VACLs and QoS ACL Classification Order of Operation

Unanswered Question
Aug 2nd, 2007
User Badges:

Guys,


Please see the attached jpeg diagram for the topology.


Question is: If you specify a VACL on a switch, lets say at ingress to your network for voice/data/video classification for QoS purposes, does your traffic get classfied once at ingress, ie, when coming into your switchport to the switch, and then again, when it reaches the far end access switch (lets just say RTP payload). So, a voice call would get classificed twice when sending an RTP packet from Phone 1 to phone 2?


This is just important to understanmd from a transit network design point of view?


There seems to be a bit of confusion, ie, when I look at the following documentation,

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/122sx/swcg/vacl.pdf


it shows that VALCs in a bridge environment, only hits the VACL on ingress, but other documentation, says that the VALCs (or VLAN maps) are directionless?


I am a little confused by that?


Also, I am assuming, when you come into another switch (ie frame A arrives at the far end access switch in my diagram), your packet will be coming in with an 802.1q header, that gets stripped, and then you will be in a particular VLAN, and the VACL applies to that? or the VACL gets applied before the 802.1q header is stripped? So, if you came in with a VLAN tag on a dot1q trunk and you had a tag of 100, your frame would get processed by a VACL mapped to VLAN 100 (if any)and then the 802.1q tag removed, and if it was VLAN 600, your frame would be subject to any VLAN 600ACL and then 802.1q header removed?


Does anyone know exactly how this works?


Many thanks to all, and kind regards,

Ken


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion