Step 1 | configure
terminal
Example:
Switch# configure terminal
|
Enters the global
configuration mode.
|
Step 2 | class-map [match-all | match-any] class-map-name
Example:
Switch(config)# class-map cm-1
| Creates a VLAN-level class map, and enters class-map configuration mode.
By default, no class maps are defined.
(Optional) Use the match-all keyword to perform a logical-AND of all matching statements under this class map. All match criteria in the class map must be matched.
(Optional) Use the match-any keyword to perform a logical-OR of all matching statements under this class map. One or more match criteria must be matched.
For class-map-name, specify the name of the class map.
If neither the match-all or match-any keyword is specified, the default is match-all.
Because only one match command per class map is supported, the match-all and match-any keywords function the same.
|
Step 3 | match {access-group acl-index-or-name | ip dscp dscp-list | ip precedence ip-precedence-list}
Example:
Switch(config-cmap)# match ip dscp 10
| Defines the match criterion to classify traffic.
By default, no match criterion is defined.
Only one match criterion per class map is supported, and only one ACL per class map is supported.
For access-group acl-index-or-name, specify the number or name of the ACL.
For ip dscp dscp-list, enter a list of up to eight IP DSCP values to match against incoming packets. Separate each value with a space. The range is 0 to 63.
For ip precedence ip-precedence-list, enter a list of up to eight IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7.
|
Step 4 | match protocol [ip | ipv6]
Example:
Switch(config-cmap)# match protocol ipv6
| (Optional) Specifies the IP protocol to which the class map applies.
Use the argument ip to specify IPv4 traffic, and ipv6 to specify IPv6 traffic.
When you use the match protocol command, only the match-all keyword is supported for the first level class map.
You can use the match protocol command with the match ip dscp or match precedence commands, but not with the match access-group command.
|
Step 5 | exit
Example:
Switch(config-cmap)# exit
| Returns to class-map configuration mode.
|
Step 6 | exit
Example:
Switch(config)# exit
| Returns to global configuration mode.
|
Step 7 | class-map [match-all | match-any] class-map-name
Example:
Switch(config)# class-map match-all cm-2
| Creates an interface-level class map, and enters class-map configuration mode.
By default, no class maps are defined.
(Optional) Use the match-all keyword to perform a logical-AND of all matching statements under this class map. All match criteria in the class map must be matched.
(Optional) Use the match-any keyword to perform a logical-OR of all matching statements under this class map. One or more match criteria must be matched.
For class-map-name, specify the name of the class map.
If neither the match-all or match-any keyword is specified, the default is match-all.
Because only one match command per class map is supported, the match-all and match-any keywords function the same.
|
Step 8 | match input-interface interface-id-list
Example:
Switch(config-cmap)# match
input-interface gigabitethernet 3/0/1-3/0/2
| Specifies the physical ports on which the interface-level class map acts. You can specify up to six ports as follows:
A single port (counts as one entry)
A list of ports separated by a space (each port counts as an entry)
A range of ports separated by a hyphen (counts as two entries)
This command can only be used in the child-level policy map and must be the only match condition in the child-level policy map.
|
Step 9 | exit
Example:
Switch(config-cmap)# exit
| Returns to class-map configuration mode.
|
Step 10 | exit
Example:
Switch(config)# exit
| Returns to global configuration mode.
|
Step 11 | policy-map policy-map-name
Example:
Switch# policy-map port-plcmap
| Creates an interface-level policy map by entering the policy-map name, and enters policy-map configuration mode.
By default, no policy maps are defined, and no policing is performed.
To delete an existing policy map, use the no policy-map policy-map-name global configuration command. To delete an existing class map, use the no class class-map-name policy-map configuration command.
To return to the untrusted state in a policy map, use the no trust policy-map configuration command. To remove an assigned DSCP or IP precedence value, use the no set {dscp new-dscp | ip precedence new-precedence} policy-map configuration command.
|
Step 12 | class-map class-map-name
Example:
Switch(config-pmap)# class
cm-interface-1
| Defines an interface-level traffic classification, and enters policy-map configuration mode.
By default, no policy-map class-maps are defined.
If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command.
|
Step 13 | police rate-bps burst-byte [exceed-action {drop | policed-dscp-transmit}]
Example:
Switch(config-pmap-c)# police 900000
9000 exceed-action
policed-dscp-transmit
| Defines an individual policer for the classified traffic.
By default, no policer is defined.
For rate-bps, specify average traffic rate in bits per second (b/s). The range is 8000 to 10000000000.
For burst-byte, specify the normal burst size in bytes. The range is 8000 to 1000000.
(Optional) Specifies the action to take when the rates are exceeded. Use the exceed-action drop keywords to drop the packet. Use the exceed-action policed-dscp-transmit keywords to mark down the DSCP value (by using the policed-DSCP map) and to send the packet.
