Configuring QoS Policy Applications
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 26-78
ICMP Policy Example
Policies can be configured for ICMP on a global basis on the switch. ICMP policies can be used for
security (for example, to drop traffic from the ICMP blaster virus).
In the following example, a condition called icmpCondition is created with no other condition
parameters:
-> policy condition icmpCondition ip-protocol 1
-> policy action icmpAction disposition deny
-> policy rule icmpRule condition icmpCondition action icmpAction
This policy (icmpRule) drops all ICMP traffic. To limit the dropped traffic to ICMP echo requests (pings)
and/or replies, use the policy condition icmptype to specify the appropriate condition. For example,
-> policy condition echo icmptype 8
-> policy condition reply icmptype 0
802.1p and ToS/DSCP Marking and Mapping
802.1p values can be mapped to different 802.lp values on an individual basis or by using a map group. In
addition, ToS or DSCP values can be mapped to 802.1p on a case-by-case basis or via a map group. (Note
that any other mapping combination is not supported.)
Marking is accomplished with the following commands:
policy action 802.1p
policy action tos
policy action dscp
Mapping is accomplished through the following commands:
policy map group
policy action map
Note the following:
• Priority for the flow is based on the policy action. The value specified for 802.1p, ToS, DSCP, or the
map group determines how the flow is queued.
• The port on which the flow arrives (the ingress port) must be a trusted port. For more information
about trusted ports, see “Configuring Trusted Ports” on page 26-7.
In this example, a policy rule (marking) is set up to mark flows from 10.10.3.0 with an 802.1p value of 5:
-> policy condition my_condition source ip 10.10.3.0 mask 255.255.255.0
-> policy action my_action 802.1p 5
-> policy rule marking condition my_condition action my_action
In the next example, the policy map group command specifies a group of values that must be mapped;
the policy action map command specifies what must be mapped (802.1p to 802.1p, ToS/DSCP to 802.1p)
and the mapping group that must be used. For more details about creating map groups, see “Creating Map
Groups” on page 26-61.
Here, traffic from two different subnets must be mapped to 802.1p values in a network called Network C.
A map group (tosGroup) is created with mapping values.
To Next Page
Loading...
Need help?
General
