Re: Vlan-based or interface based service policy

I agree with Sonu.

On Wed, Jul 28, 2010 at 2:39 PM, Jorge Cortes
<jorge.cortes.cano_at_gmail.com>wrote:

> Hi,
>
> I think neither of your configurations will work -assuming your switch is a
> 3560, which are the only switches you will find in the actual lab since
> 3550
> are now long gone. The reasons are the following.
>
> For scenario 2, you cannot use "match vlan" in 3560. See here:
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli1.html#wp1862439
>
> For scenario 1, the child class-map MUST have "match input interface", and
> you cannot use class-default, whether the parent class-map matches on the
> type of traffic you want to rate-limit. You cannot use class-default
> either.
> See here:
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swqos.html#wp1703903
>
> Also remember this is only works in the input direction.
>
> So in order to achieve your requirement (assuming it is ingress direction)
> you need to define the child class-map matching on all interfaces that are
> members of your VLANs, including the trunks. For the parent class-map since
> you cannot use class-default and sounds like you need to limit all traffic
> you need to create a user defined class-map and match an access-list with
> permit any statement.
>
> Also remember that the child policy-map can only police, but not mark,
> while
> the parent policy-map can only mark, but not police.
>
> Taking a closer look at your requirements seems to me like something is
> missing. Usually they ask you to police certain type of traffic (HTTP,
> email, etc).
>
> HTH,
> Jorge
>
> On Wed, Jul 28, 2010 at 9:26 AM, David Bass <davidbass570_at_gmail.com>
> wrote:
>
> > I think that if you apply it to the interfaces only then you will limit
> > each
> > port to the required amount, but the aggregate on the VLAN would not be
> > limited to 64 or 2048 k. IMO, the only solution for the task is having
> it
> > on the SVI...
> >
> > On Wed, Jul 28, 2010 at 8:39 AM, Maarten Vervoorn <mr.vervoorn_at_gmail.com
> > >wrote:
> >
> > > Well in both options you have to configure some-thing on those
> > interfaces.
> > > Configure mls qos vlan-based on the interface or service-policy out
> LIMIT
> > > Both access and trunks are used but I don't think its an issue here.
> > >
> > > In this practice lab I configured it vlan-based. The anwser guide
> > > configured
> > > it with a service-policy attached to the interfaces (access and trunk
> > > ports)
> > >
> > > Kind regards,
> > >
> > > Maarten Vervoorn
> > >
> > > 2010/7/28 Hash <hashng_at_gmail.com>
> > >
> > > > It depends if the interfaces are trunks or access and the number of
> > > > interfaces you have plus how much time you have in the lab to go over
> > > > interface by interface (task consuming)
> > > >
> > > > Hash
> > > >
> > > > Sent from my BlackBerry. wireless device from STC
> > > > ------------------------------
> > > > *From: *Maarten Vervoorn <mr.vervoorn_at_gmail.com>
> > > > *Date: *Wed, 28 Jul 2010 15:26:31 +0200
> > > > *To: *<hashng_at_gmail.com>
> > > > *Cc: *Cisco certification<ccielab_at_groupstudy.com>
> > > > *Subject: *Re: Vlan-based or interface based service policy
> > > >
> > > > In the class-maps I match on the vlans. So I think both anwser will
> do.
> > > If
> > > > you configure the service policy on all interfaces of vlan 12 and 16
> > > >
> > > > 2010/7/28 Hash <hashng_at_gmail.com>
> > > >
> > > >> Apply it under the svi
> > > >> Hash
> > > >> Sent from my BlackBerry. wireless device from STC
> > > >>
> > > >> -----Original Message-----
> > > >> From: Mirco Orlandi <mirco.orlandi_at_gmail.com>
> > > >> Sender: nobody_at_groupstudy.com
> > > >> Date: Wed, 28 Jul 2010 11:58:05
> > > >> To: Maarten Vervoorn<mr.vervoorn_at_gmail.com>
> > > >> Reply-To: Mirco Orlandi <mirco.orlandi_at_gmail.com>
> > > >> Cc: Cisco certification<ccielab_at_groupstudy.com>
> > > >> Subject: Re: Vlan-based or interface based service policy
> > > >>
> > > >> Hi Maarten,
> > > >>
> > > >> this task is asking you to configure a policer for vlan12 and a
> > policer
> > > >> for
> > > >> vlan16.
> > > >>
> > > >> At this point of my preparation path I'm not a guru on this staff,
> but
> > > it
> > > >> seems your second option doesn't match task requirements, because it
> > > >> creates
> > > >> per-port per-vlan policer.
> > > >> So, you will have a lot of policer without a single point of entire
> > vlan
> > > >> traffic metering.
> > > >>
> > > >> I have not labbed this up.
> > > >> -mirco.
> > > >>
> > > >>
> > > >> On Wed, Jul 28, 2010 at 7:41 AM, Maarten Vervoorn <
> > > mr.vervoorn_at_gmail.com
> > > >> >wrote:
> > > >>
> > > >> > Hi All,
> > > >> >
> > > >> > I just received a quetsion from the workbook lab with the
> following
> > > >> > question:
> > > >> > Configure VLAN 12 to allow a maximum bandwidth of 64 Kb
> > > >> > Configure VLAN 16 to allow a maximum bandwidth of 2048 Kbit
> > > >> >
> > > >> > I think there are two option to do this. I can create a service
> > policy
> > > >> and
> > > >> > put it on alle vlan 12 and 16 interfaces or I could you vlan-based
> > to
> > > >> just
> > > >> > apply the policy to the vlan interface. Can anyone tell me if I'm
> > > >> correct.
> > > >> > In the real lab I could ask the proctor that I could do this
> > question
> > > >> two
> > > >> > ways
> > > >> > *SW1*
> > > >> > mls qos
> > > >> > !
> > > >> > policy-map POLICE-16
> > > >> > class class-default
> > > >> > police 2048000 8000 exceed-action drop
> > > >> > policy-map VLAN16
> > > >> > class class-default
> > > >> > service-policy POLICE-16
> > > >> > policy-map POLICE-12
> > > >> > class class-default
> > > >> > police 64000 8000 exceed-action drop
> > > >> > policy-map VLAN12
> > > >> > class class-default
> > > >> > service-policy POLICE-12
> > > >> > !
> > > >> > int fa0/1
> > > >> > sw access vl 12
> > > >> > sw mo access
> > > >> > mls qos vlan-based
> > > >> > int fa0/3
> > > >> > sw access vl 16
> > > >> > sw mo access
> > > >> > mls qos vlan-based
> > > >> > int fa0/4
> > > >> > sw tr en isl
> > > >> > sw mo tr
> > > >> > sw tr all vl 12,16
> > > >> > mls qos vlan-based
> > > >> > int vlan 12
> > > >> > service-policy in VLAN12
> > > >> > int vlan 16
> > > >> > service-policy in VLAN16
> > > >> > !
> > > >> > **
> > > >> > *OR
> > > >> > SW1*
> > > >> > class-map ALL
> > > >> > match access-group 100
> > > >> > class VLAN12
> > > >> > match vlan 12
> > > >> > match class-map ALL
> > > >> > class VLAN16
> > > >> > match vlan 16
> > > >> > match class-map ALL
> > > >> > !
> > > >> > policy-map LIMIT
> > > >> > class VLAN12
> > > >> > police 64000 8000 exceed-action drop
> > > >> > class VLAN16
> > > >> > police 2048000 8000 exceed-action drop
> > > >> > !
> > > >> > int fa0/1
> > > >> > sw access vl 12
> > > >> > sw mo access
> > > >> > service-policy in LIMIT
> > > >> > int fa0/3
> > > >> > sw access vl 16
> > > >> > sw mo access
> > > >> > service-policy in LIMIT
> > > >> > int fa0/4
> > > >> > sw tr en isl
> > > >> > sw mo tr
> > > >> > sw tr all vl 12,16
> > > >> > service-policy in LIMIT
> > > >> > !
> > > >> >
> > > >> >
> > > >> > Blogs and organic groups at http://www.ccie.net
> > > >> >
> > > >>
> > >_______________________________________________________________________
> > > >> > Subscription information may be found at:
> > > >> > http://www.groupstudy.com/list/CCIELab.html
> > > >>
> > > >>
> > > >> Blogs and organic groups at http://www.ccie.net
> > > >>
> > > >>
> > _______________________________________________________________________
> > > >> Subscription information may be found at:
> > > >> http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net