Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 1631 to Favourites
    image text
    Enable zoom 
    							 58 
Configuring traffic filtering 
Traffic filtering filters traffic matching certain criteria. For example, you can filter packets sourced from a 
specific IP address according to network status. 
Configuration procedure 
To configure traffic filtering:  
Step Command Remarks 
1.   Enter system view. 
system-view N/A 
2.  Create a class and enter 
class view.  traffic classifier
 tcl-name  [ operator  { and  
|  or  } ]   N/A 
3.
  Configure match criteria. 
if-match match-criteria   N/A 
4.  Return to system view. 
quit  N/A 
5.  Create a behavior and 
enter behavior view.  traffic behavior 
behavior-name N/A 
6.  Configure the traffic 
filtering action.  filter 
{ deny |  permit } • deny —Drops packets. 
• permit —Permits packets to 
pass through. 
7.   Return to system view. 
quit  N/A 
8.  Create a policy and enter 
policy view.  qos policy
 policy-name   N/A 
9.  Associate the class with the 
traffic behavior in the QoS 
policy.  classifier 
tcl-name behavior 
behavior-name   N/A 
10.
 Return to system view. 
quit  N/A 
11. Apply the QoS policy. 
• Applying the QoS policy to an 
interface 
• Applying the QoS policy to online 
users 
• Applying the QoS policy to a VLAN 
• Applying the QoS policy globally 
• Applying the QoS policy to the control 
plane  Choose one application 
destination as needed.  
12.
 Display the traffic filtering 
configuration.  display traffic behavior user-defined
 
[  behavior-name  ] [ | { begin |  exclude | 
include  } regular-expression ]  Optional. 
Available in any view 
 
 
NOTE: 
With filter deny  configured for a traffic behavior, the othe r actions (except class-based accounting and 
traffic mirroring) in the traffi c behavior do not take effect.
    Add page 1632 to Favourites
    image text
    Enable zoom 
    							 59 
Traffic filtering configuration example 
Network requirements 
As shown in Figure 18, Ho st is connected to GigabitEthernet 1/0/1 of Device. 
Configure traffic filtering to filter the packets with  source port being 21, and received on GigabitEthernet 
1/0/1. 
Figure 18  Network diagram 
 
 
Configuration procedure 
# Create advanced ACL 3000, and configure a rule to match packets whose source port number is 21. 
 system-view 
[DeviceA] acl number 3000 
[DeviceA-acl-adv-3000] rule 0 permit tcp source-port eq 21 
[DeviceA-acl-adv-3000] quit 
# Create a class named classifier_1, and use ACL 3000 as the match criterion in the class. 
[DeviceA] traffic classifier classifier_1 
[DeviceA-classifier-classifier_1] if-match acl 3000 
[DeviceA-classifier-classifier_1] quit 
# Create a behavior named  behavior_1, and configure the traffic filtering action to drop packets. 
[DeviceA] traffic behavior behavior_1 
[DeviceA-behavior-behavior_1] filter deny 
[DeviceA-behavior-behavior_1] quit 
# Create a policy named  policy, and associate class  classifier_1 with behavior  behavior_1 in the policy. 
[DeviceA] qos policy policy 
[DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1 
[DeviceA-qospolicy-policy] quit 
# Apply the policy named policy  to the incoming traffic of GigabitEthernet 1/0/1. 
[DeviceA] interface gigabitethernet 1/0/1 
[DeviceA-GigabitEthernet1/0/1] qos apply policy policy inbound
    Add page 1633 to Favourites
    image text
    Enable zoom 
    							 60 
Configuring priority marking 
P rio ri t y  m a rk i n g  s e t s  t h e  p rio ri t y  fi e l d s  o r  f l a g  bi t s  o f packets to modify the priority of traffic. For example, 
you can use priority marking to set IP precedence or DSCP for a class of IP traffic to change its 
transmission priority in the network. 
Priority marking can be used together with priority mapping. For more information about priority 
mapping, see  Configuring priority mapping . 
Color-based priority marking 
Coloring a packet 
The switch colors a packet to indicate its transmission priority after evaluating the status of processing 
resources and the priority of the packet.  
The switch can color a packet by using one of the following approaches:  
•  Uses the token bucket mechanism (bucket C and bucket E) of traffic policing: 
{ If bucket C has enough tokens, the packet is colored green. 
{ If bucket C does not have enough tokens but bucket E has enough tokens, the packet is colored 
yellow. 
{ If neither bucket C nor bucket E has enough tokens, the packet is colored red. 
•   If traffic policing is not configured, looks up the 802.1p priority of a packet in the 802.1p-to-drop 
priority mapping table, allocates drop precedence to the packet, and colors the packet according 
to the drop precedence. 
{ Drop precedence 0 represents green packets.  
{ Drop precedence 1 represents yellow packets. 
{ Drop precedence 2 represents red packets. 
For more information about traffic policing, see  Configuring traffic policing, traffic shaping, and line 
ra

te . For more information about priority mapping tables, see  Configuring priority mapping.  
Marking packets based on their colors  
Color-based priority marking supports re-marking DSCP precedence.  
You can configure color-based marking in the following ways:  
•  To mark packets based on a color set during traffic policing, configure a priority marking action for 
the color in the traffic policing action  car. For more information, see Configuring traffic policing.
   
•   To mark packets based on their drop precedence, configure a priority marking action for a color by 
using the remark  command as described in the subsequent section. 
 
 IMPORTANT: 
Do not use the remark
 command together with the  car command in a traffic behavior to perform 
color-based marking.
    Add page 1634 to Favourites
    image text
    Enable zoom 
    							 61 
 
Configuration procedure 
To  c o n fig u re  p rio ri t y  m a rk i n g :   
Step Command Remarks 
1.  Enter system view. 
system-view N/A 
2.  Create a class and enter 
class view.  traffic classifier
 tcl-name  [ operator  { and  | 
or  } ]   N/A 
3.
  Configure match criteria. 
if-match match-criteria   N/A 
4.  Return to system view. 
quit  N/A 
5.  Create a behavior and 
enter behavior view.  traffic behavior 
behavior-name N/A 
6.  Set the DSCP value for 
packets.  remark
 [ green  | red  | yellow  ] dscp  
dscp-value   Optional. 
7.
  Set the 802.1p priority 
for packets or configure 
the inner-to-outer tag 
priority copying function.  remark dot1p
 { 8021p | 
customer-dot1p-trust  }  Optional. 
8.
  Set the drop precedence 
for packets.  remark drop-precedence
 
drop-precedence-value   Optional. 
Applicable to only the 
outbound direction. 
9.
  Set the IP precedence for 
packets.  remark ip-precedence
 ip-precedence-value  Optional. 
10. Set the local precedence 
for packets.  remark local-precedence
 local-precedence  Optional. 
11. Return to system view. 
quit  N/A 
12. Create a policy and 
enter policy view.  qos policy
 policy-name   N/A 
13. Associate the class with 
the traffic behavior in the 
QoS policy.  classifier 
tcl-name behavior  behavior-name
 N/A 
14. Return to system view. 
quit  N/A 
15. Apply the QoS policy. 
• Applying the QoS policy to an interface 
• Applying the QoS policy to online users 
• Applying the QoS policy to a VLAN 
• Applying the QoS policy globally 
• Applying the QoS policy to the control 
plane  Choose one application 
destination as needed.  
16.
 Display the priority 
marking configuration.  display traffic behavior user-defined
 
[ behavior-name  ] [ | { begin  | exclude  | 
include  } regular-expression ]  Optional. 
Available in any view 
 
The following table shows the support for priority marking actions in the inbound and outbound 
directions.
    Add page 1635 to Favourites
    image text
    Enable zoom 
    							 62 
Table 5 Support for priority marking actions in the inbound and outbound directions 
Action inbound
 outbound 
802.1p priority marking  Yes Yes 
Drop precedence marking  Yes No 
DSCP marking  Yes Yes 
IP precedence marking  Yes Yes 
Local precedence marking  Yes No 
 
Local precedence re-marking configuration 
example 
Network requirements 
As shown in Figure 19, the company’s enterprise network interconnects hosts with servers through Device. 
The network is described as follows: 
•   Host A and Host B are connected to GigabitEthernet 1/0/1 of Device. 
•   The data server, mail server, and file server are connected to GigabitEthernet 1/0/2 of Device. 
Configure priority marking on Device to satisfy the following requirements: 
 
Traffic source  Destination Processing priority 
Host A, B  Data server  High 
Host A, B Mail server  Medium 
Host A, B File server   Low 
 
Figure 19 Network diagram 
 
 
Configuration procedure 
# Create advanced ACL 3000, and configure a rule to match packets with destination IP address 
192.168.0.1.
    Add page 1636 to Favourites
    image text
    Enable zoom 
    							 63 
 system-view 
[Device] acl number 3000 
[Device-acl-adv-3000] rule permit ip destination 192.168.0.1 0 
[Device-acl-adv-3000] quit 
# Create advanced ACL 3001, and configure a rule to match packets with destination IP address 
192.168.0.2. 
[Device] acl number 3001 
[Device-acl-adv-3001] rule permit ip destination 192.168.0.2 0 
[Device-acl-adv-3001] quit 
# Create advanced ACL 3002, and configure a rule to match packets with destination IP address 
192.168.0.3. 
[Device] acl number 3002 
[Device-acl-adv-3002] rule permit ip destination 192.168.0.3 0 
[Device-acl-adv-3002] quit 
# Create a class named classifier_dbserver, and use ACL 3000 as the match criterion in the class. 
[Device] traffic classifier classifier_dbserver 
[Device-classifier-classifier_dbserver] if-match acl 3000 
[Device-classifier-classifier_dbserver] quit 
# Create a class named  classifier_mserver, and use ACL 3001 as the match criterion in the class. 
[Device] traffic classifier classifier_mserver 
[Device-classifier-classifier_mserver] if-match acl 3001 
[Device-classifier-classifier_mserver] quit 
# Create a class named  classifier_fserver, and use ACL 3002 as the match criterion in the class. 
[Device] traffic classifier classifier_fserver 
[Device-classifier-classifier_fserver] if-match acl 3002 
[Device-classifier-classifier_fserver] quit 
# Create a behavior named  behavior_dbserver, and configure the action of setting the local precedence 
value to 4. 
[Device] traffic behavior behavior_dbserver 
[Device-behavior-behavior_dbserver] remark local-precedence 4 
[Device-behavior-behavior_dbserver] quit 
# Create a behavior named  behavior_mserver, and configure the action of setting the local precedence 
value to 3. 
[Device] traffic behavior behavior_mserver 
[Device-behavior-behavior_mserver] remark local-precedence 3 
[Device-behavior-behavior_mserver] quit 
# Create a behavior named  behavior_fserver, and configure the action of setting the local precedence 
value to 2. 
[Device] traffic behavior behavior_fserver 
[Device-behavior-behavior_fserver] remark local-precedence 2 
[Device-behavior-behavior_fserver] quit 
# Create a policy named  policy_server, and associate classes with behaviors in the policy. 
[Device] qos policy policy_server 
[Device-qospolicy-policy_server] classifier classifier_dbserver behavior\
 
behavior_dbserver
    Add page 1637 to Favourites
    image text
    Enable zoom 
    							 64 
[Device-qospolicy-policy_server] classifier classifier_mserver behavior \
behavior_mserver 
[Device-qospolicy-policy_server] classifier classifier_fserver behavior \
behavior_fserver 
[Device-qospolicy-policy_server] quit 
# Apply the policy named policy_server to the incoming traffic of GigabitEthernet 1/0/1. 
[Device] interface gigabitethernet 1/0/1 
[Device-GigabitEthernet1/0/1] qos apply policy policy_server inbound 
[Device-GigabitEthernet1/0/1] quit
    Add page 1638 to Favourites
    image text
    Enable zoom 
    							 65 
Configuring traffic redirecting 
Traffic redirecting is the action of redirecting the packets matching the specific match criteria to a certain 
location for processing. 
The following redirect  actions are supported: 
•   Redirecting traffic to the CPU —redirects packets that require processing by the CPU to the CPU. 
•   Redirecting traffic to an interface —redirects packets that require processing by an interface to the 
interface. Note that this action applies to only  Layer 2 packets, and the target interface must be a 
Layer 2 interface. 
•   Redirecting traffic to the next hop —redirects packets that require processing by an interface to the 
interface. This action only applies to Layer 3 packets. 
 
  IMPORTANT: 
The 5500 SI switch does not support redirecting traffic to the next hop. 
 
Configuration restrictions and guidelines 
•
  The actions of redirecting traffic to the CPU, redirecting traffic to an interface, and redirecting traffic 
to the next hop are mutually exclusive with each other in the same traffic behavior.  
•   A QoS policy with traffic redirecting actions can be applied to only the inbound direction of a port, 
VLAN, or all ports.  
•   The default of the  fail-action keyword is forward . 
•   You can use the  display traffic behavior user-defined  command to view the traffic redirecting 
configuration.  
Configuration procedure 
To configure traffic redirecting:  
Step Command Remarks 
1.   Enter system view. 
system-view N/A 
2.  Create a class and enter class 
view.  traffic classifier 
tcl-name [ operator  { and  | or  } ]  N/A 
3.  Configure match criteria. 
if-match match-criteria   N/A 
4.  Return to system view. 
quit  N/A 
5.  Create a behavior and enter 
behavior view.  traffic behavior 
behavior-name N/A
    Add page 1639 to Favourites
    image text
    Enable zoom 
    							 66 
Step Command Remarks 
6.  Configure a traffic redirecting 
action.  redirect 
{ cpu  | interface  interface-type 
interface-number |  next-hop  { ipv4-add1  
[ ipv4-add2 ] |  ipv6-add1 [ interface-type 
interface-number  ] [ ipv6-add2  [ interface-type 
interface-number  ] ] } [ fail-action { discard | 
forward  } ] }  The 5500 SI switch 
does not support the 
next-hop
 or 
fail-action  keyword. 
 
7.  Return to system view. 
quit  N/A 
8.  Create a policy and enter 
policy view.  qos policy
 policy-name   N/A 
9.  Associate the class with the 
traffic behavior in the QoS 
policy.  classifier 
tcl-name behavior  behavior-name  N/A 
10. Return to system view. 
quit  N/A 
11. Apply the QoS policy. 
• Applying the QoS policy to an interface 
• Applying the QoS policy to a VLAN 
• Applying the QoS policy globally 
• Applying the QoS policy to the control plane  Choose one 
application 
destination as 
needed.  
 
Redirect-to-next hop configuration example 
Network requirements 
As shown in 
Figure 20, the network is described as follows: 
•   Device A is connected to Device through two links. At the same time, Device A and Device B are 
each connected to other devices. 
•   GigabitEthernet 1/0/2 of Device A and GigabitEthernet 1/0/2 of Device B belong to VLAN 200. 
•   Ethernet 1/3 of Device A and Ethernet 1/3 of Device B belong to VLAN 201. 
•   On Device A, the IP address of VLAN-interface 200 is 200.1.1.1/24, and that of VLAN-interface 
201 is 201.1.1.1/24. 
•   On Device B, the IP address of VLAN-interface 200 is 200.1.1.2/24, and that of VLAN-interface 
201 is 201.1.1.2/24. 
Configure the actions of redirecting traffic to the next hop to implement policy-based routing and satisfy 
the following requirements: 
•   Packets with source IP address 2.1.1.1 received on GigabitEthernet 1/0/1 of Device A are 
forwarded to IP address 200.1.1.2. 
•   Packets with source IP address 2.1.1.2 received on GigabitEthernet 1/0/1 of Device A are 
forwarded to IP address 201.1.1.2. 
•   Other packets received on Ethernet 1/1 of Device  A are forwarded according to the routing table.
    Add page 1640 to Favourites
    image text
    Enable zoom 
    							 67 
Figure 20 Network diagram 
 
 
Configuration procedure 
# Create basic ACL 2000, and configure a rule to match packets with source IP address 2.1.1.1. 
 system-view 
[DeviceA] acl number 2000 
[DeviceA-acl-basic-2000] rule permit source 2.1.1.1 0 
[DeviceA-acl-basic-2000] quit 
# Create basic ACL 2001, and configure a rule to match packets with source IP address 2.1.1.2. 
[DeviceA] acl number 2001 
[DeviceA-acl-basic-2001] rule permit source 2.1.1.2 0 
[DeviceA-acl-basic-2001] quit 
# Create a class named classifier_1, and use ACL 2000 as the match criterion in the class. 
[DeviceA] traffic classifier classifier_1 
[DeviceA-classifier-classifier_1] if-match acl 2000 
[DeviceA-classifier-classifier_1] quit 
# Create a class named  classifier_2, and use ACL 2001 as the match criterion in the class. 
[DeviceA] traffic classifier classifier_2 
[DeviceA-classifier-classifier_2] if-match acl 2001 
[DeviceA-classifier-classifier_2] quit 
# Create a behavior named  behavior_1, and configure the action of redirecting traffic to the next hop 
200.1.1.2. 
[DeviceA] traffic behavior behavior_1 
[DeviceA-behavior-behavior_1] redirect next-hop 200.1.1.2 
[DeviceA-behavior-behavior_1] quit 
# Create a behavior named  behavior_2, and configure the action of redirecting traffic to the next hop 
200.1.1.2. 
[DeviceA] traffic behavior behavior_2 
[DeviceA-behavior-behavior_2] redirect next-hop 201.1.1.2 
[DeviceA-behavior-behavior_2] quit 
# Create a policy named  policy, associate class  classifier_1 with behavior  behavior_1, and associate 
class  classifier_2  with behavior behavior_2  in the policy. 
[DeviceA] qos policy policy 
[DeviceA-qospolicy-policy] classifier classifier_1 behavior behavior_1 
[DeviceA-qospolicy-policy] classifier classifier_2 behavior behavior_2 
[DeviceA-qospolicy-policy] quit 
# Apply the policy named policy  to the incoming traffic of GigabitEthernet 1/0/1. 
[DeviceA] interface gigabitethernet 1/0/1 
Device A Device B
GE1/0/1 GE1/0/1
GE1/0/2
Vlan-int200
200.1.1.1/24
GE1/0/3
Vlan-int201
201.1.1.1/24 GE1/0/2
Vlan-int200
200.1.1.2/24
GE1/0/3
Vlan-int201
201.1.1.2/24
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide