BestHub
search
Sign in
Operations 5 min read

Configuring VLANs, ACLs, Traffic Classification, and QoS on a Switch

This guide details step‑by‑step how to create VLANs, set up ACLs, define traffic classifiers and behaviors, bind them in a traffic policy, apply the policy to a switch interface, and verify the configuration for enterprise network traffic management.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Configuring VLANs, ACLs, Traffic Classification, and QoS on a Switch

This document provides a complete configuration workflow for a network switch, covering VLAN creation, ACL definition, traffic classification, QoS behavior setup, policy binding, interface application, and verification commands.

Step 1 – Create VLANs and configure trunk ports:

[route] sysname Switch
[Switch] vlan batch 100 200
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 200
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/3] quit

Step 2 – Configure ACLs to match different subnets:

[Switch] acl 2000
[Switch-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Switch-acl-basic-2000] quit
[Switch] acl 2001
[Switch-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.255
[Switch-acl-basic-2001] quit

Step 3 – Create traffic classifiers linked to the ACLs:

[Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match acl 2000
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator and
[Switch-classifier-c2] if-match acl 2001
[Switch-classifier-c2] quit

Step 4 – Define traffic behaviors (QoS) for each class:

[Switch] traffic behavior b1
[Switch-behavior-b1] car cir 4000 pir 10000 green pass
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] car cir 6000 pir 10000 green pass
[Switch-behavior-b2] quit

Step 5 – Create a traffic policy binding classifiers to behaviors and apply it to the outbound direction of interface GigabitEthernet0/0/3:

[Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] traffic-policy p1 outbound
[Switch-GigabitEthernet0/0/3] quit

Step 6 – Verify the configuration:

[Switch] display traffic classifier user-defined
[Switch] display traffic policy user-defined p1

These commands collectively enable the enterprise to segment traffic by VLAN, enforce access control, classify flows, apply rate‑limiting QoS, and confirm that the policies are correctly enforced on the switch.

QoSnetwork operationsACLVLANswitch-configurationtraffic classification
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment