Hello STH,
I was hoping someone here might be able to help me convert an existing config snippet from a Dell 62xx/70xx to the Brocade FastIron equivalent on an ICX6610 (8.0.30sa)...
Background: In order to use your own router with the Google Fiber 1gb/1gb service (at least their implementation in KCMO) you need to tag all traffic to the fiber jack with VLAN 2, and also set 3 different 802.1p class of service bits: DHCP CoS is 2, IGMP CoS is 6, and all other traffic gets CoS 3.
Current setup: I am using the below QoS DiffServ matching/marking config on Dell 6200 & 7000 series switches in order to accomplish this. I apply the policy to the trunk that connects to my ESXi hosts which have port groups tagged for VLAN 2 and assigned to my router VM(s). The fiber jack is then connected to a port w/ tagged VLAN 2 traffic only. Works great. (I currently only use my switches in L2 mode, I don't do any L3+ stuff other than the QoS matching/marking mentioned here)
The struggle: I'm replacing my Dell switches w/ an ICX6610 and would like to carry over this QoS config. I THINK I'm close but am having the following troubles:
1) I can't seem to find any access-list commands to match and apply only to a particular VLAN
2) While I'm not 100% sure this would matter I can't figure out how to match on a source TCP port. Setting a destination TCP port is pretty obvious but the same options don't show up on the CLI for the source part of the command.
I've watched this video on Brocade ACL marking but it doesn't cover much more than what I already have. Additional googling and STH forum searching didn't return a whole lot.
Thank you to anyone that can take a stab at this or point me at a site/doc that might cover it!
These are the relevant Dell config pieces:
This is what I have so far on the Brocade side:
I was hoping someone here might be able to help me convert an existing config snippet from a Dell 62xx/70xx to the Brocade FastIron equivalent on an ICX6610 (8.0.30sa)...
Background: In order to use your own router with the Google Fiber 1gb/1gb service (at least their implementation in KCMO) you need to tag all traffic to the fiber jack with VLAN 2, and also set 3 different 802.1p class of service bits: DHCP CoS is 2, IGMP CoS is 6, and all other traffic gets CoS 3.
Current setup: I am using the below QoS DiffServ matching/marking config on Dell 6200 & 7000 series switches in order to accomplish this. I apply the policy to the trunk that connects to my ESXi hosts which have port groups tagged for VLAN 2 and assigned to my router VM(s). The fiber jack is then connected to a port w/ tagged VLAN 2 traffic only. Works great. (I currently only use my switches in L2 mode, I don't do any L3+ stuff other than the QoS matching/marking mentioned here)
The struggle: I'm replacing my Dell switches w/ an ICX6610 and would like to carry over this QoS config. I THINK I'm close but am having the following troubles:
1) I can't seem to find any access-list commands to match and apply only to a particular VLAN
2) While I'm not 100% sure this would matter I can't figure out how to match on a source TCP port. Setting a destination TCP port is pretty obvious but the same options don't show up on the CLI for the source part of the command.
I've watched this video on Brocade ACL marking but it doesn't cover much more than what I already have. Additional googling and STH forum searching didn't return a whole lot.
Thank you to anyone that can take a stab at this or point me at a site/doc that might cover it!
These are the relevant Dell config pieces:
Code:
class-map match-all GF_DHCP ipv4
match srcl4port 68
match dstl4port 67
match vlan 2
exit
class-map match-all GF_IGMP ipv4
match protocol igmp
match vlan 2
exit
class-map match-all GF_Default ipv4
match vlan 2
exit
policy-map GoogleFiber in
class GF_DHCP
mark cos 2
exit
class GF_IGMP
mark cos 6
exit
class GF_Default
mark cos 3
exit
interface Te1/2/1
service-policy in GoogleFiber
switchport mode general
switchport general allowed vlan add 2 tagged
Code:
access-list 110 permit tcp any any eq 67 802.1p-priority-marking 2
access-list 110 permit igmp any any 802.1p-priority-marking 6
access-list 110 permit ip any any 802.1p-priority-marking 3
interface ethernet 1/3/1
port-name ESX1_Trunk_1
ip access-group 110 in
dual-mode
speed-duplex 10G-full