Classification Based On Qos Acls - Cisco Catalyst 3550 series Software Configuration Manual

Chapter 29 Configuring QoS

Classification Based on QoS ACLs

You can use IP standard, IP extended, and Layer 2 MAC ACLs to define a group of packets with the same
characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than with security ACLs:
•
•
•
•
When creating an access list, remember that, by default, the end of the access list contains an implicit
Note
deny statement for everything if it did not find a match before reaching the end.
After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended
global configuration command. For configuration information, see the
section on page
Classification Based on Class Maps and Policy Maps
A class map is a mechanism that you use to name and to isolate a specific traffic flow (or class) from all
other traffic. The class map defines the criteria used to match against a specific traffic flow to further
classify it; the criteria can include matching the access group defined by the ACL, matching a specific
list of DSCP or IP precedence values, or matching a specific list of VLAN IDs associated with another
class map that defines the actual criteria (for example, to match a standard or extended ACL). If you have
more than one type of traffic that you want to classify, you can create another class map and use a
different name. After a packet is matched against the class-map criteria, you further classify it through
the use of a policy map.
A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP
precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class;
or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile.
Before a policy map can be effective, you must attach it to an interface.
You create a class map by using the class-map global configuration command or the class policy-map
configuration command; you should use the class-map command when the map is shared among many
ports. When you enter the class-map command, the switch enters the class-map configuration mode. In
this mode, you define the match criterion for the traffic by using the match class-map configuration
command.
78-11194-09
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If a match with a deny action is encountered, the ACL being processed is skipped, and the next ACL
is processed.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first
ACL with a permit action, and QoS processing begins.
29-35.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Understanding QoS
"Configuring a QoS Policy"
29-7