Re: mls qos vlan based from Lindsay Hill on 2012-09-10 (Ccielab archives 09/2012)

From: Lindsay Hill <lindsay.k.hill_at_gmail.com>
Date: Tue, 11 Sep 2012 05:53:25 +1200

The solution given is fine. You could have had a policer defined on each
physical port - using VLAN-based QOS just gives you a faster way of applying
consistent across a group of interfaces. It doesn't only apply to L3 traffic
terminating on the SVI (there is no IP on the SVI in this case). It only
applies to incoming traffic on VLAN120, on any of the physical ports mentioned
in the child class map

On 10/09/2012, at 11:15 PM, Imran Ali <immrccie_at_gmail.com> wrote:

> no info about subnet in instructions : clearly source is vlan 120 and
destination is 10.0.0.20 ..probably just imaginery type of ip and imaginery
vlan .
>
> On Mon, Sep 10, 2012 at 2:08 PM, gs gs <gs4me2me_at_gmail.com> wrote:
> what subnet use vlan120?
>
>
> On Mon, Sep 10, 2012 at 12:39 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> in one of 360 labs , it say
>
> vlan 120 is source and destination is 10.0.0.20 . configure policing on SVI
so to police incomming traffic on f1/10 to 900 KB/s wiht burst of 9000 bytes .
Also set dscp to AF11
>
> bla..bla..
>
> =====================================
> ip access-list 100 permit ip any host 10.0.0.20
>
> class-map CMAP
> match access-group 100
>
>
> class-map match-all INTF1/10
> match input interface f1/10
>
> policey-map CHILD
> class INTF1/10
> Police 90000 9000 exceed-action drop
>
> policy-map PMAP
> class CMAP
> set dscp AF11
> service-policy CHILD
>
> int vlan 120
> no ip address
> service-policy input PMAP
>
> int fa1/10
> sw acc vlan 120
> mls qos vlan-based
> ========================================
>
>
> i think either task or solution is wrong or i my understanding . As source
vlan is 120 clearly they want to police traffic comming from f1/10 destined
to 10.0.0.20 which could be in another vlan or just a non existing ip .
>
>
>
>
>
>
>
>
> On Mon, Sep 10, 2012 at 11:16 AM, Lindsay Hill <lindsay.k.hill_at_gmail.com>
wrote:
> As I understand it, you can't do policing directly at the VLAN level. The
only way you'd having policing involved would be if you used a hierarchical
policy, with child policies matching specific interfaces. From the Config
Guide:
>
> b" VLAN levelbCreate this primary level by configuring class maps
and classes that specify the port trust state or set a new DSCP or IP0 la
precedence value in the packet. The VLAN-level policy map applies only to the
VLAN in an SVI and does not support policers.
>
>
> Also, policing is ingress only on the 3560s - so it's traffic that is
destined to VLAN 10, that comes in the specific interfaces referenced in the
child policy, that will be policed.
>
>
> Does your policy look something like this:
>
> !SW2
> class-map CM-INTERFACE
> match input-interface f1/10
> policy-map PM-CHILD
> class CM-INTERFACE
> police 100000
> policy-map PM-PARENT
> class class-default
> service-policy PM-CHILD
>
> interface vlan10
> service-policy input PM-PARENT
>
>
>
> - Lindsay
>
> On 10/09/2012, at 6:19 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>
> > thanks gs ,
> >
> >
> > *sw1* ============ {f1/10} *sw2 *
> >
> > **
> > i am policing traffic , applying individual policer on fa1/10 and parent
> > level policy map on SVI in sw2.
> >
> > which traffic will be policed ? let say we have some members in vlan
> > physically residing on sw1 , whose dg is SVI on sw2 ; will this traffic
be
> > policed . ie source vlan 10 traffic ?
> >
> > or
> >
> > traffic that is destined to vlan 10 in sw2 will be policed ? let say
> > traffic from other vlan 20 , destined to vlan 10 will be policed ?
> >
> >
> > On Sun, Sep 9, 2012 at 10:22 PM, gs gs <gs4me2me_at_gmail.com> wrote:
> >
> >> You can apply a policy map to incoming traffic on a physical port or on
an
> >> SVI.
> >> This example shows how to apply plcmap1 to an ingress SVI when
VLAN-based
> >> QoS is enabled:
> >> Switch(config)# interface vlan 10
> >> Switch(config-if)# service-policy input plcmap1
> >>
> >>
> >>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
.2_58_se/command/reference/cli2.html#wp6193114
> >>
> >> hth
> >>
> >> On Sun, Sep 9, 2012 at 5:25 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> >>
> >>> in context of vlan based qos
> >>>
> >>> On Sun, Sep 9, 2012 at 6:24 PM, Imran Ali <immrccie_at_gmail.com> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>> when i am policing traffic in 3560 for vlan 10 . does it mean "traffic
> >>>> destined " to vlan 10 will be policed or traffic originated in vlan 10
> >>> will
> >>>> be policed .
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Sep 11 2012 - 05:53:25 ART

This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART