Vlan accounting, Simultaneous per vlan rate limit and qos – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 138

Advertising
background image

120

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Simultaneous per VLAN rate limit and QoS

3

This shall not affect CAM occupation, that is, a single entry Layer-2 ACL still take a CAM entry, even
though system-max l2-acl-table-entries is configured to 256.

The example in the above section configures Layer-2 ACL in 1399, the maximum number in Layer-2
ACL.

VLAN Accounting

VLAN accounting already exists in previous release. Now it works with the increased ACL
infrastructure on NetIron CES and NetIron CER devices as well.

Syntax: [no] vlan-accounting

Brocade(config)#vlan 100

Brocade(config-vlan-100)# vlan-accounting

Following command will display the VLAN accounting.

Brocade(config)#show vlan 100

byte-accounting command is deprecated in NetIron CES and NetIron CER. Similar to Brocade MLX
series, NetIron CES and NetIron CER use vlan-accounting command.

Simultaneous per VLAN rate limit and QoS

Simultaneous per-VLAN Rate Limit and QoS and add DSCP-marking to the Layer-2 ACL are added to
the NetIron CES and NetIron CER platforms only. Layer-2 numbered ACL to 1000 has been
expanded on Brocade MLX series, NetIron XMR, NetIron CES and NetIron CER platforms. VLAN
accounting works with the increased ACL infrastructure on NetIron CES and NetIron CER platform
only.

Currently Layer-2 ACL does not provide an action of DSCP-marking, since DSCP belongs to Layer-3.
Simultaneous per-VLAN rate limit and QoS requires Layer-2 ACL to mark DSCP. This is available only
on NetIron CES and NetIron CER platforms.

This assumes the packets have both Layer-2 and Layer-3 headers, so that matching Layer-2 will
mark Layer-3 parameters. For pure Layer-2 packets without Layer-3 header or non-IP packets, the
result is unpredictable, and the ACL may give wrong data. For this reason, a warning message will
display once a user configure a DSCP-marking on Layer-2 ACL.

Syntax: [no] access-list num [sequence num] permit | deny src-mac mask | any dest-mac mask |

any [vlan-id | any] [etype etype-str ] [ priority queue-value | priority-force queue-value |
priority-mapping queue-value] [log] mirror] [mark-flow-id] [dscp-marking number]

The following example matches VLAN 100 and mark DSCP to 54:

Brocade(config)# access-list 1399 permit any any 100 etype any dscp-marking 54

NOTE

This ACL will have unexpected results on non-IP packets. Make sure the traffic on the interfaces are
IP packets.

Advertising
Popular Brands
Popular manuals