EF classes cannot be greater than 100%.
•
In the same policy, the same bandwidth unit must be used to configure bandwidth for AF classes
and EF classes, either absolute bandwidth value or percent.
ACL and QoS configuration example
Network requirements
As shown in
, in the network, the FTP server (10.1.1.1/24) is connected to the Switch, and the
clients access the FTP server through GigabitEthernet 1/0/1 of the Switch.
Configure an ACL and a QoS policy as follows to prevent the hosts from accessing the FTP server from
8:00 to 18:00 every day:
1.
Create an ACL to prohibit the hosts from accessing the FTP server from 8:00 to 18:00 every day.