IBM 12.1(22)EA6 User Manual
23-17
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 23 Configuring QoS
Configuring Standard QoS
•
All ingress QoS processing actions apply to control traffic (such as spanning-tree bridge protocol
data units [BPDUs] and routing update packets) that the switch receives.
data units [BPDUs] and routing update packets) that the switch receives.
•
Only an ACL that is created for physical interfaces can be attached to a class map.
•
Only one ACL per class map and only one match command per class map are supported. The ACL
can have multiple access control entries, which are commands that match fields against the contents
of the packet.
can have multiple access control entries, which are commands that match fields against the contents
of the packet.
•
Policy maps with ACL classification in the egress direction are not supported and cannot be attached
to an interface by using the service-policy input policy-map-name interface configuration
command.
to an interface by using the service-policy input policy-map-name interface configuration
command.
•
In a policy map, the class named class-default is not supported. The switch does not filter traffic
based on the policy map defined by the class class-default policy-map configuration command.
based on the policy map defined by the class class-default policy-map configuration command.
•
For more information about guidelines for configuring ACLs, see the
•
For information about applying ACLs to physical interfaces, see the
•
If a policy map with a system-defined mask and a security ACL with a user-defined mask are
configured on an interface, the switch might ignore the actions specified by the policy map and
perform only the actions specified by the ACL. For information about masks, see the
configured on an interface, the switch might ignore the actions specified by the policy map and
perform only the actions specified by the ACL. For information about masks, see the
.
•
If a policy map with a user-defined mask and a security ACL with a user-defined mask are
configured on an interface, the switch takes one of the actions as described in
configured on an interface, the switch takes one of the actions as described in
. For
information about masks, see the
.
Configuring Classification Using Port Trust States
This section describes how to classify incoming traffic by using port trust states:
•
•
•
•
Table 23-5
Interaction Between Policy Maps and Security ACLs
Policy-Map Conditions
Security-ACL
Conditions Action
Conditions Action
When the packet is in profile.
Permit specified
packets.
packets.
Traffic is forwarded.
When the packet is out of profile and the
out-of-profile action is to mark down the DSCP
value.
out-of-profile action is to mark down the DSCP
value.
Drop specified
packets.
packets.
Traffic is dropped.
When the packet is out of profile and the
out-of-profile action is to drop the packet.
out-of-profile action is to drop the packet.
Permit specified
packets.
packets.
Traffic is dropped.
Drop specified
packets.
packets.
Traffic is dropped.