Hi Bradley,I think you will

Bradley Urberg Carlson · ‎05-23-2015

On 3560x, I'd like to markdown any traffic received >100mbps to CS2.

It looks like the only markdown map available is DSCP-based, not CoS-based (there is no "police ... exceed-action policed-cos-transmit" command)

Does that mean I need to:

-not trust DSCP or CoS on input ; internal DSCP value will be 0

interface GigabitEthernet0/1

no switchport

no trust dscp

no trust qos

- markdown the internal DSCP value from 0 to 16 using 100mbps policer

mls qos map policed-dscp 0 to 16

policy-map pm-policed-input
class class-default
police 100000 8000 exceed-action policed-dscp-transmit

- then map dscp16 to CS2 for output

mls qos map dscp-cos 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7

(or would packets with internal dscp 16 just automatically be tagged CS2 when egress is over a trunk port?)

Not sure if it matters, but this ingress is via "no switchport" ports and egress is via SVI carried over a trunk port.

acampbell · ‎05-25-2015

Hi Bradley,

I think you will need to be more explicit with your
policed-dscp map.

You need all values from 16 upwards to now use 16

Try this,

!
mls qos map policed-dscp 56 57 58 59 60 61 62 63 to 16
mls qos map policed-dscp 48 49 50 51 52 53 54 55 to 16
mls qos map policed-dscp 40 41 42 43 44 45 46 47 to 16
mls qos map policed-dscp 32 33 34 35 36 37 38 39 to 16
mls qos map policed-dscp 24 25 26 27 28 29 30 31 to 16
mls qos map policed-dscp 17 18 19 20 21 22 23 to 16
!
end

show mls qos maps policed-dscp

Now all your DSCP from 16 (CS2) upwards should all be 16

To default the "policed-dscp map"

!
no mls qos policed-dscp
!

Regards
Alex

Regards, Alex. Please rate useful posts.

c3560x markdown policing using CoS