HP 5500 Ei 5500 Si Switch Series Configuration Guide

8 
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.  
To configure an IPv6 advanced ACL: 
 
Step Command  Remarks 
1.  Enter system 
view.   system-view 
N/A 
2.  Create an IPv6 
advanced ACL 
and enter its 
view.   acl ipv6
 number  acl6-number 
[ name  acl6-name ] 
[  match-order  { auto | config  } ]
 
By default, no ACL exists.  
IPv6 advanced ACLs are numbered in the range of 
3000 to 3999. 
You can use the  acl ipv6  name  acl6-name  command 
to enter the...

9 
Configuring an Ethernet frame header ACL 
Ethernet frame header ACLs, also called Layer 2 ACLs, match packets based on Layer 2 protocol 
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), 
and link layer protocol type.  
To configure an Ethernet frame header ACL: 
 
Step Command  Remarks 
1.  Enter system 
view.   system-view N/A 
2.
  Create an 
Ethernet frame 
header ACL 
and enter its 
view.   acl number
 acl-number 
[ name  acl-name  ] 
[...

10 
To successfully copy an ACL, make sure that: 
•  The destination ACL number is from the same category as the source ACL number.  
•   The source ACL already exists but the destination ACL does not.  
Copying an IPv4 ACL  
Step Command 
1.  Enter system view. 
system-view 
2.  Copy an existing IPv4 ACL to create a 
new IPv4 ACL.  acl copy 
{ source-acl-number  | name  source-acl-name  } to  
{  dest-acl-number |  name dest-acl-name  } 
 
Copying an IPv6 ACL  
Step Command 
1.  Enter system view....

11 
Step Command Remarks 
2.  Enter interface view.  interface 
interface-type 
interface-number N/A 
3.   Apply an IPv4 basic, IPv4 
advanced, or Ethernet frame 
header ACL to the interface to 
filter packets.  packet-filter { acl-number
 | 
name  acl-name } { inbound  
|  outbound  }  By default, no ACL is applied to any 
interface. 
4.
  Exit to system view. 
quit N/A 
5.  Set the interval for generating 
and outputting IPv4 packet 
filtering logs.  acl logging frequence
 
frequence   By default, the...

12 
Task Command Remarks 
Display the configuration and 
status of one or all time ranges. display time-range 
{ time-range-name  | all } 
[ |  { begin |  exclude | include } 
regular-expression  ]  Available in any view
 
Clear statistics for one or all IPv4 
ACLs.
  reset
 acl  counter { acl-number  | all |  name  
acl-name }   Available in user view 
Clear statistics for one or all IPv6 
basic and advanced ACLs. reset
 acl  ipv6  counter { acl6-number  | all  | 
name  acl6-name }   Available in user...

13 
[Switch] time-range telnet 8:30 to 18:00 working-day 
# Create IPv4 basic ACL 2000, and configure a rule for the ACL to permit the packets sourced 
from 10.1.3.1 during only the time specified by time range  telnet.  
[Switch] acl number 2000 
[Switch-acl-basic-2000] rule permit source 10.1.3.1 0 time-range telnet \
[Switch-acl-basic-2000] quit 
# Apply ACL 2000 to the inbound traffic of all telnet user interfaces to limit the telnet login 
requests.  
[Switch] user-interface vty 0 4...

14 
Configuration procedure 
# Create a time range from 08:00 to 18:00 every day. 
 system-view 
[DeviceA] time-range study 8:00 to 18:00 daily 
# Create IPv4 ACL 2009, and configure two rules in the ACL. One rule permits packets sourced from 
Host A and the other denies packets sourced from any other host during the time range study. Enable 
logging for the permit rule. 
[DeviceA] acl number 2009 
[DeviceA-acl-basic-2009] rule permit source 192.168.1.2 0 time-range stu\
dy logging...

15 
# Create IPv6 ACL 2009, and configure two rules for the ACL. One permits packets sourced from Host 
A and the other denies packets sourced from any other host during the time range study. Enable logging 
for the permit rule. 
[DeviceA] acl ipv6 number 2009 
[DeviceA-acl6-basic-2009] rule permit source 1001::2 128 time-range stud\
y logging 
[DeviceA-acl6-basic-2009] rule deny source any time-range study  
[DeviceA-acl6-basic-2009] quit 
# Configure the device to collect and output IPv6  packet...

 16 
QoS overview 
In data communications, Quality of Service (QoS) is a network’s ability to provide differentiated service 
guarantees for diversified traffic in terms of bandwidth, delay, jitter, and drop rate. 
Network resources are scarce. The contention for resources requires that QoS prioritize important traffic 
flows over trivial ones. For example, in the case of fixed bandwidth, if a traffic flow gets more bandwidth, 
the other traffic flows will get less bandwidth and may be affected. When...

 17 
QoS techniques 
The QoS techniques include traffic classification, traffic policing, traffic shaping, line rate, congestion 
management, and congestion avoidance. They address problems that arise at different positions of a 
network.  
Figure 4  Placement of the QoS techniques in a network 
 
 
As shown in Figure 4, traffic classification, traffic shaping, traffic policing, congestion management, and 
congestion avoidance mainly implement the following functions: 
•   Traffic classification —Uses...