Operation Manual Traffic Accounting

H3C S9500 Series Routing Switches Table of Contents

i
Table of Contents
Chapter 1 Traffic Accounting Configuration .............................................................................. 1-1
1.1 Traffic Accounting Introduction.......................................................................................... 1-1
1.1.1 Related Concepts of Traffic Accounting.................................................................. 1-1
1.1.2 Implementation Process of the Traffic Accounting.................................................. 1-2
1.2 Configuring Traffic Accounting........................................................................................... 1-2
1.2.1 Prerequisites ........................................................................................................... 1-2
1.2.2 Configuring Traffic Accounting................................................................................ 1-3
1.3 Displaying and Maintaining Traffic Accounting.................................................................. 1-4
1.4 Traffic Accounting Configuration Example ........................................................................ 1-4

Operation Manual Traffic Accounting
H3C S9500 Series Routing Switches Chapter 1 Traffic Accounting Configuration

1-1
Chapter 1 Traffic Accounting Configuration

Note:
The traffic accounting board referred in this chapter is Netstream service processing
board (that is, LSB1NAMB0).

When performing traffic accounting configuration, go to these sections for information
you are interested in:
Traffic Accounting Introduction
Configuring Traffic Accounting
Displaying and Maintaining Traffic Accounting
Traffic Accounting Configuration Example
1.1 Traffic Accounting Introduction
Some accounting servers, such as CAMS, can perform the accounting on the users
who have passed the 802.1X or Portal authentication by time or traffic. Traffic
accounting is to account the traffic generated by the authenticated online users in their
switches, and send the traffic accounting statistics to the accounting servers to charge
the internet users.
1.1.1 Related Concepts of Traffic Accounting
Traffic group: a mechanism to classify the object network by accounting attributes.
The accounting attributes of a traffic group include charge/no charge and charge
rate.
Accounting address of traffic group: some network segment addresses are
configured in the traffic group to account the traffic of the destination address in
these network segment addresses.
Traffic collection ports: ports that connect internet users or external networks. The
traffic of accessing to external networks passes in and out through these ports.
Traffic accounting board: the board which provides analysis, calculation and
statistics of the traffic.
Traffic collection: a process of sending the traffic which passes the traffic collection
port to the traffic accounting board by setting port mirror.
Traffic statistics: a process of the traffic accounting board analyzing and
calculating the traffic collected from the traffic collection ports. Traffic statistics
Operation Manual Traffic Accounting
H3C S9500 Series Routing Switches Chapter 1 Traffic Accounting Configuration

1-2
bases on the internet users IP addresses and the traffic group which the accessed
network belongs to.
1.1.2 Implementation Process of the Traffic Accounting
The implementation of traffic accounting is shown in Figure 1-1 in the H3C S9500
series switches.

Figure 1-1 Implementation process of the traffic accounting
Detailed implementation procedure:
1) The user uses 802.1X or PORTAL authentication client to access to the network.
2) The equipment acquires the user name and password and requests
authentication from CAMS. The equipment and CAMS use the Radius protocol to
communicate.
3) Authentication succeeds. The equipment acquires the IP address and MAC
address for the user to access to the network.
4) The user normally accesses to the network and traffic is generated.
5) The port of the switch collects the traffic and mirrors the traffic to the traffic
accounting board.
6) Traffic accounting board is in charge of the traffic statistics.
7) The main control board collects the users traffic from the traffic accounting board
periodically.
8) The switch sends the updated message which carries the acquired users traffic to
CAMS periodically. The traffic is accumulated.
9) The user requests to be offline.
10) The main control board collects the users traffic for the last time.
11) The switch sends an accounting finish message which carries all the users traffic
information this time.
12) The user is offline and this process of accessing to the network is over.
1.2 Configuring Traffic Accounting
1.2.1 Prerequisites
Traffic accounting board is plugged into the switch.
Operation Manual Traffic Accounting
H3C S9500 Series Routing Switches Chapter 1 Traffic Accounting Configuration

1-3
802.1X or Portal is enabled in the switch.
CAMS server finishes the configuration.

Note:
This article is to introduce the configuration of traffic statistics. The configuration of
802.1X or Portal or CAMS server is not covered here.

1.2.2 Configuring Traffic Accounting
Follow these steps to configure traffic accounting:
To do Use the command Remarks
Enter system view system-view
Configure the port mirror
group of traffic collection
mirroring-group groupid
{inbound | outbound }
mirroring-port-list
mirrored-to monitor-port
Required
Refer to QoS Commands
in the QoS ACL Volume
for more information.
Configure the slot for
traffic statistics
traffic-accounting
accounting-slot slot-num
Required
Specify the traffic
accounting slot where
the traffic accounting
board resides in.
Enter traffic statistics
view automatically
after successful
configuration.
Enable the traffic statistics
function
accounting enable
Required
This command is
configured in the traffic
statistic view.
Configure the traffic group
traffic-accounting
traffic-group
group-name
Required
Enter traffic group view
automatically after
successful configuration.
Display the configured
traffic group information
display
traffic-accounting
traffic-group
[ group-name ]
Optional
Configure the traffic group
address
network ip-address
{mask | masklen }
Required
This command is
configured in the traffic
group view.
Operation Manual Traffic Accounting
H3C S9500 Series Routing Switches Chapter 1 Traffic Accounting Configuration

1-4
To do Use the command Remarks
Enter ISP domain view domain domain-name
Specify the accounting
mode as traffic accounting
accounting-mode traffic Required
Configure the
domain-applied traffic
group
traffic-group
group-name rate idnum
Required

Note:
There are two choices for traffic collection port. One is to choose the port on the
networks side as the traffic collection port. The other is to choose the port on the
user's side as the traffic collection port. Ports on the networks side are the ports
connecting the Internet. The advantage of choosing ports on the networks side as
the traffic collection ports is that the mirrored streams are all for accounting, and
include no internal traffic. But these ports do not support NAT. Ports on the users
side are the ports connecting the users. They support NAT but process limited traffic
for there are too many ports. Choose one kind of the ports according to the actual
demands. Do not use the two kinds of ports simultaneously.
Configure both of the inbound and outbound mirrors when configuring the traffic
collection port.
Only support single rate currently. Multi-rate is not supported at the moment.

1.3 Displaying and Maintaining Traffic Accounting
To do Use the command
Display the information of traffic group
display traffic-accounting
traffic-group [ group-name ]
Display the configuration information of
traffic statistics
display traffic-accounting
accounting-slot [ slot-num ]
Display the traffic statistics of the current
online users
display traffic-accounting statistics
[ ip-address ]

1.4 Traffic Accounting Configuration Example
I. Network requirements
The user accesses to the network by a switch and uses 802.1X or Portal
authentication client. The user can access to the external network after passing
the authentication. The accounting mode is traffic accounting. When the user
Operation Manual Traffic Accounting
H3C S9500 Series Routing Switches Chapter 1 Traffic Accounting Configuration

1-5
accesses to network segment 11.127.1.0/24 and 12.127.1.0/24, accounting
server CAMS charges the user according to his network traffic. When the user
accesses to other network segment, CAMS does not accounts.
Perform traffic collection on the users side.
II. Network diagram

Figure 1-2 Network diagram for traffic accounting configuration
III. Configuration procedure.
#Configure the traffic accounting group somegroup.
<H3C> syst em- vi ew
Syst emVi ew: r et ur n t o User Vi ew wi t h Ct r l +Z.
[ H3C] t r af f i c- account i ng t r af f i c- gr oup somegr oup
#Configure the destination network segment address of the traffic accounting group.
[ H3C- t r af f i c- gr oup- somegr oup] net wor k 11. 127. 1. 0 24
[ H3C- t r af f i c- gr oup- somegr oup] net wor k 12. 127. 1. 0 24
#Configure the domain aaa for traffic accounting users, set the accounting mode as
traffic accounting, and specify the traffic accounting group to be used.
[ H3C] domai n aaa
[ H3C- i sp- aaa] account i ng- mode t r af f i c
[ H3C- i sp- aaa] t r af f i c- gr oup somegr oup r at e 1
#Configure the traffic collection port, and mirror the traffic collection port to the traffic
accounting board.
[ H3C] mi r r or i ng- gr oup 1 i nbound Et her net 2/ 1/ 1 mi r r or ed- t o sl ot 3
[ H3C] mi r r or i ng- gr oup 2 out bound Et her net 2/ 1/ 1 mi r r or ed- t o sl ot 3
#Configure the traffic accounting board to enable the traffic accounting function.
[ H3C] t r af f i c- account i ng account i ng- sl ot 3
[ H3C- account i ng- sl ot - 3] account i ng enabl e