From: Reza Toghraee (reza@toghraee.com)
Date: Sun Oct 19 2008 - 05:24:51 ARST
Mark,
You can not apply the policy outbound (for example policing or
classification). 3550, 3560 only support inbound.
For outbound you must use WRR or 3550 and SRR on 3560. Also 3560 has 2
inbound queues which you can use them for priorities input packets.
Let me paste some of my examples:
GAME2 : Egress Queues, Shape , Share on 3560
----------------------------------------------------
R2 is connected to port F0/2 of SW2 (3560)
we will define some mappings based on incoming packets from SW3
mls qos srr-queue output cos-map queue 1 threshold 1 1 2 3 4 6
mls qos srr-queue output cos-map queue 4 threshold 1 0
!
interface FastEthernet0/2
switchport access vlan 200
switchport mode dynamic desirable
speed 10
srr-queue bandwidth share 50 20 20 10
srr-queue bandwidth shape 0 0 0 10
srr-queue bandwidth limit 10
mls qos trust ip-precedence
!
GAME3 : Ingress Queues, Unique feature on 3560
----------------------------------------------------
2 ingress queues on every port.
one of them can be priority queue. default is #2
only shared mode
wights are globaly defined ( !Egress Queus)
mls qos srr-queue input bandwidth 35 65
mls qos srr-queue input threshold 1 60 80
mls qos srr-queue input priority-queue 2 bandwidth 0
GAME4 : POLICING on 3560 and 3550 is Only INBOUND
----------------------------------------------------
mls qos map policed-dscp 0 2 4 8 22 28 to 20
mls qos map policed-dscp 30 32 34 36 38 to 46
mls qos aggregate-policer AGGREGATE_POLICER 256000 8000 exceed-action
policed-dscp-transmit
policy-map INBOUND_POLICY
class R3
police 128000 8000 exceed-action drop
class class-default
police aggregate AGGREGATE_POLICER
int f0/3
service-policy input INBOUND_POLICY
For SVI (only on 3560)
you can NOT use Aggregate police on SVI
you can NOT use policing on Parent POLICY_MAP
policy-map OUTER
class class-default
service-policy SVI_POLICY
policy-map SVI_POLICY
class class-default
police 256000 8000 exceed-action drop
interface Vlan100
ip address 100.0.0.8 255.255.255.0
service-policy input SVI_POLICY
----------------------------------------------------
NOTE on IMPORTANT on CATALYST Class-MAPS
----------------------------------------------------
IMPORTANT , Each Class-MAP MUST have 1 entry !!!!!!
class-map match-any EF_AND_CS5
match ip dscp ef
match ip dscm cs5
WILL NOT WORK!!!
Use This one :
class-map match-any EF_AND_CS5
match ip dscp ef cs5
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Mark
Stephanus Chandra
Sent: Sunday, October 19, 2008 6:33 AM
To: ccielab@groupstudy.com
Cc: kynnor@gmail.com
Subject: Service Policy output in switchport access port
Dear Friends,
I just tried to input service policy command on interface fa0/1 in my
switch.
I wonder I cannot input service policy output, the command is rejected, but
the command accepted when I use service-policy input.
Anybody know why ?
interface FastEthernet0/1
switchport access vlan 1111
switchport mode access
switchport protected
switchport block multicast
service-policy input ron
end
Rack3SW1(config-if)#service-policy output ron
police command is not supported for this interface
Configuration failed!
Warning: Assigning a policy map to the output side of an interface not
supported
Regards
Mark Stephanus Chandra
IT Consultant
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:21 ARST