Policing Configuration
Topology
Simple configuration of Policing
L2 Interface
Do the following to configure policing on an L2 interface.
#configure terminal | Enter configure mode. |
(config)#bridge 1 protocol mstp | Configure bridge 1 as mstp aware. |
(config)#interface xe2 | Enter interface mode. |
(config-if)#switchport | Configure xe2 as a Layer 2 port. |
(config-if)#bridge-group 1 | Associate bridge to an interface. |
(config-if)#switchport mode trunk | Configure port as a trunk. |
(config-if)#switchport trunk allowed vlan all | Allow all the VLANs on the xe2 interface. |
(config-if)#exit | Exit the xe2 interface mode. |
(config)#qos enable | Enable QoS globally. |
(config)#qos statistics | Enable QoS statistics. |
(config)#class-map type qos 1234 | Enter Class-map mode |
(config-cmap-qos)#match cos 3 | Configure match criteria as CoS with Value 3 |
(config-cmap-qos)#exit | Exit Class-map mode |
(config)#policy-map type qos 1234 | Enter policy-map mode |
(config-pmap-qos)#class type qos 1234 | Assign Class 1234 to Policy-map 1234 |
(config-pmap-c-qos))# police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop | Police access-list 102 frames @ Committed information rate 2 mbps, committed bust 2 mbyte, peak information rate 3 mbps, peak burst 2 mbytes when traffic is > CIR and <= PIR then Set the class of service (CoS) field to 1, if traffic violate the action then drop the frames. |
(config-pmap-c-qos)#exit | Exit out of policy-class-map mode |
(config-pmap-qos)#exit | Exit out of Policy-map mode |
(config)#interface xe2 | Enter xe2 interface |
(config-if)#service-policy type qos input 1234 | Assign service-policy to interface on in-direction |
(config)#interface xe3 | Enter interface mode. |
(config-if)#switchport | Configure xe3 as a Layer 2 port. |
(config-if)#bridge-group 1 | Associate bridge to an interface. |
(config-if)#switchport mode trunk | Configure port as a trunk. |
(config-if)#switchport trunk allowed vlan all | Allow all the VLANs on the xe3 interface. |
(config-if)#exit | Exit the xe3 interface mode. |
(config)#mac access-list 102 | Configure mac access-list with action |
(config-mac-acl)#permit host 0000.0101.1010 host 0000.0202.2020 | Permit when frames matches Source mac address 00:00:01:01:10:10 and destination mac address 00:00:02:02:20:20 |
(config-mac-acl)#exit | Exit mac access-list mode |
(config)#class-map type qos match-any 2345 | Enter Class-map mode |
(cmap-qos-match-any-mode)#match access-group 102 | Configure match criteria as access-group 102 |
(cmap-qos-match-any-mode)#exit | Exit Class-map mode |
(config)#policy-map type qos 2345 | Enter policy-map mode |
(config-pmap-qos)#class type qos 2345 | Assign Class 2345 to Policy-map 2345 |
(config-pmap-c-qos))# police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop | Police access-list 102 frames @ Committed information rate 2 mbps, committed bust 2 mbytes, peak information rate 3 mbps, peak burst 2 mbytes when traffic is > CIR and <= PIR, then set the class of service (CoS) field to 1, if traffic violate the action, then drop the frames. |
(config-pmap-qos)#exit | Exit Policy-class mode |
(config-pmap-qos)#exit | Exit Policy-map mode |
(config)#interface xe3 | Enter interface mode. |
(config-if)#service-policy type qos input 2345 | Assign service-policy 2345 to interface on in-direction |
(config-if)#commit | Committing the configured line |
(config-if)#exit | Exit interface mode |
Validation
Enter the commands below to confirm the configurations.
#show running-config qos
qos enable
!
qos statistics
!
class-map type qos 1234
match cos 2
!
class-map type qos match-any 2345
match access-group 102
!
policy-map type qos 1234
class type qos 1234
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
exit
policy-map type qos 2345
class type qos 2345
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
exit
!
interface xe2
service-policy type qos input 1234
!
interface xe3
service-policy type qos input 2345
#show class-map type qos
Type qos class-maps
===================
class-map type qos 1234
match cos 2
class-map type qos match-any 2345
match access-group 102
class-map type qos match-any class-default
#show policy-map type qos
Type qos policy-maps
====================
policy-map type qos 1234
class type qos 1234
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
exit
policy-map type qos 2345
class type qos 2345
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
exit
#
#show policy-map interface xe2
Interface xe2
Global statistics status : enabled
Service-policy (qos) input : 1234
--------------------------------
Class-map (qos): 1234 (match all)
match cos 3
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
matched : 7419394 packets, 504519132 bytes
dropped : 7409793 packets, 503866264 bytes
Service-policy (queuing) output: default-out-policy
--------------------------------
Class-map (queuing): q0
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q1
priority
output : 7222 packets, 491096 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q2
priority
output : 14444 packets, 982192 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q3
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q4
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q5
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q6
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q7
priority
output : 2 packets, 246 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q0
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q1
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q2
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q3
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q4
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q5
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q6
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q7
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Wred Drop Statistics :
----------------------
green : 0 packets
yellow : 0 packets
red : 0 packets
#show policy-map interface xe3
Interface xe3
Global statistics status : enabled
Service-policy (qos) input : 2345
--------------------------------
Class-map (qos): 2345 (match any)
match access-group 102
police cir 2 mbps pir 3 mbps bc 2 mbytes be 2 mbytes conform transmit exceed set-cos-transmit 1 violate drop
matched : 16218780 packets, 1102879420 bytes
Service-policy (queuing) output: default-out-policy
--------------------------------
Class-map (queuing): q0
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q1
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q2
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q3
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q4
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q5
priority
output : 18527 packets, 1259836 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q6
priority
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): q7
priority
output : 5 packets, 615 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q0
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q1
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q2
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q3
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q4
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q5
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q6
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Class-map (queuing): mc-q7
output : 0 packets, 0 bytes
dropped : 0 packets, 0 bytes
Wred Drop Statistics :
----------------------
green : 0 packets
yellow : 0 packets
red : 0 packets