QoS on MSFC VLAN Interface

Unanswered Question
Jun 16th, 2009

Hi All,

Any help would be greatly appreciated.

I am trying to apply some QoS setting s on VLAN interface on MSFC (Hybrid 6509). Here is the config:

class-map match-any VoiceClass

description voice traffic

match access-group 140

match ip dscp 46

class-map match-any Business1Class

description video

match access-group 141

match ip dscp 26

class-map match-any Business2Class

description business apps

match access-group 142

match ip dscp 18

class-map match-any Business3Class

description not FT traffic

match access-group 143

policy-map LondonPolicy

description QoS Policy for London

class VoiceClass

priority percent 5

set ip dscp 46

class Business1Class

priority percent 10

set ip dscp 26

class Business2Class

priority percent 15

set ip dscp 18

class Business3Class

priority percent 45

class class-default


policy-map LondonPolicyParent

description shaping for Virtual interface

class class-default

shape average 100000000 400000 400000

service-policy LondonPolicy

access-list 140 permit ip host a.b.c.d host a.b.c.d

access-list 140 permit ip host a.b.c.d host a.b.c.d

access-list 141 permit ip host a.b.c.d host a.b.c.d

access-list 141 permit ip host a.b.c.d host a.b.c.d

access-list 142 permit tcp any any eq XXX

access-list 142 permit tcp any any eq YYY

access-list 142 permit tcp any any eq 8000

access-list 143 deny ip any host a.b.c.d

access-list 143 deny ip any host a.b.c.d

access-list 143 deny tcp any any eq XXX

access-list 143 deny tcp any any eq YYY

To apply the policy I use following command:

interface VLAN 507

service-policy output LondonPolicyParent

However, when I apply this to VLAN interface I do not see any error, but policy is simply not accepted. Command "show policy-map interface vlan 507" does not return anything.

I previously had similar QoS policy, but without shaper (parent) and without percent statements, used just to mark packets. However I need to enforce QoS as we are experiencing occasional high utilisation due to file transfer (FT) apps. I can apply “LondonPolicy”, without shaper (parent), but I need a shaper. There is a single 100Meg port in this VLAN connected to LAN Extension circuit so I want to throttle traffic at 100Meg and introduce some QoS.

Any idea why this does not work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Edison Ortiz Tue, 06/16/2009 - 09:42

Shaping isn't supported on regular line cards in the 6500.

You need a FlexWAN or SIP/SPA module for extensive QoS support.

You are only allowed to trust/mark or police packets.




sasaadamovic Wed, 06/17/2009 - 01:31

Hi Edison.

Thanks for you update.

Can you please, clarify something for me. When you say "You are only allowed to trust/mark or police packets." do tou mean that shaping is not allowed or that no enforcmen of policy would work even if we remove shaper (parenth) policy and rewrite policy to be based on 1Gb interface bw?



Edison Ortiz Wed, 06/17/2009 - 04:38


I meant Shaping is not a supported feature on 6500 line cards as they don't have enough hardware buffers to delay the traffic. A dedicated WAN module such as FlexWAN or SIP/SPA would provide such services and that's the reason that command is available in the 6500 CLI.

I highly recommend to start reading the 6500 QoS at the following URL:


It will help you understand the requirements and caveats on the configuration.

Since you are using Hybrid, you need to understand the CatOS portion as well. The following URL provides the needed information:


You also mentioned you are working with TAC. I suggest you continue doing so and please follow their guidelines.




sasaadamovic Wed, 06/17/2009 - 05:29

Hi Edison,

Thanks for your help.

Will read the documents you suggested.



Joseph W. Doherty Tue, 06/16/2009 - 16:24

You're going to have a 100 Mbps Ethernet port but you need to shape at 100 Mbps?

