29-18
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 29 Configuring QoS
Configuring Standard QoS
You must disable the IEEE 802.3x flowcontrol on all ports before enabling QoS on the switch. To
disable it, use the flowcontrol receive off and flowcontrol send off interface configuration
commands.
If you have EtherChannel ports configured on your switch, you must configure QoS classification,
policing, mapping, and queueing on the individual physical ports that comprise the EtherChannel.
You must decide whether the QoS configuration should match on all ports in the EtherChannel.
It is not possible to match IP fragments against configured IP extended ACLs to enforce QoS. IP
fragments are sent as best-effort traffic. IP fragments are denoted by fields in the IP header.
All ingress QoS processing actions apply to control traffic (such as spanning-tree bridge protocol
data units [BPDUs] and routing update packets) that the switch receives.
Only an ACL that is created for physical interfaces can be attached to a class map.
Only one ACL per class map and only one match command per class map are supported. The ACL
can have multiple access control entries, which are commands that match fields against the contents
of the packet.
Policy maps with ACL classification in the egress direction are not supported and cannot be attached
to an interface by using the service-policy input policy-map-name interface configuration
command.
In a policy map, the class named class-default is not supported. The switch does not filter traffic
based on the policy map defined by the class class-default policy-map configuration command.
For more information about guidelines for configuring ACLs, see the “Classification Based on QoS
ACLs” section on page 29-5.
For information about applying ACLs to physical interfaces, see the “Guidelines for Applying ACLs
to Physical Interfaces” section on page 28-5.
If a policy map with a system-defined mask and a security ACL with a user-defined mask are
configured on an interface, the switch might ignore the actions specified by the policy map and
perform only the actions specified by the ACL. For information about masks, see the
“Understanding Access Control Parameters” section on page 28-4.
If a policy map with a user-defined mask and a security ACL with a user-defined mask are
configured on an interface, the switch takes one of the actions as described in Table 29-5. For
information about masks, see the “Understanding Access Control Parameters” section on page 28-4.
Tab l e 29-5 Interaction Between Policy Maps and Security ACLs
Policy-Map Conditions
Security-ACL
Conditions Action
When the packet is in profile. Permit specified
packets.
Traffic is forwarded.
When the packet is out of profile and the
out-of-profile action is to mark down the DSCP
value.
Drop specified
packets.
Traffic is dropped.
When the packet is out of profile and the
out-of-profile action is to drop the packet.
Permit specified
packets.
Traffic is dropped.
Drop specified
packets.
Traffic is dropped.