Home » HP Manuals » Servers » HP 6125G » Manual Viewer

HP 6125G HP 6125G & 6125G/XG Blade Switches ACL and QoS Configuration - Page 17

Displaying and maintaining ACLs, Configuration example of using ACL for device management

Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Step 1. Enter system view. Command system-view 2. Enter interface view. interface interface-type interface-number 3. Apply an IPv6 basic or IPv6 packet-filter ipv6 { acl6-number | advanced ACL to the interface name acl6-name } { inbound | to filter IPv6 packets. outbound } Remarks N/A N/A By default, no IPv6 ACL is applied to the interface. Displaying and maintaining ACLs Task Command Remarks Display configuration and match statistics for one or all IPv4 ACLs. display acl { acl-number | all | name acl-name } [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display configuration and match statistics for one or all IPv6 ACLs. display acl ipv6 { acl6-number | all | name acl6-name } [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the usage of ACL rules. display acl resource [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view Display the application status of packet filtering ACLs on interfaces. display packet-filter { { all | interface interface-type interface-number } [ inbound | outbound ] | interface vlan-interface vlan-interface-number [ inbound | outbound ] [ slot slot-number ] } [ | { begin | exclude | include } regular-expression ] Available in any view Display the configuration and status of one or all time ranges. display time-range { time-range-name | all } [ | { begin | exclude | include } regular-expression ] Available in any view Clear statistics for one or all IPv4 reset acl counter { acl-number | all | name ACLs. acl-name } Available in user view Clear statistics for one or all IPv6 reset acl ipv6 counter { acl6-number | all | basic and advanced ACLs. name acl6-name } Available in user view Configuration example of using ACL for device management Network requirements As shown in Figure 1, configure ACLs so that: • Host A can telnet to the switch only during the working time (8:30 to 18:00 of every working day). • As a TFTP client, the switch can get files from only the server 11.1.1.100. This makes sure that the switch saves only authorized files. 11

Section	Page
Title Page	1
ACL and QoS Configuration Guide	3
Configuring ACLs	7
Overview	7
Applications on the switch	7
ACL categories	7
Numbering and naming ACLs	7
Match order	8
ACL rule comments and rule range remarks	9
ACL rule numbering	9
What is the ACL rule numbering step	9
Automatic rule numbering and renumbering	9
Fragments filtering with ACLs	9
ACL configuration task list	9
Configuring a time range	10
Configuring a basic ACL	10
Configuring an IPv4 basic ACL	10
Configuring an IPv6 basic ACL	11
Configuring an advanced ACL	12
Configuring an IPv4 advanced ACL	12
Configuring an IPv6 advanced ACL	13
Configuration restrictions and guidelines	13
Configuration procedure	13
Configuring an Ethernet frame header ACL	15
Copying an ACL	15
Copying an IPv4 ACL	16
Copying an IPv6 ACL	16
Packet filtering with ACLs	16
Applying an IPv4 or Ethernet frame header ACL for packet filtering	16
Applying an IPv6 ACL for packet filtering	16
Displaying and maintaining ACLs	17
Configuration example of using ACL for device management	17
Network requirements	17
Configuration procedure	18
IPv4 packet filtering configuration example	19
Network requirements	19
Configuration procedure	19
IPv6 packet filtering configuration example	20
Network requirements	20
Configuration procedure	20
QoS overview	21
QoS service models	21
Best-effort service model	21
IntServ model	21
DiffServ model	21
QoS techniques	22
QoS configuration approaches	23
MQC approach	23
Non-MQC approach	23
Configuring a QoS policy	24
Overview	24
Defining a class	24
Configuration restrictions and guidelines	25
Configuration procedure	25
Defining a traffic behavior	26
Defining a policy	27
Configuration restrictions and guidelines	27
Configuration procedure	27
Applying the QoS policy	27
Applying the QoS policy to an interface	28
Applying the QoS policy to online users	28
Configuration restrictions and guidelines	28
Configuration procedure	28
Applying the QoS policy to a VLAN	29
Applying the QoS policy globally	29
Displaying and maintaining QoS policies	29
Configuring priority mapping	31
Overview	31
Types of priorities	31
Priority mapping tables	31
Priority trust mode on a port	32
Priority mapping procedure	32
Configuration guidelines	33
Configuring a priority mapping table	33
Configuring a port to trust packet priority for priority mapping	33
Changing the port priority of an interface	33
Displaying priority mappings	34
Priority trust mode configuration example	34
Network requirements	34
Configuration procedure	35
Priority mapping table and priority marking configuration example	35
Network requirements	35
Configuration procedure	36
Configuring traffic policing, traffic shaping, and line rate	38
Overview	38
Traffic evaluation and token buckets	38
Evaluating traffic with the token bucket	38
Complicated evaluation	38
Traffic policing	39
Traffic shaping	40
Line rate	40
Configuring traffic policing	41
Configuration restrictions and guidelines	41
Configuration procedure	41
Configuring GTS	42
Configuring the line rate	42
Displaying and maintaining traffic policing, GTS, and line rate	43
Traffic policing configuration example	43
Network requirements	43
Configuration procedures	44
Configuring congestion management	46
Overview	46
Congestion management techniques	46
SP queuing	46
WRR queuing	47
WFQ queuing	48
SP+WRR queuing	49
SP+WFQ queuing	49
Configuring SP queuing	49
Configuration procedure	49
Configuration example	49
Network requirements	49
Configuration procedure	50
Configuring WRR queuing	50
Configuration procedure	50
Configuration example	50
Network requirements	50
Configuration procedure	51
Configuring WFQ queuing	51
Configuration procedure	51
Configuration example	52
Network requirements	52
Configuration procedure	52
Configuring SP+WRR queuing	52
Configuration procedure	52
Configuration example	53
Network requirements	53
Configuration procedure	53
Configuring SP+WFQ queuing	53
Configuration procedure	53
Configuration example	54
Network requirements	54
Configuration procedure	54
Configuring congestion avoidance	55
Overview	55
Tail drop	55
RED and WRED	55
Introduction to WRED configuration	55
Configuring WRED	56
Configuration procedure	56
Configuration examples	56
Displaying and maintaining WRED	57
Configuring traffic filtering	58
Configuration procedure	58
Traffic filtering configuration example	59
Network requirements	59
Configuration procedure	59
Configuring priority marking	60
Configuration procedure	60
Local precedence re-marking configuration example	61
Network requirements	61
Configuration procedure	62
Local QoS ID marking configuration example	63
Configuring traffic redirecting	65
Configuration restrictions and guidelines	65
Configuration procedure	65
Redirect-to-next hop configuration example	66
Network requirements	66
Configuration procedure	66
Configuring aggregate CAR	68
Overview	68
Configuring aggregate CAR	68
Configuration restrictions and guidelines	68
Configuration procedure	68
Displaying and maintaining aggregate CAR configuration	69
Aggregate CAR configuration example	69
Network requirements	69
Configuration procedure	69
Configuring class-based accounting	71
Configuration procedure	71
Displaying and maintaining traffic accounting	71
Class-based accounting configuration example	72
Network requirements	72
Configuration procedure	72
Configuring burst	74
Configuration prerequisites	74
Configuration procedure	74
Burst configuration example	74
Network requirements	74
Configuration procedure	75
Appendix A Default priority mapping tables	76
Uncolored priority mapping tables	76
Appendix B Packet precedences	77
IP precedence and DSCP values	77
802.1p priority	78
Support and other resources	80
Contacting HP	80
Subscription service	80
Related information	80
Documents	80
Websites	80
Conventions	81
Command conventions	81
GUI conventions	81
Symbols	81
Network topology icons	82
Port numbering in examples	82

Match case Limit results 1 per page

Step

Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

interface

interface-type

interface-number

N/A

Apply an IPv6 basic or IPv6

advanced ACL to the interface

to filter IPv6 packets.

packet-filter ipv6

{

acl6-number

name

acl6-name

} {

inbound

outbound

}

By default, no IPv6 ACL is applied

to the interface.

Displaying and maintaining ACLs

Task

Command

Remarks

Display configuration and match

statistics for one or all IPv4 ACLs.

display

acl

{

acl-number

all

name

acl-name

} [

slot

slot-number

] [

{

begin

exclude

include

}

regular-expression

]

Available in any view

Display configuration and match

statistics for one or all IPv6 ACLs.

display

acl

ipv6

{

acl6-number

all

name

acl6-name

} [

slot

slot-number

] [

{

begin

exclude

include

}

regular-expression

]

Available in any view

Display the usage of ACL rules.

display acl resource

[

slot

slot-number

] [

{

begin

exclude

include

}

regular-expression

]

Available in any view

Display the application status of

packet filtering ACLs on interfaces.

display

packet-filter

{ {

all

interface

interface-type

interface-number

} [

inbound

outbound

] |

interface

vlan-interface

vlan-interface-number

[

inbound

outbound

]

[

slot

slot-number

] } [

{

begin

exclude

include

}

regular-expression

]

Available in any view

Display the configuration and

status of one or all time ranges.

display time-range

{

time-range-name

all

}

[

{

begin

exclude

include

}

regular-expression

]

Available in any view

Clear statistics for one or all IPv4

ACLs.

reset

acl

counter

{

acl-number

all

name

acl-name

}

Available in user view

Clear statistics for one or all IPv6

basic and advanced ACLs.

reset

acl

ipv6

counter

{

acl6-number

all

name

acl6-name

}

Available in user view

Configuration example of using ACL for device

management

Network requirements

As shown in

Figure 1

, configure ACLs so that:

•

Host A can telnet to the switch only during the working time (8:30 to 18:00 of every working day).

•

As a TFTP client, the switch can get files from only the server 11.1.1.100. This makes sure that the

switch saves only authorized files.

HP 6125G HP 6125G &amp; 6125G/XG Blade Switches ACL and QoS Configuration - Page 17

Displaying and maintaining ACLs, Configuration example of using ACL for device management

Page 17 highlights

HP 6125G HP 6125G & 6125G/XG Blade Switches ACL and QoS Configuration - Page 17