Quality of Service (QoS) | 729Figure 35-10. Using the Order Keyword in ACLsCreate a Layer 2 class mapAll class maps are Layer 3 by default; you can create a Layer 2 class map by specifying the option layer2with the class-map command. A Layer 2 class map differentiates traffic according to 802.1p value and/orcharacteristics defined in a MAC ACL.1. Create a match-any class map using the command class-map match-any or a match-all class mapusing the command class-map match-all from CONFIGURATION mode, and enter the keywordlayer2.2. Once you create a class-map, FTOS places you in CLASS MAP mode. From this mode, specify yourmatch criteria using the command match mac. Match-any class maps allow up to five access-lists, andmatch-all class-maps allow only one. You can match against only one VLAN ID.3. After you specify your match criteria, link the class-map to a queue using the commandservice-queue from POLICY MAP mode.Determine the order in which ACLs are used to classify trafficWhen you link class-maps to queues using the command service-queue, FTOS matches the class-mapsaccording to queue priority (queue numbers closer to 0 have lower priorities). For example, inFigure 35-10, class-map cmap2 is matched against ingress packets before cmap1.ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8.Therefore, (without the keyword order) packets within the range 20.1.1.0/24 match positive against cmap1and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and bebuffered in queue 4.FTOS(conf)#ip access-list standard acl1FTOS(config-std-nacl)#permit 20.0.0.0/8FTOS(config-std-nacl)#exitFTOS(conf)#ip access-list standard acl2FTOS(config-std-nacl)#permit 20.1.1.0/24 order 0FTOS(config-std-nacl)#exitFTOS(conf)#class-map match-all cmap1FTOS(conf-class-map)#match ip access-group acl1FTOS(conf-class-map)#exitFTOS(conf)#class-map match-all cmap2FTOS(conf-class-map)#match ip access-group acl2FTOS(conf-class-map)#exitFTOS(conf)#policy-map-input pmapFTOS(conf-policy-map-in)#service-queue 7 class-map cmap1FTOS(conf-policy-map-in)#service-queue 4 class-map cmap2FTOS(conf-policy-map-in)#exitFTOS(conf)#interface gig 1/0FTOS(conf-if-gi-1/0)#service-policy input pmap