Avaya P333R-LB 사용자 설명서
Chapter 12
Avaya P330 Layer 3 Features
Avaya
P333R-LB User’s Guide
109
Enforcement
P333R-LB can enforce policy rules on traffic addressed to its interfaces. This feature
enables you to block any configuration (e.g., SNMP, TELNET, and HTTP) of the
router/load balancer.
enables you to block any configuration (e.g., SNMP, TELNET, and HTTP) of the
router/load balancer.
Default List Behavior
P333R-LB has a default list which is always active. The default list has one implicit
rule permitting all traffic to be forwarded. The DSCP table of the default list is
activated together with the default list, and includes the default DSCP-CoS
mappings.
rule permitting all traffic to be forwarded. The DSCP table of the default list is
activated together with the default list, and includes the default DSCP-CoS
mappings.
Policy and Load Balancing
P333R-LB can enforce policy rules relating to Virtual IP addresses and to the
original Client IP. P333R-LB can not enforce policy rules relating to PIP addresses.
When a packet destined to a Virtual IP address is processed by P333R-LB, it checks
the packet against the active policy list before any NAT manipulation is performed
on the packet. Upon returning from the real servers, the packet is checked against
the active policy list after NAT was performed.
original Client IP. P333R-LB can not enforce policy rules relating to PIP addresses.
When a packet destined to a Virtual IP address is processed by P333R-LB, it checks
the packet against the active policy list before any NAT manipulation is performed
on the packet. Upon returning from the real servers, the packet is checked against
the active policy list after NAT was performed.
P333R-LB Policy Properties
P333R-LB supports QoS and Access Control rules pertaining to source IP addresses,
destination IP addresses, any IP protocol, any specific TCP/UDP port, and the ACK
bit of the TCP header. It also supports QoS rules on up to 3 port-ranges of TCP/
UDP.
destination IP addresses, any IP protocol, any specific TCP/UDP port, and the ACK
bit of the TCP header. It also supports QoS rules on up to 3 port-ranges of TCP/
UDP.
Policy Configuration CLI Commands
In order to...
Use the following command...
Display the DSCP-802.1p mapping
show dscp
Activate a specific policy list
ip access-group
Deactivate a specific policy list
no ip access-group
Set the default action for a specific
policy list
policy list
ip access-default-action
Set a name for a policy list
ip access-list-name
Set the owner for a specific policy
list
list
ip access-list-owner