- DL manuals
- H3C
- Switch
- S9500 Series
- Operation Manual
H3C S9500 Series Operation Manual
Summary of S9500 Series
Page 1
H3c s9500 series routing switches operation manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: t2-081655-20080530-c-2.03 product version: s9500-cmw520-r2132.
Page 2
Copyright © 2007-2008, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , i...
Page 3: About This Manual
About this manual related documentation in addition to this manual, each h3c s9500 series routing switches documentation set includes the following: manual description h3c s9500 series routing switches installation manual it introduces the installation procedure, commissioning, maintenance and monit...
Page 4
Part contents 03 ip routing volume includes ip routing overview, bgp configuration, is-is configuration, ospf configuration, rip configuration, routing policy configuration, static routing configuration, ipv6 bgp configuration, ipv6 is-is configuration, ipv6 ospfv3 configuration, ipv6 ripng configur...
Page 6
Iii. Symbols convention description warning means reader be extremely careful. Improper operation may cause bodily injury. Caution means reader be careful. Improper operation may cause data loss or damage to equipment. Note means a complementary description..
Page 7
Operation manual h3c s9500 series routing switches qos acl volume organization manual version t2-081655-20080530-c-2.03 product version s9500-cmw520-r2132 organization the qos acl volume is organized as follows: features (operation manual) description qos the volume describes: z qos overview z traff...
Page 8: Table of Contents
Operation manual – qos h3c s9500 series routing switches table of contents i table of contents chapter 1 qos overview .............................................................................................................. 1-1 1.1 introduction .....................................................
Page 9
Operation manual – qos h3c s9500 series routing switches table of contents ii 4.3.1 configuration procedure ......................................................................................... 4-4 4.3.2 configuration examples ........................................................................
Page 10
Operation manual – qos h3c s9500 series routing switches table of contents iii 9.2.1 mirroring traffic to a port ........................................................................................ 9-1 9.2.2 mirroring traffic to the cpu ..............................................................
Page 11: Chapter 1 Qos Overview
Operation manual – qos h3c s9500 series routing switches chapter 1 qos overview 1-1 chapter 1 qos overview when configuring qos, go to these sections for information you are interested in: z introduction z traditional packets forwarding application z new requirements caused by new applications z con...
Page 12
Operation manual – qos h3c s9500 series routing switches chapter 1 qos overview 1-2 apart from traditional applications of www, e-mail and ftp, network users try to expand some new applications, such as tele-education, telemedicine, video telephone, videoconference and video-on-demand (vod), on the ...
Page 13
Operation manual – qos h3c s9500 series routing switches chapter 1 qos overview 1-3 when traffic arrives at wire speed, congestion may occur for network resource bottleneck. Besides the bottleneck of link bandwidth, congestion will also be caused by resources deficiency in normal packet forwarding, ...
Page 14
Operation manual – qos h3c s9500 series routing switches chapter 1 qos overview 1-4 z traffic policing: polices the specification of particular traffics entering the switch. When the traffics exceed the specification, then some restriction or punishment measures can be taken to protect the commercia...
Page 15: Shaping Configuration
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-1 chapter 2 traffic classification and traffic shaping configuration when configuring traffic classification and traffic shaping, go to these sections for information you are...
Page 16
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-2 2.1.2 priority several priorities are described as follows: figure 2-1 ds field and tos byte as shown in figure 2-1 , the tos byte of ip header contains 8 bits: the first t...
Page 17
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-3 figure 2-2 measuring the traffic with a token bucket ii. Measuring the traffic with token bucket whether or not the token quantity of the token bucket can satisfy the packe...
Page 18
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-4 z pir (peak information rate) z ebs (excess burst size) it uses two token buckets, with the token-putting rate of every bucket set as cir and pir and the capability of ever...
Page 19
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-5 figure 2-3 traffic shaping diagram for example, switch a sends packets to switch b. Switch b implements traffic policing on those packets, and directly drops exceeding traf...
Page 20
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-6 i. Configuring queue-based traffic shaping follow these steps to configure queue-based traffic shaping: to do… use the command… remarks enter system view system-view — ente...
Page 21
Operation manual – qos h3c s9500 series routing switches chapter 2 traffic classification and traffic shaping configuration 2-7 ii. Configuring traffic shaping applicable to all traffics follow these steps to configure traffic shaping applicable to all traffics: to do… use the command… remarks enter...
Page 22: 3.1 Qos Policy Overview
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-1 chapter 3 qos policy configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z qos policy overview z qos policy configuration...
Page 23: 3.3 Configuring Qos Policy
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-2 4) apply the qos policy. 3.3 configuring qos policy 3.3.1 configuration prerequisites z the class name and rules of the class are defined in a policy. Z the traffic behavior name and actions in the traffi...
Page 24
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-3 2) configuration procedure # enter system view. System-view # define a class and enter class view. [sysname] traffic classifier test # configure the classification rule. [sysname-classifier-test] if-match...
Page 25
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-4 to do... Use the command... Remarks configure the traffic accounting action accounting configure the traffic policing action car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burs...
Page 26
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-5 to do... Use the command... Remarks display traffic behavior information display traffic behavior user-defined [ behavior-name ] optional available in any view note that: z for the description on the defa...
Page 27
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-6 z on all the boards, the 802.1p precedence marking action, the local precedence marking action, and the drop precedence marking action cannot be configured with the action of obtaining other precedence va...
Page 28
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-7 in a policy, multiple class-to-traffic-behavior mappings are configured, and these mapping are executed according to the order they are configured. Follow these steps to specify the traffic behavior for a...
Page 29
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-8 follow these steps to apply a policy to the interface: to do... Use the command... Remarks enter system view system-view — enter interface view interface interface-type interface-number enter interface vi...
Page 30
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-9 note: z if a qos policy is applied on the outbound direction of an interface, the qos policy is not valid on a local packet (the following are the definition and functions of a local packet: some internal...
Page 31
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-10 for l2vpn running on mpls te tunnels, 802.1p precedence, local precedence, and drop precedence are fixed to 0, 5, and 0. You cannot modify them through configuring policies. 3.4.1 mapping dot1p to exp in...
Page 32
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-11 2) dscp precedence marking the following table presents how an ingress pe makes dscp precedence marking decisions for received packets: if packets are received from… marking dscp? Remarks l2vpn no this i...
Page 33
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-12 label operation marking exp? Remarks swap yes the p device marks the exp in the outer label according to the adopted mapping. When the remark dscp dscp-value command is configured, the exp is the low-ord...
Page 34
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-13 label operation marking 802.1p? Remarks swap yes the p device marks the 802.1p precedence in the vlan tag depending on the adopted mapping action. On boards suffixed with ca or cb yes the p device marks ...
Page 35
Operation manual – qos h3c s9500 series routing switches chapter 3 qos policy configuration 3-14 4) 802.1p precedence marking the following table presents how the egress pe makes 802.1p precedence marking decisions for received packets: if the packets are intended for… marking 802.1p? Remarks l2vpn ...
Page 36: Management Configuration
Operation manual – qos h3c s9500 series routing switches chapter 4 hardware-based congestion management configuration 4-1 chapter 4 hardware-based congestion management configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested ...
Page 37
Operation manual – qos h3c s9500 series routing switches chapter 4 hardware-based congestion management configuration 4-2 disadvantage of sp mode 2 is that the bus bandwidth of the external memory is decreased. Note: currently, only sp mode 0 (that is, sp queue scheduling algorithm) is available on ...
Page 38: 4.2 Configuring Sp Queues
Operation manual – qos h3c s9500 series routing switches chapter 4 hardware-based congestion management configuration 4-3 4.2 configuring sp queues 4.2.1 configuration procedure follow these steps to configure sp queues: to do... Use the command... Remarks enter system view system-view — enter ether...
Page 39
Operation manual – qos h3c s9500 series routing switches chapter 4 hardware-based congestion management configuration 4-4 4.3.1 configuration procedure i. Group-based wrr queue configuration task list follow these steps to configure group-based wrr queues: to do... Use the command... Remarks enter s...
Page 40
Operation manual – qos h3c s9500 series routing switches chapter 4 hardware-based congestion management configuration 4-5 system-view # configure wrr queues on ethernet 1/1/1. [sysname] interface ethernet 1/1/1 [sysname-ethernet1/1/1] qos wrr [sysname-ethernet1/1/1] qos wrr 1 group 1 weight 1 [sysna...
Page 41: Chapter 5 Priority Mapping
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-1 chapter 5 priority mapping when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z priority mapping overview z configuring a priority mapping tab...
Page 42
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-2 z dot1p-dp: 802.1p-to-drop-precedence mapping table. Z dot1p-lp: 802.1p-to-local-precedence mapping table. Z dot1p-rpr: 802.1p-to-rpr-precedence mapping table. Z dscp-dot1p: dscp-to-802.1p-precedence mapping tabl...
Page 43
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-3 follow these steps to configure a priority mapping table: 1) enter priority mapping table view; 2) configure mapping table parameters. 5.2.1 configuration prerequisites new priority mapping relationship is determ...
Page 44
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-4 5.2.3 configuration examples i. Uncolored mapping table configuration example z network requirements modify the 802.1p-precedence-to-local-precedence mapping table as follows: table 5-1 the specified 802.1p-prece...
Page 45
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-5 green + exp local precedence 2 1 3 1 4 2 5 2 6 3 7 3 z configuration procedure # enter system view. System-view # enter the view of the exp-lp mapping table for green packets. [sysname] qos map-table color green ...
Page 46
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-6 5.3.2 configuration procedure follow these steps to configure port priority: to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type interface-nu...
Page 47
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-7 ii. Network diagram figure 5-2 network diagram for priority trust mode configuration iii. Configuration procedure # enter system view. System-view # configure port priority for ethernet 1/1/1. [sysname] interface...
Page 48
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-8 5.4.1 configuration procedure follow these steps to configure to trust packet priority: to do... Use the command... Remarks enter system view system-view — enter ethernet interface view interface interface-type i...
Page 49
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-9 ii. Network diagram figure 5-3 network diagram for priority trust mode configuration iii. Configuration procedure # enter system view system-view # enter 802.1p-precedence-to-local-precedence mapping table view t...
Page 50
Operation manual – qos h3c s9500 series routing switches chapter 5 priority mapping 5-10 [sysname] interface ethernet 1/1/4 [sysname-ethernet1/1/4] qos trust dot1p.
Page 51
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-1 chapter 6 congestion avoidance when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z congestion avoidance overview z configuring wred z dis...
Page 52
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-2 z when the queue length exceeds the maximum threshold, all the incoming packets are dropped. Z when the queue length is between the maximum threshold and the minimum threshold, the packets are dropped randoml...
Page 53: 6.2 Configuring Wred
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-3 figure 6-1 relationship between wred and queuing mechanisms through associating wred with wfq, the flow-based wred can be realized. Because different flow has its own queue during packet classification, the f...
Page 54
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-4 z the denominator used for calculating the drop probability: this argument functions as the denominator when the drop probability is calculated. The bigger the denominator is, the smaller the calculated drop ...
Page 55
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-5 note: z pos interfaces do not support wred configuration. Z in the above table, when the exponent for calculating average queue length and other parameters for the wred table are configured, the outgoing port...
Page 56
Operation manual – qos h3c s9500 series routing switches chapter 6 congestion avoidance 6-6 [sysname-ethernet1/1/1] qos wred apply queue-table1.
Page 57
Operation manual – qos h3c s9500 series routing switches chapter 7 aggregation car configuration 7-1 chapter 7 aggregation car configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z aggregation car overview z referenci...
Page 58
Operation manual – qos h3c s9500 series routing switches chapter 7 aggregation car configuration 7-2 note: z for the description on the default value of cbs, refer to the related part in qos commands. Z for an aggregation car action referenced by a traffic behavior to take effect, you need to bind t...
Page 59: 8.1 Vlan Policy Overview
Operation manual – qos h3c s9500 series routing switches chapter 8 vlan policy configuration 8-1 chapter 8 vlan policy configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z vlan policy overview z configuring a vlan po...
Page 60
Operation manual – qos h3c s9500 series routing switches chapter 8 vlan policy configuration 8-2 8.2 configuring a vlan policy 8.2.1 configuration prerequisites z configure a vlan policy. Refer to configuring qos policy for details. Z apply the vlan policy to the specified vlan(s). 8.2.2 configurati...
Page 61
Operation manual – qos h3c s9500 series routing switches chapter 8 vlan policy configuration 8-3 z apply the vlan policy to the inbound direction of vlan 200, vlan 300, vlan 400, vlan 500, vlan 600, vlan 700, and vlan 800. 8.4.2 configuration procedure system-view [sysname] traffic classifier cl1 op...
Page 62
Operation manual – qos h3c s9500 series routing switches chapter 9 traffic mirroring configuration 9-1 chapter 9 traffic mirroring configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z traffic mirroring overview z con...
Page 63
Operation manual – qos h3c s9500 series routing switches chapter 9 traffic mirroring configuration 9-2 to do... Use the command... Remarks enter system view system-view — enter traffic behavior view traffic behavior behavior-name — configure the destination port for traffic mirroring mirror-to inter...
Page 64
Operation manual – qos h3c s9500 series routing switches chapter 9 traffic mirroring configuration 9-3 9.3 displaying and maintaining traffic mirroring follow these steps to display and maintain traffic mirroring: to do... Use the command... Remarks display information about the user-defined traffic...
Page 65
Operation manual – qos h3c s9500 series routing switches chapter 9 traffic mirroring configuration 9-4 [sysname-classifier-1] if-match acl 2000 [sysname-classifier-1] quit # configure a traffic behavior with the action of mirroring traffic to ethernet 1/1/1. [sysname] traffic behavior 1 [sysname-beh...
Page 66: 10.1 Eacl Overview
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-1 chapter 10 eacl configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z eacl overview z eacl configuration task list z configur...
Page 67
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-2 accesses the internal network. If the internal network does not access the external network, the external network cannot initiate access to the internal network. Follow these steps to configure a reflexive ac...
Page 68
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-3 to do... Use the command... Remarks configure the traffic filtering action filter permit required permitting the conformance traffic is the only filtering action you can configure here. Exit to system view qu...
Page 69
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-4 to do... Use the command... Remarks create a vlan interface and enter vlan interface view interface vlan-interface vlan-interface-id required exit to system view quit — create an advanced acl and enter advanc...
Page 70
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-5 to do... Use the command... Remarks associate the traffic behavior with the class in the policy classifier tcl-name behavior behavior-name required exit to system view quit — enter eacl service subinterface v...
Page 71
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-6 to do… use the command… remarks create a traffic behavior and enter traffic behavior view traffic behavior behavior-name — configure the action of redirecting traffic to an eacl service sub-interface redirect...
Page 72
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-7 10.3 eacl configuration examples 10.3.1 reflexive acl configuration examples i. Network requirements through configuring reflexive acl, achieve the aim that the external network can access the internal networ...
Page 73
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-8 [sysname-classifier-1] quit [sysname] traffic behavior 1 [sysname-behavior-1] filter permit [sysname-behavior-1] quit [sysname] qos policy 1 [sysname-qospolicy-1] classifier 1 behavior 1 [sysname-qospolicy-1]...
Page 74
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-9 ii. Network diagram figure 10-2 network diagram for bt traffic limiting iii. Configuration procedure # enter system view and create the vlan and vlan interface. System-view [sysname] vlan 3 [sysname-vlan3] qu...
