• December 12, 2019, 05:42:57 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Nortel 5510 and QoS/ACL  (Read 2392 times)

0 Members and 1 Guest are viewing this topic.

Offline Gurvan

  • Rookie
  • **
  • Posts: 1
Nortel 5510 and QoS/ACL
« on: April 25, 2012, 09:04:07 PM »

I try to set up QoS/ACL to limit udp to a destination but it drops all udp packets (or not drop...)
I want limit my ESXi to receive 30Mbits for dst port 53, 10Mbits for dst port 161 and 5mbits for all other UDP trafic. (Port 1 = Uplink, Port 17/19 = ESXi).

First test, use traffic meter but the traffic above the meter does not drop o_O.

What I have is as follow : 12.2 Configuration Example 1 Traffic Meter Using Policies

In the documentation :
For UDP dst port 80, meter traffic at 10M
For UDP dst port 69, meter traffic at 5M
For UDP dst port 137, meter traffic at 1M

I tried this configuration but adapting nothing to be done ...
Either that drop nothing, or it drop any

I also tried use ACL for drop all UDP trafic for port 80 but the result was a little anything. (Loss of ssh session etc.)

sw02(config)#qos ip-acl name udp-80 dst-ip protocol 17 dst-port-min 80 dst-port-max 80 drop-action enable
sw02(config)#qos ip-acl name udp-80 drop-action disable
sw02(config)#qos acl-assign port 1 acl-type ip name udp-80

I try to apply this type of adjustment to against UDP attacks.
I am taking advice as i read and reread the documentation and the blog, i'm doing.

Thanks !