Cisco 2950 Software Configuration Guide - Page 566
Classification Based on Class Maps and Policy Maps, global configuration command or
UPC - 746320454504
View all Cisco 2950 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 566 highlights
Understanding QoS Chapter 30 Configuring QoS • Configuration of a deny action is not supported in QoS ACLs on the switch. • System-defined masks are allowed in class maps with these restrictions: - A combination of system-defined and user-defined masks cannot be used in the multiple class maps that are a part of a policy map. - System-defined masks that are a part of a policy map must all use the same type of system mask. For example, a policy map cannot have a class map that uses the permit tcp any any ACE and another that uses the permit ip any any ACE. - A policy map can contain multiple class maps that all use the same user-defined mask or the same system-defined mask. Note For more information about system-defined masks, see the "Understanding Access Control Parameters" section on page 29-4. For more information about ACL restrictions, see the "Configuring ACLs" section on page 29-6. After a traffic class has been defined with the ACL, you can attach a policy to it. A policy might contain multiple classes with actions specified for each one of them. A policy might include commands to classify the class as a particular aggregate (for example, assign a DSCP) or rate-limit the class. This policy is then attached to a particular port on which it becomes effective. You implement IP ACLs to classify IP traffic by using the access-list global configuration command; you implement Layer 2 MAC ACLs to classify Layer 2 traffic by using the mac access-list extended global configuration command. Classification Based on Class Maps and Policy Maps A class map is a mechanism that you use to isolate and name a specific traffic flow (or class) from all other traffic. The class map defines the criteria used to match against a specific traffic flow to further classify it; the criteria can include matching the access group defined by the ACL. If you have more than one type of traffic that you want to classify, you can create another class map and use a different name. After a packet is matched against the class-map criteria, you further classify it through the use of a policy map. A policy map specifies which traffic class to act on. Actions can include setting a specific DSCP value in the traffic class or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy map can be effective, you must attach it to an interface. You create a class map by using the class-map global configuration command or the class policy-map configuration command. You should use the class-map global configuration command when the map is shared among many ports. When you enter the class-map global configuration command, the switch enters the class-map configuration mode. In this mode, you define the match criterion for the traffic by using the match class-map configuration command. You create and name a policy map by using the policy-map global configuration command. When you enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the actions to take on a specific traffic class by using the class policy-map configuration or set policy-map class configuration command. To make the policy map effective, you attach it to an interface by using the service-policy interface configuration command. The policy map can also contain commands that define the policer, the bandwidth limitations of the traffic, and the action to take if the limits are exceeded. For more information, see the "Policing and Marking" section on page 30-7. 30-6 Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide 78-11380-10