Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide - Page 12

Configuring an IPv6 advanced ACL

Add to My Manuals
Save this manual to your list of manuals

Page 12 highlights

Step Command Remarks 2. Create an IPv4 advanced ACL acl number acl-number [ name and enter its view. acl-name ] [ match-order { auto | config } ] 3. (Optional.) Configure a description for the IPv4 advanced ACL. 4. (Optional.) Set the rule numbering step. description text step step-value By default, no ACL exists. IPv4 advanced ACLs are numbered in the range of 3000 to 3999. You can use the acl name acl-name command to enter the view of a named ACL. By default, an IPv4 advanced ACL has no ACL description. The default setting is 5. 5. Create or edit a rule. rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-wildcard | any } | destination-port operator port1 [ port2 ] | { dscp dscp | { precedence precedence | tos tos } * } | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { source-address source-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * By default, an IPv4 advanced ACL does not contain any rule. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. If an IPv4 advanced ACL is for QoS traffic classification or packet filtering, do not specify the vpn-instance keyword or specify neq for the operator argument. 6. (Optional.) Add or edit a rule comment. rule rule-id comment text By default, no rule comments are configured. Configuring an IPv6 advanced ACL IPv6 advanced ACLs match packets based on the source IPv6 addresses, destination IPv6 addresses, packet priorities, protocols carried over IPv6, and other protocol header fields such as the TCP/UDP source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message code. Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering. To configure an IPv6 advanced ACL: Step 1. Enter system view. Command system-view Remarks N/A 6

Section	Page
Title Page	1
Contents	3
Configuring ACLs	7
Overview	7
Applications on the switch	7
ACL categories	7
Numbering and naming ACLs	7
Match order	8
Rule numbering	9
Rule numbering step	9
Automatic rule numbering and renumbering	9
Fragments filtering with ACLs	9
Configuration task list	9
Configuring a basic ACL	10
Configuring an IPv4 basic ACL	10
Configuring an IPv6 basic ACL	10
Configuring an advanced ACL	11
Configuring an IPv4 advanced ACL	11
Configuring an IPv6 advanced ACL	12
Configuring an Ethernet frame header ACL	14
Copying an ACL	15
Configuring packet filtering with ACLs	16
Applying an ACL to an interface for packet filtering	16
Setting the interval for generating and outputting packet filtering logs	16
Setting the packet filtering default action	16
Displaying and maintaining ACLs	16
ACL configuration example	17
Network requirements	17
Configuration procedure	18
Verifying the configuration	18
QoS overview	20
QoS service models	20
Best-effort service model	20
IntServ model	20
DiffServ model	20
QoS techniques overview	21
Deploying QoS in a network	21
Configuring a QoS policy	22
Non-MQC approach	22
MQC approach	22
Configuration procedure diagram	22
Defining a traffic class	23
Configuration guidelines	23
Configuration procedure	23
Defining a traffic behavior	25
Defining a QoS policy	25
Applying the QoS policy	26
Applying the QoS policy to an interface	26
Applying the QoS policy to a VLAN	27
Applying the QoS policy globally	27
Applying the QoS policy to the control plane	27
Configuration guidelines	28
Configuration procedure	28
Displaying and maintaining QoS policies	28
Configuring priority mapping	30
Overview	30
Introduction to priorities	30
Priority maps	30
Priority trust mode on a port	31
Priority mapping process	32
Priority mapping configuration tasks	33
Configuring a priority map	34
Configuring a port to trust packet priority for priority mapping	34
Changing the port priority of an interface	35
Displaying and maintaining priority mapping	35
Port priority configuration example	36
Network requirements	36
Configuration procedure	36
Priority mapping table and priority marking configuration example	36
Network requirements	36
Configuration procedure	38
Configuring traffic policing, GTS, and rate limit	40
Overview	40
Traffic evaluation and token buckets	40
Token bucket features	40
Evaluating traffic with the token bucket	40
Complicated evaluation	40
Traffic policing	41
GTS	42
Rate limit	43
Configuring traffic policing	43
Configuring GTS	44
Configuring the rate limit	45
Displaying and maintaining traffic policing, GTS, and rate limit	45
Traffic policing and traffic shaping configuration example	45
Network requirements	45
Configuration procedures	46
Configuring congestion management	49
Overview	49
Impacts and countermeasures	49
Congestion management techniques	49
SP queuing	49
WRR queuing	50
WFQ queuing	51
SP+WRR queuing	51
SP+WFQ queuing	51
Configuration approaches and task list	52
Configuring SP queuing	52
Configuration procedure	52
Configuration example	52
Configuring WRR queuing	52
Configuration procedure	52
Configuration example	53
Network requirements	53
Configuration procedure	53
Configuring WFQ queuing	53
Configuration procedure	53
Configuration example	54
Network requirements	54
Configuration procedure	54
Configuring SP+WRR queuing	55
Configuration procedure	55
Configuration example	55
Network requirements	55
Configuration procedure	55
Configuring SP+WFQ queuing	56
Configuration procedure	56
Configuration example	56
Network requirements	56
Configuration procedure	56
Displaying and maintaining congestion management	57
Configuring congestion avoidance	58
Overview	58
Tail drop	58
RED and WRED	58
ECN	59
Configuring and applying a WRED table	59
Displaying and maintaining WRED	60
WRED configuration example	61
Network requirements	61
Configuration procedure	61
Configuring traffic filtering	63
Configuration procedure	63
Configuration example	64
Network requirements	64
Configuration procedure	64
Configuring priority marking	65
Overview	65
Color-based priority marking	65
Packet coloring methods	65
Traffic policing	65
Mapping drop precedence	65
Configuring color-based priority marking	66
Configuring priority marking based on colors obtained through traffic policing	66
Configuring priority marking based on colors obtained through mapping drop precedence	66
Configuration procedure	66
Configuration examples	68
Remarking local precedence configuration example	68
Network requirements	68
Configuration procedure	68
Remarking local QoS ID configuration example	70
Network requirements	70
Configuration considerations	70
Configuration procedure	70
Configuring nesting	73
Configuration procedure	73
Nesting configuration example	74
Network requirements	74
Configuration procedure	74
Configuring PE 1	74
Configuring PE 2	75
Configuring traffic redirecting	76
Configuration procedure	76
Configuration example	77
Network requirements	77
Configuration procedure	78
Configuring aggregate CAR	80
Configuration procedure	80
Displaying and maintaining aggregate CAR	80
Configuration example	80
Network requirements	80
Configuration procedure	81
Configuring class-based accounting	83
Configuration procedure	83
Configuration example	84
Network requirements	84
Configuration procedure	84
Configuring data buffers	86
Configuration task list	87
Enabling the Burst function	87
Configuring data buffers manually	88
Configuring the total shared-area ratio	88
Setting the maximum shared-area ratio for a queue	88
Setting the fixed-area ratio for a queue	89
Applying data buffer configuration	89
Displaying and maintaining data buffers	90
Configuring time ranges	91
Configuration procedure	91
Displaying and maintaining time ranges	91
Time range configuration example	91
Network requirements	91
Configuration procedure	92
Verifying the configuration	92
Appendix	93
Appendix A Default priority maps	93
Appendix B Introduction to packet precedences	94
IP precedence and DSCP values	94
802.1p priority	95
Support and other resources	97
Contacting HP	97
Subscription service	97
Related information	97
Documents	97
Websites	97
Conventions	98
Command conventions	98
GUI conventions	98
Symbols	98
Network topology icons	99
Port numbering in examples	99

Match case Limit results 1 per page

Step

Command

Remarks

Create an IPv4 advanced ACL

and enter its view.

acl number

acl-number

[

name

acl-name

]

[

match-order

{

auto

config

} ]

By default, no ACL exists.

IPv4 advanced ACLs are

numbered in the range of 3000 to

3999.

You can use the

acl

name

acl-name

command to enter the view of a

named ACL.

(Optional.) Configure a

description for the IPv4

advanced ACL.

description

text

By default, an IPv4 advanced ACL

has no ACL description.

(Optional.) Set the rule

numbering step.

step

step-value

The default setting is 5.

Create or edit a rule.

rule

[

rule-id

] {

deny

permit

}

protocol

[ { {

ack

ack-value

fin

fin-value

psh

psh-value

rst

rst-value

syn

syn-value

urg

urg-value

} * |

established

} |

counting

destination

{

dest-address

dest-wildcard

any

} |

destination-port

operator

port1

[

port2

] | {

dscp

{

precedence

tos

}

* } |

fragment

icmp-type

{

icmp-type

[

icmp-code

] |

icmp-message

} |

logging

source

{

source-address

source-wildcard

any

} |

source-port

operator

port1

[

port2

] |

time-range

time-range-name

vpn-instance

vpn-instance-name

] *

By default, an IPv4 advanced ACL

does not contain any rule.

The

logging

keyword takes effect

only when the module (for

example, packet filtering) that uses

the ACL supports logging.

If an IPv4 advanced ACL is for QoS

traffic classification or packet

filtering, do not specify the

vpn-instance

keyword or specify

neq

for the

operator

argument.

(Optional.) Add or edit a rule

comment.

rule

rule-id

comment

text

By default, no rule comments are

configured.

Configuring an IPv6 advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 addresses, destination IPv6 addresses,

packet priorities, protocols carried over IPv6, and other protocol header fields such as the TCP/UDP

source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message

code.

Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.

To configure an IPv6 advanced ACL:

Step

Command

Remarks

Enter system view.

system-view

N/A