30-30
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter30 Co nf iguring QoS
Configuring QoS
To delete an access list, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits IP traf f ic from an y source to any destinat ion tha t
has the DSCP value set to 32:
Switch(config)# access-list 100 permit ip any any dscp 32
This example shows how to create an ACL that permits IP traffic from a source host at 10.1.1.1 to a
destination host at 10.1.1.2 with a precedence value of 5:
Switch(config)# access-list 100 permit ip host 10.1.1.1 host 10.1.1.2 precedence 5
Creating Layer 2 MAC ACLs
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for non-IP traffic:
Step3 end Return to privileged EXEC mode.
Step4 show access-lists Verify your entries.
Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 mac access-list extended name Create a Layer 2 MAC ACL by specifying the name of the list and enter
extended MAC ACL configuration mode.
Step3 permit {host src-MAC-addr mask | any |
host dst-MAC-addr | dst-MAC-addr
mask} [type mask]
Always use the permit keyword for ACLs used as match criteria in QoS
policies.
For src-MAC-addr, enter the MAC address of the host from whi ch the
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
For mask, enter the wildcard bits by placing ones in the bit positions
that you want to ignore.
For dst-MAC-addr, enter the MAC address of the host to which the
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
(Optional) For type mask, specify the Ethertype number of a packet
with Ethernet II or SNAP encapsulation to identify the protocol of
the packet. For type, the range is from 0 to 65535, typically specified
in hexadecimal. For mask, enter the don’t care bits applied to the
Ethertype before testing for a match.
Step4 end Return to privileged EXEC mode.
Step5 show access-lists [access-list-number |
access-list-name]Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.