华为交换机-配置灵活QinQ示例-流策略接入
组网需求
如图1所示,用户侧所有低端交换机通过Switch连接网络。
用户侧主要业务有IPTV业务和PC上网业务,ME60-A供上网的PC机获取IP地址,ME60-B供IPTV的机顶盒获取IP地址。
在DSLAM上对用户不同类型的报文打上不同的VLAN Tag,从而控制PC机不从ME60-B获取IP地址。
运营商规划PPPoE报文为VLAN100~VLAN999,DHCP报文为VLAN1000~VLAN1999。
机顶盒为运营商统一赠送,所以机顶盒的MAC地址运营商可获得,而PC机的MAC地址运营商不可获得。机顶盒的MAC地址段为:00e0-8e00-0000 ffff-ff00-0000。
用户PC开机时会发送DHCP报文获取IP地址,需要将此请求拒绝,等用户使用PPPoE拨号时再获取IP地址。
配置思路
采用如下的思路配置灵活QinQ以及VLAN+MAC过滤:
- 在Switch上创建相关VLAN。
- 在Switch上配置接口GE1/0/0、GE2/0/0的类型为Hybrid,并配置灵活QinQ功能。
- 在Switch上配置基于VLAN+MAC过滤的流分类、流行为、流策略。
- 在Switch上配置接口GE1/0/0、GE2/0/0的入方向应用流策略,阻止PC机的DHCP报文获取IP地址。
操作步骤
- 配置灵活QinQ# 创建VLAN
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 10 20
# 配置接口加入VLAN
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port link-type hybrid [Switch-GigabitEthernet1/0/0] port hybrid untagged vlan 10 20 [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] port link-type hybrid [Switch-GigabitEthernet2/0/0] port hybrid untagged vlan 10 20 [Switch-GigabitEthernet2/0/0] quit [Switch] interface gigabitethernet 3/0/0 [Switch-GigabitEthernet3/0/0] port link-type hybrid [Switch-GigabitEthernet3/0/0] port hybrid tagged vlan 10 [Switch-GigabitEthernet3/0/0] quit [Switch] interface gigabitethernet 4/0/0 [Switch-GigabitEthernet4/0/0] port link-type hybrid [Switch-GigabitEthernet4/0/0] port hybrid tagged vlan 20 [Switch-GigabitEthernet4/0/0] quit
# 配置接口灵活QinQ
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] port vlan-stacking vlan 100 to 999 stack-vlan 10 [Switch-GigabitEthernet1/0/0] port vlan-stacking vlan 1000 to 1999 stack-vlan 20 [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] port vlan-stacking vlan 100 to 999 stack-vlan 10 [Switch-GigabitEthernet2/0/0] port vlan-stacking vlan 1000 to 1999 stack-vlan 20 [Switch-GigabitEthernet2/0/0] quit
- 配置流策略# 配置MAC地址过滤
[Switch] acl number 4001 [Switch-acl-L2-4001] rule 1 permit source-mac 00e0-8e00-0000 ffff-ff00-0000 [Switch-acl-L2-4001] quit
# 配置流分类
[Switch] traffic classifier STB operator and [Switch-classifier-STB] if-match vlan-id 20 [Switch-classifier-STB] if-match acl 4001 [Switch-classifier-STB] quit
# 配置流行为
[Switch] traffic behavior PermitMAC [Switch-behavior-PermitMAC] permit [Switch-behavior-PermitMAC] quit
# 配置流策略
[Switch] traffic policy PermitMAC [Switch-trafficpolicy-PermitMAC] classifier STB behavior PermitMAC [Switch-trafficpolicy-PermitMAC] quit
# 配置接口入方向应用流策略
[Switch] interface gigabitethernet 1/0/0 [Switch-GigabitEthernet1/0/0] traffic-policy PermitMAC inbound [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet 2/0/0 [Switch-GigabitEthernet2/0/0] traffic-policy PermitMAC inbound [Switch-GigabitEthernet2/0/0] quit
- 检查配置结果IPTV业务和PC上网业务都可以正常使用,并且机顶盒的IP地址从ME60-B上获取,PC机的IP地址从ME60-A上获取。
配置文件
以下仅给出Switch的配置文件。
Switch的配置文件。
# sysname Switch # vlan batch 10 20 # acl number 4001 rule 1 permit source-mac 00e0-8e00-0000 ffff-ff00-0000 # traffic classifier STB operator and precedence 5 if-match vlan-id 20 if-match acl 4001 # traffic behavior PermitMAC permit # traffic policy PermitMAC match-order config classifier STB behavior PermitMAC # interface GigabitEthernet1/0/0 port link-type hybrid port hybrid untagged vlan 10 20 port vlan-stacking vlan 100 to 999 stack-vlan 10 port vlan-stacking vlan 1000 to 1999 stack-vlan 20 traffic-policy PermitMAC inbound # interface GigabitEthernet2/0/0 port link-type hybrid port hybrid untagged vlan 10 20 port vlan-stacking vlan 100 to 999 stack-vlan 10 port vlan-stacking vlan 1000 to 1999 stack-vlan 20 traffic-policy PermitMAC inbound # interface GigabitEthernet3/0/0 port link-type hybrid port hybrid tagged vlan 10 # interface GigabitEthernet4/0/0 port link-type hybrid port hybrid tagged vlan 20 # return
阅读剩余
版权声明:
作者:SE_YT
链接:https://www.cnesa.cn/3023.html
文章版权归作者所有,未经允许请勿转载。
THE END
