Manualshelf

R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
241242243244245246247248249250
235
Limit the receiving rate on GigabitEthernet 0/1 of Firewall B to 500 kbps, and the excess packets
are dropped.
Limit the sending rate on GigabitEthernet 0/2 of Firewall B to 1000 kbps, and the excess packets
are dropped.
Figure 133 Network diagram for traffic policing configuration
2. Configuration procedure
a. Configure Firewall A
# Configure ACLs to permit the packets from Server and Host A.
[FirewallA] acl number 2001
[FirewallA-acl-basic-2001] rule permit source 1.1.1.1 0
[FirewallA-acl-basic-2001] quit
[FirewallA] acl number 2002
[FirewallA-acl-basic-2002] rule permit source 1.1.1.2 0
[FirewallA-acl-basic-2002] quit
# Configure CAR policies for different flows received on GigabitEthernet 0/1.
[FirewallA] interface GigabitEthernet 0/1
[FirewallA-GigabitEthernet0/1] qos car inbound acl 2001 cir 54 cbs 4000 ebs 0 green pass
red remark-prec-pass 0
[FirewallA-GigabitEthernet0/1] qos car inbound acl 2002 cir 8 cbs 1875 ebs 0 green pass
red discard
[FirewallA-GigabitEthernet0/1] quit
b. Configure Firewall B
# Configure a CAR policy on GigabitEthernet 0/1 to limit the incoming traffic rate to 500 kbps and drop
the excess packets.
<FirewallB> system-view
[FirewallB] interface GigabitEthernet 0/1
[FirewallB-GigabitEthernet0/1] qos car inbound any cir 500 cbs 32000 ebs 0 green pass red
discard
[FirewallB-GigabitEthernet0/1] quit
# Configure a CAR policy on GigabitEthernet 0/2 to limit the sending rate to 1 Mbps and drop the
excess packets.