Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
3
Helpful
4
Replies

Catalyst 3550 policing

dzuodar
Level 1
Level 1

‎08-16-2004 07:25 AM - edited ‎03-02-2019 05:47 PM

Hi all!

A customer wants to set-up a WAN simulation, therefore i have configured a Catalyst 3550 with 4 different vlans. The idea is to police data traffic ,when it wants to cross the VLAN border (= enters the virtual WAN), at 2 Mbps. I had configured a policy-map but when i tried to apply it on the VLAN interface, i received the error message

"QoS: policymap is not supported on virtual interfaces Service Policy attachment failed"

Anybody knows how to do the trick another way. So i want to limit data traffic in between the different VLANs to max 2 Mbps in order to simulate a WAN.

thanks and best regards!

Dimitri

Labels:
0 Helpful
4 Replies 4

a.awan
Level 4
Level 4

‎08-16-2004 07:55 AM

Yep unfortunately policing is not supported on logical VLAN interfaces on the 3550. What is the exact topology? Is it just one 3550 with one port per VLAN or is there more to this simulation? One way i can think of is to apply a policer on the physical ports and match on the other VLAN destination addresses (if applied inbound) or source (if applied outbound). You will have to apply it on all participating ports though.

dzuodar
Level 1
Level 1
In response to a.awan

‎08-16-2004 10:59 PM

the exact topology: one 3550-24 with 4 VLANs, ports 1-6 are vlan 2, ports 7-12 are vlan 3, ports 13-18 are vlan 4 and ports 19-24 are vlan 5.

i will now try to apply the policer on the physical ports and see what the results are...

thanks for this info, i will post the config (hopefully a working one :)) later.

0 Helpful

dzuodar
Level 1
Level 1
In response to a.awan

‎08-17-2004 01:07 AM

completed the config and performed some testing, looks ok! transferred a 150 MB file in about 10 min, so that's 2 Mbps!

for information, config extract:

ip routing

!

mls qos

!

class-map match-all outbound-vlan4

match access-group name outbound-vlan4

class-map match-all outbound-vlan5

match access-group name outbound-vlan5

class-map match-all outbound-vlan2

match access-group name outbound-vlan2

class-map match-all outbound-vlan3

match access-group name outbound-vlan3

!

policy-map outbound-vlan4

class outbound-vlan4

police 2096000 262144 exceed-action drop

policy-map outbound-vlan5

class outbound-vlan5

police 2096000 262144 exceed-action drop

policy-map outbound-vlan2

class outbound-vlan2

police 2096000 262144 exceed-action drop

policy-map outbound-vlan3

class outbound-vlan3

police 2096000 262144 exceed-action drop

!

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

service-policy input outbound-vlan2

no cdp enable

spanning-tree portfast

!

! f0/1 - 6 have same configuration

!

interface FastEthernet0/7

switchport access vlan 3

switchport mode access

service-policy input outbound-vlan3

no cdp enable

spanning-tree portfast

!

! f0/7 - 12 have same configuration

!

interface FastEthernet0/13

switchport access vlan 4

switchport mode access

service-policy input outbound-vlan4

no cdp enable

spanning-tree portfast

!

! f0/13 - 18 have same configuration

!

interface FastEthernet0/19

switchport access vlan 5

switchport mode access

service-policy input outbound-vlan5

no cdp enable

spanning-tree portfast

!

! f0/19 - 24 have same configuration

!

interface Vlan1

no ip address

!

interface Vlan2

ip address 172.19.2.254 255.255.255.0

!

interface Vlan3

ip address 10.1.253.254 255.255.255.0

!

interface Vlan4

ip address 10.39.1.254 255.255.255.0

!

interface Vlan5

ip address 10.9.1.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 Null0

no ip http server

!

ip access-list extended outbound-vlan2

permit ip 172.19.2.0 0.0.0.255 10.1.253.0 0.0.0.255

permit ip 172.19.2.0 0.0.0.255 10.39.1.0 0.0.0.255

permit ip 172.19.2.0 0.0.0.255 10.9.1.0 0.0.0.255

ip access-list extended outbound-vlan3

permit ip 10.1.253.0 0.0.0.255 172.19.2.0 0.0.0.255

permit ip 10.1.253.0 0.0.0.255 10.39.1.0 0.0.0.255

permit ip 10.1.253.0 0.0.0.255 10.9.1.0 0.0.0.255

ip access-list extended outbound-vlan4

permit ip 10.39.1.0 0.0.0.255 172.19.2.0 0.0.0.255

permit ip 10.39.1.0 0.0.0.255 10.1.253.0 0.0.0.255

permit ip 10.39.1.0 0.0.0.255 10.9.1.0 0.0.0.255

ip access-list extended outbound-vlan5

permit ip 10.9.1.0 0.0.0.255 172.19.2.0 0.0.0.255

permit ip 10.9.1.0 0.0.0.255 10.1.253.0 0.0.0.255

permit ip 10.9.1.0 0.0.0.255 10.39.1.0 0.0.0.255

cheers,

Dimitri

0 Helpful

a.awan
Level 4
Level 4
In response to dzuodar

‎08-17-2004 01:37 AM

Glad to hear it worked for you. Configuration looks good, hope your customer is satisfied :-).

0 Helpful
Customers Also Viewed These Support Documents