[c-nsp] Catalyst QoS Based on VLAN ID
Bob Sinclair
bob at bobsinclair.net
Sat Jul 7 18:41:53 EDT 2007
Skeeve Stevens wrote:
> I found a feature called 'Per Vlan Per Port Policing' which is on the
> latest
> two IOS's available for the 3560 and 3750 +G versions.
>
> In the 3550 it is simple with the 'match vlan x' option under the
> class-map... but even though the feature navigator says the 3560/3750
> can do
> it, that match vlan is not there, so it must be done another way... which
> I've yet to figure out yet, but would love it if someone could help me.
Skeeve,
Here is an example of a per-port, per-vlan police on a 3560. 3750
should be the same. You need to apply a hierarchical policy to the
interface vlan, and enable per-vlan qos on the physical port.
Enable qos and enable vlan-based qos on the trunk port:
mls qos
interface f0/13
mls qos vlan-based
Policy-map POLICE references the ICMP class and marks it precedence 1.
Then policy-map INT13 is applied. This child policy specifies the port
and the policy:
policy-map POLICE
class ICMP
set precedence 1
service-policy INT13
policy-map INT13
class INT13
police 1024000 8000 exceed-action drop
The parent policy is the applied to the interface vlan in question:
interface vlan 13
service-policy input POLICE
Here are the ACLs and Classes:
access-list 101 permit icmp any any
class-map match-all ICMP
match access-group 101
class-map match-all INT13
match input-interface FastEthernet0/13
Note that only the police command can be used in the child policy. The
parent policy must have the SET or the TRUST action.
-
Bob Sinclair CCIE 10427 CCSI 30427
www.netmasterclass.net
More information about the cisco-nsp
mailing list