Nortel Networks 5510, 5520, 5530 manual ERS5500 Enable ARP-Inspection for VLAN’s 110

ERS5500: Step 2 – Enable Rate Limiting to 10% of total traffic for both broadcast and multicast traffic

5500(config)#interface fastEthernet all

5500(config-if)#rate-limit port 1-10both 10

5500(config-if)#exit

Please note that the rate limit parameter on the ERS5500 is expressed as percentage of total traffic. The values used in this example are just a suggestion and may vary depending on your needs.

12.3.1.6 Enable DHCP-Snooping and ARP-Inspection

ERS5500: Step 1 – Enable DHCP-Snooping for VLAN’s 110 and 220 and enable DHCP- Snooping globally

5500(config)#ip dhcp-snooping vlan 110 5500(config)#ip dhcp-snooping vlan 220 5500(config)#ip dhcp-snooping enable

ERS5500: Step 1 – Enable ARP-Inspection for VLAN’s 110 and 220

5500(config)# ip arp-inspection vlan 110

5500(config)# ip arp-inspection vlan 220

12.3.1.7 Enable IP Source Guard

ERS5500: Step 1 – Enable IP Source Guard on access port members from VLAN 110 and 220

5500(config)#interface fastEthernet 3-6,8-10

5500(config-if)#ip verify source

5500(config-if)#exit

12.3.1.8 Create ACL’s for VLAN 110 Port Members

ERS5500: Step 1 – Create IP-ACL’s pertaining to VLAN 110 VLAN port members

5500(config)#qos ip-acl name one dst-ip 172.30.30.50/32 protocol 1

5500(config)#qos ip-acl name one dst-ip 172.30.30.50/32 protocol 17 dst- port-min 67 dst-port-max 67

5500(config)#qos ip-acl name one dst-ip 10.10.30.0/24 block b1 5500(config)#qos ip-acl name one dst-ip 10.62.32.0/24 block b1

5500(config)#qos ip-acl name one dst-ip 10.0.0.0/8 drop-action enable block b2

___________________________________________________________________________________________________________________________