48-6
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 48 Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Control Plane Policing
Step 3
Switch(config)# {ip | mac} access-list
extended {access-list-name}
For an ip access list, issue
Switch(config-ext-nacl)#{permit|deny}
{protocol} source {source-wildcard}
destination {destination-wildcard}
For a mac access list, issue
Switch(config-ext-macl)#{permit|deny}
source {source-wildcard} destination
{destination-wildcard} [protocol-family]
OR
Switch(config)# access-list
{access-list-name} {permit | deny}
{type-code wild-mask | address mask}
Defines ACLs to match traffic:
• permit—Sets the conditions under which a
packet passes a named ACL
• deny—Sets the conditions under which a
packet does not pass a name ACL
Note You must configure ACLs in most cases to
identify the important or unimportant
traffic.
• type-code—16-bit hexadecimal number
written with a leading 0x; for example,
0x6000. Specify either a Link Service Access
Point (LSAP) type code for 802-encapsulated
packets or a SNAP type code for
SNAP-encapsulated packets. (LSAP,
sometimes called SAP, refers to the type
codes found in the DSAP and SSAP fields of
the 802 header.)
• wild-mask—16-bit hexadecimal number
whose ones bits correspond to bits in the
type-code argument. The wild-mask indicates
which bits in the type-code argument should
be ignored when making a comparison. (A
mask for a DSAP/SSAP pair should always be
0x0101 because these two bits are used for
purposes other than identifying the SAP
code.)
• address—48-bit Token Ring address written
as a dotted triple of four-digit hexadecimal
numbers. This field is used for filtering by
vendor code.
• mask—48-bit Token Ring address written as a
dotted triple of four-digit hexadecimal
numbers. The ones bits in the mask are the bits
to be ignored in address. This field is used for
filtering by vendor code.
Step 4
Switch(config)# class-map
{traffic-class-name}
Switch(config-cmap)# match access-group
{access-list-number | name
{access-list-name}}
Defines the packet classification criteria. To
identify the traffic associated with the class, use
the match statements.
Step 5
Switch(config-cmap)# exit
Returns to global configuration mode.
Command Purpose
To Next Page
Loading...
