cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1159
Views
0
Helpful
9
Replies

QoS policing policy fails to apply to Vlan interface on 4500X switch

neil_titchener
Level 1
Level 1

Hi All,

When I try and apply any of the policy-maps outbound on a Vlan interface it accepts the command but does not apply the configuartion.  Has anyone experienced this and does anyone know why it doesnt apply?  The config is below.  All three Policy-maps use the same class-map which shouldn't be an issue

 

class-map match-any BWV
description BWV traffic
match access-group name BWV-410
match access-group name BWV-411
match access-group name BWV-412

policy-map BWV-Upload-limit-412
class BWV
police 20000000 conform-action transmit  exceed-action drop
 
policy-map BWV-Upload-limit-410
class BWV
police 20000000 conform-action transmit  exceed-action drop
 
policy-map BWV-Upload-limit-411
class BWV
police 20000000 conform-action transmit  exceed-action drop

9 Replies 9

Hello,

 

which IOS version are you running ?

Version 03.07.01.E

Hello,

 

how are you applying to the SVI ? Inbound or outbound ?

 

If possible, post the entire config of your switch...

I can't post the whole switch config for security reasons.

I'm trying to apply the config outbound.

The Vlan interface config is quite simple.

Interface Vlan 412

IP address 10.20.1.1 255.255.255.0

Ip helper-address 10.10.10.1

no ip redirects

no ip proxy-arp

 

There's only one othet QoS policy applied across the VSL link between the two switches (VSS).  I think that policy is auto-generated.

 

configuration which I've added below

class-map match-any VSL-MGMT-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
 match any
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match dscp af41
 match dscp af42
 match dscp af43
 match dscp af31
 match dscp af32
 match dscp af33
 match dscp af21
 match dscp af22
 match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match dscp ef
 match dscp cs4
 match dscp cs5
class-map match-any BWV
  description BWV traffic
 match access-group name BWV-410
 match access-group name BWV-411
 match access-group name BWV-412
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match dscp cs2
 match dscp cs3
 match dscp cs6
 match dscp cs7
!
policy-map BWV-Upload-limit-412
 class BWV
  police 20000000 conform-action transmit  exceed-action drop
policy-map BWV-Upload-limit-410
 class BWV
  police 20000000 conform-action transmit  exceed-action drop
policy-map BWV-Upload-limit-411
 class BWV
  police 20000000 conform-action transmit  exceed-action drop
policy-map VSL-Queuing-Policy
 class VSL-MGMT-PACKETS
  bandwidth percent 5
 class VSL-L2-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-L3-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-VOICE-VIDEO-TRAFFIC
  bandwidth percent 30
 class VSL-SIGNALING-NETWORK-MGMT
  bandwidth percent 10
 class VSL-MULTIMEDIA-TRAFFIC
  bandwidth percent 20
 class VSL-DATA-PACKETS
  bandwidth percent 20
 class class-default
  bandwidth percent 5

 

 

Hello,

 

I think outbound policing is not supported on the SVI. Try inbound and see if that works...

Thanks.  The documentation states it is supported.  I can place the policy on the inbound port channel if needed but the Vlan interface/gateway is the logical place for it.

Hello,

 

what I meant was inbound on the SVI:

 

interface Vlan 412

service-policy XXX in

Thanks.  I'll give it a go.

Hello,

 

try to apply the policy in Vlan configuration mode:

 

4500X#conf t

4500X(config)#vlan config 412

4500X(config-vlan-config)#service-policy XXX in/out

Review Cisco Networking for a $25 gift card