Table of Contents
Advertisement
Chapter 30
Configuring QoS
Creating IP Extended ACLs
Beginning in privileged EXEC mode, follow these steps to create an IP extended ACL for IP traffic:
Command
Step 1
configure terminal
Step 2
access-list access-list-number permit
protocol {source source-wildcard
destination destination-wildcard}
[precedence precedence] [tos tos] [dscp
dscp]
Note
If you enter a dscp value, you
cannot enter tos or precedence.
You can enter both a tos and a
precedence value with no dscp.
or
ip access-list extended name
78-17058-01
Purpose
Enter global configuration mode.
Create an IP extended ACL, repeating the command as many times as
necessary.
For access-list-number, enter the access list number. The range is
•
100 to 199 and 2000 to 2699.
Always use the permit keyword for ACLs used as match criteria in
•
QoS policies. QoS policies do not match ACLs that use the deny
keyword.
For protocol, enter the name or number of an IP protocol. Use the
•
question mark (?) to see a list of available protocol keywords. To
match any Internet protocol (including ICMP, TCP, and UDP), use
the keyword ip.
•
The source is the number of the network or host from which the
packet is sent.
•
The source-wildcard applies wildcard bits to the source.
•
The destination is the network or host number to which the packet
is sent.
•
The destination-wildcard applies wildcard bits to the destination.
Source, source-wildcard, destination, and destination-wildcard can be
specified as:
•
The 32-bit quantity in dotted-decimal format.
•
The keyword any for 0.0.0.0 255.255.255.255 (any host).
The keyword host for a single host 0.0.0.0.
•
Other keywords are optional and have these meanings:
precedence—Enter to match packets with a precedence level
•
specified as a number from 0 to 7 or by name: routine (0), priority
(1), immediate (2), flash (3), flash-override (4), critical (5),
internet (6), network (7).
tos—Enter to match by type of service level, specified by a number
•
from 0 to 15 or a name: normal (0), max-reliability (2),
max-throughput (4), min-delay (8).
•
dscp—Enter to match packets with the DSCP value specified by a
number from 0 to 63, or use the question mark (?) to see a list of
available values.
Define an extended IPv4 access list using a name, and enter access-list
configuration mode. The name can be a number from 100 to 199.
In access-list configuration mode, enter permit protocol {source
source-wildcard destination destination-wildcard} [precedence
precedence] [tos tos] [dscp dscp] as defined in Step 2.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring QoS
30-29
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
