Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series Create a set of QoS classifiers

Page 16

Configuration examples

XCreate a set of QoS classifiers:

create classifier=50 tcpdport=20

create classifier=51 tcpdport=21

create classifier=52 tcpdport=23

create classifier=53 ethformat=ethii prot=0800

Classifiers will be applied in QoS to allow prioritisation or traffic shaping. The above example classifies FTP and telnet.

Note: These switches do filtering by default. You do not need to write a rule to drop the traffic that doesn’t have a current binding in the DHCP database.

XDefine the upstream QoS flow groups:

create qos flow=50 priority=7 create qos flow=52 priority=5 create qos flow=53 priority=3 add qos flow=50 classifier=50 add qos flow=50 classifier=51 add qos flow=52 classifier=52 add qos flow=53 classifier=53

XCreate a traffic class for all upstream flow groups:

create qos trafficclass=1

add qos trafficclass=1 flow=50 add qos trafficclass=1 flow=52 add qos trafficclass=1 flow=53

XApply the QoS policy to the downstream ingress ports (customer-facing edge ports):

create qos policy=1

add qos policy=1 trafficclass=1

set qos port=1-23 policy=1

This can be used to control the egress queues that all upstream traffic is sent to. Note that the higher value egress queues have higher priority, so FTP traffic has priority over Telnet.

Page 16 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 16

Contents AlliedWareTM OS IntroductionThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Database survival across reboots DatabaseDhcp snooping database time-out Verifying the status of snooped usersList of terms ARP SecurityEnabling Dhcp snooping Trusted and non-trusted portsStatic binding Completely removing the Dhcp snooping database So the database is emptyDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Configuring Option AnalysisConfiguring filtering Dhcp filteringTo enable Dhcp snooping ARP security Dhcp snooping filter show commandARP security Resource considerationsOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configuration examples Configure a private Vlan for customersEnable Dhcp snooping and Option 82 support Add the tagged uplink ports to the VlanAdd the untagged ports for the customers Define the Dhcp snooping trusted portsDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers Troubleshooting No trusted ports configuredDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B