Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Layer 2-based Access Control List does not work in QoS configuration on a Catalyst 3550 switch

Core issue

After a traffic class has been defined with the Access Control List (ACL), a policy can be attached to it. A policy can contain multiple classes with actions specified for each. A policy can include commands to classify the class as a particular aggregate (for example, a Differentiated Services Code Point (DSCP)) or rate-limit to the class. This policy is then attached to a particular port on which it becomes effective.

Policing involves the creation of a policer that specifies the bandwidth limits for the traffic. The Layer 2 (L2)-based ACLi does not work in the Quality of Service (QoS) configuration 3550 switch.

Resolution

For IP packets, MAC addresses cannot be used to do the matching; only IP addresses can be used. Match on IP addresses anyway. In other words, the best method is to use the optimizations made in the hardware ASICs to handle IP packets. 

The MAC ACLs are not supported when matching based on IP traffic is attempted. Therefore, the policies do not work. This is because this method does not really classify this traffic in the class-map command that is created. The best way to achieve this is to match based on IP addresses.

For QoS to function properly, configure a IP ACL to match the incoming traffic.

For additional information on how to configure QoS, refer to article How to configure QoS on the Catalyst fixed configuration switches.

Device connected to switch

Another Switch

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:42 PM
Updated by:
 
Labels (1)