Solved: C3650 how to configure interface vlan rate limit

h.dam · ‎02-14-2017

Hi ,

On switches C3650 (L3) whichi is ios-xe, I'd like to configure rate limit on interface vlan using QoS. Can someone give me some configuration examples?

My end devices are connected on L2 switch e.g. 2960. In this case, should I also configure Qos on the ports where devices connected?

Thanks.

Philip D'Ath · ‎02-14-2017

Something like this:

policy-map pm-police
 class class-default
 police cir 500000000
 conform-action transmit 
 exceed-action drop
 
interface vlan xxx
 service-policy output pm-police
 service-policy input pm-police

View solution in original post

paul driver · ‎02-15-2017

Hello

You could also try:

class-map Policed_traffic
match input-inter xx xx ( trunk interfaces allowing the vlan)

policy-map Policed_traffic_pm
class Policed_traffic
police 51200000 1600000 exceed-action drop

access-list 100 permit ip any any

class-map policed_vlan140_cm
match access-group 100

policy-map Policed_vlan140_pm
class policed_vlan140_cm
service_policy Policed_traffic_pm

int vlan 140
service-policy input Policed_vlan140_pm

int xx (all trunk links with vlan140 traversing)
mls qos vlan-based

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Philip D'Ath · ‎02-14-2017

If you want the QoS to be "per port" then you should apply it on the port level. If you want it to apply to everything on the whole VLAN then apply it on the VLAN.

h.dam · ‎02-14-2017

I need to apply on the whole vlan. Could you send me some configuration examples or show me a link ?

Philip D'Ath · ‎02-14-2017

Something like this:

policy-map pm-police
 class class-default
 police cir 500000000
 conform-action transmit 
 exceed-action drop
 
interface vlan xxx
 service-policy output pm-police
 service-policy input pm-police

h.dam · ‎02-14-2017

Hi Philip,

Thanks for this example.

I thought that service-policy output is enough. Whats your reason to apply both input & output?

Philip D'Ath · ‎02-14-2017

Do you want the speed direction in one direction - or both directions?

h.dam · ‎02-14-2017

I got it. Both directions are better. thanks again.

here's my output:

class-map match-any vlan-class
match vlan 140
match vlan 160

policy-map pm-police
 class vlan-class
 police cir 500000000
 conform-action transmit 
 exceed-action drop
 class class-default

interface vlan 140
 service-policy output pm-police
 service-policy input pm-police

interface vlan 160
 service-policy output pm-police
 service-policy input pm-police

Philip D'Ath · ‎02-14-2017

You have made it more complicated than it needs to be. Get rid of "vlan-class", and change to the below. You can apply the same policy to as many vlans as you want. Some people like to name the policy after the speed to make it quick and easy to apply to new vlans/ports.

policy-map pm-police
 class class-default
 police cir 500000000
 conform-action transmit 
 exceed-action drop
 class class-default

paul driver · ‎02-15-2017

Hello

You could also try:

class-map Policed_traffic
match input-inter xx xx ( trunk interfaces allowing the vlan)

policy-map Policed_traffic_pm
class Policed_traffic
police 51200000 1600000 exceed-action drop

access-list 100 permit ip any any

class-map policed_vlan140_cm
match access-group 100

policy-map Policed_vlan140_pm
class policed_vlan140_cm
service_policy Policed_traffic_pm

int vlan 140
service-policy input Policed_vlan140_pm

int xx (all trunk links with vlan140 traversing)
mls qos vlan-based

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

h.dam · ‎02-15-2017

Hi,

Thank you for this vlan-based qos example. I'll choose one which impacts less in my production network.

h.dam · ‎03-15-2017

Hi Philip,

I've implemented as you said, but I got an error when I applied on interface vlan:

interface vlan 140
 service-policy output pm-police
 service-policy input pm-police

Only Marking policy action is supported on SVI interface. Policy Rejected

It is a cisco C3650-24TS, v16.3.1

Did you have this issue?

Philip D'Ath · ‎03-15-2017

What happens if you put it on an actual port, rather than on a VLAN interface?

h.dam · ‎03-16-2017

It works if I put it on interface (trunk) of this 3650 L3 switch, which is distribution layer.

Now, I'm working on access layer switches. They are 2960x v15.2 ios. I got an error when I put the policy on access port:

%QoS-install-failed error

I'm confused that Qos command behavior changes if switches are of different type.

Still searching a workaround...

h.dam · ‎03-14-2017

Hi Philip,

I've implemented as you said, but I got an error when I applied on interface vlan:

Only Marking policy action is supported on SVI interface. Policy Rejected

It is a cisco C3650-24TS, v16.3.1

Did you have this issue?