02-14-2017 10:36 AM - edited 03-08-2019 09:20 AM
Hi ,
On switches C3650 (L3) whichi is ios-xe, I'd like to configure rate limit on interface vlan using QoS. Can someone give me some configuration examples?
My end devices are connected on L2 switch e.g. 2960. In this case, should I also configure Qos on the ports where devices connected?
Thanks.
Solved! Go to Solution.
02-14-2017 03:41 PM
Something like this:
policy-map pm-police
class class-default
police cir 500000000
conform-action transmit
exceed-action drop
interface vlan xxx
service-policy output pm-police
service-policy input pm-police
02-15-2017 01:47 AM
Hello
You could also try:
class-map Policed_traffic
match input-inter xx xx ( trunk interfaces allowing the vlan)
policy-map Policed_traffic_pm
class Policed_traffic
police 51200000 1600000 exceed-action drop
access-list 100 permit ip any any
class-map policed_vlan140_cm
match access-group 100
policy-map Policed_vlan140_pm
class policed_vlan140_cm
service_policy Policed_traffic_pm
int vlan 140
service-policy input Policed_vlan140_pm
int xx (all trunk links with vlan140 traversing)
mls qos vlan-based
res
Paul
02-14-2017 12:54 PM
If you want the QoS to be "per port" then you should apply it on the port level. If you want it to apply to everything on the whole VLAN then apply it on the VLAN.
02-14-2017 02:05 PM
I need to apply on the whole vlan. Could you send me some configuration examples or show me a link ?
02-14-2017 03:41 PM
Something like this:
policy-map pm-police
class class-default
police cir 500000000
conform-action transmit
exceed-action drop
interface vlan xxx
service-policy output pm-police
service-policy input pm-police
02-14-2017 11:24 PM
Hi Philip,
Thanks for this example.
I thought that service-policy output is enough. Whats your reason to apply both input & output?
02-14-2017 11:25 PM
Do you want the speed direction in one direction - or both directions?
02-14-2017 11:38 PM
I got it. Both directions are better. thanks again.
here's my output:
class-map match-any vlan-class
match vlan 140
match vlan 160
policy-map pm-police
class vlan-class
police cir 500000000
conform-action transmit
exceed-action drop
class class-default
interface vlan 140
service-policy output pm-police
service-policy input pm-police
interface vlan 160
service-policy output pm-police
service-policy input pm-police
02-14-2017 11:41 PM
You have made it more complicated than it needs to be. Get rid of "vlan-class", and change to the below. You can apply the same policy to as many vlans as you want. Some people like to name the policy after the speed to make it quick and easy to apply to new vlans/ports.
policy-map pm-police
class class-default
police cir 500000000
conform-action transmit
exceed-action drop
class class-default
02-15-2017 01:47 AM
Hello
You could also try:
class-map Policed_traffic
match input-inter xx xx ( trunk interfaces allowing the vlan)
policy-map Policed_traffic_pm
class Policed_traffic
police 51200000 1600000 exceed-action drop
access-list 100 permit ip any any
class-map policed_vlan140_cm
match access-group 100
policy-map Policed_vlan140_pm
class policed_vlan140_cm
service_policy Policed_traffic_pm
int vlan 140
service-policy input Policed_vlan140_pm
int xx (all trunk links with vlan140 traversing)
mls qos vlan-based
res
Paul
02-15-2017 11:12 PM
Hi,
Thank you for this vlan-based qos example. I'll choose one which impacts less in my production network.
03-15-2017 12:34 AM
Hi Philip,
I've implemented as you said, but I got an error when I applied on interface vlan:
interface vlan 140
service-policy output pm-police
service-policy input pm-police
Only Marking policy action is supported on SVI interface. Policy Rejected
It is a cisco C3650-24TS, v16.3.1
Did you have this issue?
03-15-2017 06:05 PM
What happens if you put it on an actual port, rather than on a VLAN interface?
03-16-2017 12:01 PM
It works if I put it on interface (trunk) of this 3650 L3 switch, which is distribution layer.
Now, I'm working on access layer switches. They are 2960x v15.2 ios. I got an error when I put the policy on access port:
%QoS-install-failed error
I'm confused that Qos command behavior changes if switches are of different type.
Still searching a workaround...
03-14-2017 02:00 AM
Hi Philip,
I've implemented as you said, but I got an error when I applied on interface vlan:
Only Marking policy action is supported on SVI interface. Policy Rejected
It is a cisco C3650-24TS, v16.3.1
Did you have this issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide