Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

421

422

423

424

425

426

427

428

429

430

PowerConnect B-Series TI24X Configuration Guide 387

53-1002269-02

QoS options for IP ACLs

The first entry in this IP ACL denies TCP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP ToS option “normal” (equivalent to “0”).

The second entry denies all FTP traffic from the 209.157.21.x network to the 209.157.22.x

network, if the traffic has the IP ToS value “13” (equivalent to “max-throughput”, “min-delay”, and

“min-monetary-cost”).

The third entry permits all packets that are not explicitly denied by the other entries. Without this

entry, the ACL would deny all incoming or outgoing IP traffic on the ports to which you assign the

ACL.

QoS options for IP ACLs

Quality of Service (QoS) options enable you to perform QoS for packets that match the ACLs. Using

an ACL to perform QoS is an alternative to directly setting the internal forwarding priority based on

incoming port, VLAN membership, and so on. (This method is described in “Assigning QoS

priorities to traffic” on page 408.)

The following QoS ACL options are supported:

• dscp-marking – Marks the DSCP value in the outgoing packet with the value you specify.

• 802.1p-and internal-marking – Supported on PowerConnect devices only wiith the DSCP

marking option, this command assigns traffic that matches the ACL to a hardware forwarding

queue and re-marks the packets that match the ACL with the 802.1p priority.

• dscp-matching – Matches on the packet DSCP value. This option does not change the packet

forwarding priority through the device or mark the packet.

Using an IP ACL to mark DSCP values (DSCP marking)

The dscp-marking option for extended ACLs allows you to configure an ACL that marks matching

packets with a specified DSCP value. You also can use DSCP marking to assign traffic to a specific

hardware forwarding queue (refer to “Using an ACL to change the forwarding queue for

PowerConnect B-Series TI24X devices” on page 388).

For example, the following commands configure an ACL that marks all IP packets with DSCP value

5. The ACL is then applied to incoming packets on interface 7. Consequently, all inbound packets

on interface 7 are marked with the specified DSCP value.

PowerConnect(config)# access-list 120 permit ip any any dscp-marking 5

dscp-cos-mapping

PowerConnect(config)# interface 7

PowerConnect(config-if-e10000-7)# ip access-group 120 in

Syntax: ...dscp-marking <dscp-value>

The dscp-marking <dscp-value> parameter maps a DSCP value to an internal forwarding priority.

The DSCP value can be from 0 – 63.

PowerConnect(config)#access-list 104 deny tcp 209.157.21.0/24 209.157.22.0/24

tos normal

PowerConnect(config)#access-list 104 deny tcp 209.157.21.0/24 eq ftp

209.157.22.0/24 tos 13

PowerConnect(config)#access-list 104 permit ip any any