Contents

• Policer Enhancement - Multiple Actions
• Finding Feature Information
• Feature Overview
• Benefits
• Restrictions
• Related Features and Technologies
• Related Documents
• Supported Platforms
• Supported Standards MIBs and RFCs
• Prerequisites
• Configuration Tasks
• Configuring Multiple Policer Actions
• Verifying the Multiple Policer Actions Configuration
• Troubleshooting Tips
• Monitoring and Maintaining the Multiple Policer Actions
• Configuration Examples
• Example Multiple Actions in a Two-Rate Policer
• Example Verifying the Multiple Policer Actions

Policer Enhancement - Multiple Actions

---

• Finding Feature Information
• Feature Overview
• Supported Platforms
• Supported Standards MIBs and RFCs
• Prerequisites
• Configuration Tasks
• Monitoring and Maintaining the Multiple Policer Actions
• Configuration Examples

Supported Platforms

• Cisco 1700 series

• Cisco 2600 series

• Cisco 3620

• Cisco 3640

• Cisco 3660

• Cisco 7100 series

• Cisco 7200 series

• Cisco 7500 series (VIP-based platform only)

• Cisco MC3810

Note

To use the set-clp-transmitaction available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter (such as the Cisco 2600 series router and the Cisco 3640 router). For more information, refer to the documentation for your specific router.

Router#
 show policy-map interface

Router# show policy-map

Router# show policy-map policy-map-name

Router# show policy-map interface

Router(config)# policy-map police
Router(config-pmap)# class class-default
Router(config-pmap-c)# police cir 1000000 pir 2000000
 
Router(config-pmap-c-police)# conform-action transmit
Router(config-pmap-c-police)# exceed-action set-prec-transmit 4
Router(config-pmap-c-police)# exceed-action set-frde
Router(config-pmap-c-police)# violate-action set-prec-transmit 2
Router(config-pmap-c-police)# violate-action set-frde-transmit
 
Router(config-pmap-c-police)# end

Router# show policy-map police
  Policy Map police
    Class class-default
     police cir 1000000 bc 31250 pir 2000000 be 31250
       conform-action transmit 
       exceed-action set-prec-transmit 4
       exceed-action set-frde-transmit 
       violate-action set-prec-transmit 2
       violate-action set-frde-transmit 

Contents

• Policer Enhancement - Multiple Actions
• Finding Feature Information
• Feature Overview
• Benefits
• Restrictions
• Related Features and Technologies
• Related Documents
• Supported Platforms
• Supported Standards MIBs and RFCs
• Prerequisites
• Configuration Tasks
• Configuring Multiple Policer Actions
• Verifying the Multiple Policer Actions Configuration
• Troubleshooting Tips
• Monitoring and Maintaining the Multiple Policer Actions
• Configuration Examples
• Example Multiple Actions in a Two-Rate Policer
• Example Verifying the Multiple Policer Actions

Policer Enhancement - Multiple Actions

---

Feature History

Release	Modification
12.2(8)T	This feature was introduced.

This document describes the Policer Enhancement -- Multiple Actions feature in Cisco IOS Release 12.2(8)T. It includes the following sections:

• Finding Feature Information
• Feature Overview
• Supported Platforms
• Supported Standards MIBs and RFCs
• Prerequisites
• Configuration Tasks
• Monitoring and Maintaining the Multiple Policer Actions
• Configuration Examples

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Feature Overview

This feature further extends the functionality of the Cisco IOS Traffic Policing feature (a single-rate policer) and the Two-Rate Policer feature. The Traffic Policing and Two-Rate Policer features are traffic policing mechanisms that allow you to control the maximum rate of traffic sent or received on an interface. Both of these traffic policing mechanisms mark packets as either conforming to, exceeding, or violating a specified rate. After a packet is marked, you can specify an action to be taken on the packet based on that marking.

With both the Traffic Policing feature and the Two-Rate Policer feature, you can specify only one conform action, one exceed action, and one violate action. Now with the new Policer Enhancement -- Multiple Actions feature, you can specify multiple conform, exceed, and violate actions for the marked packets.

• Benefits
• Restrictions
• Related Features and Technologies
• Related Documents

Benefits

Before this feature, you could specify only one marking action for a packet, in addition to transmitting the packet. This feature provides enhanced flexibility by allowing you to specify multiple marking actions for a packet, as required. For example, if you know the packet will be transmitted through both a TCP/IP and a Frame Relay environment, you can change the DSCP value of the exceeding or violating packet, and also set the Frame Relay Discard Eligibility (DE) bit from 0 to 1 to indicate lower priority.

Restrictions

• On a Cisco 7500 series router, traffic policing can monitor Cisco Express Forwarding (CEF) or distributed CEF (dCEF) switching paths only. To use the Two-Rate Policer, CEF or dCEF must be configured on both the interface receiving the packet and the interface sending the packet.

• On a Cisco 7500 series router, traffic policing cannot be applied to packets that originated from or are destined to a router.

• Multiple policer actions can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC) only.

• When using this feature, you can specify a maximum of four actions at one time.

