Specifications
Using ACLs to Change CoS
15-22 Configuring and Managing Security ACLs
Using the precedence and ToS Options
YoualsocanindirectlyfilteronDSCPbyfilteringonboththeIPpreced enceandIPToSvaluesofa
packet.However,thismethodrequirestwoACEs.Tousethismethod,specifythecombinationof
precedenceandToSvaluesthatisequivalenttotheDSCPvalue.Forexample,tofilterbased
on
DSCPvalue46,configureanACLthatfiltersbasedonprecedence5andToS12.(Todisplayatable
oftheprecedenceandToScombinationsforeachDSCPvalue,usethe
show qos dscp-table
command.)
Example
ThefollowingcommandsperformthesameCoSreassignmentasthecommandsin“Usingthe
dscpOption”onpage 15 ‐21.TheyremapIPpacketsfromIPaddress10.10.50.2thathaveDSCP
value46(equivalenttoprecedencevalue5andToSvalue12),tohaveCoSvalue7whentheyare
forwarded
toany10.10.90.xaddressonDistributedAP4:
RBT-8100# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0
0.0.0.255 precedence 5 tos 12
success: change accepted.
RBT-8100# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0
0.0.0.255 precedence 5 tos 13
success: change accepted.
RBT-8100# set security acl ip acl2 permit any
success: change accepted.
RBT-8100# commit security acl acl2
success: change accepted.
RBT-8100# set security acl map acl2 dap 4 out
success: change accepted.
TheACLcontainstwoACEs.ThefirstACEmatchesonprecedence5andToS12.ThesecondACE
matchesonprecedence5andToS13.TheIPprecedenceandToSfieldsuse7bits,whiletheDSCP
fieldusesonly6bits.Following theDSCPfieldisa2‐bitECN
fieldthatcanbesetbyotherdevices
basedonnetworkcongestion.ThesecondACEisrequiredtoensurethattheACLmatches
regardlessofthevalueoftheseventhbit.
Note: You cannot use the dscp option along with the precedence and tos options in
the same ACE. The CLI rejects an ACE that has this combination of options.