Nortel Networks 5530, 5520, 5510 manual Table of Contents

Page 4

Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

Table of Contents

DOCUMENT UPDATES

5

CONVENTIONS

5

1.

OVERVIEW: ETHERNET ROUTING SWITCH 5500 QOS AND FILTERING

6

2.

QOS FLOW CHART

9

3.

FILTER FUNCTIONALITY

10

 

3.1

OVERALL CLASSIFICATION FUNCTIONALITY

10

 

3.2

CLASSIFIER BLOCK FUNCTIONALITY

10

 

3.3

PORT RANGE FUNCTIONALITY

11

 

3.4

POLICIES

12

4.

QUEUE SETS

14

5.

TRAFFIC METER AND SHAPING

19

 

5.1

ACTUAL BUCKET SIZE

20

 

5.2

POLICING TRAFFIC

20

 

5.3

INTERFACE SHAPER

22

6.

DEFAULT NORTEL CLASS OF SERVICE

24

7.

QOS ACCESS LISTS (ACL)

25

 

7.1

ACL CONFIGURATION

25

8.

IP SECURITY FEATURES

30

 

8.1

DHCP SNOOPING

30

 

8.2

DYNAMIC ARP INSPECTION

30

 

8.3

IP SOURCE GUARD

31

9.

BPDU FILTERING

32

 

9.1

BPDU FILTERING CONFIGURATION

32

10.

QOS INTERFACE APPLICATIONS

33

 

10.1

ARP SPOOFING

34

 

10.2

DHCP ATTACKS

35

 

10.3

DOS

36

 

10.4

BPDU BLOCKING

37

11. CONFIGURATION STEPS – POLICY CONFIGURATION

38

 

11.1

ROLE COMBINATION

38

 

11.2

CLASSIFICATION

39

 

11.3

METERS

41

 

11.4

ADD A NEW POLICY

42

12.

CONFIGURATION EXAMPLES

43

 

12.1

PRE-DEFINEDVALUES

43

 

12.2

CONFIGURATION EXAMPLE 1 – TRAFFIC METER USING POLICIES

44

12.3CONFIGURATION EXAMPLE – IP ACL, DHCP SNOOPING, ARP INSPECTION, BPDU

FILTERING, AND SOURCE GUARD

50

12.4

CONFIGURATION EXAMPLE 3: PORT RANGE USING ACL OR POLICY

59

12.5

CONFIGURATION EXAMPLE 4

– L2 CLASSIFICATION BASED ON MAC ADDRESS

62

12.6

CONFIGURATION EXAMPLE 5

– L2 AND L3 CLASSIFICATION

64

___________________________________________________________________________________________________________________________

 

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

 

 

External Distribution

3

Image 4
Contents Ethernet Routing Switch NN48500-559 Abstract Table of Contents List of Figures List of TablesDocument Updates SymbolsConventions TextOverview Ethernet Routing Switch 5500 QoS and Filtering Classification Untrusted PortsUnrestricted Ports ƒ Layer 2 Classifier ElementsActions Supported StatisticsQoS Flow Chart Overall Classification Functionality Filter FunctionalityClassifier Block Functionality Port Range Functionality 7, 15, 31, 63 255, 511, 1025 4095, 8191 32762, or Min =Default Policy Drop Action PoliciesNN48500-559 5520-24T-PWRconfig#default qos agent buffer 5520-24T-PWRconfig#qos agent buffer large maximum regularQueue Sets Ethernet Routing Switch 5500 Egress CoS Queuing Egress CoS QueuingCoS 5520-24T-PWRconfig#show qos queue-set-assignment 5520-24T-PWRconfig#qos agent queue set5520-24T-PWRconfig#qos agent reset-default 5520-24T-PWRconfig#default qos agent queue-setEgress Queue Recommendations Traffic Meter and Shaping Bucket SizeActual Bucket Size Policing TrafficActual Bucket Size in Bytes Actual size in bytes Interface Parameter DescriptionExample Meter Bucket Size and Duration Interface ShaperBucket Size Max burst rate Committed rate Duration MSec 5530-24TFDconfig#show qos if-shaper port Default Nortel Class of Service Default Nortel CoS MarkingsBinary Hex DecimalQoS Access Lists ACL ACL ConfigurationIP-ACL Configuration Config#qos ip-acl name 1..16 character string ?2 L2-ACL Configuration ACL-Assign ConfigurationACL Configuration Example Config#qos l2-acl name 1..16 character string ?5530H-24TFD#show qos acl-assign Verification5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy 5500config#no qos acl-assign 5500config#no qos acl-assign 1 port 1/195500config#no qos ip-acl Changing ACLIP Security Features Dhcp Snooping ConfigurationDynamic ARP Inspection Configuration Dhcp SnoopingIP Source Guard Configuration IP Source GuardBpdu Filtering Configuration Bpdu FilteringQoS Applications Number of Classifiers Used Feature QoS Interface ApplicationsConfiguration Example ARP SpoofingDhcp Attacks Dhcp Snooping10.3 DoS Bpdu Blocking Configuration Steps Policy Configuration Role CombinationERS5500-48T#show qos if-assign ERS5500-48T#show qos if-groupERS5500-48Tconfig#qos ip-element 1-64000? ClassificationAdding IP and L2 Element IP ElementAdding a Classifier Adding a Classifier BlockMeters Parameters and variables DescriptionAdd a New Policy Pre-defined Values Configuration ExamplesQoS Action Configuration Example 1 Traffic Meter Using Policies 12.2.1 ERS5500 Configuration Using PoliciesConfigure the Interface Role Combination Configure the IP elementsConfigure the Classifier Block Configure MetersERS5500 Create the classifier block Configure the Policy Verify OperationsERS5500 Create the policy Verify the Role CombinationVerify Classifier and Classifier Block Configuration Name m1ERS5500-24T#show qos classifier-block Verify Policy Configuration Verify that the QoS Policy 12.3.1 ERS5500 Configuration IP ACL, Dhcp Snooping, ARP Inspection, and Source GuardERS5500 Add IP address to Vlan 700 and enable Ospf ERS5500 Enable ARP-Inspection for VLAN’s 110 ERS5500 Assign the IP-ACL’s to ports Verify DHCP-SnoopingVerify ARP Inspection VIDVerify ACL Configuration Verify IP Source GuardNN48500-559 NN48500-559 ERS5500-24T#show qos acl-assign Configuration Example 3 Port Range Using ACL or Policy TCP Port RangeConfigure the Policies Configuration Using PoliciesERS5500 Create IP elements for UDP port range Configuration Using IP-ACL’s ERS5500 Remark all other traffic to Bronze12.5.1 ERS5500 Configuration Using Policies Create PolicyERS5500 Pass all other traffic with standard CoS 12.5.2 ERS5500 Configuration Using IP-ACL’sERS5500 Assign the L2-ACL’s to ports Configuration Example 5 L2 and L3 Classification 12.6.1 ERS5500 Configuration Using PoliciesConfigure Classifier and Classifier Blocks ERS5500 Add L2 elements for Vlan 11012.7.1 ERS5500 Configuration Dscp Mapping via Un-restricted Port RoleACL Configuration Policy ConfigurationView the Queue Assignments ID IDEnable Shaping on Port Configuration Example 7 Interface ShapingVerify Shape Rate Configuration Software Baseline Reference DocumentationContact us