The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure policing of traffic classes on the Cisco NX-OS device.
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
Policing is the monitoring of the data rates for a particular class of traffic. When the data rate exceeds user-configured values, marking or dropping of packets occurs immediately. Policing does not buffer the traffic; therefore, the transmission delay is not affected. When traffic exceeds the data rate, you instruct the system to either drop the packets or mark QoS fields in them.
You can define single-rate, dual-rate, and color-aware policers.
Single-rate policers monitor the committed information rate (CIR) of traffic. Dual-rate policers monitor both CIR and peak information rate (PIR) of traffic. In addition, the system monitors associated burst sizes. Three colors, or conditions, are determined by the policer for each packet depending on the data rate parameters supplied: conform (green), exceed (yellow), or violate (red).
You can configure only one action for each condition. For example, you might police for traffic in a class to conform to the data rate of 256000 bits per second, with up to 200 millisecond bursts. The system would apply the conform action to traffic that falls within this rate, and it would apply the violate action to traffic that exceeds this rate.
Color-aware policers assume that traffic has been previously marked with a color. This information is then used in the actions taken by this type of policer.
For more information about policers, see RFC 2697 and RFC 2698.
QoS applies the bandwidth limits specified in a shared policer cumulatively to all flows in the matched traffic. A shared policer applies the same policer to more than one interface simultaneously.
For example, if you configure a shared policer to allow 1 Mbps for all Trivial File Transfer Protocol (TFTP) traffic flows on VLAN 1 and VLAN 3, the device limits the TFTP traffic for all flows combined on VLAN 1 and VLAN 3 to 1 Mbps.
The following are guidelines for configuring shared policers:
You create named shared policers by entering the qos shared-policer command. If you create a shared policer and create a policy using that shared policer and attach the policy to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.
You define shared policers in a policy map class within the police command. If you attach a named shared policer to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.
Shared policing works independently on each module.
Policing has the following prerequisites:
You must be familiar with “Using Modular QoS CLI.”
You are logged on to the switch.
You are in the correct VDC. A VDC is a logical representation of a set of system resources. You can use the switchto vdc command with a VDC number.
Policing has the following configuration guidelines and limitations:
F1 modules do not support policing.
Each module polices independently, which might affect QoS features that are being applied to traffic that is distributed across more than one module. The following are examples of these QoS features:
Policers applied to a port channel interface.
Egress policers applied to a Layer 3 interface. The device performs egress policing decisions at the ingress module.
Policers applied to a VLAN.
All policers in either the ingress or egress direction must use the same mode. For example, if the color-aware mode is needed for a class, all classes in that policy in the same direction must be in the color-aware mode.
An interface policer does not work for the Layer 2 traffic data and control traffic in native VLAN in the following scenarios:
When the native vlan (ID other than 1) command is configured on the interface and the native VLAN ID is missing in the configuration.
If the vlan dot1q tag native exclude control command is configured.
The police rate for traffic between two different port ASIC instances on a module is set differently for all modules in Cisco Nexus 7000 Series.
When traffic is between two different instances on an M1 module, the police rate is shared between the instances. If you add another interface as a third instance, the same police rate is shared as was between the two existing instances. For example, if a police rate of 5 Mbps is shared between two instances and an interface on a third instance is added, then the police rate of 5 Mbps is shared among all three instances.
When the traffic is between two different instances (on all modules in Cisco Nexus 7000 Series), the police rate is not shared between the instances. The police rate is shared only among the interfaces on the same instance. For example, if a police rate of 5 Mbps is set for the interfaces on one instance, this 5 Mbps police rate is not shared with interfaces on another instance.
In M3 modules, MQC supports a shared-policer construct, which allows traffic from multiple targets to share a common policer. The only restriction is that the policing rate for a shared-policer can be supported only within a single decision engine instance.
The traffic is policed if the policer is applied as follows on M1 and F2 modules when the mac packet-classify command is not enabled:
Layer 2 traffic is matched when the policer is configured with MAC access list.
Layer 3 traffic is matched when the policer is configured with IP access list.
Layer 2 and Layer 3 traffic are matched when the policer is configured with MAC access list and IP access list.
When the policer is applied on M1 or F2 modules having Layer 2 and Layer 3 traffic with MAC and IP access list, only the Layer 2 traffic matched with MAC access list is classified if the mac packet-classify command is enabled.
When the port mode is changed, from switchport to no switchport or vice versa, the policy-map configured on the interface will revert to system default, after the interface is bounced or the switch is reloaded.
Configuring Policing
The type of policer created by the device is based on a combination of the police command arguments described in the table below.
 Note |
You must specify the identical value for pir and cir to configure 1-rate 3-color policing. |
|
Argument |
Description |
||
|---|---|---|---|
|
cir |
Committed information rate, or desired bandwidth, specified as a bit rate or a percentage of the link rate. Although a value for cir is required, the argument itself is optional. The range of values is from 1 to 80000000000. The range of policing values is from 8000 to 80 Gbps. |
||
|
percent |
Rate as a percentage of the interface rate. The range of values is from 1 to 100 percent. |
||
|
bc |
Indication of how much the cir can be exceeded, either as a bit rate or an amount of time at cir. The default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter. |
||
|
pir |
Peak information rate, specified as a PIR bit rate or a percentage of the link rate. There is no default. The range of values is from 1 to 80000000000; the range of policing values is from 8000 to 80 Gbps. The range of percentage values is from 1 to 100 percent. |
||
|
be |
Indication of how much the pir can be exceeded, either as a bit rate or an amount of time at pir. When the bc value is not specified, the default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
|
||
|
conform |
Single action to take if the traffic data rate is within bounds. The basic actions are transmit or one of the set commands listed in the table below (Policer Actions for Conform). The default is transmit. |
||
|
exceed |
Single action to take if the traffic data rate is exceeded. The basic actions are drop or markdown. The default is drop. |
||
|
violate |
Single action to take if the traffic data rate violates the configured rate values. The basic actions are drop or markdown. The default is drop. |
Note |
For information on the color-aware police command arguments, see the “Configuring Color-Aware Policing” section. |
Although all the arguments in the table above are optional, you must specify a value for cir. In this section, cir indicates its value but not necessarily the keyword itself. The combination of these arguments and the resulting policer types and actions are shown in the next table.
|
Police Arguments Present |
Policer Type |
Policer Action |
||
|---|---|---|---|---|
|
cir, but not pir, be, or violate |
1-rate, 2-color |
≤ cir, conform; else violate |
||
|
cir and pir |
1-rate, 3-color |
≤ cir, conform; ≤ pir, exceed; else violate
|
||
|
cir and pir |
2-rate, 3-color |
≤ cir, conform; ≤ pir, exceed; else violate |
The policer actions that you can specify are described in the following two tables.
|
Action |
Description |
||
|---|---|---|---|
|
drop |
Drops the packet. This action is available only when the packet exceeds or violates the parameters. |
||
|
set dscp dscp table {cir-markdown-map | pir-markdown-map} |
Sets the specified fields from a table map and transmits the packet. For more information on the system-defined or default table maps, see “Configuring Marking.” This action is available only when the packet exceeds the parameters (use the cir-markdown-map) or violates the parameters (use the pir-markdown-map).
|
|
Action |
Description |
|---|---|
|
transmit |
Transmits the packet. This action is available only when the packet conforms to the parameters. |
|
set-prec-transmit |
Sets the IP precedence field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters. |
|
set-dscp-transmit |
Sets the Differentiated Service Code Point (DSCP) field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters. |
|
set-cos-transmit |
Sets the class of service (CoS) field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters |
|
set-qos-transmit |
Sets the QoS group internal label to specified value and transmits the packet. This action can be used only in input policies and is available only when the packet conforms to the parameters. |
|
set-discard-class-transmit |
Sets the discard-class internal label to a specified value and transmits the packet. This action can be used only in ingress policies and is available only when the packet conforms to the parameters. |
Note |
The policer can only drop or mark down packets that exceed or violate the specified parameters. For information on marking down packets, see “Configuring Marking.” |
The data rates used in the police command are described in the table below.
|
Rate |
Description |
|---|---|
|
bps |
Bits per second (default) |
|
kbps |
1,000 bits per seconds |
|
mbps |
1,000,000 bits per second |
|
gbps |
1,000,000,000 bits per second |
Burst sizes used in the police command are described in the table below.
|
Speed |
Description |
|---|---|
|
bytes |
bytes |
|
kbytes |
1,000 bytes |
|
mbytes |
1,000,000 bytes |
|
ms |
milliseconds |
|
us |
microseconds |
Note |
You must specify the identical value for pir and cir to configure 1-rate 3-color policing. |
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
||
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
||
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
||
| Step 4 |
switch(config-pmap-c-qos)# police [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]]} |
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤ cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir, and the violate action is taken otherwise. The actions, data rates, and link speeds are described in the tables above.
|
||
| Step 5 |
switch(config-pmap-c-qos)# exit |
Exits policy-map class configuration mode and enters policy-map mode. |
||
| Step 6 |
switch(config-pmap-qos)# exit |
Exits policy-map mode and enters global configuration mode. |
||
| Step 7 |
(Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic] |
(Optional)
Displays information about all configured policy maps or a selected policy map of type qos. |
||
| Step 8 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the running configuration to the startup configuration. |
This example shows how to display the policy1 policy-map configuration:
switch# show policy-map policy1Color-aware policing implies that the QoS DSCP field in a class of traffic has been previously marked with values that you can use in a policer. This feature allows you to mark traffic at one node in a network and then take action based on this marking at a subsequent node.
