Filter and Force DSCP Values (IPv4 ACLs)

In IPv4 extended ACL rules, re-marking (forcing) DSCP values can change the priority on egress traffic, by which you can prioritize ingress traffic.

You can also filter IPv4 packets by DSCP value.
  1. Access global configuration mode.
    device# configure
    
  2. Create or access the ACL.
    device(config)# ip access-list extended extd_ACL5
    
  3. To filter incoming or outgoing packets by DSCP value, define permit or deny rules specifying the dscp parameters.
    device(config-ipacl-ext)# seq 5 deny tcp host 10.24.26.145 any dscp 25
    device(config-ipacl-ext)# seq 15 permit tcp 10.24.26.146 any dscp 20
    
  4. To re-mark the DSCP value of incoming packets, define permit rules specifying the dscp-force parameters.
    device(config-ipacl-ext)# seq 25 permit tcp 10.24.26.147 any dscp-force 10
    
    Note

    Note

    (SLX 9740/Extreme 8820 only) If traffic is bridged, then the egressing PCP (802.1p) is re-marked to the equivalent value of the forced DSCP.
  5. Apply the ACL to the appropriate interface.
    device(config)# interface ethernet 2/2
    device(conf-if-eth-2/2)# ip access-group extd_ACL5 in