Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series Create a set of QoS classifiers

Page 19

Configuration examples

XCreate a set of QoS classifiers:

create classifier=50 tcpdport=20

create classifier=51 tcpdport=21

create classifier=52 tcpdport=23

create classifier=53 ethformat=ethii prot=0800

Classifiers will be applied in QoS to allow prioritisation or traffic shaping. The above example classifies FTP and telnet.

Note: These switches do filtering by default. You do not need to write a rule to drop the traffic that doesn’t have a current binding in the DHCP database.

XDefine the upstream QoS flow groups:

create qos flow=50 priority=7 create qos flow=52 priority=5 create qos flow=53 priority=3 add qos flow=50 classifier=50 add qos flow=50 classifier=51 add qos flow=52 classifier=52 add qos flow=53 classifier=53

XCreate a traffic class for all upstream flow groups:

create qos trafficclass=1

add qos trafficclass=1 flow=50 add qos trafficclass=1 flow=52 add qos trafficclass=1 flow=53

XApply the QoS policy to the downstream ingress ports (customer-facing edge ports):

create qos policy=1

add qos policy=1 trafficclass=1

set qos port=1-23 policy=1

This can be used to control the egress queues that all upstream traffic is sent to. Note that the higher value egress queues have higher priority, so FTP traffic has priority over Telnet.

Page 19 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 19

Contents Introduction AlliedWareTM OSThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Verifying the status of snooped users Database survival across rebootsDatabase Dhcp snooping database time-outARP Security List of termsEnabling Dhcp snooping Trusted and non-trusted portsStatic binding So the database is empty Completely removing the Dhcp snooping databaseDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Analysis Configuring OptionDhcp filtering Configuring filteringResource considerations To enable Dhcp snooping ARP securityDhcp snooping filter show command ARP securityOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configure a private Vlan for customers Configuration examplesDefine the Dhcp snooping trusted ports Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Add the untagged ports for the customersDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Add ports to the VLANs Configure two VLANs for layer 3 access to the Dhcp serverDefine the Dhcp snooping trusted port For layer 3 support, enable the Bootp RelayCreate a set of QoS classifiers DHCPSNProcess 0b4333cc TaggedNone UntaggedNone TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From portMaximum number of leases is exceeded Dhcp client continually sends requests instead of a discoverManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Trusted ports Dhcpsnarp 02680e6c ARP to be forwarded, sender validatedDisplaying log entries Show log command is also very usefulAppendix 1 ISC Dhcp server C613-16086-00 REV B