Cabletron Systems 9032578-05 manual ToS Rewrite, Established Bit ACL, Multiple IPX Encapsulation

Appendix A: New Features Supported on Line Cards

ToS Rewrite

The ToS rewrite command allows a network administrator to change the value in the ToS octet (which includes both the Precedence or ToS fields) in each IP packet. The SSR looks at every IP packet coming into the interface, and if a packet matches the defined parameters (Source IP, Destination IP, Source Port, Destination Port, or ToS Octet), the SSR rewrites the ToS Octet to a specific value.

The ToS rewrite command is incorporated in the QoS set ip command. The ToS rewrite command can apply to an incoming IP interface or to specific incoming ports when implemented together with layer 4 bridging. In both cases, ports that are associated with the incoming IP interface or the incoming port itself must reside on -AA or T-series line cards. The ports associated with the outgoing IP interfaces do not require -AA or T-series line cards. However, the outgoing ports for layer 4 bridging must be on -AA or T-series line cards; therefore, when ToS rewrite is applied on ports, both incoming and outgoing ports must be on -AA or T-series line cards.

Established Bit ACL

Established Bit ACL is an enhancement to the existing ACL feature. It allows network administrator to either permit or deny TCP connections being “established.” Established Bit ACL can only be enabled from the TCP ACL configuration. The network administrator then applies this ACL to the IP interface.

Established Bit ACL is usually used to permit TCP connections being established from the inside (Enterprise) but deny TCP connections being established from the outside (Internet). Therefore, Established Bit ACL is usually applied to the incoming interface connected to the external network. Ports that are associated with the interface where Established Bit ACL is required have to reside on -AA or T-series line cards.

Multiple IPX Encapsulation

The SSR currently supports one output encapsulation per port. In some IPX networks, multiple IPX encapsulations might be required due to different encapsulation settings on the servers. This poses an issue for clients requiring access to all these servers. Firmware version 3.1 will support multiple IPX encapsulations on an IPX interface. This feature requires -AA or T-series line cards.

Multiple IPX encapsulation allows a network administrator to create an IPX interface with a secondary interface using a different output encapsulation. The supported IPX encapsulation types are: Ethernet II, 802.3 SNAP, 802.3, and 802.2. Ports that are assigned to an IPX interface with multiple IPX encapsulations, either through a VLAN or directly attached, must reside on -AA or T-series line cards. When a VLAN is extended to multiple devices through 802.1Q trunk ports, all trunk and access ports on other systems must also reside on -AA or T-series line cards. Ports assigned to an IPX interface with a single encapsulation do not require -AA or T-series line cards.