[c-nsp] Catalyst QoS Based on VLAN ID

Daniel Hooper dhooper at emerge.net.au
Thu Jul 5 23:03:26 EDT 2007 

Hi,

I'm up against the same issue's with a network built on 3550's and
2950's.

I have not been able to find a way to rate-limit / police individual
VLAN's on a dot1q trunk port. Instead we've broken out the vlan's onto
access ports and have 1 physical port for each link between sites.
Policing on these ports. 

One thought that comes to mind is using a mac-address ACL in the class
map's.

mls qos
!
mac access-list extended Cust_A
 permit any any (replace with Cust_a's mac)
!
class-map match-all Cust_A
  match access-group name Cust_A
!
policy-map 2MBIT_PORT
  class Cust_A
    police 2048000 512000 exceed-action drop
!
Interface Fas 0/6
Service-policy input 2MBIT_PORT
!

Not even sure if this will work !

-Dan



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Curtis Doty
Sent: Friday, 6 July 2007 10:44 AM
To: Cisco NSP
Subject: Re: [c-nsp] Catalyst QoS Based on VLAN ID

11:40pm Kurt Bales said:

> I have "inherited" a network design that involves a series of Switches
in
> effectivly this design:
>
>                         [7200-BGP]
>                            ||
> [Cust_A] == Trunk == [My 3560_A] == Trunk== [My 3500XL_B] == Trunk ==
> [Cust_B]
>                            ||                     ||
>                           Trunk                  Trunk
>                            ||                     ||
>                          [Cust_C]               [Cust_D]
>
> This design was to create a layer 2 network between a group of
mutually
> assocaited Customer peers, so that Cust A could have a VLAN trunked
from his
> trunk all the way through to Cust_B (after I set up the appropriate
VLAN
> trunk allows on my equipment of course). As well as each having an
VLAN for
> L3 interconnect to my 7200 for BGP peering between all peers.
>
> I am in a position now where I am required to rate limit certain
VLAN's down
> to set limits. Say VLAN 601 (Cust_A <-> Cust_C) is only to be 5mb, but
VLAN
> 602 (CustA_ <-> Cust_B) to be 3mb. Obviously, I cannot apply QoS on
the
> physical port that Cust_A connects to, because each VLAN requires a
> different speed. There are no SVI's on either switch for those vlans,
so I
> cannot apply the QoS there either.
>
> Is there any way to do rate limiting or policing based on VLAN id on
the
> equipment I have? I understand that the ME3750 can do "Hierarchical
Queuing
> Framework", where I can do "Logical QoS" but I currently a) have none
of
> this kit, and b) most likely cannot afford to use it either.
>
> Does anybody see any options to achieve this outcome?

This sorta sounds like what Skeeve was just asking about. The CCO bible 
says you have to make each switchport use vlan-based QoS. Then put your 
service-policy on the SVI.

If you aren't running an L3 address on that SVI, then I have no idea
what 
happens. Would love to learn too...before I have to set this up in the 
lab...soon.

../C

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list