Rule-Based IP Access Control Lists (ACLs)
December 2005 © Foundry Networks, Inc. 12 - 23
QoS Options for IP ACLs
Quality of Service (QoS) options enable you to perform QoS for packets that match the ACLs. Using an ACL to
perform QoS is an alternative to directly setting the internal forwarding priority based on incoming port, VLAN
membership, and so on. (This method is described in “Assigning QoS Priorities to Traffic” on page 13-7.)
The following QoS ACL options are supported:
• dscp-cos-mapping – This option is similar to the dscp-matching command (described below). This option
maps the DSCP value in incoming packets to a hardware table that provides mapping of each of the 0 – 63
DSCP values, and distributes them among eight traffic classes (internal priorities) and eight 802.1p priorities.
By default, the Foundry device does the 802.1p to CoS mapping. If you want to change the priority mapping
to DSCP to CoS mapping, you must enter the following ACL statement:
permit ip any any dscp-cos-mapping
• dscp-marking – Marks the DSCP value in the outgoing packet with the value you specify.
• internal-priority-marking and 802.1p-priority-marking – Supported with the DSCP marking option,
these commands assign traffic that matches the ACL to a hardware forwarding queue (internal-priority-
marking), and re-mark the packets that match the ACL with the 802.1p priority (802.1p-priority-
marking).
• dscp-matching – Matches on the packet’s DSCP value. This option does not change the packet’s forwarding
priority through the device or mark the packet.
Using an ACL to Map the DSCP Value (DSCP CoS Mapping)
The dscp-cos-mapping option on the FESX and FSX maps the DSCP value in incoming packets to a hardware
table that provides mapping of each of the 0 – 63 DSCP values, and distributes them among eight traffic classes
(internal priorities) and eight 802.1p priorities.
NOTE: The dscp-cos-mapping option overrides port-based priority settings.
By default, the Foundry device does the 802.1p to CoS mapping. If you want to change the priority mapping to
DSCP to CoS mapping, you must enter the following ACL statement:
permit ip any any dscp-cos-mapping
The complete CLI syntax for this feature is shown in “Configuring Extended Numbered ACLs” on page 12-8 and
“Configuring Extended Named ACLs” on page 12-13. The following shows the syntax specific to the DSCP Cos
mapping feature.
Syntax: ... [dscp-marking <dscp-value> dscp-cos-mapping]
OR
Syntax: ...[dscp-cos-mapping]
Using an IP ACL to Mark DSCP Values (DSCP Marking)
The dscp-marking option for extended ACLs allows you to configure an ACL that marks matching packets with a
specified DSCP value. You also can use DSCP marking to assign traffic to a specific hardware forwarding queue
(see “Using an ACL to Change the Forwarding Queue” on page 12-24).
For example, the following commands configure an ACL that marks all IP packets with DSCP value 5. The ACL is
then applied to incoming packets on interface 7. Consequently, all inbound packets on interface 7 are marked with
the specified DSCP value.
FESX424 Router(config)# access-list 120 permit ip any any dscp-marking 5
FESX424 Router(config)# interface 7
FESX424 Router(config-if-e1000-7)# ip access-group 120 in
Syntax: ...dscp-marking <dscp-value> 802.1p-priority-marking <0 – 7>
To Next Page
Loading...
Need help?
General
