Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Apply QOS to vrf traffic?(Ethernet SubInts)

Unanswered Question
Jul 30th, 2006
User Badges:


I'm trying to apply "GOLD" QOS to vrf traffic that is terminated on eth subints, but class-map is not allowing me to match on subinterfaces:

class-map match-any GOLD

match mpls experimental topmost 5

match ip precedence 5

match input-interface fastEthernet 0/0 (Subints not allowed)

I also cannot match on access-group, as the traffic is within a vrf.

Should I be creating a seperate policy-map marking the traffic as GOLD, and then apply this as a "service-policy input" to each eth subint the vrf is associated with?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
thomas.chen Fri, 08/04/2006 - 05:36
User Badges:
  • Silver, 250 points or more

Yes,after creating the class map ,specify this class under the policy map and indicate the action.Afterwards,you can apply this policy to interface.

mheusinger Fri, 08/04/2006 - 06:59
User Badges:
  • Green, 3000 points or more


when you apply the service-policy to an interface you do NOT need to specify the interface in the class-map! Example:

class-map match-any VoIP

match ip precedence 5

match ip dscp ef

policy-map Marking

class VoIP

set mpls experimental imposition 5

interface FastEthernet0/0.100

ip address ...

encapsulation dot1q 100

service-policy input Marking

This will set MPLS exp bits on all traffic coming into F0/0.100 and being marked with either Prec 5 or DSCP EF.

Sidenote: using an ACL in class VoIP will also only match traffic on the interface, where the policy is applied. So overlapping customer addresses are not an issue.

Hope this helps! Please rate all posts.

Regards, Martin

johnelliot Fri, 08/04/2006 - 13:35
User Badges:

Thanks guys - I also assume we will need some form of admission control on every customer facing int(To ensure those not paying for "gold" class, can't classify there egress traffic as they see fit ;) )


Customers not buying any QoS, have a "set ip dscp 0" class-default

inbound policy-map.

mheusinger Sat, 08/05/2006 - 02:25
User Badges:
  • Green, 3000 points or more

Very true!

To my knowledge it is called precedence spoofing. This is f.e. why in all Cisco LAN switches all ports are defaulting to "untrusted" i.e. they rewrite cos/DSCP to 0.

You might also need a policer, which limits the customer, who bought "GOLD" to the speed purchased. Remark excess traffic to 0, but do not drop it, because then he might get the feeling that his "GOLD" traffic is treated worse (discards experienced) than best effort (possibly no discards if enough bandwidth).

Regards, Martin

mazlan484106 Tue, 08/29/2006 - 19:49
User Badges:


I cannot using hyper terminal to link between Router and my laptop,could someone help to this problem.


This Discussion