As I understand it, you can't do policing directly at the VLAN level. The only way you'd having policing involved would be if you used a hierarchical policy, with child policies matching specific interfaces. From the Config Guide:
� VLAN level�Create this primary level by configuring class maps and classes that specify the port trust state or set a new DSCP or IP precedence value in the packet. The VLAN-level policy map applies only to the VLAN in an SVI and does not support policers.
Also, policing is ingress only on the 3560s - so it's traffic that is destined to VLAN 10, that comes in the specific interfaces referenced in the child policy, that will be policed.
Does your policy look something like this:
!SW2
class-map CM-INTERFACE
match input-interface f1/10
policy-map PM-CHILD
class CM-INTERFACE
police 100000
policy-map PM-PARENT
class class-default
service-policy PM-CHILD
interface vlan10
service-policy input PM-PARENT
- Lindsay
On 10/09/2012, at 6:19 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> thanks gs ,
>
>
> *sw1* ============ {f1/10} *sw2 *
>
> **
> i am policing traffic , applying individual policer on fa1/10 and parent
> level policy map on SVI in sw2.
>
> which traffic will be policed ? let say we have some members in vlan
> physically residing on sw1 , whose dg is SVI on sw2 ; will this traffic be
> policed . ie source vlan 10 traffic ?
>
> or
>
> traffic that is destined to vlan 10 in sw2 will be policed ? let say
> traffic from other vlan 20 , destined to vlan 10 will be policed ?
>
>
> On Sun, Sep 9, 2012 at 10:22 PM, gs gs <gs4me2me_at_gmail.com> wrote:
>
>> You can apply a policy map to incoming traffic on a physical port or on an
>> SVI.
>> This example shows how to apply plcmap1 to an ingress SVI when VLAN-based
>> QoS is enabled:
>> Switch(config)# interface vlan 10
>> Switch(config-if)# service-policy input plcmap1
>>
>>
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_58_se/command/reference/cli2.html#wp6193114
>>
>> hth
>>
>> On Sun, Sep 9, 2012 at 5:25 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>
>>> in context of vlan based qos
>>>
>>> On Sun, Sep 9, 2012 at 6:24 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> when i am policing traffic in 3560 for vlan 10 . does it mean "traffic
>>>> destined " to vlan 10 will be policed or traffic originated in vlan 10
>>> will
>>>> be policed .
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 10 2012 - 20:16:52 ART