Chapter 24 Configuring QoS

Understanding QoS

Only input policies provide matching on VLAN IDs, and only output policies provide matching on QoS groups. You can assign a QoS group number in an input policy and match it in the output policy. The class class-defaultis used in a policy map for any traffic that does not explicitly match any other class in the policy map. Input policy maps do not support queuing and scheduling keywords, such as bandwidth, priority, and shape average.

An input policy map can have a maximum of 64 classes plus class-default. You can configure a maximum of 64 classes in an input policy.

Output Policy Maps

Output policy map classification criteria include matching a CoS, a DSCP, an IP precedence, or a QoS group value. Output policy maps support scheduling (of bandwidth, priority, and shape average)

Output policy maps do not support matching of access groups. You can use QoS groups as an alternative by matching the appropriate access group in the input policy map and setting a QoS group. In the output policy map, you can then match the QoS group. For more information, see the “Classification Based on QoS Groups” section on page 24-11.

Output policies do not support policing (except in the case of priority with policing).

The class class-defaultis used in a policy map for any traffic that does not explicitly match any other class in the policy map.

An output policy map attached to an egress port can match only the packets that have already been matched by an input policy map attached to the ingress port for the packets. You can attach an output policy map to any or all ports on the router. The router supports configuration and attachment of a unique output policy map for each port. There are no limitations on the configurations of bandwidth, priority, or shaping.

Access Control Lists

The Cisco IOS Release 15.2(2)SNH1 introduces support for access control list (ACL) based QoS on the Cisco ASR 901 router. This feature provides classification based on source and destination IP. The current implementation of this feature supports only named ACLs.

ACLs are an ordered set of filter rules. Each rule is a permit or a deny statement known as access control entries (ACEs). They filter network traffic by forwarding or blocking routed packets at the interface of the router. The router examines each packet to determine whether to forward or drop the packet based on the criteria specified within the access list.

The permit and deny statements are not applicable when ACLs are used as part of ACL-based QoS. ACLs are used only for traffic classification purposes as part of QoS.

Restrictions

Loopback feature should not be enabled when Layer 2 Control Protocol Forwarding is enabled.

Following IOS keywords are not supported on Cisco ASR 901 router—match-any, ip-options, logging, icmp-type/code, igmp type, dynamic, reflective, evaluate.

Ingress PACL and RACL supports TCP/UDP port range; Egress ACL does not support port range.

Sharing access lists across interfaces is not supported.

ACL is not supported on Management port (FastEthernet) and serial interfaces.

 

Cisco ASR 901 Series Aggregation Services Router Software Configuration Guide

24-6

OL-23826-09

Page 442
Image 442
Cisco Systems A9014CFD manual Access Control Lists, Output Policy Maps, 24-6