Showing results for 
Search instead for 
Did you mean: 


QoS on Management VLAN

Hello All.  I have the below ACL applied inbound on a vlan interface, int vlan 808.  I would like to match against this ACL in a class-map and then apply it to a policy-map that'll set the dscp 10 for ssh and tacacs traffic.  All other traffic I do not want to change.  The service policy will then be applied to int vlan 808 as "service-policy input MGMT-TRAFFIC-POLICY". And then I'd like to remove the "ip access-group MGMT_TRAFFIC in" from the int vlan 808.

Is it possible to do so without creating two separate ACLs...if so how?  If I did have to use two separate ACLs how would I configure the class-map and/or policy-map to not change the other traffic.  Thanks.   

ip access-list extended MGMT_TRAFFIC
permit udp any eq snmp any
permit icmp any any
permit udp any gt 0 any eq 1645 1646 log
permit udp any gt 0 any eq 1812 1813
permit udp any eq tftp any
permit udp any eq ntp any
permit udp any gt 0 any eq syslog
permit udp any eq snmptrap any
permit tcp any eq 443 any
permit udp any gt 0 any lt 65534
permit igmp any any
permit tcp any gt 0 any eq tacacs log
permit tcp any eq 22 any gt 0 log
deny ip any any log

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards