27-30
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Chapter 27 Configuring QoS
Configuring QoS
Beginning in privileged EXEC mode, follow these steps to create an IP extended ACL for IP traffic:
To delete an access list, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits IP traffic from any source to any destination that
has the DSCP value set to 32:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
access-list access-list-number permit
protocol {source source-wildcard
destination destination-wildcard} [tos
tos] [dscp dscp] [time-range name]
Note If you enter a dscp value, you
cannot enter tos.
Create an IP extended ACL. Repeat the step as many times as necessary.
• For access-list-number, enter the access list number. The range is
100 to 199 and 2000 to 2699.
• Always use the permit keyword for ACLs used as match criteria in
QoS policies. QoS policies do not match deny ACLs.
• For protocol, enter the name or number of an IP protocol. Although
other protocols are visible in the command-line help, only these are
supported: IGMP, TCP, UPD, ICMP, IPINIP, and GRE. If you enter
other protocol types, the command is rejected.
• The source is the number of the network or host sending the packet.
• The source-wildcard applies wildcard bits to the source.
• The destination is the network or host number receiving the packet.
• The destination-wildcard applies wildcard bits to the destination.
You can specify source, destination, and wildcards as:
• The 32-bit quantity in dotted-decimal format.
• The keyword any for 0.0.0.0 255.255.255.255 (any host).
• The keyword host for a single host 0.0.0.0.
Although other optional keywords are visible and can be configured, only
these are supported in QoS ACLs:
• tos—Enter to match by type of service level, specified by a number
from 0 to 15 or a name: normal (0), max-reliability (2),
max-throughput (4
), min-delay (8).
• dscp—Enter to match packets with the DSCP value specified by a
number from 0 to 63, or use the question mark (?) to see a list of
available values.
• time-range—Specify a configured time range for applying the
ACLs. You configure the time range using the time-range
time-range-name global configuration command.
or ip access-list extended name Define an extended IPv4 access list using a name, and enter access-list
configuration mode. The name can be a number from 100 to 199.
In access-list configuration mode, enter permit protocol {source
source-wildcard destination destination-wildcard} [tos tos] [dscp dscp]
[time-range name] as defined in Step 2.
Step 3
end Return to privileged EXEC mode.
Step 4
show access-lists Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General