F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
322
Figure 235 Network diagram
1333BConfiguration procedure
1. Configure Firewall:
# Configure GTS on GigabitEthernet 0/3, shaping the packets when the sending rate exceeds
500 kbps to decrease the packet loss rate of GigabitEthernet 0/1 of Router.
<Firewall> system-view
[Firewall] interface gigabitethernet 0/3
[Firewall-GigabitEthernet0/3] qos gts any cir 500
[Firewall-GigabitEthernet0/3] quit
# Configure ACLs to permit the packets from Server and Host A.
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule permit source 1.1.1.1 0
[Firewall-acl-basic-2001] quit
[Firewall] acl number 2002
[Firewall-acl-basic-2002] rule permit source 1.1.1.2 0
[Firewall-acl-basic-2002] quit
# Configure CAR policies for different flows received on GigabitEthernet 0/1.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] qos car inbound acl 2001 cir 54 cbs 4000 ebs 0 green
pass red remark-prec-pass 0
[Firewall-GigabitEthernet0/1] qos car inbound acl 2002 cir 8 cbs 1875 ebs 0 green pass
red discard
[Firewall-GigabitEthernet0/1] quit
2. Configure Router:
# Configure a CAR policy on GigabitEthernet 0/1 to limit the incoming traffic rate to 500 kbps
and drop the excess packets.
<Router> system-view
[Router] interface gigabitethernet 0/1
[Router-GigabitEthernet0/1] qos car inbound any cir 500 cbs 32000 ebs 0 green pass
red discard
[Router-GigabitEthernet0/1] quit
# Configure a CAR policy on GigabitEthernet 0/2 to limit the sending rate to 1 Mbps and drop the
excess packets.
[Router] interface Gigabitethernet 0/2
[Router-GigabitEthernet0/2] qos car outbound any cir 1000 cbs 65000 ebs 0 green pass
red discard