Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3560 QoS / Policing


Currently we are enrolling Catalyst 3560 switches in our network to connect to our MPLS backbone. We've used Catalyst 3550 before and based on that platform we've developed a “standard” configuration we are using.

In this template we apply a “policy map out” on the interface to the backbone for real-time traffic. BW allocation is 50 30 10 10, priority queue out and policing 2Mb.

How can I do this on a 3560? By using wrr shaping I can allocate 2Mb to a queue but this queue will act different than the policing on a 3550 does. By configuring 'priority queue out' the full bandwidth will be consumed for real time traffic when bandwidth is needed … How can this be solved?

Super Bronze

Re: 3560 QoS / Policing

You could police the real-time traffic upon ingress. Although you should be able to match ingress real-time traffic going to your MPLS backbone, if there are multiple ingress ports, unclear (to me) whether you can easily define an overall cap of 2 Mbps without defining individual ingress interface real-time police caps.

New Member

Re: 3560 QoS / Policing

I'm not sure ingress policing is the answer. I've been thinking about it, but on an ingress interface we're marking. Depending of the kind of traffic, the packet gets an dscp value. For all dscp "ef" values, I wanted to police on egress. I can't see how I can solve this on ingress interface ...

Re: 3560 QoS / Policing

I looked into this a while ago and hit the same wall as you have. The 3560/3750 series are good switches but there seems to be a few features that were in the 3550 that haven't been implemented in them.

You would need to deploy a 'real' router at the handoff point to implement egress policing. You could also look at the Metro Ethernet switches (ME3400?) as these have the ability to apply policers on egress.



Super Bronze

Re: 3560 QoS / Policing

I agree that I too am unsure ingress policing is the answer, not though due to identification, which I think can be done via a class map identifing both VoIP and destination off the LAN, but due to there might a limitation to number of ports if working with a SVI two level policer and/or policing at the intended aggregate outbound level.

I agree with Andrew, the 3560/3750 LAN switches fall IOS feature short in some aspects. A sure solution, as Andrew also notes would be a more suitable device between the LAN and WAN, such as perhaps an ISR or Metro Switch. Another possible device might be a very small 2960 (e.g. 8 port). As long as there's only one ingress to egress port, believe its inbound ingress policer would work.