Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
0
Replies

QoS on Management VLAN

CompCJtoo
Level 1
Level 1

‎08-13-2018 04:45 PM - edited ‎08-13-2018 04:51 PM

Hello All.  I have the below ACL applied inbound on a vlan interface, int vlan 808.  I would like to match against this ACL in a class-map and then apply it to a policy-map that'll set the dscp 10 for ssh and tacacs traffic.  All other traffic I do not want to change.  The service policy will then be applied to int vlan 808 as "service-policy input MGMT-TRAFFIC-POLICY". And then I'd like to remove the "ip access-group MGMT_TRAFFIC in" from the int vlan 808.


Is it possible to do so without creating two separate ACLs...if so how?  If I did have to use two separate ACLs how would I configure the class-map and/or policy-map to not change the other traffic.  Thanks.   

ip access-list extended MGMT_TRAFFIC
permit udp any eq snmp any
permit icmp any any
permit udp any gt 0 any eq 1645 1646 log
permit udp any gt 0 any eq 1812 1813
permit udp any eq tftp any
permit udp any eq ntp any
permit udp any gt 0 any eq syslog
permit udp any eq snmptrap any
permit tcp any eq 443 any
permit udp any gt 0 any lt 65534
permit igmp any any
permit tcp any gt 0 any eq tacacs log
permit tcp any eq 22 any gt 0 log
deny ip any any log

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents