Configuring Standard QoS
Beginning in privileged EXEC mode, follow these steps to create an IP extended ACL for IP traffic:
Command
Step 1
configure terminal
Step 2
access-list access-list-number {deny |
permit} protocol source source-wildcard
destination destination-wildcard
Step 3
end
Step 4
show access-lists
Step 5
copy running-config startup-config
To delete an access list, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits IP traffic from any source to any destination that
has the DSCP value set to 32:
Switch(config)# access-list 100 permit ip any any dscp 32
This example shows how to create an ACL that permits IP traffic from a source host at 10.1.1.1 to a
destination host at 10.1.1.2 with a precedence value of 5:
Switch(config)# access-list 100 permit ip host 10.1.1.1 host 10.1.1.2 precedence 5
This example shows how to create an ACL that permits PIM traffic from any source to a destination
group address of 224.0.0.2 with a DSCP set to 32:
Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32
Catalyst 3750 Switch Software Configuration Guide
32-40
Purpose
Enter global configuration mode.
Create an IP extended ACL, repeating the command as many times as
necessary.
For access-list-number, enter the access list number. The range is
•
100 to 199 and 2000 to 2699.
•
Use the permit keyword to permit a certain type of traffic if the
conditions are matched. Use the deny keyword to deny a certain
type of traffic if conditions are matched.
For protocol, enter the name or number of an IP protocol. Use the
•
question mark (?) to see a list of available protocol keywords.
For source, enter the network or host from which the packet is
•
being sent. You specify this by using dotted decimal notation, by
using the any keyword as an abbreviation for source 0.0.0.0
source-wildcard 255.255.255.255, or by using the host keyword
for source 0.0.0.0.
For source-wildcard, enter the wildcard bits by placing ones in the
•
bit positions that you want to ignore. You specify the wildcard by
using dotted decimal notation, by using the any keyword as an
abbreviation for source 0.0.0.0 source-wildcard 255.255.255.255,
or by using the host keyword for source 0.0.0.0.
For destination, enter the network or host to which the packet is
•
being sent. You have the same options for specifying the
destination and destination-wildcard as those described by source
and source-wildcard.
When creating an access list, remember that, by default, the end
Note
of the access list contains an implicit deny statement for
everything if it did not find a match before reaching the end.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 32
Configuring QoS
78-16180-02