ERS5500 Assign the IP-ACL’s to ports | Nortel Networks 5520, 5530

Filters and QoS Configuration for ERS 5500
Technical Configuration Guide	v2.0	NN48500-559

5500(config)#qos ip-acl name one dst-ip 172.0.0.0/8 drop-action enable block b2

5500(config)#qos ip-acl name one drop-action disable

ERS5500: Step 2 – Assign the IP-ACL’s to ports 3-6

5500(config)#qos acl-assign port 3-6 acl-type ip name one

If you do not assign a drop-action to the individual IP-ACL configuration, the default action of disable will be used. The non-match global action is always drop.

Protocol 1 refers to ICMP while protocol 17 refers to UDP.

12.3.1.9 Create ACL’s for VLAN 220 Port Members

ERS5500: Step 1 – Create IP-ACL’s pertaining to VLAN 220 VLAN port members

5500(config)#qos ip-acl name two dst-ip 10.0.0.0/8 block b3 5500(config)#qos ip-acl name two dst-ip 172.0.0.0/8 block b3

5500(config)# qos ip-acl name two protocol 6 dst-port-min 80 dst-port-max 80 block b4

5500(config)# qos ip-acl name two protocol 6 dst-port-min 443 dst-port- max 443 block b4

5500(config)# qos ip-acl name two protocol 1

ERS5500: Step 2 – Assign the IP-ACL’s to ports 8-10

5500(config)#qos acl-assign port 8-10 acl-type ip name two

12.3.2 Verify Operations

12.3.2.1 Verify DHCP-Snooping

Step 1 – Verify that DHCP-Snooping is enabled for VLAN’s 110 and 220

ERS5500-24T#show ip dhcp-snooping

Result:

Global DHCP snooping state: Enabled

DHCP

VLAN Snooping

------------

1 Disabled

99 Disabled

110 Enabled

220 Enabled

700 Disabled

Step 2 – Verify all the access port are configured for ‘untrusted’ – this is the default setting

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
External Distribution	53

Nortel Networks 5520, 5530, 5510 manual ERS5500 Assign the IP-ACL’s to ports, Verify DHCP-Snooping

Models: 5520 5530 5510

NN48500-559