Nortel Networks 5530, 5520, 5510 manual Policies, Default Policy Drop Action

Page 13

Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

 

 

Max = 11

4

7

Min = 100

 

 

Max = 111

8

15

Min = 1000

 

 

Max = 1111

80

95

Min = 10100000

 

 

Max = 10111111

3.4Policies

Packets received on an interface are matched against all policies associated with that interface. Hence, all policies are applied to the packet.

Policy precedence – the precedence attribute is used to specify the evaluation order of policies that apply to the same interfaces. Policies with higher precedence (i.e., a larger value) are applied before those with lower precedence (i.e., a smaller value). Precedence values must be unique for all policies being applied to the same interface role.

If one policy associated with the specific interface only specifies a value updating the DSCP value while another policy associated with that same interface only specifies a value for updating the 802.1p user priority value, both of these actions occur.

If two policies on the specified interface request that the DSCP be updated but specify different values - the value from the policy with the higher precedence will be used.

Referenced component conflicts - action or meter criteria can be specified through individual classifier blocks. When a policy references a classifier block and members of the referenced block identify their own action or meter criteria, action and meter data must not be specified by the policy.

The actions applied to packets include those actions defined from user-defined policies and those actions defined from system default policies. The user-defined actions always carry a higher precedence than the system default actions. This means that, if user- defined policies do not specify actions that overlap with the actions associated with system default policies (for example, the DSCP and 802.1p update actions installed on untrusted interfaces), the lowest precedence, default policy actions will be included in the set of actions to be applied to the identified traffic.

The following table displays the ERS 5500 default policy action with corresponding drop actions. The drop action specifies whether a packet should be dropped, not dropped, or deferred. A drop action of deferred-Pass specifies that a traffic flow decision will be deferred to other installed policies.

Table 3: Default Policy Drop Action

ID

Name

Drop

Update DSCP

User Priority

Drop

 

 

 

 

 

Precedence

1

Drop_Traffic

drop

Ignore

Ignore

highDropPrec

2

Standard_Service

Don’t Drop

0x00

Priority 0

highDropPrec

3

Bronze_Service

Don’t Drop

0x0a

Priority 2

lowDropPrec

4

Silver_Service

Don’t Drop

0x12

Priority 3

lowDropPrec

5

Gold_Service

Don’t Drop

0x1a

Priority 4

lowDropPrec

6

Platinum_Service

Don’t Drop

0x22

Priority 5

lowDropPrec

7

Premium_Service

Don’t Drop

0x2e

Priority 6

lowDropPrec

8

Network_Service

Don’t Drop

0x30

Priority 7

lowDropPrec

9

Null_Service

Don’t Drop

ignore

ignore

lowDropPrec

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

12

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Ethernet Routing Switch NN48500-559 Abstract Table of Contents List of Tables List of FiguresSymbols Document UpdatesConventions TextOverview Ethernet Routing Switch 5500 QoS and Filtering Untrusted Ports ClassificationUnrestricted Ports ƒ Layer 2 Classifier ElementsStatistics Actions SupportedQoS Flow Chart Overall Classification Functionality Filter FunctionalityClassifier Block Functionality 7, 15, 31, 63 255, 511, 1025 4095, 8191 32762, or Min = Port Range FunctionalityPolicies Default Policy Drop ActionNN48500-559 5520-24T-PWRconfig#default qos agent buffer 5520-24T-PWRconfig#qos agent buffer large maximum regularQueue Sets Egress CoS Queuing Ethernet Routing Switch 5500 Egress CoS QueuingCoS 5520-24T-PWRconfig#qos agent queue set 5520-24T-PWRconfig#show qos queue-set-assignment5520-24T-PWRconfig#qos agent reset-default 5520-24T-PWRconfig#default qos agent queue-setEgress Queue Recommendations Bucket Size Traffic Meter and ShapingPolicing Traffic Actual Bucket SizeActual Bucket Size in Bytes Actual size in bytes Interface Parameter DescriptionExample Meter Bucket Size and Duration Interface ShaperBucket Size Max burst rate Committed rate Duration MSec 5530-24TFDconfig#show qos if-shaper port Default Nortel CoS Markings Default Nortel Class of ServiceBinary Hex DecimalACL Configuration QoS Access Lists ACLIP-ACL Configuration Config#qos ip-acl name 1..16 character string ?ACL-Assign Configuration 2 L2-ACL ConfigurationACL Configuration Example Config#qos l2-acl name 1..16 character string ?5530H-24TFD#show qos acl-assign Verification5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy 5500config#no qos acl-assign 1 port 1/19 5500config#no qos acl-assign5500config#no qos ip-acl Changing ACLDhcp Snooping Configuration IP Security FeaturesDynamic ARP Inspection Configuration Dhcp SnoopingIP Source Guard IP Source Guard ConfigurationBpdu Filtering Bpdu Filtering ConfigurationQoS Interface Applications QoS Applications Number of Classifiers Used FeatureARP Spoofing Configuration ExampleDhcp Snooping Dhcp Attacks10.3 DoS Bpdu Blocking Role Combination Configuration Steps Policy ConfigurationERS5500-48T#show qos if-assign ERS5500-48T#show qos if-groupClassification ERS5500-48Tconfig#qos ip-element 1-64000?Adding IP and L2 Element IP ElementAdding a Classifier Block Adding a ClassifierParameters and variables Description MetersAdd a New Policy Pre-defined Values Configuration ExamplesQoS Action 12.2.1 ERS5500 Configuration Using Policies Configuration Example 1 Traffic Meter Using PoliciesConfigure the Interface Role Combination Configure the IP elementsConfigure the Classifier Block Configure MetersERS5500 Create the classifier block Verify Operations Configure the PolicyERS5500 Create the policy Verify the Role CombinationName m1 Verify Classifier and Classifier Block ConfigurationERS5500-24T#show qos classifier-block Verify Policy Configuration Verify that the QoS Policy IP ACL, Dhcp Snooping, ARP Inspection, and Source Guard 12.3.1 ERS5500 ConfigurationERS5500 Add IP address to Vlan 700 and enable Ospf ERS5500 Enable ARP-Inspection for VLAN’s 110 Verify DHCP-Snooping ERS5500 Assign the IP-ACL’s to portsVID Verify ARP InspectionVerify IP Source Guard Verify ACL ConfigurationNN48500-559 NN48500-559 ERS5500-24T#show qos acl-assign TCP Port Range Configuration Example 3 Port Range Using ACL or PolicyConfigure the Policies Configuration Using PoliciesERS5500 Create IP elements for UDP port range ERS5500 Remark all other traffic to Bronze Configuration Using IP-ACL’sCreate Policy 12.5.1 ERS5500 Configuration Using PoliciesERS5500 Pass all other traffic with standard CoS 12.5.2 ERS5500 Configuration Using IP-ACL’sERS5500 Assign the L2-ACL’s to ports 12.6.1 ERS5500 Configuration Using Policies Configuration Example 5 L2 and L3 ClassificationERS5500 Add L2 elements for Vlan 110 Configure Classifier and Classifier BlocksDscp Mapping via Un-restricted Port Role 12.7.1 ERS5500 ConfigurationPolicy Configuration ACL ConfigurationID ID View the Queue AssignmentsEnable Shaping on Port Configuration Example 7 Interface ShapingVerify Shape Rate Configuration Reference Documentation Software BaselineContact us
Top Page Image Contents