Configuring PFC QoS
Class Map Filtering Guidelines and Restrictions
When configuring class map filtering, follow these guidelines and restrictions:
•
•
•
•
•
•
•
•
•
•
•
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
41-72
With Release 12.2(18)SXE and later releases, PFC QoS supports multiple match criteria in class
maps configured with the match-any keywords.
When multiple match access-group ACLs are included in a match-any class map, and one ACL
contains a deny entry, all match criteria after the deny entry (either in the same ACL or in different
ACLs) will not be installed in the TCAM.
In the following example, ACLs acl4 and acl5 will not be installed because they follow acl3, which
contains a deny ip any any entry:
ip access-list ext acl3
deny ip any any
class-map cmap1
match access-group acl1
match access-group acl2
match access-group acl3
match access-group acl4
match access-group acl5
You can use either of the following workarounds to avoid this issue:
Move the deny entry to the end of the ACL and move that ACL to the end of the class map.
–
Configure all ACLs that must follow the deny entry into different class maps.
–
With releases earlier than Release 12.2(18)SXE, PFC QoS supports class maps that contain a single
match command.
With Release 12.2(18)SXE and later releases, the PFC3 supports the match protocol ipv6
command.
Because of conflicting TCAM lookup flow key bit requirements, you cannot configure IPv6
DSCP-based filtering and IPv6 Layer 4 range-based filtering on the same interface. For example:
If configure both a DSCP value and a Layer 4 greater than (gt) or less than (lt) operator in an
–
IPv6 ACE, you cannot use the ACL for PFC QoS filtering.
–
If configure a DSCP value in one IPv6 ACL and a Layer 4 greater than (gt) or less than (lt)
operator in another IPv6 ACL, you cannot use both ACLs in different class maps on the same
interface for PFC QoS filtering.
Release 12.2(18)SXE and later releases support the match protocol ip command for IPv4 traffic.
Release 12.2(18)SXE and later releases support the match any class map command.
PFC QoS does not support the match cos, match classmap, match destination-address, match
input-interface, match qos-group, and match source-address class map commands.
Cisco 7600 series routers do not detect the use of unsupported commands until you attach a policy
map to an interface.
The PFC2 support the match protocol class map command, which configures NBAR and sends all
traffic on the Layer 3 interface, both ingress and egress, to be processed in software on the MSFC2.
To configure NBAR, refer to this publication:
http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html
Filtering based on IP precedence or DSCP for egress QoS uses the received IP precedence or DSCP.
Egress QoS filtering is not based on any IP precedence or DSCP changes made by ingress QoS.
Chapter 41
Configuring PFC QoS
OL-4266-08