Tos rewrite, Established bit acl, Multiple ipx encapsulation – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Appendix A: New Features Supported on Line Cards

368

SmartSwitch Router User Reference Manual

ToS Rewrite

The ToS rewrite command allows a network administrator to change the value in the ToS
octet (which includes both the Precedence or ToS fields) in each IP packet. The SSR looks
at every IP packet coming into the interface, and if a packet matches the defined
parameters (Source IP, Destination IP, Source Port, Destination Port, or ToS Octet), the SSR
rewrites the ToS Octet to a specific value.

The ToS rewrite command is incorporated in the QoS set ip command. The ToS rewrite
command can apply to an incoming IP interface or to specific incoming ports when
implemented together with layer 4 bridging. In both cases, ports that are associated with
the incoming IP interface or the incoming port itself must reside on -AA or T-series line
cards. The ports associated with the outgoing IP interfaces do not require -AA or T-series
line cards. However, the outgoing ports for layer 4 bridging must be on -AA or T-series
line cards; therefore, when ToS rewrite is applied on ports, both incoming and outgoing
ports must be on -AA or T-series line cards.

Established Bit ACL

Established Bit ACL is an enhancement to the existing ACL feature. It allows network
administrator to either permit or deny TCP connections being “established.” Established
Bit ACL can only be enabled from the TCP ACL configuration. The network administrator
then applies this ACL to the IP interface.

Established Bit ACL is usually used to permit TCP connections being established from the
inside (Enterprise) but deny TCP connections being established from the outside
(Internet). Therefore, Established Bit ACL is usually applied to the incoming interface
connected to the external network. Ports that are associated with the interface where
Established Bit ACL is required have to reside on -AA or T-series line cards.

Multiple IPX Encapsulation

The SSR currently supports one output encapsulation per port. In some IPX networks,
multiple IPX encapsulations might be required due to different encapsulation settings on
the servers. This poses an issue for clients requiring access to all these servers. Firmware
version 3.1 will support multiple IPX encapsulations on an IPX interface. This feature
requires -AA or T-series line cards.

Multiple IPX encapsulation allows a network administrator to create an IPX interface with
a secondary interface using a different output encapsulation. The supported IPX
encapsulation types are: Ethernet II, 802.3 SNAP, 802.3, and 802.2. Ports that are assigned
to an IPX interface with multiple IPX encapsulations, either through a VLAN or directly
attached, must reside on -AA or T-series line cards. When a VLAN is extended to multiple
devices through 802.1Q trunk ports, all trunk and access ports on other systems must also
reside on -AA or T-series line cards. Ports assigned to an IPX interface with a single
encapsulation do not require -AA or T-series line cards.