20-7
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter20 Configuring QoS Understanding QoS
Classification Based on QoS ACLs
You can use IP standard, IP extended, and Layer 2 MAC ACLs to define a group of pa ck ets with t he
same characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than with security ACLs:
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If a match with a deny action is encountered, the ACL being processed is skippe d, and the next ACL
is processed.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first
ACL with a permit action, and QoS processing begins.
Note When creating an access list, remember that, by default , the end of the access list contains an implicit
deny statement for everything if it did not find a match bef ore rea chi ng the end.
After a traffic class has been defined with the ACL, you can attach a p olicy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configurati on comm and;
you implement Layer 2 MAC ACLs to classify non-IP tr affic b y usi ng t he mac access-list extended
global configuration command. For configuration information, see the Configuring a QoS Policy
section on page 20-26.
Classification Based on Class Maps and Policy Maps
A class map is a mechanism that you use to isolate and name a specific traffic flow (or class) from all
other traffic. The class map defines the criteria used to match against a specific traffic flow to further
classify it; the criteria can include matching the access group defined by the ACL or matchi ng a speci fic
list of DSCP or IP precedence values. If you have more tha n one type of traf f ic t hat yo u wan t t o classi fy,
you can create another class map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use o f a poli cy m ap .
A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP
precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class;
or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile .
Before a policy map can be effective, you must attach it to an interface.
You create a class map by using the class-map global configuration command or the class policy-map
configuration command; you should use the class-map command when th e map is shared among many
ports. When you enter the class-map command, the switch enters the class-map configuration mode. In
this mode, you define the match criterion for the traffic by using the match class-map configuration
command.
You create and name a policy map by using the policy-map global configuration command. When you
enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the
actions to take on a specific traffic class by using the class, trust, or set policy- map confi gura tion an d
policy-map class configuration commands. To make the policy map effective, yo u at tac h i t t o an
interface by using the service-policy interface configuration command.