Table of Contents
Advertisement
Configuring QoS
Configuring a UserPorts Group
To prevent IP address spoofing and/or other types of traffic on specific ports, create a port group called
UserPorts and add the ports to that group. For example, the following
ports 1/1-24, 2/1-24, 3/1, and 4/1 to the UserPorts group:
-> policy port group UserPorts 1/1-24 2/1-24 3/1 4/1
-> qos apply
Note that the UserPorts group applies to both bridged and routed traffic, and it is not necessary to include
the UserPorts group in a condition and/or rule for the group to take effect. Once ports are designated as
members of this group, IP spoofed traffic is blocked while normal traffic is still allowed on the port.
Configuring UserPort Traffic Types and Port Behavior
In addition to spoofed traffic, it is also possible to configure QoS to look for BPDU, RIP, OSPF, BGP,
VRRP, and/or DHCP server packets on user ports. When the specified type of traffic is encountered, the
user port can either filter the traffic or administratively shutdown to block all traffic.
Consider the following when configuring the type of traffic and port behavior that is applied to ports
assigned to the UserPorts group:
•
The
qos user-port
to look for and select how the ports will deal with such traffic.
•
A slot and port number is not required with the qos user-port command. This is because the command
applies to all ports that are members of the UserPorts group.
•
Ingress traffic is filtered on ports that are members of the UserPorts group. However, the switch will
still process the filtered packets to determine if an egress update is sent on the same port. For example,
if RIP traffic is filtered, the switch will still send RIP peer updates on that port.
•
An SNMP trap is sent whenever a user port shutdown occurs. To enable a port disabled by a user port
shutdown operation, use the
reconnect the port cable.
•
Any changes to the UserPorts profile (for example, adding or removing a traffic type) are not made
until the
qos apply
By default, spoofed traffic is filtered on user ports. To change the types of traffic filtered, use the qos
user-port command with the filter option. For example, the following command specifies that user ports
must filter BPDU packets:
-> qos user-port filter bpdu
To specify multiple types of traffic on the same command line, enter each type separated by a space. For
example:
-> qos user-port filter ospf bgp rip
Each time the qos user-port command is used, any traffic types that were previously configured are
removed. To retain the previous configuration, specify all of the desired traffic types each time the qos
user-port command is performed. For example, the following command filters spoofed and BPDU traffic:
-> qos user-port filter spoof bpdu
To add filtering for RIP traffic and retain the filtering configuration for spoofed and BPDU traffic, specify
all three types of traffic. For example:
OmniSwitch AOS Release 8 Network Configuration Guide
command is used to configure a UserPorts profile that specifies the types of traffic
interfaces
command to administratively enable the port or disconnect and
command is performed.
policy port group
December 2017
Using Access Control Lists
command adds
page 26-68
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
