20-7
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 20 Configuring QoS
Understanding QoS
Classification Based on QoS ACLs
You can use IP standard, IP extended, and Layer 2 MAC ACLs to define a group of packets with the
same characteristics (class). In the QoS context, the permit and deny actions in the access control entries
(ACEs) have different meanings than with security ACLs:
•
If a match with a permit action is encountered (first-match principle), the specified QoS-related
action is taken.
•
If a match with a deny action is encountered, the ACL being processed is skipped, and the next ACL
is processed.
•
If no match with a permit action is encountered and all the ACEs have been examined, no QoS
processing occurs on the packet, and the switch offers best-effort service to the packet.
•
If multiple ACLs are configured on an interface, the lookup stops after the packet matches the first
ACL with a permit action, and QoS processing begins.
Note
When creating an access list, remember that, by default, the end of the access list contains an implicit
deny statement for everything if it did not find a match before reaching the end.
After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain
multiple classes with actions specified for each one of them. A policy might include commands to
classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This
policy is then attached to a particular port on which it becomes effective.
You implement IP ACLs to classify IP traffic by using the access-list global configuration command;
you implement Layer 2 MAC ACLs to classify non-IP traffic by using the mac access-list extended
global configuration command. For configuration information, see the
“Configuring a QoS Policy”
section on page 20-26
.
Classification Based on Class Maps and Policy Maps
A class map is a mechanism that you use to isolate and name a specific traffic flow (or class) from all
other traffic. The class map defines the criteria used to match against a specific traffic flow to further
classify it; the criteria can include matching the access group defined by the ACL or matching a specific
list of DSCP or IP precedence values. If you have more than one type of traffic that you want to classify,
you can create another class map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy map.
A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP
precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class;
or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile.
Before a policy map can be effective, you must attach it to an interface.
You create a class map by using the class-map global configuration command or the class policy-map
configuration command; you should use the class-map command when the map is shared among many
ports. When you enter the class-map command, the switch enters the class-map configuration mode. In
this mode, you define the match criterion for the traffic by using the match class-map configuration
command.
You create and name a policy map by using the policy-map global configuration command. When you
enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the
actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and
policy-map class configuration commands. To make the policy map effective, you attach it to an
interface by using the service-policy interface configuration command.