beautypg.com

Qos options for ip acls, Combined acl for 802.1p marking – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 957

background image

Brocade TurboIron 24X Series Configuration Guide

923

53-1003053-01

QoS options for IP ACLs

The second entry denies all FTP traffic from the 10.157.21.x network to the 10.157.22.x network, if
the traffic has the IP precedence value “6” (equivalent to “internet”).

The third entry permits all packets that are not explicitly denied by the other entries. Without this
entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the
ACL.

To configure an IP ACL that matches based on ToS, enter commands such as the following.

The first entry in this IP ACL denies TCP traffic from the 10.157.21.x network to the 10.157.22.x
network, if the traffic has the IP ToS option “normal” (equivalent to “0”).

The second entry denies all FTP traffic from the 10.157.21.x network to the 10.157.22.x network, if
the traffic has the IP ToS value “13” (equivalent to “max-throughput”, “min-delay”, and
“min-monetary-cost”).

The third entry permits all packets that are not explicitly denied by the other entries. Without this
entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the
ACL.

QoS options for IP ACLs

Quality of Service (QoS) options enable you to perform QoS for packets that match the ACLs. Using
an ACL to perform QoS is an alternative to directly setting the internal forwarding priority based on
incoming port, VLAN membership, and so on. (This method is described in

“Assigning QoS

priorities to traffic”

on page 1039.)

The following QoS ACL options are supported:

dscp-marking – Marks the DSCP value in the outgoing packet with the value you specify.

802.1p-and internal-marking – Supported only on devices wiith the DSCP marking option, this
command assigns traffic that matches the ACL to a hardware forwarding queue and re-marks
the packets that match the ACL with the 802.1p priority.

dscp-matching – Matches on the packet DSCP value. This option does not change the packet
forwarding priority through the device or mark the packet.

Combined ACL for 802.1p marking

Devices support a simple method for assigning an 802.1p priority and internal marking priority to
packets without affecting the actual packet or the DSCP marking. If you do not set a specific
internal marking priority, then the internal priority does not change.

Priority values range from 0 to 7.

Devices use the same configured value for both the internal marking priority and the 802.1p
priority marking value. This feature is enabled through the use of an ACL option. The option applies
to IP, TCP, and UDP traffic.

For IP

TurboIron(config)#access-list 104 deny tcp 10.157.21.0/24 10.157.22.0/24 tos

normal

TurboIron(config)#access-list 104 deny tcp 10.157.21.0/24 eq ftp 10.157.22.0/24

tos 13

TurboIron(config)#access-list 104 permit ip any any

See also other documents in the category Brocade Computer Accessories: