Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
341342343344345346347348349350
324
Traffic control for packets forwarded by GigabitEthernet 0/1 and GigabitEthernet 0/2 of the router is as
follows:
Limit the receiving rate on GigabitEthernet 0/1 of the router to 500 kbps, and the excess packets
are dropped.
Limit the sending rate on GigabitEthernet 0/2 of the router to 1000 kbps, and the excess packets
are dropped.
Figure 236 Network diagram
Configuration procedure
1. Configure the firewall:
# Configure GTS on GigabitEthernet 0/3, shaping the packets when the sending rate exceeds
500 kbps to decrease the packet loss rate of GigabitEthernet 0/1 of the router.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/3
[Firewall-GigabitEthernet0/3] qos gts any cir 500
[Firewall-GigabitEthernet0/3] quit
# Configure ACLs to permit the packets from the server and Host A.
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 1.1.1.1 0
[Firewall-acl-basic-2001] quit
[Firewall] acl number 2002
[Firewall-acl-basic-2002] rule permit source 1.1.1.2 0
[Firewall-acl-basic-2002] quit
# Configure CAR policies for different flows received on GigabitEthernet 0/1.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] qos car inbound acl 2001 cir 54 cbs 4000 ebs 0 green
pass red remark-prec-pass 0
[Firewall-GigabitEthernet0/1] qos car inbound acl 2002 cir 8 cbs 1875 ebs 0 green pass
red discard
[Firewall-GigabitEthernet0/1] quit
2. Configure the router:
# Configure a CAR policy on GigabitEthernet 0/1 to limit the incoming traffic rate to 500 kbps
and drop the excess packets.
<Router> system-view
[Router] interface gigabitethernet 0/1
[Router-GigabitEthernet0/1] qos car inbound any cir 500 cbs 32000 ebs 0 green pass
red discard