Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch ACL and QoS Configuration Guide - Page 7

Configuring ACLs, Overview, Applications on the switch, ACL categories, Numbering and naming ACLs

Add to My Manuals
Save this manual to your list of manuals

Page 7 highlights

Configuring ACLs Overview An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on criteria such as source IP address, destination IP address, and port number. ACLs are primarily used for packet filtering. "Configuring packet filtering with ACLs" provides an example. You can use ACLs in QoS, security, routing, and other feature modules for identifying traffic. The packet drop or forwarding decisions varies with the modules that use ACLs. Applications on the switch An ACL is implemented in hardware or software, depending on the module that uses it. If the module is implemented in hardware (for example, the packet filter or QoS module), the ACL is applied to hardware to process traffic. If the module is implemented in software (for example, the routing module or the user interface access control module such as Telnet or SNMP), the ACL is applied to software to process traffic. The user interface access control module denies packets that do not match any ACL. Some modules (QoS for example) ignore the permit or deny action in ACL rules and do not base their drop or forwarding decisions on the action set in ACL rules. See the specified module for information about ACL application. ACL categories Category Basic ACLs ACL number 2000 to 2999 Advanced ACLs 3000 to 3999 IP version IPv4 IPv6 IPv4 IPv6 Ethernet frame header ACLs 4000 to 4999 N/A Match criteria Source IPv4 address. Source IPv6 address. Source IPv4 address, destination IPv4 address, packet priority, protocols over IPv4, and other Layer 3 and Layer 4 header fields. Source IPv6 address, destination IPv6 address, packet priority, protocols over IPv6, and other Layer 3 and Layer 4 header fields. Layer 2 header fields, such as source and destination MAC addresses, 802.1p priority, and link layer protocol type. Numbering and naming ACLs Each ACL category has a unique range of ACL numbers. When creating an ACL, you must assign it a number. In addition, you can assign the ACL a name for ease of identification. After creating an ACL with a name, you cannot rename it or delete its name. 1

Section	Page
Title Page	1
Contents	3
Configuring ACLs	7
Overview	7
Applications on the switch	7
ACL categories	7
Numbering and naming ACLs	7
Match order	8
Rule numbering	9
Rule numbering step	9
Automatic rule numbering and renumbering	9
Fragments filtering with ACLs	9
Configuration task list	9
Configuring a basic ACL	10
Configuring an IPv4 basic ACL	10
Configuring an IPv6 basic ACL	10
Configuring an advanced ACL	11
Configuring an IPv4 advanced ACL	11
Configuring an IPv6 advanced ACL	12
Configuring an Ethernet frame header ACL	14
Copying an ACL	15
Configuring packet filtering with ACLs	16
Applying an ACL to an interface for packet filtering	16
Setting the interval for generating and outputting packet filtering logs	16
Setting the packet filtering default action	16
Displaying and maintaining ACLs	16
ACL configuration example	17
Network requirements	17
Configuration procedure	18
Verifying the configuration	18
QoS overview	20
QoS service models	20
Best-effort service model	20
IntServ model	20
DiffServ model	20
QoS techniques overview	21
Deploying QoS in a network	21
Configuring a QoS policy	22
Non-MQC approach	22
MQC approach	22
Configuration procedure diagram	22
Defining a traffic class	23
Configuration guidelines	23
Configuration procedure	23
Defining a traffic behavior	25
Defining a QoS policy	25
Applying the QoS policy	26
Applying the QoS policy to an interface	26
Applying the QoS policy to a VLAN	27
Applying the QoS policy globally	27
Applying the QoS policy to the control plane	27
Configuration guidelines	28
Configuration procedure	28
Displaying and maintaining QoS policies	28
Configuring priority mapping	30
Overview	30
Introduction to priorities	30
Priority maps	30
Priority trust mode on a port	31
Priority mapping process	32
Priority mapping configuration tasks	33
Configuring a priority map	34
Configuring a port to trust packet priority for priority mapping	34
Changing the port priority of an interface	35
Displaying and maintaining priority mapping	35
Port priority configuration example	36
Network requirements	36
Configuration procedure	36
Priority mapping table and priority marking configuration example	36
Network requirements	36
Configuration procedure	38
Configuring traffic policing, GTS, and rate limit	40
Overview	40
Traffic evaluation and token buckets	40
Token bucket features	40
Evaluating traffic with the token bucket	40
Complicated evaluation	40
Traffic policing	41
GTS	42
Rate limit	43
Configuring traffic policing	43
Configuring GTS	44
Configuring the rate limit	45
Displaying and maintaining traffic policing, GTS, and rate limit	45
Traffic policing and traffic shaping configuration example	45
Network requirements	45
Configuration procedures	46
Configuring congestion management	49
Overview	49
Impacts and countermeasures	49
Congestion management techniques	49
SP queuing	49
WRR queuing	50
WFQ queuing	51
SP+WRR queuing	51
SP+WFQ queuing	51
Configuration approaches and task list	52
Configuring SP queuing	52
Configuration procedure	52
Configuration example	52
Configuring WRR queuing	52
Configuration procedure	52
Configuration example	53
Network requirements	53
Configuration procedure	53
Configuring WFQ queuing	53
Configuration procedure	53
Configuration example	54
Network requirements	54
Configuration procedure	54
Configuring SP+WRR queuing	55
Configuration procedure	55
Configuration example	55
Network requirements	55
Configuration procedure	55
Configuring SP+WFQ queuing	56
Configuration procedure	56
Configuration example	56
Network requirements	56
Configuration procedure	56
Displaying and maintaining congestion management	57
Configuring congestion avoidance	58
Overview	58
Tail drop	58
RED and WRED	58
ECN	59
Configuring and applying a WRED table	59
Displaying and maintaining WRED	60
WRED configuration example	61
Network requirements	61
Configuration procedure	61
Configuring traffic filtering	63
Configuration procedure	63
Configuration example	64
Network requirements	64
Configuration procedure	64
Configuring priority marking	65
Overview	65
Color-based priority marking	65
Packet coloring methods	65
Traffic policing	65
Mapping drop precedence	65
Configuring color-based priority marking	66
Configuring priority marking based on colors obtained through traffic policing	66
Configuring priority marking based on colors obtained through mapping drop precedence	66
Configuration procedure	66
Configuration examples	68
Remarking local precedence configuration example	68
Network requirements	68
Configuration procedure	68
Remarking local QoS ID configuration example	70
Network requirements	70
Configuration considerations	70
Configuration procedure	70
Configuring nesting	73
Configuration procedure	73
Nesting configuration example	74
Network requirements	74
Configuration procedure	74
Configuring PE 1	74
Configuring PE 2	75
Configuring traffic redirecting	76
Configuration procedure	76
Configuration example	77
Network requirements	77
Configuration procedure	78
Configuring aggregate CAR	80
Configuration procedure	80
Displaying and maintaining aggregate CAR	80
Configuration example	80
Network requirements	80
Configuration procedure	81
Configuring class-based accounting	83
Configuration procedure	83
Configuration example	84
Network requirements	84
Configuration procedure	84
Configuring data buffers	86
Configuration task list	87
Enabling the Burst function	87
Configuring data buffers manually	88
Configuring the total shared-area ratio	88
Setting the maximum shared-area ratio for a queue	88
Setting the fixed-area ratio for a queue	89
Applying data buffer configuration	89
Displaying and maintaining data buffers	90
Configuring time ranges	91
Configuration procedure	91
Displaying and maintaining time ranges	91
Time range configuration example	91
Network requirements	91
Configuration procedure	92
Verifying the configuration	92
Appendix	93
Appendix A Default priority maps	93
Appendix B Introduction to packet precedences	94
IP precedence and DSCP values	94
802.1p priority	95
Support and other resources	97
Contacting HP	97
Subscription service	97
Related information	97
Documents	97
Websites	97
Conventions	98
Command conventions	98
GUI conventions	98
Symbols	98
Network topology icons	99
Port numbering in examples	99

Match case Limit results 1 per page

Configuring ACLs

Overview

An access control list (ACL) is a set of rules (or permit or deny statements) for identifying traffic based on

criteria such as source IP address, destination IP address, and port number.

ACLs are primarily used for packet filtering. "

Configuring packet filtering with ACLs

" provides an

example. You can use ACLs in QoS, security, routing, and other feature modules for identifying traffic.

The packet drop or forwarding decisions varies with the modules that use ACLs.

Applications on the switch

An ACL is implemented in hardware or software, depending on the module that uses it. If the module is

implemented in hardware (for example, the packet filter or QoS module), the ACL is applied to hardware

to process traffic. If the module is implemented in software (for example, the routing module or the user

interface access control module such as Telnet or SNMP), the ACL is applied to software to process

traffic.

The user interface access control module denies packets that do not match any ACL. Some modules (QoS

for example) ignore the permit or deny action in ACL rules and do not base their drop or forwarding

decisions on the action set in ACL rules. See the specified module for information about ACL application.

ACL categories