In IPv6 extended ACL rules, re-marking (forcing) DSCP values can change priority on egress traffic, by which you can prioritize ingress traffic. You can also filter IPv6 packets by DSCP value.
-
Enter
configure terminal
to access global configuration mode.
device# configure terminal
-
Enter the
ipv6 access-list extended command to create or access the ACL.
device(config)# ipv6 access-list extended ipv6_acl_1
-
To filter incoming packets by DSCP value, define
permit or
deny rules specifying the
dscp parameters.
device(conf-ip6acl-ext)# seq 10 deny ipv6 2001:2002:1234:1::/64 2001:1001:1234:1::/64 dscp 25 count
device(conf-ip6acl-ext)# seq 20 permit ipv6 2001:2002:2345:1::/64 any dscp 20 count
-
To re-mark the DSCP value of incoming packets, define
permit rules specifying the
dscp-force parameters.
device(conf-ip6acl-ext)# seq 30 permit ipv6 2001:2002:2346:1::/64 any dscp-force 10
-
Apply the ACL that you created to the appropriate interface.
device(config)# interface ethernet 2/2
device(conf-if-eth-2/2)# ipv6 access-group ipv6_acl_1 in
