The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
This chapter contains the following sections:
Policy maps prioritize network traffic by class. You create policy maps to define how to treat each class of traffic so that it is prioritized for the best quality of service.
Marking is the process of marking packets, that is, changing one of the following in the packet for QoS purposes:
You can map a traffic class to a DSCP, which is an indicator of the service level for a specified frame. The DSCP value ranges from 0 to 63, and the default is 0. A DSCP value of 46 is disallowed.
Service policies are specified using policy maps. Policy maps provide an ordered mapping of class maps to service levels. You can specify multiple class maps within a policy map, and map a class map to a high, medium, or low service level. The default priority is low. The policy map name is restricted to 63 alphanumeric characters.
The order of the class maps within a policy map is important to determine the order in which the frame is compared to class maps. The first matching class map has the corresponding priority marked in the frame.
Marking is the setting of QoS information that is related to a packet. You can set the value of standardt QoS fields IP precedence, DSCP and Class of Service (CoS), and internal labels that can be used in subsequent actions such as policing.
Once your traffic classes are defined, you can reference them in the policy map where you also define how they should be marked. We recommend that you keep the policy simple by using no more than four classes.
Fields that are available for marking are listed in the following table:
Field |
Description |
||
---|---|---|---|
DSCP |
Layer 3 differentiated services code point (DSCP).
|
||
IP precedence |
Layer 3 IP precedence.
|
||
CoS |
Layer 2 class of service (CoS). |
||
QoS group |
Local QoS values that can be marked and matched as needed. The range is from 0 to 126. |
||
Discard class |
Local QoS values that can be matched and marked as needed. The range is from 0 to 63.
|
||
Ingress and egress ports |
The marking applies to incoming or outgoing packets. |
For a single class, you can set operations on any two out of the following five fields: CoS, IP Precedence, DSCP, QoS Group, and Discard Class. Unless noted as a restriction, you can mark both incoming and outgoing packets.
Marking has the following prerequisites:
You must have already classified your network traffic. For more information, see Configuring QoS Classification.
You are already logged in to the CLI in EXEC mode.
The set cos command is applicable only to 802.1Q interfaces. So, although you can use the set cos command on an ingress interface, the setting is only applied if a packet eventually egresses an 802.1Q compliant interface.
For a single class, you can set operations on any two out of the following five fields: CoS, IP Precedence, DSCP, QoS Group, and Discard Class.
You can only use the set qos-group command in ingress policies.
You can only use the set discard-class command in ingress policies.
When designing your QoS and access control list (ACL) policies, note that ACLs referenced within a QoS policy are processed as follows as part of the QoS policy:
Creating QoS Marking Policies
You can create a policy that marks the DSCP value in the IP header packet to prioritize traffic in a particular class.
DSCP is described in RFC 2475.
You are logged in to the CLI in EXEC mode.
If you use DSCP marking, you cannot use Discard Class marking. For more information, see Creating a Discard Class Policy.
You can mark the DSCP field as a numeric value between 0 and 63 or as one of the commonly used values listed in the Commonly Used DSCP Values and IP Precedence Values.
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap)# class [type qos] {class_map_name |class-default}
4. switch (config-pmap-c-qos)# set dscp value
5. switch(config-pmap-c-qos)# show policy-map policy-map-name
6. (Optional) switch(config-pmap-c-qos)# copy running-config startup-config
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# policy-map [type qos] [match-first] policy-map-name |
Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration. The policy-map-name argument is a unique alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. |
Step 3 | switch(config-pmap)# class [type qos] {class_map_name |class-default} |
Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. The class_map_name argument is a unique alphabetic string that can be up to 40 case-insensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. |
Step 4 | switch (config-pmap-c-qos)# set dscp value | Define the DSCP value that should be used in all IP headers for the specified class and saves it in the running configuration. You can use a numeric value from 1 to 60 or one of the standard values from Commonly Used DSCP Values and IP Precedence Values. In the example below, the standard value of af31 is used. |
Step 5 | switch(config-pmap-c-qos)# show policy-map policy-map-name |
Displays the policy map configuration for the specified map name. |
Step 6 | switch(config-pmap-c-qos)# copy running-config startup-config | (Optional)
Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to create a DSCP policy:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap)# class class1 switch(config-pmap-c-qos)# set dscp af31 switch(config-pmap-c-qos)# show policy-map policy1 switch(config-pmap-c-qos)# copy running-config startup-config
You are logged in to the CLI in EXEC mode.
The RFC 791 precedence values from least to most important are as listed in IP Precedence Values table.
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap-qos)# class [type qos] {class_map_name |class-default}
4. switch (config-pmap-c-qos)# set precedence value
5. switch(config-pmap-c-qos)# show policy-map policy-map-name
6. (Optional) switch(config-pmap-c-qos)# copy running-config startup-config
This example shows how to create an IP precedence policy:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap)# class class1 switch(config-pmap-c-qos)# set precedence 3 switch(config-pmap-c-qos)# show policy-map policy1 switch(config-pmap-c-qos)# copy running-config startup-config
You can mark the CoS field in the IEEE 802.1Q header for all traffic in a specific class. If you mark this field in an ingress or egress policy, it will only be set when a packet egresses an IEEE 802.1Q-capable interface.
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap-qos)# class [type qos] {class_map_name | class-default}
4. switch (config-pmap-c-qos)# set cos cos-value
5. switch(config-pmap-c-qos)# show policy-map policy-map-name
6. (Optional) switch(config-pmap-c-qos)# copy running-config startup-config
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# policy-map [type qos] [match-first] policy-map-name |
Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration. The policy-map-name argument is a unique alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. |
Step 3 | switch(config-pmap-qos)# class [type qos] {class_map_name | class-default} | Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
Step 4 | switch (config-pmap-c-qos)# set cos cos-value | Sets the CoS value to cos-value. The value can range from 0 to 7. You can use this command only in egress policies. |
Step 5 | switch(config-pmap-c-qos)# show policy-map policy-map-name |
Displays the policy map configuration for the specified map name. |
Step 6 | switch(config-pmap-c-qos)# copy running-config startup-config | (Optional)
Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to create a class of service policy:
This example shows how to create a class of service policy. switch# config terminal switch(config)# policy-map policy1 switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)# set cos 3 switch(config-pmap-c-qos)# show policy-map policy1 Type qos policy-maps ==================== policy-map type qos policy1 class class1 set dscp 26 set cos 3 class class2 set dscp 14 class class-default set dscp 20 police cir 256000 bps bc 300 ms pir 256000 bps be 300 ms conform transmit exceed set dscp dscp table cir-mar kdown-map violate drop
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap-qos)# class [type qos] {class_map_name | class-default}
4. switch (config-pmap-c-qos)# set qos-group qos-group-value
5. switch(config-pmap-c-qos)# show policy-map policy-map-name
6. (Optional) switch(config-pmap-c-qos)# copy running-config startup-config
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# policy-map [type qos] [match-first] policy-map-name |
Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration. The policy-map-name argument is a unique alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. |
Step 3 | switch(config-pmap-qos)# class [type qos] {class_map_name | class-default} | Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
Step 4 | switch (config-pmap-c-qos)# set qos-group qos-group-value | Sets the QoS group value to qos-group-value. The value can range from 0 to 126. |
Step 5 | switch(config-pmap-c-qos)# show policy-map policy-map-name |
Displays the policy map configuration for the specified map name. |
Step 6 | switch(config-pmap-c-qos)# copy running-config startup-config | (Optional)
Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to create a QoS group policy:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)# set qos-group 100 switch(config-pmap-c-qos)# show policy-map policy1 switch(config-pmap-c-qos)# copy running-config startup-config
You can set a local internal label discard class policy.
If you configure a local internal label discard class policy, you cannot create a DSCP policy. For more information about DSCP policies, see the Creating a DSCP Policy.
You can set a discard class only in ingress policies.
To reference the local discard class in a policy or in traffic classification, use the match discard-class command. For more information, see Configuring Discard Class Classification.
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap-qos)# class [type qos] {class_map_name |class-default}
4. switch (config-pmap-c-qos)# set discard-class discard-class-value
5. switch(config-pmap-c-qos)# show policy-map policy-map-name
6. (Optional) switch(config-pmap-c-qos)# copy running-config startup-config
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. |
Step 2 | switch(config)# policy-map [type qos] [match-first] policy-map-name |
Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration. The policy-map-name argument is a unique alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. |
Step 3 | switch(config-pmap-qos)# class [type qos] {class_map_name |class-default} | Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. |
Step 4 | switch (config-pmap-c-qos)# set discard-class discard-class-value | Sets the discard-class value to discard-class-value. The value ranges from 0 to 63. |
Step 5 | switch(config-pmap-c-qos)# show policy-map policy-map-name |
Displays the policy map configuration for the specified map name. |
Step 6 | switch(config-pmap-c-qos)# copy running-config startup-config | (Optional)
Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to create a discard class policy:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)# set discard-class 40 switch(config-pmap-c-qos)# show policy-map policy1 switch(config-pmap-c-qos)# copy running-config startup-config
You can attach a policy map to an interface or a port profile so that the marking instructions are applied to the ingress or egress packets.
The interface or port profile have been created.
The policy map that you want to use has been defined.
Note | You can attach only one input policy and one output policy to an interface or port profile. |
1. switch# configure terminal
2.
Enter one of the following commands:
3. (Optional) switch (config-if)# service-policy [type qos] {input | output} policy-map-name [no stats]
4. switch(config-if)# show policy-map policy-map-name
5. (Optional) switch(config-if)# copy running-config startup-config
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | Enter one of the following commands: | Places you into configuration mode for the specified Ethernet or vEthernet interface or port profile. | ||
Step 3 | switch (config-if)# service-policy [type qos] {input | output} policy-map-name [no stats] | (Optional) Attaches a policy map name that will be added to the input or output packets of the interface or port profile.
The policy_map_name argument is an alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. | ||
Step 4 | switch(config-if)# show policy-map policy-map-name | Displays the policy map configuration for the specified map name. The policy_map_name argument is an alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. | ||
Step 5 | switch(config-if)# copy running-config startup-config | (Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to configure an ingress policy on an Ethernet interface:
switch# configure terminal switch(config-if)# interface port-channel 1 switch(config-if)# service-policy input policy1 switch(config-if)# show policy-map interface port-channel 1 input Global statistics status : enabled port-channel1 Service-policy (qos) input: policy1 policy statistics status: enabled Class-map (qos): class1 (match-all) 283 packets Match: access-group testacl1 Match: packet length 3-6000 set dscp af31 switch(config-if)# copy running-config startup-config
This example shows how to configure an egress policy on a port profile:
switch# configure terminal switch(config)# port-profile 2225-ephe switch(config-port-prof)# service-policy output policy1 switch(config)# show policy-map interface vethernet 1 Global statistics status : enabled Vethernet1 Service-policy (qos) output: policy1 policy statistics status: enabled Class-map (qos): class1 (match-all) 0 packets Match: access-group testacl1 Match: packet length 3-6000 set dscp af31 switch(config-if)# copy running-config startup-config
You can mark the DSCP port for each class of traffic that is defined in a specified ingress or egress policy map.
The default behavior is to preserve the DSCP value, or to trust DSCP. To make the port untrusted, change the DSCP value.
Unless you configure a QoS policy and attach that policy to specified interfaces, the DSCP value is preserved.
The class map that you want to use has been defined. For more information, see Configuring QoS Classification.
Note | You can attach only one input policy and one output policy to an interface or port profile. |
1. switch# configure terminal
2. switch(config)# policy-map [type qos] [match-first] policy-map-name
3. switch(config-pmap)# class [type qos] {class_map_name |class-default}
4. switch (config-pmap-c-qos)# set dscp value
5. Repeat step 3 and step 4 for each class map that you want to create.
6. switch (config-pmap-c-qos)# exit
7. switch (config-pmap)# exit
8.
Enter one of the following commands:
9. (Optional) switch (config-if)# service-policy [type qos] {input | output} policy-map-name [no stats]
10. switch(config-if)# show policy-map policy-map-name
11. (Optional) switch(config-if)# copy running-config startup-config
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||
Step 2 | switch(config)# policy-map [type qos] [match-first] policy-map-name |
Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration. The policy-map-name argument is a unique alphabetic string that can be up to 40 case-sensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. | ||
Step 3 | switch(config-pmap)# class [type qos] {class_map_name |class-default} |
Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map. The class_map_name argument is a unique alphabetic string that can be up to 40 case-insensitive characters long, including hyphen (-) and underscore (_) characters. The map name must be unique across class-maps and policy-maps. For example, you cannot have a class-map and a policy-map with the same name of HR_Map. | ||
Step 4 | switch (config-pmap-c-qos)# set dscp value | Sets a DSCP value. for the valid values for DSCP see Commonly Used DSCP Values, and IP Precedence Values | ||
Step 5 | Repeat step 3 and step 4 for each class map that you want to create. | |||
Step 6 | switch (config-pmap-c-qos)# exit | Returns you to the policy map configuration mode. | ||
Step 7 | switch (config-pmap)# exit | Returns you to global configuration mode. | ||
Step 8 | Enter one of the following commands: | Places you into the configuration mode for the specified Ethernet or vEthernet interface or port profile. | ||
Step 9 | switch (config-if)# service-policy [type qos] {input | output} policy-map-name [no stats] | (Optional)
| ||
Step 10 | switch(config-if)# show policy-map policy-map-name | Displays the policy map configuration for the specified map name. | ||
Step 11 | switch(config-if)# copy running-config startup-config | (Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
This example shows how to mark the DSCP port for each class of traffic defined in an ingress policy map on an Ethernet interface:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)# set dscp af31 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# exit switch(config)# interface ethernet 1/1 switch(config-if)#service-policy input policy1 switch(config-if)# show policy-map policy1 Type qos policy-maps ==================== policy-map type qos policy1 class class1 set dscp af31 class class2 set dscp af13 class class-default set dscp af22 switch(config-if)# copy running-config startup-config
This example shows how to mark the DSCP port for each class of traffic defined in an ingress policy map on an Ethernet interface:
switch# config terminal switch(config)# policy-map policy1 switch(config-pmap)# class class1 switch(config-pmap-c-qos)# set dscp af31 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# class class2 switch(config-pmap-c-qos)# set dscp af13 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# class class-default switch(config-pmap-c-qos)# set dscp af22 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# exit switch(config)# interface ethernet 1/1 switch(config-if)# service-policy input policy1 switch(config-if)# show policy-map policy1 Type qos policy-maps ==================== policy-map type qos policy1 class class1 set dscp af31 class class2 set dscp af13 class class-default set dscp af22 switch(config-if)# copy running-config startup-config
This example shows how to mark the DSCP port for each class of traffic defined in an ingress policy map on a port profile:
switch(config)# config terminal switch(config)# policy-map policy1 switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)# set dscp af31 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# class class2 switch(config-pmap-c-qos)# set dscp af13 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# class class-default switch(config-pmap-c-qos)# set dscp af22 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# exit switch(config)# port-profile accessprofile switch(config-port-prof)# service-policy input policy1 switch(config-port-prof)# show policy-map policy1 Type qos policy-maps ==================== policy-map type qos policy1 class class1 set dscp af31 class class2 set dscp af13 class class-default set dscp af22 switch(config-if)# copy running-config startup-config
Use one of the following commands to verify the configuration:
Command |
Description |
---|---|
show policy-map [type qos] [name policy_map_name] | Displays the policy map configuration. |
show table-map name | Displays the table map configuration. |
This example shows how to display a specific policy-map policy:
switch(config)# show policy-map policy-ipacl Type qos policy-maps ==================== policy-map type qos policy-ipacl class class-ipacl set dscp 10
This example shows how to display policy maps for all interfaces:
switch# show policy-map interface brief Interface/VLAN [Status]:INP QOS OUT QOS INP QUE OUT QUE ================================================================================ Vethernet1 [Active]: media Vethernet10 [Active]: media Vethernet13 [Active]:web_policer Vethernet15 [Active]:iperf Vethernet16 [Active]: iperf_policer Vethernet17 [Active]:ixia_in ixia_out Vethernet18 [Active]: media Vethernet19 [Active]:iperf Vethernet20 [Active]: iperf_policer Vethernet21 [Active]:netperf_polic ================================================================================
Feature Name |
Release |
Feature Information |
---|---|---|
QoS Marking Policies |
4.0 |
This feature was introduced. |
QoS Marking Policies |
4.0(4)SV1(2) |
DSCP and Discard Class are no longer mutually exclusive. For a single class, you can set operations on any two out of the following five fields: CoS, IP Precedence, DSCP, QoS Group, and Discard Class. |