You can use one of the following syntax examples to configure VOSS QoS filters.
On a DvR Leaf, you must use an InVsn ACL.
filter acl 1 type inVsn matchType uniOnly name "DenyNets" filter acl i-sid 1 2000100 filter acl ace 1 1 name "Deny-10.31.64.0" filter acl ace action 1 1 deny filter acl ace ethernet 1 1 ether-type eq ip filter acl ace ip 1 1 dst-ip mask 10.31.64.0 25 filter acl ace 1 1 enable filter acl ace 1 2 name "Deny-172.16.2.0" filter acl ace action 1 2 deny filter acl ace ethernet 1 2 ether-type eq ip filter acl ace ip 1 2 dst-ip mask 172.16.2.0 24 filter acl ace 1 2 enable filter acl 2 type inVsn matchType uniOnly name "QoS-Remark" filter acl i-sid 2 2000200 filter acl ace 2 1001 name "QoS-Remark-UDP" filter acl ace action 2 1001 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1001 ether-type eq ip filter acl ace ip 2 1001 ip-protocol-type eq udp filter acl ace protocol 2 1001 dst-port eq 2000 filter acl ace 2 1001 enable filter acl ace 2 1002 name "QoS-Remark-TCP" filter acl ace action 2 1002 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1002 ether-type eq ip filter acl ace ip 2 1002 ip-protocol-type eq tcp filter acl ace protocol 2 1002 dst-port eq 2000 filter acl ace 2 1002 enable
You can also use the InVsn syntax shown in the preceding example on a non-DvR Leaf regular VOSS Backbone Edge Bridge (BEB) switch. However, on a regular VOSS BEB switch, you can also use the inVlan type.
filter acl 1 type inVlan name "DenyNets" filter acl vlan 1 100 filter acl ace 1 1 name "Deny-10.31.64.0" filter acl ace action 1 1 deny filter acl ace ethernet 1 1 ether-type eq ip filter acl ace ip 1 1 dst-ip mask 10.31.64.0 25 filter acl ace 1 1 enable filter acl ace 1 2 name "Deny-172.16.2.0" filter acl ace action 1 2 deny filter acl ace ethernet 1 2 ether-type eq ip filter acl ace ip 1 2 dst-ip mask 172.16.2.0 24 filter acl ace 1 2 enable filter acl 2 type inVlan name "QoS-Remark" filter acl vlan 2 200 filter acl ace 2 1001 name "QoS-Remark-UDP" filter acl ace action 2 1001 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1001 ether-type eq ip filter acl ace ip 2 1001 ip-protocol-type eq udp filter acl ace protocol 2 1001 dst-port eq 2000 filter acl ace 2 1001 enable filter acl ace 2 1002 name "QoS-Remark-TCP" filter acl ace action 2 1002 permit internal-qos 6 remark-dot1p 6 remark-dscp phbef filter acl ace ethernet 2 1002 ether-type eq ip filter acl ace ip 2 1002 ip-protocol-type eq tcp filter acl ace protocol 2 1002 dst-port eq 2000 filter acl ace 2 1002 enable
In both preceding examples for VOSS, Security ACEs must use ACE IDs 1-1000 and QoS ACEs must use ACE IDs 1001-2000.
ACL types inPort and outPort are also available but are not shown in the preceding examples.