Nortel 5530 Engineering Manual page 27

Filters and QoS Configuration for ERS 5500
Technical Configuration Guide
7.1.2 L2-ACL Configuration
L2 ACL's are added using the following command:
•
5500 (config)#qos l2-acl name <1..16 character string> ?
block
drop-action
dst-mac
dst-mac-mask
ethertype
priority
set-drop-prec
src-mac
src-mac-mask
update-1p
update-dscp
vlan-min
vlan-tag
<cr>
7.1.3 ACL-Assign Configuration
Once you have completed the ACL configuration, the ACL name is then assigned at a port level
using the following command:
•
5500 (config)#qos acl-assign port <port # or port #'s> acl-type <ip|l2> name <acl
name>
7.1.4 ACL Configuration Example
7.1.4.1 Configuration
Assuming we wish to configure the following:
•
remark host 172.1.1.10 ftp traffic to CoS class of Silver
•
remark host 172.1.1.10 http traffic to CoS class of Gold
•
apply the ACL to port 1/19
To accomplish the above, please enter the following commands:
•
5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 21
src-port-max 21 update-dscp 18 block tcpcommon
•
5500 (config)#qos ip-acl name host src-ip 172.1.1.10/32 protocol 6 src-port-min 80
src-port-max 80 update-dscp 26 block tcpcommon
•
5500 (config)#qos ip-acl name host drop-action disable
•
5500 (config)#qos acl-assign port 1/19 acl-type ip name host
Please note the following:
•
The first two IP-ACL's are assigned to a block named tcpcommand. Since we
are only allowed up to eight precedence levels, it is a good idea to use block
configuration whenever possible.
•
The third IP-ACL is required to match all other traffic. As the default implicit
action is drop all non-matching traffic, if this command is not entered, only ftp
and http traffic from host 172.1.1.10 would be allowed.
•
Protocol 6 refer to TCP traffic
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
v2.0
Specify the label to identify access-list elements that are of
the same block
Specify the drop action
Specify the destination MAC classifier criteria
Specify the destination MAC mask classifier criteria
Specify the ethertype classifier criteria
Specify the user priority classifier criteria
Specify the set drop precedence
Specify the source MAC classifier criteria
Specify the source MAC mask classifier criteria
Specify the update user priority
Specify the update DSCP
Specify the Vlan ID minimum value classifier criteria
Specify the vlan tag classifier criteria
External Distribution
NN48500-559
26