For information on the police command, see the “Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing” section.
You can use one or more of the four police command class maps conform-color or exceed-color to perform color-aware policing. These keywords require a class-map name that is used to classify packets. Based on the match criteria that you specify in the class maps, the traffic is classified into one of these two classes or class-default if there is no match. The policer then takes the following action:
Packets that belong to the conform-color class are policed with the cir and pir arguments to the police command.
Packets that belong to the exceed-color class are policed only against the pir argument to the police command. If pir is not specified, the cir values are used.
Packets that end up in class-default because they fail to match either the conform-color or exceed-color class will immediately take the violate action.
A color other than class-default cannot be assigned to the violate action because according to RFC 2697 and RFC 2698, all packets must be assigned a color.
You can set the DSCP value for color-aware policing to a specified value. The list of valid DSCP values is shown in the table below.
|
Value |
List of DSCP Values |
|---|---|
|
af11 |
AF11 dscp (001010)—decimal value 10 |
|
af12 |
AF12 dscp (001100)—decimal value 12 |
|
af13 |
AF13 dscp (001110)—decimal value 14 |
|
af21 |
AF21 dscp (010010)—decimal value 18 |
|
af22 |
AF22 dscp (010100)—decimal value 20 |
|
af23 |
AF23 dscp (010110)—decimal value 22 |
|
af31 |
AF31 dscp (011010)—decimal value 26 |
|
af32 |
AF40 dscp (011100)—decimal value 28 |
|
af33 |
AF33 dscp (011110)—decimal value 30 |
|
af41 |
AF41 dscp (100010)—decimal value 34 |
|
af42 |
AF42 dscp (100100)—decimal value 36 |
|
af43 |
AF43 dscp (100110)—decimal value 38 |
|
cs1 |
CS1 (precedence 1) dscp (001000)—decimal value 8 |
|
cs2 |
CS2 (precedence 2) dscp (010000)—decimal value 16 |
|
cs3 |
CS3 (precedence 3) dscp (011000)—decimal value 24 |
|
cs4 |
CS4 (precedence 4) dscp (100000)—decimal value 32 |
|
cs5 |
CS5 (precedence 5) dscp (101000)—decimal value 40 |
|
cs6 |
CS6 (precedence 6) dscp (110000)—decimal value 48 |
|
cs7 |
CS7 (precedence 7) dscp (111000)—decimal value 56 |
|
default |
Default dscp (000000)—decimal value 0 |
|
ef |
EF dscp (101110)—decimal value 46 |
After you apply color-aware policing, all matching packets in the device are policed according to the specifications of the color-aware policer.
To configure color-aware policing:
Create the class map. For information about configuring class maps, see “Configuring Classification.”
Create a policy map. For information about policy maps, see this chapter and “Using Modular QoS CLI.”
Configure the color-aware class map as described in this section.
Apply the service policy to the interfaces. For information about attaching policies to interfaces, see “Using Modular QoS CLI.”
Note |
The rates specified in the shared policer are shared by the number of interfaces to which you apply the service policy. Each interface does not have its own dedicated rate as specified in the shared policer. |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# class-map {conform-color-in | conform-color-out | exceed-color-in | exceed-color-out} |
Accesses the color-aware class map, and enters color-map mode. When you enter this command, the system returns the following message: |
| Step 3 |
switch(config-color-map)# match dscp dscp-value |
Specifies the DSCP value to match for color-aware policers. See the table above for a list of valid values. |
| Step 4 |
switch(config-color-map)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 5 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 6 |
switch(config-pmap-c-qos)# police [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]]} |
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤ cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir, and the violate action is taken otherwise. The actions, data rates, and link speeds are described in Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing above. |
| Step 7 |
switch(config-color-map)# exit |
Exits color-map mode and then enters global configuration mode. |
| Step 8 |
(Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic] |
(Optional)
Displays information about all configured policy maps or a selected policy map of type qos. |
| Step 9 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the running configuration to the startup configuration. |
This example shows how to display the policy1 policy-map configuration:
switch# show policy-map policy1You can apply the policing instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface. To select ingress or egress, you specify either the input or output keyword in the service-policy command. For more information on attaching and detaching a QoS policy action from an interface, see “Using Modular QoS CLI.”
Markdown policing is the setting of a QoS field in a packet when traffic exceeds or violates the policed data rates. You can configure markdown policing by using the set commands for policing action described in Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing.
The example in this section shows you how to use a table map to perform a markdown.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 4 |
switch(config-pmap-c-qos)# police [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]]} |
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤ cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir, and the violate action is taken otherwise. The actions, data rates, and link speeds are described in Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing above. |
| Step 5 |
switch(config-pmap-c-qos)# exit |
Exits policy-map class configuration mode and enters policy-map mode. |
| Step 6 |
switch(config-pmap-qos)# exit |
Exits policy-map mode and enters global configuration mode. |
| Step 7 |
(Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic] |
(Optional)
Displays information about all configured policy maps or a selected policy map of type qos. |
| Step 8 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the running configuration to the startup configuration. |
This example shows how to display the policy1 policy-map configuration:
switch# show policy-map policy1The shared-policer feature allows you to apply the same policing parameters to several interfaces simultaneously. You create a shared policer by assigning a name to a policer, and then applying that policer to a policy map that you attach to the specified interfaces. The shared policer is also referred to as the named aggregate policer in other Cisco documentation.
Note |
After you configure the shared policer, you can use the shared-policer name to configure any type of shared policing, as described in the “Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing” section, the “Configuring Color-Aware Policing” section, the “Configuring Ingress and Egress Policing” section, and the “Configuring Markdown Policing” section. |
To configure shared policing:
Configure the shared policer as described in this section.
Create the class map. For information about configuring class maps, see “Configuring Classification.”
Create a policy map. For information about policy maps, see this chapter and “Using Modular QoS CLI.”
Reference the shared policer to the policy map as described in this section.
Apply the service policy to the interfaces. For information about attaching policies to interfaces, see “Using Modular QoS CLI.”
Note |
The rates specified in the shared policer are shared by the number of interfaces to which you apply the service policy. Each interface does not have its own dedicated rate as specified in the shared policer. |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# qos shared-policer [type qos] shared-policer-name [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {{conform conform-action [exceed {drop | set dscp dscp table cir-markdown-map} [violate {drop | set dscp dscp table pir-markdown-map}]]}} |
Creates or accesses the shared policer. The shared-policer-name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤ cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir, and the violate action is taken otherwise. The actions, data rates, and link speeds are described in Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing above. |
| Step 3 |
switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic} |
Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
| Step 4 |
switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name] |
Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
| Step 5 |
switch(config-pmap-c-qos)# police aggregate shared-policer-name |
Creates a reference in the policy map to shared-policer-name . |
| Step 6 |
switch(config-pmap-c-qos)# exit |
Exits policy-map class configuration mode and enters policy-map mode. |
| Step 7 |
switch(config-pmap-qos)# exit |
Exits policy-map mode and enters global configuration mode. |
| Step 8 |
(Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic] |
(Optional)
Displays information about all configured policy maps or a selected policy map of type qos. |
| Step 9 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the running configuration to the startup configuration. |
This example shows how to display the test1 shared-policer configurations:
switch# show qos shared-policer test1To display the policing configuration information, perform one of these tasks:
|
show policy-map |
Displays information about policy maps and policing. |
|
show qos shared-policer [type qos] [policer-name] |
Displays information about all shared policing. |
The following example shows how to configure policing for a 1-rate, 2-color policer:
configure terminal
policy-map policy1
class one_rate_2_color_policer
police cir 256000 conform transmit violate dropThe following example shows how to configure policing for a 1-rate, 2-color policer with DSCP markdown:
configure terminal
policy-map policy2
class one_rate_2_color_policer_with_dscp_markdown
police cir 256000 conform transmit violate dropThe following example shows how to configure policing for a 1-rate, 3-color policer:
configure terminal
policy-map policy3
class one_rate_3_color_policer
police cir 256000 pir 256000 conform transmit exceed set dscp dscp table
cir-markdown-map violate dropThe following example shows how to configure policing for a 2-rate, 3-color policer:
configure terminal
policy-map policy4
class two_rate_3_color_policer
police cir 256000 pir 256000 conform transmit exceed set dscp dscp table
cir-markdown-map violate dropThe following example shows how to configure policing for a color-aware policer for specified DSCP values:
configure terminal
class-map conform-color-in
match dscp 0-10
policy-map policy5
class one_rate_2_color_policer
police cir 256000 conform transmit violate dropThe following example shows how to configure policing for a shared policer:
configure terminal
qos shared-policer type qos udp_10mbps cir 10 mbps pir 20 mbps conform transmit exceed
set dscp dscp table cir-markdown-map violate drop
policy-map type qos udp_policy
class type qos udp_qos
police aggregate udp_10mbpsThe table below summarizes the new and changed features for this document and shows the releases in which each feature is supported. Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
|
Feature Name |
Release |
Feature Information |
|---|---|---|
|
No changes from Release 4.1(2) |
5.1(1) |
—— |
Feedback