cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1065
Views
0
Helpful
14
Replies

Bandwidth Policies based on VLAN's

remco.gussen
Level 1
Level 1

Hi

Is it possible to create bandwidth policies based on VLAN ID ? What I try to figure out is to police the data send over an ethernet trunk. Voice needs to get 30% of the available bandwidth and the rest is for data. This must be configured on a Dot1q trunk connection..

Regards

Remci

14 Replies 14

satish_zanjurne
Level 4
Level 4

I am not but ,access Lists does not match VLAN ID.

Instead you can match the IP Address/Subnet,DSCP,CoS in class-map.

1.Define access-list matching your vlan IP addresses

2.Define class-map to match access-list or CoS,DSCP.

3.Define policy-map , to either allocate the bandwidth

HTH..rate if helpful..

Do you have to connect the service policy to the layer 2 switch interface ? The connection between the two sites are not routed. It is a 100 Mb/s. layer 2 (trunked) connection....

Marwan ALshawi
VIP Alumni
VIP Alumni

the following link is a case for bandwidth limitation based one VLANs i have addressed

might help u :

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&topicID=.ee71a04&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc1eb66/2#selected_message

u may make the policy on the output direction or inputdirection on the other end of the trunk

if helpful Rate

I don't think this is going to work.. The interfaces are in layer 2 mode. So they don't care about ip addresses.. Maybe it is possible to make a match based on VLAN ID ??

what switch model u use?

2950, and above even the port operate in L2 the switch has the L3/L4 intelegance

thuse u can make matching based on source IP or IP and port

A ring network with 60 ME 3400 switches and two 3750 switches in a stack...

Outbound policies are not possible on those switches ?

make the policy inbound on the other end of the trunk

I think that you have to make the two Gigabit interfaces per ME3400 switch in the ring a "inbound" policy interface. Data can traverse the ring in two ways: To the left and to the right... Is it also possible to use the Match VLAN match command ?

you cannot use policing in SVI-level policy map. This eliminates the possibility of having policer aggregating traffic rates for all ports in a single VLAN. However, you can still police per-port per-VLAN in the 3560 using the following feature.

Per-Port Per-VLAN Policing in the 3560

This feature uses second-level policy-maps. The second-level policy-map must list class-maps satisfying specific restrictions. The only “match” criterion supported in those class-maps is match input-interface. You can list several interfaces separated by spaces, or use interface ranges, separating interfaces in a range by hyphen. The only action supported in the second-level policy-map is the police command. As usual, you can drop exceeding traffic or configure traffic remarking using policed DSCP map. The police action applies individually to every port in the range.

You cannot use aggregate policers in the second-level policy-maps. Another restriction - if you apply a second-level policy-map (interface-level map) inside “class-default” it will have no effect. You need to apply the second-level policy-map inside user-defined classes.

The following example restricts IP traffic rate in VLAN146 on every trunk port to 128Kbps and limits the IP traffic in VLAN146 on the port connected to R6 to 256Kbps.

Example 6:

mls qos map policed-dscp 18 to 8

!

! For 2nd level policy you can only match input interfaces

!

class-map TRUNKS

match input-interface FastEthernet 0/13 - FastEthernet 0/21

!

! The second class-map matches a group of ports or a single port

!

class-map PORT_TO_R6

match input-interface FastEthernet 0/6

!

! IP traffic: ACL and class-map

!

ip access-list extended IP_ANY

permit ip any any

!

class-map IP_ANY

match access-group name IP_ANY

!

! Second-level policy-map may only police, but not mark

!

policy-map INTERFACE_POLICY

class TRUNKS

police 128000 16000 exceed policed-dscp-transmit

class PORT_TO_R6

police 256000 32000

!

! 1st level policy-map may only mark, not police

! VAN aggregate policing is not possible in the 3560

!

policy-map VLAN_POLICY

class IP_ANY

set dscp af21

service-policy INTERFACE_POLICY

!

interface Vlan 146

service-policy input VLAN_POLICY

!

! Enable VLAN-based QoS on the ports

!

interface FastEthernet 0/6

mls qos vlan-based

!

! Enable VLAN-based QoS

!

interface range FastEthernet 0/13 - 21

mls qos vlan-based

u can use the above idea and make each class as a VLAN network

if helpful Rate

What about this:

qos aggregate-policer aggr_vlan10 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan20 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan30 250000000 conform-action transmit exceed-action drop

qos aggregate-policer aggr_vlan40 250000000 conform-action transmit exceed-action drop

policy-map Shape_VLAN10

class class-default

police aggregate aggr_vlan10

policy-map Shape_VLAN20

class class-default

police aggregate aggr_vlan20

policy-map Shape_VLAN30

class class-default

police aggregate aggr_vlan30

policy-map Shape_VLAN40

class class-default

police aggregate aggr_vlan40

Interface Gi0/1

switchport trung encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 10,20,30,40,100,200

vlan range 10

service-policy output Shape_VLAN10

vlan range 20

service-policy output Shape_VLAN20

vlan range 30

service-policy output Shape_VLAN30

vlan range 40

service-policy output Shape_VLAN40

did u try it on ur 3570 ?

Nope. Neither on a ME 3400

hmm when u try it let me know about the result

good luck

Give this a shot on the ME3400, it seems to work for me.

ME3400 pppv policng

class-map match-any Police10Mb-VLAN

match vlan 2180

class-map match-any Police20Mb-VLAN

match vlan 2123

policy-map 10mb-child-vlan

class class-default

police 11000000

exceed-action drop

policy-map 20mb-child-vlan

class class-default

police 20480000

exceed-action drop

policy-map parent-Trunkport

class police-10Mb-vlan

service-policy 10mb-child-vlan

class Police20Mb-VLAN

service-policy 20mb-child-vlan

interface GigabitEthernet0/15

description Trunk_link

port-type nni

switchport trunk allowed vlan 514,2180,2123

switchport mode trunk

service-policy input parent-Trunkport

load-interval 30

media-type sfp

speed nonegotiate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco