Re: Vlan-based or interface based service policy from Henrique Reis on 2010-07-29 (Ccielab archives 07/2010)

From: Henrique Reis <reis.henrique_at_gmail.com>
Date: Thu, 29 Jul 2010 10:51:38 -0300

Have you tried this link?

http://blog.ine.com/tag/vlan-based/

Thanks

On Thu, Jul 29, 2010 at 2:30 AM, Maarten Vervoorn <mr.vervoorn_at_gmail.com>wrote:

> Thanks all,
>
> I think vlan-based it will be. I cheched the vlan match option and it is
> indeed not possible (I think the anwser guide is wrong here)
> I did not read anywhere that I can't use the default-class in the link you
> gave me, as I did in the second scenario. My thoughts were if I only use
> the
> default class without any match options, all traffic will be limmited from
> that vlan. Can you please explain this to me?
>
> Kind regards,
>
> Maarten vervoorn
>
> 2010/7/29 Narbik Kocharians <narbikk_at_gmail.com>
>
> > I agree with Sonu.
> >
> >
> > On Wed, Jul 28, 2010 at 2:39 PM, Jorge Cortes <
> jorge.cortes.cano_at_gmail.com
> > > wrote:
> >
> >> Hi,
> >>
> >> I think neither of your configurations will work -assuming your switch
> is
> >> a
> >> 3560, which are the only switches you will find in the actual lab since
> >> 3550
> >> are now long gone. The reasons are the following.
> >>
> >> For scenario 2, you cannot use "match vlan" in 3560. See here:
> >>
> >>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli1.html#wp1862439
> >>
> >> For scenario 1, the child class-map MUST have "match input interface",
> and
> >> you cannot use class-default, whether the parent class-map matches on
> the
> >> type of traffic you want to rate-limit. You cannot use class-default
> >> either.
> >> See here:
> >>
> >>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swqos.html#wp1703903
> >>
> >> Also remember this is only works in the input direction.
> >>
> >> So in order to achieve your requirement (assuming it is ingress
> direction)
> >> you need to define the child class-map matching on all interfaces that
> are
> >> members of your VLANs, including the trunks. For the parent class-map
> >> since
> >> you cannot use class-default and sounds like you need to limit all
> traffic
> >> you need to create a user defined class-map and match an access-list
> with
> >> permit any statement.
> >>
> >> Also remember that the child policy-map can only police, but not mark,
> >> while
> >> the parent policy-map can only mark, but not police.
> >>
> >> Taking a closer look at your requirements seems to me like something is
> >> missing. Usually they ask you to police certain type of traffic (HTTP,
> >> email, etc).
> >>
> >> HTH,
> >> Jorge
> >>
> >> On Wed, Jul 28, 2010 at 9:26 AM, David Bass <davidbass570_at_gmail.com>
> >> wrote:
> >>
> >> > I think that if you apply it to the interfaces only then you will
> limit
> >> > each
> >> > port to the required amount, but the aggregate on the VLAN would not
> be
> >> > limited to 64 or 2048 k. IMO, the only solution for the task is
> having
> >> it
> >> > on the SVI...
> >> >
> >> > On Wed, Jul 28, 2010 at 8:39 AM, Maarten Vervoorn <
> >> mr.vervoorn_at_gmail.com
> >> > >wrote:
> >> >
> >> > > Well in both options you have to configure some-thing on those
> >> > interfaces.
> >> > > Configure mls qos vlan-based on the interface or service-policy out
> >> LIMIT
> >> > > Both access and trunks are used but I don't think its an issue here.
> >> > >
> >> > > In this practice lab I configured it vlan-based. The anwser guide
> >> > > configured
> >> > > it with a service-policy attached to the interfaces (access and
> trunk
> >> > > ports)
> >> > >
> >> > > Kind regards,
> >> > >
> >> > > Maarten Vervoorn
> >> > >
> >> > > 2010/7/28 Hash <hashng_at_gmail.com>
> >> > >
> >> > > > It depends if the interfaces are trunks or access and the number
> of
> >> > > > interfaces you have plus how much time you have in the lab to go
> >> over
> >> > > > interface by interface (task consuming)
> >> > > >
> >> > > > Hash
> >> > > >
> >> > > > Sent from my BlackBerry. wireless device from STC
> >> > > > ------------------------------
> >> > > > *From: *Maarten Vervoorn <mr.vervoorn_at_gmail.com>
> >> > > > *Date: *Wed, 28 Jul 2010 15:26:31 +0200
> >> > > > *To: *<hashng_at_gmail.com>
> >> > > > *Cc: *Cisco certification<ccielab_at_groupstudy.com>
> >> > > > *Subject: *Re: Vlan-based or interface based service policy
> >> > > >
> >> > > > In the class-maps I match on the vlans. So I think both anwser
> will
> >> do.
> >> > > If
> >> > > > you configure the service policy on all interfaces of vlan 12 and
> 16
> >> > > >
> >> > > > 2010/7/28 Hash <hashng_at_gmail.com>
> >> > > >
> >> > > >> Apply it under the svi
> >> > > >> Hash
> >> > > >> Sent from my BlackBerry. wireless device from STC
> >> > > >>
> >> > > >> -----Original Message-----
> >> > > >> From: Mirco Orlandi <mirco.orlandi_at_gmail.com>
> >> > > >> Sender: nobody_at_groupstudy.com
> >> > > >> Date: Wed, 28 Jul 2010 11:58:05
> >> > > >> To: Maarten Vervoorn<mr.vervoorn_at_gmail.com>
> >> > > >> Reply-To: Mirco Orlandi <mirco.orlandi_at_gmail.com>
> >> > > >> Cc: Cisco certification<ccielab_at_groupstudy.com>
> >> > > >> Subject: Re: Vlan-based or interface based service policy
> >> > > >>
> >> > > >> Hi Maarten,
> >> > > >>
> >> > > >> this task is asking you to configure a policer for vlan12 and a
> >> > policer
> >> > > >> for
> >> > > >> vlan16.
> >> > > >>
> >> > > >> At this point of my preparation path I'm not a guru on this
> staff,
> >> but
> >> > > it
> >> > > >> seems your second option doesn't match task requirements, because
> >> it
> >> > > >> creates
> >> > > >> per-port per-vlan policer.
> >> > > >> So, you will have a lot of policer without a single point of
> entire
> >> > vlan
> >> > > >> traffic metering.
> >> > > >>
> >> > > >> I have not labbed this up.
> >> > > >> -mirco.
> >> > > >>
> >> > > >>
> >> > > >> On Wed, Jul 28, 2010 at 7:41 AM, Maarten Vervoorn <
> >> > > mr.vervoorn_at_gmail.com
> >> > > >> >wrote:
> >> > > >>
> >> > > >> > Hi All,
> >> > > >> >
> >> > > >> > I just received a quetsion from the workbook lab with the
> >> following
> >> > > >> > question:
> >> > > >> > Configure VLAN 12 to allow a maximum bandwidth of 64 Kb
> >> > > >> > Configure VLAN 16 to allow a maximum bandwidth of 2048 Kbit
> >> > > >> >
> >> > > >> > I think there are two option to do this. I can create a service
> >> > policy
> >> > > >> and
> >> > > >> > put it on alle vlan 12 and 16 interfaces or I could you
> >> vlan-based
> >> > to
> >> > > >> just
> >> > > >> > apply the policy to the vlan interface. Can anyone tell me if
> I'm
> >> > > >> correct.
> >> > > >> > In the real lab I could ask the proctor that I could do this
> >> > question
> >> > > >> two
> >> > > >> > ways
> >> > > >> > *SW1*
> >> > > >> > mls qos
> >> > > >> > !
> >> > > >> > policy-map POLICE-16
> >> > > >> > class class-default
> >> > > >> > police 2048000 8000 exceed-action drop
> >> > > >> > policy-map VLAN16
> >> > > >> > class class-default
> >> > > >> > service-policy POLICE-16
> >> > > >> > policy-map POLICE-12
> >> > > >> > class class-default
> >> > > >> > police 64000 8000 exceed-action drop
> >> > > >> > policy-map VLAN12
> >> > > >> > class class-default
> >> > > >> > service-policy POLICE-12
> >> > > >> > !
> >> > > >> > int fa0/1
> >> > > >> > sw access vl 12
> >> > > >> > sw mo access
> >> > > >> > mls qos vlan-based
> >> > > >> > int fa0/3
> >> > > >> > sw access vl 16
> >> > > >> > sw mo access
> >> > > >> > mls qos vlan-based
> >> > > >> > int fa0/4
> >> > > >> > sw tr en isl
> >> > > >> > sw mo tr
> >> > > >> > sw tr all vl 12,16
> >> > > >> > mls qos vlan-based
> >> > > >> > int vlan 12
> >> > > >> > service-policy in VLAN12
> >> > > >> > int vlan 16
> >> > > >> > service-policy in VLAN16
> >> > > >> > !
> >> > > >> > **
> >> > > >> > *OR
> >> > > >> > SW1*
> >> > > >> > class-map ALL
> >> > > >> > match access-group 100
> >> > > >> > class VLAN12
> >> > > >> > match vlan 12
> >> > > >> > match class-map ALL
> >> > > >> > class VLAN16
> >> > > >> > match vlan 16
> >> > > >> > match class-map ALL
> >> > > >> > !
> >> > > >> > policy-map LIMIT
> >> > > >> > class VLAN12
> >> > > >> > police 64000 8000 exceed-action drop
> >> > > >> > class VLAN16
> >> > > >> > police 2048000 8000 exceed-action drop
> >> > > >> > !
> >> > > >> > int fa0/1
> >> > > >> > sw access vl 12
> >> > > >> > sw mo access
> >> > > >> > service-policy in LIMIT
> >> > > >> > int fa0/3
> >> > > >> > sw access vl 16
> >> > > >> > sw mo access
> >> > > >> > service-policy in LIMIT
> >> > > >> > int fa0/4
> >> > > >> > sw tr en isl
> >> > > >> > sw mo tr
> >> > > >> > sw tr all vl 12,16
> >> > > >> > service-policy in LIMIT
> >> > > >> > !
> >> > > >> >
> >> > > >> >
> >> > > >> > Blogs and organic groups at http://www.ccie.net
> >> > > >> >
> >> > > >>
> >> >
> >_______________________________________________________________________
> >> > > >> > Subscription information may be found at:
> >> > > >> > http://www.groupstudy.com/list/CCIELab.html
> >> > > >>
> >> > > >>
> >> > > >> Blogs and organic groups at http://www.ccie.net
> >> > > >>
> >> > > >>
> >> >
> _______________________________________________________________________
> >> > > >> Subscription information may be found at:
> >> > > >> http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> > >
> >> > > Blogs and organic groups at http://www.ccie.net
> >> > >
> >> > >
> >> _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> >
> >> > Blogs and organic groups at http://www.ccie.net
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Narbik Kocharians
> > CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > www.MicronicsTraining.com <http://www.micronicstraining.com/> <
> http://www.micronicstraining.com/>
> > Sr. Technical Instructor
> > YES! We take Cisco Learning Credits!
> > Training And Remote Racks available
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 29 2010 - 10:51:38 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART