Michael McNamara

technology, networking, virtualization and IP telephony

Ethernet Routing Switch 5000 Software Release v6.1.4

by

Avaya has released software 6.1.4.0 for the Ethernet Routing Switch 5500/5600 series switch.

New Features

  • Ability to set password, username and type of security for any switch in stack (Q02132910, Q02143365)

The 6.1.4 release includes the ability to set password, username and type of authentication for any switch in stack. I can’t really see (right now) how this would be a feature in great demand but I’m sure someone out there will enlighten me! ;)

Problems Resolved

  • Base unit crashed with data exception in PP task (Q02119687)
  • Invalid binding entries via DHCP engineering menu caused fluctuations in the binding table within seconds.(Q02143834).
  • IGMP reports received from Client with TTL greater than 1 were forwarded and when an ERS 8600 connected to an ERS 5520 received the IGMP report with TTL set any value but 1, it dropped the packet (Q02141971)
  • Problems changing switch passwords (Q02132910).
  • Custom user password profiles were not consistently applied to all units in the stack (Q02143365)
  • TACACS authentication caused an exception (Q02126732)
  • In a Triangular IST/SMLT environment, with ERS 8300 as core and ERS 5520 as edge switches, with ARP Inspection enabled, the edge switches lost Arp entry for its default gateway and thus the gateway was no longer reachable. (Q02153086)
  • Under certain conditions, broadcast traffic looped into the stack could generate a broadcast storm (Q02162104).

Known Issues

  • CLI password type for switch is changing from TACACS to Local when we change software image (wi00557586)

This issue happens only when the authentication type for switch is set to TACACS.
Workaround: Remove the switch settings for authentication type before downloading the new software.

  • Password security goes from enable to disable when upgrade/downgrade (wi00557570).

When upgrading from 6.1.4 to 6.2.0, if the password security is enabled, it will become disabled after upgrade. This issue will be fixed with 6.2.1 release. When downgrading from 6.1.4 release to a 6.1.x release, if the password security is enabled, it will become disabled.
Workaround: Enable password security.

You can find the complete release notes here.

Cheers!

Ethernet Routing Switch 8600 Software Release v5.1.3.0

by

Avaya has released v5.1.3.0 software for the Ethernet Routing Switch 8600.

Please review the release notes for all the resolved issues, known issues and known limitations.

Switch management

  • The command “show ports stats show-all” was previously not displaying all of the associated port statistics information. The ERS 8600 now will display the proper information. (Q02012952-01)
  • The egress queue service rates configured in NNCLI mode were previously getting lost after a reboot. The egress queue service rates configured are now retained after a reboot. (Q02116358)
  • In NNCLI mode “show qos egress-queue-set <queue-set-id>” command was showing no output. ERS 8600 now displays the proper output on executing this command. (Q02116618)
  • Initiating a traceroute via JDM to an unknown destination while other ping or traceroute activities were being performed simultaneously from the same switch could potentially lead to system instability. This has been corrected. (Q02137566)

Platform

  • In specific scenarios with filters and port mirroring being used simultaneously, the ERS8600 will no longer see an increase in CPU utilization due to packets being sent to the CP/SF incorrectly. (Q02141867)
  • In some specific ACL configurations with a default-action specified, the ERS8600 previously blocked certain traffic patterns improperly. The issue has been addressed. (Q02068243)
  • Previously links on an R-module could stay up for 60 seconds when the primary SF/CPU (of a dual non-HA SF/CPU configuration only) was not properly removed (module pulled out without prior master reset or switchover). The ERS 8600 now ensures that the links are brought down immediately when the primary SF/CPU is removed for this configuration. (Q02102654)
  • The radius secret key will now be stored as encrypted in the shadov.txt file. Before upgrading to 5.1.3.0, it is now required of the user to delete the radius secret key and then re-add it after the up-grade is complete to avoid accessibility problem with RADIUS. This situation has already been addressed in 7.0.0.0 code release. (Q01881817-03)
  • When multiple failovers are performed on an ERS 8600 in HA environments, some R module I/O modules could come back up off-line. This situation is now addressed in the 5.1.3.0 code release but also requires the use of the new updated DPC FPGA image (see File Names section). Associated with this 5.1.3.0 Release, the DPC firmware image must be upgraded for all R-module I/O modules to the dpc194.xsvf firmware image. If the firmware image is not upgraded, the user will receive a warning log message upon any re-boot of 5.1.3.0 code release, warning them that DPC FPGA firmware image is out of revision. (Q02053766-01)
  • On E/M module cards, receiving 802.3x pause frames on gigabit Ethernet ports could previously result in port level resets. (Q02101087)
  • For an ERS 8600 running with 8692 SF/CPU with SuperMezz, the SuperMezz physical LED will now display properly. (Q02102364)
  • During boot-up, the potential for 8612XLRS 10Gig port flapping will no longer occur. (Q02138423)
  • An error in loading configuration file previously resulted in all of the line cards being disabled. This behavior was added in 5.1 code. This behavior is now changed such that the rest of the correct config will be loaded and all the remaining line cards will not be disabled, but only the line card associated with the improper configuration will be disabled. This situation is different than an “invalid config file, with verify-config flag enabled”, in which case the system will not load the config and will bring up the system with all I/O modules disabled (versus loading the default config). This situation has already been addressed in 7.0.0.0 code release. (Q02056382-01)
  • A power usage calculation error has been corrected for 8648TXE and 8691SF cards which previously lead to improper warnings being generated in some configurations indicating that the chassis was running on low power. (Q02072016)
  • The value of the ingress records was showing improper values via the command show ip mroute-hw resource usage. This has been now been addressed and the proper values for these records are now displayed. (Q02120442)
  • The software power tables embedded in the ERS 8600 were out of sync with the Power Supply Calculator posted via the web. This inconsistency has now been addressed. This issue has already been addressed in 7.0.0.0 code release. (Q02020261-01)

RSTP/MSTP

  • An outage of 30sec has been observed in some RSTP setups when one of the root ports was disabled. This issue has now been addressed and the ERS 8600 re-converges within the proper time interval. (Q01984762-02)
  • In RSTP mode, the log file transfer feature was not working properly. This issue has been addressed and the log file transfer feature is now working as expected when RSTP mode is enabled. (Q02101565-01)

IP Unicast

BGP

  • In a specific aggregation scenario, when an ERS 8600 forms a neighbour relationship with Cisco, the BGP session will no longer go down due to a malformed AS path. (Q02085844-01)
  • During some specific BGP transition scenarios, system instability was previously seen for the ERS 8600. This issue is now addressed. (Q02134841)
  • BGP instabilities are no longer observed associated with a HA failover. (Q02135118)
  • After an HA failover with a BGP route policy enabled, some BGP routes could be rejected and not re-advertised by the ERS 8600. This issue has been addressed. (Q02136224)

OSPF

  • After an upgrade it is now ensured that the OSPF MD5 keys are no longer lost. (Q02127996)

VRRP

  • Enabling and then disabling the IST protocol will no longer lead to improper values displayed in the VRRP records. (Q02106080-01)

IP Multicast

  • ERS 8600 now ensures that when an IP Multicast sender and the receiver are connected to the same ERS 8600, that SPM (Source Path Messages – specific message type within PGM) packets are no longer dropped. This is independent of PGM being enabled or not, as PGM packet flows can function with PIM-SM enabled. (Q02119454)

MLT / SMLT

  • ERS8600 will now deterministically (and properly) hash traffic flows for IPVPN Lite traffic on MLT links. (Q02142913)
  • MLTs will now come up properly when the LACP Min Link feature is enabled. (Q02034692-02)
  • In some rare network events, it is possible to learn the fdb-entry for an IP interface of an SMLT peer on the SMLT associated port instead of the IST MLT. In this scenario, the fdb-entry will now be properly updated afterward to correctly point to the IST MLT. (Q02142730)
  • CPU high buffer utilization and associated IST instabilities will no longer be observed in specific high CPU and high traffic load conditions for the ERS 8600. (Q02109963)
  • The 8632TXE module will now properly go offline in the scenario where both master and slave CPU’s are removed in systems running with smlt-on-single-cp enabled. (Q02123052)

VLACP

  • If a mismatching VLACP configuration exists on two ends of a connection associated with a SLT, the SLT will no longer show as SMLT up improperly after a reboot. (Q02119095)

BFD

  • On an ERS8600 running both BGP and BFD, when one tries to enable BGP first and then BFD on the BGP neighbour, the BFD related config can now be set properly. (Q02141063)

Cheers!

Avaya Technical Configuration Guide for BGP

by

I use BGP extensively to provide dynamic routing between a number of vendors, business partners and affiliated organizations with whom I’m multi-homed to. I recently had to determine if Nortel/Avaya supported eBGP MultiHop on the Ethernet Routing Switch 8600 software release 5.x (they do). Thankfully I was able to peer with a Cisco 6500 switch that was sitting behind a Cisco firewall module from an Ethernet Routing Switch 8600 without any significant issues,.

If you are looking for a great resource on BGP I would highly recommend O’Reilly’s book titled BGP.

If you are looking for Avaya/Nortel specific information concerning their BGP implement then you are in luck. Avaya has a technical configuration guide for the ERS 8600 that focuses on BGP. While this is an older document (November 2007) it still does a great job of providing a number of configuration examples and explaining the basics.

In the near future I might need to use an ERS 8606 as an Internet router. I’ll need to peer with the ISP since I’m multi-home to independent Internet Service Providers, although I’m not sure if the 8692SF can handle a full BGP routing table. Has anyone ever tried to feeding a full (or partial) BGP routing table from the Internet to an ERS 8800/8600 switch?

Cheers!

Ethernet Routing Switch 5000 Software Release v6.2.0

by

Avaya has released software 6.2.0 for the Ethernet Routing Switch 5500/5600 series switches. In order to upgrade to 6.2 software the switch will already need to be running 6.x software along with firmware (diagnostic software) 6.0.0.6. Switches that are running older software will need to first be upgraded to 6.0 and then to 6.2 software.

Please review the release notes for all the details.

Here are some of the new features;

  • Enterprise Device Manager
  • 802.1AB (LLDP) MED Network Policy
  • 802.1X authentication and Wake on LAN
  • 802.1X or Non-EAP and Guest VLAN on same port
  • 802.1X or Non-EAP Last Assigned RADIUS VLAN
  • 802.1X or Non-EAP with Fail Open VLAN
  • 802.1X or Non-EAP with VLAN name
  • Autodetection and Autoconfiguration (ADAC) Uplink Enhancements
  • Automatic QoS 802
  • Automatic QoS and ADAC Interoperability
  • Cisco CLI commands
  • Content-based forward to next hop (formerly source address-based route selection)
  • DHCP enhancements
  • DHCP option 82 support
  • Dual Syslog Server support
  • EAP/NEAP separation
  • Energy Saver
  • Enhanced QoS engine
  • Filter Limiting
  • Full IGMPv3
  • IPv4 Tunneling for IPv6
  • IPv6 Automatic Address Assignment
  • IPv6 Routing DHCP Relay
  • IPv6 Static Routing
  • MAC Security enhancement
  • Multicast group scaling
  • Multiple Hosts with Multiple VLANs for EAP-enabled Ports
  • PIM-SM support
  • Port Mirroring – Bi-directional monitor port
  • QoS DSCP mutation
  • QoS Egress Queue Shaping
  • QoS Lossless Buffering Mode for Data Center Applications
  • Route scaling
  • Running configuration NNCLI display command enhancements
  • Secure Shell File Transfer Protocol (SFTP over SSH)
  • SFP support
  • Split Multi-link Trunk (SMLT) consistency with the Ethernet Routing Switch 8600
  • Split Multi-link Trunk (SMLT) over Link Aggregation Control Protocol (LACP)
  • Trace command
  • Unicast storm control
  • VLAN Scaling

Here are some of the issues that have been resolved in this release;

  • Q01219391 MAC Address table does not age out all MAC sources learned after the aging time has expired.
  • Q01470123 Passive static device behind a phone displayed as unknown after switch reboot.
  • Q01470123-01 Passive static device behind a phone displayed as unknown after switch reboot.
  • Q01728560 ADAC port configuration types not defined in manual.
  • Q01775378 Error message when disabling spanning tree learning.
  • Q01859874 Typed commands should not be sent remotely when log level is serious or critical.
  • Q01860782 A message is needed to confirm the successful upload of an ASCII configuration to USB with the PUSH button.
  • Q01862906 The Time Domain Reflectometer in the JDM displays an incorrect message for the Pin Short cable error.
  • Q01863512 MAC security Lifetime setting cannot be modified from the JDM.
  • Q01865091 MAC authorized clients are not reauthorized after a former base unit reenters the stack.
  • Q01895467 Some LLDP commands fail when configuring a device with an ASCII configuration file.
  • Q01895723 Metric for external routes jumps to 127174722 when a dummy vlink is created and deleted.
  • Q01906362 An NEAP client can change ports without a link down or age out timer event.
  • Q01909890 QoS-IGMP problems with known and unknown multicast options on 56xx ports.
  • Q01901336 Multicast traffic not forwarded through non-local static routes.
  • Q01923408-02 Management VLAN IP address should always be used in relation to RADIUS.
  • Q01927698 PIM interfaces become disabled on a device.
  • Q01938607 Incorrect error message displayed during software download from an unreachable server.
  • Q01942783 Restoring a device with an ASCII configuration file fails when Layer 3 settings are present.
  • Q01943527 Inconsistency between IPv4 and IPv6 in binary configuration file.
  • Q01945909 Some ARP, OSPF, or VRRP packets are unexpectedly mirrored when using XrxYtx mirroring mode and the monitored port is in the Management VLAN or in SMLT VLANs.
  • Q01946214 MAC addresses are lost when a base unit fails.
  • Q01946284 LLDP-Med does not work in certain circumstances
  • Q01947050 ADAC system message logged after a stack is reset.
  • Q01948343 On a pure 56xx stack, port mirroring mode XrxYtx multiplies unicast traffic on port Y in certain scenarios.
  • Q01950071 VLACP enabling does not work in some circumstances.
  • Q01950147 The EAP-TLS or PEAP-MsChapV2 clients could be unexpectedly transitioned to the EAP Held state on a multihost enabled port.
  • Q01950311 Voice traffic is blocked on a non-base unit when ARP inspection is enabled on a VoIP VLAN.
  • Q01951600 Error performing MIB walk on 5632.
  • Q01954041 LLDP Med-Network-Policies Voice Tagging command issue.
  • Q01955272 PIM OIF may not get installed on IR.
  • Q01956922 Continuous IPv6 ping out stops working after 2147 ICMPv6 messages.
  • Q01978465 Telnet session hangs on ERS 5510-48T during an ASCII configuration download.
  • Q02005019 ACG will fail when ports are added to VLANs if an STG was created, VLANs were added, the STG enabled and then ports added to VLANs (configuration control flexible and 1 port in 2 different VLANs).
  • Q02020938 After booting to default settings the syslog will display the message ASCII failed at line 1. This can be ignored. This only happens after a boot to default settings and not during a normal operation or reset of the switch. This does not affect subsequent ASCII downloads. The successful application of configurations can be confirmed using the show logging command. The bogus message will be the first in chronological order.

I would highly recommend you review the release notes for all the details. There are a lot of known issues that should be thoroughly reviewed before you made any decisions about upgrading.

There was one section that caught my eye on page 11 of the release notes;

Currently when ADAC is operational, a user can not change the non-ADAC VLANs on the port (without disabling ADAC, changing the VLAN and then re-enabling ADAC), which leads to usability issues that limit the deployment of ADAC.

The ADAC enhancements provide the ability to change the non-ADAC VLANs on a port irrespective of the ADAC status of the port. Any such changes in the underlying port VLAN assignment are saved as normal to NVRAM and ASCIII configurations.

I posted about this issue with ADAC way back in August of 2008. This one issue has been a real bear and the only real issue we’ve experienced with our ADAC deployments. While it might be the only issue, it can create some enormous problems if the engineers are following the procedure to disable ADAC, make the VLAN change and then enable ADAC again. I’ll be very interested to see if this problem is finally resolved.

I spent a few minutes playing with Enterprise Device Manager but I think this change will drive more folks to the CLI interface where Avaya/Nortel has alot of work to-do. I’m also excited to see that Avaya/Nortel is finally bringing together their Automatic QoS and ADAC features, I’m curious to see what changes they’ve made an how I might be able to tweak my switch configurations to better automate the deployment of IP telephony.

Cheers!

Traffic Filters and ACLs for the Ethernet Routing Switch 5000

by

1105094_15304690There have been a few recent comments on the blog and a few questions on the discussion forum around how ACLs (traffic filters) work on the Ethernet Routing Switch 5520. I thought I would take a few minutes to dive into the subject and perhaps either answer some of those questions or foster some additional discussion. Let me get right to the most popular question.

Is the Ethernet Routing Switch 5510/5520/5530 capable of performing basic IP filtering? Yes.

Prior to software release 5.0 you had to-do all filtering in QoS policies. It seems a lot of confusion comes from the fact that in order to perform IP filtering similar to an ACL in a Cisco router you had to create a QoS policy. With the release of 5.0 software you can now create fairly straight forward ACLs. You can only do this from the CLI or WEB interface, there’s no support for ACLs in Java Device Manager.

Let me walk you through a simple example.

I started with a ERS-5520-PwR and factory reset the switch I gave it a management IP address of 192.168.1.50 (VLAN 1);

5520-48T-PWR(config)#ip address switch 192.168.1.50
5520-48T-PWR(config)#ip default-gateway 192.168.1.1
5520-48T-PWR(config)#ip address netmask 255.255.255.0

I created VLAN 100 and moved ports 13-48 to VLAN 100 making sure to set the PVID;

5520-48T-PWR(config)#vlan members remove 1 13-48
5520-48T-PWR(config)#vlan create 100 type port
5520-48T-PWR(config)#vlan members add 100 14-48
5520-48T-PWR(config)#vlan ports 13-48 pvid 100

I enabled IP routing on the switch (remember out of the box it’s just a Layer 2 switch);

5520-48T-PWR(config)#ip routing

I enabled IP routing for VLAN 1 and then gave VLAN 100 an IP address/interface;

5520-48T-PWR(config)#interface vlan 1
5520-48T-PWR(config-if)#ip routing
5520-48T-PWR(config)#exit

5520-48T-PWR(config)#interface vlan 100
5520-48T-PWR(config-if)#ip address 192.168.100.1 255.255.255.0 2
5520-48T-PWR(config-if)#ip routing
5520-48T-PWR(config)#exit

Let’s just making sure that everything looks right before we get the real meat of this post;

5520-48T-PWR#show vlan ip
==============================================================================
Vid  ifIndex Address         Mask            MacAddress        Offset Routing
==============================================================================
Primary Interfaces
------------------------------------------------------------------------------
1    10001   192.168.1.50    255.255.255.0   00:1F:0A:CE:XX:40 1      Enabled
100  10100   192.168.100.1   255.255.255.0   00:1F:0A:CE:XX:41 2      Enabled
------------------------------------------------------------------------------
% Total of Primary Interfaces: 2

The two IP interfaces are configured properly and have routing enabled. Let’s make sure that the routing table is correct;

5520-48T-PWR#show ip route
===============================================================================
                                        Ip Route
===============================================================================
DST             MASK            NEXT            COST    VLAN PORT PROT TYPE PRF
-------------------------------------------------------------------------------
0.0.0.0         0.0.0.0         192.168.1.1     10       1    1     S  IB     5
192.168.1.0     255.255.255.0   192.168.1.50    1        1    ----  C  DB     0
192.168.100.0   255.255.255.0   192.168.100.1   1        100  ----  C  DB     0
Total Routes: 3
-------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route, U=Unresolved Route, N=Not in HW

Here’s where the real work starts. I created an ACL named “testacl” and then assigned it to port 23.

5520-48T-PWR(config)#qos ip-acl name testacl src-ip 192.168.100.0/24 protocol 6 dst-port-min 80 dst-port-max 80
5520-48T-PWR(config)#qos ip-acl name testacl drop-action enable
5520-48T-PWR(config)#qos acl-assign port 23 acl-type ip name testacl

In the statements above I created an ACL that will allow traffic sourced from 192.168.100.0/24 to a destination TCP port of 80 to pass unrestricted while blocking (dropping) all other traffic. I’ve assigned that ACL to port 23 where I have a test PC connected to the switch.

Let’s just pretend that you forgot to allow DNS (UDP/53) queries in your IP filter so let’s back out the ACL and recreate it.

First we need to determine the ACL number that was assigned to our ACL called “testacl”.  We can do that by issuing the following command;

5520-48T-PWR#show qos acl
Id               Name              State   ACL  Unit/Port Storage
Type             Type
_____ ____________________________ ________ ____ _________ ________
1     testacl                      Enabled  IP   1/23      NonVol

We also need to know how many rules are in the IP ACL that’s being referenced above. We can do that with the following command;

5520-48T-PWR#show qos ip-acl

Id: 1
Name: testacl
Block:
Address Type: IPv4
Destination Addr/Mask: Ignore
Source Addr/Mask: 192.168.100.0/24
DSCP: Ignore
IPv4 Protocol / IPv6 Next Header: TCP
Destination L4 Port Min: 80
Destination L4 Port Max: 80
Source L4 Port Min: Ignore
Source L4 Port Max: Ignore
IPv6 Flow Id: Ignore
Action Drop: No
Action Update DSCP: Ignore
Action Update 802.1p Priority: Ignore
Action Set Drop Precedence: Low Drop
Type: Access List
Storage Type: NonVolatile

Id: 2
Name: testacl
Block:
Address Type: IPv4
Destination Addr/Mask: Ignore
Source Addr/Mask: Ignore
DSCP: Ignore
IPv4 Protocol / IPv6 Next Header: Ignore
Destination L4 Port Min: Ignore
Destination L4 Port Max: Ignore
Source L4 Port Min: Ignore
Source L4 Port Max: Ignore
IPv6 Flow Id: Ignore
Action Drop: Yes
Action Update DSCP: Ignore
Action Update 802.1p Priority: Ignore
Action Set Drop Precedence: Low Drop
Type: Access List
Storage Type: NonVolatile

Now we can remove the ACL from port 23 and then delete it from the switch;

5520-48T-PWR(config)#no qos acl-assign 1
5520-48T-PWR(config)#no qos ip-acl 2
5520-48T-PWR(config)#no qos ip-acl 1

Now we’ll rebuild the ACL allowing DNS queries to the broadband router;

5520-48T-PWR(config)#qos ip-acl name testacl src-ip 192.168.100.0/24 protocol 6 dst-port-min 80 dst-port-max 80
5520-48T-PWR(config)#qos ip-acl name testacl src-ip 192.168.100.0/24 dst-ip 192.168.1.1/32 protocol 17 dst-port-min 53 dst-port-max 53
5520-48T-PWR(config)#qos ip-acl name testacl drop-action enable
5520-48T-PWR(config)#qos acl-assign port 23 acl-type ip name testacl

Now that we have our filter let’s see what it looks like (I’m not a fan of this output format);

5520-48T-PWR#show qos ip-acl

Id: 1
Name: testacl
Block:
Address Type: IPv4
Destination Addr/Mask: Ignore
Source Addr/Mask: 192.168.100.0/24
DSCP: Ignore
IPv4 Protocol / IPv6 Next Header: TCP
Destination L4 Port Min: 80
Destination L4 Port Max: 80
Source L4 Port Min: Ignore
Source L4 Port Max: Ignore
IPv6 Flow Id: Ignore
Action Drop: No
Action Update DSCP: Ignore
Action Update 802.1p Priority: Ignore
Action Set Drop Precedence: Low Drop
Type: Access List
Storage Type: NonVolatile

Id: 2
Name: testacl
Block:
Address Type: IPv4
Destination Addr/Mask: 192.168.1.1/32
Source Addr/Mask: 192.168.100.0/24
DSCP: Ignore
IPv4 Protocol / IPv6 Next Header: UDP
Destination L4 Port Min: 53
Destination L4 Port Max: 53
Source L4 Port Min: Ignore
Source L4 Port Max: Ignore
IPv6 Flow Id: Ignore
Action Drop: No
Action Update DSCP: Ignore
Action Update 802.1p Priority: Ignore
Action Set Drop Precedence: Low Drop
Type: Access List
Storage Type: NonVolatile

Id: 3
Name: testacl
Block:
Address Type: IPv4
Destination Addr/Mask: Ignore
Source Addr/Mask: Ignore
DSCP: Ignore
IPv4 Protocol / IPv6 Next Header: Ignore
Destination L4 Port Min: Ignore
Destination L4 Port Max: Ignore
Source L4 Port Min: Ignore
Source L4 Port Max: Ignore
IPv6 Flow Id: Ignore
Action Drop: Yes
Action Update DSCP: Ignore
Action Update 802.1p Priority: Ignore
Action Set Drop Precedence: Low Drop
Type: Access List
Storage Type: NonVolatile

That’s a basic ACL filter using Layer 3 parameters. There is a Technical Configuration Guide available from Nortel/Avaya that provides additional examples and covers Filtering and QoS configuration of the Ethernet Routing Switch 5500 series switches. The guide is a little dated by still a very useful resource in my opinion.

Cheers!

Reference;
2008_04_01_Filters_and_QOS_Configurati0on_for_Ethernet_Routing_Switch_5500_TCG_NN48500559.pdf

Recent Posts

Categories

SUBSCRIBE BY EMAIL