Nortel Networks 5530 Configuration Using Policies, ERS5500 Create IP elements for UDP port range

Page 61

Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

12.4.1 Configuration – Using Policies

12.4.1.1 Configure the Interface Role Combination

For this example, we will configure a new role combination with port members 3 to 6. You have the choice of assigning a policy directly at a port level or using an interface role.

By default, all ports are set for untrusted using the allBayStacklfcs Role Combination. In this example, we will configure a new Role Combination as unrestricted and assign it to port 3 to 6.

ERS5500 Step 1 – Create the Interface Role Combination and name is “ifx”

ERS5500-24T(config)#qos if-group name ifx class unrestricted

ERS5500-24T(config)#qos if-assign port 3-6 name ifx

12.4.1.2Add new IP element pertaining to the port ranges above

ERS5500: Step 1 – Create IP elements for TCP port range 80-127

5500(config)#qos ip-element 1 protocol 6 dst-port-min 80 dst-port-max 95 5500(config)#qos ip-element 2 protocol 6 dst-port-min 96 dst-port-max 127

ERS5500: Step 1 – Create IP elements for UDP port range 2000-2027

5500(config)#qos ip-element 3 protocol 17 dst-port-min 2000 dst-port-max 2015 5500(config)#qos ip-element 4 protocol 17 dst-port-min 2016 dst-port-max 2047

12.4.1.3Configure Classifiers, one for each of the IP elements configured above ERS5500 Step 1 – Create the an IP Classifier for each IP element created above

5500(config)#qos classifier 1 set-id 1 name c1 element-type ip element-id 1 5500(config)#qos classifier 2 set-id 2 name c2 element-type ip element-id 2 5500(config)#qos classifier 3 set-id 3 name c3 element-type ip element-id 3 5500(config)#qos classifier 4 set-id 4 name c4 element-type ip element-id 4

12.4.1.4 Configure the Policies

Create the policies with the classifiers created above. Please refer to table 3 in reference to the policy action.

ERS5500 Step 1 – Create the policy

5500(config)#qos policy 1 name range_tcp_1 if-group ifx clfr-type classifier clfr-id 1 in-profile-action 5 non-match-action 9 precedence 11

5500(config)#qos policy 2 name range_tcp_2 if-group ifx clfr-type classifier clfr-id 2 in-profile-action 5 non-match-action 9 precedence 10

5500(config)#qos policy 3 name range_udp_1 if-group ifx clfr-type classifier clfr-id 3 in-profile-action 4 non-match-action 9 precedence 9

5500(config)#qos policy 4 name range_udp_2 if-group ifx clfr-type classifier clfr-id 4 in-profile-action 4 non-match-action 3 precedence 8

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

60

Page 60 Page 62
Image 61
Page 60 Page 62
Contents Ethernet Routing Switch NN48500-559 Abstract Table of Contents List of Tables List of FiguresSymbols Document UpdatesConventions TextOverview Ethernet Routing Switch 5500 QoS and Filtering Untrusted Ports ClassificationUnrestricted Ports ƒ Layer 2 Classifier ElementsStatistics Actions SupportedQoS Flow Chart Overall Classification Functionality Filter FunctionalityClassifier Block Functionality 7, 15, 31, 63 255, 511, 1025 4095, 8191 32762, or Min = Port Range FunctionalityPolicies Default Policy Drop ActionNN48500-559 5520-24T-PWRconfig#default qos agent buffer 5520-24T-PWRconfig#qos agent buffer large maximum regularQueue Sets Egress CoS Queuing Ethernet Routing Switch 5500 Egress CoS QueuingCoS 5520-24T-PWRconfig#qos agent queue set 5520-24T-PWRconfig#show qos queue-set-assignment5520-24T-PWRconfig#qos agent reset-default 5520-24T-PWRconfig#default qos agent queue-setEgress Queue Recommendations Bucket Size Traffic Meter and ShapingPolicing Traffic Actual Bucket SizeActual Bucket Size in Bytes Actual size in bytes Interface Parameter DescriptionExample Meter Bucket Size and Duration Interface ShaperBucket Size Max burst rate Committed rate Duration MSec 5530-24TFDconfig#show qos if-shaper port Default Nortel CoS Markings Default Nortel Class of ServiceBinary Hex DecimalACL Configuration QoS Access Lists ACLIP-ACL Configuration Config#qos ip-acl name 1..16 character string ?ACL-Assign Configuration 2 L2-ACL ConfigurationACL Configuration Example Config#qos l2-acl name 1..16 character string ?5530H-24TFD#show qos acl-assign Verification5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy 5500config#no qos acl-assign 1 port 1/19 5500config#no qos acl-assign5500config#no qos ip-acl Changing ACLDhcp Snooping Configuration IP Security FeaturesDynamic ARP Inspection Configuration Dhcp SnoopingIP Source Guard IP Source Guard ConfigurationBpdu Filtering Bpdu Filtering ConfigurationQoS Interface Applications QoS Applications Number of Classifiers Used FeatureARP Spoofing Configuration ExampleDhcp Snooping Dhcp Attacks10.3 DoS Bpdu Blocking Role Combination Configuration Steps Policy ConfigurationERS5500-48T#show qos if-assign ERS5500-48T#show qos if-groupClassification ERS5500-48Tconfig#qos ip-element 1-64000?Adding IP and L2 Element IP ElementAdding a Classifier Block Adding a ClassifierParameters and variables Description MetersAdd a New Policy Pre-defined Values Configuration ExamplesQoS Action 12.2.1 ERS5500 Configuration Using Policies Configuration Example 1 Traffic Meter Using PoliciesConfigure the Interface Role Combination Configure the IP elementsConfigure the Classifier Block Configure MetersERS5500 Create the classifier block Verify Operations Configure the PolicyERS5500 Create the policy Verify the Role CombinationName m1 Verify Classifier and Classifier Block ConfigurationERS5500-24T#show qos classifier-block Verify Policy Configuration Verify that the QoS Policy IP ACL, Dhcp Snooping, ARP Inspection, and Source Guard 12.3.1 ERS5500 ConfigurationERS5500 Add IP address to Vlan 700 and enable Ospf ERS5500 Enable ARP-Inspection for VLAN’s 110 Verify DHCP-Snooping ERS5500 Assign the IP-ACL’s to portsVID Verify ARP InspectionVerify IP Source Guard Verify ACL ConfigurationNN48500-559 NN48500-559 ERS5500-24T#show qos acl-assign TCP Port Range Configuration Example 3 Port Range Using ACL or PolicyConfigure the Policies Configuration Using PoliciesERS5500 Create IP elements for UDP port range ERS5500 Remark all other traffic to Bronze Configuration Using IP-ACL’sCreate Policy 12.5.1 ERS5500 Configuration Using PoliciesERS5500 Pass all other traffic with standard CoS 12.5.2 ERS5500 Configuration Using IP-ACL’sERS5500 Assign the L2-ACL’s to ports 12.6.1 ERS5500 Configuration Using Policies Configuration Example 5 L2 and L3 ClassificationERS5500 Add L2 elements for Vlan 110 Configure Classifier and Classifier BlocksDscp Mapping via Un-restricted Port Role 12.7.1 ERS5500 ConfigurationPolicy Configuration ACL ConfigurationID ID View the Queue AssignmentsEnable Shaping on Port Configuration Example 7 Interface ShapingVerify Shape Rate Configuration Reference Documentation Software BaselineContact us
Top Page Image Contents