01-25-2009 11:42 PM - edited 03-06-2019 03:39 AM
Can you please verify that my configs are correct.
Class Map match-all cl-interface (id 5)
Match input-interface FastEthernet1/0/24
Class Map match-all cl-voice (id 2)
Match access-group 98
Policy Map pm-main
Class cl-voice
set dscp cs7
service-policy pm-voice
Policy Map pm-voice
Class cl-interface
police 50000000 500000 exceed-action policed-dscp-transmit
Standard IP access list 98
10 permit 192.168.16.0, wildcard bits 0.0.1.255
20 permit 192.168.18.0, wildcard bits 0.0.1.255
interface Vlan404
ip address 10.40.50.14 255.255.255.252
service-policy input pm-main
interface FastEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
Trying to create a hierarchical qos but it doesnt work:
sh policy-map interface vlan 404
Vlan404
Service-policy input: pm-main
Class-map: cl-voice (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 98
Service-policy : pm-voice
Class-map: cl-interface (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: input-interface FastEthernet1/0/24
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
01-26-2009 12:29 AM
Hello Fuad,
I suppose this is a C3750 from the three fields format (interface f1/0/24)
your configuration looks like correct but have you enabled
mls qos
in global config ?
another note:
Before configuring a hierarchical policy map with individual policers on an SVI, you must enable VLAN-based QoS on the physical ports that belong to the SVI. Though a policy map is attached to the SVI, the individual policers only affect traffic on the physical ports specified in the secondary interface level of the hierarchical policy map.
see
you may need to remove and apply again the policy-map on the SVI if you have enabled mls qos vlan-based in a second time
Hope to help
Giuseppe
01-26-2009 12:39 AM
Hello, Giuseppe
mls qos is globaly enabled.
mls qos vlan-based is enabled on the physical interface.
Still doesnt work
01-26-2009 01:42 AM
your qos policy works or "kicks" in during congestion. you may want to capture show polic-map interface output during your production's busiest hours.
01-26-2009 10:13 AM
Hello John,
actually being a policer conforming packets should increment over time.
Fuad:
The question here can be the sequence of commands:
in the note I found in configuration guide says that
before the physical interface needs to be configured with
mls qos vlan-based
and then
the policer can be applied to the SVI.
another important point that can be verified with an ACL is if the supposed traffic matching the ACL really enters on the physical interface and VLAN.
access-list 98 provides a list of source addresses if the traffic to be policed has these addresses as destination an extended ACL has to be used instead
Hope to help
Giuseppe
01-26-2009 08:58 PM
Giuseppe,
The sequence is correct. First I entered mls qos vlan-based command on the interface only after that applied the policer to the SVI
My biggest concern is with the access list as well. But the networks I specified in there are the source networks wich are to be "input" for that particular interface
Thank you for trying to help, I appreciate it. If you have any other ideas, please let me know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: