Showing results for 
Search instead for 
Did you mean: 

Bit of QoS help

hello. i've got a point to point OC-3 link between two cisco 7204s that i've implemented QoS over, but I need some verification that my configuration is doing what i intended it to.

class-map match-all DMZ_in

match any

class-map match-all edge3000_out

match qos-group 1

class-map match-any edge3000_in

match any

class-map match-all DMZ_out

match qos-group 2



policy-map oc3_out

class edge3000_out

shape peak 135000000

class DMZ_out

bandwidth remaining percent 100

policy-map mark_DMZ

class DMZ_in

set qos-group 2

policy-map mark_edge3000

class edge3000_in

set qos-group 1



interface GigabitEthernet0/1.20

service-policy input mark_DMZ


interface GigabitEthernet0/2

service-policy input mark_edge3000


interface GigabitEthernet0/3

service-policy input mark_edge3000


interface POS1/0

service-policy output oc3_out

i intend the edge3000_out class to get 135Mbps, no more, no less, and have priority over any other traffic. the DMZ_out class can have all the remaining bandwidth available, and also be prioritized over unclassified traffic. have i set this up correctly?



What you have there should get the job done for you. I would use either IP Prec/DSCP based marking myself and would change shape to a policer. The outbound shape will buffer traffic if it goes above and beyond 135Mbps as opposed to a policer that will start dropping traffic that goes above that 135Mbps. If you stay with the shape command you could also do nested policies to prioritize certain traffic within Edge3000 queue.

Joseph W. Doherty
Hall of Fame Expert

Two possible issues with your policy. First, you didn't define bandwidth for policy-map oc3_out's class edge3000_out. Second, if you really want to assure the edge3000_out class has priority, you might want to place it into a LLQ class. Otherwise, you could set the class's bandwidth to 135 Mbps to provide a guaranteed minimum bandwidth too.

Some minor points: You could allow policy-map oc3_out's class DMZ_out to default into the default class, allthough if you do, be careful that the default FQ doesn't negate the bandwidth floor for class edge3000_out. (Can be addressed by setting class-default to use FIFO or class edge3000_out to LLQ.) I also note your shaper is using peak rather than average, which is fine as long as you desire to allow an initial burst to use more bandwidth.


Not positive whether it works with CBWFQ policy maps, but I wonder whether you might be able to match directly against the inbound interface and avoid the need for marking traffic, even if using internal QoS groups.