Nortel Networks 5510, 5520, 5530 12.3.2 Verify Operations

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

External Distribution

53

5500(config)#qos ip-acl name one dst-ip 172.0.0.0/8 drop-action enable

block b2

5500(config)#qos ip-acl name one drop-action disable

ERS5500: Step 2 – Assign the IP-ACL’s to ports 3-6

5500(config)#qos acl-assign port 3-6 acl-type ip name one

&

If you do not assign a drop-action to the individual IP-ACL configurati on, the default

action of disable will be used. The non-match global action is al ways drop.

&

Protocol 1 refers to ICMP while protocol 17 refers to UDP.

12.3.1.9 Create ACL’s for VLAN 220 Port Members

ERS5500: Step 1 – Create IP-ACL’s pertaining to VLAN 220 VLAN port mem bers

5500(config)#qos ip-acl name two dst-ip 10.0.0.0/8 block b3

5500(config)#qos ip-acl name two dst-ip 172.0.0.0/8 block b3

5500(config)# qos ip-acl name two protocol 6 dst-port-min 80 dst-port-max

80 block b4

5500(config)# qos ip-acl name two protocol 6 dst-port-min 443 dst-port-

max 443 block b4

5500(config)# qos ip-acl name two protocol 1

ERS5500: Step 2 – Assign the IP-ACL’s to ports 8-10

5500(config)#qos acl-assign port 8-10 acl-type ip name two

12.3.2 Verify Operations

12.3.2.1 Verify DHCP-Snooping

Step 1 – Verify that DHCP-Snooping is enabled for VLAN’s 110 and 22 0

ERS5500-24T# show ip dhcp-snooping

Result:

Global DHCP snooping state: Enabled

DHCP

VLAN Snooping

---- --------

1 Disabled

99 Disabled

110 Enabled

220 Enabled

700 Disabled

Step 2 – Verify all the access port are configured for ‘untrusted’ – t his is the default setting

Contents

Main Page Abstract Table of Contents List of Figures List of Tables Document Updates Conventions Symbols: Text: 1. Overview: Ethernet Routing Switch 5500 QoS and Filtering Classification Actions Supported Statistics 2. QoS Flow Chart or 3. Filter Functionality 3.1 Overall Classification Functionality 3.2 Classifier Block Functionality 3.3 Port Range Functionality 3.4 Policies Page 4. Queue Sets 8 CoS 7 CoS 6 CoS 5 CoS 4 CoS 3 CoS 2 CoS 1 CoS Page 5. Traffic Meter and Shaping 5.1 Actual Bucket Size 5.2 Policing Traffic Page 5.3 Interface Shaper 6. Default Nortel Class of Service 7. QoS Access Lists (ACL) 7.1 ACL Configuration 7.1.1 IP-ACL Configuration 7.1.2 L2-ACL Configuration 7.1.3 ACL-Assign Configuration 7.1.4 ACL Configuration Example The DSCP value are entered in decimal; please refer to section 6 for details The following table displays the various protocol numbers: Protocol Number Protocol 1 ICMP 2 IGMP 6 TCP 17 UDP 46 RSVP 5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy Page 8. IP Security Features 8.1 DHCP Snooping 8.1.1 DHCP Snooping Configuration 8.2 Dynamic ARP Inspection 8.2.1 Dynamic ARP Inspection Configuration 8.3 IP Source Guard 8.3.1 IP Source Guard Configuration 9. BPDU Filtering 9.1 BPDU Filtering Configuration 10. QoS Interface Applications 10.1 ARP Spoofing 10.2 DHCP Attacks 10.3 DoS 10.4 BPDU Blocking 11. Configuration Steps Policy Configuration 11.1 Role Combination 11.2 Classification o One IP and one L2 classifier element ERS5500-48T(config)#qos classifier-block 2 block-number 1 name block_1 se t-id 4 11.3 Meters 11.4 Add a New Policy 12. Configuration Examples 12.1 Pre-defined Values 12.2 Configuration Example 1 Traffic Meter Using Policies 12.2.1 ERS5500 Configuration Using Policies Page 12.2.2 Verify Operations 12.2.3 Verify Classifier and Classifier Block Configuration Step 1 Verify that the 3 Classifiers ERS5500-24T# show qos classifier Result: Step 3 Verify that the Meter Configuration Step 3 Verify that the Classifier Block with the correct classifier and m eter number ERS5500-24T#show qos classifier-block Result: 12.2.3.1 Verify Policy Configuration Step 1 Verify that the QoS Policy ERS5500-24T#show qos policy Result: 12.3.1 ERS5500 Configuration Page Page 12.3.2 Verify Operations Page ERS5500-24T# show ip source binding Result: ERS5500-24T#show qos ip-acl Result: Page Page Step 2 To view the IP ACL assignment, enter the following comm and: ERS5500-24T#show qos acl-assign Result: 12.4 Configuration Example 3: Port Range Using ACL or Policy 12.4.1 Configuration Using Policies 12.4.2 Configuration Using IP-ACLs 12.5 Configuration Example 4 L2 Classification Based on MAC Address 12.5.1 ERS5500 Configuration Using Policies 12.5.2 ERS5500 Configuration Using IP-ACLs 12.6 Configuration Example 5 L2 and L3 Classification 12.6.1 ERS5500 Configuration Using Policies Page 12.7.1 ERS5500 Configuration 12.7.2 ACL Configuration 12.7.3 Policy Configuration 12.7.4 Verify Operations 12.8 Configuration Example 7 Interface Shaping 12.8.2 Verify Operations 13. Software Baseline 14. Reference Documentation