[c-nsp] DSCP markdown with policing / Cat6000 SUP2/MSFC2 native IOS

JC Hall jc.hall at cybertrails.net
Thu Feb 3 11:08:26 EST 2005


Hello list, I need some help configuring some policing rules on my 6500
switch with DSCP markdown.  

Here is the scenario:

I set the DSCP on customer inbound traffic to 8, 16 or 24 depending on a
subscribed service level.  Inbound traffic is permitted to burst up to a
certain cap above a subscription rate.  However, for all bursty traffic,
I want to mark down the DSCP and apply a policing rule to limit the
overall throughput to a certain speed.

For example:
Subscription rate = 512Kbps
In-profile DSCP = 24
Out-of-profile DSCP = 0
Overall cap = 1024Kbps

This is my configuration thus far without implying the cap because I
haven't yet figured out how to make it work.

!
!
!
mls qos map policed-dscp normal-burst 8 16 24 to 0
mls qos map policed-dscp max-burst 8 16 24 to 0
!
class-map match-any FastEthernet3/5_in
  match access-group name FastEthernet3/5_in
!
policy-map FastEthernet3/5_in
  class FastEthernet3/5_in
     police 512000 2000 2000 conform-action set-dscp-transmit 24
exceed-action policed-dscp-transmit
!
interface FastEthernet3/5
 ip address 10.0.0.25 255.255.255.248
 no ip redirects
 no ip unreachables
 ip route-cache flow
 duplex full
 no cdp enable
 service-policy input FastEthernet3/5_in
!
ip access-list extended FastEthernet3/5_in
 permit ip 10.0.0.24 0.0.0.7 any
!
!
!

At this point I realize that there is no cap implemented and traffic
above 512Kbps should just get marked down to DSCP 0.  Where/how do I
implement the policing rule to drop packets at 1024Kbps?  I've tried
adding another class-map to my policy-map to match DSCP 0 packets and
police it there, but I think that was incorrect and of course didn't
give me the results I needed.

Any help would be appreciated.

TIA!

-JC 




More information about the cisco-nsp mailing list