Login
- Table of Contents
-
- 17-BRAS Services Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-ANCP configuration
- 03-PPP configuration
- 04-Value-added services configuration
- 05-DHCP configuration
- 06-DHCPv6 configuration
- 07-User profile configuration
- 08-Connection limit configuration
- 09-L2TP configuration
- 10-PPPoE configuration
- 11-IPoE configuration
- 12-802.1X configuration
- 13-UCM configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-User profile configuration | 187.65 KB |
About session group profiles and user group profiles
Restrictions and guidelines: User profile configuration
Prerequisites for user profile
Configuring a session group profile
Configuring a user group profile
Applying a user profile to an interface
Display and maintenance commands for user profiles
User profile configuration examples
Example: Configuring user profiles and a user group profile
Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a single user or interface. A user profile can be reused when a user connected to the network on a different interface.
The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user. You can also apply a user profile to an interface to process specific traffic on the interface.
User profiles are typically used in the following scenarios:
· Resource allocation per user—Interface-based traffic policing limits the total amount of bandwidth available to all users that are connected through one interface. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
· User access control—When a user passes authentication but the account is overdue, only the resources defined by the ACL permit rules in the free rules are accessible for this user.
About session group profiles and user group profiles
Concepts
Session group profiles and user group profiles are a particular type of user profile for a group of users. It implements QoS traffic control on a per-group basis. A user group can include multiple users and multiple services. For example, you can configure a session group profile or user group profile to limit the total bandwidth for the user group in addition to configuring a user profile for each user.
A session group profile and a user group profile implement the same function. However, the ways they associate user profiles differ.
· A session group profile is associated with a user profile when they are authorized to the same online user. The online user is subject to both the user profile and session group profile.
· A user group profile is associated with a user profile by using CLI command. The authentication server authorizes only the user profile to the online user. The online user is subject to both the user profile and the user group profile associated with the user profile.
How they work
A user profile limits traffic of a single online user. A session group profile or user group profile limits the total traffic of multiple online users. The following queue types are available for hierarchical scheduling:
· Traffic queue—Caches packets of different priorities of a user.
· User queue—Schedules packets of traffic queues by using a queue scheduling profile applied to the user profile, and rate limits the packets of the user queue by using QoS policy and traffic policing settings.
· User group queue—Schedules packets of user queues by using a queue scheduling profile applied to the user group profile or session group profile, and rate limits the packets of the user group queue by using QoS policy, traffic policing, traffic shaping settings.
Traffic queues are physical queues and have cache units. User queues and user group queues are virtual queues that participate in hierarchical scheduling and do not have cache units.
Figure 1 Hierarchical scheduling
Restrictions and guidelines: User profile configuration
In SDN-WAN system operating mode, the system does not support authorizing user profiles.
In standard system operating mode, only the following cards support authorizing user profiles:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
For more information about system operating modes, see device management in Fundamentals Configuration Guide.
Only the following cards support applying a user profile to an interface:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA, CSPEX-1104-E |
|
SPE |
RX-SPE200, RX-SPE200-E |
Because a session group profile and a user group profile implement the same function, a user profile cannot be associated with both a session group profile and a user group profile.
You can configure traffic regulation, QoS policy, traffic scheduling, queue scheduling profile, connection limits, and auth-free rule for a user profile as required.
Prerequisites for user profile
If a user profile is applied to an interface, no authentication settings are required.
If a user profile works with authentication, you must configure authentication settings for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
Configuring a user profile
About this task
For information about QoS policies, CAR policies and queue scheduling profiles, see ACL and QoS Configuration Guide.
For information about connection limits, see "Configuring connection limits."
Restrictions and guidelines
The system supports authorizing users profiles to users with the following settings in the user profile:
· Traffic regulation.
· QoS policy.
· Traffic scheduling.
· Queue scheduling profile for user queues.
· Connection limits.
· Auth-free rule.
The system only supports applying user profiles to interfaces and supports only traffic regulation and queue scheduling profile settings in the user profile.
Procedure
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
3. Configure traffic regulation. Choose the options to configure as needed:
|
|
NOTE: If you specify a queue scheduling profile in step 5, you can only use the qos user-queue command for traffic regulation in this step. |
¡ Configure a CAR policy for the user profile.
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, no CAR policy is configured for a user profile.
This command is available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA |
|
SPE |
RX-SPE200, RX-SPE200-E |
¡ Configure rate limiting for the user profile.
qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] } * outbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ] } * outbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] } inbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] } inbound
By default, rate limiting is not configured for a user profile.
When AAA authorizes a user profile, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
In a user profile applied to the inbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA |
|
SPE |
RX-SPE200, RX-SPE200-E |
In a user profile applied to the outbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA, CSPEX-1104-E |
|
SPE |
RX-SPE200, RX-SPE200-E |
The queue-length queue-length option is supported only in standard system operating mode.
4. Apply an existing QoS policy to the user profile.
qos apply policy policy-name { inbound | outbound }
By default, no QoS policy is applied to a user profile.
In SDN-WAN system operating mode, the system does not support this command.
In standard system operating mode, this command is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200-E |
5. Configure queue scheduling for user queues.
¡ Specify a queue for session packets that use the user profile.
qos queue { queue-id | queue-name }
By default, no queue for session packets is specified for a user profile.
Session packets are scheduled based on the scheduling priority of the specified queue, implementing session-based congestion management.
In SDN-WAN system operating mode, the system does not support this command.
In standard system operating mode, this command is available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
¡ Set the outbound weight value for the user profile.
qos weight weight-value outbound
By default, no outbound weight value is set for a user profile.
Bandwidth resources are allocated based on the weight value.
In SDN-WAN system operating mode, the system does not support this command.
In standard system operating mode, this command is available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
6. Specify an existing queue scheduling profile for the user profile.
qos user-queue qmprofile qmprofile-name { inbound | outbound }
By default, no queue scheduling profile is specified for a user profile.
When AAA authorizes a user profile, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
For a user profile applied to an interface:
¡ In a user profile applied to the inbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA |
|
SPE |
RX-SPE200, RX-SPE200-E |
¡ In a user profile applied to the outbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RXA, CEPC-CP4RX-L, CEPC-CQ8L, CEPC-CQ8LA, CEPC-CQ8L1A, CEPC-CQ16L1 |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1504XA, CSPEX-1602X, CSPEX-1602XA, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1802XA, CSPEX-2612XA, CSPEX-1812X-E, CSPEX-2304X-G, CSPEX-1502XA, CSPEX-1104-E |
|
SPE |
RX-SPE200, RX-SPE200-E |
7. Configure connection limits.
¡ Set the maximum number of user connections.
connection-limit amount amount
By default, the number of user connections is not limited for a user profile.
¡ Set the maximum connection establishment rate.
connection-limit rate rate
By default, the connection establishment rate is not limited for a user profile.
In SDN-WAN system operating mode, the system does not support the two commands.
In standard system operating mode, the two commands are available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
8. Create a user profile free rule.
free-rule acl [ ipv6 ] { acl-number | name acl-name }
By default, no user profile free rule is configured for a user profile.
This command is supported only in standard system operating mode.
Configuring a session group profile
Restrictions and guidelines
In SDN-WAN system operating mode, the system does not support this feature.
In standard system operating mode, this feature is available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Identify a session group on the interface.
qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }
By default, no session group is identified on the interface.
The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.
4. Return to system view.
quit
5. Create a session group profile and enter session group profile view.
user-profile profile-name type session-group
You can use the command to enter the view of an existing session group profile.
6. Configure traffic regulation.
¡ Configure GTS for the session group profile.
qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]
qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]
By default, no GTS is configured for a session group profile.
7. Apply an existing queue scheduling profile to the session group profile.
qos apply qmprofile profile-name
By default, no queue scheduling profile is applied to a session group profile.
For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.
Configuring a user group profile
About this task
After you execute the qos session-group identify command on an interface, the system can identify the users from the same home. If you want to limit the total bandwidth for all users from the same home, you must execute the qos user-queue user-group-profile command for each user profile for the users. Additionally, you must associate all the user profiles with the same user group profile.
If you associate the user profiles for users from the same home with different user group profiles, the total bandwidth available to the users will change among the bandwidth limits configured for the user group profiles. Suppose you associate user profile A and user profile B with user group profile A and with user group profile B, respectively. When user A first comes online, the total bandwidth for user A and user B is the bandwidth limit configured for user group profile A. When user B comes online later, the total bandwidth for user A and user B changes to the bandwidth limit configured for user group profile B. If user A goes offline and then comes online, the total bandwidth for user A and user B changes back to the bandwidth limit configured for user group profile A.
Restrictions and guidelines
In SDN-WAN system operating mode, the system does not support this feature.
In standard system operating mode, this feature is available only for the following cards:
|
Card category |
Cards |
|
CEPC |
CEPC-XP4LX, CEPC-XP24LX, CEPC-XP48RX, CEPC-CP4RX, CEPC-CP4RX-L |
|
CSPEX |
CSPEX-1304X, CSPEX-1404X, CSPEX-1502X, CSPEX-1504X, CSPEX-1602X, CSPEX-1804X, CSPEX-1512X, CSPEX-1612X, CSPEX-1812X, CSPEX-1802X, CSPEX-1812X-E, CSPEX-2304X-G |
|
SPE |
RX-SPE200, RX-SPE200-E |
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Identify a session group on the interface.
qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }
By default, no session group is identified on the interface.
The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.
4. Return to system view.
quit
5. Create a user group profile and enter user group profile view.
user-group-profile profile-name
6. Configure traffic regulation.
¡ Configure GTS for the user group profile.
qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]
qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]
By default, no GTS is configured for a user group profile.
7. Apply an existing queue scheduling profile to the user group profile.
qos apply qmprofile profile-name
By default, no queue scheduling profile is applied to a user group profile.
8. Set the outbound weight value for the user group profile.
qos weight weight-value outbound
By default, no outbound weight value is set for a user group profile.
Bandwidth resources are allocated among user group profiles based on the weight value.
9. Return to system view.
quit
10. Enter user profile view.
user-profile profile-name
11. Associate the user profile with the user group profile.
qos user-queue user-group-profile user-group-profile-name outbound
By default, a user profile is not associated with any user group profile.
For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.
Applying a user profile to an interface
Restrictions and guidelines
The following rules apply if you specify a direction when applying a user profile to an interface:
· The settings in the user profile take effect only if the direction of the settings is the same as the application direction.
· Only one user profile can be applied to the same direction.
The following rules apply if you do not specify a direction when applying a user profile to an interface:
· The settings in the user profile take effect in the direction as they are configured.
· No other user profile can be applied to the interface, regardless of whether it is applied with a direction.
This feature is mutually exclusive with any of the following configurations:
· Bind the interface to a VSI by using the xconnect vsi command.
· Bind the interface to a cross-connect by using the ac interface command.
· (In standard system operating mode.) Enable IPoE on the interface and configure an IPoE access mode for users by using the ip subscriber enable command.
The device supports only CAR policy, rate limiting, and queue scheduling profile settings in a user profile applied to an interface.
· The CAR policy is mutually exclusive with traffic policing configured on an interface by using the qos car command.
· The CAR policy on a main interface does not take effect on its subinterfaces.
· The CAR policy does not take effect on member ports of an aggregation group.
· The CAR policy supports only the single rate two color algorithm. If you configure the pir peak-information-rate option, tokens are put into the token bucket at the PIR.
· The maximum bandwidth in a queue scheduling profile can take effect only on CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, and CSPC-GP24GE8XP2L-E cards.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Apply a user profile to the interface.
qos apply user-profile profile-name [ inbound | outbound ]
By default, no user profile is applied to an interface.
Display and maintenance commands for user profiles
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display the configuration and traffic policing statistics for a user profile applied to an interface. |
In standalone mode: display user-profile interface [ interface-type interface-number ] [ slot slot-number [ cpu cpu-number ] ] [ inbound | outbound ] In IRF mode: display user-profile interface [ interface-type interface-number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] [ inbound | outbound ] |
|
Display configuration and online user information for the specified user group profile or all user group profiles. |
In standalone mode: display user-group-profile [ name profile-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display user-group-profile [ name profile-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] This command is supported only in standard system operating mode. |
|
Display configuration and online user information for the specified user profile or all user profiles. |
In standalone mode: display user-profile [ session-group ] [ name profile-name ] [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display user-profile [ session-group ] [ name profile-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] |
|
Clear the traffic policing statistics for a user profile applied to an interface. |
reset user-profile interface [ interface-type interface-number ] [ inbound | outbound ] |
User profile configuration examples
Example: Configuring user profiles and a user group profile
Network configuration
As shown in Figure 2, user A and user B are from the same home. The device performs RADIUS authentication on the users on Ten-GigabitEthernet 3/1/1. After a user passes authentication, the RADIUS server authorizes a user profile to limit the bandwidth for the user.
