Avaya P334T-ML Switch User Manual


 
Chapter 11 Avaya P330 Layer 2 Features
Avaya P334T-ML User’s Guide 109
Multilayer Policy
Multilayer Policy is a set of features for enforcing QoS and Access Control policy on
routed and switched packets. One of its major goals is supporting Differentiated
Services for Avaya VoIP solutions.
About Multilayer Policy
Multilayer Policy is enforced on the 10/100 Mbps ports of a P334T-ML module. In
general, Multilayer Policy consists of the following parts:
Policy Lists — groupings of Access lists, DSCP-to-COS maps, and Trust mode
attributes.
Access Lists — ordered lists of classification rules applied to frames received
and action pairs determining how they are to be handled.
DSCP-to-COS Maps — mapping function that set the frame 802.1p priority
according to its DSCP value.
Trust Modes — policy-list attribute; either “untrusted,” “trust-COS,” or
“trust-DSCP.”
Access Lists
Access Lists (ACL) are at the center of Multilayer Policy. Typically, users specify
their classification demands by defining Access Lists. An Access List is an ordered
list of classification rules and actions. For each frame received by the system, the
Multilayer Policy application tries the classification rules—one-by-one—and
executes the action associated with the first rule that matches.
Rules are based on the following properties:
IP:IP version 4 packets with specific source and destination addresses (+
wildcards)
IP version 4 packets with a specific protocol number – 0 to 255 – with specific
source and destination addresses (+ wildcards).
TCP:TCP/IPv4 packets with specific source and destination addresses (+
wildcards) and source and destination ports (+port ranges). The keyword
“established” enables “permit” for TCP packets with “ack” flag set. E.g., this
will not allow matching packets that open TCP connections.
UDP:UDP/IPv4 packets with specific source and destination addresses (+
wildcards) and source and destination ports (+ port ranges).
Actions supported include:
permit – allows the packet through
deny – drops the packet
deny-and-notify – drops the packet and sends an SNMP trap
fwd0, fwd1 .... fwd7 – assigns priority to the packet