Network requirements, Network diagram, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

4-14

QoS Profile and IP Filtering Association Configuration Example

Network requirements

As shown in the following figure, the clients access the internal file server through Switch A, and access

the DHCP server and mail server through a DHCP relay agent. It is required that:

z

The clients obtain IP addresses on the network segment 192.168.0.0/24 from the DHCP server.

z

Enable DHCP snooping on Switch A, and configure Ethernet 1/0/3 as a trusted port. Enable IP

filtering on Ethernet 1/0/1 to prevent IP packet attacks from clients.

z

Configure a QoS profile on Switch A, limiting the rate at which the clients send packets to the

internal network (such as the file server with IP address 192.168.0.1/24) to 4 Mbps, and that to

external networks to 2 Mbps. Exceeding packets will be discarded.

Network diagram

Figure 4-8 Network diagram for QoS profile and IP filtering association

Configuration procedure

# Define ACL 3000 on Switch A, permitting packets destined for network segment 192.168.0.0/24 to

pass.

[SwitchA] acl number 3000

[SwitchA-acl-adv-3000] rule 1 permit ip destination 192.168.0.0 0.0.0.255

[SwitchA-acl-adv-3000] quit

# Define ACL 3001 on Switch A, permitting packets with any destination IP address to pass.

[SwitchA] acl number 3001

[SwitchA-acl-adv-3001] rule 1 permit ip destination any

[SwitchA-acl-adv-3001] quit

# Define a QoS profile named example. Configure the internal packet rate as 4096 Kbps, and external

packet rate as 2048 Kbps. Exceeding packets are discarded.

[SwitchA] qos-profile example

[SwitchA-qos-profile-example] traffic-limit inbound ip-group 3000 4096 exceed drop

[SwitchA-qos-profile-example] traffic-limit inbound ip-group 3001 2048 exceed drop