Configure user profiles and a user group profile on the device to meet the following requirements:
· Limit the total bandwidth for user A and user B to 100 Mbps.
· Limit the bandwidth for user A to 80 Mbps.
· Limit the bandwidth for user B to 50 Mbps.
User A has three services. Configure a queue scheduling profile to meet the following requirements:
· IPTV service—The queuing scheduling method is WRR, the scheduling weight is 20, and the maximum bandwidth is 50 Mbps.
· Internet data service—The queuing scheduling method is WRR, the scheduling weight is 10, and the maximum bandwidth is 40 Mbps.
· VoIP service—The queuing scheduling method is SP, the maximum bandwidth is 10 Mbps, and the minimum guaranteed bandwidth is 5 Mbps.
Procedure
1. Configure the RADIUS server:
# Authorize user profile a to user A, and Authorize user profile b to user A. (Details not shown.)
2. Configure the device:
# Identify a session group on Ten-GigabitEthernet 3/1/1.
[Device] interface ten-gigabitethernet 3/1/1
[Device-Ten-GigabitEthernet3/1/1] qos session-group identify service-vlan
This operation will affect online users from now on. Continue? [Y/N]:y
[Device-Ten-GigabitEthernet3/1/1] quit
# Create a queue scheduling profile named qm.
[Device] qos qmprofile qm
# Configure queue 1 (IPTV service) as a WRR queue, with the scheduling weight as 20 and the maximum bandwidth as 50 Mbps.
[Device-qmprofile-qm] queue 1 wrr group 1 weight 20 max-bandwidth 50000
# Configure queue 2 (Internet data service) as a WRR queue, with the scheduling weight as 10 and the maximum bandwidth as 40 Mbps.
[Device-qmprofile-qm] queue 2 wrr group 1 weight 10 max-bandwidth 40000
# Configure queue 3 (VoIP service) as an SP queue, with the maximum bandwidth as 10 Mbps. Configure the minimum guaranteed bandwidth as 5 Mbps for the queue.
[Device-qmprofile-qm] queue 3 sp max-bandwidth 10000
[Device-qmprofile-qm] bandwidth queue 3 min 5000
[Device-qmprofile-qm] quit
# Create a user group profile named ab, and set the total bandwidth for user A and user B as 100 Mbps.
[Device] user-group-profile ab
[Device-user-group-profile-ab] qos gts any cir 100000
[Device-user-group-profile-ab] quit
# Create a user profile named a, and set the total bandwidth for user A as 80 Mbps.
[Device] user-profile a
[Device-user-profile-a] qos user-queue cir 8000 outbound
[Device-user-profile-a] quit
# Create a user profile named b, and set the total bandwidth for user B as 50 Mbps.
[Device] user-profile a
# Associate all the two user profiles with user group profile ab. Reference queue scheduling profile qm in user profile a.
[Device] user-profile a
[Device-user-profile-a] qos user-queue qmprofile qm user-group-profile ab outbound
[Device-user-profile-a] quit
[Device] user-profile b
[Device-user-profile-b] qos user-queue user-group-profile ab outbound
[Device-user-profile-b] quit
Verifying the configuration
# Verify that the bandwidth for user A is limited to 80 Mbps. Each service of user A is scheduled and rate limited as configured. (Details not shown.)
# Use the display user-profile and display qos qmprofile configuration commands to verify the configuration on the device:
<Device> display user-profile name a
User Profile: a
Direction: Outbound
Committed Access Rate:
CIR 80000 (kbps), CBS 5000000 (Bytes), EBS 0 (Bytes)
User queue:
QMProfile:
qm
User group profile: ab
<Device> display qos qmprofile configuration
Queue scheduling profile: qm (ID 1)
Queue ID Type Group Schedule Schedule Min Max
unit value bandwidth bandwidth
---------------------------------------------------------------------
be WRR 1 weight 10 0 40000
af1 SP N/A N/A N/A 0 N/A
af2 SP N/A N/A N/A 0 N/A
af3 SP N/A N/A N/A 0 N/A
af4 SP N/A N/A N/A 0 N/A
ef WRR 1 weight 20 20000 40000
cs6 SP N/A N/A N/A 0 10000
cs7 SP N/A N/A N/A 0 N/A
<Device> display user-group-profile name ab
User Group Profile: ab
Direction: Outbound
General Traffic Shaping:
If-match any:
CIR 100000 (kbps), CBS 6250000 (Bytes), EBS 0 (Bytes)
