Filt
Filters and QOS Configuration for Ethernet Routing Switch 5500
Technical Configuration Guide
7. QoS Access Lists (ACL)
As of software release 5.0, the ERS 55xx can be configured using access lists (ACL). You can choose to
use policies and/or ACLs to configure the ERS 5500 switch. Up to a maximum of 15 precedence levels
are supported using policies whereas ACL‟s allows up to a maximum of 8 precedence levels.
Please be aware of the following when using ACLs:
By default, ACLs are always terminated by an implicit action of “drop all non-matching traffic”. The
default action of “drop all non-matching traffic” cannot be changed.
ACL precedence is always in the order the ACLs are entered
ACLs are applied at a port level
Up to 8 precedence levels are supported, however, you can use ACL blocks if you have similar
filter rules - please see classifier block explanation in section 3.2
When an ACL is assigned to a port, the ACL is assigned the highest precedence value available
on the port. Each additional ACL that is added is then assigned decreasing precedence levels.
Any policies (QoS or non-QoS) already associated with a port dictate the starting and subsequent
precedence values for the ACL(s).
You cannot assign traffic meters
IP and L2 ACLs cannot be combined. If you wish to combine L2 and L3, policies must be used
ACLs cannot be modified; you must first remove the ACL-assign configuration at a port level, then
delete the ACL or ACLs you wish to modify and reconfigure the ACL or ACLs.
ACLs can be enabled or disabled. However, you cannot update or change the associated
precedence values when the ACL is disabled.
You can only configure ACLs using CLI or http (QoS Wizard). Although JDM will display the ACL
configuration, you cannot use JDM to either configure or delete ACL‟s.
7.1 ACL Configuration
7.1.1 IP-ACL Configuration
IP ACLs are added using the following command:
5500 (config)# qos ip-acl name <1..16 character string> ?
addr-type Specify the address type (IPv4, IPv6) classifier criteria
block Specify the label to identify access-list elements that are of
the same block
drop-action Specify the drop action
ds-field Specify the DSCP classifier criteria
dst-ip Specify the destination IP classifier criteria
dst-port-min Specify the L4 destination port minimum value classifier
criteria
flow-id Specify the IPv6 flow identifier classifier criteria
next-header Specify the IPv6 next header classifier criteria
protocol Specify the IPv4 protocol classifier criteria
set-drop-prec Specify the set drop precedence
src-ip Specify the source IP classifier criteria
src-port-min Specify the L4 source port minimum value classifier criteria
update-1p Specify the update user priority
update-dscp Specify the update DSCP
<cr>
To Next Page
Loading...
