Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

7. QoS Access Lists (ACL)

As of software release 5.0, the ERS55xx can be configured using access lists (ACL). You can choose to use policies and/or ACL’s to configure the ERS5500 switch. Up to a maximum of 15 precedence levels are supported using policies whereas ACL’s allows up to a maximum of 8 precedence levels.

Please be aware of the following when using ACLs:

By default, ACL’s are always terminated by an implicit action of “drop all non-matching traffic”. The default action of “drop all non-matching traffic” cannot be changed.

ACL precedence is always in the order the ACL’s are entered

ACL’s are applied at a port level

Up to 8 precedence levels are supported, however, you can use ACL blocks if you have similar filter rules - please see classifier block explanation in section 3.2

When an ACL is assigned to a port, the ACL is assigned the highest precedence value available on the port. Each additional ACL that is added is then assigned decreasing precedence levels. Any policies (QoS or non-QoS) already associated with a port dictate the starting and subsequent precedence values for the ACL(s).

You cannot assign traffic meters

IP and L2 ACL’s cannot be combined. If you wish to combine L2 and L3, policies must be used

ACL’s cannot be modified; you must first remove the ACL-assign configuration at a port level, then delete the ACL or ACL’s you wish to modify and reconfigure the ACL or ACL’s.

ACL’s can be enabled or disabled. However, you cannot update or change the associated precedence values when the ACL is disabled.

You can only configure ACL’s using CLI or http (QoS Wizard). Although JDM will display the ACL configuration, you cannot use JDM to either configure or delete ACL’s.

7.1ACL Configuration

7.1.1 IP-ACL Configuration

IP ACL’s are added using the following command:

5500 (config)#qos ip-acl name <1..16 character string> ?

addr-type block

drop-action ds-field dst-ip dst-port-min

flow-id next-header protocol set-drop-prec src-ip src-port-min update-1p update-dscp <cr>

Specify the address type (IPv4, IPv6) classifier criteria Specify the label to identify access-list elements that are of the same block

Specify the drop action

Specify the DSCP classifier criteria

Specify the destination IP classifier criteria

Specify the L4 destination port minimum value classifier criteria

Specify the IPv6 flow identifier classifier criteria Specify the IPv6 next header classifier criteria Specify the IPv4 protocol classifier criteria Specify the set drop precedence

Specify the source IP classifier criteria

Specify the L4 source port minimum value classifier criteria Specify the update user priority

Specify the update DSCP

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

25

Page 25 Page 27
Page 26
Image 26
Nortel Networks 5510, 5520 QoS Access Lists ACL, IP-ACL Configuration, Config#qos ip-acl name 1..16 character string ?
Page 25 Page 27
Top Page Image Contents