Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VACLs and QoS ACL Classification Order of Operation


Please see the attached jpeg diagram for the topology.

Question is: If you specify a VACL on a switch, lets say at ingress to your network for voice/data/video classification for QoS purposes, does your traffic get classfied once at ingress, ie, when coming into your switchport to the switch, and then again, when it reaches the far end access switch (lets just say RTP payload). So, a voice call would get classificed twice when sending an RTP packet from Phone 1 to phone 2?

This is just important to understanmd from a transit network design point of view?

There seems to be a bit of confusion, ie, when I look at the following documentation,

it shows that VALCs in a bridge environment, only hits the VACL on ingress, but other documentation, says that the VALCs (or VLAN maps) are directionless?

I am a little confused by that?

Also, I am assuming, when you come into another switch (ie frame A arrives at the far end access switch in my diagram), your packet will be coming in with an 802.1q header, that gets stripped, and then you will be in a particular VLAN, and the VACL applies to that? or the VACL gets applied before the 802.1q header is stripped? So, if you came in with a VLAN tag on a dot1q trunk and you had a tag of 100, your frame would get processed by a VACL mapped to VLAN 100 (if any)and then the 802.1q tag removed, and if it was VLAN 600, your frame would be subject to any VLAN 600ACL and then 802.1q header removed?

Does anyone know exactly how this works?

Many thanks to all, and kind regards,