HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

341

342

343

344

345

346

347

348

349

350

323

Configuring ACL-based traffic policing

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure an ACL.

See Access Control Configuration Guide.

Configure rules for the ACL.

3. Enter interface view.

interface interface-type interface-number N/A

4. Configure an ACL

based CAR policy on

the interface.

qos car { inbound | outbound } acl [ ipv6 ]

acl-number cir committed-information-rate [ cbs

committed-burst-size [ ebs excess-burst-size ] ]

[ green action ] [ red action ]

N/A

Configuring traffic policing for all traffic

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type interface-number

N/A

3. Configure a CAR

action for all traffic on

the interface.

qos car { inbound | outbound } any cir

committed-information-rate [ cbs committed-burst-size

[ ebs excess-burst-size ] ] [ green action ] [ red action ]

N/A

Displaying and maintaining traffic policing

Task Command

Remarks

Display CAR list information.

display qos carl [ carl-index ] [ | { begin | exclude

| include } regular-expression ]

Available in any

view.

Display the CAR information on the

specified interface.

display qos car interface [ interface-type

interface-number ] [ | { begin | exclude |

include } regular-expression ]

Available in any

view.

Traffic policing configuration example

Network requirements

As shown in Figure 236:

• The server, Host A, and Host B can access the Internet through the firewall and the router.

• The server, Host A, and GigabitEthernet 0/1 of the firewall are in the same network segment.

• Host B and GigabitEthernet 0/2 of the firewall are in the same network segment.

Perform traffic control for packets received on GigabitEthernet 0/1 of the firewall from the server and

Host A, respectively, as follows:

• Limit the rate of packets from Server to 54 kbps. When the traffic rate is below 54 kbps, the traffic

is forwarded. When the traffic rate exceeds 54 kbps, the excess packets are marked with IP

precedence 0 and then forwarded.

• Limit the rate of packets from Host A to 8 kbps. When the traffic rate is below 8 kbps, the traffic is

forwarded. When the traffic rate exceeds 8 kbps, the excess packets are dropped.