H3C Technologies H3C WX3000 Series Unified Switches User Manual

38-4

Figure 38-1

Network diagram for QoS profile configuration

User

Switch

Network

AAA Server

GEth1/0/1

Configuration procedure

1) Configuration on the AAA server

# Configure the user authentication information and the matching relationship between the user name
and the QoS profile. Refer to the user manual of the AAA server for detailed configuration.

2) Configuration on the switch

# Configure IP addresses for the RADIUS server.

<device> system-view

[device] radius scheme radius1

[device-radius-radius1] primary authentication 10.11.1.1

[device-radius-radius1] primary accounting 10.11.1.2

[device-radius-radius1] secondary authentication 10.11.1.2

[device-radius-radius1] secondary accounting 10.11.1.1

# Set the encryption passwords for the device to exchange packets with the authentication RADIUS
servers and accounting RADIUS servers.

[device-radius-radius1] key authentication money

[device-radius-radius1] key accounting money

# Configure the device to delete the user domain name from the user name and then send the user
name to the RADIUS sever.

[device-radius-radius1] user-name-format without-domain

[device-radius-radius1] quit

# Create the user domain test.net and specify radius1 as your RADIUS server group.

[device] domain test.net

[device-isp-test.net] radius-scheme radius1

[device-isp-test.net] quit

# Create ACL 3000 to permit IP packets destined for any IP address.

[device] acl number 3000

[device-acl-adv-3000] rule 1 permit ip destination any

[device-acl-adv-3000] quit

# Define a QoS profile named “example” to limit the rate of matched packets to 128 kbps and
configuring to drop the packets exceeding the target packet rate.

[device] qos-profile example

[device-qos-profile-example] traffic-limit inbound ip-group 3000 128 exceed drop