VLAN-Based QoS on Trunk Ports not working

Hi,

My network is as follows:


Network Layout
So VLANs are spanned accross the switches with a 802.1q trunk link.

I need to limit all vlan 1 traffic to 50mbps. It does not need to be shaped, but when congestion occurs the traffic above 50mbps must be dropped. The other vlan can take the whole bandwidth and does not need to be policed.

I cannot classify according to IP addresses because I have various customers on different VLANs but they may be using the same IP address range so the only thing that keeps each customer unique is the VLAN.

Below is my config but it does not seem to work. My output shows no traffic hitting that QoS policy.

Can anyone help?

Config:

SWITCH A

mls qos
!
class-map match-all cmap-TN_DC_Interconnect
 match input-interface GigabitEthernet1/0/37
!
policy-map pmap-Qos_Policer-DC_Spanned_VLANs
 class cmap-TN_DC_Interconnect
  police 50000000 25000 exceed-action drop
policy-map pmap-Qos_Parent-DC_Spanned_VLANs
 class class-default
  set ip dscp default
   service-policy pmap-Qos_Policer-DC_Spanned_VLANs
!
!
interface GigabitEthernet1/0/37
 description MetroE link to TN Hosting
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-989,991-999
 switchport mode trunk
 speed 100
 mls qos vlan-based
!
interface Vlan1
 no ip route-cache
 service-policy input pmap-Qos_Parent-DC_Spanned_VLANs



SWITCH B

mls qos
!
!
class-map match-all cmap-TN_DC_Interconnect
 match input-interface GigabitEthernet1/0/1
!
policy-map pmap-Qos_Policer-DC_Spanned_VLANs
 class cmap-TN_DC_Interconnect
  police 50000000 25000 exceed-action drop
policy-map pmap-Qos_Parent-DC_Spanned_VLANs
 class class-default
  set ip dscp default
   service-policy pmap-Qos_Policer-DC_Spanned_VLANs
!
!
interface GigabitEthernet1/0/1
 description MetroE to Logical
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1-989,991-999
 switchport mode trunk
 speed 100
 mls qos vlan-based
!
!
interface Vlan1
 service-policy input pmap-Qos_Parent-DC_Spanned_VLANs
!

Open in new window


The Policy-Map output on both switches are:

#sh policy-map int vlan 1
 Vlan1

  Service-policy input: pmap-Qos_Parent-DC_Spanned_VLANs

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

      Service-policy : pmap-Qos_Policer-DC_Spanned_VLANs

        Class-map: cmap-TN_DC_Interconnect (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: input-interface GigabitEthernet1/0/1

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: any
salt-eitAsked:
Who is Participating?
 
salt-eitConnect With a Mentor Author Commented:
Hi Quori, even though the "show [policy-map interface" command is visable on the 3750, it is not supported according to Cisco:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli2.html#wp1948343

Show that command cannot be used to verify the config. One will have to use packet capturing or something to verify the config.

Also, to be safe I changed the config to use an ACL with "permit ip any any" instead of class-default. This is similar to the config that was done here:

http://ccietobe.blogspot.com/2009/02/3560-qos-per-port-per-vlan-policing.html

Thanks for your assistance.
0
 
QuoriCommented:
Layer 2 limiting on a multitenant trunk is a pain in the neck on the 3750.

Try removing the match interface statement and instead match VLAN ID then apply the service policy to the physical interface.
0
 
salt-eitAuthor Commented:
Hi Quori.
The switch has no option for match vlan. I think the 3650s had that but not the 3750.

Any other ideas?
0
 
QuoriConnect With a Mentor Commented:
Okay, I couldn't remember if the 3750X had that feature or not, but was really hoping to make this easier.

We're going to have to go back to the original plan of a two-level QoS to make this work.

For your VLAN level policy-map configure a class-map matching an access-list with "permit ip any any" and use this class instead of class-default.
0
 
salt-eitAuthor Commented:
Did my own research as per comment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.