QoS configuration is modular in fashion, meaning you configure different modules of your policy and then pull it all together under the interface. Class maps are used to define the traffic that will be policed, or manipulated. Under class map configuration you can specify an access-list to match, IP precedence, CoS or DSCP values. This example classifies traffic that came from the IP address 10.1.1.1:
access-list 10 permit 10.1.1.1 class-map xxxxxx match access-group 10
This is the first module of our QoS configuration, now we can create a policy map to specify what we want to do to our classified traffic.
Policy Maps
Policy maps are the next module of this whole puzzle. They are used to police and mark the classified traffic. For example:
policy-map xxxxxx class xxxxxx set ip dscp 56 police 2500000 200000 exceed-action drop
These modules are all pulled together under the preferred interface with the command:
service policy [inputoutput] xxxxxx
Between the above two examples you learned how to classify, police, and mark using policy maps. Now we will show how to classify, police, and mark using Aggregate policers. Aggregate policers allow the switch to use the same policer for multiple flows, and are recommended for a smaller number of combined flows.
This example shows how to create an aggregate policer and attach it to multiple classes within a policy map. In the configuration, the IP ACLs permit traffic from network 10.1.0.0 and from host 11.3.1.1. For traffic coming from network 10.1.0.0, the DSCP in the incoming packets is trusted. For traffic coming from host 11.3.1.1, the DSCP in the packet is changed to 56. The traffic rate from the 10.1.0.0 network and from host 11.3.1.1 is policed. If the traffic exceeds an average rate of 48000 bps and a normal burst size of 8000 bytes, its DSCP is marked down (based on the policed-DSCP map) and sent. The policy map is attached to an ingress interface:
精品推荐