Brocade Communications Systems 6650 Switch User Manual


  Open as PDF
of 332
 
Brocade ICX 6650 Security Configuration Guide 115
53-1002601-01
QoS options for IP ACLs
dscp-matching – Matches on the packet DSCP value. This option does not change the packet
forwarding priority through the device or mark the packet.
802.1p-priority-matching – Inspects the 802.1p bit in the ACL that can be used with adaptive
rate limiting.
NOTE
These QoS options are only available if a specific ICMP type is specified for the icmp-type parameter
while configuring extended ACLS, and cannot be used with the any-icmp-type option. See “Extended
numbered ACL syntax” on page 91 and “Extended named ACL syntax” on page 97for the syntax for
configuring extended ACLs.
Configuration notes for QoS options on Brocade ICX 6650
These devices do not support marking and prioritization simultaneously with the same rule (and do
not support DSCP CoS mapping at all). To achieve this, you need to create two separate rules. In
other words, you can mark a rule with DSCP or 802.1p information, or you can prioritize a rule
based on DSCP or 802.1p information. You can enable only one of the following ACL options per
rule:
802.1p-priority-marking
dscp-marking
For example, any one of the following commands is supported.
Brocade(config)#access-list 101 permit ip any any dscp-marking 43
or
Brocade(config)#access-list 101 permit ip any any 802.1p-priority-marking
Using an IP ACL to mark DSCP values (DSCP marking)
The dscp-marking option for extended ACLs allows you to configure an ACL that marks matching
packets with a specified DSCP value. You also can use DSCP marking to assign traffic to a specific
hardware forwarding queue (refer to “Using an ACL to change the forwarding queue” on page 117).
For example, the following commands configure an ACL that marks all IP packets with DSCP value
5. The ACL is then applied to incoming packets on interface 7. Consequently, all inbound packets
on interface 7 are marked with the specified DSCP value.
Brocade(config)# access-list 120 permit ip any any dscp-marking 5
Brocade(config)# interface 1/1/7
Brocade(config-if-e10000-1/1/7)# ip access-group 120 in
Syntax: ...dscp-marking dscp-value
The dscp-marking dscp-value parameter maps a DSCP value to an internal forwarding priority. The
DSCP value can be from 0-63.
 previous next