Solved

VLAN-Based QoS on Trunk Ports not working

Posted on 2013-12-18
5
1,005 Views
Last Modified: 2014-01-25
Hi,

My network is as follows:


Network Layout
So VLANs are spanned accross the switches with a 802.1q trunk link.

I need to limit all vlan 1 traffic to 50mbps. It does not need to be shaped, but when congestion occurs the traffic above 50mbps must be dropped. The other vlan can take the whole bandwidth and does not need to be policed.

I cannot classify according to IP addresses because I have various customers on different VLANs but they may be using the same IP address range so the only thing that keeps each customer unique is the VLAN.

Below is my config but it does not seem to work. My output shows no traffic hitting that QoS policy.

Can anyone help?

Config:

SWITCH A

mls qos
!
class-map match-all cmap-TN_DC_Interconnect
 match input-interface GigabitEthernet1/0/37
!
policy-map pmap-Qos_Policer-DC_Spanned_VLANs
 class cmap-TN_DC_Interconnect
  police 50000000 25000 exceed-action drop
policy-map pmap-Qos_Parent-DC_Spanned_VLANs
 class class-default
  set ip dscp default
   service-policy pmap-Qos_Policer-DC_Spanned_VLANs
!
!
interface GigabitEthernet1/0/37
 description MetroE link to TN Hosting
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-989,991-999
 switchport mode trunk
 speed 100
 mls qos vlan-based
!
interface Vlan1
 no ip route-cache
 service-policy input pmap-Qos_Parent-DC_Spanned_VLANs



SWITCH B

mls qos
!
!
class-map match-all cmap-TN_DC_Interconnect
 match input-interface GigabitEthernet1/0/1
!
policy-map pmap-Qos_Policer-DC_Spanned_VLANs
 class cmap-TN_DC_Interconnect
  police 50000000 25000 exceed-action drop
policy-map pmap-Qos_Parent-DC_Spanned_VLANs
 class class-default
  set ip dscp default
   service-policy pmap-Qos_Policer-DC_Spanned_VLANs
!
!
interface GigabitEthernet1/0/1
 description MetroE to Logical
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-989,991-999
 switchport mode trunk
 speed 100
 mls qos vlan-based
!
!
interface Vlan1
 service-policy input pmap-Qos_Parent-DC_Spanned_VLANs
!

Open in new window


The Policy-Map output on both switches are:

#sh policy-map int vlan 1
 Vlan1

  Service-policy input: pmap-Qos_Parent-DC_Spanned_VLANs

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

      Service-policy : pmap-Qos_Policer-DC_Spanned_VLANs

        Class-map: cmap-TN_DC_Interconnect (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: input-interface GigabitEthernet1/0/1

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: any
0
Comment
Question by:salt-eit
  • 3
  • 2
5 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 39730482
Layer 2 limiting on a multitenant trunk is a pain in the neck on the 3750.

Try removing the match interface statement and instead match VLAN ID then apply the service policy to the physical interface.
0
 

Author Comment

by:salt-eit
ID: 39730558
Hi Quori.
The switch has no option for match vlan. I think the 3650s had that but not the 3750.

Any other ideas?
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 500 total points
ID: 39730621
Okay, I couldn't remember if the 3750X had that feature or not, but was really hoping to make this easier.

We're going to have to go back to the original plan of a two-level QoS to make this work.

For your VLAN level policy-map configure a class-map matching an access-list with "permit ip any any" and use this class instead of class-default.
0
 

Accepted Solution

by:
salt-eit earned 0 total points
ID: 39793806
Hi Quori, even though the "show [policy-map interface" command is visable on the 3750, it is not supported according to Cisco:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli2.html#wp1948343

Show that command cannot be used to verify the config. One will have to use packet capturing or something to verify the config.

Also, to be safe I changed the config to use an ACL with "permit ip any any" instead of class-default. This is similar to the config that was done here:

http://ccietobe.blogspot.com/2009/02/3560-qos-per-port-per-vlan-policing.html

Thanks for your assistance.
0
 

Author Closing Comment

by:salt-eit
ID: 39808390
Did my own research as per comment.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question