Making filters by using QoS class-maps
Making filters by using QoS class-maps
QoS class-maps allow you to match on a much wider range of packet attributes than ACLs by themselves. They do this by determining the match criteria from an ACL, or from match commands, or from both in combination. Also, they use an ACL to decide what action to take on a packet, unless you want the default action of permit.
The following figure summarises the class-map logic flow. Note that a class-map with no match commands (including no ACL match) matches on all traffic and forwards it. You could use such a class-map to apply QoS policing to a port, but would not be likely to use it when filtering.
| | | | Start | | | |
| | | yes | Match | no | | |
| | | on ACL? | | |
| | Also | | | | Instead | |
yes | match on other | no | | yes | match on other | no |
| | things? | | | | things? | |
Get criteria by | | | | Get criteria by | |
ANDing together | Get criteria by | | ANDing together | Match all |
ACL and other | using ACL settings | | other match | | packets |
match commands | | | | commands | | |
| Apply action from ACL | | | Apply default action | |
| (permit, deny, send-to-mirror, | | | |
| | | | (permit) | |
| send-to-cpu, copy-to-cpu) | | | | |
| | | | | |
| | | | | | | qos-match.eps |
Therefore, the basic procedure for using a class-map as a filter is:
1.Make an ACL to match on MAC address or IP settings, and to specify the action that QoS will take on traffic that matches the class-map.
You need an ACL to specify the action—unless the action is permit—even if you don’t want to match on MAC address or IP settings. In that case, make an ACL with the desired action and with both source and destination address of any. For example, if you want to deny traffic from one VLAN ID, you need an ACL with action of deny and addresses of any.
2.Create the class-map (see page 9).
Page 8 AlliedWare Plus™ OS How To Note