Filter
Top Products
Filters and QoS Configuration for ERS 5500
Technical Configuration Guide v2.0 NN48500-559
___________________________________________________________________________________________________________________________
Nortel Confidential Information Copyright © 2008 Nortel Networks. All Rights Reserved.
External Distribution
52
ERS5500: Step 2 – Enable Rate Limiting to 10% of total traffic for both broadcast and
multicast traffic
5500(config)#interface fastEthernet all
5500(config-if)#rate-limit port
1-10 both 10
5500(config-if)#exit
L
Please note that the rate limit parameter on the ERS5500 is expressed as percentage of
total traffic. The values used in this example are just a suggestion and may vary
depending on your needs.
12.3.1.6 Enable DHCP-Snooping and ARP-Inspection
ERS5500: Step 1 – Enable DHCP-Snooping for VLAN’s 110 and 220 and enable DHCP-
Snooping globally
5500(config)#ip dhcp-snooping vlan 110
5500(config)#ip dhcp-snooping vlan 220
5500(config)#ip dhcp-snooping enable
ERS5500: Step 1 – Enable ARP-Inspection for VLAN’s 110 and 220
5500(config)# ip arp-inspection vlan 110
5500(config)# ip arp-inspection vlan 220
12.3.1.7 Enable IP Source Guard
ERS5500: Step 1 – Enable IP Source Guard on access port members from VLAN 110 and
220
5500(config)#interface fastEthernet 3-6,8-10
5500(config-if)#ip verify source
5500(config-if)#exit
12.3.1.8 Create ACL’s for VLAN 110 Port Members
ERS5500: Step 1 – Create IP-ACL’s pertaining to VLAN 110 VLAN port members
5500(config)#qos ip-acl name one dst-ip 172.30.30.50/32 protocol 1
5500(config)#qos ip-acl name one dst-ip 172.30.30.50/32 protocol 17 dst-
port-min 67 dst-port-max 67
5500(config)#qos ip-acl name one dst-ip 10.10.30.0/24 block b1
5500(config)#qos ip-acl name one dst-ip 10.62.32.0/24 block b1
5500(config)#qos ip-acl name one dst-ip 10.0.0.0/8 drop-action enable
block b2