09-30-2008 05:13 AM - last edited on 03-25-2019 04:03 PM by ciscomoderator
Hi
Is it possible to create bandwidth policies based on VLAN ID ? What I try to figure out is to police the data send over an ethernet trunk. Voice needs to get 30% of the available bandwidth and the rest is for data. This must be configured on a Dot1q trunk connection..
Regards
Remci
09-30-2008 05:39 AM
I am not but ,access Lists does not match VLAN ID.
Instead you can match the IP Address/Subnet,DSCP,CoS in class-map.
1.Define access-list matching your vlan IP addresses
2.Define class-map to match access-list or CoS,DSCP.
3.Define policy-map , to either allocate the bandwidth
HTH..rate if helpful..
09-30-2008 05:43 AM
Do you have to connect the service policy to the layer 2 switch interface ? The connection between the two sites are not routed. It is a 100 Mb/s. layer 2 (trunked) connection....
09-30-2008 06:23 AM
the following link is a case for bandwidth limitation based one VLANs i have addressed
might help u :
u may make the policy on the output direction or inputdirection on the other end of the trunk
if helpful Rate
09-30-2008 11:11 PM
I don't think this is going to work.. The interfaces are in layer 2 mode. So they don't care about ip addresses.. Maybe it is possible to make a match based on VLAN ID ??
10-01-2008 01:13 AM
what switch model u use?
2950, and above even the port operate in L2 the switch has the L3/L4 intelegance
thuse u can make matching based on source IP or IP and port
10-01-2008 01:18 AM
A ring network with 60 ME 3400 switches and two 3750 switches in a stack...
Outbound policies are not possible on those switches ?
10-01-2008 01:20 AM
make the policy inbound on the other end of the trunk
10-01-2008 01:25 AM
I think that you have to make the two Gigabit interfaces per ME3400 switch in the ring a "inbound" policy interface. Data can traverse the ring in two ways: To the left and to the right... Is it also possible to use the Match VLAN
10-01-2008 02:23 AM
you cannot use policing in SVI-level policy map. This eliminates the possibility of having policer aggregating traffic rates for all ports in a single VLAN. However, you can still police per-port per-VLAN in the 3560 using the following feature.
Per-Port Per-VLAN Policing in the 3560
This feature uses second-level policy-maps. The second-level policy-map must list class-maps satisfying specific restrictions. The only âmatchâ criterion supported in those class-maps is match input-interface. You can list several interfaces separated by spaces, or use interface ranges, separating interfaces in a range by hyphen. The only action supported in the second-level policy-map is the police command. As usual, you can drop exceeding traffic or configure traffic remarking using policed DSCP map. The police action applies individually to every port in the range.
You cannot use aggregate policers in the second-level policy-maps. Another restriction - if you apply a second-level policy-map (interface-level map) inside âclass-defaultâ it will have no effect. You need to apply the second-level policy-map inside user-defined classes.
The following example restricts IP traffic rate in VLAN146 on every trunk port to 128Kbps and limits the IP traffic in VLAN146 on the port connected to R6 to 256Kbps.
Example 6:
mls qos map policed-dscp 18 to 8
!
! For 2nd level policy you can only match input interfaces
!
class-map TRUNKS
match input-interface FastEthernet 0/13 - FastEthernet 0/21
!
! The second class-map matches a group of ports or a single port
!
class-map PORT_TO_R6
match input-interface FastEthernet 0/6
!
! IP traffic: ACL and class-map
!
ip access-list extended IP_ANY
permit ip any any
!
class-map IP_ANY
match access-group name IP_ANY
!
! Second-level policy-map may only police, but not mark
!
policy-map INTERFACE_POLICY
class TRUNKS
police 128000 16000 exceed policed-dscp-transmit
class PORT_TO_R6
police 256000 32000
!
! 1st level policy-map may only mark, not police
! VAN aggregate policing is not possible in the 3560
!
policy-map VLAN_POLICY
class IP_ANY
set dscp af21
service-policy INTERFACE_POLICY
!
interface Vlan 146
service-policy input VLAN_POLICY
!
! Enable VLAN-based QoS on the ports
!
interface FastEthernet 0/6
mls qos vlan-based
!
! Enable VLAN-based QoS
!
interface range FastEthernet 0/13 - 21
mls qos vlan-based
u can use the above idea and make each class as a VLAN network
if helpful Rate
10-01-2008 02:43 AM
What about this:
qos aggregate-policer aggr_vlan10 250000000 conform-action transmit exceed-action drop
qos aggregate-policer aggr_vlan20 250000000 conform-action transmit exceed-action drop
qos aggregate-policer aggr_vlan30 250000000 conform-action transmit exceed-action drop
qos aggregate-policer aggr_vlan40 250000000 conform-action transmit exceed-action drop
policy-map Shape_VLAN10
class class-default
police aggregate aggr_vlan10
policy-map Shape_VLAN20
class class-default
police aggregate aggr_vlan20
policy-map Shape_VLAN30
class class-default
police aggregate aggr_vlan30
policy-map Shape_VLAN40
class class-default
police aggregate aggr_vlan40
Interface Gi0/1
switchport trung encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20,30,40,100,200
vlan range 10
service-policy output Shape_VLAN10
vlan range 20
service-policy output Shape_VLAN20
vlan range 30
service-policy output Shape_VLAN30
vlan range 40
service-policy output Shape_VLAN40
10-01-2008 03:00 AM
did u try it on ur 3570 ?
10-01-2008 03:04 AM
Nope. Neither on a ME 3400
10-01-2008 03:08 AM
hmm when u try it let me know about the result
good luck
11-24-2008 05:01 PM
Give this a shot on the ME3400, it seems to work for me.
ME3400 pppv policng
class-map match-any Police10Mb-VLAN
match vlan 2180
class-map match-any Police20Mb-VLAN
match vlan 2123
policy-map 10mb-child-vlan
class class-default
police 11000000
exceed-action drop
policy-map 20mb-child-vlan
class class-default
police 20480000
exceed-action drop
policy-map parent-Trunkport
class police-10Mb-vlan
service-policy 10mb-child-vlan
class Police20Mb-VLAN
service-policy 20mb-child-vlan
interface GigabitEthernet0/15
description Trunk_link
port-type nni
switchport trunk allowed vlan 514,2180,2123
switchport mode trunk
service-policy input parent-Trunkport
load-interval 30
media-type sfp
speed nonegotiate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: