Filters and QoS Configuration for ERS 5500

 

 

Technical Configuration Guide

v2.0

NN48500-559

7.1.2 L2-ACL Configuration

L2 ACL’s are added using the following command:

5500 (config)#qos l2-acl name <1..16 character string> ?

block

drop-action dst-mac dst-mac-mask ethertype priority set-drop-prec src-mac src-mac-mask update-1p update-dscp vlan-min vlan-tag <cr>

Specify the label to identify access-list elements that are of the same block

Specify the drop action

Specify the destination MAC classifier criteria Specify the destination MAC mask classifier criteria Specify the ethertype classifier criteria

Specify the user priority classifier criteria Specify the set drop precedence

Specify the source MAC classifier criteria Specify the source MAC mask classifier criteria Specify the update user priority

Specify the update DSCP

Specify the Vlan ID minimum value classifier criteria Specify the vlan tag classifier criteria

7.1.3 ACL-Assign Configuration

Once you have completed the ACL configuration, the ACL name is then assigned at a port level using the following command:

5500 (config)#qos acl-assign port <port # or port #’s> acl-type <ipl2> name <acl name>

7.1.4 ACL Configuration Example

7.1.4.1Configuration

Assuming we wish to configure the following:

remark host 172.1.1.10 ftp traffic to CoS class of Silver

remark host 172.1.1.10 http traffic to CoS class of Gold

apply the ACL to port 1/19

To accomplish the above, please enter the following commands:

5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 21 src-port-max 21 update-dscp 18 block tcpcommon

5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 80 src-port-max 80 update-dscp 26 block tcpcommon

5500 (config)#qos ip-acl name host drop-action disable

5500 (config)#qos acl-assign port 1/19 acl-type ip name host

Please note the following:

The first two IP-ACL’s are assigned to a block named tcpcommand. Since we are only allowed up to eight precedence levels, it is a good idea to use block configuration whenever possible.

The third IP-ACL is required to match all other traffic. As the default implicit action is drop all non-matching traffic, if this command is not entered, only ftp and http traffic from host 172.1.1.10 would be allowed.

Protocol 6 refer to TCP traffic

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

 

External Distribution

26

Page 27
Image 27
Nortel Networks 5520, 5530, 5510 manual 2 L2-ACL Configuration, ACL-Assign Configuration, ACL Configuration Example