Ingress Classification Based On Qos Acls - Cisco 3845 - Security Bundle Router Software Manual

Chapter 27 Configuring QoS
Note Although you configure the command at input, because the switch supports only egress push, this affects
only the CoS value of the tag imposed on egress.
•
Note As in the previous case, the command configured at input affects only the CoS value of the tag imposed
at egress.
•
•
The same CoS mapping rules also apply to EFP rewrite operations (see the
on page
VLAN translation.
You can also configure outgoing CoS on an 802.1Q trunk port to simulate CoS mapping.

Ingress Classification Based on QoS ACLs

You can use IP standard, IP extended, or Layer 2 MAC ACLs to define a group of packets with the same
characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than do security ACLs. QoS policies do not match ACLs that use the
deny keyword.
•
•
•
•
Note When you create an access list, remember that the end of the access list contains an implicit deny
statement for everything if it did not find a match before reaching the list end.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command.
You implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended
global configuration command. The switch supports MAC ACLs only with destination addresses.
Not all IP ACL options are supported in QoS ACLs. Only these protocols are supported for permit
actions in an IP ACL: ICMP, IGMP, GRE, IPINIP, TCP, and UDP. Within a protocol, for IP source and
destination, the switch supports only the source or destination IP address, host, or any. For matching
criteria, the switch supports only DSCP, time-range, and ToS. See the
section on page 27-28
can add the class to a policy.
OL-23400-01
When you configure a policy by entering the match dscp class map configuration command and you
enter the set cos policy-map class configuration command for QinQ EFPs, a DSCP match sets the
outer CoS of the encapsulated value.
You can set DSCP based on matching the outer VLAN.
If you enter the match cos command on EFPs configured for QinQ, the match is to the incoming
CoS (C-CoS).
11-7) when you use the rewrite ingress tag pop symmetric service instance command for
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If a match with a deny action is encountered, the ACL being processed is omitted, and the next ACL
is processed.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first
ACL with a permit action, and QoS processing begins.
for more specific information. When you define a class map with the ACL, you
Cisco ME 3800X and 3600X Switch Software Configuration Guide
Understanding QoS
"Rewrite Operations" section
"Using ACLs to Classify Traffic"
27-9