Policy map specifies which traffic class to act on. Actions can include trusting the CoS or DSCP values in the traffic class; setting a specific DSCP value in the traffic class; and specifying the traffic bandwidth limitations for each matched traffic class (policer) and the action to take when the traffic is out of profile (marking).
A separate policy-map class can exist for each type of traffic received through an interface. You can attach only one policy map per interface in the input direction.
Summary steps for the configuration
1. enable
2. configure terminal
3. access-list access-list-number {deny | permit | remark} {source source-wildcard | host source | any}
or
access-list access-list-number {deny | permit | remark} protocol {source source-wildcard | host source | any} [operator-port] {destination destination-wildcard | host destination | any} [operator-port]
4. policy-map policy-map-name
5. class class-map-name [access-group acl-index-or-name]
6. police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action {drop | dscp dscp-value}]
7. exit
8. interface {ethernet | fastethernet | gigabitethernet} slot/port
9. service-policy input policy-map-name
10. exit
11. show policy-map policy-map-name class class-name