Classification and Marking 109
the IP address. Example 4-10 illustrates two example ACE entries using the host and any
keywords, respectively.
Use the following command structure for specific TCP and UDP ports for an ACE:
set qos ip-filter
cos
{tcp | udp | any}
src_IP_addr_spec src_port
dest_IP_addr_spec
dest_port
src_IP_addr_spec/dest_IP_addr
The any keyword proceeding the CoS value is available to specify the ACE for both TCP
and UDP protocols. Example 4-11 illustrates several examples of using ACEs with TCP
and UDP port number references.
Use the following command to view the current configured ACEs on the switch:
ss
ss
hh
hh
oo
oo
ww
ww
qq
qq
oo
oo
ss
ss
ii
ii
pp
pp
Example 4-12 illustrates an example of using the show qos ip command.
Example 4-10 ACE Example Using host and any Keywords
Console> (enable) ss
ss
ee
ee
tt
tt
qq
qq
oo
oo
ss
ss
ii
ii
pp
pp
--
--
ff
ff
ii
ii
ll
ll
tt
tt
ee
ee
rr
rr
55
55
aa
aa
nn
nn
yy
yy
hh
hh
oo
oo
ss
ss
tt
tt
11
11
00
00
..
..
11
11
00
00
..
..
11
11
00
00
..
..
11
11
00
00
qos ip-filter is set successfully.
Console> (enable) set qos ip-filter 5 192.168.1.0 255.255.255.0 any
qos ip-filter is set successfully.
Example 4-11 ACE Example Using TCP and UDP Ports
Console> (enable) ss
ss
ee
ee
tt
tt
qq
qq
oo
oo
ss
ss
ii
ii
pp
pp
--
--
ff
ff
ii
ii
ll
ll
tt
tt
ee
ee
rr
rr
55
55
UU
UU
DD
DD
PP
PP
aa
aa
nn
nn
yy
yy
33
33
00
00
00
00
00
00
00
00
aa
aa
nn
nn
yy
yy
33
33
00
00
00
00
00
00
00
00
Warning: This command will only apply to Unicast addresses.
qos ip-filter is set successfully.
Console> (enable) set qos ip-filter 4 TCP 192.168.100.0 255.255.255.0 16000
192.168.101.0 255.255.255.0 16000
qos ip-filter is set successfully.
Console> (enable) set qos ip-filter 6 any host 10.1.1.1 50000 host 10.1.1.2 50000
qos ip-filter is set successfully.
Example 4-12 Example Output from the show qos ip Command
Console> (enable) show qos ip
There are 3 IP filter(s).
ACE# Src IP and Mask Dest IP and Mask
---- -------------------------------- --------------------------------
1 any host 10.10.10.10
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 5
2 192.168.1.0 255.255.255.0 any
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
continues
110 Chapter 4: QoS Support on the Catalyst 5000 Family of Switches
The switch executes ACE entries in order, the same as access-control lists in Cisco IOS
Software. As a result, it may be necessary to rearrange the order of the ACE entries. Use the
following suffixes to the set qos ip-filter command to place ACE entries in the configu-
ration in a specific order:
[before
ACE#
| modify
ACE#
]
Example 4-13 illustrates a user determining the existing ACE order, placing an ACE entry
in a specific order, and verifying the configuration.
any 0 0 5
3 any any
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
udp 30000 30000 5
4 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
tcp 16000 16000 4
5 host 10.1.1.1 host 10.1.1.2
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 50000 50000 6
Example 4-13 Placing ACE Entries in Specific Order
Console> (enable) show qos ip
There are 3 IP filter(s).
ACE# Src IP and Mask Dest IP and Mask
---- -------------------------------- --------------------------------
1 any host 10.10.10.10
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 5
2 192.168.1.0 255.255.255.0 any
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 5
Example 4-12 Example Output from the show qos ip Command (Continued)
Classification and Marking 111
3 any any
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
udp 30000 30000 5
4 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
tcp 16000 16000 4
5 host 10.1.1.1 host 10.1.1.2
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 50000 50000 6
Console> (enable) set qos ip-filter 3 192.168.20.0 0.0.0.255 192.168.21.0 0.0.0.255
before 3
Console> (enable) show qos ip
There are 5 IP filter(s).
ACE# Src IP and Mask Dest IP and Mask
---- -------------------------------- --------------------------------
1 any host 10.10.10.10
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 5
2 192.168.1.0 255.255.255.0 any
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 5
3 192.168.20.0 0.0.0.255 192.168.21.0 0.0.0.255
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 0 0 3
4 any any
Protocol Src Port Dst Port CoS
Example 4-13 Placing ACE Entries in Specific Order (Continued)
continues
112 Chapter 4: QoS Support on the Catalyst 5000 Family of Switches
Use the following commands to clear ACE entries:
clear qos ip-filter
ace_num
cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
qq
qq
oo
oo
ss
ss
ii
ii
pp
pp
--
--
ff
ff
ii
ii
ll
ll
tt
tt
ee
ee
rr
rr
aa
aa
ll
ll
ll
ll
Extended Trust Option
The Catalyst 5000 Family of switches supports instructing an attached appliance of
extended trust options via the Cisco Discovery Protocol (CDP). CDP is a Layer 2 protocol
used to inform Cisco devices of each presence and parameters such as IP address, system
name, Native VLAN, and egress port. Chapter 2, “End-to-End QoS: Quality of Service at
Layer 3 and Layer 2,” in the “Voice VLANs and Extended Trust” section discusses the
concept of extended trust. The following commands configure the extended trust options
for a Catalyst 5000 switch:
set port qos
mod/ports
cos-ext
cos_value
set port qos
mod/ports
trust-ext [trust-cos | untrusted]
cos_value represents the requested reclassification CoS value sent to the attached appliance
via CDP. The trust-cos option requests the attached appliance to trust ingress CoS values
on frames, whereas untrusted signifies the appliance to not trust the CoS value in ingress
frames and rewrite any ingress CoS values to zero. The most common appliance is the
Cisco IP Phone.
Although the Catalyst 5000 Family of switches supports extended trust parameters in CDP
messages to attached appliances and auxiliary (voice) VLANs, it does not support the
ability to provide power over the cabling infrastructure to power Cisco IP Phones or other
appliances. For example, if you are using the Catalyst 5000 Family of switches to apply
extended trust parameters in CDP messages to a Cisco IP Phone, you need a power outlet
for the phone rather than relying on inline power.
-------- -------- -------- ---
udp 30000 30000 5
5 192.168.100.0 255.255.255.0 192.168.101.0 255.255.255.0
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
tcp 16000 16000 4
6 host 10.1.1.1 host 10.1.1.2
Protocol Src Port Dst Port CoS
-------- -------- -------- ---
any 50000 50000 6
Example 4-13 Placing ACE Entries in Specific Order (Continued)
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset