Using an ip acl to mark dscp values (dscp marking), Using an ip acl to mark dscp values, Dscp marking) – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 135

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

115

53-1002601-01

QoS options for IP ACLs

dscp-matching – Matches on the packet DSCP value. This option does not change the packet
forwarding priority through the device or mark the packet.

802.1p-priority-matching – Inspects the 802.1p bit in the ACL that can be used with adaptive
rate limiting.

NOTE

These QoS options are only available if a specific ICMP type is specified for the icmp-type parameter
while configuring extended ACLS, and cannot be used with the any-icmp-type option. See

“Extended

numbered ACL syntax”

on page 91 and

“Extended named ACL syntax”

on page 97for the syntax for

configuring extended ACLs.

Configuration notes for QoS options on Brocade ICX 6650

These devices do not support marking and prioritization simultaneously with the same rule (and do
not support DSCP CoS mapping at all). To achieve this, you need to create two separate rules. In
other words, you can mark a rule with DSCP or 802.1p information, or you can prioritize a rule
based on DSCP or 802.1p information. You can enable only one of the following ACL options per
rule:

802.1p-priority-marking

dscp-marking

For example, any one of the following commands is supported.

Brocade(config)#access-list 101 permit ip any any dscp-marking 43

or

Brocade(config)#access-list 101 permit ip any any 802.1p-priority-marking

Using an IP ACL to mark DSCP values (DSCP marking)

The dscp-marking option for extended ACLs allows you to configure an ACL that marks matching
packets with a specified DSCP value. You also can use DSCP marking to assign traffic to a specific
hardware forwarding queue (refer to

“Using an ACL to change the forwarding queue”

on page 117).

For example, the following commands configure an ACL that marks all IP packets with DSCP value
5. The ACL is then applied to incoming packets on interface 7. Consequently, all inbound packets
on interface 7 are marked with the specified DSCP value.

Brocade(config)# access-list 120 permit ip any any dscp-marking 5
Brocade(config)# interface 1/1/7
Brocade(config-if-e10000-1/1/7)# ip access-group 120 in

Syntax: ...dscp-marking dscp-value

The dscp-marking dscp-value parameter maps a DSCP value to an internal forwarding priority. The
DSCP value can be from 0-63.

Advertising
Popular Brands
Popular manuals