I want to know whether the QoS ACL supports deny statement.
Here is the scenario: I have 6500 running in native mode. The QoS configured on it marks all outbound ssl and web traffic to CS3. I have a new requirement to mark ssl and web traffic for a few particular subnets to Default CS0.
I am thinking of applying DENY statement for those subnets in the named QOS ACL on top. It will put the traffic for these subnets in default class??? DENY statement will be followed by the the other permit statements which I currently have.
Is this the correct implementation approach?? Any recommendations or thoughts!!!!