Filt
Filters and QOS Configuration for Ethernet Routing Switch 5500
Technical Configuration Guide
54
January 2013
avaya.com
5500(config-if)#
spanning-tree bpdu-filtering timeout 0
5500(config-if)#
spanning-tree bpdu-filtering enable
5500(config-if)#
exit
ERS5500: Step 2
– Enable Rate Limiting to 10% of total traffic for both broadca st and multicast
traffic
5500(config)#
interface fastEthernet all
5500(config-if)#
rate-limit port
1-10
both 10
5500(config-if)#
exit
Please note that the rate limit parameter on the ERS 5500 is expressed as percent age
of total traffic. The values used in this example are just a suggestion and may vary
depending on your needs.
12.3.1.6 Enable DHCP -Snooping and ARP-Inspection
ERS5500: Step 1
– Enable DHCP-Snooping for VLAN’s 110 and 220 and enable DHCP -Snooping
globally
5500(config)#
ip dhcp-snooping vlan 110
5500(config)#
ip dhcp-snooping vlan 220
5500(config)#
ip dhcp-snooping enable
ERS5500: Step 1
– Enable ARP-Inspection for VLAN’s 110 and 220
5500(config)#
ip arp-inspection vlan 110
5500(config)#
ip arp-inspection vlan 220
12.3.1.7 Enable IP Source Guard
ERS5500: Step 1
– Enable IP Source Guard on access port members from VLAN 110 and 220
5500(config)#
interface fastEthernet
3-6,8-10
5500(config-if)#
ip verify source
5500(config-if)#
exit
12.3.1.8
Create ACL’s for VLAN 110 Port Members
ERS5500: Step 1
– Create IP-ACL’s pertaining to VLAN 110 VLAN port members
5500(config)#
qos ip-acl name one dst-ip 172.30.30.50/32 protocol 1
5500(config)#
qos ip-acl name one dst-ip 172.30.30.50/32 protocol 17 dst-port-
min 67 dst-port-max 67
5500(config)#
qos ip-acl name one dst-ip 10.10.30.0/24 block b1