As Edison notes, 6500 "LAN" ports are often QoS feature limited. Besides his suggestion to use a 6500 "WAN" card, you might also consider placing another device in-line to provide additional outbound QoS. For example, the 8 port 2960 switch offers 4 FIFO queues per port and supports port bandwidth "shaping".

sasaadamovic Wed, 06/17/2009 - 01:45

Thanks James,

Unfortunately, this solution with additional switch would not help me. We have 6509 with 100Mb ports connected to LAN extension cirtcuit (behaves as 100Mb Ethernet) to remote office and we see packet drops when that 6509 port is overutilised, which is going to happen even with QoS implemented on down stream switch. Actually, thinking about this, solution would be to put inline switch, but connected to 6509 with Gyg port and inforce policy on 100 Mb port connected to LES circuit.

Thanks for suggestion,


Joseph W. Doherty Wed, 06/17/2009 - 03:08

Yes, you're correct, but that's why I questioned why you need shaping if you have a 100 Mbps port working with a 100 Mbps LES. In that sitution, you shouldn't need to shape, just use the hardware queues supported by the 6500 LAN port.

If you did need to shape, such as your example gig to 100 Mbps, or 100 Mbps to some fraction of 100 Mbps, that's where the inline switch could be of benefit.

Regardless of bandwidth, if a circuit is oversubscribed, it's quite normal some packets will be dropped. With QoS, you can prioritize some traffic so it's not delayed by the overall link congestion and/or better manage what packets are dropped.

sasaadamovic Wed, 06/17/2009 - 03:33

Thanks Joseph,

How do I configure hardware queues on 6509, when my priorities are based on either destination IP address or destination TCP/UDP ports and 6509 switch is running CatOS and cirrect me if I am wrong, can not deal with traffic above layer 2. Do you suggest that I should upgrade my hybrade (atOS on the switch and IOS on MSFC) to native IOS and then deal with it that way.

Thanks for any updates.



Joseph W. Doherty Wed, 06/17/2009 - 03:53

Sasa, good question.

I haven't worked with a 6500 running hybrid mode in several years. Even with native mode, I rarely work with 6500 LAN QoS, since on the LAN, often avoid the need for QoS, instead provide sufficient bandwidth.

I'm pressed for time at the moment, so I'm unable to dig into the 6500 QoS docs, but would expect there may be some way to use or mark DSCP or CoS upon 6500 ingress, and have egress DSCP or CoS markings map to hardware queues. Your multiple hardware queues might also need to be configured (e.g. bandwidth allocations, drop limits).

If you're still have difficulty, and no one else is able to help, I should have time this evening to examine the docs.

sasaadamovic Wed, 06/17/2009 - 04:03

Hi Joseph,

Thanks for your help. It is very nice of you to offer this, but it would be to much of me to ask you to spend your time digging configurations and examples for me. I would press our cisco support to help with this (I already have a ticekt open).

However, I would appreciate if yu can quickly clarify if I correctly understood what you are saying.

My understanding of your suggestion is that I should:

1) mark packets on my MSFC

2) Configure switch to trust this marking

3) On the switch translate dscp in CoS marking

4) Configure switch to enforce QoS on specific port based on that marking by maping CoS to specific queues on port.

Just short explenation/clarification on this would be great help.



Joseph W. Doherty Wed, 06/17/2009 - 15:45

Sasa, yes that's mostly what I had in mind. Your running in hybrid mode, might impact the situation.

Also, you might not need to map down to CoS markings. L3 switches often seem to be able to understand the DSCP markings. But, without checking docs, I'm unsure this is so on the 6500.

sasaadamovic Thu, 06/18/2009 - 05:50

Thanks Joseph,

I do understand what are my options.

I will follow this up with our cisco support and also will study the documentation.



Joseph W. Doherty Thu, 06/18/2009 - 06:32

Sasa, well without digging into the documentation, and knowing your exact hardware and IOS (and CATOS), unsure what your options really are. However, again, I'm assuming you should be able to classify (somehow) traffic upon 6500 ingress, and based on this classification, direct traffic to the egress interface queues. I would expect hybrid mode might be a bit more complex to configure, although generally it's feature comparable with native mode. I don't expect, without using a "WAN" type card, that you'll be able to easily configure what you want using MQC.


This Discussion