In Layer 2 extended ACL rules, re-marking (forcing) PCP values can change priority on ingress traffic. You can also filter ingress and egress Layer 2 packets by PCP value.
-
Enter configure to access
global configuration mode.
-
Enter the
mac access-list extended command to create or access the ACL.
device(config)# mac access-list extended mac_ac12
-
To filter incoming or outgoing packets by PCP value, define permit and deny rules specifying the
pcp parameters.
device(conf-macl-ext)# seq 5 permit host 0022.3333.4444 host 0022.3333.5555 pcp 2
device(conf-macl-ext)# deny host 0022.3333.7777 host 0022.3333.6666 pcp 5
-
To re-mark the PCP value of incoming packets, define permit rules specifying the
pcp-force parameters.
device(conf-macl-ext)# seq 10 permit host 0022.3333.4445 host 0022.3333.5556 pcp-force 2
-
Apply the ACL to the
appropriate interface.
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# mac access-group mac_acl2 in
