Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
3
Replies

QoS on Catalyst 3550 tunneling ports

e-chuah
Level 1
Level 1

‎05-03-2005 11:17 PM

Hi..

If i use EWS QinQ tunneling and configure a tunnel port, how can i perform QoS on that port. I would like to rate limit it to say 2Mbps for example.

According to CCO document, any class-map related to layer 3 information will not work in tunnel port. If that is the case, how can i do the rate limiting.

Thanks

Eng Wee

Labels:
0 Helpful
3 Replies 3

e-chuah
Level 1
Level 1

‎05-04-2005 08:26 PM

i tried the config below, but doesn't seem to work. Am i missing anything ?

mls qos

!

class-map match-all POLICE-L2VPN

match access-group name ALL-MAC

!

!

policy-map POLICE-L2VPN

class POLICE-L2VPN

police 1000000 256000 exceed-action drop

!

!

spanning-tree mode pvst

spanning-tree portfast default

spanning-tree portfast bpdufilter default

spanning-tree extend system-id

!

mac access-list extended ALL-MAC

permit any any

!

vlan dot1q tag native

interface FastEthernet0/30

switchport access vlan 30

switchport mode dot1q-tunnel

switchport nonegotiate

no ip address

load-interval 30

service-policy input POLICE-L2VPN

no cdp enable

spanning-tree bpdufilter enable

0 Helpful

Rene Frank
Level 1
Level 1
In response to e-chuah

‎05-05-2005 11:15 PM

Hi

I'm not really sure if the mac acl is working, I haven't such an example in production. I use normally an IP acl.

Here is an example I used many times. It's working fine.

Example:

mls qos

!

class-map match-all C1

match access-group 100

!

policy-map Max2M

class C1

police 2000000 512000 exceed-action drop

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

service-policy input Max2M

!

access-list 100 permit tcp any any

access-list 100 permit udp any any

I haven't a tunnel port, but this shouldn't be a problem. I hope this helps.

Cheers

Rene

0 Helpful

e-chuah
Level 1
Level 1
In response to Rene Frank

‎05-06-2005 08:48 PM

According to TAC, mac acl is for non-IP traffic only, that explains why ip acl doesn't work in tunnelled ports. This is wat tac suggested. I haven't had a chance to try, will try it out when i get back from my leave. If anyone has the chance to try this out, do let me know the outcome

mac access-list extended l2

permit any any

ip access-list extended l3

permit ip any any

class-map L2-traffic

match access-group name l2

class-map L3-traffic

match access-group name l3

mls qos aggregate-policer Customer-1 10000000 13000 exceed-action drop

policy-map Customer-1-policy-ingress

class L2-traffic

police aggregate Customer-1

class L3-traffic

police aggregate Customer-1

0 Helpful
Customers Also Viewed These Support Documents