You want to filter based on IP QoS information.
You can filter packets based on the contents of the Differentiated Services Control Point (DSCP) field using the dscp keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 162 permit ip any any dscp af11
Router1(config)#end
Similarly, to filter based on TOS, you can use the tos keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 162 permit ip any any tos max-reliability
Router1(config)#end
And you can filter based on IP Precedence using the precedence keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z
Router1(config)#access-list 162 permit ip any any precedence flash
Router1(config)#end
In Chapter 11 and Appendix B we discuss the DSCP, IP TOS, and IP Precedence fields in more detail. Chapter 11 also includes several examples of ACLs that filter based on this information. Please refer to these sections for more information.
The first example looks for packets that have a DSCP field value of AF11, which has a bit pattern of 001010, or a decimal value of 10. The second example matches packets with a TOS value of maximum reliability, which has a decimal value of 2.
Note that you can use the decimal numerical values for any TOS, Precedence, or DSCP field, and the router will simply replace it with the mnemonic keyword, if one exists. For example, we could have written the second example as follows:
Router1(config)#access-list 162 permit ip any any tos 2
In this case, the router would have replaced the number 2 with the max-reliability keyword. However, there is no mnemonic keyword corresponding to the TOS value, 3. The router will accept values that do not have well-known names such as this, but it will leave them as numerical values in the configuration file.
Top |