华为交换机常见QoS操作

1. 配置接口限速 在接口视图下执行命令qos lr inbound cir cir-value [ cbs cbs-value ] 在接口视图下执行命令qos lr outbound cir cir-value [ cbs cbs-value ]
2. 使用流策略进行限速 （1）根据IP地址进行限速 [HUAWEI] acl 2000 [HUAWEI-acl-basic-2000] rule permit source 192.168.1.10 0.0.0.0 [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 2000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] car cir 4096 //带宽限制为4M [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound （2）根据IP地址和协议进行限速 [HUAWEI] acl 3000 [HUAWEI-acl-adv-3000] rule permit tcp destination-port eq 80 source 192.168.1.0 0.0.0.255 [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 3000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] car cir 10240 //限速10M [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
3. 使用流策略对报文进行过滤 （1）禁止指定主机访问网络 [HUAWEI] acl 2000 [HUAWEI-acl-basic-2000] rule deny source 192.168.1.10 0.0.0.0 [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 2000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] deny [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1]classifier c1 behavior b1 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound （2）过滤指定应用协议报文 [HUAWEI] acl 3000 [HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 25 [HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 110 [HUAWEI-acl-adv-3000]rule deny tcp destination-port eq 80 [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 3000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] deny [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound
4. 使用流策略配置流量统计 （1）配置指定主机的统计信息 [HUAWEI] acl 4000 [HUAWEI-acl-L2-4000] rule permit source-mac 0000-0000-0003 ffff-ffff-ffff [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 4000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] statistic enable [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 inbound [HUAWEI-GigabitEthernet0/0/1]traffic-policy p1 outbound （2）配置对ICMP报文进行统计 [HUAWEI] acl 3000 [HUAWEI-acl-adv-3000]rule 0 permit icmp source 192.168.1.1 0 destination 192.168.2.1 0 [HUAWEI-acl-adv-3000]rule 5 permit icmp source 192.168.2.1 0 destination 192.168.1.1 0 [HUAWEI] traffic classifier c1 [HUAWEI-classifier-c1] if-match acl 3000 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] statistic enable [HUAWEI] traffic policy p1 [HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound [HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 outbound （3）配置对ARP报文进行统计 [HUAWEI] traffic classifier arp-request [HUAWEI-classifier-arp-request]if-match l2-protocol arp [HUAWEI-classifier-arp-request]if-match source-mac 1111-1111-1111 [HUAWEI-classifier-arp-request]if-match destination-mac ffff-ffff-ffff [HUAWEI] traffic classifier arp-reply [HUAWEI-classifier-arp-reply]if-match l2-protocol arp [HUAWEI-classifier-arp-reply]if-match source-mac 2222-2222-2222 [HUAWEI-classifier-arp-reply]if-match destination-mac 1111-1111-1111 [HUAWEI] traffic behavior b1 [HUAWEI-behavior-b1] statistic enable [HUAWEI] traffic policy arp-request [HUAWEI-trafficpolicy-arp-request]classifier arp-request behavior b1 [HUAWEI] traffic policy arp-reply [HUAWEI-trafficpolicy-arp-reply]classifier arp-reply behavior b1 [HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-request inbound [HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-reply outbound （4）查看报文统计信息 <HUAWEI> display traffic policy statistics interface gigabitethernet 0/0/1 inbound verbose rule-base //显示全局入方向应用流策略后基于匹配规则的报文统计信息