Cisco 10000 Series Router Quality of Service Configuration Guide
VLAN Tag-Based Quality of Service
Downloads: This chapterpdf (PDF - 446.0KB) The complete bookPDF (PDF - 21.32MB) | Feedback

VLAN Tag-Based Quality of Service

Table Of Contents

VLAN Tag-Based Quality of Service

VLAN Tag-Based QoS

Feature History for VLAN Tag-Based QoS

VLAN-Groups

VLAN-Group Policy Map

Modification of a VLAN-Group Policy Map

VLAN ID

VLAN-Group Policies and Inheritance

Aggregate Session Traffic

System Limits for VLAN Tag-Based QoS

Statistical Information for VLAN-Group Policies and Classes

VLAN Tag-Based QoS on the PRE2 and PRE3

Restrictions for VLAN Tag-Based QoS

Configuring VLAN Tag-Based QoS

Configuration Guidelines for VLAN Tag-Based QoS

Configuring VLAN-Group Class Maps

Examples

Configuring a VLAN-Group Policy

Configuring QoS Policies for Traffic Classes—Inbound VLAN Group and Class-Default Classes

Configuring QoS Policies for Traffic Classes—Outbound VLAN Group and Class-Default Classes

Attaching VLAN Tag-based Policies

Configuration Examples for VLAN Tag-Based QoS

Configuring a VLAN Tag-Based QoS Policy: Example

Configuring a VLAN Tag-Based QoS Policy: Invalid Configuration Example

Related Documents


VLAN Tag-Based Quality of Service


This chapter describes VLAN tag-based QoS and includes the following topics:

VLAN Tag-Based QoS

Restrictions for VLAN Tag-Based QoS

Configuring VLAN Tag-Based QoS

Configuration Examples for VLAN Tag-Based QoS

Related Documents

VLAN Tag-Based QoS

The QoS—VLAN Tag-Based feature enables you to apply a single QoS policy, referred to as a VLAN-group policy, to a group of IEEE 802.1Q VLAN subinterfaces.

In releases prior to Cisco IOS Release 12.2(31)SB2, you can apply a QoS policy to an interface or a specific subinterface. When applied on the main interface, all of the VLAN subinterfaces configured on the interface inherit the QoS policy of the main interface. When applied to a specific subinterface, each subinterface has its own QoS policy.

In some instances, however, service providers might configure customers in such a way that a single QoS policy is needed for multiple VLAN subinterfaces, but not for all of the subinterfaces configured on the main interface. The QoS—VLAN Tag-Based feature addresses this need by allowing multiple subinterfaces to be treated as an aggregated whole, binding all of the matching subinterfaces together under a single QoS policy.

The configuration of the QoS—VLAN Tag-Based feature entails the creation of VLAN-group classes and the creation of a VLAN-group policy map. Class maps define the groups of VLAN subinterfaces and enable the router to classify multiple VLANs as belonging to the same traffic class: a VLAN-group class. The QoS VLAN-group policy map defines the QoS services for specific VLAN groups and for subinterfaces that do not belong to a specific VLAN group.

You apply the VLAN-group policy to the main interface and if a VLAN subinterface matches one of the VLAN-group classes defined in the VLAN-group policy, the VLAN subinterface and all of the sessions established on that subinterface inherit the QoS services defined for that particular VLAN-group class. If more than one VLAN subinterface matches one of the VLAN-group classes, then the router treats all of the matching VLAN subinterface traffic as an aggregated whole and applies the single VLAN-group policy to the traffic—in particular that portion of the VLAN-group policy that defines QoS services for that specific VLAN-group class.

For hierarchical QoS policies, the router applies the parent shape rate to each group of VLANs. At most, a single VLAN can have a throughput equal to the parent shape rate. If all of the VLANs within the VLAN group are active, the aggregate traffic of all active VLAN-group members is limited to the shape rate.

In an 802.1Q VLAN implementation, the router passes a packet to the dot1q-encapsulated subinterface only if the VLAN ID of the packet matches the VLAN ID configured for the subinterface. Otherwise, the router passes the packet to the main interface. Therefore, you must create a subinterface with a specific VLAN ID before the router can apply QoS on a VLAN ID that is configured as part of a VLAN group.

Feature History for VLAN Tag-Based QoS

Cisco IOS Release

Description

Required PRE

Release 12.2(31)SB22

This feature was introduced and implemented on the Cisco 10000 series router for the PRE2 and PRE3.

PRE2
PRE3


VLAN-Groups

A VLAN-group is a traffic class that potentially consists of multiple IEEE 802.1Q VLAN subinterfaces. A class map defines the VLAN group and the match criteria the router uses to classify the traffic as belonging to a specific VLAN group. All of the subinterfaces belonging to a VLAN group share the bandwidth allocated to the group and share the same class queue.

The match vlan command allows you to specify the VLANs you want to include in a VLAN group. The configuration of a VLAN group can include individual VLAN ID values or a range of values. For example, VLANs with IDs 3, 5-8, and 10 can form a VLAN group. The router treats the VLANs specified in a VLAN group as an aggregate whole.


Note If you specify the match vlan command in a class map, you cannot specify other match commands in the same class map. Use the match vlan command only for VLAN grouping.


Only Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces support VLAN groups. For outbound VLAN tag-based policies, use a shape command for each VLAN group.

VLAN-Group Policy Map

A VLAN-group policy map defines QoS services for traffic classes that consists of multiple IEEE 802.1Q VLAN subinterfaces (see the "VLAN-Groups" section). In this way, you can apply a single QoS policy to multiple VLANs belonging to specific VLAN-group classes.

You can attach a VLAN-group policy map to only the main interface. The subinterfaces on the main interface inherit the service policy.

The amount of policy space used is equivalent to the number of VLAN groups defined in the policy, including the VLAN groups defined in match-VLAN class maps and in the class-default class. The limit of available policy space is equivalent to 4096 policy maps.

Modification of a VLAN-Group Policy Map

Adding or removing VLAN-group classes from a VLAN-group policy only affects QoS on the subinterfaces that you added or removed from the policy. Adding or removing class-default classes affects QoS only on the subinterfaces that do not belong to any VLAN group.

Modifying a child policy that is applied to a VLAN-group class in a VLAN-group policy affects QoS on all of the subinterfaces that belong to that VLAN group. Modifying a child policy applied to a class-default class affects QoS on all of the subinterfaces that do not belong to any VLAN group.

For more information, see the "VLAN Tag-Based QoS" section,

VLAN ID

The VLAN ID is a number you specify to identify a VLAN subinterface. The router uses the VLAN ID of packets to classify them as belonging to specific VLAN groups. Valid VLAN ID values are from 1 to 4094.

VLAN-Group Policies and Inheritance

For non-VLAN-group QoS policies, the PRE3 supports the configuration of shaping only at the subinterface level and a hierarchical queuing policy at the virtual template level. In this case, the PPP session traffic uniquely inherits the policy on the virtual template and the aggregate of all of the PPP session traffic is also shaped by the subinterface policy.

All subinterfaces that are not part of a VLAN group and that do not have a service policy attached inherit the policy applied on the class-default class of a VLAN-group policy.

For sessions terminated on a subinterface that is part of a VLAN-group policy, the following occurs:

If the virtual template applied to the subinterface does not have a QoS policy (non-VLAN-group), the virtual access interface (VAI) that is created when PPP session creation occurs does not uniquely inherit the policy inherited by the subinterface. For example, suppose a subinterface policy shapes traffic to 2 Mbps and two PPPoE sessions initiate. The total traffic from both of the PPPoE sessions is aggregately shaped to 2 Mbps. Each PPP session traffic is not shaped uniquely to 2 Mbps.

If the virtual template applied to the subinterface has a QoS policy (for example, a non-queuing policy that specifies policing and marking for the PRE2 or all QoS actions for the PRE3), each PPP session traffic is uniquely influenced by the policy defined at the virtual template. For example, suppose a hierarchical QoS policy is configured to police traffic to 2 Mbps. Each PPPoE session traffic is uniquely policed to 2 Mbps. The policy on the subinterface has no affect.

