Command Reference Guide
display security acl 429
The IP precedence and ToS fields use 7 bits, while the DSCP field uses
only 6 bits. Following the DSCP field is a 2-bit ECN field that can be set by
other devices based on network congestion. If you are filtering based on
DSCP value, you need two ACEs to ensure that the ACL matches
regardless of the value of the seventh bit. Use the first ACE to match on
the precedence and ToS values corresponding to the DSCP value. Use the
second ACE to match on the same precedence value but on the ToS value
plus 1. (For an example, see the “Using ACLs to Change CoS” section of
the “Configuring and Managing Security ACLs” chapter in the Wireless
LAN Switch and Controller Configuration Guide.
Examples — The following command displays the table:
WX-1200# display security acl dscp
DSCP TOS precedence tos
dec hex dec hex
-----------------------------------------------
0 0x00 0 0x00 0 0
1 0x01 4 0x04 0 2
2 0x02 8 0x08 0 4
...
63 0x3f 252 0xfc 7 14
See Also
set security acl on page 439
display security acl Displays a summary of security ACLs that are committed — saved in the
running configuration and nonvolatile storage — or a summary of ACLs
in the edit buffer.
Syntax —
display security acl [editbuffer]
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.