• Multiple policer actions are not supported on the following interfaces:

  • Fast EtherChannel
  • PRI
  • Any interface on a Cisco 7500 series router that does not support CEF or dCEF

Related Features and Technologies

• Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC)

• Class-Based Weighted Fair Queueing (CBWFQ)

• Class-Based Packet Marking

• Traffic Policing

• Two-Rate Policing

Related Documents

• "Applying QoS Features Using the MQC" module

• "Configuring Weighted Fair Queueing" module

• Marking Network Traffic" module

• "Policing and Shaping Overview" module

• "Traffic Policing" module

• "Two-Rate Policer" module

• Cisco IOS Quality of Service Solutions Command Reference.

• RFC 2697, A Single Rate Three Color Marker

• RFC 2698, A Two Rate Three Color Marker

Supported Platforms

• Cisco 1700 series

• Cisco 2600 series

• Cisco 3620

• Cisco 3640

• Cisco 3660

• Cisco 7100 series

• Cisco 7200 series

• Cisco 7500 series (VIP-based platform only)

• Cisco MC3810

Note

To use the set-clp-transmitaction available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter (such as the Cisco 2600 series router and the Cisco 3640 router). For more information, refer to the documentation for your specific router.

Supported Standards MIBs and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

• CISCO-CLASS-BASED-QOS-MIB

• CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

• RFC 2697, A Single Rate Three Color Marker

• RFC 2698, A Two Rate Three Color Marker

Prerequisites

• On a Cisco 7500 series router, CEF or dCEF must be configured on the interface before you can use the Policer Enhancement -- Multiple Actions feature.

• To configure the Policer Enhancement -- Multiple Actions feature, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface.

Configuration Tasks

• Configuring Multiple Policer Actions
• Verifying the Multiple Policer Actions Configuration
• Troubleshooting Tips

Configuring Multiple Policer Actions

SUMMARY STEPS

1.    Router(config)# policy-map policy-map-name

2.    Router(config-pmap)# class class-default

3.    Router(config-pmap-c)# police {cir cir}[bc conform-burst]{pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

DETAILED STEPS

	Command or Action	Purpose
Step 1	Router(config)# policy-map policy-map-name	Creates a policy map. Enters policy-map configuration mode.
Step 2	Router(config-pmap)# class class-default	Specifies the default traffic class for a service policy. Enters policy-map class configuration mode.
Step 3	Router(config-pmap-c)# police {cir cir}[bc conform-burst]{pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]	Configures traffic policing and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode.

Verifying the Multiple Policer Actions Configuration

Command	Purpose
Router# show policy-map interface	Displays statistics and configurations of all input and output policies attached to an interface.

Troubleshooting Tips

• Check the interface type. Verify that your interface is not listed as a nonsupported interface in the "Restrictions" section of this document.

• For input traffic policing on a Cisco 7500 series router, verify that CEF or dCEF is configured on the interface on which traffic policing is configured.

• For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is CEF-switched or dCEF-switched. Traffic policing cannot be used on the switching path unless CEF or dCEF switching is enabled.

Monitoring and Maintaining the Multiple Policer Actions

Command	Purpose
Router# show policy-map	Displays all configured policy maps.
Router# show policy-map policy-map-name	Displays the user-specified policy map.
Router# show policy-map interface	Displays statistics and configurations of all input and output policies that are attached to an interface.

Configuration Examples

• Example Multiple Actions in a Two-Rate Policer
• Example Verifying the Multiple Policer Actions

Example Multiple Actions in a Two-Rate Policer

In the following example, a policy map called police is configured to use a two-rate policer to police traffic leaving an interface. Two rates, a committed information rate (CIR) of 1 Mbps and a peak information rate (PIR) of 2 Mbps, have been specified.

Router(config)# policy-map police
Router(config-pmap)# class class-default
Router(config-pmap-c)# police cir 1000000 pir 2000000
 
Router(config-pmap-c-police)# conform-action transmit
Router(config-pmap-c-police)# exceed-action set-prec-transmit 4
Router(config-pmap-c-police)# exceed-action set-frde
Router(config-pmap-c-police)# violate-action set-prec-transmit 2
Router(config-pmap-c-police)# violate-action set-frde-transmit
 
Router(config-pmap-c-police)# end

The following actions will be performed on packets associated with the policy map called police:

• All packets marked as conforming to these rates (that is, packets conforming to the CIR) will be transmitted unaltered.

• All packets marked as exceeding these rates (that is, packets exceeding the CIR but not exceeding the PIR) will be assigned an IP Precedence level of 4, the DE bit will be set to 1, and then transmitted.

• All packets marked as violating the rate (that is, exceeding the PIR) will be assigned an IP Precedence level of 2, the DE bit will be set to 1, and then transmitted.

Example Verifying the Multiple Policer Actions

The following sample output of the show policy-mapcommand displays the configuration for a service policy called police. In this service policy, multiple actions for packets marked as exceeding the specified CIR rate have been configured. For those packets, the IP Precedence level is set to 4, the DE bit is set to 1, and the packet is transmitted. Multiple actions for packets marked as violating the specified PIR rate have also been configured. For those packets, the IP Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted.

Router# show policy-map police
  Policy Map police
    Class class-default
     police cir 1000000 bc 31250 pir 2000000 be 31250
       conform-action transmit 
       exceed-action set-prec-transmit 4
       exceed-action set-frde-transmit 
       violate-action set-prec-transmit 2
       violate-action set-frde-transmit