< Home

Example: Configuring an ICMP Test

The FW serves as an NQA client to check whether the peer device is accessible.

Networking Requirements

As shown in Figure 1, the FW serves as the NQA client. The test is performed to check whether the NQA server is accessible.

Figure 1 Network diagram of the ICMP test

Procedure

  1. Set an IP address for an interface and assign the interface to a security zone.

    # Set an IP address for the interface.

    <FW> system-view
[FW] interface GigabitEthernet 0/0/1
[FW-GigabitEthernet0/0/1] ip address 1.1.1.1 24
[FW-GigabitEthernet0/0/1] quit

    # Assign the interface to the Untrust zone.

    [FW] firewall zone untrust
[FW-untrust] add interface GigabitEthernet 0/0/1
[FW-untrust] quit

  2. Configure a security policy. 

    [FW] security-policy
[FW-policy-security] rule name nqa
[FW-policy-security-rule-nqa] source-zone local
[FW-policy-security-rule-nqa] destination-zone untrust
[FW-policy-security-rule-nqa] destination-address 2.2.2.2 32
[FW-policy-security-rule-nqa] action permit
[FW-policy-security-rule-nqa] quit
[FW-policy-security] quit

  3. Configure an ICMP test instance. 

    [FW] nqa test-instance admin icmp
[FW-nqa-admin-icmp] test-type icmp
[FW-nqa-admin-icmp] destination-address ipv4 2.2.2.2

  4. Immediately start the test. 

    [FW-nqa-admin-icmp] start now

Verification

Run the display nqa results command to view the test results.

<FW> display nqa results
NQA entry(admin, icmp) :testFlag is inactive ,testtype is icmp  
1 . Test 1 result   The test is finished   
Send operation times: 3               Receive response times: 3  
Completion:success                    RTD OverThresholds number: 0    
Attempts number:1                     Drop operation number:0   
Disconnect operation number:0         Operation timeout number:0   
System busy operation number:0        Connection fail number:0   
Operation sequence errors number:0    RTT Stats errors number:0   
Destination ip address:2.2.2.2   
Min/Max/Average Completion Time: 31/46/36   
Sum/Square-Sum  Completion Time: 108/4038   
Last Good Probe Time: 2015-8-2 10:7:11.4   
Last Packet Loss 0 %

Configuration Scripts

#
sysname FW
#
interface GigabitEthernet 0/0/1
 undo shutdown
 ip address 1.1.1.1 255.255.255.0
#
firewall zone untrust
 set priority 5
 add interface GigabitEthernet 0/0/1
#
security-policy
 rule name nqa
  source-zone local
  destination-zone untrust
  destination-address 2.2.2.2 32
  action permit
#
nqa test-instance admin icmp
 test-type icmp
 destination-address ipv4 2.2.2.2
 start now /*This command is a one-time action. Therefore, the result is not saved in the configuration file.*/
Parent Topic: Configuration Examples for NQA
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >