beautypg.com

Multilayer policy, About multilayer policy, Access lists – Avaya Stackable Switch P3343T-ML User Manual

Page 127

background image

Chapter 11 Avaya P330 Layer 2 Features

Avaya P334T-ML User’s Guide

111

Multilayer Policy

Multilayer Policy is a set of features for enforcing QoS and Access Control policy on
routed and switched packets. One of its major goals is supporting Differentiated
Services for Avaya VoIP solutions.

About Multilayer Policy

Multilayer Policy is enforced on the 10/100 Mbps ports of a P334T-ML module. In
general, Multilayer Policy consists of the following parts:

Policy Lists — groupings of Access lists, DSCP-to-COS maps, and Trust mode
attributes.

Access Lists — ordered lists of classification rules applied to frames received
and action pairs determining how they are to be handled.

DSCP-to-COS Maps — mapping function that set the frame 802.1p priority
according to its DSCP value.

Trust Modes — policy-list attribute; either “untrusted,” “trust-COS,” or
“trust-DSCP.”

Access Lists

Access Lists (ACL) are at the center of Multilayer Policy. Typically, users specify
their classification demands by defining Access Lists. An Access List is an ordered
list of classification rules and actions. For each frame received by the system, the
Multilayer Policy application tries the classification rules—one-by-one—and
executes the action associated with the first rule that matches.
Rules are based on the following properties:

IP:IP version 4 packets with specific source and destination addresses (+
wildcards)

IP version 4 packets with a specific protocol number – 0 to 255 – with specific
source and destination addresses (+ wildcards).

TCP:TCP/IPv4 packets with specific source and destination addresses (+
wildcards) and source and destination ports (+port ranges). The keyword
“established” enables “permit” for TCP packets with “ack” flag set. E.g., this
will not allow matching packets that open TCP connections.

UDP:UDP/IPv4 packets with specific source and destination addresses (+
wildcards) and source and destination ports (+ port ranges).

Actions supported include:

permit – allows the packet through

deny – drops the packet

deny-and-notify – drops the packet and sends an SNMP trap

fwd0, fwd1 .... fwd7 – assigns priority to the packet