Page 75: 10.4 Troubleshooting Eacl
Operation manual – qos h3c s9500 series routing switches chapter 10 eacl configuration 10-10 [sysname-acl-basic-2000] rule permit [sysname-acl-basic-2000] quit [sysname] traffic classifier 2 [sysname-classifier-2] if-match acl 2000 [sysname-classifier-2] quit [sysname] traffic behavior 2 [sysname-be...
Page 76: Configuration
Operation manual – qos h3c s9500 series routing switches chapter 11 outbound traffic accounting configuration 11-1 chapter 11 outbound traffic accounting configuration when configuring traffic classification and traffic shaping, go to these sections for information you are interested in: z outbound ...
Page 77: Accounting
Operation manual – qos h3c s9500 series routing switches chapter 11 outbound traffic accounting configuration 11-2 11.3 displaying and maintaining outbound traffic accounting follow these steps to display and maintain outbound traffic accounting: to do… use the command… remarks display the outbound ...
Page 78: Table of Contents
Operation manual – acl h3c s9500 series routing switches table of contents i table of contents chapter 1 acl overview .............................................................................................................. 1-1 1.1 ipv4 acl..........................................................
Page 79
Operation manual – acl h3c s9500 series routing switches table of contents ii 3.2 configuring a basic ipv6 acl ........................................................................................... 3-1 3.2.1 configuration prerequisites...............................................................
Page 80: Chapter 1 Acl Overview
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-1 chapter 1 acl overview note: unless otherwise stated, acls refer to both ipv4 acls and ipv6 acls throughout this document. As network scale and network traffic are increasingly growing, network security and bandwidth...
Page 81
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-2 z ethernet frame header acl, based on layer 2 protocol header fields such as source mac address, destination mac address, 802.1p priority, and data link layer protocol type. Ethernet frame header acls are numbered 40...
Page 82
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-3 compare packets against the rule configured with more zeros in the destination ip address wildcard prior to the other. 5) if the numbers of zeros in the destination ip address wildcards are the same, compare packets ...
Page 83: 1.2 Ipv6 Acl
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-4 ii. Benefits of using the step with the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers when defining them. The system will assign a newly defined rule a number that is the smal...
Page 84
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-5 z effective period of an ipv4 acl 1.2.1 ipv6 acl classification ipv6 acls, identified by acl numbers, fall into the following three categories: z basic ipv6 acl, based on source ipv6 address. Basic ipv6 acls are numb...
Page 85
Operation manual – acl h3c s9500 series routing switches chapter 1 acl overview 1-6 4) if the prefix lengths in the destination ipv6 address wildcards are the same, look at the layer 4 port number (tcp/udp port number). Then compare packets against the rule configured with the lower port number prio...
Page 86: 2.1 Creating A Time Range
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-1 chapter 2 ipv4 acl configuration when configuring an ipv4 acl, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv4 acl z configuring an advanced ip...
Page 87
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-2 may use the time-range test from 00:00 01/01/2004 to 23:59 12/31/2004 command. Z compound time range created using the time-range time-name start-time to end-time days { from time1 date1 [ to time2 date2 ] ...
Page 89
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-4 # verify the configuration. [sysname-acl-basic-2000] display acl 2000 basic acl 2000, 1 rule, acl's step is 5 rule 0 deny source 1.1.1.1 0 (5 times matched) 2.3 configuring an advanced ipv4 acl advanced ipv...
Page 90
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-5 to do… use the command… remarks set a rule numbering step step step-value optional the default step is 5. Create an ipv4 acl description description text optional an advanced ipv4 acl has no description by ...
Page 91
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-6 [sysname-acl-adv-3000] display acl 3000 advanced acl 3000, 1 rule, acl's step is 5 rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.2.255 destination-port eq www (5 times matched)...
Page 92
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-7 note that: z you will fail to create or modify a rule if its permit/deny statement is exactly the same as another rule. In addition, if the acl match order is set to auto rather than config, you cannot modi...
Page 93
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-8 2.5.1 configuration prerequisites if you want to reference a time range to a rule, define it with the time-range command first. 2.5.2 configuration procedure follow these steps to configure a user-defined i...
Page 94
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-9 2.5.3 configuration example # configure user-defined acl 5500, permitting any packet whose 13th and 14th bytes starting from the layer 2 header are 0x0806 (that is, arp packets) in time range t1. System-vie...
Page 95
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-10 ii. Network diagram figure 2-1 network diagram for acl configuration iii. Configuration procedure 1) create a time range for office hours # create a periodic time range spanning 8:00 to 18:00 in working da...
Page 96
Operation manual – acl h3c s9500 series routing switches chapter 2 ipv4 acl configuration 2-11 [sysname-classifier-test_permit] quit [sysname] traffic behavior test_permit [sysname-behavior-test_permit] filter permit [sysname-behavior-test_permit] quit [sysname] traffic classifier test_deny [sysname...
Page 97: 3.1 Creating A Time Range
Operation manual – acl h3c s9500 series routing switches chapter 3 ipv6 acl configuration 3-1 chapter 3 ipv6 acl configuration when configuring ipv6 acls, go to these sections for information you are interested in: z creating a time range z configuring a basic ipv6 acl z configuring an advanced ipv6...
Page 98
Operation manual – acl h3c s9500 series routing switches chapter 3 ipv6 acl configuration 3-2 to do… use the command… remarks create an ipv6 acl description description text optional a basic ipv6 acl has no description by default. Create a rule description rule rule-id comment text optional a rule h...
Page 99
Operation manual – acl h3c s9500 series routing switches chapter 3 ipv6 acl configuration 3-3 3.3 configuring an advanced ipv6 acl advanced acls filter packets based on the source ipv6 address, destination ipv6 address, protocol carried on ipv6, and other protocol header fields such as the tcp/udp s...
Page 100
Operation manual – acl h3c s9500 series routing switches chapter 3 ipv6 acl configuration 3-4 to do… use the command… remarks create a rule description rule rule-id comment text optional a rule has no description by default. Note that: z you will fail to create or modify a rule if its permit/deny st...
Page 102
Operation manual – acl h3c s9500 series routing switches chapter 3 ipv6 acl configuration 3-6 # configure a traffic classification rule and a traffic behavior, denying the packets with any source ip addresses. [sysname] traffic classifier c_deny [sysname-classifier-c_deny] if-match acl ipv6 2001 [sy...
Page 103
Operation manual – acl h3c s9500 series routing switches chapter 4 flow template configuration 4-1 chapter 4 flow template configuration this chapter covers these topics: z configuring a flow template z displaying and maintaining flow templates z flow template configuration example 4.1 configuring a...
Page 104
Operation manual – acl h3c s9500 series routing switches chapter 4 flow template configuration 4-2 caution: when one of the following situations occurs, you cannot configure user-defined flow templates on interfaces: z b-type and c-type boards have ipv6 unicast and mix-insertion enabled on the virtu...
Page 105
Operation manual – acl h3c s9500 series routing switches chapter 4 flow template configuration 4-3 table 4-1 description on the size of every field field length in bytes remarks customer-vlan-id 4 or 8 usually 8 bytes (4 bytes when the ethernet-protocol field is configured) dip 4 — dipv6 10 10 bytes...
Page 106
Operation manual – acl h3c s9500 series routing switches chapter 4 flow template configuration 4-4 field length in bytes remarks service-vlan-id 0 or 2 2 bytes for b-type or c-type boards; 0 bytes for d-type boards sip 4 — sipv6 0 0 bytes in a flow template in fact, the field is 16-byte long. Smac 6...
Page 107
Operation manual – acl h3c s9500 series routing switches chapter 4 flow template configuration 4-5 [sysname-ethernet3/1/1] quit # display information about flow template aaa. [sysname] display flow-template user-defined aaa user-defined flow template: basic name:aaa, index:1, total reference counts:...