no info about subnet in instructions : clearly source is vlan 120 and
destination is 10.0.0.20 ..probably just imaginery type of ip and imaginery
vlan .
On Mon, Sep 10, 2012 at 2:08 PM, gs gs <gs4me2me_at_gmail.com> wrote:
> what subnet use vlan120?
>
>
> On Mon, Sep 10, 2012 at 12:39 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>
>> in one of 360 labs , it say
>>
>> vlan 120 is source and destination is 10.0.0.20 . configure policing on
>> SVI so to police incomming traffic on f1/10 to 900 KB/s wiht burst of 9000
>> bytes . Also set dscp to AF11
>>
>> bla..bla..
>>
>> =====================================
>> ip access-list 100 permit ip any host 10.0.0.20
>>
>> class-map CMAP
>> match access-group 100
>>
>>
>> class-map match-all INTF1/10
>> match input interface f1/10
>>
>> policey-map CHILD
>> class INTF1/10
>> Police 90000 9000 exceed-action drop
>>
>> policy-map PMAP
>> class CMAP
>> set dscp AF11
>> service-policy CHILD
>>
>> int vlan 120
>> no ip address
>> service-policy input PMAP
>>
>> int fa1/10
>> sw acc vlan 120
>> mls qos vlan-based
>> ========================================
>>
>>
>> i think either task or solution is wrong or i my understanding . As
*source
>> vlan is 120* clearly they want to police traffic comming from f1/10
>> destined to 10.0.0.20 which could be in another vlan or just a non
>> existing ip .
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Sep 10, 2012 at 11:16 AM, Lindsay Hill
<lindsay.k.hill_at_gmail.com>wrote:
>>
>>> As I understand it, you can't do policing directly at the VLAN level.
>>> The only way you'd having policing involved would be if you used a
>>> hierarchical policy, with child policies matching specific interfaces.
From
>>> the Config Guide:
>>>
>>> � VLAN level�Create this primary level by configuring class maps
>>> and classes that specify the port trust state or set a new DSCP or IP0
>>> la precedence value in the packet. The VLAN-level policy map applies only
>>> to the VLAN in an SVI and does not support policers.
>>>
>>>
>>> Also, policing is ingress only on the 3560s - so it's traffic that is
>>> destined to VLAN 10, that comes in the specific interfaces referenced in
>>> the child policy, that will be policed.
>>>
>>>
>>> Does your policy look something like this:
>>>
>>> !SW2
>>> class-map CM-INTERFACE
>>> match input-interface f1/10
>>> policy-map PM-CHILD
>>> class CM-INTERFACE
>>> police 100000
>>> policy-map PM-PARENT
>>> class class-default
>>> service-policy PM-CHILD
>>>
>>> interface vlan10
>>> service-policy input PM-PARENT
>>>
>>>
>>>
>>> - Lindsay
>>>
>>> On 10/09/2012, at 6:19 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>>
>>> > thanks gs ,
>>> >
>>> >
>>> > *sw1* ============ {f1/10} *sw2 *
>>> >
>>> > **
>>> > i am policing traffic , applying individual policer on fa1/10 and
>>> parent
>>> > level policy map on SVI in sw2.
>>> >
>>> > which traffic will be policed ? let say we have some members in vlan
>>> > physically residing on sw1 , whose dg is SVI on sw2 ; will this
>>> traffic be
>>> > policed . ie source vlan 10 traffic ?
>>> >
>>> > or
>>> >
>>> > traffic that is destined to vlan 10 in sw2 will be policed ? let say
>>> > traffic from other vlan 20 , destined to vlan 10 will be policed ?
>>> >
>>> >
>>> > On Sun, Sep 9, 2012 at 10:22 PM, gs gs <gs4me2me_at_gmail.com> wrote:
>>> >
>>> >> You can apply a policy map to incoming traffic on a physical port or
>>> on an
>>> >> SVI.
>>> >> This example shows how to apply plcmap1 to an ingress SVI when
>>> VLAN-based
>>> >> QoS is enabled:
>>> >> Switch(config)# interface vlan 10
>>> >> Switch(config-if)# service-policy input plcmap1
>>> >>
>>> >>
>>> >>
>>>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
.2_58_se/command/reference/cli2.html#wp6193114
>>> >>
>>> >> hth
>>> >>
>>> >> On Sun, Sep 9, 2012 at 5:25 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>> >>
>>> >>> in context of vlan based qos
>>> >>>
>>> >>> On Sun, Sep 9, 2012 at 6:24 PM, Imran Ali <immrccie_at_gmail.com>
>>> wrote:
>>> >>>
>>> >>>> Hi all,
>>> >>>>
>>> >>>> when i am policing traffic in 3560 for vlan 10 . does it mean
>>> "traffic
>>> >>>> destined " to vlan 10 will be policed or traffic originated in vlan
>>> 10
>>> >>> will
>>> >>>> be policed .
>>> >>>
>>> >>>
>>> >>> Blogs and organic groups at http://www.ccie.net
>>> >>>
>>> >>>
>>> _______________________________________________________________________
>>> >>> Subscription information may be found at:
>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 10 2012 - 14:15:53 ART