Nortel Networks 5510, 5520, 5530 Result: , Result:

Filters and QoS Configuration for ERS 5500

Technical Configuration Guide v2.0 NN48500-559

___________________________________________________________________________________________________________________________

Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.

External Distribution

55

12.3.2.3 Verify IP Source Guard Step 1 – To view the IP Source Guard binding, enter the following com mand, assuming we have port member on ports 6 and 9

ERS5500-24T# show ip source binding

Result:

Port Address

---- ---------------

6 10.62.32.10

9 10.13.196.10

&

An IP source Guard or ARP Inspection event will be logged (local and r emote if enabled) indicated by the message, i.e. from port 6: “ARP packet with inv alid IP/MAC binding on un-trusted port 1/6”. 12.3.2.4 Verify ACL Configuration Step 1 – To view the IP ACL configuration, enter the followin g command:

ERS5500-24T#show qos ip-acl

Result:

Id: 1

Name: one

Block:

Address Type: IPv4

Destination Addr/Mask: 172.30.30.50/32

Source Addr/Mask: Ignore

DSCP: Ignore

IPv4 Protocol / IPv6 Next Header: ICMP

Destination L4 Port Min: Ignore

Destination L4 Port Max: Ignore

Source L4 Port Min: Ignore

Source L4 Port Max: Ignore

IPv6 Flow Id: Ignore

Action Drop: No

Action Update DSCP: Ignore

Action Update 802.1p Priority: Ignore

Action Set Drop Precedence: Low Drop

Type: Access List

Storage Type: NonVolatile

Id: 2

Name: one

Block:

Address Type: IPv4

Destination Addr/Mask: 172.30.30.50/32

Source Addr/Mask: Ignore

DSCP: Ignore

IPv4 Protocol / IPv6 Next Header: UDP

Destination L4 Port Min: 67

Destination L4 Port Max: 67

Source L4 Port Min: Ignore

Source L4 Port Max: Ignore

IPv6 Flow Id: Ignore

Action Drop: No

Action Update DSCP: Ignore

Action Update 802.1p Priority: Ignore

Action Set Drop Precedence: Low Drop

Type: Access List

Storage Type: NonVolatile

Contents

Main Page Abstract Table of Contents List of Figures List of Tables Document Updates Conventions Symbols: Text: 1. Overview: Ethernet Routing Switch 5500 QoS and Filtering Classification Actions Supported Statistics 2. QoS Flow Chart or 3. Filter Functionality 3.1 Overall Classification Functionality 3.2 Classifier Block Functionality 3.3 Port Range Functionality 3.4 Policies Page 4. Queue Sets 8 CoS 7 CoS 6 CoS 5 CoS 4 CoS 3 CoS 2 CoS 1 CoS Page 5. Traffic Meter and Shaping 5.1 Actual Bucket Size 5.2 Policing Traffic Page 5.3 Interface Shaper 6. Default Nortel Class of Service 7. QoS Access Lists (ACL) 7.1 ACL Configuration 7.1.1 IP-ACL Configuration 7.1.2 L2-ACL Configuration 7.1.3 ACL-Assign Configuration 7.1.4 ACL Configuration Example The DSCP value are entered in decimal; please refer to section 6 for details The following table displays the various protocol numbers: Protocol Number Protocol 1 ICMP 2 IGMP 6 TCP 17 UDP 46 RSVP 5530H-24TFD#show qos ip-acl 5530H-24TFD#show qos policy Page 8. IP Security Features 8.1 DHCP Snooping 8.1.1 DHCP Snooping Configuration 8.2 Dynamic ARP Inspection 8.2.1 Dynamic ARP Inspection Configuration 8.3 IP Source Guard 8.3.1 IP Source Guard Configuration 9. BPDU Filtering 9.1 BPDU Filtering Configuration 10. QoS Interface Applications 10.1 ARP Spoofing 10.2 DHCP Attacks 10.3 DoS 10.4 BPDU Blocking 11. Configuration Steps Policy Configuration 11.1 Role Combination 11.2 Classification o One IP and one L2 classifier element ERS5500-48T(config)#qos classifier-block 2 block-number 1 name block_1 se t-id 4 11.3 Meters 11.4 Add a New Policy 12. Configuration Examples 12.1 Pre-defined Values 12.2 Configuration Example 1 Traffic Meter Using Policies 12.2.1 ERS5500 Configuration Using Policies Page 12.2.2 Verify Operations 12.2.3 Verify Classifier and Classifier Block Configuration Step 1 Verify that the 3 Classifiers ERS5500-24T# show qos classifier Result: Step 3 Verify that the Meter Configuration Step 3 Verify that the Classifier Block with the correct classifier and m eter number ERS5500-24T#show qos classifier-block Result: 12.2.3.1 Verify Policy Configuration Step 1 Verify that the QoS Policy ERS5500-24T#show qos policy Result: 12.3.1 ERS5500 Configuration Page Page 12.3.2 Verify Operations Page ERS5500-24T# show ip source binding Result: ERS5500-24T#show qos ip-acl Result: Page Page Step 2 To view the IP ACL assignment, enter the following comm and: ERS5500-24T#show qos acl-assign Result: 12.4 Configuration Example 3: Port Range Using ACL or Policy 12.4.1 Configuration Using Policies 12.4.2 Configuration Using IP-ACLs 12.5 Configuration Example 4 L2 Classification Based on MAC Address 12.5.1 ERS5500 Configuration Using Policies 12.5.2 ERS5500 Configuration Using IP-ACLs 12.6 Configuration Example 5 L2 and L3 Classification 12.6.1 ERS5500 Configuration Using Policies Page 12.7.1 ERS5500 Configuration 12.7.2 ACL Configuration 12.7.3 Policy Configuration 12.7.4 Verify Operations 12.8 Configuration Example 7 Interface Shaping 12.8.2 Verify Operations 13. Software Baseline 14. Reference Documentation