30-6
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter30 Co nf iguring QoS
Understanding QoS
Configuration of a deny action is not supported in QoS ACLs on the switch.
System-defined masks are allowed in class maps with these restrictions:
A combination of system-defined and user-defined masks cannot be used in the multiple class
maps that are a part of a policy map.
System-defined masks that are a part of a policy map must all use the same ty pe of system m ask.
For example, a policy map cannot have a class map that uses the permit tcp any any ACE and
another that uses the permit ip any any ACE.
A policy map can contain multiple class maps that all use the same user-defined mask or the
same system-defined mask.
Note For more information about system-defined masks, see the Understanding Access Control Parameters
section on page 29-4.
For more information about ACL restrictions, see the Configuring ACLs section on page 29 -6.
After a traffic class has been defined with the ACL, you can at tach a po lic y to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended
global configuration command.
Classification Based on Class Maps and Policy Maps
A class map is a mechanism that you use to isolate and name a specific traffic flow (or class) from all
other traffic. The class map defines the criteria used to match against a specific traffic flow to further
classify it; the criteria can include matching the access group defined by the ACL. If you have more than
one type of traffic that you want to classify, you can create another class map and use a different name.
After a packet is matched against the class-map criteria, you further classify it thr ough the use of a policy
map.
A policy map specifies which traffic class to act on. Actions can include setting a specific DSCP value
in the traffic class or specifying the traffic bandwidth limitations and the action to take when the traffic
is out of profile. Before a policy map can be effective, you must attach it to an interface.
You create a class map by using the class-map global configuration command or the class policy-map
configuration command. You should use the class-map global configuration command when the map is
shared among many ports. When you enter the class-map global c onfiguratio n c om mand, the swit ch
enters the class-map configuration mode. In this mode, you define the match cr iter ion for t he traffic by
using the match class-map configuration command.
You create and name a policy map by using the policy-map global configuration command. When you
enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the
actions to take on a specific traffic class by using the class policy-map configuration or set policy-map
class configuration command. To make the policy map effective, you attach it to an interface by using
the service-policy interface configuration command.
The policy map can also contain commands that define the policer, the bandwidth limitations of the
traffic, and the action to take if the limits are exceeded. For more information, see the Policing and
Marking section on page 30-7 .