Avaya ERS 5510 - Page 55

To Next Page

To Previous Page

Filt

Filters and QOS Configuration for Ethernet Routing Switch 5500

Technical Configuration Guide

January 2013

avaya.com

5500(config)# qos ip-acl name one dst-ip 10.62.32.0/24 block b1

5500(config)# qos ip-acl name one dst-ip 10.0.0.0/8 drop-action enable block b2

5500(config)# qos ip-acl name one dst-ip 172.0.0.0/8 drop-action enable block

5500(config)# qos ip-acl name one drop-action disable

ERS5500: Step 2 – Assign the IP-ACL’s to ports 3-6

5500(config)# qos acl-assign port 3-6 acl-type ip name one



If you do not assign a drop-action to the individual IP-ACL configuration, the default action of

disable will be used. The non-match global action is always drop.



Protocol 1 refers to ICMP while protocol 17 refers to UDP.

12.3.1.9 Create ACL’s for VLAN 220 Port Members

ERS5500: Step 1 – Create IP-ACL’ s pertaining to VLAN 220 VLAN port members

5500(config)# qos ip-acl name two dst-ip 10.0.0.0/8 block b3

5500(config)# qos ip-acl name two dst-ip 172.0.0.0/8 block b3

5500(config)# qos ip-acl name two protocol 6 dst-port-min 80 dst-port-max 80

block b4

5500(config)# qos ip-acl name two protocol 6 dst-port-min 443 dst-port-max 443

block b4

5500(config)# qos ip-acl name two protocol 1

ERS5500: Step 2 – Assign the IP-ACL’s to ports 8-10

5500(config)# qos acl-assign port 8-10 acl-type ip name two

12.3.2 Verify Operations

12.3.2.1 Verify DHCP-Snooping

Step 1 – Verify that DHCP-Snooping is enabled for VLAN‟s 110 and 220

ERS5500-24T# show ip dhcp-snooping

Result:

Global DHCP snooping state: Enabled

DHCP

VLAN Snooping

---- --------

1 Disabled

99 Disabled

110 Enabled

Related product manuals