Configuring A Bpdushutdownports Group - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Using ACL Security Features
-> policy service tcp135 destination tcp port 135
-> policy service tcp445 destination tcp port 445
-> policy service udp137 destination udp port 137
-> policy service udp138 destination udp port 138
-> policy service udp445 destination udp port 445
2
Add the services created in Step 1 to a service group called DropServices using the
group
command, as shown below:
-> policy service group DropServices tcp135 tcp445 udp137 udp138 udp445
Note that the DropServices group must be specified using the exact capitalization as shown in the
above example.
3
Add ports to the port group called UserPorts using the
-> policy port group UserPorts 1/1 3/1-24
Note that the UserPorts group must be specified using the exact capitalization as shown in the above
example.
4
Apply the QoS configuration using the
-> qos apply
When the above steps are performed, an implicit ACL is created on the switch that applies to all VLANs.
This internal ACL takes precedence over any other policies configured on the switch.
Configuring a BPDUShutdownPorts Group
To block BPDUs on certain ports, add the desired ports to a port group called BPDUShutdownPorts. For
example, the following
downPorts group:
-> policy port group BPDUShutdownPorts 3/1-24 4/1-24
-> qos apply
Note that it is not necessary to include the BPDUShutdownPorts group in a condition and/or rule for the
group to take affect. In addition, this group must be specified using the exact capitalization shown in the
above example.
Once ports are designated as members of the BPDUShutdownPorts group, BPDUs are blocked by admin-
istratively shutting down a port when the port receives a BPDU. To restore a disabled port to enabled
status, disconnect and reconnect the cable or use the
enable the port.
Note that using the BPDUShutdownPorts group is only available on the OmniSwitch 6800. Use the qos
user-port shutdown bpdu command available on the OmniSwitch 6400, 6850, 6855, and 9000 to block
BPDU on ports that are members of the UserPorts group.
page 41-18
qos apply
policy port group
command adds ports 3/1-24 and 4/1-24 to the BPDUShut-
OmniSwitch AOS Release 6 Network Configuration Guide
policy port group
command.
interfaces admin
command to administratively
Configuring ACLs
policy service
command, as shown below:
September 2009
Hide quick links:
Advertisement
Table of Contents
