Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
5
Helpful
1
Replies

matching ACLs based on ToS bits

johnsoja9
Level 1
Level 1

‎08-25-2008 12:37 PM - edited ‎03-11-2019 06:35 AM

We are looking to match ACLs based on ToS bits using the ASA 5500 series. Can anyone provide feedback or describe a succesful implementation?

Labels:
0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-25-2008 04:36 PM

ok lets say u have Extended ACL

access-list 100 permit ip 192.1681.0 255.255.255.0 any

then u need to match any traffic from that subnet going to any distination with TOS DSCP ef

do the following

hostname(config)#class-map match-all voice

hostname(config-cmap)#match access-list 100

hostname(config-cmap)#match dscp ef

then u can apply it to whatever interface or globaly (to all interfaces)

the following link contain good details regrading ur question

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

good luck

please, if helpful rate

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card