华为系列的交换机,支持使用MQC流分类的方式查看IP,VLAN,MAC的报文流量,也支持简化的ACL的简化流策略的方式查看流量统计,甚至可以直接查看接口流量。
主要命令
traffic classifier
traffic behavior
traffic policy
traffic-policy
操作实例:
使用流策略进行限速
根据 IP 地址进行限速
对IP地址为192.168.1.10的PC限速,带宽限制为4M。
system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 192.168.1.100.0.0.0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 4096
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
acl 3001
rule permit ip destination 1.1.1.1 0.0.0.0
rule permit ip source 1.1.1.1 0.0.0.0
对某网段设备进行限速
对IP地址为192.168.1.0网段设备进行限速,带宽限制为50M。
system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 192.168.1.00.0.0.255
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 51200
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
根据 IP 地址和协议进行限速
限制192.168.1.0网段设备访问Internet的HTTP(端口号为80)流量不超过10Mbps。
system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule permit tcp destination-port eq 80 source192.168.1.0 0.0.0.255
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] car cir 10240
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
使用流策略对报文进行过滤
禁止指定主机访问网络
禁止IP地址为192.168.1.10的PC访问网络。
system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 192.168.1.10 0.0.0.0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
禁止指定网段所有设备访问网络
禁止192.168.1.0网段所有设备访问网络。
system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule deny source 192.168.1.00.0.0.255
[HUAWEI-acl-basic-2000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 2000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
过滤指定应用协议报文
l 禁止TCP目的端口号为25的报文( SMTP)通过。
l 禁止TCP目的端口号为110的报文( POP3)通过。
l 禁止TCP目的端口号为80的报文( HTTP)通过。
system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 25
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 110
[HUAWEI-acl-adv-3000] rule deny tcp destination-port eq 80
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] deny
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
使用流策略配置流量统计
配置指定主机的统计信息
配置对源MAC为0000-0000-0003的报文进行流量统计。
system-view
[HUAWEI] acl 4000
[HUAWEI-acl-L2-4000] rule permit source-mac 0000-0000-0003ffff-ffff-ffff
[HUAWEI-acl-L2-4000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 4000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 outbound
配置对 ICMP 报文进行统计
system-view
[HUAWEI] acl 3000
[HUAWEI-acl-adv-3000] rule 0 permit icmp source 192.168.1.1 0destination 192.168.2.1 0
[HUAWEI-acl-adv-3000] rule 5 permit icmp source 192.168.2.1 0destination 192.168.1.1 0
[HUAWEI-acl-adv-3000] quit
[HUAWEI] traffic classifier c1
[HUAWEI-classifier-c1] if-match acl 3000
[HUAWEI-classifier-c1] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy p1
[HUAWEI-trafficpolicy-p1] classifier c1 behavior b1
[HUAWEI-trafficpolicy-p1] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 inbound
[HUAWEI-GigabitEthernet0/0/1] traffic-policy p1 outbound
配置对 ARP 报文进行统计
统计接口发送的ARP报文和回应的ARP报文。
system-view
[HUAWEI] traffic classifier arp-request
[HUAWEI-classifier-arp-request] if-match l2-protocol arp
[HUAWEI-classifier-arp-request] if-match source-mac1111-1111-1111
[HUAWEI-classifier-arp-request] if-match destination-macffff-ffff-ffff
[HUAWEI-classifier-arp-request] quit
[HUAWEI] traffic classifier arp-reply
[HUAWEI-classifier-arp-reply] if-match l2-protocol arp
[HUAWEI-classifier-arp-reply] if-match source-mac2222-2222-2222
[HUAWEI-classifier-arp-reply] if-match destination-mac1111-1111-1111
[HUAWEI-classifier-arp-reply] quit
[HUAWEI] traffic behavior b1
[HUAWEI-behavior-b1] statistic enable
[HUAWEI-behavior-b1] quit
[HUAWEI] traffic policy arp-request
[HUAWEI-trafficpolicy-arp-request] classifier arp-request behaviorb1
[HUAWEI-trafficpolicy-arp-request] quit
[HUAWEI] traffic policy arp-reply
[HUAWEI-trafficpolicy-arp-reply] classifier arp-reply behaviorb1
[HUAWEI-trafficpolicy-arp-reply] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-requestinbound
[HUAWEI-GigabitEthernet0/0/1] traffic-policy arp-replyoutbound
查看报文统计信息
配置通过流策略对报文进行统计之后,可以使用如下命令查看报文统计信息。
显示全局入方向应用流策略后基于匹配规则的报文统计信息。
display traffic policy statistics interface GigabitEthernet 0/0/1inbound verbose rule
base
Interface: GigabitEthernet0/0/1
Traffic policy inbound: arp-request
Rule number: 1
Current status: OK!