Aggregate Session Traffic

You cannot shape the aggregate session traffic by applying a shaping policy to a VLAN group. Instead, when applying queuing policies to sessions, shape the aggregate session traffic by applying a shaping policy to an 802.1Q VLAN or QinQ subinterface. For more information, see the QoS: Hierarchical Queuing for Ethernet DSLAMs feature module for Cisco IOS Release 12.2(31)SB2.

Although you cannot shape PPP sessions, you can police the sessions.

System Limits for VLAN Tag-Based QoS

Table 21-1 lists the system limits for VLAN tag-based QoS.

Table 21-1 System Limits for VLAN Tag-Based QoS

Class Maps
per Policy Map 1
VLAN Groups
per VLAN-Group Policy
Total Number Class Maps
per VLAN-Group Policy 2

255

255

64

1 Excludes the class-default class map.

2 Includes the class maps configured for child policies applied to each match-VLAN class and includes the class-default class of the VLAN-group policy.


Statistical Information for VLAN-Group Policies and Classes

The router displays packet statistics for VLAN-group policies using the modular QoS command-line interface (MQC) show commands. Statistical information displayed for VLAN groups represents the aggregate traffic of all of the subinterface members of the specific VLAN group.

The router updates match-VLAN filter statistics only for the aggregate traffic through the VLAN groups.

VLAN Tag-Based QoS on the PRE2 and PRE3

Table 21-2 describes support for various features on the PRE2 and PRE3 when configured with the QoS—VLAN Tag-Based feature.

Table 21-2 VLAN Tag-Based QoS on the PRE2 and PRE3 

Feature
PRE2
PRE3

Aggregate priority queues

Not supported

Supported.

Aggregate priority queues should be well within 90% of the maximum rate to guarantee performance.

Aggregate WRED

Not supported

Supported

Allows a maximum of 8 profiles per class and a total of 21 profiles in a policy.

Bandwidth remaining ratio

Not supported

Supported at the parent level of VLAN QoS policies.

VLAN-group policies

Supports simultaneous VLAN-group policy and subinterface policies that are not part of the VLAN-group policy.

Does not support both VLAN-group policies and subinterface policies on the same link simultaneously.

Multiple levels of priority queues

Not supported

Supported

Provides for 2 levels of priority queues.

Strict priority queues

Supported

Supports a strict priority queue without a policer. However, we recommend that you use policers with the priority queue to avoid bandwidth starvation of other class queues.

No supported


Restrictions for VLAN Tag-Based QoS

When configuring a VLAN tag-based QoS policy map, the router applies the policy to one Ethernet port and only to the VLANs on that particular port.

Class maps that contain the match vlan command cannot contain any other classification criteria.

Currently, the match vlan command is used only to group VLAN subinterfaces. Do not use the command for any other purpose.

The match vlan counters update only for one-level QoS policies; they do not update for hierarchical QoS policies.

The router does not support applying a VLAN-group policy to a virtual template.

The router does not support the random-detect and priority commands for traffic classes created using the match-vlan command in class maps.

When creating a class map with the match vlan command, configure the match-any command as the match type.

You cannot specify traffic classes created using the match-vlan command in the following policies:

Child policies

Policies attached to an interface other than a Fast Ethernet or Gigabit Ethernet interface

Policies in which a non-VLAN-based traffic class exists. (This does not include the class-default class.)

VLAN group members across the VLAN groups in a VLAN-group policy are mutually exclusive.

Do not use VLAN ID 1 in a VLAN group unless you create a subinterface with VLAN ID 1.

For the PRE2, if a policy map specifies a particular VLAN ID, you cannot apply any service policy map to subinterfaces that have that particular VLAN ID (or dot1q ID). However, on the PRE3, you cannot apply policies to the main interface and to subinterfaces, even if the subinterface does not have a matching VLAN-group ID.

You can apply a VLAN-group policy map only to the main interface; you cannot apply it to subinterfaces.

You cannot add VLAN-group traffic classes to a policy that already has QoS services defined for traffic classes, even if the class configuration is only the class-default class.

In a class map, you can specify only the match vlan command as the classification criteria if QoS services are defined for the corresponding traffic class in the parent policy (top-level in a three-level policy) of a hierarchical policy.

In a class map, you cannot specify the match-vlan command as the classification criteria if QoS services are defined for the corresponding traffic class in a child policy of a hierarchical policy.

You can apply a child policy to any traffic class in a VLAN-group policy map. The child policy is not restricted to being applied only to the class-default class.

In a VLAN-group policy map, if you apply a child service policy to a traffic class of an input parent policy, you must configure a non-queuing action such as policing before you apply the child policy. You cannot configure any queuing actions for the parent class, such as shaping, priority, or class-based weighted fair queuing (CBWFQ).

For example, consider the following sample configuration:

policy-map Input_Parent
class vlangrp1
police percent 10
service-policy Child1
class vlangrp2
police percent 30
class vlangrp3
shape 512000
service-policy Child2
class vlangrp4
police 8000
service-policy Child3
 
   

The class vlangrp1 is a valid configuration for input traffic because it has a non-queuing action (policing) defined before the Child1 service policy is applied.

The class vlangrp2 is a valid configuration because non-queuing actions are permitted for input policies.

The class vlangrp3 is an invalid configuration for this input parent policy because it contains a queuing action (shape).


Note If this was an output parent policy, the class vlangrp3 would be a valid configuration because queuing actions such as shape are permitted for output policies.


The class vlangrp4 is a valid configuration for an input parent policy because it contains a non-queuing action (police) before applying the child service policy.

For an output parent policy, the PRE2 allows you to configure only the shape command on the parent class. The PRE3 allows you to configure the shape command and the bandwidth remaining ratio command on the parent class. The bandwidth remaining ratio command allows you to define a proportionate share of the bandwidth for allocation to VLAN groups during periods of congestion.

You can configure the shape command and service-policy command for a traffic class of an output parent policy.

For example, the following sample configuration shows how to configure an output parent policy:

policy-map Egress_Parent
class vgrp1
shape 128000
service-policy Child3
class vgrp2
shape 512000
service-policy Child2
class class-default
shape 2000000
service-policy Child1
 
   

For the input direction, if you apply a QoS policy to a match-vlan traffic class, you must configure a police action.

If you attach a VLAN-group policy in the outbound direction, configure a shaper for each VLAN group so that the group has its own VTMS link. Otherwise, the traffic for that VLAN group uses the VTMS link and queues of the main interface.

For VLAN-based classes with multiple VLAN match filters defined, traffic accounting is updated as an aggregate under the first match-VLAN filter for the class in the policy. The router does not maintain individual match-VLAN filter statistics.

You cannot delete a match-VLAN filter from a class map if only a single filter is configured in the class map. You can modify the class map filters either by deleting the class from the policy or adding the required VLAN filters to the class before deleting all of the VLAN filters from the class map.

Although the router supports QinQ subinterfaces, the VLAN Tag-Based feature does not support QinQ subinterfaces under a VLAN group. You can use only 802.1Q subinterfaces for VLAN groups. These subinterfaces have a single inner VLAN ID.

Configuring VLAN Tag-Based QoS

To configure VLAN tag-based QoS, perform the following configuration tasks:

Configuring VLAN-Group Class Maps

Configuring a VLAN-Group Policy

Configuration Guidelines for VLAN Tag-Based QoS

Configure the match-vlan command as the only filtering criteria for a class map.

If you attempt to apply a policy map that includes a traffic class for which the match-vlan command and other match commands are configured, the attempt fails and an error message displays.

Configure the match-any command with the match-vlan command.

A class map configured for classification of VLAN-group traffic must match any of the specified VLAN criteria. If you do not specify the match-any command as part of the class map match-vlan criteria and you attempt to specify that class in a policy map, the attempt fails and an error message displays.

Configure VLAN-group traffic classes (created using the match-vlan command in a class map) only in the parent class of hierarchical policy maps. For example, in a three-level hierarchical policy, the parent class is the topmost level of the policy.

If you attempt to configure a VLAN-group traffic class in a child policy, the attempt fails and an error message displays.

Attach VLAN-group policies (policies containing match-vlan traffic classes) only to Fast Ethernet and Gigabit Ethernet interfaces.

Do not attach a policy map to an 802.1Q VLAN subinterface with a VLAN ID if the subinterface is part of a VLAN-group with a defined policy.

If an 802.1Q VLAN subinterface has a VLAN ID that is specified as part of a VLAN-group and a VLAN-group policy is attached to an interface, if you attempt to attach a QoS policy to the subinterface participating in the VLAN group, the attempt fails and an error message displays.

Attach child policies under any class defined in a VLAN-group policy.

For a VLAN-group policy, you are not required to only attach child policies under the class-default class of a parent policy. You may apply child policies to the class-default class of another child policy, the class-default class of a parent policy, or to other classes defined in parent and child policies.


Note This applies only to VLAN-group policies. For other QoS policies, you must apply child policies only to the class-default class of a parent policy.


Do not configure any other QoS actions for a parent class if you apply a child policy to that class.

For a VLAN-group policy, if a class of a parent policy map specifies the service-policy command, do not configure any other QoS actions for that class.

Configure only the shape command in outbound parent classes of a VLAN-group policy if a child policy is applied to that class.

Configuring VLAN-Group Class Maps

To configure a VLAN-group class map, which creates a VLAN-group traffic class, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# class-map match-any class-map-name

Creates or modifies a traffic class. Enters class-map configuration mode.

(Optional) match-any indicates that if the VLAN ID of a packet matches any of the specified VLAN IDs, classify the packet as belonging to the traffic class.

Note The router does not support the match-all keyword for VLAN-based classification.

class-map-name is the name of the class map. You can specify the class-default class as the class map name to configure a traffic class to which the router assigns all of the traffic that does not match another configured class.

Step 2 

Router(config-cmap)# match vlan vlanid

Configures VLANs as the criteria the router uses to match packets to the traffic class.

vlanid is a VLAN identification number(s) or a range of numbers. Valid values are from 1 to 4095.

Examples

The following example configuration creates a VLAN group named customer1 with VLANs 2, 3, 4, 5, and 7 as members of the group:

Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# class-map match-any customer1
Router(config-cmap)# match vlan 2 3-5 7
Router(config-cmap)# exit

Configuring a VLAN-Group Policy

Use the following configuration tasks to configure a VLAN-group policy:

Configuring QoS Policies for Traffic Classes—Inbound VLAN Group and Class-Default Classes

Configuring QoS Policies for Traffic Classes—Outbound VLAN Group and Class-Default Classes

Attaching VLAN Tag-based Policies

Configuring QoS Policies for Traffic Classes—Inbound VLAN Group and Class-Default Classes

The class-default class is the only non-VLAN-group class allowed in a VLAN-group policy.

To configure an inbound QoS policy for VLAN-group traffic classes and the class-default class, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies a policy map for inbound traffic. Enters policy-map configuration mode.

policy-map-name is the name of the inbound policy map. The name can be a maximum of 40 alphanumeric characters.

Step 2 

Router(config-pmap)# class vgrp-cmap-name

Assigns the traffic class you specify to the inbound policy map. Enters policy-map class configuration mode.

vgrp-cmap-name is the name of a previously configured match-vlan class map.

Step 3 

Router(config-pmap-c)# service-policy policy-map-name

Applies the policy map you specify to the inbound VLAN-group traffic class.

policy-map-name is the name of the policy map that you want to apply to the traffic class.

Step 4 

Router(config-pmap-c)# class class-default

Configures the class-default class for inbound traffic.

Note The router uses the class-default class to apply QoS services to all of the traffic that does not belong to any other VLAN-group traffic class.

Step 5 

Router(config-pmap-c)# service-policy policy-map-name

Applies the policy map you specify to the inbound default traffic class.

policy-map-name is the name of the policy map that you want to apply to the default traffic class.

Example

The following example configuration shows how to configure a VLAN-group policy for inbound traffic. In the example, QoS policies are created for VLAN traffic (policy1 and policy2) and for default traffic (policy5). The policy map named input applies QoS services to VLAN groups and to the class-default class for all of the inbound traffic that does not belong to the VLAN groups classes.

Router(config)# policy-map policy1
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# set cos 2
!
Router(config)# policy-map policy2
Router(config-pmap)# class vgrp1
Router(config-pmap-c)# police 64000
Router(config-pmap-c)# class vgrp2
Router(config-pmap-c)# police 512000
!
Router(config)# policy-map policy5
Router(config-pmap)# class class-default
Router(config-pmap-c)# police 8000
!
Router(config)# policy-map input
Router(config-pmap)# class vgrp-customer1
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# service-policy policy1
Router(config-pmap-c)# class vgrp-customer2
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# service-policy policy2
Router(config-pmap-c)# class class-default 
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# service-policy policy5

Configuring QoS Policies for Traffic Classes—Outbound VLAN Group and Class-Default Classes

To configure an outbound QoS policy for VLAN group traffic classes and the class-default class, enter the following commands beginning in global configuration mode:

 
Command or Action
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies a policy map for outbound traffic.

policy-map-name is the name of the outbound policy map. The name can be a maximum of 40 alphanumeric characters.

Step 2 

Router(config-pmap)# class class-map-name

Assigns the traffic class you specify to the outbound policy map. Enters policy-map class configuration mode.

class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions. For a VLAN-group policy, specify the name of a VLAN group traffic class.

Step 3 

Router(config-pmap-c)# shape [average] mean-rate

Shapes traffic to the indicated bit rate.

(Optional) average indicates that the Committed Burst (Bc) is the maximum number of bits sent out in each interval.

(Optional) mean-rate is also called committed information rate (CIR). Indicates the bit rate used to shape the traffic, in bits per second. When this command is used with backward explicit congestion notification (BECN) approximation, the bit rate is the upper bound of the range of bit rates that will be permitted.

Step 4 

Router(config-pmap-c)# service-policy policy-map-name

(Optional) Applies the policy map you specify to the outbound traffic class.

policy-map-name is the name of the policy map that you want to apply to the traffic class.

Step 5 

Router(config-pmap-c)# class class-default

Configures the class-default class for outbound traffic.

The router uses the class-default class to apply QoS services to all of the traffic that does not belong to any other traffic class.

Step 6 

Router(config-pmap-c)# shape [average] mean-rate

Shapes the default traffic to the indicated bit rate.

(Optional) average indicates that the Committed Burst (Bc) is the maximum number of bits sent out in each interval.

(Optional) mean-rate is also called committed information rate (CIR). Indicates the bit rate used to shape the traffic, in bits per second. When this command is used with backward explicit congestion notification (BECN) approximation, the bit rate is the upper bound of the range of bit rates that will be permitted.

Step 7 

Router(config-pmap-c)# service-policy policy-map-name

Applies the policy map you specify to the outbound default traffic class.

policy-map-name is the name of the policy map that you want to apply to the default traffic class.

Example

The following example configuration shows how to configure a QoS policy for outbound VLAN-group traffic. In the example, QoS policies are created for VLAN traffic (policy1 through policy4) and for default traffic (policy5). The policy map named output applies QoS services to VLAN groups and to the class-default class for all of the traffic that does not belong to the VLAN groups classes.

Router(config)# policy-map policy1
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# set cos 2
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police percent 20
!
Router(config)# policy-map policy2
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# police 64000
!
Router(config)# policy-map policy3
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# bandwidth 64000
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# random-detect dscp 6
!
Router(config)# policy-map policy4
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# bandwidth 128000
Router(config-pmap-c)# police percent 10
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# bandwidth 64000
Router(config-pmap-c)# random-detect dscp 3
!
Router(config)# policy-map policy5
Router(config-pmap)# class class-default
Router(config-pmap-c)# police 32000
!
Router(config)# policy-map output-policy
Router(config-pmap)# class vgrp-customer1
Router(config-pmap-c)# shape 2000000
Router(config-pmap-c)# service-policy policy3
Router(config-pmap-c)# class vgrp-customer2
Router(config-pmap-c)# shape 512000
Router(config-pmap-c)# service-policy policy4
Router(config-pmap-c)# class class-default
Router(config-pmap-c)# shape 128000
Router(config-pmap-c)# service-policy policy5

Attaching VLAN Tag-based Policies

You must attach a VLAN tag-based policy to a main interface. The router does not support a VLAN tag-based policy on a subinterface.

To attach a VLAN tag-based policy to an interface, enter the following commands beginning in global configuration mode:

 
Command or Action
Purpose

Step 8 

Router(config)# interface slot/module/port

Creates or modifies the interface you specify. Enters interface configuration mode.

type is the interface type, which must be Ethernet, Fast Ethernet, or Gigabit Ethernet.

slot/module/port.subinterface is the number of the subinterface that identifies the subinterface (for example, 1/0/0.1).

(Optional) point-to-point indicates that the subinterface is a point-to-point subinterface.

(Optional) multipoint indicates that the subinterface is a point-to-multipoint subinterface.

Step 9 

Router(config-if)# encapsulation dot1q vlan-id

Enables IEEE 802.1Q encapsulation of traffic on the specified subinterface in a virtual LAN (VLAN

vlan-id is the virtual LAN identifier. The allowed range is from 1 to 4095. For the IEEE 802.1Q-in-Q VLAN Tag Termination feature, the first instance of this argument defines the outer VLAN ID, and the second and subsequent instances define the inner VLAN ID.

Step 10 

Router(config-if)# service-policy [input | output] policy-map-name

Applies the policy map you specify to the interface.

input indicates to apply the policy to inbound traffic.

output indicates to apply the policy to outbound traffic.

policy-map-name is the name of the policy map that you want to apply to the traffic class.

Example

The following example configuration shows how to attach a VLAN tag-based policy named policy1 to the Gigabit Ethernet main interface 1/0/0 for outbound traffic.

Router(config)# class-map match-any vlan-customer1
Router(config-cmap)# match vlan 10 -20
Router(config-cmap)# class-map child
Router(config-cmap)# match prec 1
Router(config-cmap)# exit
Router(config)# policy-map child-cust1
Router(config-pmap)# class child
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map policy1
Router(config-pmap)# class vlan-customer1
Router(config-pmap-c)# shape 10000000
Router(config-pmap-c)# service-policy child-cust1
!
Router(config)# interface GigabitEthernet 1/0/0.1
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# interface GigabitEthernet 1/0/0
Router(config-if)# service-policy output policy1

Configuration Examples for VLAN Tag-Based QoS

This section provides the following configuration examples:

Configuring a VLAN Tag-Based QoS Policy: Example

Configuring a VLAN Tag-Based QoS Policy: Invalid Configuration Example

Configuring a VLAN Tag-Based QoS Policy: Example

The following configuration example shows how to configure a VLAN tag-based QoS policy using the PRE3 hierarchical queuing framework. In the example, the policy map named service1 defines QoS services for two VLAN traffic classes: vlans_5_to_10 and vlans_11_to_14. The child-policy1 defines QoS services for voice, video, data, and default traffic, and is applied to both of the VLAN classes in service1.

policy-map child-policy1
class voip
police 1000000
priority level 1
 
   
class video
police 5000000
priority level 2
 
   
class data
bandwidth remaining ratio 500
 
   
class class-default
bandwidth remaining ratio 1
 
   
policy-map service1
class vlans_5_to_10
shape average 10000000
bandwidth remaining ratio 100
service-policy child-policy1
 
   
class vlans_11_to_14
shape average 10000000
bandwidth remaining ratio 100
service-policy child-policy1

Configuring a VLAN Tag-Based QoS Policy: Invalid Configuration Example

The following configuration example shows an invalid configuration in which the subinterface-shaper policy is attached to the Gigabit Ethernet subinterface 1/1/1.5 and the vlangroup-shapers policy is attached to the main interface, Gigabit Ethernet interface 1/1/1. In this example, the traffic classes defined in the subinterface-shaper policy match the VLAN-group classes in the vlangroup-shapers policy. As a result, this configuration is invalid because the router does not support the attachment of a QoS policy on a subinterface that matches any of the VLAN-group traffic classes in a policy attached to the main interface.

policy-map subinterface-shaper
class class-default
shape average 10000000
!
policy-map vlangroup-shapers
class vlan_5_to_10
shape average 10000000
 
   
class vlan_11_to_14
shape average 10000000
!
interface GigabitEthernet 1/1/1
service-policy output vlangroup-shapers
!
interface GigabitEthernet 1/1/1.5
encapsulation dot1q 5
service-policy output subinterface-shaper

Related Documents

Related Topic
Document Title

802.1Q VLANs

Configuring IOS Wide-Area Networking Configuration Guide, Release 12.2

Configuring Broadband Access: PPP and Routed Bridge Encapsulation > Configuring PPPoE over IEEE 802.1Q VLANs

Bandwidth and priority queues

Comparing the Bandwidth and Priority Commands of a QoS Service Policy

Bandwidth starvation

Cisco 10000 Series Router Quality of Service Configuration Guide

Prioritizing Services > Low-Latency Priority Queuing > Bandwidth Starvation

Congestion management

QoS Congestion Management (Queuing), Introduction

Hierarchical policy maps

Cisco 10000 Series Router Quality of Service Configuration Guide

Defining QoS for Multiple Policy Levels

Policing and shaping

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2

Priority queues

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2

Part 2: Congestion Management > Configuring Priority Queues


For example, consider the following sample configuration:

policy-map Input_Parent
class vlangrp1
police percent 10
service-policy Child1
class vlangrp2
police percent 30
class vlangrp3
shape 512000
service-policy Child2
class vlangrp4
police 8000
service-policy Child3
 
   

The class vlangrp1 is a valid configuration for input traffic because it has a non-queuing action (policing) defined before the Child1 service policy is applied.

The class vlangrp2 is a valid configuration because non-queuing actions are permitted for input policies.

The class vlangrp3 is an invalid configuration for this input parent policy because it contains a queuing action (shape).


Note If this was an output parent policy, the class vlangrp3 would be a valid configuration because queuing actions such as shape are permitted for output policies.


The class vlangrp4 is a valid configuration for an input parent policy because it contains a non-queuing action (police) before applying the child service policy.

For an output parent policy, the PRE2 allows you to configure only the shape command on the parent class. The PRE3 allows you to configure the shape command and the bandwidth remaining ratio command on the parent class. The bandwidth remaining ratio command allows you to define a proportionate share of the bandwidth for allocation to VLAN groups during periods of congestion.

For example, the following sample configuration shows how to configure an output parent policy:

policy-map Egress_Parent
class vgrp1
shape 128000
service-policy Child3
class vgrp2
shape 512000
service-policy Child2
class class-default
shape 2000000
service-policy Child1
 
   

For input policies, if you apply a child QoS policy to a VLAN-group traffic class (created using the match-vlan command in a class map), you must first configure a policing action. The router supports non-queuing actions (policing) for input policies, and both queuing (shaping) and non-queuing (policing) actions for output policies.

If you attach a VLAN-group policy in the outbound direction, configure a shaper for each VLAN group so that the group has its own VTMS link. Otherwise, the traffic for that VLAN group uses the VTMS link and queues of the main interface.

For VLAN-based classes with multiple VLAN match filters defined, traffic accounting is updated as an aggregate under the first match-VLAN filter for the class in the policy. The router does not maintain individual match-VLAN filter statistics.