12-05-2008 01:12 PM
This is crazy long, but please bear with me.
My goal is basically to provide tiers of service ie. 3Mb down 512k up or 1Mb down 256k up.
I'm able to set the upload rate just fine by applying the following.
ip access-list extended matchanyacl
permit ip any any
!
class-map match-all alltraffic
match access-group name matchanyacl
!
policy-map 384up
class alltraffic
police cir 384000
conform-action transmit
exceed-action drop
!
interface range FastEthernet0/2 - 24
service-policy input 384up
However when I'm working with setting the user's download speed I've attempted to use a similar setup
policy-map 1540down
class alltraffic
police cir 1576500
conform-action transmit
exceed-action drop
but when I apply it to the interface it gives me this error.
Configuration Failed. Can not have ACL based classification in a class-map within an output policy-map
So I changed from matching an ACL to just having the class-map match anything
class-map match-all alltraffic
match any
!
policy-map 1540down
class alltraffic
police cir 1576500
conform-action transmit
exceed-action drop
but after I apply it to an interface I get this error.
QoS: Configuration failed. Priority action is required with a policer in an output policy 1540down
So I added the priority command so that the policy looks like this.
policy-map 1540down
class alltraffic
police cir 1576500
conform-action transmit
exceed-action drop
priority
but when I apply it to the interface I get the following error
Match any is not supported for this interface
So I change the match any to a match protocol ip (which to me is basically any)
class-map match-all alltraffic
match protocol ip
policy-map 1540down
class alltraffic
police cir 1576500
conform-action transmit
exceed-action drop
priority
but I get this message
Match protocol is not supported for this interface
So I changed my tactics and tried to use shaping instead of policing.
policy-map 1540down
class class-default
shape average 1576500
but when I apply this as an output policy to the interface I receive the following error.
QoS: Configuration failed. The configured rate 1576500 bps is not achievable in hw within 1% of configuration.
Closest value(s) are: 11111120 bps, 5882368 bps
So I switched back to policing for one final go at it. And I seem to have made it to a working configuration, but I wanted to get some extra input about whether or not this is even the best way to accomplish this. I switched to tagging traffic when it comes in on my uplink interface and setting it to a qos-group x and then matching that qos-group in my policy for later policing as an output policy.
ip access-list extended matchanyacl
permit ip any any
!
class-map match-all uplink
match access-group name matchanyacl
class-map match-all alltraffic
match qos-group 75
!
policy-map 1540down
class alltraffic
police cir 1576500
conform-action transmit
exceed-action drop
priority
policy-map uplinktag
class uplink
set qos-group 75
!
interface FastEthernet0/1
desc ## uplink port ##
service-policy input uplinktag
interface range f0/2 - 24
Desc ## User ports ##
service-policy output 1540down
Does anyone have any input or know of a better method to achieve my goal? Thanks for looking.
12-11-2008 10:12 AM
The Cisco ME 3400 Series supports numerous management features. Support for Simple Network Management Protocol (SNMP) versions 1, 2c, and 3 and Telnet interface support deliver comprehensive in-band management, and a command-line-based management console provides detailed out-of-band management. The Cisco ME 3400 Series also supports the Cisco CNS 2100 Series Intelligence Engine, a hardware appliance supporting a suite of Cisco CNS products (intelligent agents) that function with device agents to create a programmable network.
Cisco Works network management software provides management capabilities to the Cisco ME 3400 Series on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
For further information click this link.
01-07-2009 11:26 AM
The egress side has got some problems with it. The way I worked it out was, I did Ingress/Ingress policing only with a child parent relationship of policies.
This allows me to get as granular as I want, without having to worry about out of hardware spec or port speeds. I can have a 1gig handoff, and rate shape down as low as I want. Just also as a side note, Cisco scolded me for limiting below 5mbs and said the box wasnt really designed to go that low.
Anyways, here is a sample config. Just change the values as you want:
class-map match-all cust-vlan
match vlan 201
class-map match-all mgmt-vlan
match vlan 1
!
!
policy-map MGMT
class class-default
police cir 10000000
conform-action transmit
exceed-action transmit
policy-map cust-child
class class-default
police cir 6000000
conform-action transmit
exceed-action drop
policy-map provider
class mgmt-vlan
service-policy MGMT
class cust-vlan
service-policy cust-child
interface GigabitEthernet0/4
description uplink
service-policy input provider
interface gig0/1
description customer interface
service-policy input cust-child
Hope this helps!
01-20-2009 08:27 PM
Thanks that really helps to hear what others are using. With my config I was starting to have problems with a few ports err-disabling with specific speeds, but I seem to be successfully limiting to 1.5 by 384 without too many issues. My biggest problem is that I'm using these at a few locations where I've way over subscribed the connection that the property is actually sitting on. A few currently only have 5mb for 60+ users so any I need to limit as much as possible to eliminate any bandwidth hogs without taking anyone too low. I suppose next I need to look at nbar to see what protocols can be tuned/pruned.
Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide