Per Vlan Qos

Unanswered Question
Aug 3rd, 2007

Hi,

We have the requirment to rate limit our 1Gig Trunk port into Vlan-7 to 700M and Vlan-3 to 300M,We will use 3560/3750 switch ,and it will be purely L2, no routing.Please advice me best solution.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Pavel Bykov Fri, 08/03/2007 - 05:02

Depends if you want to apply it only on onle link or on whole network.

QoS is usually done end-to-end, but if you want it only on one link you can use by setting CoS on incoming ports, and then setting up srr-queues by assigning buffer percentages to the output queues.


Or you can use Policing with MQC. Either by VLAN or per port. Even in Layer 2 there is L3 inspection, so you can use access lists.


If you have VLAN1 with 10.1.1.0/24 and VLAN2 with 10.2.2.0/24, then you can use:

access-list 1 permit 10.1.1.1 0.0.0.255

access-list 2 permit 10.2.2.2 0.0.0.255

class-map match-any vl1

match access-group 1

class-map match-any vl2

match access-group 2

policy-map test

class vl1

police 700000000 20000000

class vl2

police 300000000 9000000

interface gi XX/XX/XX

service-policy input test



refer to this document for buffer management

http://www.cisco.com/en/US/customer/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00803a9b16.html

mohammedrafiq Fri, 08/03/2007 - 11:23

THANKS,

I will try it,trunk link is between 2 switches, can I do this on both ends?


Regards,

Pavel Bykov Fri, 08/03/2007 - 13:45

There are many ways to do it, but if you are going to use the example you would have toapply it on both sides. The example provided can only be used as INPUT service policy, so you need to apply same configuration on both ends, but with reverse ACL.

ACL provided in example only uses source address match. on the other end you need to write it for destination. As in:


access-list 111 permit ip any 10.1.1.1 0.0.0.255

access-list 112 permit ip any 10.2.2.2 0.0.0.255

class-map match-any vl1

match access-group 111

class-map match-any vl2

match access-group 112

policy-map test

class vl1

police 700000000 20000000

class vl2

police 300000000 9000000

interface fa 0/41

service-policy input test


Check to see if the packets match into your classes with

"show policy-map interface gigaXX/XX/XX" command (the trunk).


Also, you might have to adjust burst sizes, since I have included recommended burst size, which is POLICE_RATE/32. But it may have to be reduced, depending on the switch. You can use smaller bursts, like 1MB (1000000). It will be ok at that speed.

mohammedrafiq Mon, 08/06/2007 - 06:58

Hi,

I have applied the config on both side of trunk link, but can only see service policy command on one side, not other, is this normal or bug?.


------

NOT showing on this sw

CE#sh run int gi1/0/1

Building configuration...


Current configuration : 134 bytes

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed

vlan 1,2

switchport mode trunk

-------------------

showing on this sw.

Switch#sh run int gi1/0/1

Building configuration...


Current configuration : 161 bytes

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2

switchport mode trunk

service-policy input test <-----------

end

Actions

This Discussion