Statistics interval: 300
Classifier: arp-request operator and
Behavior: b1
if-match l2-protocol arp
if-match source-mac 1111-1111-1111
if-match destination-mac ffff-ffff-ffff
Board : 0
Passed | Packets: 0
| Bytes: 0
| Rate(pps): 0
| Rate(bps): 0
Dropped | Packets: 0
| Bytes: 0
| Rate(pps): 0
| Rate(bps): 0
基于简化ACL简化流策略配置流量统计
基于MQC方式配置流量统计时,虽然分类丰富多样,但是比较繁琐。因此,交换机提供ACL简化流策略的方式进行。在全局,VLAN或者接口下配置traffic-statistic,对匹配ACL的报文进行统计
system-view
[HUAWEI]interface gigabitethernet 0/0/1
[HUAWEI-gigabitethernet 0/0/1]traffic-statistic inbound acl 3000rule 1
配置完成后通过display traffic-statistic 命令查看
- 2018年国际泳联游泳世界杯 北京站 20181106视频简介 央视网消息:北京时间11月2日,2018年国际泳联游泳世界杯北京站比赛开战,最终李冰洁夺得女子400米自由泳冠军,季新杰夺得男子400...
- 《内经》解证 | 《黄帝内经》任督二脉循行解析(上)这里指出任脉和冲脉皆起于胞中,胞中在女子就是子宫,子宫是一个脏器,在腹腔内而非体表。 另一处描述任脉循行的地方是《素问·骨空论》...
- 掌上宁都app下载安装 掌上宁都(宁都新闻资讯)安卓版下载v5.1.3掌上宁都app是一款专为宁都市民量身打造的多功能生活服务平台。它集新闻资讯、视频直播、影视娱乐等多种功能于一体,让用户能够随时随地...
- AutoCAD中怎么给墙体填充钢筋混凝土来一起操作并填充? -室内问答本文概述:在AutoCAD中,对于墙体进行钢筋混凝土填充并一起操作是一个常见的需求,本文将详细介绍如何实现这一功能,包括设计绘图、定义填...
- iPhone已与物主锁定怎么解锁?你是否被锁定iPhone已与物主锁定的页面?在这篇文章中,我将逐步介绍实用有效的解除锁定的方法。让我们开始吧! “iPhone已与物主锁定”是苹...
- 2025年新手学PS选哪个版本?看完这篇不纠结!最近好多小伙伴跑来问我:“哥,我刚想学PS,结果一看版本从CS6到2025版全都有,到底用哪个啊?” 作为一个从PS小白一路摸爬滚打过来的过来...
- 钢琴除湿知识钢琴除湿知识 2022-04-10 雨季已到 如何防潮除湿 春天的气息越来越浓, 绿了叶,红了花, 漫长的雨季随即而来, 连绵不绝的春雨, 让一切都是...
- 《魔兽世界》战网积分失效时间 战网积分多长时间失效导 读 暴雪游戏积分会过期的。当前年度内获得的积分会在下一年度的12月31日24点过期,可通过页面上的【积分过期查询】查看账号下的积分数...
- java中如何解决中文乱码在Java中解决中文乱码的问题主要有以下五个方面:一、理解字符编码;二、设定正确的字符编码;三、Java代码中处理字符编码;四、数据库中...
- 汉字“空”的行书、楷书、草书、隶书、篆书等书法字体字帖3500常用字钢笔字典:空空楷书空行书空隶书空草书空篆书空繁体空硬笔行书怎么写好看(24种)张恒成写的行书空 张恒成硬笔书法司惠国写的行...