Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide - Page 14

Configuring an Ethernet frame header ACL

Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Step Command Remarks By default, IPv6 advanced ACL does not contain any rule. The logging keyword takes effect only when the module (for example, packet filtering) that uses the ACL supports logging. If an IPv6 advanced ACL is for QoS traffic classification: • Do not specify the vpn-instance or fragment keyword. • Do not specify neq for the rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | operator argument. • If the ACL is for outbound QoS traffic classification: urg urg-value } * | established } | counting { Do not specify the routing, | destination { dest-address dest-prefix | hop-by-hop, or flow-label dest-address/dest-prefix | any } | keyword. destination-port operator port1 [ port2 ] | { Do not specify ipv6-ah or dscp dscp | flow-label flow-label-value | 5. Create or edit a rule. fragment | icmp6-type { icmp6-type ipv6-esp for the protocol argument, nor set its value to icmp6-code | icmp6-message } | logging | 0, 43, 44, 51, or 60. routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ] * If an IPv6 advanced ACL is for packet filtering: • Do not specify the vpn-instance, routing, hop-by-hop, fragment, or flow-label keyword. • Do not specify ipv6-ah or ipv6-esp for the protocol argument, nor set its value to 0, 43, 44, 51, or 60. • Do not specify neq for the operator argument. If an ACL is to match information in the IPv6 packet payload, it cannot match the packet with more than two extension headers or with the Encapsulating Security Payload Header. 6. (Optional.) Add or edit a rule comment. rule rule-id comment text By default, no rule comments are configured. Configuring an Ethernet frame header ACL Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority), and link layer protocol type. To configure an Ethernet frame header ACL: 8

Section	Page
Title Page	1
Contents	3
Configuring ACLs	7
Overview	7
Applications on the switch	7
ACL categories	7
Numbering and naming ACLs	7
Match order	8
Rule numbering	9
Rule numbering step	9
Automatic rule numbering and renumbering	9
Fragments filtering with ACLs	9
Configuration task list	9
Configuring a basic ACL	10
Configuring an IPv4 basic ACL	10
Configuring an IPv6 basic ACL	10
Configuring an advanced ACL	11
Configuring an IPv4 advanced ACL	11
Configuring an IPv6 advanced ACL	12
Configuring an Ethernet frame header ACL	14
Copying an ACL	15
Configuring packet filtering with ACLs	16
Applying an ACL to an interface for packet filtering	16
Setting the interval for generating and outputting packet filtering logs	16
Setting the packet filtering default action	16
Displaying and maintaining ACLs	16
ACL configuration example	17
Network requirements	17
Configuration procedure	18
Verifying the configuration	18
QoS overview	20
QoS service models	20
Best-effort service model	20
IntServ model	20
DiffServ model	20
QoS techniques overview	21
Deploying QoS in a network	21
Configuring a QoS policy	22
Non-MQC approach	22
MQC approach	22
Configuration procedure diagram	22
Defining a traffic class	23
Configuration guidelines	23
Configuration procedure	23
Defining a traffic behavior	25
Defining a QoS policy	25
Applying the QoS policy	26
Applying the QoS policy to an interface	26
Applying the QoS policy to a VLAN	27
Applying the QoS policy globally	27
Applying the QoS policy to the control plane	27
Configuration guidelines	28
Configuration procedure	28
Displaying and maintaining QoS policies	28
Configuring priority mapping	30
Overview	30
Introduction to priorities	30
Priority maps	30
Priority trust mode on a port	31
Priority mapping process	32
Priority mapping configuration tasks	33
Configuring a priority map	34
Configuring a port to trust packet priority for priority mapping	34
Changing the port priority of an interface	35
Displaying and maintaining priority mapping	35
Port priority configuration example	36
Network requirements	36
Configuration procedure	36
Priority mapping table and priority marking configuration example	36
Network requirements	36
Configuration procedure	38
Configuring traffic policing, GTS, and rate limit	40
Overview	40
Traffic evaluation and token buckets	40
Token bucket features	40
Evaluating traffic with the token bucket	40
Complicated evaluation	40
Traffic policing	41
GTS	42
Rate limit	43
Configuring traffic policing	43
Configuring GTS	44
Configuring the rate limit	45
Displaying and maintaining traffic policing, GTS, and rate limit	45
Traffic policing and traffic shaping configuration example	45
Network requirements	45
Configuration procedures	46
Configuring congestion management	49
Overview	49
Impacts and countermeasures	49
Congestion management techniques	49
SP queuing	49
WRR queuing	50
WFQ queuing	51
SP+WRR queuing	51
SP+WFQ queuing	51
Configuration approaches and task list	52
Configuring SP queuing	52
Configuration procedure	52
Configuration example	52
Configuring WRR queuing	52
Configuration procedure	52
Configuration example	53
Network requirements	53
Configuration procedure	53
Configuring WFQ queuing	53
Configuration procedure	53
Configuration example	54
Network requirements	54
Configuration procedure	54
Configuring SP+WRR queuing	55
Configuration procedure	55
Configuration example	55
Network requirements	55
Configuration procedure	55
Configuring SP+WFQ queuing	56
Configuration procedure	56
Configuration example	56
Network requirements	56
Configuration procedure	56
Displaying and maintaining congestion management	57
Configuring congestion avoidance	58
Overview	58
Tail drop	58
RED and WRED	58
ECN	59
Configuring and applying a WRED table	59
Displaying and maintaining WRED	60
WRED configuration example	61
Network requirements	61
Configuration procedure	61
Configuring traffic filtering	63
Configuration procedure	63
Configuration example	64
Network requirements	64
Configuration procedure	64
Configuring priority marking	65
Overview	65
Color-based priority marking	65
Packet coloring methods	65
Traffic policing	65
Mapping drop precedence	65
Configuring color-based priority marking	66
Configuring priority marking based on colors obtained through traffic policing	66
Configuring priority marking based on colors obtained through mapping drop precedence	66
Configuration procedure	66
Configuration examples	68
Remarking local precedence configuration example	68
Network requirements	68
Configuration procedure	68
Remarking local QoS ID configuration example	70
Network requirements	70
Configuration considerations	70
Configuration procedure	70
Configuring nesting	73
Configuration procedure	73
Nesting configuration example	74
Network requirements	74
Configuration procedure	74
Configuring PE 1	74
Configuring PE 2	75
Configuring traffic redirecting	76
Configuration procedure	76
Configuration example	77
Network requirements	77
Configuration procedure	78
Configuring aggregate CAR	80
Configuration procedure	80
Displaying and maintaining aggregate CAR	80
Configuration example	80
Network requirements	80
Configuration procedure	81
Configuring class-based accounting	83
Configuration procedure	83
Configuration example	84
Network requirements	84
Configuration procedure	84
Configuring data buffers	86
Configuration task list	87
Enabling the Burst function	87
Configuring data buffers manually	88
Configuring the total shared-area ratio	88
Setting the maximum shared-area ratio for a queue	88
Setting the fixed-area ratio for a queue	89
Applying data buffer configuration	89
Displaying and maintaining data buffers	90
Configuring time ranges	91
Configuration procedure	91
Displaying and maintaining time ranges	91
Time range configuration example	91
Network requirements	91
Configuration procedure	92
Verifying the configuration	92
Appendix	93
Appendix A Default priority maps	93
Appendix B Introduction to packet precedences	94
IP precedence and DSCP values	94
802.1p priority	95
Support and other resources	97
Contacting HP	97
Subscription service	97
Related information	97
Documents	97
Websites	97
Conventions	98
Command conventions	98
GUI conventions	98
Symbols	98
Network topology icons	99
Port numbering in examples	99

Match case Limit results 1 per page

Step

Command

Remarks

Create or edit a rule.

rule

[

rule-id

] {

deny

permit

}

protocol

[ { {

ack

ack-value

fin

fin-value

psh

psh-value

rst

rst-value

syn

syn-value

urg

urg-value

} * |

established

} |

counting

destination

{

dest-address dest-prefix

dest-address/dest-prefix

any

} |

destination-port

operator port1

[

port2

] |

dscp

flow-label

flow-label-value

fragment

icmp6-type

{

icmp6-type

icmp6-code

icmp6-message

} |

logging

routing

[

type

routing-type

] |

hop-by-hop

[

type

hop-type

]

source

{

source-address

source-prefix

source-address/source-prefix

| any

} |

source-port

operator port1

[

port2

] |

time-range

time-range-name

vpn-instance

vpn-instance-name

] *

By default, IPv6 advanced ACL

does not contain any rule.

The

logging

keyword takes effect

only when the module (for

example, packet filtering) that uses

the ACL supports logging.

If an IPv6 advanced ACL is for QoS

traffic classification:

•

Do not specify the

vpn-instance

fragment

keyword.

•

Do not specify

neq

for the

operator

argument.

•

If the ACL is for outbound QoS

traffic classification:

{

Do not specify the

routing

hop-by-hop

, or

flow-label

keyword.

{

Do not specify

ipv6-ah

ipv6-esp

for the

protocol

argument, nor set its value to

0, 43, 44, 51, or 60.

If an IPv6 advanced ACL is for

packet filtering:

•

Do not specify the

vpn-instance

routing

hop-by-hop

fragment

, or

flow-label

keyword.

•

Do not specify

ipv6-ah

ipv6-esp

for the

protocol

argument, nor set its value to 0,

43, 44, 51, or 60.

•

Do not specify

neq

for the

operator

argument.

If an ACL is to match information in

the IPv6 packet payload, it cannot

match the packet with more than

two extension headers or with the

Encapsulating Security Payload

Header.

(Optional.) Add or

edit a rule comment.

rule

rule-id

comment

text

By default, no rule comments are

configured.

Configuring an Ethernet frame header ACL

Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol

header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),

and link layer protocol type.

To configure an Ethernet frame header ACL: