Table Of ContentConfiguration — QoS and ACL-Based
Traffic Filtering
Avaya Virtual Services Platform 9000
3.3
NN46250-502, 04.01
May 2012
© 2012 Avaya Inc. Copyright
All Rights Reserved. Except where expressly stated otherwise, no use should be made of
materials on this site, the Documentation, Software, or Hardware
Notice provided by Avaya. All content on this site, the documentation and the
Product provided by Avaya including the selection, arrangement and
While reasonable efforts have been made to ensure that the design of the content is owned either by Avaya or its licensors and is
information in this document is complete and accurate at the time of protected by copyright and other intellectual property laws including the
printing, Avaya assumes no liability for any errors. Avaya reserves the sui generis rights relating to the protection of databases. You may not
right to make changes and corrections to the information in this modify, copy, reproduce, republish, upload, post, transmit or distribute
document without the obligation to notify any person or organization of in any way any content, in whole or in part, including any code and
such changes. software unless expressly authorized by Avaya. Unauthorized
reproduction, transmission, dissemination, storage, and or use without
Documentation disclaimer the express written consent of Avaya can be a criminal, as well as a
civil offense under the applicable law.
“Documentation” means information published by Avaya in varying
mediums which may include product information, operating instructions
Third-party components
and performance specifications that Avaya generally makes available
to users of its products. Documentation does not include marketing Certain software programs or portions thereof included in the Product
materials. Avaya shall not be responsible for any modifications, may contain software distributed under third party agreements (“Third
additions, or deletions to the original published version of Party Components”), which may contain terms that expand or limit
documentation unless such modifications, additions, or deletions were rights to use certain portions of the Product (“Third Party Terms”).
performed by Avaya. End User agrees to indemnify and hold harmless Information regarding distributed Linux OS source code (for those
Avaya, Avaya's agents, servants and employees against all claims, Products that have distributed the Linux OS source code), and
lawsuits, demands and judgments arising out of, or in connection with, identifying the copyright holders of the Third Party Components and the
subsequent modifications, additions or deletions to this documentation, Third Party Terms that apply to them is available on the Avaya Support
to the extent made by End User. Web site: http://support.avaya.com/Copyright.
Link disclaimer Trademarks
Avaya is not responsible for the contents or reliability of any linked Web The trademarks, logos and service marks (“Marks”) displayed in this
sites referenced within this site or documentation provided by Avaya. site, the Documentation and Product(s) provided by Avaya are the
Avaya is not responsible for the accuracy of any information, statement registered or unregistered Marks of Avaya, its affiliates, or other third
or content provided on these sites and does not necessarily endorse parties. Users are not permitted to use such Marks without prior written
the products, services, or information described or offered within them. consent from Avaya or such third party which may own the Mark.
Avaya does not guarantee that these links will work all the time and has Nothing contained in this site, the Documentation and Product(s)
no control over the availability of the linked pages. should be construed as granting, by implication, estoppel, or otherwise,
any license or right in and to the Marks without the express written
Warranty permission of Avaya or the applicable third party.
Avaya provides a limited warranty on its Hardware and Software
Avaya is a registered trademark of Avaya Inc.
(“Product(s)”). Refer to your sales agreement to establish the terms of
the limited warranty. In addition, Avaya’s standard warranty language,
All non-Avaya trademarks are the property of their respective owners,
as well as information regarding support for this Product while under
and “Linux” is a registered trademark of Linus Torvalds.
warranty is available to Avaya customers and other parties through the
Avaya Support Web site: http://support.avaya.com. Please note that if Downloading Documentation
you acquired the Product(s) from an authorized Avaya reseller outside
of the United States and Canada, the warranty is provided to you by For the most current versions of Documentation, see the Avaya
said Avaya reseller and not by Avaya. Support Web site: http://support.avaya.com.
Licenses Contact Avaya Support
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA Avaya provides a telephone number for you to use to report problems
WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE or to ask questions about your Product. The support telephone number
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR is 1-800-242-2121 in the United States. For additional support
INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., telephone numbers, see the Avaya Web site: http://support.avaya.com.
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER
(AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS
OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES
NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED
FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN
AVAYA AUTHORIZED RESELLER; AVAYA RESERVES THE RIGHT
TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE
USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY
INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF
YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER
REFERRED TO INTERCHANGEABLY AS “YOU” AND “END USER”),
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A
BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE (“AVAYA”).
2 Configuration — QoS and ACL-Based Traffic Filtering May 2012
Comments? infodev@avaya.com
Contents
Chapter 1: Purpose of this document...............................................................................7
Chapter 2: New in this release...........................................................................................9
Chapter 3: QoS fundamentals............................................................................................ 11
Introduction to QoS...................................................................................................................................11
Configuration considerations....................................................................................................................12
Queuing.....................................................................................................................................................12
Avaya Service Class.................................................................................................................................13
Internal QoS level......................................................................................................................................15
Classification and mapping.......................................................................................................................15
DiffServ.....................................................................................................................................................16
Ingress mappings......................................................................................................................................18
Egress mappings......................................................................................................................................23
QoS and filters..........................................................................................................................................24
Policing and shaping.................................................................................................................................24
Layer 2 and Layer 3 trusted and untrusted ports......................................................................................30
Broadcast and multicast traffic bandwidth limiters....................................................................................31
CPU protection..........................................................................................................................................31
QoS and VoIP...........................................................................................................................................32
Traffic management profiles......................................................................................................................33
Chapter 4: Traffic filtering fundamentals..........................................................................35
Overview...................................................................................................................................................35
Access control lists....................................................................................................................................35
Access control entries...............................................................................................................................37
Actions..............................................................................................................................................42
Conflict and Precedence..................................................................................................................43
Common ACE uses and configuration.............................................................................................47
Traffic filter configuration...........................................................................................................................49
ACL and ACE configuration guidelines.....................................................................................................49
Filter limitations.........................................................................................................................................49
Chapter 5: Basic DiffServ configuration using EDM.......................................................51
Enabling DiffServ for a port.......................................................................................................................51
Configuring Layer 3 trusted or untrusted ports.........................................................................................52
Configuring Layer 2 trusted or untrusted ports.........................................................................................53
Configuring the port QoS level..................................................................................................................53
Chapter 6: Basic DiffServ configuration using ACLI.......................................................55
Enabling DiffServ on a port.......................................................................................................................55
Configuring Layer 3 trusted or untrusted ports.........................................................................................56
Configuring Layer 2 trusted or untrusted ports.........................................................................................57
Configuring the port QoS level..................................................................................................................57
Chapter 7: QoS configuration using EDM........................................................................59
Configuring a QoS profile..........................................................................................................................59
Configuring port-based shaping................................................................................................................61
Configuring port-based policing................................................................................................................62
Configuring a policy-based policer............................................................................................................62
Configuration — QoS and ACL-Based Traffic Filtering May 2012 3
Modifying ingress 802.1p to QoS mappings.............................................................................................63
Modifying ingress DSCP to QoS mappings..............................................................................................64
Modifying egress QoS to 802.1p mappings..............................................................................................65
Modifying egress QoS to DSCP mappings...............................................................................................66
Chapter 8: QoS configuration using ACLI........................................................................67
Configuring a QoS profile..........................................................................................................................67
Configuring broadcast and multicast bandwidth limiting...........................................................................68
Configuring the port-based shaper...........................................................................................................69
Configuring a port-based policer...............................................................................................................69
Configuring a policy-based policer............................................................................................................70
Configuring ingress mappings..................................................................................................................72
Configuring egress mappings...................................................................................................................73
Chapter 9: Access control list configuration using EDM................................................75
Configuring an access control list.............................................................................................................75
Chapter 10: Access control list configuration using ACLI.............................................79
Creating an ACL........................................................................................................................................80
Associating VLANs with an ACL...............................................................................................................81
Associating ports with an ACL..................................................................................................................81
Configuring global and default actions for an ACL....................................................................................82
Renaming an ACL.....................................................................................................................................84
Disabling an ACL......................................................................................................................................85
Resetting an ACL to default values...........................................................................................................86
Deleting an ACL........................................................................................................................................87
Chapter 11: Access control entry configuration using EDM..........................................89
Configuring an ACE..................................................................................................................................89
Configuring ACE actions...........................................................................................................................91
Configuring ACE ARP entries...................................................................................................................94
Viewing all ACE ARP entries for an ACL..................................................................................................95
Configuring an ACE Ethernet source address..........................................................................................96
Configuring an ACE Ethernet destination address...................................................................................97
Configuring an ACE LAN traffic type.........................................................................................................98
Configuring an ACE Ethernet VLAN tag priority.......................................................................................99
Configuring an ACE Ethernet port............................................................................................................101
Configuring an ACE Ethernet VLAN ID.....................................................................................................102
Viewing all ACE Ethernet entries for an ACL............................................................................................103
Configuring an ACE IP source address....................................................................................................105
Configuring an ACE IP destination address..............................................................................................106
Configuring an ACE IP DSCP...................................................................................................................107
Configuring an ACE IP protocol................................................................................................................108
Configuring ACE IP options......................................................................................................................109
Configuring ACE IP fragmentation............................................................................................................111
Viewing all ACE IP entries for an ACL......................................................................................................112
Configuring an ACE source port...............................................................................................................113
Configuring an ACE TCP flag...................................................................................................................117
Viewing all ACE protocol entries for an ACL.............................................................................................118
Configuring the packet log........................................................................................................................120
Chapter 12: Access control entry configuration using ACLI..........................................121
4 Configuration — QoS and ACL-Based Traffic Filtering May 2012
Configuring ACEs......................................................................................................................................121
Configuring ACE actions...........................................................................................................................123
Configuring ARP ACEs.............................................................................................................................126
Configuring an Ethernet ACE....................................................................................................................127
Configuring an IP ACE..............................................................................................................................129
Configuring a protocol ACE.......................................................................................................................132
Viewing ACL and ACE configuration data.................................................................................................134
Viewing filtered packets............................................................................................................................135
Chapter 13: Common procedures using EDM.................................................................. 137
Saving the configuration...........................................................................................................................137
Chapter 14: Common procedures using ACLI.................................................................139
Saving the configuration...........................................................................................................................139
Restarting the platform..............................................................................................................................141
Chapter 15: Advanced filter examples..............................................................................143
ACE filters for secure networks.................................................................................................................143
Chapter 16: Customer service...........................................................................................211
Getting technical documentation...............................................................................................................211
Getting product training.............................................................................................................................211
Getting help from a distributor or reseller..................................................................................................211
Getting technical support from the Avaya Web site..................................................................................211
Configuration — QoS and ACL-Based Traffic Filtering May 2012 5
6 Configuration — QoS and ACL-Based Traffic Filtering May 2012
Chapter 1: Purpose of this document
This document provides conceptual information and configuration instructions to use Quality of Service
(QoS) and ACL-based filters on the Avaya Virtual Services Platform 9000.
Configuration — QoS and ACL-Based Traffic Filtering May 2012 7
Purpose of this document
8 Configuration — QoS and ACL-Based Traffic Filtering May 2012
Comments? infodev@avaya.com
Chapter 2: New in this release
There are no changes in Avaya Virtual Services Platform 9000 Configuration — QoS and ACL-Based
Traffic Filtering , NN46250–502, for Release 3.3.
Configuration — QoS and ACL-Based Traffic Filtering May 2012 9
New in this release
10 Configuration — QoS and ACL-Based Traffic Filtering May 2012
Comments? infodev@avaya.com
Description:2 Configuration — QoS and ACL-Based Traffic Filtering. May 2012. Comments? . Policing and shaping. Chapter 4: Traffic filtering fundamentals.
