Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1193
Views
10
Helpful
9
Replies

Solution for simple QoS shape on int vlan

Go to solution
Filip Knezevic
Level 1
Level 1

‎06-22-2018 08:14 AM - edited ‎03-08-2019 03:27 PM

Hello all,

 

It looks like the QoS service-policy (shape) on the vlan interface is only limiting download, but not upload. That is a huge issue for us, since sometimes we can't segregate the port for the client from the other clients. So I only need to be able to limit the traffic, not to prioritize it.

 

Any help would be appreciated. 

 

Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Filip Knezevic

‎06-23-2018 06:06 AM

Much depends on the QoS capabilities of the device, but maybe something similar to:

policy-map RateLimit100
class class-default
police average 100000000

int x
service-policy in RateLimit100
service-policy out RateLimit100

View solution in original post

0 Helpful

Go to solution
Eric101
Level 1
Level 1
In response to Filip Knezevic

‎06-25-2018 06:28 AM

The "show platform hardware capacity qos" should show your resource usage.

What version of IOS are you running? There was some significant command changes between 12.2 and 15 on these platforms.

I am assuming that you have a Layer 3 SVI, with a layer 2 LAN port (switchport XX command) connected downstream to a customer.
Have you enabled VLAN based QoS on the port?

config terminal
interface x/x
mls qos vlan-based
end

Confirmation command:
show mls qos | begin QoS is vlan-based
QoS is vlan-based on the following interfaces:
Ifx/x
<...Output Truncated...>

This will allow Layer 3 PFC egress policies configured on an SVI to be applied on a layer 2 port.

Do you have a copy of your configuration available? Relevant class-maps, policy-map, SVI and the layer 2 port.

View solution in original post

9 Replies 9

Go to solution
Eric101
Level 1
Level 1

‎06-22-2018 12:22 PM

Hello,
If you wish to limit inbound traffic (assuming the SVI is the default gateway of your client)
You need to create a qos policy to police the inbound (upload) traffic to a desired data rate. Shaping action is only possible in the outbound direction for most platforms.

If the problem flow is a known conversation (e.g. machine to machine replication) you can create a specific policer for that conversation via an extended ACL. e.g. host a any host b ssh

0 Helpful

Go to solution
Filip Knezevic
Level 1
Level 1
In response to Eric101

‎06-22-2018 01:27 PM

Hi Eric,

 

Thanks  for the reply. For the sake of the simplicity, let's say the customer's router is connected directly to one of the switch ports. We create an SVI interface and put the port (where the client is connected) to access mode. And we want to limit the traffic to 100/100M. How would that policy look like?

Thanks in advance.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Filip Knezevic

‎06-23-2018 06:06 AM

Much depends on the QoS capabilities of the device, but maybe something similar to:

policy-map RateLimit100
class class-default
police average 100000000

int x
service-policy in RateLimit100
service-policy out RateLimit100
0 Helpful

Go to solution
Filip Knezevic
Level 1
Level 1
In response to Joseph W. Doherty

‎06-23-2018 12:25 PM

Hello Joseph,

 

Thank you very much. We mainly use 7600 and 6500 series, so I dont think there should be issues. Ill try this on Monday and I'll let you know if it's working.

0 Helpful

Go to solution
Filip Knezevic
Level 1
Level 1
In response to Filip Knezevic

‎06-25-2018 12:48 AM

Hello Joseph,

 

I was not in front of my PC when you've sent me your response. Basically this is exactly the same as I already did. But it's only affecting the download, upload is unshaped. I have set the 30M policy on SVI (going through 100M port).

This is the result:


bl.PNG

 

 

Any advice?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Filip Knezevic

‎06-25-2018 04:04 AM

Depending on the sup (?), 6500 have a limit on the number of policers they support (512?). Per chance, do you device have in excess of this number?
0 Helpful

Go to solution
Filip Knezevic
Level 1
Level 1
In response to Joseph W. Doherty

‎06-25-2018 04:51 AM

Hello Joseph,

 

How can I check that?

 

We use this SUPs on our 6500:

Supervisor Engine 720 10GE - VS-S720-10G        SAL12362KA1

 

We use these SUPs on our 7600:

Route Switch Processor 720 10GE - RSP720-3CXL-10GE

6 5 Route Switch Processor 720 10GE - RSP720-3CXL-10GE

 

0 Helpful

Go to solution
Eric101
Level 1
Level 1
In response to Filip Knezevic

‎06-25-2018 06:28 AM

The "show platform hardware capacity qos" should show your resource usage.

What version of IOS are you running? There was some significant command changes between 12.2 and 15 on these platforms.

I am assuming that you have a Layer 3 SVI, with a layer 2 LAN port (switchport XX command) connected downstream to a customer.
Have you enabled VLAN based QoS on the port?

config terminal
interface x/x
mls qos vlan-based
end

Confirmation command:
show mls qos | begin QoS is vlan-based
QoS is vlan-based on the following interfaces:
Ifx/x
<...Output Truncated...>

This will allow Layer 3 PFC egress policies configured on an SVI to be applied on a layer 2 port.

Do you have a copy of your configuration available? Relevant class-maps, policy-map, SVI and the layer 2 port.

Go to solution
Filip Knezevic
Level 1
Level 1
In response to Eric101

‎06-25-2018 07:31 AM

Hello Eric,

 

It looks it was really the mls qos vlan-based command!!! I've applied it to the physical interface and it looks like it's shaping it now.

 

vlan.PNG

Thank you very much, both of you.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card