Filtering Based on DSCP and TOS
Problem
You want to filter based on IP Quality of Service information.
Solution
You can filter packets based on the contents of the Differentiated Services Control Point (DSCP) field by using the dscp keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 162 permit ip any any dscp af11
Router1(config)#end
Similarly, to filter based on TOS, you can use the tos keyword:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 162 permit ip any any tos max-reliability
Router1(config)#end
Discussion
In Chapter 11 and Appendix B, we discuss both the DSCP and IP TOS fields in more detail. Chapter 11 also includes several examples of ACLs that filter based on this information. Please refer to these sections for more information.
The first example looks for packets that have a DSCP field value of AF11, which has a bit pattern of 001010, or a decimal value of 10. The second example matches packets with a TOS value of maximum reliability, which has a decimal value of 2.
Note that you can use the decimal numerical values for any TOS or DSCP field, and the router will simply replace it with the mnemonic keyword, if one exists. For example, we could have written the second example as follows:
Router1(config)#access-list 162 permit ip any any tos 2
In this case, the router would have replaced the number 2 with the max-reliability keyword. However, there is no mnemonic keyword corresponding to the TOS value, 3. The router will accept values that do not have well-known names like this, but it will leave them as numerical values in the configuration file.