Filters and QoS Configuration for ERS 5500
Technical Configuration Guide v2.0 NN48500-559
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
External Distribution
26
7.1.2 L2-ACL Configuration
L2 ACL’s are added using the following command:
5500 (config)#qos l2-acl name <1..16 character string> ?
block Specify the label to identify access-list elements that are of
the same block
drop-action Specify the drop action
dst-mac Specify the destination MAC classifier criteria
dst-mac-mask Specify the destination MAC mask classifier criteria
ethertype Specify the ethertype classifier criteria
priority Specify the user priority classifier criteria
set-drop-prec Specify the set drop precedence
src-mac Specify the source MAC classifier criteria
src-mac-mask Specify the source MAC mask classifier criteria
update-1p Specify the update user priority
update-dscp Specify the update DSCP
vlan-min Specify the Vlan ID minimum value classifier criteria
vlan-tag Specify the vlan tag classifier criteria
<cr>
7.1.3 ACL-Assign Configuration
Once you have completed the ACL configuration, the ACL name is then as signed at a port level
using the following command:
5500 (config)#qos acl-assign port <port # or port #’s> acl-type <ip|l2> name <acl
name>
7.1.4 ACL Configuration Example
7.1.4.1 Configuration
Assuming we wish to configure the following:
remark host 172.1.1.10 ftp traffic to CoS class of Silver
remark host 172.1.1.10 http traffic to CoS class of Gold
apply the ACL to port 1/19
To accomplish the above, please enter the following commands:
5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 21
src-port-max 21 update-dscp 18 block tcpcommon
5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 80
src-port-max 80 update-dscp 26 block tcpcommon
5500 (config)#qos ip-acl name host drop-action disable
5500 (config)#qos acl-assign port 1/19 acl-type ip name host
L
Please note the following:
The first two IP-ACL’s are assigned to a block named tcpcommand. Since we
are only allowed up to eight precedence levels, it is a good idea to use block
configuration whenever possible.
The third IP-ACL is required to match all other traffic. As the defaul t implicit
action is drop all non-matching traffic, if this command is not enter ed, only ftp
and http traffic from host 172.1.1.10 would be allowed.
Protocol 6 refer to TCP traffic