R2511-HP MSR Router Series ACL and QoS Configuration Guide(V5)
95
[Router-behavior-deny] quit
# Configure a QoS policy to match and filter FTP packets.
[Router] qos policy ftppolicy
[Router-qospolicy-ftppolicy] classifier ftpclass behavior deny
[Router-qospolicy-ftppolicy] quit
# Enable DAR for traffic recognition, and apply the QoS policy to the incoming traffic of Ethernet 1/1.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] dar enable
[Router-Ethernet1/1] qos apply policy ftppolicy inbound
Run FTP client software on a PC. You can see the PC cannot use FTP for uploading or downloading files.
HTTP URL-based DAR configuration example
Network requirements
As shown in Figure 35, configure the router to prevent the clients from accessing the webpage at
http://www.abcd.com:8080/news/index.html.
Figure 35 Network diagram
Configuration procedure
# Configure the HTTP URL as the match criterion.
<Router> system-view
[Router] traffic classifier httpurl
[Router-classifier-httpurl] if-match protocol http url /news/index.html
[Router-classifier-httpurl] quit
# Configure a packet filtering behavior.
[Router] traffic behavior deny
[Router-behavior-deny] filter deny
[Router-behavior-deny] quit
# Configure a QoS policy.
[Router] qos policy httpurl
[Router-qospolicy-httpurl] classifier httpurl behavior deny
[Router-qospolicy-httpurl] quit
# Enable DAR for traffic recognition, and apply the QoS policy to the incoming traffic of Ethernet 1/1.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] dar enable
[Router-Ethernet1/1] qos apply policy httpurl inbound
Check that the clients cannot access the webpage at http://www.abcd.com:8080/news/index.html.
The url-string criterion matches the URL field in request packets. This field does not include the hostname
or port number. For example, the url-string in this example matches just the /news/index.html part of the
webpage http://www.abcd.com:8080/news/index.html.