Table of Contents
Advertisement
Filters and QoS Configuration for ERS 5500
Technical Configuration Guide
12.3 Configuration Example – IP ACL, DHCP Snooping,
ARP Inspection, BPDU Filtering, and Source Guard
Figure 4: IP ACL, DHCP Snooping, ARP Inspection, and Source Guard
Overall, we wish to accomplish the following in regards to VLAN 110:
•
Only allow ICMP and DHCP traffic to the DHCP server (172.30.30.50) and deny all other
traffic to the 172.x.x.x network
•
For the 10.x.x.x network, only allow access to the local network (10.62.32.0/24) and to
the 10.10.30/0/24 network for full access to the internet
•
Enable DHCP Snooping, ARP-Inspection, and
In regards to VLAN 220, we wish to accomplish the following:
•
Allow full access to the core network 172.0.0.0/8 and 10.0.0.0/8
•
Only allow only ICMP, HTTP and HTTPS traffic to the internet
12.3.1 ERS5500 Configuration
12.3.1.1 Create VLAN's and Add Port Members
ERS5500: Step 1 – Add VLANs 110, 220, and 700
5500(config)#vlan create 700 name core type port
5500(config)#vlan create 110 type port
5500(config)#vlan create 220 type port
5500(config)#vlan members remove 1 3-6,8-10,23
5500(config)#vlan ports 23 tagging tagall
5500(config)#vlan members 110 3-6
5500(config)#vlan members 220 8-10
5500(config)#vlan members 700 23
12.3.1.2 Add IP Address and Enable OSPF
ERS5500: Step 1 – Add IP address to VLAN 110 and enable OSPF with interface type of
passive
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
v2.0
External Distribution
NN48500-559
50
Hide quick links:
Advertisement
Table of Contents
