27-9
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Chapter 27 Configuring QoS
Understanding QoS
Note
Although you configure the command at input, because the switch supports only egress push, this affects
only the CoS value of the tag imposed on egress.
•
When you configure a policy by entering the match dscp class map configuration command and you
enter the set cos policy-map class configuration command for QinQ EFPs, a DSCP match sets the
outer CoS of the encapsulated value.
Note
As in the previous case, the command configured at input affects only the CoS value of the tag imposed
at egress.
•
You can set DSCP based on matching the outer VLAN.
•
If you enter the match cos command on EFPs configured for QinQ, the match is to the incoming
CoS (C-CoS).
The same CoS mapping rules also apply to EFP rewrite operations (see the
“Rewrite Operations” section
on page 11-7
) when you use the rewrite ingress tag pop symmetric service instance command for
VLAN translation.
You can also configure outgoing CoS on an 802.1Q trunk port to simulate CoS mapping.
Ingress Classification Based on QoS ACLs
You can use IP standard, IP extended, or Layer 2 MAC ACLs to define a group of packets with the same
characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than do security ACLs. QoS policies do not match ACLs that use the
deny keyword.
•
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
•
If a match with a deny action is encountered, the ACL being processed is omitted, and the next ACL
is processed.
•
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
•
If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first
ACL with a permit action, and QoS processing begins.
Note
When you create an access list, remember that the end of the access list contains an implicit deny
statement for everything if it did not find a match before reaching the list end.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command.
You implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended
global configuration command. The switch supports MAC ACLs only with destination addresses.
Not all IP ACL options are supported in QoS ACLs. Only these protocols are supported for permit
actions in an IP ACL: ICMP, IGMP, GRE, IPINIP, TCP, and UDP. Within a protocol, for IP source and
destination, the switch supports only the source or destination IP address, host, or any. For matching
criteria, the switch supports only DSCP, time-range, and ToS. See the
“Using ACLs to Classify Traffic”
section on page 27-28
for more specific information. When you define a class map with the ACL, you
can add the class to a policy.