Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.0ER - Page 564
Control-plane policing, ACL based, with trust
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 564 highlights
• Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 • Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 • Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3 Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows. OS10(config-pmap-qos)# class cmap OS10(config-pmap-c-qos)# ? OS10(config-pmap-qos)# class cmap OS10(config-pmap-c-qos)# end Exit to the exec Mode exit Exit from current mode no Negate a command or set its defaults police Rate police input traffic set Mark input traffic show show configuration trust Specify dynamic classification to trust[dscp/dot1p] ACL based classification with trust If you have enabled trust based classification and the system has class-maps to install ACL entries in the same policy-map that might conflict with the trust based classification, then by default the trust based classification takes precedence. You can modify the order of precedence by enabling the fallback option of trust dot1p or diffserv (DSCP). 1 Create class-maps. • Create a class-map of type qos to match CoS 5 flow. OS10(config)# class-map cmap-cos5 • Define the fields to be matched on 802.1p CoS 5 values. OS10(config-cmap-qos)# match cos 5 2 Create a policy-map for enabling trust and matching the CoS 5 flow. • Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-trust • Refer the class-maps in the policy-map and define the required action for the flows. OS10(config-pmap-qos)# class class-trust OS10(config-pmap-c-qos)# trust dot1p fallback OS10(config-pmap-qos)# class cmap-cos5 OS10(config-pmap-c-qos)# set qos-group 7 • Attach the policy-map to interface. OS10(conf-if-eth1/1/1)# service-policy input type qos cos-trust Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets. If the rate of control packets towards the CPU is higher than the packet rate that the CPU can handle, CoPP provides a method to selectively drop some of the control traffic so that the CPU can process high-priority control traffic. You can use CoPP to rate-limit traffic through each CPU port queue of the network processor (NPU). 564 Quality of service