in one of 360 labs , it say
vlan 120 is source and destination is 10.0.0.20 . configure policing on SVI
so to police incomming traffic on f1/10 to 900 KB/s wiht burst of 9000
bytes . Also set dscp to AF11
bla..bla..
=====================================
ip access-list 100 permit ip any host 10.0.0.20
class-map CMAP
match access-group 100
class-map match-all INTF1/10
match input interface f1/10
policey-map CHILD
class INTF1/10
Police 90000 9000 exceed-action drop
policy-map PMAP
class CMAP
set dscp AF11
service-policy CHILD
int vlan 120
no ip address
service-policy input PMAP
int fa1/10
sw acc vlan 120
mls qos vlan-based
========================================
i think either task or solution is wrong or i my understanding . As *source
vlan is 120* clearly they want to police traffic comming from f1/10
destined to 10.0.0.20 which could be in another vlan or just a non
existing ip .
On Mon, Sep 10, 2012 at 11:16 AM, Lindsay Hill
<lindsay.k.hill_at_gmail.com>wrote:
> As I understand it, you can't do policing directly at the VLAN level. The
> only way you'd having policing involved would be if you used a hierarchical
> policy, with child policies matching specific interfaces. From the Config
> Guide:
>
> � VLAN level�Create this primary level by configuring class maps
> and classes that specify the port trust state or set a new DSCP or IP0
> la precedence value in the packet. The VLAN-level policy map applies only
> to the VLAN in an SVI and does not support policers.
>
> Also, policing is ingress only on the 3560s - so it's traffic that is
> destined to VLAN 10, that comes in the specific interfaces referenced in
> the child policy, that will be policed.
>
>
> Does your policy look something like this:
>
> !SW2
> class-map CM-INTERFACE
> match input-interface f1/10
> policy-map PM-CHILD
> class CM-INTERFACE
> police 100000
> policy-map PM-PARENT
> class class-default
> service-policy PM-CHILD
>
> interface vlan10
> service-policy input PM-PARENT
>
>
>
> - Lindsay
>
> On 10/09/2012, at 6:19 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>
> > thanks gs ,
> >
> >
> > *sw1* ============ {f1/10} *sw2 *
> >
> > **
> > i am policing traffic , applying individual policer on fa1/10 and parent
> > level policy map on SVI in sw2.
> >
> > which traffic will be policed ? let say we have some members in vlan
> > physically residing on sw1 , whose dg is SVI on sw2 ; will this traffic
> be
> > policed . ie source vlan 10 traffic ?
> >
> > or
> >
> > traffic that is destined to vlan 10 in sw2 will be policed ? let say
> > traffic from other vlan 20 , destined to vlan 10 will be policed ?
> >
> >
> > On Sun, Sep 9, 2012 at 10:22 PM, gs gs <gs4me2me_at_gmail.com> wrote:
> >
> >> You can apply a policy map to incoming traffic on a physical port or on
> an
> >> SVI.
> >> This example shows how to apply plcmap1 to an ingress SVI when
> VLAN-based
> >> QoS is enabled:
> >> Switch(config)# interface vlan 10
> >> Switch(config-if)# service-policy input plcmap1
> >>
> >>
> >>
>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
.2_58_se/command/reference/cli2.html#wp6193114
> >>
> >> hth
> >>
> >> On Sun, Sep 9, 2012 at 5:25 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> >>
> >>> in context of vlan based qos
> >>>
> >>> On Sun, Sep 9, 2012 at 6:24 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> when i am policing traffic in 3560 for vlan 10 . does it mean "traffic
> >>>> destined " to vlan 10 will be policed or traffic originated in vlan 10
> >>> will
> >>>> be policed .
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 10 2012 - 13:39:51 ART