ERS Filter Configuration

You can use one of the following syntax examples to configure Ethernet Routing Switch (ERS) QoS filters. All examples perform the same filtering and both a security filter and a QoS remarking filter examples are provided.

ERS Original QoS Policy Filter Example

The following syntax is powerful but complicated.

Example

! Security filter example
qos if-group name TaggedLinks class trusted
qos if-assign port 25-26 name TaggedLinks
qos l2-element 1 name VLAN100 vlan-min 100 vlan-max 100 ethertype 0x800
qos ip-element 101 name "10.31.64.0/25" dst-ip 10.31.64.0/25
qos ip-element 102 name "172.16.2.0/24" dst-ip 172.16.2.0/24
qos classifier 1001 set-id 1001 name "Mgmt1" element-type ip element-id 101
qos classifier 1002 set-id 1001 name "Mgmt1" element-type l2 element-id 1
qos classifier 1003 set-id 1002 name "Mgmt2" element-type ip element-id 102
qos classifier 1004 set-id 1002 name "Mgmt2" element-type l2 element-id 1
qos classifier-block 10001 block-number 10001 name "DenyBlock1" set-id 1001 in-profile-action 1 eval-order 1
qos classifier-block 10002 block-number 10001 name "DenyBlock1" set-id 1002 in-profile-action 1 eval-order 1
qos policy 101 name "DenyBlock1" if-group TaggedLinks clfr-type block clfr-id 10001 precedence 14

! QoS remarking filter example
qos l2-element 2 name VLAN200 vlan-min 200 vlan-max 200 ethertype 0x800
qos ip-element 201 name "Qos-Remark-UDP" protocol 17 dst-port-min 2000 dst-port-max 2000
qos ip-element 202 name "Qos-Remark-TCP" protocol 6 dst-port-min 2000 dst-port-max 2000
qos classifier 2001 set-id 2001 name "QosUDP" element-type ip element-id 201
qos classifier 2002 set-id 2001 name "QosUDP" element-type l2 element-id 2
qos classifier 2003 set-id 2002 name "QosTCP" element-type ip element-id 202
qos classifier 2004 set-id 2002 name "QosTCP" element-type l2 element-id 2
qos classifier-block 20001 block-number 20001 name "QoSBlock1" set-id 2001 in-profile-action 7 eval-order 1
qos classifier-block 20002 block-number 20001 name "QoSBlock1" set-id 2002 in-profile-action 7 eval-order 1
qos policy 201 name "QoSBlock1" port 1-24 clfr-type block clfr-id 20001 precedence 13

ERS Interim ACL Syntax Example

The following syntax has many limitations.

Example

! Security filter example
qos ip-acl name "Deny-10.31.64.0" dst-ip 10.31.64.0/25 drop-action enable
qos ip-acl name "Deny-172.16.2.0" dst-ip 172.16.2.0/24 drop-action enable
qos acl-assign port 25-26 acl-type l2 name "VLAN-100"
qos acl-assign port 25-26 acl-type ip name "Deny-10.31.64.0"
qos acl-assign port 25-26 acl-type ip name "Deny-172.16.2.0"

! QoS remarking filter example
qos ip-acl name "QoSUDP" protocol 17 dst-port-min 2000 dst-port-max 2000 update-dscp 46 update-1p 6
qos ip-acl name "QoSTCP" protocol 6 dst-port-min 2000 dst-port-max 2000 update-dscp 46 update-1p 6
qos acl-assign port 25-26 acl-type ip name "QoSUDP"
qos acl-assign port 25-26 acl-type ip name "QoSTCP"

ERS Final QoS Traffic Profile Syntax Example

The following syntax is compact and powerful.

Example

! Security filter example
qos traffic-profile classifier name "DenyNets" dst-ip 10.31.64.0/25 vlan-min 100 vlan-max 100 ethertype 0x800 drop-action enable block A
qos traffic-profile classifier name "DenyNets" dst-ip 172.16.2.0/25 vlan-min 100 vlan-max 100 ethertype 0x800 drop-action enable block A
qos traffic-profile set port 25-26 name DenyNets

! QoS remarking filter example
qos traffic-profile classifier name "QoS-Remark" protocol 17 dst-port-min 2000 dst-port-max 2000 vlan-min 200 vlan-max 200 ethertype 0x800 update-dscp 46 update-1p 6 block A
qos traffic-profile classifier name "QoS-Remark" protocol 6 dst-port-min 2000 dst-port-max 2000 vlan-min 200 vlan-max 200 ethertype 0x800 update-dscp 46 update-1p 6 block A
qos traffic-profile set port 1-24 name QoS-Remark

ERS ACL filter examples translates on Fabric Engine into the following CLI configurations, which are more intuitive than the preceding ERS syntax examples.

9037362-00 Rev AB