Cisco Systems DOC-7814982 Classification Based on QoS ACLs

26-5

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 26 Configuring QoS Unde r sta ndi n g QoS

The trust DSCP configuration is meaningless for non-IP traffic. If you configure a port with this

option and no n-IP traffic is received, the switch assig ns the default port CoS value and classi fies

traffic based on the CoS value.

For IP traffic, yo u have these classi fication options:

•Trust the IP DSCP in the incoming packet (configure the port to trust DSCP). The switch assigns the same

DSCP to the packet for internal use. The I E TF defin e s th e 6 m o s t -s ign i fi c an t bi t s o f th e 1- by t e To S

field as the DSCP. The priority represented by a particular DSCP value is configurable. The

supporte d D SCP values ar e 0, 8, 1 0, 16, 1 8, 24 , 26, 3 2, 34, 4 0, 46 , 48, and 56 .

•Trust the CoS value (if present) in the i ncoming packet. The switch generates the DSCP by using the

CoS-to-DSCP map.

Note An interface can be configured to trust either CoS or DSCP, but not both at the same time.

Classification Based on QoS ACLs

You can use IP standard , IP extended, and La yer 2 MAC access control li sts (ACLs) to define a group

of packets with the same characteristics (class). In the QoS context, the permit and deny actions in the

access contro l entries (ACEs) have d ifferent meanings than with security ACLs:

•If a match with a permit action is encountered (first-match principle) , the specified QoS-related

action is taken.

•If no m atch with a permit action is encountered and all the ACEs have been exam ined, no QoS

processi ng oc c urs on the p acket.

•If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit

action, and QoS pro cessi ng begi ns.

•Configuration of a deny ac ti on is n ot su ppor ted in Q oS ACLs on the s wi tch.

•System-d efined masks are allowed in class maps with these restrictions:

–

A combination of system-defined and user-defined masks cannot b e used in the multiple class

maps that are a part of a policy map.

–

System- defined masks that are a part of a policy ma p must all use the same ty pe of system m ask.

For example, a policy map cannot have a class ma p that uses the permit tcp any any ACE and

anothe r that uses the permit ip any any ACE.

–

A policy map can contain multiple class map s that all use the same user-defined mask or the

same system -defined mask .

Note For more info rmation about syste m-def ined mask s, see the “Understanding Access Contr ol Parameters”

section on page 25-4.

For more information about ACL restrictions, see the “Configuring ACLs” sectio n on page 25-6 .

After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain

multiple class es with actions specified for each one of them. A policy might include command s to

classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This

policy is then attached to a particular port on which it becomes effective.

You imple ment IP ACLs to classify IP tra ffic by using the access-list global c onfigura tion c om mand ;

you im plem en t L ay er 2 M AC ACLs to c lassif y L aye r 2 tr affic by using the mac access-list extended

global configurat ion comm and.