Thanks all,
I think vlan-based it will be. I cheched the vlan match option and it is
indeed not possible (I think the anwser guide is wrong here)
I did not read anywhere that I can't use the default-class in the link you
gave me, as I did in the second scenario. My thoughts were if I only use the
default class without any match options, all traffic will be limmited from
that vlan. Can you please explain this to me?
Kind regards,
Maarten vervoorn
2010/7/29 Narbik Kocharians <narbikk_at_gmail.com>
> I agree with Sonu.
>
>
> On Wed, Jul 28, 2010 at 2:39 PM, Jorge Cortes <jorge.cortes.cano_at_gmail.com
> > wrote:
>
>> Hi,
>>
>> I think neither of your configurations will work -assuming your switch is
>> a
>> 3560, which are the only switches you will find in the actual lab since
>> 3550
>> are now long gone. The reasons are the following.
>>
>> For scenario 2, you cannot use "match vlan" in 3560. See here:
>>
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli1.html#wp1862439
>>
>> For scenario 1, the child class-map MUST have "match input interface", and
>> you cannot use class-default, whether the parent class-map matches on the
>> type of traffic you want to rate-limit. You cannot use class-default
>> either.
>> See here:
>>
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swqos.html#wp1703903
>>
>> Also remember this is only works in the input direction.
>>
>> So in order to achieve your requirement (assuming it is ingress direction)
>> you need to define the child class-map matching on all interfaces that are
>> members of your VLANs, including the trunks. For the parent class-map
>> since
>> you cannot use class-default and sounds like you need to limit all traffic
>> you need to create a user defined class-map and match an access-list with
>> permit any statement.
>>
>> Also remember that the child policy-map can only police, but not mark,
>> while
>> the parent policy-map can only mark, but not police.
>>
>> Taking a closer look at your requirements seems to me like something is
>> missing. Usually they ask you to police certain type of traffic (HTTP,
>> email, etc).
>>
>> HTH,
>> Jorge
>>
>> On Wed, Jul 28, 2010 at 9:26 AM, David Bass <davidbass570_at_gmail.com>
>> wrote:
>>
>> > I think that if you apply it to the interfaces only then you will limit
>> > each
>> > port to the required amount, but the aggregate on the VLAN would not be
>> > limited to 64 or 2048 k. IMO, the only solution for the task is having
>> it
>> > on the SVI...
>> >
>> > On Wed, Jul 28, 2010 at 8:39 AM, Maarten Vervoorn <
>> mr.vervoorn_at_gmail.com
>> > >wrote:
>> >
>> > > Well in both options you have to configure some-thing on those
>> > interfaces.
>> > > Configure mls qos vlan-based on the interface or service-policy out
>> LIMIT
>> > > Both access and trunks are used but I don't think its an issue here.
>> > >
>> > > In this practice lab I configured it vlan-based. The anwser guide
>> > > configured
>> > > it with a service-policy attached to the interfaces (access and trunk
>> > > ports)
>> > >
>> > > Kind regards,
>> > >
>> > > Maarten Vervoorn
>> > >
>> > > 2010/7/28 Hash <hashng_at_gmail.com>
>> > >
>> > > > It depends if the interfaces are trunks or access and the number of
>> > > > interfaces you have plus how much time you have in the lab to go
>> over
>> > > > interface by interface (task consuming)
>> > > >
>> > > > Hash
>> > > >
>> > > > Sent from my BlackBerry. wireless device from STC
>> > > > ------------------------------
>> > > > *From: *Maarten Vervoorn <mr.vervoorn_at_gmail.com>
>> > > > *Date: *Wed, 28 Jul 2010 15:26:31 +0200
>> > > > *To: *<hashng_at_gmail.com>
>> > > > *Cc: *Cisco certification<ccielab_at_groupstudy.com>
>> > > > *Subject: *Re: Vlan-based or interface based service policy
>> > > >
>> > > > In the class-maps I match on the vlans. So I think both anwser will
>> do.
>> > > If
>> > > > you configure the service policy on all interfaces of vlan 12 and 16
>> > > >
>> > > > 2010/7/28 Hash <hashng_at_gmail.com>
>> > > >
>> > > >> Apply it under the svi
>> > > >> Hash
>> > > >> Sent from my BlackBerry. wireless device from STC
>> > > >>
>> > > >> -----Original Message-----
>> > > >> From: Mirco Orlandi <mirco.orlandi_at_gmail.com>
>> > > >> Sender: nobody_at_groupstudy.com
>> > > >> Date: Wed, 28 Jul 2010 11:58:05
>> > > >> To: Maarten Vervoorn<mr.vervoorn_at_gmail.com>
>> > > >> Reply-To: Mirco Orlandi <mirco.orlandi_at_gmail.com>
>> > > >> Cc: Cisco certification<ccielab_at_groupstudy.com>
>> > > >> Subject: Re: Vlan-based or interface based service policy
>> > > >>
>> > > >> Hi Maarten,
>> > > >>
>> > > >> this task is asking you to configure a policer for vlan12 and a
>> > policer
>> > > >> for
>> > > >> vlan16.
>> > > >>
>> > > >> At this point of my preparation path I'm not a guru on this staff,
>> but
>> > > it
>> > > >> seems your second option doesn't match task requirements, because
>> it
>> > > >> creates
>> > > >> per-port per-vlan policer.
>> > > >> So, you will have a lot of policer without a single point of entire
>> > vlan
>> > > >> traffic metering.
>> > > >>
>> > > >> I have not labbed this up.
>> > > >> -mirco.
>> > > >>
>> > > >>
>> > > >> On Wed, Jul 28, 2010 at 7:41 AM, Maarten Vervoorn <
>> > > mr.vervoorn_at_gmail.com
>> > > >> >wrote:
>> > > >>
>> > > >> > Hi All,
>> > > >> >
>> > > >> > I just received a quetsion from the workbook lab with the
>> following
>> > > >> > question:
>> > > >> > Configure VLAN 12 to allow a maximum bandwidth of 64 Kb
>> > > >> > Configure VLAN 16 to allow a maximum bandwidth of 2048 Kbit
>> > > >> >
>> > > >> > I think there are two option to do this. I can create a service
>> > policy
>> > > >> and
>> > > >> > put it on alle vlan 12 and 16 interfaces or I could you
>> vlan-based
>> > to
>> > > >> just
>> > > >> > apply the policy to the vlan interface. Can anyone tell me if I'm
>> > > >> correct.
>> > > >> > In the real lab I could ask the proctor that I could do this
>> > question
>> > > >> two
>> > > >> > ways
>> > > >> > *SW1*
>> > > >> > mls qos
>> > > >> > !
>> > > >> > policy-map POLICE-16
>> > > >> > class class-default
>> > > >> > police 2048000 8000 exceed-action drop
>> > > >> > policy-map VLAN16
>> > > >> > class class-default
>> > > >> > service-policy POLICE-16
>> > > >> > policy-map POLICE-12
>> > > >> > class class-default
>> > > >> > police 64000 8000 exceed-action drop
>> > > >> > policy-map VLAN12
>> > > >> > class class-default
>> > > >> > service-policy POLICE-12
>> > > >> > !
>> > > >> > int fa0/1
>> > > >> > sw access vl 12
>> > > >> > sw mo access
>> > > >> > mls qos vlan-based
>> > > >> > int fa0/3
>> > > >> > sw access vl 16
>> > > >> > sw mo access
>> > > >> > mls qos vlan-based
>> > > >> > int fa0/4
>> > > >> > sw tr en isl
>> > > >> > sw mo tr
>> > > >> > sw tr all vl 12,16
>> > > >> > mls qos vlan-based
>> > > >> > int vlan 12
>> > > >> > service-policy in VLAN12
>> > > >> > int vlan 16
>> > > >> > service-policy in VLAN16
>> > > >> > !
>> > > >> > **
>> > > >> > *OR
>> > > >> > SW1*
>> > > >> > class-map ALL
>> > > >> > match access-group 100
>> > > >> > class VLAN12
>> > > >> > match vlan 12
>> > > >> > match class-map ALL
>> > > >> > class VLAN16
>> > > >> > match vlan 16
>> > > >> > match class-map ALL
>> > > >> > !
>> > > >> > policy-map LIMIT
>> > > >> > class VLAN12
>> > > >> > police 64000 8000 exceed-action drop
>> > > >> > class VLAN16
>> > > >> > police 2048000 8000 exceed-action drop
>> > > >> > !
>> > > >> > int fa0/1
>> > > >> > sw access vl 12
>> > > >> > sw mo access
>> > > >> > service-policy in LIMIT
>> > > >> > int fa0/3
>> > > >> > sw access vl 16
>> > > >> > sw mo access
>> > > >> > service-policy in LIMIT
>> > > >> > int fa0/4
>> > > >> > sw tr en isl
>> > > >> > sw mo tr
>> > > >> > sw tr all vl 12,16
>> > > >> > service-policy in LIMIT
>> > > >> > !
>> > > >> >
>> > > >> >
>> > > >> > Blogs and organic groups at http://www.ccie.net
>> > > >> >
>> > > >>
>> > >_______________________________________________________________________
>> > > >> > Subscription information may be found at:
>> > > >> > http://www.groupstudy.com/list/CCIELab.html
>> > > >>
>> > > >>
>> > > >> Blogs and organic groups at http://www.ccie.net
>> > > >>
>> > > >>
>> > _______________________________________________________________________
>> > > >> Subscription information may be found at:
>> > > >> http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > > Blogs and organic groups at http://www.ccie.net
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com <http://www.micronicstraining.com/>
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 29 2010 - 07:30:04 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART