ACL on Baystack 5520 1

[stefan101]

I've have several baystack 5520 (new). I've install several vlan and need to restrict access accross some vlans but all need access to the core. So i figure the best way is ACL's id like to group the ACL into a block but for some reason when I inport the same block name it creates a seperate Classifier block and ID.
I cannot also assign this block to the ports. Could anyone help.

Heres an example of the setup i'm tring

qos ip-acl name test src-ip 10.0.0.0/24 dst-ip 10.0.1.0/24 drop-action enable block vlan_test

qos ip-acl name test src-ip 10.0.1.0/24 dst-ip 10.0.0.0/24 drop-action enable block vlan_test

qos acl-assign port 1/1 acl-type ip name vlan_test

Am I approaching this wrong, I could manually enter each one but if got 9 switches and 10 vlans this would be hellish and very untidy.

Stefan

 

[yulincole]

Hi Stefan101

This is another option to achieve your goal.

qos ip-element 1 src-ip 10.0.0.0/24 dst-ip 10.0.1.0/24
qos ip-element 2 src-ip 10.0.1.0/24 dst-ip 10.0.0.0/24
qos classifier 1 set-id 1 name test element-type ip element-id 1
qos classifier 2 set-id 2 name "test_2" element-type ip element-id 2
qos classifier-block 1 block-number 1 name testblock set-id 1
qos classifier-block 2 block-number 1 name testblock set-id 2
qos policy 1 name test port 1 clfr-type block clfr-id 1 in-profile-action 1 precedence 11

 

[yulincole]

For multiple switch management, Nortel just introduces a new software called "CLI*manager".

http://www.nortel.com/corporate/nortel_on_nortel/cli_mgr.html

Get it and try.

Regards

 

[stefan101]

Thanks for the above!!

is there a maximum number of ip-elemenets you can set?

I seem to have maxed out at 200

 

[yulincole]

Hi Stefan101

This is the link of Qos and filters configuration guide from Nortel.

http://support.nortel.com/go/main.jsp?cscat=DOCDETAIL&id=185824&poid=14761

This document indicates how many policies you can use on a ERS5500 in different scenarios.

I hope this can help you.

Regards