Traffic filtering configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S10500 Series Switches User Manual
Page 64
56
NOTE:
With filter deny configured for a traffic behavior, the other actions (except class-based accounting and
traffic mirroring) in the traffic behavior do not take effect.
Traffic filtering configuration example
Traffic filtering configuration example
Network requirements
As shown in
, Host is connected to GigabitEthernet 1/0/1 of Device.
Configure traffic filtering to filter the packets with source port not being 21, and received on
GigabitEthernet 1/0/1.
Figure 18 Network diagram for traffic filtering configuration
Configuration procedure
# Create advanced ACL 3000, and configure a rule to match packets whose source port number is not
21.
<DeviceA> system-view
[DeviceA] acl number 3000
[DeviceA-acl-adv-3000] rule 0 permit tcp source-port neq 21
[DeviceA-acl-adv-3000] quit
# Create a class named classifier_1, and use ACL 3000 as the match criterion in the class.
[DeviceA] traffic classifier classifier_1
[DeviceA-classifier-classifier_1] if-match acl 3000
[DeviceA-classifier-classifier_1] quit
# Create a behavior named behavior_1, and configure the traffic filtering action to drop packets.
[DeviceA] traffic behavior behavior_1
[DeviceA-behavior-behavior_1] filter deny
[DeviceA-behavior-behavior_1] quit
# Create a policy named policy, and associate class classifier_1 with behavior behavior_1 in the policy.
[DeviceA] qos policy policy
[DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1
[DeviceA-qospolicy-policy] quit
# Apply the policy named policy to the incoming traffic of GigabitEthernet 1/0/1.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] qos apply policy policy inbound