The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
On Cisco Nexus devices, you can configure quality of service (QoS) policies for classification and marking on VLANs. The policies that you apply to a VLAN are applied to the traffic on the VLAN's Layer 2 and switch virtual interface (SVI) ports.
The marking requirements in a QoS policy determine its precedence. Interface QoS policies take the highest precedence, the VLAN QoS policies are next, and the System QoS policies have the lowest precedence.
However, if a VLAN is assigned both a VLAN QoS policy and a VLAN ACL (VACL), the VACL takes the highest precedence.
This example shows a configuration where the traffic on interface 1/1 with CoS 5 goes to qos-group 3. Traffic on the other interfaces with VLAN 10 and CoS 5 go to qos-group 4. Traffic on interfaces other than VLAN 10 and CoS 5 go to qos-group 5.
class-map type qos match-all cm1 match cos 5 policy-map type qos pm-ifc class cm1 set qos-group 3 class class-default policy-map type qos pm-vlan class cm1 set qos-group 4 class class-default policy-map type qos pm-sys class cm1 set qos-group 5 class class-default system qos service-policy type qos input pm-sys vlan configuration 10 service-policy type qos input pm-vlan interface Ethernet1/1 service-policy type qos input pm-ifc
This example shows a configuration where the traffic on interface 1/1 with CoS 5 goes to qos-group 3. Traffic on the other interfaces with CoS 5 go to qos-group 5.
class-map type qos match-all cm1 match cos 5 policy-map type qos pm-ifc class cm1 set qos-group 3 class class-default policy-map type qos pm-sys class cm1 set qos-group 5 class class-default system qos service-policy type qos input pm-sys interface Ethernet1/1 service-policy type qos input pm-ifc
This example shows a configuration where the traffic on VLAN 10 with CoS 5 goes to qos-group 4. Traffic on the other VLANs with CoS 5 go to qos-group 5.
class-map type qos match-all cm1 match cos 5 policy-map type qos pm-vlan class cm1 set qos-group 4 class class-default policy-map type qos pm-sys class cm1 set qos-group 5 class class-default system qos service-policy type qos input pm-sys vlan configuration 10 service-policy type qos input pm-vlan
In this example, the packets with source IP address 10.10.10.1 are dropped. However, the other packets with VLAN 10 and CoS 5 go to qos-group 4.
ip access-list al1 10 permit ip 10.10.10.1/24 any vlan access-map v-am1 match ip address al1 action drop vlan filter v-am1 vlan-list 10 class-map type qos match-all cm1 match cos 5 policy-map type qos pm-vlan class cm1 set qos-group 4 class class-default vlan configuration 10 service-policy type qos input pm-vlan
The QoS TCAM region is shared by the interface QoS, system QoS, and VLAN QoS policies. You need to limit the number of TCAM entries for the interface QoS policies in order to define VLAN QoS policies. Use the hardware profile tcam feature interface-qos limit tcam-size to configure this limit.
A VLAN must have at least one active member port for a service policy to be configured on. If a VLAN does not have at least one active member, and you configure a service policy on it, the configuration is accepted; however, the TCAM is not programmed.
If a VLAN is removed with the no vlan number command, the service policy that is configured on that VLAN is still present, but it is not active.
The TCAM must have enough free entries to configure the service policy on the VLAN.
A rollback might fail if the interface QoS limit is different in the running configuration than in the rollback configuration.
If a VLAN with a QoS policy is configured on an interface with no QoS policy, the show policy-map interface number command does not display the QoS policy configured on the VLAN.
Remove all interface QoS policies before changing the interface QoS limit.
Acllogs can only support logging levels of 3 or later.
We support only logging denials on the ACL, permits will not be logged.
Only one log message will be displayed until the flow stops and the rest is displayed later.
Configuring VLAN QoS
To configure the interface_qos_limit to a specific number, the QoS region of the TCAMs in all of the ASICs cannot have any interfaces policies configured beyond the offset of that number. For example, to configure the interface_qos_limit to 1000, the QoS regions of the TCAMs in all of the ASICs cannot have any interface policies configured beyond offset 1000.
This example shows how to set the interface QoS TCAM limit to 20 entries:
switch(config)# configure terminal switch(config)# hardware profile tcam feature interface-qos limit 20 switch(config)# show hardware profile tcam feature qos Feature Limit (number of tcam entries) ------------------------------------------------------ interface-qos 20 vlan-qos + global-qos 428 switch(config)# copy running-config startup-config
This example shows how to remove the interface QoS TCAM limit:
switch(config)# configure terminal switch(config)# show hardware profile tcam feature qos Feature Limit (number of tcam entries) ------------------------------------------------------ interface-qos 20 vlan-qos + global-qos 428 switch(config)# no hardware profile tcam feature interface-qos limit 20 switch(config)# copy running-config startup-config
This example shows how to create a service policy and assign it to VLAN 10:
switch# configure terminal switch(config)# class-map type qos cm1 switch(config-cmap-qos)# match cos 5 switch(config-cmap-qos)# policy-map type qos pm-vlan switch(config-pmap-qos)# class cm1 switch(config-pmap-c-qos)# set qos-group 4 switch(config-pmap-c-qos)# exit switch(config-pmap-qos)# exit switch(config)# vlan configuration 10 switch(config-vlan-config)# service-policy type qos input pm-vlan switch(config-vlan-config)#
This example shows how to remove the pm-vlan policy map from VLAN 10:
swtich# configure terminal switch(config)# vlan configuration 10 switch(config-vlan-config)# no service-policy type qos input pm-vlan switch(config-vlan-config)# copy running-config startup-config
Use one of the following commands to verify the configuration:
Command |
Purpose |
---|---|
show policy-map vlan vlan-number |
Displays the QoS policies configured on the specified VLAN. |
show policy-map [name] |
Displays the policy maps defined on the switch. Optionally, you can display the named policy only. |
running-config ipqos |
Displays information about the running configuration for QoS. |
startup-config ipqos |
Displays information about the startup configuration for QoS. |
Feature Name |
Release |
Feature Information |
---|---|---|
VLAN QoS |
5.1(3)N2(1) |
This feature was introduced. |