Cisco Systems ME3400G2CSA Switch User Manual


  Open as PDF
of 885
 
30-30
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
78-17058-01
Chapter 30 Configuring QoS
Configuring QoS
To delete an access list, use the no access-list access-list-number global configuration command.
This example shows how to create an ACL that permits IP traffic from any source to any destination that
has the DSCP value set to 32:
Switch(config)# access-list 100 permit ip any any dscp 32
This example shows how to create an ACL that permits IP traffic from a source host at 10.1.1.1 to a
destination host at 10.1.1.2 with a precedence value of 5:
Switch(config)# access-list 100 permit ip host 10.1.1.1 host 10.1.1.2 precedence 5
Creating Layer 2 MAC ACLs
Beginning in privileged EXEC mode, follow these steps to create a Layer 2 MAC ACL for non-IP traffic:
Step 3
end Return to privileged EXEC mode.
Step 4
show access-lists Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mac access-list extended name Create a Layer 2 MAC ACL by specifying the name of the list and enter
extended MAC ACL configuration mode.
Step 3
permit {host src-MAC-addr mask | any |
host dst-MAC-addr | dst-MAC-addr
mask} [type mask]
Always use the permit keyword for ACLs used as match criteria in QoS
policies.
For src-MAC-addr, enter the MAC address of the host from which the
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
For mask, enter the wildcard bits by placing ones in the bit positions
that you want to ignore.
For dst-MAC-addr, enter the MAC address of the host to which the
packet is being sent. You can specify in hexadecimal format (H.H.H),
use the any keyword for source 0.0.0, source-wildcard ffff.ffff.ffff, or
use the host keyword for source 0.0.0.
(Optional) For type mask, specify the Ethertype number of a packet
with Ethernet II or SNAP encapsulation to identify the protocol of
the packet. For type, the range is from 0 to 65535, typically specified
in hexadecimal. For mask, enter the don’t care bits applied to the
Ethertype before testing for a match.
Step 4
end Return to privileged EXEC mode.
Step 5
show access-lists [access-list-number |
access-list-name]
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
 previous next