29-5
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 29 Configuring QoS
Understanding QoS
The trust DSCP configuration is meaningless for non-IP traffic. If you configure a port with this
option and non-IP traffic is received, the switch assigns the default port CoS value and classifies
traffic based on the CoS value.
For IP traffic, you have these classification options:
Trust the IP DSCP in the incoming packet (configure the port to trust DSCP). The switch assigns the
same DSCP to the packet for internal use. The IETF defines the 6 most-significant bits of the 1-byte
ToS field as the DSCP. The priority represented by a particular DSCP value is configurable. The
supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56.
Trust the CoS value (if present) in the incoming packet. The switch generates the DSCP by using the
CoS-to-DSCP map.
Note An interface can be configured to trust either CoS or DSCP, but not both at the same time.
Classification Based on QoS ACLs
You can use IP standard, IP extended, and Layer 2 MAC access control lists (ACLs) to define a group of
packets with the same characteristics (class). In the QoS context, the permit and deny actions in the
access control entries (ACEs) have different meanings than with security ACLs:
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet.
If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit
action, and QoS processing begins.
Configuration of a deny action is not supported in QoS ACLs on the switch.
System-defined masks are allowed in class maps with these restrictions:
A combination of system-defined and user-defined masks cannot be used in the multiple class
maps that are a part of a policy map.
System-defined masks that are a part of a policy map must all use the same type of system mask.
For example, a policy map cannot have a class map that uses the permit tcp any any ACE and
another that uses the permit ip any any ACE.
A policy map can contain multiple class maps that all use the same user-defined mask or the
same system-defined mask.
Note For more information about system-defined masks, see the “Understanding Access Control Parameters”
section on page 28-4.
For more information about ACL restrictions, see the “Configuring ACLs” section on page 28-6.
After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended
global configuration command.