OS10 Enterprise Edition User Guide Release 10.4.0E(R3)


ACL based classification

Classify the ingress traffic by matching the packet fields using ACL entries.

You can classify the traffic flows based on QoS specific fields or generic fields, using IP or MAC ACLs. Create class-map template to match the fields.

OS10 allows matching any of the fields or all the fields based on the match type configured in the class-map.

Use access-group match filter to match MAC or IP ACLs. You can configure a maximum of 4 access-group filters in a class-map:

  • 802.1p CoS
  • VLAN ID (802.1.Q)
  • DSCP + ECN
  • IP precedence

OS10 supports configuring a range of or comma separated values of match filters. When you apply the same match filter with new values, the system overwrites the previous values with the new values.

Configure ACL based classification

  1. Create a class-map of type qos.
    OS10(config)# class-map cmap
  2. Define the fields to be matched, based on:
    • 802.1p CoS
      OS10(config-cmap-qos)# match cos 0,4-7
    • all the 802.1p CoS values excluding a few
      OS10(config-cmap-qos)# match not cos 3,4
    • VLAN ID (range of or comma separated VLAN match is not supported)
      OS10(config-cmap-qos)# match vlan 100
    • IP DSCP
      OS10(config-cmap-qos)# match ip dscp 3,5,20-30
    • IP DSCP + ECN
      OS10(config-cmap-qos)# match ip dscp 3,5,20-30 ecn 2
    • IP precedence
      OS10(config-cmap-qos)# match ip precedence 2
    • IPv6 DSCP
      OS10(config-cmap-qos)# match ipv6 dscp 3,5,20-30
    • IPv6 DSCP + ECN
      OS10(config-cmap-qos)# match ipv6 dscp 3,5,20-30 ecn 2
    • IPv6 precedence
      OS10(config-cmap-qos)# match ipv6 precedence 2
    • any IP (IPv4 or IPv6) precedence
      OS10(config-cmap-qos)# match ip-any precedence 2
    • Pre-defined IP access-list
      OS10(config-cmap-qos)# match ip access-group name ip-acl-1
    • Pre-defined IPv6 access-list
      OS10(config-cmap-qos)#match ipv6 access-group name ACLv6
    • Pre-defined MAC access-list
      OS10(config-cmap-qos)# match mac access-group name mac-acl-1
  3. Create a qos type policy-map to refer the classes.
    OS10(config)# policy-map cos-policy    
  4. Refer the class-maps in the policy-map and define the required action for the flows.
    OS10(config-pmap-qos)# class cmap
                                        OS10(config-pmap-c-qos)# ?
                                        OS10(config-pmap-qos)# class cmap
                                        end     Exit to the exec Mode
                                        exit    Exit from current mode
                                        no      Negate a command or set its defaults
                                        police  Rate police input traffic
                                        set     Mark input traffic
                                        show    show configuration
                                        trust   Specify dynamic classification to trust[dscp/dot1p]

Rate this content

Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\