Filt
Filters and QOS Configuration for Ethernet Routing Switch 5500
Technical Configuration Guide
5500(config-if)# spanning-tree bpdu-filtering timeout 0
5500(config-if)# spanning-tree bpdu-filtering enable
5500(config-if)# exit
ERS5500: Step 2 – Enable Rate Limiting to 10% of total traffic for both broadcast and multicast
traffic
5500(config)# interface fastEthernet all
5500(config-if)# rate-limit port 1-10 both 10
5500(config-if)# exit
Please note that the rate limit parameter on the ERS 5500 is expressed as percentage
of total traffic. The values used in this example are just a suggestion and may vary
depending on your needs.
12.3.1.6 Enable DHCP-Snooping and ARP-Inspection
ERS5500: Step 1 – Enable DHCP-Snooping for VLAN’ s 110 and 220 and enable DHCP-Snooping
globally
5500(config)# ip dhcp-snooping vlan 110
5500(config)# ip dhcp-snooping vlan 220
5500(config)# ip dhcp-snooping enable
ERS5500: Step 1 – Enable ARP-Inspection for VLAN’s 110 and 220
5500(config)# ip arp-inspection vlan 110
5500(config)# ip arp-inspection vlan 220
12.3.1.7 Enable IP Source Guard
ERS5500: Step 1 – Enable IP Source Guard on access port members from VLAN 110 and 220
5500(config)# interface fastEthernet 3-6,8-10
5500(config-if)# ip verify source
5500(config-if)# exit
12.3.1.8 Create ACL’s for VLAN 110 Port Members
ERS5500: Step 1 – Create IP-ACL’ s pertaining to VLAN 110 VLAN port members
5500(config)# qos ip-acl name one dst-ip 172.30.30.50/32 protocol 1
5500(config)# qos ip-acl name one dst-ip 172.30.30.50/32 protocol 17 dst-port-
min 67 dst-port-max 67
5500(config)# qos ip-acl name one dst-ip 10.10.30.0/24 block b1
To Next Page
Loading...
