09-11-2019 07:14 PM
Hi All,
I have a 3850 Switch with several Trunk Ports. Each of these Trunk Ports have several unique VLANs configured. I have a need to rate limit each VLAN individually and independent of the physical Trunk Interface.
e.g. Trunk Port ge0/0/1
VLAN 1007 - to be Limited to 20 Mbps
VLAN 1008 - to be Limited to 50 Mbps
VLAN 1009 - to be Limited to 100 Mbps
Is this possible? If so, how is it achieved?
Thanks in advance for any and all assistance!
Solved! Go to Solution.
09-12-2019 02:21 AM - edited 09-12-2019 02:23 AM
Hello
Just checked the cisco doc for 3850 vlan qos looks like it per-port-vlan - here
Examples: Policer VLAN Configuration
The following example displays a VLAN policer configuration. At the end of this configuration, the VLAN policy map is applied to an interface for QoS.
conf t
class-map vlan100
match vlan 100
policy-map vlan100
policy-map class vlan100
police 100000 bc conform-action transmit exceed-action drop
interface gigabitEthernet1/0/5 <---physical interfaces not SVI
service-policy input vlan100
09-12-2019 01:33 AM - edited 09-12-2019 02:04 AM
Hello
The below config is based on 3650 vlan qos has i don't have access to 3850's so it may not be applicable as i am aware the 3750 had some cavets regards policing on svi's
conf t
mls qos
class-map Trunk_Interfaces
match input-interface ge0/0/1 ge0/0/x ge0/0/x etc..
policy-map vlan1007
class Trunk_Interfaces
police 20480000 640000 exceed-action drop
policy-map vlan1008
class Trunk_Interfaces
police 51200000 1600000 exceed-action drop
policy-map vlan1009
class Trunk_Interfaces
police 102400000 3200000 exceed-action drop
ip access-list extended 110
permit ip any any
class-map IP
match access-group 110
policy-map vlan1007_parent
class IP
service-policy vlan1007
policy-map vlan1008_parent
class IP
service-policy vlan1008
policy-map vlan1009_parent
class IP
service-policy vlan1009
interface Vlan1007
service-policy input vlan1007_parent
interface Vlan1008
service-policy input vlan1008_parent
interface Vlan1009
service-policy input vlan1009_parent
int ge0/0/x (all trunk links with vlan1007-9 traversing them)
mls qos vlan-based
09-12-2019 02:21 AM - edited 09-12-2019 02:23 AM
Hello
Just checked the cisco doc for 3850 vlan qos looks like it per-port-vlan - here
Examples: Policer VLAN Configuration
The following example displays a VLAN policer configuration. At the end of this configuration, the VLAN policy map is applied to an interface for QoS.
conf t
class-map vlan100
match vlan 100
policy-map vlan100
policy-map class vlan100
police 100000 bc conform-action transmit exceed-action drop
interface gigabitEthernet1/0/5 <---physical interfaces not SVI
service-policy input vlan100
09-16-2019 08:12 PM
Hi Paul,
Firstly, thanks for the effort you put into finding a solution for my requirements - greatly appreciated.
Whilst the solution config is exactly what I am looking for - I have hit a brick wall. Using CLI,
I have successfully completed config steps for the first vlan1001 however, when I go to apply the second vlan1007 service-policy to the interface, the switch advises service-policy vlan1001 is already assigned to the interface.
Is there a step I am overlooking?
Thanks
Craig
09-17-2019 02:19 AM
Hello,
try and consolidate all policers into one policy:
class-map VLAN_1007_CLASS
match vlan 1007
class-map VLAN_1008_CLASS
match vlan 1008
class-map VLAN_1009_CLASS
match vlan 1009
policy-map VLAN_POLICY
class VLAN_1007_CLASS
police 20m
conform-action transmit exceed-action drop
class VLAN_1008_CLASS
police 50m
conform-action transmit exceed-action drop
class VLAN_1009_CLASS
police 100m
conform-action transmit exceed-action drop
!
interface GigabitEthernet 1/0/5
service-policy input VLAN_POLICY
Also, if possible, try and use shapers instead of policers, as shapers usually smooth out traffic bursts, while policers can abruptly drop excess traffic:
class-map VLAN_1007_CLASS
match vlan 1007
class-map VLAN_1008_CLASS
match vlan 1008
class-map VLAN_1009_CLASS
match vlan 1009
policy-map VLAN_POLICY
class VLAN_1007_CLASS
shape average 20000000
class VLAN_1008_CLASS
shape average 50000000
class VLAN_1009_CLASS
shape average 100000000
!
interface GigabitEthernet 1/0/5
service-policy input VLAN_POLICY
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: