Chapter 33
Configuring QoS
Using ACLs to Classify Traffic
You can classify IP traffic by using IP standard or IP extended ACLs. You can classify IP and non-IP
traffic by using Layer 2 MAC ACLs. For more information about configuring ACLs, see
"Configuring Network Security with ACLs."
Follow these guidelines when configuring QoS ACLs:
•
•
•
These sections describe how to create QoS ACLs:
•
•
•
Creating IP Standard ACLs
Beginning in privileged EXEC mode, follow these steps to create an IP standard ACL for IP traffic:
Command
Step 1
configure terminal
Step 2
access-list access-list-number
permit source [source-wildcard]
or
ip access-list standard name
Step 3
end
Step 4
show access-lists
Step 5
copy running-config
startup-config
To delete an access list, use the no access-list access-list-number global configuration command.
OL-9639-07
You cannot match IP fragments against configured IP extended ACLs to enforce QoS. IP fragments
are sent as best-effort. IP fragments are denoted by fields in the IP header.
The switch supports only one access group per class in an input policy map.
You cannot configure match-access group in an output policy map.
"Creating IP Standard ACLs" section on page 33-31
"Creating IP Extended ACLs" section on page 33-32
"Creating Layer 2 MAC ACLs" section on page 33-33
Purpose
Enter global configuration mode.
Create an IP standard ACL, repeating the command as many times as
necessary.
•
For access-list-number, enter the access list number. The range is 1 to 99
and 1300 to 1999.
Always use the permit keyword for ACLs used as match criteria in QoS
•
policies. QoS policies do not match ACLs that use the deny keyword.
For source, enter the network or host from which the packet is being sent.
•
You can use the any keyword as an abbreviation for 0.0.0.0
255.255.255.255.
(Optional) For source-wildcard, enter the wildcard bits in dotted decimal
•
notation to be applied to the source.
Define a standard IPv4 access list using a name, and enter access-list
configuration mode. The name can be a number from 1 to 99.
In access-list configuration mode, enter permit source [source-wildcard]
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring QoS
Chapter 31,
33-31