Classification Based On Qos Acls - Cisco 2950G 24 - Catalyst Switch Software Configuration Manual

Chapter 26 Configuring QoS
For IP traffic, you have these classification options:
•
•
An interface can be configured to trust either CoS or DSCP, but not both at the same time.
Note

Classification Based on QoS ACLs

You can use IP standard, IP extended, and Layer 2 MAC access control lists (ACLs) to define a group
of packets with the same characteristics (class). In the QoS context, the permit and deny actions in the
access control entries (ACEs) have different meanings than with security ACLs:
•
•
•
•
•
For more information about system-defined masks, see the
Note
section on page
For more information about ACL restrictions, see the
After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended
global configuration command.
78-14982-01
The trust DSCP configuration is meaningless for non-IP traffic. If you configure a port with this
option and non-IP traffic is received, the switch assigns the default port CoS value and classifies
traffic based on the CoS value.
Trust the IP DSCP in the incoming packet (configure the port to trust DSCP). The switch assigns the same
DSCP to the packet for internal use. The IETF defines the 6 most-significant bits of the 1-byte ToS
field as the DSCP. The priority represented by a particular DSCP value is configurable. The
supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56.
Trust the CoS value (if present) in the incoming packet. The switch generates the DSCP by using the
CoS-to-DSCP map.
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet.
If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit
action, and QoS processing begins.
Configuration of a deny action is not supported in QoS ACLs on the switch.
System-defined masks are allowed in class maps with these restrictions:
A combination of system-defined and user-defined masks cannot be used in the multiple class
–
maps that are a part of a policy map.
System-defined masks that are a part of a policy map must all use the same type of system mask.
–
For example, a policy map cannot have a class map that uses the permit tcp any any ACE and
another that uses the permit ip any any ACE.
– A policy map can contain multiple class maps that all use the same user-defined mask or the
same system-defined mask.
25-4.
"Understanding Access Control Parameters"
"Configuring ACLs" section on page
Catalyst 2950 Desktop Switch Software Configuration Guide
Understanding QoS
25-6.
26-5