Contents

Configuring user profiles· 1

About user profiles· 1

About session group profiles and user group profiles· 1

Concepts· 1

How they work· 1

Restrictions and guidelines: User profile configuration· 2

Prerequisites for user profile· 2

Configuring a user profile· 2

Configuring a session group profile· 4

Configuring a user group profile· 5

Applying a user profile to an interface· 6

Display and maintenance commands for user profiles· 7

User profile configuration examples· 7

Example: Configuring user profiles and a user group profile· 7

 

Configuring user profiles

About user profiles

A user profile defines a set of parameters, such as a QoS policy, for a single user or interface. A user profile can be reused when a user connected to the network on a different interface.

The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user. You can also apply a user profile to an interface to process specific traffic on the interface.

User profiles are typically used in the following scenarios:

·     Resource allocation per user—Interface-based traffic policing limits the total amount of bandwidth available to all users that are connected through one interface. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.

·     User access control—When a user passes authentication but the account is overdue, only the resources defined by the ACL permit rules in the free rules are accessible for this user.

About session group profiles and user group profiles

Concepts

Session group profiles and user group profiles are a particular type of user profile for a group of users. It implements QoS traffic control on a per-group basis. A user group can include multiple users and multiple services. For example, you can configure a session group profile or user group profile to limit the total bandwidth for the user group in addition to configuring a user profile for each user.

A session group profile and a user group profile implement the same function. However, the ways they associate user profiles differ.

·     A session group profile is associated with a user profile when they are authorized to the same online user. The online user is subject to both the user profile and session group profile.

·     A user group profile is associated with a user profile by using CLI command. The authentication server authorizes only the user profile to the online user. The online user is subject to both the user profile and the user group profile associated with the user profile.

How they work

A user profile limits traffic of a single online user. A session group profile or user group profile limits the total traffic of multiple online users. The following queue types are available for hierarchical scheduling:

·     Traffic queue—Caches packets of different priorities of a user.

·     User queue—Schedules packets of traffic queues by using a queue scheduling profile applied to the user profile, and rate limits the packets of the user queue by using QoS policy and traffic policing settings.

·     User group queue—Schedules packets of user queues by using a queue scheduling profile applied to the user group profile or session group profile, and rate limits the packets of the user group queue by using QoS policy, traffic policing, traffic shaping settings.

Traffic queues are physical queues and have cache units. User queues and user group queues are virtual queues that participate in hierarchical scheduling and do not have cache units.

Figure 1 Hierarchical scheduling

‌

Restrictions and guidelines: User profile configuration

Because a session group profile and a user group profile implement the same function, a user profile cannot be associated with both a session group profile and a user group profile.

You can configure traffic regulation, QoS policy, traffic scheduling, queue scheduling profile, connection limits, and auth-free rule for a user profile as required.

Prerequisites for user profile

If a user profile is applied to an interface, no authentication settings are required.

If a user profile works with authentication, you must configure authentication settings for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.

Configuring a user profile

About this task

For information about QoS policies, CAR policies and queue scheduling profiles, see ACL and QoS Configuration Guide.

For information about connection limits, see "Configuring connection limits."

Procedure

1.     Enter system view.

system-view

2.     Create a user profile and enter user profile view.

user-profile profile-name

3.     Configure traffic regulation. Choose the options to configure as needed:

 

NOTE: If you specify a queue scheduling profile in step 5, you can only use the qos user-queue command for traffic regulation in this step.

 

¡     Configure a CAR policy for the user profile.

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]

qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]

By default, no CAR policy is configured for a user profile.

¡     Configure rate limiting for the user profile.

qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] } * outbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ] } * outbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] } inbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] } inbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] } inbound

qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] } inbound

By default, rate limiting is not configured for a user profile.

4.     Apply an existing QoS policy to the user profile.

qos apply policy policy-name { inbound | outbound }

By default, no QoS policy is applied to a user profile.

5.     Configure queue scheduling for user queues.

¡     Specify a queue for session packets that use the user profile.

qos queue { queue-id | queue-name }

By default, no queue for session packets is specified for a user profile.

Session packets are scheduled based on the scheduling priority of the specified queue, implementing session-based congestion management.

¡     Set the outbound weight value for the user profile.

qos weight weight-value outbound

By default, no outbound weight value is set for a user profile.

Bandwidth resources are allocated based on the weight value.

6.     Specify an existing queue scheduling profile for the user profile.

qos user-queue qmprofile qmprofile-name { inbound | outbound }

By default, no queue scheduling profile is specified for a user profile.

7.     Configure connection limits.

¡     Set the maximum number of user connections.

connection-limit amount amount

By default, the number of user connections is not limited for a user profile.

¡     Set the maximum connection establishment rate.

connection-limit rate rate

By default, the connection establishment rate is not limited for a user profile.

8.     Create a user profile free rule.

free-rule acl [ ipv6 ] { acl-number | name acl-name }

By default, no user profile free rule is configured for a user profile.

Configuring a session group profile

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Identify a session group on the interface.

qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }

By default, no session group is identified on the interface.

The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.

4.     Return to system view.

quit

5.     Create a session group profile and enter session group profile view.

user-profile profile-name type session-group

You can use the command to enter the view of an existing session group profile.

6.     Configure traffic regulation.

¡     Configure GTS for the session group profile.

qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]

By default, no GTS is configured for a session group profile.

7.     Apply an existing queue scheduling profile to the session group profile.

qos apply qmprofile profile-name

By default, no queue scheduling profile is applied to a session group profile.

For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.

Configuring a user group profile

About this task

After you execute the qos session-group identify command on an interface, the system can identify the users from the same home. If you want to limit the total bandwidth for all users from the same home, you must execute the qos user-queue user-group-profile command for each user profile for the users. Additionally, you must associate all the user profiles with the same user group profile.

If you associate the user profiles for users from the same home with different user group profiles, the total bandwidth available to the users will change among the bandwidth limits configured for the user group profiles. Suppose you associate user profile A and user profile B with user group profile A and with user group profile B, respectively. When user A first comes online, the total bandwidth for user A and user B is the bandwidth limit configured for user group profile A. When user B comes online later, the total bandwidth for user A and user B changes to the bandwidth limit configured for user group profile B. If user A goes offline and then comes online, the total bandwidth for user A and user B changes back to the bandwidth limit configured for user group profile A.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Identify a session group on the interface.

qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }

By default, no session group is identified on the interface.

The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.

4.     Return to system view.

quit

5.     Create a user group profile and enter user group profile view.

user-group-profile profile-name

6.     Configure traffic regulation.

¡     Configure GTS for the user group profile.

qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]

qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]

By default, no GTS is configured for a user group profile.

7.     Apply an existing queue scheduling profile to the user group profile.

qos apply qmprofile profile-name

By default, no queue scheduling profile is applied to a user group profile.

8.     Set the outbound weight value for the user group profile.

qos weight weight-value outbound

By default, no outbound weight value is set for a user group profile.

Bandwidth resources are allocated among user group profiles based on the weight value.

9.     Return to system view.

quit

10.     Enter user profile view.

user-profile profile-name

11.     Associate the user profile with the user group profile.

qos user-queue user-group-profile user-group-profile-name outbound

By default, a user profile is not associated with any user group profile.

For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.

Applying a user profile to an interface

Restrictions and guidelines

The following rules apply if you specify a direction when applying a user profile to an interface:

·     The settings in the user profile take effect only if the direction of the settings is the same as the application direction.

·     Only one user profile can be applied to the same direction.

The following rules apply if you do not specify a direction when applying a user profile to an interface:

·     The settings in the user profile take effect in the direction as they are configured.

·     No other user profile can be applied to the interface, regardless of whether it is applied with a direction.

This feature is mutually exclusive with any of the following configurations:

·     Bind the interface to a VSI by using the xconnect vsi command.

·     Bind the interface to a cross-connect by using the ac interface command.

The device supports only CAR policy, rate limiting, and queue scheduling profile settings in a user profile applied to an interface.

·     The CAR policy is mutually exclusive with traffic policing configured on an interface by using the qos car command.

·     The CAR policy on a main interface does not take effect on its subinterfaces.

·     The CAR policy does not take effect on member ports of an aggregation group.

·     The CAR policy supports only the single rate two color algorithm. If you configure the pir peak-information-rate option, tokens are put into the token bucket at the PIR.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Apply a user profile to the interface.

qos apply user-profile profile-name [ inbound | outbound ]

By default, no user profile is applied to an interface.

Display and maintenance commands for user profiles

Execute display commands in any view and reset commands in user view.

 

Task	Command
Display the configuration and traffic policing statistics for a user profile applied to an interface.	display user-profile interface [ interface-type interface-number ] [ slot slot-number ] [ inbound | outbound ]
Display configuration and online user information for the specified user group profile or all user group profiles.	display user-group-profile [ name profile-name ] [ slot slot-number ]
Display configuration and online user information for the specified user profile or all user profiles.	display user-profile [ session-group ] [ name profile-name ] [ slot slot-number ]
Clear the traffic policing statistics for a user profile applied to an interface.	reset user-profile interface [ interface-type interface-number ] [ inbound | outbound ]

‌

User profile configuration examples

Example: Configuring user profiles and a user group profile

Network configuration

As shown in Figure 2, user A and user B are from the same home. The device performs RADIUS authentication on the users on Ten-GigabitEthernet 3/0/1. After a user passes authentication, the RADIUS server authorizes a user profile to limit the bandwidth for the user.

Configure user profiles and a user group profile on the device to meet the following requirements:

·     Limit the total bandwidth for user A and user B to 100 Mbps.

·     Limit the bandwidth for user A to 80 Mbps.

·     Limit the bandwidth for user B to 50 Mbps.

User A has three services. Configure a queue scheduling profile to meet the following requirements:

·     IPTV service—The queuing scheduling method is WRR, the scheduling weight is 20, and the maximum bandwidth is 50 Mbps.

·     Internet data service—The queuing scheduling method is WRR, the scheduling weight is 10, and the maximum bandwidth is 40 Mbps.

·     VoIP service—The queuing scheduling method is SP, the maximum bandwidth is 10 Mbps, and the minimum guaranteed bandwidth is 5 Mbps.

Figure 2 Network diagram

 

Procedure

1.     Configure the RADIUS server:

# Authorize user profile a to user A, and Authorize user profile b to user A. (Details not shown.)

2.     Configure the device:

# Identify a session group on Ten-GigabitEthernet 3/0/1.

[Device] interface ten-gigabitethernet 3/0/1

[Device-Ten-GigabitEthernet3/0/1] qos session-group identify service-vlan

This operation will affect online users from now on. Continue? [Y/N]:y

[Device-Ten-GigabitEthernet3/0/1] quit

# Create a queue scheduling profile named qm.

[Device] qos qmprofile qm

# Configure queue 1 (IPTV service) as a WRR queue, with the scheduling weight as 20 and the maximum bandwidth as 50 Mbps.

[Device-qmprofile-qm] queue 1 wrr group 1 weight 20 max-bandwidth 50000

# Configure queue 2 (Internet data service) as a WRR queue, with the scheduling weight as 10 and the maximum bandwidth as 40 Mbps.

[Device-qmprofile-qm] queue 2 wrr group 1 weight 10 max-bandwidth 40000

# Configure queue 3 (VoIP service) as an SP queue, with the maximum bandwidth as 10 Mbps. Configure the minimum guaranteed bandwidth as 5 Mbps for the queue.

[Device-qmprofile-qm] queue 3 sp max-bandwidth 10000

[Device-qmprofile-qm] bandwidth queue 3 min 5000

[Device-qmprofile-qm] quit

# Create a user group profile named ab, and set the total bandwidth for user A and user B as 100 Mbps.

[Device] user-group-profile ab

[Device-user-group-profile-ab] qos gts any cir 100000

[Device-user-group-profile-ab] quit

# Create a user profile named a, and set the total bandwidth for user A as 80 Mbps.

[Device] user-profile a

[Device-user-profile-a] qos user-queue cir 8000 outbound

[Device-user-profile-a] quit

# Create a user profile named b, and set the total bandwidth for user B as 50 Mbps.

[Device] user-profile a

# Associate all the two user profiles with user group profile ab. Reference queue scheduling profile qm in user profile a.

[Device] user-profile a

[Device-user-profile-a] qos user-queue qmprofile qm user-group-profile ab outbound

[Device-user-profile-a] quit

[Device] user-profile b

[Device-user-profile-b] qos user-queue user-group-profile ab outbound

[Device-user-profile-b] quit

Verifying the configuration

# Verify that the bandwidth for user A is limited to 80 Mbps. Each service of user A is scheduled and rate limited as configured. (Details not shown.)

# Use the display user-profile and display qos qmprofile configuration commands to verify the configuration on the device:

<Device> display user-profile name a

  User Profile: a

    Direction: Outbound

      Committed Access Rate:

        CIR 80000 (kbps), CBS 5000000 (Bytes), EBS 0 (Bytes)

      User queue:

        QMProfile:

          qm

        User group profile: ab

 

<Device> display qos qmprofile configuration

Queue scheduling profile: qm (ID 1)

 Queue ID  Type  Group   Schedule   Schedule  Min         Max

                         unit       value     bandwidth   bandwidth

 ---------------------------------------------------------------------

 be        WRR   1       weight     10        0           40000

 af1       SP    N/A     N/A        N/A       0           N/A

 af2       SP    N/A     N/A        N/A       0           N/A

 af3       SP    N/A     N/A        N/A       0           N/A

 af4       SP    N/A     N/A        N/A       0           N/A

 ef        WRR   1       weight     20        20000       40000

 cs6       SP    N/A     N/A        N/A       0           10000

 cs7       SP    N/A     N/A        N/A       0           N/A

 

<Device> display user-group-profile name ab

  User Group Profile: ab

    Direction: Outbound

      General Traffic Shaping:

        If-match any:

        CIR 100000 (kbps), CBS 6250000 (Bytes), EBS 0 (Bytes)