Thanks Bryan, Petr,
VLAN 120 is at L2 in both switches, so let me know what do you think about
this :
1) Enable VLAN based QoS on all ingress links that may potentially carry VLAN
120
#
mls qos
!
interface FastEthernet 0/13
mls qos vlan-based
switchport mode access
switchport access vlan 120
!
interface FastEthernet 0/15
mls qos vlan-based
switchport mode access
switchport access vlan 120
2) Attach a service policy that marks all ingress packets with DSCP value of
16 to VLAN120's Interfaz
#
! All IP Traffic
!
ip access-list extended IP_ACL
permit ip any any
!
class-map IP_TRAFFIC
match access-group name IP_ACL
!
! Mark IP traffic with DSCP 16
!
policy-map VLAN120_MARK
class IP_TRAFFIC
set dscp 16
!
interface FastEthernet 0/13
mls qos vlan-based
switchport mode access
switchport access vlan 120
service-policy input VLAN120_MARK
!
interface FastEthernet 0/15
mls qos vlan-based
switchport mode access
switchport access vlan 120
service-policy input VLAN120_MARK
3) Configure the port trunk to limit packets that has DSCP = 16 to 150Mbps.
(config-pmap)#do sh run | be class-map
class-map match-any VLAN120_CLASS
match ip dscp 16
!
policy-map VLAN120_POL
class VLAN120_CLASS
police 150000000 187500 exceed-action drop
!
interface FastEthernet 0/16
mls qos vlan-based
switchport mode trunk
switchport trunk allowed vlan 100,120
service-policy input VLAN120_POL
Let me know what do you think, ?
Regards
----- Original Message -----
From: Bryan Bartik
To: Edouard Zorrilla
Cc: ccielab_at_groupstudy.com
Sent: Tuesday, December 29, 2009 11:20 PM
Subject: Re: Two switches in truking 802.1q with QoS
Hi, Edouard,
I am not sure how to do this outbound, but inbound can be done using a
hierarchical policy. The following example matches the trunk interface and
limits it to 150m.
mls qos
access-list 100 permit ip any any
class-map match-all IP
match access-group 100
! this is the input trunk interface
class-map match-all TRUNK
match input-interface g0/1
! this the child policy
policy-map VLAN120-POLICER
class TRUNK
police 150m 187500 exceed-action drop
! this is the parent policy with child nested below
policy-map VLAN120-PARENT
class IP
trust
service-policy VLAN120-POLICER
interface g0/1
mls qos vlan-based
interface Vlan120
no ip address
service-policy input VLAN120-PARENT
You could also use similar policies for the access ports, policing them
individually or as a range I believe. It would be nice if you could use an
aggregate police action in a class that matches all access ports but it is not
supported (in the IOS I tried).
Perhaps someone knows a better way to do outbound policing if possible..
On Tue, Dec 29, 2009 at 8:03 PM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe>
wrote:
Hello,
I have two switches 3560 in trunk 802.1q with 1000Mbps (1GEth.), there I
have
many vlans, one of them is vlan120.
SWA ------------[802.1q at 1000Mbps]-------------------------SWB
Do any one know how can I set up QoS there so that I limit the bandwith
for
vlan120 to 150Mbps ?. What I want is that vlan120 just go up to 150Mbps
instead of taking all traffic in the trunk link (1000Mbps.) = Limit the
amount
of traffic entering the SW and limiting the amount of traffic leaving the
SW
at the same time.
I am reading this configurations guide :
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/releas
e/12
2_52_se/configuration/guide/swqos.html
But I do not figure out yet how can I acomplish it,
Any help will be appreciated.
Best Regards
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
--
Bryan Bartik
CCIE #23707 (R&S, SP), CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 30 2009 - 00:35:10 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 02 2010 - 11:11:08 ART