119
− Create IPv4 ACL 2002, and add a rule to permit packets with source IP address
192.168.2.0 and mask 0.0.0.255.
− Configure the ACL as a match criterion of a class, and specify the associated behavior
to mark the matched packets with 802.1p priority 1.
f. Apply a QoS policy to the incoming traffic of GigabitEthernet 1/0/4.
g. Access the details page for the QoS policy to modify the applied QoS policy as follows:
− Create IPv4 ACL 2003, and add a rule to permit packets with source IP address
192.168.3.0 and mask 0.0.0.255.
− Configure the ACL as a match criterion of a class, and specify the associated behavior
to mark the matched packets with 802.1p priority 2.
2. Configure priority mapping:
a. From the navigation tree, select QoS > QoS > Priority Mapping.
b. Configure GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and
GigabitEthernet 1/0/4 to trust the 802.1p priority.
c. Configure the 802.1p-to-local priority map to map 802.1p priority values 0, 1, and 2 to local
precedence values 0, 1, and 2, respectively.
3. Configure hardware queuing:
a. From the navigation tree, select QoS > QoS > Hardware Queuing.
b. Access the details page for GigabitEthernet 1/0/1 to perform the following tasks:
− Configure the queuing algorithm as WRR (byte-count).
− Modify the byte counts of queues 0, 1, and 2 as 2, 1, and 1, respectively.
4. Configure rate limit:
a. From the navigation tree, select QoS > QoS > Rate Limit.
b. Set the CIR to 15360 kbps for the incoming traffic of GigabitEthernet 1/0/1.
Verifying the configuration
# Verify that the QoS application status on the QoS policy page and the queuing configuration on the
hardware queuing page are as expected. (Details not shown.)
Security configuration examples
ACL-based packet filter configuration example
Network requirements
As shown in Figure 39, a company interconnects its departments through the switch. Configure the
packet filter to meet the following requirements:
• Permit access from the President's office at any time to the financial database server.
• Permit access from the Financial department to the database server only during working hours
(from 8:00 to 18:00) on working days.
• Deny access from any other department to the database server.
To Next Page
Loading...
