QoS on SVI interface

Unanswered Question
Jan 25th, 2009
User Badges:

Can you please verify that my configs are correct.

Class Map match-all cl-interface (id 5)

Match input-interface FastEthernet1/0/24

Class Map match-all cl-voice (id 2)

Match access-group 98

Policy Map pm-main

Class cl-voice

set dscp cs7

service-policy pm-voice

Policy Map pm-voice

Class cl-interface

police 50000000 500000 exceed-action policed-dscp-transmit

Standard IP access list 98

10 permit, wildcard bits

20 permit, wildcard bits

interface Vlan404

ip address

service-policy input pm-main

interface FastEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos vlan-based

Trying to create a hierarchical qos but it doesnt work:

sh policy-map interface vlan 404


Service-policy input: pm-main

Class-map: cl-voice (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 98

Service-policy : pm-voice

Class-map: cl-interface (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: input-interface FastEthernet1/0/24

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 01/26/2009 - 00:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Fuad,

I suppose this is a C3750 from the three fields format (interface f1/0/24)

your configuration looks like correct but have you enabled

mls qos

in global config ?

another note:

Before configuring a hierarchical policy map with individual policers on an SVI, you must enable VLAN-based QoS on the physical ports that belong to the SVI. Though a policy map is attached to the SVI, the individual policers only affect traffic on the physical ports specified in the secondary interface level of the hierarchical policy map.



you may need to remove and apply again the policy-map on the SVI if you have enabled mls qos vlan-based in a second time

Hope to help


fgasimzade Mon, 01/26/2009 - 00:39
User Badges:

Hello, Giuseppe

mls qos is globaly enabled.

mls qos vlan-based is enabled on the physical interface.

Still doesnt work

johnlloyd_13 Mon, 01/26/2009 - 01:42
User Badges:
  • Blue, 1500 points or more

your qos policy works or "kicks" in during congestion. you may want to capture show polic-map interface output during your production's busiest hours.

Giuseppe Larosa Mon, 01/26/2009 - 10:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

actually being a policer conforming packets should increment over time.


The question here can be the sequence of commands:

in the note I found in configuration guide says that

before the physical interface needs to be configured with

mls qos vlan-based

and then

the policer can be applied to the SVI.

another important point that can be verified with an ACL is if the supposed traffic matching the ACL really enters on the physical interface and VLAN.

access-list 98 provides a list of source addresses if the traffic to be policed has these addresses as destination an extended ACL has to be used instead

Hope to help


fgasimzade Mon, 01/26/2009 - 20:58
User Badges:


The sequence is correct. First I entered mls qos vlan-based command on the interface only after that applied the policer to the SVI

My biggest concern is with the access list as well. But the networks I specified in there are the source networks wich are to be "input" for that particular interface

Thank you for trying to help, I appreciate it. If you have any other ideas, please let me know.


This Discussion