To remove an existing policer in an interface-level policy map, use the no police rate-bps burst-byte [exceed-action {drop | policed-dscp-transmit}] policy-map configuration command. To remove the hierarchical policy map and port associations, use the no service-policy input policy-map-name interface configuration command.
|
Step 14 | exit
Example:
Switch(config-pmap-c)# exit
| Returns to policy-map configuration mode.
|
Step 15 | exit
Example:
Switch(config-pmap)# exit
| Returns to global configuration mode.
|
Step 16 | policy-map policy-map-name
Example:
Switch(config)# policy-map
vlan-plcmap
| Creates a VLAN-level policy map by entering the policy-map name, and enters policy-map configuration mode.
By default, no policy maps are defined.
The default behavior of a policy map is to set the DSCP to 0 if the packet is an IP packet and to set the CoS to 0 if the packet is tagged. No policing is performed.
|
Step 17 | class [class-map-name | class-default]
Example:
Switch(config-pmap)# class cm-1
| Defines a VLAN-level traffic classification, and enters policy-map class configuration mode.
By default, no policy-map class-maps are defined.
If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command.
A class-default traffic class is pre-defined and can be added to any policy. It is always placed at the end of a policy map. With an implied match any included in the class-default class, all packets that have not already matched the other traffic classes will match class-default.
|
Step 18 | trust [cos | dscp | ip-precedence]
Example:
Switch(config-pmap-c)# trust dscp
| Configures the trust state, which QoS uses to generate a CoS-based or DSCP-based QoS label.
This command is mutually exclusive with the set command within the same policy map. If you enter the trust command, omit Step 18.
By default, the port is not trusted. If no keyword is specified when the command is entered, the default is dscp.
The keywords have these meanings:
cos—QoS derives the DSCP value by using the received or default port CoS value and the CoS-to-DSCP map.
dscp—QoS derives the DSCP value by using the DSCP value from the ingress packet. For non-IP packets that are tagged, QoS derives the DSCP value by using the received CoS value; for non-IP packets that are untagged, QoS derives the DSCP value by using the default port CoS value. In either case, the DSCP value is derived from the CoS-to-DSCP map.
ip-precedence—QoS derives the DSCP value by using the IP precedence value from the ingress packet and the IP-precedence-to-DSCP map. For non-IP packets that are tagged, QoS derives the DSCP value by using the received CoS value; for non-IP packets that are untagged, QoS derives the DSCP value by using the default port CoS value. In either case, the DSCP value is derived from the CoS-to-DSCP map.
|
Step 19 | set {dscp new-dscp | ip precedence new-precedence}
Example:
Switch(config-pmap-c)# set dscp 10
| Classifies IP traffic by setting a new value in the packet.
For dscp new-dscp, enter a new DSCP value to be assigned to the classified traffic. The range is 0 to 63.
For ip precedence new-precedence, enter a new IP-precedence value to be assigned to the classified traffic. The range is 0 to 7.
|
Step 20 | service-policy policy-map-name
Example:
Switch(config-pmap-c)# service-policy
port-plcmap-1
| Specifies the interface-level policy-map name (from Step 10) and associate it with the VLAN-level policy map.
If the VLAN-level policy map specifies more than one class, each class can have a different service-policy policy-map-name command.
|
Step 21 | exit
Example:
Switch(config-pmap-c)# exit
| Returns to policy-map configuration mode.
|
Step 22 | exit
Example:
Switch(config-pmap)# exit
| Returns to global configuration mode.
|
Step 23 | interface interface-id
Example:
Switch(config)# interface vlan 10
| Specifies the SVI to which to attach the hierarchical policy map, and enters interface configuration mode.
|
Step 24 | service-policy input policy-map-name
Example:
Switch(config-if)# service-policy
input vlan-plcmap
| Specifies the VLAN-level policy-map name, and applies it to the SVI. Repeat the previous step and this command to apply the policy map to other SVIs.
If the hierarchical VLAN-level policy map has more than one interface-level policy map, all class maps must be configured to the same VLAN-level policy map specified in the service-policy policy-map-name command.
Note
| To remove the hierarchical policy map and port associations, use the no service-policy input policy-map-name interface configuration command.
|
|
Step 25 | end
Example:
Switch(config-if)# end
| Returns to privileged EXEC mode.
|
Step 26 | show policy-map [policy-map-name [class class-map-name]]
or
show mls qos vlan-based
Example:
Switch# show mls qos vlan-based
| Verifies your entries.
|
Step 27 | copy running-config startup-config
Example:
Switch# copy-running-config
startup-config
| (Optional) Saves your entries in the configuration file.
|