You can use one of the following syntax examples to configure Fabric Engine QoS filters.
On a DvR Leaf, you must use an InVsn ACL.
filter acl 1 type inVsn matchType uniOnly name "DenyNets" filter acl i-sid 1 2000100 filter acl ace 1 1 name "Deny-10.31.64.0" filter acl ace action 1 1 deny filter acl ace ethernet 1 1 ether-type eq ip filter acl ace ip 1 1 dst-ip mask 10.31.64.0 25 filter acl ace 1 1 enable filter acl ace 1 2 name "Deny-172.16.2.0" filter acl ace action 1 2 deny filter acl ace ethernet 1 2 ether-type eq ip filter acl ace ip 1 2 dst-ip mask 172.16.2.0 24 filter acl ace 1 2 enable filter acl 2 type inVsn matchType uniOnly name "QoS-Remark" filter acl i-sid 2 2000200 filter acl ace 2 1001 name "QoS-Remark-UDP" filter acl ace action 2 1001 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1001 ether-type eq ip filter acl ace ip 2 1001 ip-protocol-type eq udp filter acl ace protocol 2 1001 dst-port eq 2000 filter acl ace 2 1001 enable filter acl ace 2 1002 name "QoS-Remark-TCP" filter acl ace action 2 1002 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1002 ether-type eq ip filter acl ace ip 2 1002 ip-protocol-type eq tcp filter acl ace protocol 2 1002 dst-port eq 2000 filter acl ace 2 1002 enable
You can also use the InVsn syntax shown in the preceding example on a non-DvR Leaf regular Fabric Engine Backbone Edge Bridge (BEB) switch. However, on a regular Fabric Engine BEB switch, you can also use the inVlan type.
filter acl 1 type inVlan name "Securit+QoS" filter acl vlan 1 100 filter acl ace 1 1 name "Deny-10.31.64.0" filter acl ace action 1 1 deny filter acl ace ethernet 1 1 ether-type eq ip filter acl ace ip 1 1 dst-ip mask 10.31.64.0 25 filter acl ace 1 1 enable filter acl ace 1 2 name "Deny-172.16.2.0" filter acl ace action 1 2 deny filter acl ace ethernet 1 2 ether-type eq ip filter acl ace ip 1 2 dst-ip mask 172.16.2.0 24 filter acl ace 1 2 enable filter acl ace 1 101 name "QoS-Remark-UDP" filter acl ace action 1 101 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 1 101 ether-type eq ip filter acl ace ip 1 101 ip-protocol-type eq udp filter acl ace protocol 1 101 dst-port eq 2000 filter acl ace 1 101 enable filter acl ace 1 102 name "QoS-Remark-TCP" filter acl ace action 1 102 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 1 102 ether-type eq ip filter acl ace ip 1 102 ip-protocol-type eq tcp filter acl ace protocol 1 102 dst-port eq 2000 filter acl ace 1 102 enable
ACL ACE rules can be defined as:
Primary Bank: ACE ID range 1-1000
Secondary Bank: ACE ID range 1001-2000
You can use both Primary and Secondary Banks for Security and QoS ACEs. The switch performs a parallel search on both ACE lists. If actions do not conflict, both actions apply. If actions conflict, the action from the Primary Bank has precedence.
ACL types inPort and outPort are also available but are not shown in the preceding examples.