[c-nsp] DSCP markdown with policing / Cat6000 SUP2/MSFC2 native IOS
JC Hall
jc.hall at cybertrails.net
Thu Feb 3 11:08:26 EST 2005
Hello list, I need some help configuring some policing rules on my 6500
switch with DSCP markdown.
Here is the scenario:
I set the DSCP on customer inbound traffic to 8, 16 or 24 depending on a
subscribed service level. Inbound traffic is permitted to burst up to a
certain cap above a subscription rate. However, for all bursty traffic,
I want to mark down the DSCP and apply a policing rule to limit the
overall throughput to a certain speed.
For example:
Subscription rate = 512Kbps
In-profile DSCP = 24
Out-of-profile DSCP = 0
Overall cap = 1024Kbps
This is my configuration thus far without implying the cap because I
haven't yet figured out how to make it work.
!
!
!
mls qos map policed-dscp normal-burst 8 16 24 to 0
mls qos map policed-dscp max-burst 8 16 24 to 0
!
class-map match-any FastEthernet3/5_in
match access-group name FastEthernet3/5_in
!
policy-map FastEthernet3/5_in
class FastEthernet3/5_in
police 512000 2000 2000 conform-action set-dscp-transmit 24
exceed-action policed-dscp-transmit
!
interface FastEthernet3/5
ip address 10.0.0.25 255.255.255.248
no ip redirects
no ip unreachables
ip route-cache flow
duplex full
no cdp enable
service-policy input FastEthernet3/5_in
!
ip access-list extended FastEthernet3/5_in
permit ip 10.0.0.24 0.0.0.7 any
!
!
!
At this point I realize that there is no cap implemented and traffic
above 512Kbps should just get marked down to DSCP 0. Where/how do I
implement the policing rule to drop packets at 1024Kbps? I've tried
adding another class-map to my policy-map to match DSCP 0 packets and
police it there, but I think that was incorrect and of course didn't
give me the results I needed.
Any help would be appreciated.
TIA!
-JC
More information about the cisco-nsp
mailing list