Cisco Systems 3550

20-29

Catalyst 3550 Multilayer Switch Software Configuration Guide

78-11194-03

Chapter20 Configuring QoS Configuring QoS

This example shows how to create an ACL that permits PIM traffic from any source to a destination

group address of 224.0.0.2 with a DSCP set to 32:

Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32

Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for non-IP traffic:

To delete an access list, use the no mac access-list extended access-list-name global configuration

command.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 mls qos Enable QoS on the switch.

Step3 mac access-list extended name Create a Layer 2 MAC ACL by specifying the name of the list.

After entering this command, the mode changes to extended MAC

ACL configuration.

Step4 {permit | deny} {host src-MAC-addr mask |

any | host dst-MAC-addr | dst-MAC-addr

mask} [type mask]

Specify the type of traffic to permit or deny if the conditions are

matched, entering the command as many times as necessary.

•For src-MAC-addr, enter the MAC address of the host from

which the packet is being sent. You specify this by using the

hexadecimal format (H.H.H), by using the any keyword as an

abbreviation for source 0.0.0, source-wildcard 255.255.255, or

by using the host keyword for source 0.0.0.

•For mask, enter the wildcard bits by placing ones in the bit

positions that you want to ignore.

•For dst-MAC-addr, enter the MAC address of the host to which

the packet is being sent. You specify this by using the

hexadecimal format (H.H.H), by using the any keyword as an

abbreviation for source 0.0.0, source-wildcard 255.255.255, or

by using the host keyword for source 0.0.0.

•(Optional) For type mask, specify the Ethertype number of a

packet with Ethernet II or SNAP encapsulation to identify the

protocol of the packet. For type, the range is from 0 to 65535,

typically specified in hexadecimal. For mask, enter the don’t

care bits applied to the Ethertype before testing for a match.

Note When creating an access list, remember that, by default, the

end of the access list contains an implicit deny statement for

everything if it did not find a match before reaching the end.

Step5 end Return to privileged EXEC mode.

Step6 show access-lists [access-list-number |

access-list-name]Verify your entries.

Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.