Classification Based On Qos Acls; Classification Based On Class Maps And Policy Maps - Cisco Catalyst 2950 Software Configuration Manual

Chapter 24 Configuring QoS

Classification Based on QoS ACLs

You can use IP standard, IP extended, and Layer 2 MAC ACLs to define a group of packets with the same
characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than with security ACLs:
•
•
•
•
•
Note For more information on system-defined mask, see the
section on page
•
After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended
global configuration command.

Classification Based on Class Maps and Policy Maps

A class map is a mechanism that you use to isolate and name a specific traffic flow (or class) from all
other traffic. The class map defines the criteria used to match against a specific traffic flow to further
classify it; the criteria can include matching the access group defined by the ACL. If you have more than
one type of traffic that you want to classify, you can create another class map and use a different name.
After a packet is matched against the class-map criteria, you further classify it through the use of a policy
map.
A policy map specifies which traffic class to act on. Actions can include setting a specific DSCP value
in the traffic class or specifying the traffic bandwidth limitations and the action to take when the traffic
is out of profile. Before a policy map can be effective, you must attach it to an interface.
78-11380-04
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet.
If multiple ACLs are configured on an interface, the packet matches the first ACL with a permit
action, and QoS processing begins.
Configuration of a deny action is not supported in QoS ACLs on a Catalyst 2950 switch.
System-defined masks are allowed in class maps with these restrictions:
A combination of system-defined and user-defined masks cannot be used in the multiple class
–
maps that are a part of a policy map.
– System-defined masks that are a part of a policy map must all use the same type of system mask.
For example, a policy map cannot have a class map that uses the permit tcp any any ACE and
another that uses the permit ip any any ACE.
– A policy map can contain multiple class maps that all use the same user-defined mask or the
same system-defined mask.
23-4.
For more information on ACL restrictions, see the
Catalyst 2950 Switches" section on page
"Understanding Access Control Parameters"
"Guidelines for Configuring ACLs on the
23-5.
Catalyst 2950 Desktop Switch Software Configuration Guide
Understanding QoS
24-5