Ingress Classification Based On Qos Acls; Ingress Classification Based On Traffic Classes And Traffic Policies - Cisco Catalyst 3750 Software Configuration Manual

Understanding QoS

Ingress Classification Based on QoS ACLs

You can use IP standard, IP extended, or Layer 2 MAC ACLs to define a group of packets with the same
characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than with security ACLs:
•
•
•
•
When you create an access list, remember that, by default, the end of the access list contains an implicit
Note
deny statement for everything if it did not find a match before reaching the end.
After a traffic class is defined with the ACL, you can attach a policy to it. A policy might contain multiple
classes with actions specified for each one of them. A policy might include commands to classify the
class as a particular aggregate (for example, assign a DSCP) or to rate-limit the class. This ingress policy
is then attached to a port.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended
global configuration command. For configuration information, see the
Policy" section on page

Ingress Classification Based on Traffic Classes and Traffic Policies

You define a traffic class to classify traffic, use a traffic policy to decide how to treat the classified traffic,
and attach the ingress policy to a port to create a service policy.
You use the class map to define a specific traffic flow (or class) and to isolate it from all other traffic.
The class map defines the criteria used to match against a specific traffic flow to further classify it. The
criteria can include matching the access group defined by the ACL or matching a specific list of DSCP
or IP precedence values. If you have more than one type of traffic that you want to classify, you can
create another class map and use a different name.
You create a class map by using the class-map global configuration command. When you enter the
class-map command, the switch enters the class-map configuration mode. In this mode, you define the
match criterion for the traffic by using the match class-map configuration command. Inbound packets
are checked against the match criteria configured for a class map to decide if the packet belongs to that
class. If a packet matches the specified criteria, the packet is considered a member of the class and is
forwarded according to the QoS specifications set in the traffic policy. If a packet fails to meet any of
the matching criteria, it is classified as a member of the default traffic class if one is configured.
You use the policy map to create the traffic policy, to specify the traffic class to act on, and to configure
the QoS features associated with the traffic class. Actions on ingress can include trusting the received
CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value
in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic
is out of profile.
Catalyst 3750 Metro Switch Software Configuration Guide
26-8
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If a match with a deny action is encountered, the ACL being processed is skipped, and the next ACL
is processed.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
If multiple ACLs are configured on a port, the lookup stops after the packet matches the first ACL
with a permit action, and QoS processing begins.
26-48.
Chapter 26 Configuring QoS
"Configuring an Ingress QoS
78-15870-01