Alcatel-Lucent omnistack 6300 Guía Del Usuario
Console(config)#access-list mac mask-precedence in
Console(config-mac-mask-acl)#mask host any
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/1
Console(config-if)#match access-list mac FROM_MAC_3 set priority 7
Console(config-if)#match access-list ip FROM_IP_3 set priority 1 precedence 3 (1)
Or
Console(config-if)#match access-list ip FROM_IP_3 set priority 1 dscp 62 (2)
Packets from ip 2.0.0.3 will match ACL FROM_IP_3.
With ACL Marker (1)
Console(config-mac-mask-acl)#mask host any
Console(config-mac-mask-acl)#exit
Console(config)#interface ethernet 1/1
Console(config-if)#match access-list mac FROM_MAC_3 set priority 7
Console(config-if)#match access-list ip FROM_IP_3 set priority 1 precedence 3 (1)
Or
Console(config-if)#match access-list ip FROM_IP_3 set priority 1 dscp 62 (2)
Packets from ip 2.0.0.3 will match ACL FROM_IP_3.
With ACL Marker (1)
802.1p will be set to 1 and IP Precedence to 3 in egress packets
CoS will be 1 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 0 (CoS 1 gives queue 0)
CoS will be 1 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 0 (CoS 1 gives queue 0)
With ACL Marker (2)
802.1p will be set to 1 and IP DSCP to 62 in egress packets
CoS will be 1 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 0 (CoS 1 gives queue 0)
CoS will be 1 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 0 (CoS 1 gives queue 0)
Packets from mac 00-00-00-00-00-03 will match ACL FROM_MAC_3
802.1p will be set to 7 in egress packet
CoS will be 7 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 7 (CoS 7 gives queue 7)
CoS will be 7 since we are in the default CoS mode (CoS comes from 802.1p)
priority queue will be 7 (CoS 7 gives queue 7)
Limitation
♦ MAC ACL always executed first. If the same packet matches both MAC and IP ACLs, then the packet will
be stamped with 802.1p coming from MAC ACL. In the example, packet with mac 00-00-00-00-00-03 and ip
2.0.0.3 will be stamped with 802.1p 7. Packet will also be queued to priority queue 7.
2.0.0.3 will be stamped with 802.1p 7. Packet will also be queued to priority queue 7.
♦ MAC ACL can only set the priority (802.1p value)
♦ ACL Marker is configured on an interface basis. Only one IP ACL and/or one MAC ACL per port.
Note
When a packet matches both MAC and IP ACLs, the 802.1p will always be stamped from the MAC ACL.
However, the IP ACL is still executed for the “set precedence” or “set dscp”. In the example, packet with mac
00-00-00-00-00-03 and ip 2.0.0.3 will be stamped with 802.1p 7 and precedence 3 (1) or dscp 62 (2)
However, the IP ACL is still executed for the “set precedence” or “set dscp”. In the example, packet with mac
00-00-00-00-00-03 and ip 2.0.0.3 will be stamped with 802.1p 7 and precedence 3 (1) or dscp 62 (2)
Issue
“set dscp” is currently broken (dscp value is not changed on egress packets).
Interoperability with OmniSwitch 6624/6648 7700/7800 8800
ACL Markers are fully compliant with the “stamp policies” configured on the OmniSwitches.
They both give priority and modify egress packets on a packet flow basis.
However, an ACL Marker is always attached to an interface whereas a “stamp policy” is chassis wide.
OmniSwitch 6300 does not need a “qos apply” (that flushes the mac and arp tables) after creating a new ACL.
ACLs are enforced to a dedicated filtering hardware that does not interact with “source learning”.
ACLs always work at “wire speed”, there is no software processing at all.
They both give priority and modify egress packets on a packet flow basis.
However, an ACL Marker is always attached to an interface whereas a “stamp policy” is chassis wide.
OmniSwitch 6300 does not need a “qos apply” (that flushes the mac and arp tables) after creating a new ACL.
ACLs are enforced to a dedicated filtering hardware that does not interact with “source learning”.
ACLs always work at “wire speed”, there is no software processing at all.
5. ACL
The switch supports both ingress ACL and egress ACL to filter incoming and outgoing traffic on an interface.
The switch has 3 kinds of ACLs:
♦ Standard IP: to filter source ip addresses
The switch has 3 kinds of ACLs:
♦ Standard IP: to filter source ip addresses
♦ Extended IP: to filter L3/L4 header packets
♦ MAC: to filter L2 header packets
ACLs are active on an interface basis.
Each interface can have multiple ACLs, but only one of each type:
ACLs are active on an interface basis.
Each interface can have multiple ACLs, but only one of each type: