ebook img

Configuration — QoS and ACL-Based Traffic Filtering PDF

212 Pages·2012·0.83 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Configuration — QoS and ACL-Based Traffic Filtering

Configuration — QoS and ACL-Based Traffic Filtering Avaya Virtual Services Platform 9000 3.3 NN46250-502, 04.01 May 2012 © 2012 Avaya Inc. Copyright All Rights Reserved. Except where expressly stated otherwise, no use should be made of materials on this site, the Documentation, Software, or Hardware Notice provided by Avaya. All content on this site, the documentation and the Product provided by Avaya including the selection, arrangement and While reasonable efforts have been made to ensure that the design of the content is owned either by Avaya or its licensors and is information in this document is complete and accurate at the time of protected by copyright and other intellectual property laws including the printing, Avaya assumes no liability for any errors. Avaya reserves the sui generis rights relating to the protection of databases. You may not right to make changes and corrections to the information in this modify, copy, reproduce, republish, upload, post, transmit or distribute document without the obligation to notify any person or organization of in any way any content, in whole or in part, including any code and such changes. software unless expressly authorized by Avaya. Unauthorized reproduction, transmission, dissemination, storage, and or use without Documentation disclaimer the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law. “Documentation” means information published by Avaya in varying mediums which may include product information, operating instructions Third-party components and performance specifications that Avaya generally makes available to users of its products. Documentation does not include marketing Certain software programs or portions thereof included in the Product materials. Avaya shall not be responsible for any modifications, may contain software distributed under third party agreements (“Third additions, or deletions to the original published version of Party Components”), which may contain terms that expand or limit documentation unless such modifications, additions, or deletions were rights to use certain portions of the Product (“Third Party Terms”). performed by Avaya. End User agrees to indemnify and hold harmless Information regarding distributed Linux OS source code (for those Avaya, Avaya's agents, servants and employees against all claims, Products that have distributed the Linux OS source code), and lawsuits, demands and judgments arising out of, or in connection with, identifying the copyright holders of the Third Party Components and the subsequent modifications, additions or deletions to this documentation, Third Party Terms that apply to them is available on the Avaya Support to the extent made by End User. Web site: http://support.avaya.com/Copyright. Link disclaimer Trademarks Avaya is not responsible for the contents or reliability of any linked Web The trademarks, logos and service marks (“Marks”) displayed in this sites referenced within this site or documentation provided by Avaya. site, the Documentation and Product(s) provided by Avaya are the Avaya is not responsible for the accuracy of any information, statement registered or unregistered Marks of Avaya, its affiliates, or other third or content provided on these sites and does not necessarily endorse parties. Users are not permitted to use such Marks without prior written the products, services, or information described or offered within them. consent from Avaya or such third party which may own the Mark. Avaya does not guarantee that these links will work all the time and has Nothing contained in this site, the Documentation and Product(s) no control over the availability of the linked pages. should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written Warranty permission of Avaya or the applicable third party. Avaya provides a limited warranty on its Hardware and Software Avaya is a registered trademark of Avaya Inc. (“Product(s)”). Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya’s standard warranty language, All non-Avaya trademarks are the property of their respective owners, as well as information regarding support for this Product while under and “Linux” is a registered trademark of Linus Torvalds. warranty is available to Avaya customers and other parties through the Avaya Support Web site: http://support.avaya.com. Please note that if Downloading Documentation you acquired the Product(s) from an authorized Avaya reseller outside of the United States and Canada, the warranty is provided to you by For the most current versions of Documentation, see the Avaya said Avaya reseller and not by Avaya. Support Web site: http://support.avaya.com. Licenses Contact Avaya Support THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA Avaya provides a telephone number for you to use to report problems WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE or to ask questions about your Product. The support telephone number APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR is 1-800-242-2121 in the United States. For additional support INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., telephone numbers, see the Avaya Web site: http://support.avaya.com. ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA AUTHORIZED RESELLER; AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE (“AVAYA”). 2 Configuration — QoS and ACL-Based Traffic Filtering May 2012 Comments? [email protected] Contents Chapter 1: Purpose of this document...............................................................................7 Chapter 2: New in this release...........................................................................................9 Chapter 3: QoS fundamentals............................................................................................ 11 Introduction to QoS...................................................................................................................................11 Configuration considerations....................................................................................................................12 Queuing.....................................................................................................................................................12 Avaya Service Class.................................................................................................................................13 Internal QoS level......................................................................................................................................15 Classification and mapping.......................................................................................................................15 DiffServ.....................................................................................................................................................16 Ingress mappings......................................................................................................................................18 Egress mappings......................................................................................................................................23 QoS and filters..........................................................................................................................................24 Policing and shaping.................................................................................................................................24 Layer 2 and Layer 3 trusted and untrusted ports......................................................................................30 Broadcast and multicast traffic bandwidth limiters....................................................................................31 CPU protection..........................................................................................................................................31 QoS and VoIP...........................................................................................................................................32 Traffic management profiles......................................................................................................................33 Chapter 4: Traffic filtering fundamentals..........................................................................35 Overview...................................................................................................................................................35 Access control lists....................................................................................................................................35 Access control entries...............................................................................................................................37 Actions..............................................................................................................................................42 Conflict and Precedence..................................................................................................................43 Common ACE uses and configuration.............................................................................................47 Traffic filter configuration...........................................................................................................................49 ACL and ACE configuration guidelines.....................................................................................................49 Filter limitations.........................................................................................................................................49 Chapter 5: Basic DiffServ configuration using EDM.......................................................51 Enabling DiffServ for a port.......................................................................................................................51 Configuring Layer 3 trusted or untrusted ports.........................................................................................52 Configuring Layer 2 trusted or untrusted ports.........................................................................................53 Configuring the port QoS level..................................................................................................................53 Chapter 6: Basic DiffServ configuration using ACLI.......................................................55 Enabling DiffServ on a port.......................................................................................................................55 Configuring Layer 3 trusted or untrusted ports.........................................................................................56 Configuring Layer 2 trusted or untrusted ports.........................................................................................57 Configuring the port QoS level..................................................................................................................57 Chapter 7: QoS configuration using EDM........................................................................59 Configuring a QoS profile..........................................................................................................................59 Configuring port-based shaping................................................................................................................61 Configuring port-based policing................................................................................................................62 Configuring a policy-based policer............................................................................................................62 Configuration — QoS and ACL-Based Traffic Filtering May 2012 3 Modifying ingress 802.1p to QoS mappings.............................................................................................63 Modifying ingress DSCP to QoS mappings..............................................................................................64 Modifying egress QoS to 802.1p mappings..............................................................................................65 Modifying egress QoS to DSCP mappings...............................................................................................66 Chapter 8: QoS configuration using ACLI........................................................................67 Configuring a QoS profile..........................................................................................................................67 Configuring broadcast and multicast bandwidth limiting...........................................................................68 Configuring the port-based shaper...........................................................................................................69 Configuring a port-based policer...............................................................................................................69 Configuring a policy-based policer............................................................................................................70 Configuring ingress mappings..................................................................................................................72 Configuring egress mappings...................................................................................................................73 Chapter 9: Access control list configuration using EDM................................................75 Configuring an access control list.............................................................................................................75 Chapter 10: Access control list configuration using ACLI.............................................79 Creating an ACL........................................................................................................................................80 Associating VLANs with an ACL...............................................................................................................81 Associating ports with an ACL..................................................................................................................81 Configuring global and default actions for an ACL....................................................................................82 Renaming an ACL.....................................................................................................................................84 Disabling an ACL......................................................................................................................................85 Resetting an ACL to default values...........................................................................................................86 Deleting an ACL........................................................................................................................................87 Chapter 11: Access control entry configuration using EDM..........................................89 Configuring an ACE..................................................................................................................................89 Configuring ACE actions...........................................................................................................................91 Configuring ACE ARP entries...................................................................................................................94 Viewing all ACE ARP entries for an ACL..................................................................................................95 Configuring an ACE Ethernet source address..........................................................................................96 Configuring an ACE Ethernet destination address...................................................................................97 Configuring an ACE LAN traffic type.........................................................................................................98 Configuring an ACE Ethernet VLAN tag priority.......................................................................................99 Configuring an ACE Ethernet port............................................................................................................101 Configuring an ACE Ethernet VLAN ID.....................................................................................................102 Viewing all ACE Ethernet entries for an ACL............................................................................................103 Configuring an ACE IP source address....................................................................................................105 Configuring an ACE IP destination address..............................................................................................106 Configuring an ACE IP DSCP...................................................................................................................107 Configuring an ACE IP protocol................................................................................................................108 Configuring ACE IP options......................................................................................................................109 Configuring ACE IP fragmentation............................................................................................................111 Viewing all ACE IP entries for an ACL......................................................................................................112 Configuring an ACE source port...............................................................................................................113 Configuring an ACE TCP flag...................................................................................................................117 Viewing all ACE protocol entries for an ACL.............................................................................................118 Configuring the packet log........................................................................................................................120 Chapter 12: Access control entry configuration using ACLI..........................................121 4 Configuration — QoS and ACL-Based Traffic Filtering May 2012 Configuring ACEs......................................................................................................................................121 Configuring ACE actions...........................................................................................................................123 Configuring ARP ACEs.............................................................................................................................126 Configuring an Ethernet ACE....................................................................................................................127 Configuring an IP ACE..............................................................................................................................129 Configuring a protocol ACE.......................................................................................................................132 Viewing ACL and ACE configuration data.................................................................................................134 Viewing filtered packets............................................................................................................................135 Chapter 13: Common procedures using EDM.................................................................. 137 Saving the configuration...........................................................................................................................137 Chapter 14: Common procedures using ACLI.................................................................139 Saving the configuration...........................................................................................................................139 Restarting the platform..............................................................................................................................141 Chapter 15: Advanced filter examples..............................................................................143 ACE filters for secure networks.................................................................................................................143 Chapter 16: Customer service...........................................................................................211 Getting technical documentation...............................................................................................................211 Getting product training.............................................................................................................................211 Getting help from a distributor or reseller..................................................................................................211 Getting technical support from the Avaya Web site..................................................................................211 Configuration — QoS and ACL-Based Traffic Filtering May 2012 5 6 Configuration — QoS and ACL-Based Traffic Filtering May 2012 Chapter 1: Purpose of this document This document provides conceptual information and configuration instructions to use Quality of Service (QoS) and ACL-based filters on the Avaya Virtual Services Platform 9000. Configuration — QoS and ACL-Based Traffic Filtering May 2012 7 Purpose of this document 8 Configuration — QoS and ACL-Based Traffic Filtering May 2012 Comments? [email protected] Chapter 2: New in this release There are no changes in Avaya Virtual Services Platform 9000 Configuration — QoS and ACL-Based Traffic Filtering , NN46250–502, for Release 3.3. Configuration — QoS and ACL-Based Traffic Filtering May 2012 9 New in this release 10 Configuration — QoS and ACL-Based Traffic Filtering May 2012 Comments? [email protected]

Description:
2 Configuration — QoS and ACL-Based Traffic Filtering. May 2012. Comments? . Policing and shaping. Chapter 4: Traffic filtering fundamentals.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.