R3303-HP HSR6800 Routers ACL and QoS Configuration Guide

152

Figure 55 Network diagram

Configuration procedures

1. Configure the QinQ access switches

2. Configure QinQ on the access switches.

For more information, see the corresponding configuration guide for the switches.

3. Configure the router:

This section takes subinterface GigabitEthernet 2/0/0.1 that connects to building A as an

example. The configurations for buildings B and C are the same.

# Configure IP addresses for interfaces as shown in the network diagram. (Details not shown)

# Configure QinQ termination on subinterface GigabitEthernet 2/0/0.1.

<Router> system-view

[Router] interface GigabitEthernet 2/0/0.1

[Router-GigabitEthernet2/0/0.1] vlan-type dot1q vid 1 second-dot1q 1 to 200

[Router-GigabitEthernet2/0/0.1] vlan-termination broadcast enable

[Router-GigabitEthernet2/0/0.1] quit

# Configure ACLs to match the internal IP network segment and HTTP services, respectively.

[Router] acl number 3000 name inner

[Router-acl-adv-3000-inner] rule 0 permit ip source 192.168.0.0 0.0.3.255

[Router-acl-adv-3000-inner] quit

[Router] acl number 3001 name http

[Router-acl-adv-3001-http] rule 0 permit tcp destination-port eq 80

[Router-acl-adv-3001-http] quit

# Configure a traffic class for the father QoS policy to match the traffic accessing the external

network.

[Router] traffic classifier A

[Router-classifier-A] if-match acl 3000

Internet

GE2/0/1

10.0.0.1/16

SR6600

Building

GE2/0/0.1

192.168.0.1/24

QinQ access switches

192.168.0.0/24 192.168.1.0/24

192.168.2.0/24