Table of Contents
Advertisement
Configuring QoS
Command
Step 3
end
Step 4
show access-lists
Step 5
copy running-config startup-config
To delete an access list, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits IP traffic from any source to any destination that
has the DSCP value set to 32:
Switch(config)# access-list 100 permit ip any any dscp 32
This example shows how to create an ACL that permits IP traffic from a source host at 10.1.1.1 to a
destination host at 10.1.1.2 with a precedence value of 5:
Switch(config)# access-list 100 permit ip host 10.1.1.1 host 10.1.1.2 precedence 5
Creating Layer 2 MAC ACLs
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for non-IP traffic:
Command
Step 1
configure terminal
Step 2
mac access-list extended name
Step 3
permit {host src-MAC-addr mask | any |
host dst-MAC-addr | dst-MAC-addr
mask} [type mask]
Step 4
end
Step 5
show access-lists [access-list-number |
access-list-name]
Step 6
copy running-config startup-config
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
30-30
Purpose
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Create a Layer 2 MAC ACL by specifying the name of the list and enter
extended MAC ACL configuration mode.
Always use the permit keyword for ACLs used as match criteria in QoS
policies.
•
For src-MAC-addr, enter the MAC address of the host from which the
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
For mask, enter the wildcard bits by placing ones in the bit positions
•
that you want to ignore.
For dst-MAC-addr, enter the MAC address of the host to which the
•
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
•
(Optional) For type mask, specify the Ethertype number of a packet
with Ethernet II or SNAP encapsulation to identify the protocol of
the packet. For type, the range is from 0 to 65535, typically specified
in hexadecimal. For mask, enter the don't care bits applied to the
Ethertype before testing for a match.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Chapter 30
Configuring QoS
78-17058-01
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
