[网络工程师]-案例分析-流分类、流行为、流策略

流分类：traffic classifier，又叫分类器，使用if-match语句设定流分类的匹配规则；

流行为：traffic behavior，又叫行为器，定义针对该类流量可实施的流动作；

流策略：traffic policy，可以对全局或针对某个接口应用。将流分类和流行为关联，形成一个classifier&behavior对。

system-view

[HUAWEI]sysname Switch

[Switch]vlan batch 10 20 30 100 200

[Switch]interface gigabitethernet0/0/1

[Switch-GigabitEthernet0/0/1]port link-type trunk

[Switch-GigabitEthernet0/0/1]port trunk allow-pass vlan 10

[Switch-GigabitEthernet0/0/1]quit

[Switch]interface vlanif 10

[Switch-Vlanif10]ip address 10.10.1.1 255.255.255.0

[Switch-Vlanif10]quit

......

......

[Switch]time-range satime 8:00 to 18:00 working-day //上班日8:00-18:00访问

[Switch]acl 3002

[Switch-acl-adv-3002]rule deny ip source 10.10.2.0 0.0.0.255 destination 10.10.20.1 0.0.0.0 time-range satime //禁止IP10.10.2.0/24上班日8:00-18:00访问10.10.20.1

[Switch-acl-adv-3002]quit

[Switch]acl 3003

[Switch-acl-adv-3003]rule deny ip source 10.10.3.0 0.0.0.255 destination 10.10.20.1 0.0.0.0 time-range satime //禁止IP10.10.3.0/24上班日8:00-18:00访问10.10.20.1

[Switch-acl-adv-3003]quit

[Switch]traffic classifier c_market //创建1个c_market的流分类

[Switch-classifier-c_market]if-match acl 3002 //将ACL与流分类关联

[Switch-classifier-c_market]quit

[Switch]traffic classifier c_rd //创建1个c_rd的流分类

[Switch-classifier-c_rd]if-match acl 3003 //将ACL与流分类关联

[Switch-classifier-c_rd]quit

[Switch]traffic behavior b_market //创建流行为

[Switch-behavior-b_market]deny //配置流行为动作为拒绝报文通过

[Switch-behavior-b_market]quit

[Switch]traffic behavior b_rd //创建流行为

[Switch-behavior-b_rd]deny //配置流行为动作为拒绝报文通过

[Switch-behavior-b_rd]quit

[Switch]traffic policy p_market //创建流策略

[Switch-trafficpolicy-p_market]classifier c_market behavior b_market //设置流策略的classifier&behavior对

[Switch-trafficpolicy-p_market]quit

[Switch]traffic policy p_rd //创建流策略

[Switch-trafficpolicy-p_rd]classfier c_rd behavior b_rd //设置流策略的classifier&behavior对

[Switch-trafficpolicy-p_rd]quit

[Switch]interface gigabitethernet0/0/2

[Switch-GigabitEthernet0/0/2]traffic-policy p_market inbount //对接口入方向应用流策略

[Switch-GigabitEthernet0/0/2]quit

[Switch]interface gigabitethernet0/0/3

[Switch-GigabitEthernet0/0/3]traffic-policy p_rd inbound //对接口入方向应用流策略

[Switch-GigabitEthernet0/0/3]quit