Cisco NME-X-23ES-1G User Guide - Page 29
Quality of Service, Restriction, Number Permitted
UPC - 882658036118
View all Cisco NME-X-23ES-1G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede a Layer 3 user-defined mask. For example, a Layer 4 system-defined mask such as permit tcp any any or deny udp any any cannot precede a Layer 3 user-defined mask such as permit ip 10.1.1.1 any. If you configure this combination, the ACL is not configured. All other combinations of system-defined and user-defined masks are allowed in security ACLs. The Ethernet switch network module ACL configuration is consistent with Cisco Catalyst switches. However, there are significant restrictions as well as differences for ACL configurations on the Ethernet switch network module. Guidelines for Configuring ACLs on the Ethernet Switch Network Module These configuration guidelines apply to ACL filters: • Only one ACL can be attached to an interface. For more information, refer to the ip access-group interface command. • All ACEs in an ACL must have the same user-defined mask. However, ACEs can have different rules that use the same mask. On a given interface, only one type of user-defined mask is allowed, but you can apply any number of system-defined masks. For more information on system-defined masks, see the "Understanding Access Control Parameters" section on page 28. The following example shows the same mask in an ACL: Switch (config)#ip access-list extended acl2 Switch (config-ext-nacl)# permit tcp 10.1.1.1 0.0.0.0 any eq 80 Switch (config-ext-nacl)# permit tcp 20.1.1.1 0.0.0.0 any eq 23 In this example, the first ACE permits all the TCP packets coming from the host 10.1.1.1 with a destination TCP port number of 80. The second ACE permits all TCP packets coming from the host 20.1.1.1 with a destination TCP port number of 23. Both the ACEs use the same mask; therefore, a Ethernet switch network module supports this ACL. • Only four user-defined masks can be defined for the entire system. These can be used for either security or quality of service (QoS) but cannot be shared by QoS and security. You can configure as many ACLs as you require. However, a system error message appears if ACLs with more than four different masks are applied to interfaces. Table 5 lists a summary of the ACL restrictions on Ethernet switch network modules. Table 5 Summary of ACL Restrictions Restriction Number Permitted Number of user-defined masks allowed in an ACL 1 Number of ACLs allowed on an interface 1 Total number of user-defined masks for security 4 and QoS allowed on a switch Quality of Service Quality of service (QoS) can be implemented on your Ethernet switch network module. With this feature, you can provide preferential treatment to certain types of traffic. Without QoS, the switch offers best-effort service to each packet, regardless of the packet contents or size. It transmits the packets without any assurance of reliability, delay bounds, or throughput. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 29