agreed and thanks
On Mon, Sep 10, 2012 at 8:53 PM, Lindsay Hill
<lindsay.k.hill_at_gmail.com>wrote:
> The solution given is fine. You could have had a policer defined on each
> physical port - using VLAN-based QOS just gives you a faster way of
> applying consistent across a group of interfaces. It doesn't only apply to
> L3 traffic terminating on the SVI (there is no IP on the SVI in this case).
> It only applies to incoming traffic on VLAN120, on any of the physical
> ports mentioned in the child class map
>
>
> On 10/09/2012, at 11:15 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>
> no info about subnet in instructions : clearly source is vlan 120 and
> destination is 10.0.0.20 ..probably just imaginery type of ip and imaginery
> vlan .
>
> On Mon, Sep 10, 2012 at 2:08 PM, gs gs <gs4me2me_at_gmail.com> wrote:
>
>> what subnet use vlan120?
>>
>>
>> On Mon, Sep 10, 2012 at 12:39 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>
>>> in one of 360 labs , it say
>>>
>>> vlan 120 is source and destination is 10.0.0.20 . configure policing on
>>> SVI so to police incomming traffic on f1/10 to 900 KB/s wiht burst of
9000
>>> bytes . Also set dscp to AF11
>>>
>>> bla..bla..
>>>
>>> =====================================
>>> ip access-list 100 permit ip any host 10.0.0.20
>>>
>>> class-map CMAP
>>> match access-group 100
>>>
>>>
>>> class-map match-all INTF1/10
>>> match input interface f1/10
>>>
>>> policey-map CHILD
>>> class INTF1/10
>>> Police 90000 9000 exceed-action drop
>>>
>>> policy-map PMAP
>>> class CMAP
>>> set dscp AF11
>>> service-policy CHILD
>>>
>>> int vlan 120
>>> no ip address
>>> service-policy input PMAP
>>>
>>> int fa1/10
>>> sw acc vlan 120
>>> mls qos vlan-based
>>> ========================================
>>>
>>>
>>> i think either task or solution is wrong or i my understanding . As
*source
>>> vlan is 120* clearly they want to police traffic comming from f1/10
>>> destined to 10.0.0.20 which could be in another vlan or just a non
>>> existing ip .
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mon, Sep 10, 2012 at 11:16 AM, Lindsay Hill <lindsay.k.hill_at_gmail.com
>>> > wrote:
>>>
>>>> As I understand it, you can't do policing directly at the VLAN level.
>>>> The only way you'd having policing involved would be if you used a
>>>> hierarchical policy, with child policies matching specific interfaces.
From
>>>> the Config Guide:
>>>>
>>>> � VLAN level�Create this primary level by configuring class
>>>> maps and classes that specify the port trust state or set a new DSCP or
IP0
>>>> la precedence value in the packet. The VLAN-level policy map applies
only
>>>> to the VLAN in an SVI and does not support policers.
>>>>
>>>>
>>>> Also, policing is ingress only on the 3560s - so it's traffic that is
>>>> destined to VLAN 10, that comes in the specific interfaces referenced in
>>>> the child policy, that will be policed.
>>>>
>>>>
>>>> Does your policy look something like this:
>>>>
>>>> !SW2
>>>> class-map CM-INTERFACE
>>>> match input-interface f1/10
>>>> policy-map PM-CHILD
>>>> class CM-INTERFACE
>>>> police 100000
>>>> policy-map PM-PARENT
>>>> class class-default
>>>> service-policy PM-CHILD
>>>>
>>>> interface vlan10
>>>> service-policy input PM-PARENT
>>>>
>>>>
>>>>
>>>> - Lindsay
>>>>
>>>> On 10/09/2012, at 6:19 PM, Imran Ali <immrccie_at_gmail.com> wrote:
>>>>
>>>> > thanks gs ,
>>>> >
>>>> >
>>>> > *sw1* ============ {f1/10} *sw2 *
>>>> >
>>>> > **
>>>> > i am policing traffic , applying individual policer on fa1/10 and
>>>> parent
>>>> > level policy map on SVI in sw2.
>>>> >
>>>> > which traffic will be policed ? let say we have some members in vlan
>>>> > physically residing on sw1 , whose dg is SVI on sw2 ; will this
>>>> traffic be
>>>> > policed . ie source vlan 10 traffic ?
>>>> >
>>>> > or
>>>> >
>>>> > traffic that is destined to vlan 10 in sw2 will be policed ? let say
>>>> > traffic from other vlan 20 , destined to vlan 10 will be policed ?
>>>> >
>>>> >
>>>> > On Sun, Sep 9, 2012 at 10:22 PM, gs gs <gs4me2me_at_gmail.com> wrote:
>>>> >
>>>> >> You can apply a policy map to incoming traffic on a physical port or
>>>> on an
>>>> >> SVI.
>>>> >> This example shows how to apply plcmap1 to an ingress SVI when
>>>> VLAN-based
>>>> >> QoS is enabled:
>>>> >> Switch(config)# interface vlan 10
>>>> >> Switch(config-if)# service-policy input plcmap1
>>>> >>
>>>> >>
>>>> >>
>>>>
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
.2_58_se/command/reference/cli2.html#wp6193114
>>>> >>
>>>> >> hth
>>>> >>
>>>> >> On Sun, Sep 9, 2012 at 5:25 PM, Imran Ali <immrccie_at_gmail.com>
>>>> wrote:
>>>> >>
>>>> >>> in context of vlan based qos
>>>> >>>
>>>> >>> On Sun, Sep 9, 2012 at 6:24 PM, Imran Ali <immrccie_at_gmail.com>
>>>> wrote:
>>>> >>>
>>>> >>>> Hi all,
>>>> >>>>
>>>> >>>> when i am policing traffic in 3560 for vlan 10 . does it mean
>>>> "traffic
>>>> >>>> destined " to vlan 10 will be policed or traffic originated in
>>>> vlan 10
>>>> >>> will
>>>> >>>> be policed .
>>>> >>>
>>>> >>>
>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>> >>>
>>>> >>>
>>>> _______________________________________________________________________
>>>> >>> Subscription information may be found at:
>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>> >
>>>> >
>>>> > Blogs and organic groups at http://www.ccie.net
>>>> >
>>>> >
>>>> _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 10 2012 - 21:22:57 ART