-
Catalyst 6500 Series Software Configuration Guide, 8.7
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2/PFC3
-
Configuring MLS
-
Configuring Access Control
-
Configuring NDE
-
Configuring GVRP
-
Configuring MVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Status and Connectivity
-
Configuring Online Diagnostics
-
Administering the Switch
-
Configuring Redundancy
-
Configuring NSF with SSO MSFC Redundancy
-
Modifying the Switch Boot Configuration
-
Working with the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring DHCP Snooping and IP Source Guard
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring Switch Access Using AAA
-
Configuring 802.1x Authentication
-
Configuring MAC Authentication Bypass
-
Configuring Web-Based Proxy Authentication
-
Tracking Host Aging
-
Configuring Network Admission Control
-
Configuring Unicast Flood Blocking
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN, RSPAN and the Mini Protocol Analyzer
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring Automatic QoS
-
Configuring ASLB
-
Configuring the Switch Fabric Module
-
Configuring a VoIP Network
-
Configuring MSFC IOS Features
-
Acronyms
-
Table Of Contents
Ethernet Ingress Port Features
Layer 3 Switching Engine Features
Layer 2 Switching Engine Features
Single-Port ATM OC-12 Switching Module Features
Multilayer Switch Feature Card (MSFC, MSFC2, or MSFC3)
Ethernet Ingress Port Marking, Scheduling, Congestion Avoidance, and Classification
Ethernet Ingress Port Scheduling and Congestion Avoidance
Ethernet Ingress Port Classification Features with a Layer 3 Switching Engine
Classification, Marking, and Policing with a Layer 3 Switching Engine
Final Layer 3 Switching Engine CoS and ToS Values
Classification and Marking on a Supervisor Engine 1 with a Layer 2 Switching Engine
Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking
Scheduling and Congestion Avoidance
QoS Configuration Guidelines and Restrictions
Enabling Port-Based or VLAN-Based QoS
Configuring the Trust State of a Port
Configuring the CoS Value for a Port
ACE Name, Marking Rule, Policing, and Filtering Syntax
Creating or Modifying the Named IPX ACLs
Creating or Modifying the Named MAC ACLs
Creating or Modifying the Default IPX and MAC ACLs
Reverting to the Default Values in the Default ACLs
Attaching an ACL to an Interface
Detaching an ACL from an Interface
Configuring PFC3 Egress DSCP Mutation
Configuring a DSCP Mutation Map
Clearing a Configured DSCP Mutation Map
Applying a DSCP Mutation Map to a VLAN
Clearing a DSCP Mutation Map from a VLAN
Configuring CoS-to-CoS Maps on 802.1Q Tunnel Ports
Enabling a CoS-to CoS Map on a Port
Mapping a CoS Value to a Host Destination MAC Address/VLAN Pair
Deleting a CoS Value to a Host Destination MAC Address/VLAN Pair
Enabling or Disabling Microflow Policing of Bridged Traffic
Configuring the Standard Receive-Queue Tail-Drop Thresholds
Configuring the 2q2t Port Standard Transmit-Queue Tail-Drop Thresholds
Configuring the Standard Queue WRED-Drop Thresholds
Allocating Bandwidth Between the Standard Transmit Queues
Configuring the Receive-Queue Size Ratio
Configuring the Transmit-Queue Size Ratio
Mapping the CoS Values to the Drop Thresholds
Associating the 1q4t/2q2t Ports
Associating the 1q8t, 1q2t/1p2q2t, and 1p1q4t/1p2q2t Ports
Associating the 1p1q0t/1p3q1t Ports
Associating the 1p1q8t/1p2q1t, 1p3q8t, and 1p7q8t Ports
Reverting to the CoS Map Default
Configuring the DSCP Value Maps
Mapping the Received CoS Values to the Internal DSCP Values
Mapping the Received IP Precedence Values to the Internal DSCP Values
Mapping the Internal DSCP Values to the Egress CoS Values
Mapping the DSCP Markdown Values
Selecting COPS as the QoS Policy Source
Selecting the Locally Configured QoS Policy
Enabling Use of the Locally Configured QoS Policy
Removing a Role from the Port ASICs
Configuring the Policy Decision Point Servers
Deleting the PDP Server Configuration
Configuring the COPS Domain Name
Configuring the COPS Communications Parameters
Enabling the Participation in the DSBM Election
Disabling the Participation in the DSBM Election
Configuring the Policy Decision Point Servers
Deleting the PDP Server Configuration
Configuring the RSVP Policy Timeout
Configuring the RSVP Use of Local Policy
Configuring QoS Statistics Data Export
Enabling QoS Statistics Data Export Globally
Enabling Per-Port QoS Statistics Data Export
Enabling Per-Aggregate Policer QoS Statistics Data Export
Clearing the Aggregate Policer QoS Statistics
Setting the QoS Statistics Data Export Time Interval
Configuring the QoS Statistics Data Export Destination Host and UDP Port
Configuring QoS
This chapter describes how to configure quality of service (QoS) on the Catalyst 6500 series switches and includes the configuration information that is required to support Common Open Policy Service (COPS) and Resource ReSerVation Protocol (RSVP).
Note
•
•
You can configure QoS using one of the following:
•
•
•
•
This chapter consists of these sections:
•
Understanding How QoS Works
Note
Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped.
QoS on the Catalyst 6500 series switches selects network traffic, prioritizes it according to its relative importance, and provides priority-indexed treatment through congestion avoidance techniques. QoS makes network performance more predictable and bandwidth utilization more effective.
QoS sets the Layer 2 and Layer 3 values in the network traffic to a configured value or to a value that is based on the received Layer 2 or Layer 3 values. The IP traffic retains the Layer 3 value when it leaves the switch.
With PFC3, you can configure QoS for both the ingress and egress traffic. You can configure QoS per-port or per-VLAN for the ingress traffic. You can configure QoS only per VLAN for the egress traffic.
With other hardware, you can configure QoS per port or per VLAN for the ingress traffic.
These sections describe QoS:
•
•
•
•
QoS Terminology
This section defines some QoS terminology:
•
•
•
–
The Layer 2 Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries an IEEE 802.1p CoS value in the three least significant bits.
The Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits.
The other frame types cannot carry the CoS values.
Note
–
–
Note
•
•
•
•
•
•
–
–
•
•
•
•
•
Flowcharts
Figure 52-1 shows how traffic flows through the QoS features; Figure 52-2 through Figure 52-9 show more details of the traffic flow through QoS features.
Figure 52-1 Traffic Flow Through QoS Features with PFC3
Note
Figure 52-2 Traffic Flow Through QoS Features with PFC and PFC2
Note
•
•
•
Figure 52-3 Ethernet ingress Port Classification, Marking, Scheduling, and Congestion Avoidance
Figure 52-4 PFC3 Classification, Marking, and Policing
Figure 52-5 PFC and PFC2 Classification, Marking, and Policing
Figure 52-6 Layer 2 Switching Engine Classification and Marking
Figure 52-7 Multilayer Switch Feature Card Marking (MSFC and MSFC2)
Figure 52-8 Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking
Figure 52-9 Single-Port ATM OC-12 Switching Module Marking
QoS Feature Set Summary
The QoS feature set on your switch is determined by the switching engine on the supervisor engine. Enter the show module command for the supervisor engine to display your switching engine configuration. The display shows the "Sub-Type" to be one of the following:
•
•
•
•
–
–
–
The Layer 3 Switching Engine (WS-F6K-PFC) and Layer 3 Switching Engine II (WS-F6K-PFC2) support similar feature sets. The two Layer 2 switching engines support the same QoS feature set.
In addition to the features that are supported by the other two Layer 3 switching engines, PFC3A supports these features:
•
•
•
These sections describe the QoS feature sets:
•
•
•
•
•
•
Ethernet Ingress Port Features
With any switching engine, QoS supports classification, marking, scheduling, and congestion avoidance using the Layer 2 CoS values at the Ethernet ingress ports. Classification, marking, scheduling, and congestion avoidance at the Ethernet ingress ports do not use or set the Layer 3 IP precedence or DSCP values. With a Layer 3 switching engine, you can configure the Ethernet ingress port trust states that can be used by the switching engine to set the Layer 3 IP precedence or DSCP values and the Layer 2 CoS value. For more information, see the "Ethernet Ingress Port Marking, Scheduling, Congestion Avoidance, and Classification" section.
Layer 3 Switching Engine Features
With PFC3A/PFC3B/PFC3BXL, PFC2, or PFC, QoS supports classification, marking, and policing using the access control lists (ACLs).
PFC3A/PFC3B/PFC3BXL provides QoS for the ingress and egress traffic. PFC2 and PFC provide QoS only for the ingress traffic.
With PFC3, QoS supports map-based egress DSCP mutation, which allows you to remark the egress traffic after it has been subjected to a policing rule, and the option to preserve the received DSCP in the egress traffic.
The ACLs contain the access control entries (ACEs) that specify the Layer 2, 3, and 4 classification criteria, a marking rule, and policers. Marking sets the Layer 3 IP precedence or DSCP values and the Layer 2 CoS value to either the received or configured Layer 2 or Layer 3 values. Policing uses bandwidth limits to either drop or mark the nonconforming traffic. For more information, see the "Classification, Marking, and Policing with a Layer 3 Switching Engine" section.
During processing, a Layer 3 switching engine associates a DSCP value with all traffic, including non-IP traffic. For more information, see the "Internal DSCP Values" section.
Layer 2 Switching Engine Features
With a Layer 2 Switching Engine, QoS can classify traffic using the Layer 2 destination MAC addresses, VLANs, and marking using the Layer 2 CoS values. Classification and marking with a Layer 2 Switching Engine do not use or set the Layer 3 IP precedence or DSCP values. For more information, see the "Classification and Marking on a Supervisor Engine 1 with a Layer 2 Switching Engine" section.
Ethernet Egress Port Features
With any switching engine, QoS supports Ethernet egress port scheduling and congestion avoidance using the Layer 2 CoS values. Ethernet egress port marking sets the Layer 2 CoS values and, with a Layer 3 switching engine, the Layer 3 DSCP values. For more information, see the "Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking" section.
Single-Port ATM OC-12 Switching Module Features
The ingress interface from a single-port ATM OC-12 switching module is untrusted, and QoS sets CoS to zero in all traffic that is received from it. With a Layer 3 switching engine, QoS can mark the IP traffic that is transmitted to a single-port ATM OC-12 switching module with the Layer 3 DSCP values.
Multilayer Switch Feature Card (MSFC, MSFC2, or MSFC3)
QoS marks the IP traffic that is transmitted to an MSFC with the Layer 3 DSCP values. The CoS is zero in all traffic that is sent from an MSFC to the egress ports.
Note
Ethernet Ingress Port Marking, Scheduling, Congestion Avoidance, and Classification
These sections describe the Ethernet ingress port marking, scheduling, congestion avoidance, and classification:
•
•
Overview
The trust state of an Ethernet port determines how it marks, schedules, and classifies the received traffic, and whether or not congestion avoidance is implemented. You can configure the trust state of each port with one of these keywords:
•
•
•
•
Note
For more information, see the "Configuring the Trust State of a Port" section.
In addition to the port configuration keywords that are listed above, with a Layer 3 switching engine, QoS uses the trust-ipprec, trust-dscp, and trust-cos ACE keywords. Do not confuse the ACE keywords with the port keywords.
The ports that are configured with the untrusted keyword are called "untrusted ports." The ports that are configured with the trust-ipprec, trust-dscp, or trust-cos keywords are called "trusted ports." QoS implements ingress port congestion avoidance only on the ports that are configured with the trust-cos keyword.
Ingress port marking, scheduling, and congestion avoidance use the Layer 2 CoS values. Ingress port marking, scheduling, and congestion avoidance do not use or set the Layer 3 IP precedence or DSCP values.
Marking at Untrusted Ports
QoS marks all frames that are received through the untrusted ports with the port CoS value (the default is zero). QoS does not implement ingress port congestion avoidance on the untrusted ports. The traffic goes directly to the switching engine.
Marking at Trusted Ports
When an ISL frame enters the switch through a trusted port, QoS accepts the three least significant bits in the User field as a CoS value. When an 802.1Q frame enters the switch through a trusted port, QoS accepts the User Priority bits as a CoS value. QoS marks all traffic that is received in the other frame types with the port CoS value.
The port CoS value is configurable for each Ethernet port. For more information, see the "Configuring the CoS Value for a Port" section.
Ethernet Ingress Port Scheduling and Congestion Avoidance
QoS does not implement ingress port congestion avoidance on the ports that are configured with the untrusted, trust-ipprec, or trust-dscp keywords. The traffic goes directly to the switching engine.
QoS uses the CoS-value-based receive-queue drop thresholds to avoid congestion in the traffic that is entering the switch through a port that is configured with the trust-cos keyword (for more information, see the "Configuring the Trust State of a Port" section).
Receive Queues
Enter the show port capabilities command to see the queue structure of a port. The command displays one of the following:
•
•
•
•
•
•
Strict-priority queues are serviced in preference to other queues. QoS services the traffic in a strict-priority queue before servicing the standard queue. When QoS services the standard queue, after receiving a packet, it checks for the traffic in the strict-priority queue. If QoS detects the traffic in the strict-priority queue, it suspends its service of the standard queue and completes the service of all traffic in the strict-priority queue before returning to the standard queue.
Ingress Scheduling
QoS schedules the traffic through the receive queues based on the CoS values. In the default configuration, PFC QoS assigns all traffic with CoS 5 to the strict-priority queue (if present); PFC QoS assigns all other traffic to the standard queue. In the absence of a strict-priority queue, PFC QoS assigns all traffic to the standard queues.
Ingress Congestion Avoidance
If a port is configured with the trust-cos keyword, QoS implements CoS-value-based receive-queue drop thresholds to avoid congestion in the received traffic. See the "QoS Default Configuration" section for the default CoS-to-threshold mapping.
Note
Figure 52-10 shows the drop thresholds for a 1q4t port. The drop thresholds in the other configurations function similarly.
Figure 52-10 Receive-Queue Drop Thresholds
Ethernet Ingress Port Classification Features with a Layer 3 Switching Engine
You can use the untrusted, trust-ipprec, trust-dscp, and trust-cos port keywords to classify the traffic on a per-port basis for a Layer 3 switching engine to mark.
The trust-ipprec and trust-dscp keywords are supported only with a Layer 3 switching engine and are not supported on the 1q4t ports except Gigabit Ethernet. On the 1q4t ports (except Gigabit Ethernet), the trust-cos port keyword displays an error message, activates the receive-queue drop thresholds, and—as indicated by the error message—does not apply the trust-cos trust state to the traffic. You must configure the trust-cos ACL that matches the ingress traffic to apply the trust-cos trust state.
In addition to the per-port classification, you can create the ACEs that classify the traffic on a per-packet basis (for the IP and IPX traffic, see the "Named IP ACLs" section and the "Creating or Modifying the Named IPX ACLs" section) or on a per-frame basis (for the other traffic, see the "Creating or Modifying the Named MAC ACLs" section), regardless of the port configuration (see the "Marking Rules" section).
To mark the traffic in response to per-port classification, the traffic must match an ACE that contains the dscp ACE keyword (see the "Marking Rules" section). In their default configuration, the ACEs in the default ACLs contain the dscp ACE keyword. Table 52-1 lists the per-port classifications and the marking rules that they invoke.
QoS uses the configurable mapping tables to set the internal and egress DSCP, which is a 6-bit value, from the CoS and IP precedence, which are 3-bit values (for more information, see the "Internal DSCP Values" section and the "Configuring the DSCP Value Maps" section).
Classification, Marking, and Policing with a Layer 3 Switching Engine
Note
These sections describe classification, marking, and policing with a Layer 3 switching engine:
•
•
Note
Internal DSCP Values
These sections describe the internal DSCP values:
Internal DSCP Sources
During processing, the priority of all traffic (including non-IP traffic) is represented with an internal DSCP value. QoS derives the internal DSCP value from the following:
•
•
•
•
The trust state of the traffic is the trust state of the ingress port unless set otherwise by the matching ACE.
Note
QoS uses the configurable mapping tables to derive the internal 6-bit DSCP value from the CoS or IP precedence, which are 3-bit values (see the"Mapping the Received CoS Values to the Internal DSCP Values" section or the "Mapping the Received IP Precedence Values to the Internal DSCP Values" section).
Egress DSCP and CoS Sources
For the egress IP traffic, QoS creates a ToS byte from the internal DSCP value (which you can set equal to an IP precedence value) and sends it to the egress port to be written into the IP packets. For the trust-dscp and untrusted IP traffic, the ToS byte includes the original 2 least-significant bits from the received ToS byte.
For all egress traffic, QoS uses a configurable mapping table to derive a CoS value from the internal DSCP value that is associated with the traffic (see the "Mapping the Internal DSCP Values to the Egress CoS Values" section). QoS sends the CoS value to the Ethernet egress ports for use in scheduling and to be written into the ISL and 802.1Q frames.
ACLs
QoS uses the ACLs that contain the ACEs. The ACEs specify the classification criteria, a marking rule, and the policers. QoS compares the received traffic to the ACEs in the ACLs until a match occurs. When the traffic matches the classification criteria in an ACE, QoS marks and polices the packet as specified in the ACE and makes no further comparisons.
There are three ACL types: IP, and with a Layer 3 switching engine, IPX and MAC. QoS compares the traffic of each type (IP, IPX, and MAC) only to the corresponding ACL type (see Table 52-2).
Table 52-2 Supported EtherType Field Values
IP
0x0800
IP
IPX 1
0x8137 and 0x8138
IPX
MAC2
0x0600 and 0x0601
XNS
0x0BAD and 0x0BAF
Banyan VINES
0x6000-0x6009 and 0x8038-0x8042
DECnet
0x809b and 0x80f3
AppleTalk
1 The PFC3 does not provide QoS for the IPX traffic.
2 The QoS MAC ACLs that do not include an EtherType parameter match the traffic with any value in the EtherType field, which allows MAC-level QoS to be applied to any traffic except IP and IPX.
QoS supports the user-created named ACLs, each containing an ordered list of ACEs, and the user-configurable default ACLs, each containing a single ACE.
Named ACLs
You create a named ACL when you enter an ACE with a new ACL name. You add an ACE to an existing ACL when you enter an ACE with the name of the existing ACL.
You can specify the classification criteria for each ACE in a named ACL. The classification criteria can be specific values or wildcards (for more information, see the "Creating or Modifying ACLs" section).
These sections describe the classification criteria that can be specified in a named ACL:
•
•
•
•
•
•
•
•
IP ACE Layer 3 Classification Criteria
You can create the IP ACEs that match the traffic with the specific Layer 3 values by including these Layer 3 parameters (see the "Named IP ACLs" section):
•
•
•
–
–
–
–
–
–
–
–
Note
IP ACE Layer 4 Protocol Classification Criteria
You can create the IP ACEs that match the specific Layer 4 protocol traffic by including a Layer 4 protocol parameter (see the "IP ACLs for Other Layer 4 Protocols" section). You can specify the protocol numerically (0-255) or with these keywords: ahp (51), eigrp (88), esp (50), gre (47), igrp (9), icmp (1), igmp (2), igrp (9), ip (0), ipinip (4), nos (94), ospf (89), pcp (108), pim (103), tcp (6), or udp (17).
Note
IP ACE Layer 4 TCP Classification Criteria
You can create the Transmission Control Protocol (TCP) ACEs that match the traffic for the specific TCP ports by including the TCP source and/or destination port parameters (for more information, see the "IP ACEs for TCP Traffic" section).
You can specify the TCP port parameters numerically (0-65535) or with these keywords:
Note
IP ACE Layer 4 UDP Classification Criteria
You can create the User Datagram Protocol (UDP) ACEs that match the traffic for specific UDP source and/or destination ports by including the UDP port parameters. For more information, see the "IP ACEs for UDP Traffic" section.
You can specify the UDP port parameters numerically (0-65535) or with these keywords:
Note
IP ACE Layer 4 ICMP Classification Criteria
You can create the Internet Control Management Protocol (ICMP) ACEs that match the traffic containing specific ICMP messages by including the ICMP types and optionally, the ICMP codes. For more information, see the "IP ACEs for ICMP Traffic" section.
You can specify the ICMP types and codes numerically (0-255) or with these keywords:
administratively-prohibited
3
13
net-tos-unreachable
3
11
alternate-address1
6
—
net-unreachable
3
0
conversion-error
31
0
network-unknown
3
6
dod-host-prohibited
3
10
no-room-for-option
12
2
dod-net-prohibited
3
9
option-missing
12
1
echo
8
0
packet-too-big
3
4
echo-reply
0
0
parameter-problem
12
0
general-parameter-problem1
12
—
port-unreachable
3
3
host-isolated
3
8
precedence-unreachable
3
15
host-precedence-unreachable
3
14
protocol-unreachable
3
2
host-redirect
5
1
reassembly-timeout
11
1
host-tos-redirect
5
3
redirect1
5
—
host-tos-unreachable
3
12
router-advertisement
9
0
host-unknown
3
7
router-solicitation
10
0
host-unreachable
3
1
source-quench
4
0
information-reply
16
0
source-route-failed
3
5
information-request
15
0
time-exceeded1
11
—
mask-reply
18
0
timestamp-reply
14
0
mask-request
17
0
timestamp-request
13
0
mobile-redirect
32
0
traceroute
30
0
net-redirect
5
0
ttl-exceeded
11
0
net-tos-redirect
5
2
unreachable1
3
—
1 Matches all code values
Note
IP ACE Layer 4 IGMP Classification Criteria
You can create the IGMP ACEs that match the traffic containing the specific IGMP messages by including an IGMP type parameter (for more information, see the "IP ACEs for IGMP Traffic" section). You can specify the IGMP type numerically (0-255) or with these keywords: host-query (1), host-report (2), dvmrp (3), pim (4), or trace (5).
Note
•
•
•
IPX ACE Classification Criteria
Note
You can create the IPX ACEs that match the specific IPX traffic by including these parameters (for more information, see the "Creating or Modifying the Named IPX ACLs" section):
•
•
•
–
–
MAC ACE Layer 2 Classification Criteria
You can create the MAC ACEs that match the specific Ethernet traffic by including these Layer 2 parameters (for more information, see the "Creating or Modifying the Named MAC ACLs" section):
•
•
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
•
–
–
The QoS MAC ACLs that do not include an EtherType parameter match the traffic with any value in the EtherType field, which allows the MAC-level QoS to be applied to any traffic except IP and IPX.
Default ACLs
There are three default ACLs, one each for IP, and with a Layer 3 switching engine, IPX and MAC traffic. Each ACL has a single ACE that has a configurable marking rule and configurable policers. The default ACLs have nonconfigurable classification criteria that matches all traffic. QoS compares any traffic with a supported EtherType field value that does not match a named ACL to the default ACLs. The unmatched IP traffic matches the default IP ACL. The unmatched IPX traffic matches the default IPX ACL. The unmatched Ethernet traffic matches the default MAC ACL.
Note
Marking Rules
Note
The marking rules specify how QoS marks the traffic when the traffic matches the filtering parameters in an ACE (see the "ACE Name, Marking Rule, Policing, and Filtering Syntax" section). QoS supports four marking rules that are specified with the following four ACE keywords: trust-dscp, trust-ipprec, trust-cos, and dscp. Each ACE contains one of the keywords.
The marking rules are as follows:
•
•
Note
•
•
–
–
–
–
Note
QoS uses the configurable mapping tables to set the DSCP value, which is 6 bits, from the CoS and IP precedence, which are 3-bit values (for more information, see the "Mapping the Received CoS Values to the Internal DSCP Values" section and the "Mapping the Received IP Precedence Values to the Internal DSCP Values" section).
Policers
You can create the named policers that specify the bandwidth utilization limits, which you can apply to the traffic by including the policer name in an ACE (for more information, see the "Creating Policers" section).
Policing uses a token bucket scheme. As the packets arrive, the packet size in bytes is added to the bucket level. Every 0.25 ms, a value equal to the token rate is subtracted from the bucket level.
You specify the bandwidth utilization limits as an average rate and a maximum burst size. The packets that exceed these limits are "out of profile." The traffic is in profile as long as it flows in at an average rate and never bursts beyond the burst size.
With PFC and PFC2, the policing rates use the Layer 3 packet size. With PFC3, the policing rates use the Layer 2 frame size.
In each policer, you specify if the out-of-profile packets are to be dropped or to have a new DSCP value applied to them (applying a new DSCP value is called "markdown"). Because the out-of-profile packets do not retain their original priority, they are not counted as part of the bandwidth that is consumed by the in-profile packets.
For all policers, QoS uses a configurable table that maps the received DSCP values to the marked-down DSCP values (for more information, see the "Mapping the DSCP Markdown Values" section). When the markdown occurs, QoS gets the marked-down DSCP value from the table. You cannot specify a marked-down DSCP value in the individual policers.
Note
You give each policer a unique name when you create it and then use the name to include the policer in an ACE. The same policer can be used in multiple ACEs.
You can create these policers:
•
•
•
–
–
Note
You can include both a microflow policer and an aggregate policer in each ACE to police a flow that is based on both its own bandwidth utilization and on its bandwidth utilization combined with that of the other flows.
For example, you could create a microflow policer named "group_individual" with the bandwidth limits that are suitable for the flows of the individuals in a group, and you could create an aggregate policer named "group_all" with the bandwidth limits that are suitable for the group as a whole. You could include both policers in the ACEs that match the group's traffic. The combination would affect the individuals separately and the group cumulatively.
For the ACEs that include both a microflow policer and an aggregate policer, QoS responds to an out-of-profile status from either policer, and as specified by the policer, applies a new DSCP value or drops the packet. If both policers return an out-of-profile status, then if either policer specifies that the packet is to be dropped, it is dropped; otherwise, QoS applies a new DSCP value.
Follow these guidelines when creating policers:
•
•
•
•
•
PFC2 Policing Decisions
With PFC2, the policing decision consists of two levels:
•
•
The packets are dropped if the excess rate aggregate policer returns an out-of-profile decision and the drop indication flag is set or if the microflow policer returns an out-of-profile decision and the drop indication flag is set.
If an excess police level is set, the excess DSCP mapping is used to replace the original DSCP value with a marked-down value. If only a normal police level is set, the normal DSCP mapping is used. The excess police level has precedence for selecting the mapping rules when both police levels are set because the excess police level represents the worst out-of-profile transgression.
PFC3 Policing Decisions
In addition to PFC2 policing decisions, PFC3 supports egress QoS. These sections describe the PFC3 policing decisions:
•
•
•
Policing Hardware-Forwarded LAN Traffic
The hardware-forwarded LAN traffic (traffic that is forwarded by PFC3) can be subject to both an ingress and an egress policing rule. When the LAN traffic is subject to both an ingress and an egress policing rule, QoS evaluates both the rules simultaneously and applies the most severe rule. Because the policing rules are evaluated simultaneously, the markdown from an ingress policing rule is never used as the basis for the egress policing markdown.
Policing Software-Forwarded LAN Traffic
The software-forwarded LAN traffic (LAN traffic that is forwarded in the software by the MSFC) can be subject to both an ingress and an egress policing rule. When the software-forwarded traffic is subject to both an ingress and an egress policing rule, QoS evaluates the rules sequentially. The markdown from an ingress policing rule can be the basis for the egress policing markdown.
Policing Software-Forwarded WAN Traffic
PFC3 can provide egress QoS for the software-forwarded WAN traffic. The software-forwarded WAN traffic is subject only to an egress policing rule.
Attaching ACLs
You can configure each port for either port-based QoS (default) or VLAN-based QoS (see the "Enabling Port-Based or VLAN-Based QoS" section) and attach the ACLs to the selected interface (see the "Attaching an ACL to an Interface" section). You can attach up to three named ACLs, one of each type (IP, IPX, and Ethernet) to each port and VLAN.
On the ports that are configured for VLAN-based QoS, you can attach the named ACLs to the port's VLAN. For a trunk, you can attach the named ACLs to any VLANs that are allowed on the trunk as follows:
•
•
On the ports that are configured for port-based QoS, you can attach the named ACLs to the port as follows:
•
•
With PFC3, you can configure the ingress and egress QoS. To configure the ingress QoS, you attach the QoS ACLs to the ports and to the VLANs with the input keyword. To configure the egress QoS, you attach the QoS ACLs to the VLANs with the output keyword. The egress QoS does not use the port-based QoS (default) or VLAN-based QoS setting.
PFC3 Egress DSCP Mutation
PFC3 supports map-based egress DSCP mutation. You can configure up to 15 DSCP-to-DSCP mutation maps and apply the maps to the VLANs. QoS remarks the internal DSCP value in the egress traffic in the VLANs.
Final Layer 3 Switching Engine CoS and ToS Values
With a Layer 3 switching engine, QoS associates the CoS and ToS values with the traffic as specified by the marking rules and policers in the ACE that the traffic matches (see the "Internal DSCP Values" section). The associated CoS and ToS are used at the Ethernet egress port (see the "Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking" section).
With PFC3A, you can configure QoS to use the received DSCP value in the egress ToS byte, instead of the DSCP that is created by marking and policing.
Classification and Marking on a Supervisor Engine 1 with a Layer 2 Switching Engine
On a Supervisor Engine 1 with a Layer 2 Switching Engine, QoS can classify the traffic that is addressed to the specified MAC address/VLAN pairs to be marked with a configured CoS value (for more information, see the "QoS Terminology" section and the "Mapping a CoS Value to a Host Destination MAC Address/VLAN Pair" section).
Note
Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking
These sections describe Ethernet egress port scheduling, congestion avoidance, and marking:
•
Overview
QoS schedules the traffic through the transmit queues based on the CoS values and uses the CoS-value-based transmit-queue drop thresholds to avoid congestion in the traffic that is transmitted from the Ethernet ports.
Note
Transmit Queues
Enter the show port capabilities command to see the queue structure of a port. The command displays one of the following:
•
•
•
•
•
•
For the port types with a strict-priority queue, the switch services the traffic in the strict-priority transmit queue before servicing the standard queues. When the switch is servicing a standard queue, after transmitting a packet, it checks for the traffic in the strict-priority queue. If the switch detects the traffic in the strict-priority queue, it suspends its service of the standard queue and completes the service of all the traffic in the strict-priority queue before returning to the standard queue.
Scheduling and Congestion Avoidance
QoS implements the CoS-value-based transmit-queue drop thresholds to avoid congestion in the transmitted traffic. See the "QoS Default Configuration" section for the default CoS-to-threshold mapping.
For some port types, you can configure each standard transmit queue to use both a nonconfigurable 100-percent tail-drop threshold and a configurable WRED-drop threshold (see the "1p3q1t Transmit Queues" section and the "1p2q1t, 1p3q8t, and 1p7q8t Transmit Queues" section). The switch uses the tail-drop thresholds for the traffic carrying the CoS values that are mapped only to a queue. The switch uses the WRED-drop thresholds for the traffic carrying the CoS values that are mapped to a queue and a threshold.
Marking
When the traffic is transmitted from the switch, QoS writes the ToS byte into the IP traffic (Layer 3 switching engine only) and the CoS value that was used for scheduling and congestion avoidance into the ISL or 802.1Q traffic (for more information, see the "Final Layer 3 Switching Engine CoS and ToS Values" section).
QoS Statistics Data Export
QoS statistics data export generates per-port and per-aggregate policer utilization information and forwards this information in the UDP packets to traffic monitoring, planning, or accounting applications. You can enable QoS statistics data export per port or per aggregate policer. The statistics data that is generated per port consists of the counts of the input and output packets and bytes. The aggregate policer statistics consists of the counts of the allowed packets and the counts of the packets exceeding the policed rate.
The QoS statistics data collection occurs periodically at a fixed interval, but the interval at which the data is exported is configurable. QoS statistics collection is enabled by default, and data export is disabled by default for all the ports and all the aggregate policers that are configured on the Catalyst 6500 series switch.
Note
•
For information on configuring QoS statistics data export, see the "Configuring QoS Statistics Data Export" section.
QoS Default Configuration
Table 52-3 shows the QoS default configuration.
Table 52-3 QoS Default Configuration
QoS enable state
Disabled
Note—With QoS enabled and all other QoS parameters at the default values, QoS sets Layer 3 DSCP to zero and Layer 2 CoS to zero in all traffic that is transmitted from the switch.
DSCP Rewrite
Enabled
Egress DSCP Mutation
Disabled
Port CoS value
0
IntraVLAN microflow policing
Disabled
CoS to internal DSCP map
(internal DSCP set from CoS values)CoS 0 = DSCP 0
CoS 1 = DSCP 8
CoS 2 = DSCP 16
CoS 3 = DSCP 24
CoS 4 = DSCP 32
CoS 5 = DSCP 40
CoS 6 = DSCP 48
CoS 7 = DSCP 56IP precedence to internal DSCP map
(internal DSCP set from IP precedence values)IP precedence 0 = DSCP 0
IP precedence 1 = DSCP 8
IP precedence 2 = DSCP 16
IP precedence 3 = DSCP 24
IP precedence 4 = DSCP 32
IP precedence 5 = DSCP 40
IP precedence 6 = DSCP 48
IP precedence 7 = DSCP 56Internal DSCP to egress CoS map
(egress CoS set from internal DSCP values)DSCP 0-7 = CoS 0
DSCP 8-15 = CoS 1
DSCP 16-23 = CoS 2
DSCP 24-31 = CoS 3
DSCP 32-39 = CoS 4
DSCP 40-47 = CoS 5
DSCP 48-55 = CoS 6
DSCP 56-63 = CoS 7Marked-down DSCP from DSCP map
Marked-down DSCP value equals original DSCP value (no markdown)
Policers
None
Named ACLs
None
Default ACLs
Supports per-port classification and marking, sets DSCP to 0 in traffic from the untrusted ports, no policing
COPS1 support
Disabled
RSVP support
Disabled
QoS statistics data export
Disabled
Runtime—Port based or VLAN based
Port based
Config—Port based or VLAN based
Port based
Port trust state
Untrusted
2q2t transmit-queue size percentages
•
•
1p1q0t receive-queue size percentages
•
•
1p2q2t transmit-queue size percentages
•
•
•
1p2q1t transmit-queue size percentages
•
•
•
1p3q8t transmit-queue size percentages
•
•
•
•
1p7q8t transmit-queue size percentages
•
•
•
•
•
•
•
•
1p3q8t standard transmit-queue low:medium:high priority bandwidth allocation ratio
20:100:200
1p7q8t standard transmit-queue lowest-to-highest priority bandwidth allocation ratio
10:20:30:40:40:70:70
1p2q1t standard transmit-queue low:high priority bandwidth allocation ratio
100:255
2q2t, 1p2q2t, and 1p2q1t standard transmit-queue low:high priority bandwidth allocation ratio
5:255
1p3q1t standard transmit-queue low:medium:high-priority bandwidth allocation ratio
100:150:200
1q4t/2q2t receive and transmit-queue CoS value/drop-threshold mapping
•
transmit queue 1/drop threshold 1 (80%): CoS 0 and 1•
transmit queue 1/drop threshold 2 (100%): CoS 2 and 3•
transmit queue 2/drop threshold 1 (80%): CoS 4 and 5•
transmit queue 2/drop threshold 2 (100%): CoS 6 and 71q2t port receive-queue CoS value/drop-threshold mapping and threshold percentages
•
–
–
•
–
–
Note
1p1q4t/1p2q2t port receive and transmit-queue CoS value/drop-threshold mapping and threshold percentages
•
strict-priority transmit queue 1: CoS 5•
transmit queue 1/drop threshold 1:–
–
•
transmit queue 1/drop threshold 2:–
–
•
transmit queue 2/drop threshold 1:–
–
•
transmit queue 2/drop threshold 2:–
–
1p1q0t receive-queue CoS value mapping
•
CoS 0, 1, 2, 3, 4, 6, and 7•
1q8t receive-queue CoS value/drop-threshold mapping
•
•
•
•
•
•
•
•
1p3q8t transmit-queue CoS value/drop-threshold mapping
•
–
–
•
–
–
•
–
–
–
–
–
–
•
1p7q8t transmit-queue CoS value/drop-threshold mapping
•
–
–
•
–
–
•
–
–
•
–
–
•
–
–
•
–
–
–
•
–
–
–
•
1p3q1t transmit-queue CoS value/drop-threshold mapping
•
–
–
•
–
–
•
–
–
•
1p1q8t receive-queue port CoS value/drop-threshold mapping
•
CoS 0, 1, 2, 3, 4, 6, and 7:–
Low WRED threshold: 40%
High WRED-drop threshold: 70%–
Low WRED threshold: 40%
High WRED-drop threshold: 70%–
Low WRED threshold: 50%
High WRED-drop threshold: 80%–
Low WRED threshold: 50%
High WRED-drop threshold: 80%–
Low WRED threshold: 60%
High WRED-drop threshold: 90%–
Low WRED threshold: 60%
High WRED-drop threshold: 90%–
Low WRED threshold: 70%
High WRED-drop threshold: 100%•
1p2q1t transmit-queue port CoS value/drop-threshold mapping
•
–
–
–
•
–
–
–
•
Runtime—Port based or VLAN based
VLAN based
Config—Port based or VLAN based
Port based
Port trust state
trust-cos (Layer 2 switching engine)
trust-dscp (Layer 3 switching engine)Receive-queue drop-threshold percentages
All thresholds set to 100%
Transmit-queue drop-threshold percentages
All thresholds set to 100%
Transmit-queue low-priority/high-priority bandwidth allocation ratio
255:1
Transmit-queue size ratio
•
•
CoS value/drop-threshold mapping
Receive-drop threshold 1 and transmit-queue 1/drop threshold 1: CoS 0-7
1 COPS = Common Open Policy Service
QoS Configuration Guidelines and Restrictions
QoS has the following hardware granularity for the committed information rate (CIR) and the peak information rate (PIR) values:
Within each range, PFC QoS programs the PFC hardware with the rate values that are multiples of the granularity values.
QoS has the following hardware granularity for the CIR and PIR token bucket (burst) sizes:
Configuring QoS on the Switch
These sections describe how to configure QoS on the Catalyst 6500 series switches:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note
Enabling QoS
To enable QoS, perform this task in privileged mode:
This example shows how to enable QoS:
Console> (enable) set qos enableQoS is enabled.Console> (enable)Enabling DSCP Rewrite
Note
To enable DSCP rewrite, which uses the DSCP value from marking and policing as the egress DSCP value, perform this task in privileged mode:
This example shows how to enable DSCP rewrite:
Console> (enable) set qos dscp-rewrite enableDSCP rewrite has been globally enabled.Console> (enable)Disabling DSCP Rewrite
Note
To disable DSCP rewrite, which uses the received DSCP value as the egress DSCP value, perform this task in privileged mode:
This example shows how to disable DSCP rewrite:
Console> (enable) set qos dscp-rewrite disableDSCP rewrite has been globally disabled.Console> (enable)Enabling Port-Based or VLAN-Based QoS
Note
By default, QoS uses the ACLs that are attached to the ports. On a per-port basis, you can configure QoS to use the ACLs that are attached to a VLAN. To enable VLAN-based QoS on a port, perform this task in privileged mode:
Step 1
Enable VLAN-based QoS on a port.
set port qos mod/port {port-based | vlan-based}
Step 2
Verify the configuration.
show port qos mod/port
For more information, see the "Attaching ACLs" section.
This example shows how to enable the VLAN-based QoS on a port:
Console> (enable) set port qos 1/1-2 vlan-basedHardware programming in progress...QoS interface is set to vlan-based for ports 1/1-2.Console> (enable)Changing a port from port-based to VLAN-based QoS detaches all ACLs from the port. Any ACLs that are attached to the VLAN apply to the port immediately (for more information, see the "Attaching an ACL to an Interface" section).
Configuring the Trust State of a Port
This command configures the trust state of a port (for more information, see the "Ethernet Ingress Port Marking, Scheduling, Congestion Avoidance, and Classification" section). By default, all ports are untrusted.
To configure the trust state of a port, perform this task in privileged mode:
Step 1
Configure the trust state of a port.
set port qos trust {untrusted | trust-cos | trust-ipprec | trust-dscp}
Step 2
Verify the configuration.
show port qos
Note the following syntax guidelines when configuring the trust state of a port:
•
•
•
This example shows how to configure port 1/1 with the trust-cos keyword:
Console> (enable) set port qos 1/1 trust trust-cosPort 1/1 qos set to trust-cosConsole> (enable)
Note
Configuring the CoS Value for a Port
Note
The unmarked frames from the ports that are configured as trusted and all frames from the ports that are configured as untrusted are assigned the CoS value that is specified with this command.
To configure the CoS value for a port, perform this task in privileged mode:
Step 1
Configure the CoS value for a port.
set port qos cos cos_value
Step 2
Verify the configuration.
show port qos
This example shows how to configure the port CoS value to 3 for port 1/1:
Console> (enable) set port qos 1/1 cos 3Port 1/1 qos cos set to 3Console> (enable)To revert to the default CoS value for a port, perform this task in privileged mode:
Step 1
Revert to the default CoS value for a port.
clear port qos cos
Step 2
Verify the configuration.
show port qos
This example shows how to revert to the default CoS value for port 1/1:
Console> (enable) clear port qos 1/1 cosPort 1/1 qos cos setting cleared.Console> (enable)Creating Policers
Note
To create a policer, perform this task in privileged mode:
For more information, see the "Policers" section and the "PFC2 Policing Decisions" section.
The policer_name parameter can be up to 31 characters, is case sensitive, and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.).The policer names must start with an alphabetic character (not a digit) and must be unique across all microflow and aggregate policers. You cannot use the keywords from any command as a policer name.
The valid values for the rate and erate parameters are 32 Kbps (entered as 32) to 32 Gbps (entered as 32000000). To classify all traffic as out of profile, set the rate parameter to zero (0). Set the erate parameter to a higher value than the rate parameter. PFC1 and PFC2 have the following hardware granularity for rate values:
Within each range, QoS programs the hardware with the rate values that are multiples of the granularity values.
The valid values for the burst and eburst parameters are 1 Kb (entered as 1) to 256 Mb (entered as 256000). When configuring the burst and eburst parameters, note the following:
•
•
•
•
•
•
Enter either the drop keyword to cause all out-of-profile packets to be dropped or the policed-dscp keyword to cause all out-of-profile packets with the normal rate to be marked down as specified in the normal markdown DSCP map (for more information, see the "Mapping the DSCP Markdown Values" section).
This example shows how to create a microflow policer with a 1-Mbps rate limit and a 10-Mb burst limit that marks down out-of-profile traffic:
Console> (enable) set qos policer microflow my-micro rate 1000 burst 10000 policed-dscpHardware programming in progress...QoS policer for microflow my-micro created successfully.Console> (enable)For PFC2 or PFC3A, this example shows how to create an aggregate excess rate policer with a 64-Kbps rate limit and a 128-Kb burst limit that drops the traffic exceeding these values:
Console> (enable) set qos policer aggregate test rate 64 burst 128 dropQoS policer for aggregate test created successfully.Console> (enable) show qos policer config aggregate testQoS aggregate policers:QoS aggregate policers:Aggregate name Normal rate (kbps) Burst size (kb) Normal action----------------------------- ------------------ --------------- -------------test 64 128 policed-dscpExcess rate (kbps) Burst size (kb) Excess action------------------ --------------- -------------64 128 dropACL attached------------------------------------Console> (enable)For PFC2 or PFC3A, this example shows how to create an aggregate excess rate policer with a 64-Kbps rate limit and a 100-Kb burst limit that will cause all out-of-profile packets to be marked down as specified in the normal markdown DSCP map:
Console> (enable) set qos policer aggregate test2 rate 64 burst 100 policed-dscpQoS policer for aggregate test2 created successfully.Console> (enable) show qos policer config aggregate test2QoS aggregate policers:Aggregate name Normal rate (kbps) Burst size (kb) Normal action----------------------------- ------------------ --------------- -------------test2 64 100 policed-dscpExcess rate (kbps) Burst size (kb) Excess action------------------ -------------- ---------------8000000 100 policed-dscpACL attached------------------------------------Console> (enable)For PFC2 or PFC3A, this example shows how to create an aggregate excess rate policer with a 64-Kbps rate limit and a 128-Kb burst limit that will cause the traffic that exceeds the normal rate of 64 Kbps and a burst size of 96 Kb to be marked down as specified in the normal markdown DSCP map, and the traffic that exceeds 128 Kbps and a burst size of 96 Kb to be dropped:
Console> (enable) set qos policer aggregate test3 rate 64 policed-dscp erate 128 drop burst 96QoS policer for aggregate test3 created successfully.Console> (enable) show qos policer config aggregate test3QoS aggregate policers:Aggregate name Normal rate (kbps) Burst size (kb) Normal action----------------------------- ------------------ --------------- -------------test3 64 96 policed-dscpExcess rate (kbps) Burst size (kb) Excess action------------------ --------------- ---------------128 96 dropACL attached------------------------------------Console> (enable)Deleting Policers
Note
To delete one or all policers, perform this task in privileged mode:
This example shows how to delete the microflow policer named my_micro:
Console> (enable) clear qos policer microflow my_micromy_micro QoS microflow policer cleared.Console> (enable)Creating or Modifying ACLs
Note
These sections describe how to create and modify the ACLs:
•
•
•
•
•
•
•
ACL Names
The ACL names can be up to 31 characters, are case sensitive, and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.). The ACL names must start with an alphabetic character and must be unique across all QoS ACLs of all types. You cannot use the keywords from any command as an ACL name.
ACE Name, Marking Rule, Policing, and Filtering Syntax
The ACE command syntax is organized as follows:
ACL_command ACL_type_and_name marking_rule policing_rule filteringFor example, in an IP ACE, the command syntax is as follows:
set qos acl ip acl_name {dscp dscp_value | trust-cos | trust-ipprec | trust-dscp} [microflow microflow_name] [aggregate aggregate_name] src_ip_spec [precedence precedence | dscp-field dscp] [before editbuffer_index | modify editbuffer_index]
•
•
•
•
Named IP ACLs
These sections describe how to create or modify the IP ACLs:
•
•
Source and Destination IP Addresses and Masks
In the IP ACEs, specify the source and destination IP addresses and masks (represented by the src_ip_spec and dest_ip_spec parameters in the following sections) in the form ip_address mask. The mask is mandatory. Use one bits, which need not be contiguous, where you want the wildcards.
Use any of the following formats for the address and mask:
•
•
•
Port Operator Parameters
In the IP ACEs, the operator parameter can be one of the following:
•
•
•
•
•
See the "Layer 4 Operations Configuration Guidelines" section on page 15-23 for restrictions that apply to the QoS ACLs.
Precedence Parameter Options
For the precedence parameter keyword options in the IP ACEs, see the "IP ACE Layer 3 Classification Criteria" section.
IP ACEs for TCP Traffic
To create or modify an IP ACE for the TCP traffic, perform this task in privileged mode:
For the port parameter keyword options, see the "IP ACE Layer 4 TCP Classification Criteria" section.
The established keyword matches the traffic with the ACK or RST bits set.
This example shows how to create an IP ACE for the TCP traffic:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg tcp any anymy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)IP ACEs for UDP Traffic
To create or modify an IP ACE for the UDP traffic, perform this task in privileged mode:
For the port parameter keyword options, see the "IP ACE Layer 4 UDP Classification Criteria" section.
This example shows how to create an IP ACE for the UDP traffic:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg udp any anymy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)IP ACEs for ICMP Traffic
To create or modify an IP ACE for the ICMP traffic, perform this task in privileged mode:
For the icmp_code and icmp_type parameter keyword options, see the "IP ACE Layer 4 ICMP Classification Criteria" section.
This example shows how to create an IP ACE for ICMP echo traffic:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg icmp any any echomy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)IP ACEs for IGMP Traffic
Note
To create or modify an IP ACE for the IGMP traffic, perform this task in privileged mode:
For the igmp_type parameter keyword options, see the "IP ACE Layer 4 IGMP Classification Criteria" section.
This example shows how to create an IP ACE for the IGMP Protocol Independent Multicast (PIM) traffic:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg igmp any any pimmy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)IP ACLs for Other Layer 4 Protocols
To create or modify a named IP ACL with additional parameters that match all Layer 4 protocols, perform this task in privileged mode:
Note
For the protocol parameter keyword options, see the "IP ACE Layer 4 Protocol Classification Criteria" section.
This example shows how to create an IP ACE for the IPINIP traffic:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg ipinip any anymy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)IP ACEs for Any IP Traffic
To create or modify an IP ACE that matches all IP traffic, perform this task in privileged mode:
This example shows how to create an IP ACE:
Console> (enable) set qos acl ip my_IPacl trust-ipprec microflow my-micro aggregate my-agg anymy_IPacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)Modifying the Default IP ACLs
These sections describe how to modify the default IP ACLs:
•
•
Modifying the Default IP Ingress ACL
To modify the default IP ingress ACL, perform this task in privileged mode:
Note
For more information, see the "Default ACLs" section.
This example shows how to modify the default IP ACL:
Console> (enable) set qos acl default-action ip dscp 5 microflow my-micro aggregate my-aggQoS default-action for IP ACL is set successfully.Console> (enable)Modifying the Default IP Egress ACL
Note
To modify the default IP egress ACL, perform this task in privileged mode:
Note
For more information, see the "Default ACLs" section.
This example shows how to modify the default IP ACL:
Console> (enable) set qos acl default-action ip dscp 5 microflow my-micro aggregate my-aggQoS default-action for IP ACL is set successfully.Console> (enable)Creating or Modifying the Named IPX ACLs
Note
To create or modify a named IPX ACL, perform this task in privileged mode:
The protocol parameter can be specified numerically (0-255) or with these keywords: any, ncp (17), netbios (20), rip (1), sap (4), or spx (5).
The src_net and dest_net parameters are IPX network numbers, entered as up to 8 hexadecimal digits in the range 1 to FFFFFFFE (-1 matches any network number). You do not need to enter leading zeros.
If you specify an IPX destination network, the IPX ACEs support the following optional parameters:
•
•
•
This example shows how to create an IPX ACE:
Console> (enable) set qos acl ipx my_IPXacl trust-cos aggregate my-agg -1my_IPXacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)Creating or Modifying the Named MAC ACLs
To create or modify a named MAC ACL, perform this task in privileged mode:
Enter the src_mac_spec and dest_mac_spec parameters as a MAC address and a mask. Each parameter is 12 hexadecimal digits (48 bits), formatted as dash-separated pairs. Use one bits, which need not be contiguous, where you want the wildcards. Use the any keyword for a MAC address and mask of 0-0-0-0-0-0 ff-ff-ff-ff-ff-ff. Use the host keyword with a MAC address to specify an all-zero mask (mac_address 0-0-0-0-0-0).
Enter the ethertype parameter as 4 hexadecimal digits (16 bits) prefaced with 0x (for example, 0x0600) or as a keyword (see the "MAC ACE Layer 2 Classification Criteria" section).
This example shows how to create a MAC ACE:
Console> (enable) set qos acl mac my_MACacl trust-cos aggregate my-agg any anymy_MACacl editbuffer modified. Use `commit' command to apply changes.Console> (enable)
Note
Creating or Modifying the Default IPX and MAC ACLs
Note
To create or modify the default IPX or MAC ACL, perform this task in privileged mode:
For more information, see the "Default ACLs" section.
This example shows how to modify the default IPX ACL:
Console> (enable) set qos acl default-action ipx dscp 5 aggregate my-aggQoS default-action for IPX ACL is set successfully.Console> (enable)
Note
Deleting a Named ACL
To delete a named ACL, perform this task in privileged mode:
Step 1
Delete a named ACL.
clear qos acl acl_name [editbuffer_index]
Step 2
Verify the configuration.
show qos acl info {acl_name | all}
This example shows how to delete the ACL named icmp_acl:
Console> (enable) clear qos acl icmp_acl 1ACL icmp_acl ACE# 1 is deleted.icmp_acl editbuffer modified. Use `commit' command to apply changes.Console> (enable)Reverting to the Default Values in the Default ACLs
To revert to the default values for a default ACL, perform this task in privileged mode:
This example shows how to revert to the default values for the default IP ACL:
Console> (enable) clear qos acl default-action ipHardware programming in progress...QoS default-action for IP ACL is restored to default setting.Console> (enable)Discarding an Uncommitted ACL
To discard an uncommitted new ACL or uncommitted changes to an existing ACL, perform this task in privileged mode:
Step 1
Discard an uncommitted ACL.
rollback qos acl {acl_name | all}
Step 2
If you discarded changes to an existing ACL, verify the configuration.
show qos acl info {acl_name | all}
This example shows how to discard an uncommitted ACL named my_acl:
Console> (enable) rollback qos acl my_aclRollback for QoS ACL my_acl is successful.Console> (enable)
Note
Committing an ACL
When you create, change, or delete a named ACL, the changes exist temporarily in an edit buffer in memory. To commit the ACL so that it can be used, perform this task in privileged mode:
Step 1
Commit an ACL.
commit qos acl acl_name
Step 2
Verify the configuration.
show config qos acl {acl_name | all}
This example shows how to commit an ACL named my_acl:
Console> (enable) commit qos acl my_aclHardware programming in progress...ACL my_acl is committed to hardware.Console> (enable)
Note
See the "Configuring and Storing VACLs and QoS ACLs in Flash Memory" section on page 15-64 for information about where the QoS ACLs are stored.
Attaching an ACL to an Interface
Note
You can do the following:
•
•
•
When an ACL of a particular type (IP, IPX, or MAC Layer) is already attached to an interface, attaching a different ACL of the same type detaches the previous ACL.
To attach an ACL to a port or a VLAN, perform this task in privileged mode:
Note
Note
This example shows how to attach an ACL named test to VLAN 1 to filter the ingress traffic:
Console> (enable) set qos acl map test 1ACL test is successfully mapped to vlan 1 on input side.Console> (enable)This example shows how to attach an ACL named test2 to VLAN 1 to filter the egress traffic:
Console> (enable) set qos acl map test2 1 outputACL test2 is successfully mapped to vlan 1 on output side.Console> (enable)
Note
Detaching an ACL from an Interface
Note
To detach an ACL from a port or a VLAN, perform this task in privileged mode:
Note
This example shows how to detach an ACL named my_acl from port 2/1:
Console> (enable) clear qos acl map my_acl 2/1Hardware programming in progress...ACL my_acl is detached from port 2/1.Console> (enable)This example shows how to detach an ACL named my_acl from VLAN 4:
Console> (enable) clear qos acl map my_acl 4Hardware programming in progress...ACL my_acl is detached from vlan 4.Console> (enable)
Note
Configuring PFC3 Egress DSCP Mutation
These sections describe how to configure PFC3 egress DSCP mutation:
•
•
•
•
Configuring a DSCP Mutation Map
PFC3 supports 16 DSCP mutation maps. QoS uses one mutation map for the default mapping. You can configure 15 mutation maps. The mutation maps define the internal DSCP-to-egress DSCP relationships.
To configure a DSCP mutation map, perform this task in privileged mode:
This example shows how to configure DSCP mutation map 1:
Console> (enable) set qos dscp-mutation-map 1 30:2QoS dscp-mutation-map with mutation-table-id 1 has been set correctly.Console> (enable)This example shows how to verify DSCP mutation map 1:
Console> (enable) show qos maps config dscp-mutation-map 1VLAN ID map:Map ID VLANS------ ----------------------------------------1 1,78-1005,1025-4094DSCP mutation map 1:DSCP Policed DSCP--------------------------------------------0 01 12 13 14 15 16 17 18 19 910 111 112 1213 1314 1415 1559 5960 6061 6162 6263 63Console> (enable)Clearing a Configured DSCP Mutation Map
To clear a configured DSCP mutation map, perform this task in privileged mode:
Step 1
Clear a configured DSCP mutation map.
clear qos dscp-mutation-map vlan_mapped_id | all
Step 2
Verify the configuration.
show qos maps {config | runtime} dscp-mutation-map map_id
This example shows how to clear DSCP mutation map 3:
Console> (enable) clear qos dscp-mutation-map 3QoS dscp-mutation-map for mutation-table-id 3 is restored to default.Console> (enable)Applying a DSCP Mutation Map to a VLAN
To apply a DSCP mutation map to a VLAN, perform this task in privileged mode:
Step 1
Apply a DSCP mutation map to a VLAN.
set qos dscp-mutation-table-map map_id vlan_list
Step 2
Verify the configuration.
show qos maps {config | runtime} mutation-table-id map_id
This example shows how to apply DSCP mutation map 1 to VLANs 3 and 20 through 30:
Console> (enable) set qos dscp-mutation-table-map 1 3,20-30VLAN(s) 3,20-30 are mapped to mutation-table-id 1.Console> (enable)This example shows how to verify the VLAN-to-mutation map mapping:
Console> (enable) show qos maps config mutation-table-id 1VLAN ID map:Map ID VLANs------ -------1 1,20-30Clearing a DSCP Mutation Map from a VLAN
To clear a DSCP mutation map from a VLAN, perform this task in privileged mode:
This example shows how to clear the association of any VLANs with DSCP mutation map 2:
Console> (enable) clear qos dscp-mutation-table-map 2All VLANS in mutation-table-id 2 are cleared.This example shows how to clear the association of VLANs 3-33 with any DSCP mutation maps:
Console> (enable) clear qos dscp-mutation-table-map 3-33VLAN(s) 3-33 are removed from mutation-table-ids.This example shows how to clear the association of all VLANs with all DSCP mutation maps:
Console> (enable) clear qos dscp-mutation-table-map allAll VLANs are removed from mutation-table-ids.Configuring CoS-to-CoS Maps on 802.1Q Tunnel Ports
Ingress Cos-to-CoS mapping is supported on 802.1Q tunnel ports on the WS-X6704-10GE, WS-X6724-SFP, and WS-X6748-GE-TX switching modules. CoS-to-CoS mapping is disabled on the ports that are not configured as 802.1Q tunnel ports.
Defining a CoS-to CoS Map
To define a CoS-to-CoS map, perform this task in privileged mode:
Step 1
Define the CoS-to-CoS mapping.
set qos cos-cos-map CoS_value
Step 2
Verify the configuration.
show qos maps cos-cos-map [mod/port]
This example shows how to define the CoS-to-CoS map:
Console> (enable) set qos cos-cos-map 3 2 1 4 5 6 7 4QoS cos-cos-map set successfully.Console> (enable)Enabling a CoS-to CoS Map on a Port
To enable a CoS-to-CoS map on a port, perform this task in privileged mode:
Step 1
Enable the CoS-to-CoS map on an 802.1Q tunnel port.
set port qos mod/port trust trust-cos
Step 2
Verify the port QoS trust configuration.
show port qos mod/port
Console> (enable) set port qos 1/1 trust trust-cosPort 1/1 qos set to trust-cosConsole> (enable)
Note
Clearing a CoS-to-CoS Map
To clear a CoS-to-CoS map, perform this task in privileged mode:
Step 1
Clear the CoS-to-CoS map on an 802.1Q tunnel port.
clear qos cos-cos-map
Step 2
Verify the port QoS configuration.
show qos maps cos-cos-map [mod/port]
This example shows how to clear the CoS-to-CoS mapping:
Console> (enable) clear qos cos-cos-mapQoS cos-cos-map setting restored to default.Console> (enable)Mapping a CoS Value to a Host Destination MAC Address/VLAN Pair
Note
To map a CoS value to all frames that are destined for a particular host destination MAC address and VLAN number value pair, perform this task in privileged mode:
Step 1
Map a CoS value to a host destination MAC address/VLAN pair.
set qos mac-cos dest_mac VLAN cos_value
Step 2
Verify the configuration.
show qos mac-cos {dest_mac [vlan] | all}
This example shows how to map CoS 2 to a destination MAC address and VLAN 525:
Console> (enable) set qos mac-cos 00-40-0b-30-03-48 525 2CoS 2 is assigned to 00-40-0b-30-03-48 vlan 525.Console> (enable)Deleting a CoS Value to a Host Destination MAC Address/VLAN Pair
Note
To delete a host destination MAC address and VLAN number value pair CoS assignment, perform this task in privileged mode:
This example shows how to delete all CoS assignments to the destination MAC addresses and VLANs:
Console> (enable) clear qos mac-cos allAll CoS to Mac/Vlan entries are cleared.Console> (enable)Enabling or Disabling Microflow Policing of Bridged Traffic
Note
By default, the microflow policers affect only the Layer 3-switched traffic. To enable or disable microflow policing of the bridged traffic on the switch or on specified VLANs, perform one of these tasks in privileged mode:
Note
For more information, see the "Policers" section.
This example shows how to enable microflow policing of the traffic in VLANs 1-20:
Console> (enable) set qos bridged-microflow-policing enable 1-20QoS microflow policing is enabled for bridged packets on vlans 1-20.Console> (enable)Configuring the Standard Receive-Queue Tail-Drop Thresholds
To configure the standard receive-queue tail-drop thresholds on the switch, perform this task in privileged mode:
Configure the standard receive-queue tail-drop thresholds.
set qos drop-threshold port_type rx queue 1 thr1 thr2 thr3 thr4
For more information, see the "Receive Queues" section.
QoS maintains separate configurations for the 1q2t, 1q4t, and 1p1q4t ports. This command configures the standard queue. Specify queue 1 (the threshold in the strict-priority queue, when present, is not separately configurable; it uses threshold 4 as specified for queue 1).
The thresholds are all specified as percentages ranging from 1-100. A value of 10 indicates a threshold when the buffer is 10 percent full.
This example shows how to configure the standard receive-queue tail-drop thresholds:
Console> (enable) set qos drop-threshold 1q4t rx queue 1 20 40 75 100Receive drop thresholds for queue 1 set at 20% 40% 75% 100%Console> (enable)
Note
Configuring the 2q2t Port Standard Transmit-Queue Tail-Drop Thresholds
To configure the standard transmit-queue tail-drop thresholds on all 2q2t ports, perform this task in privileged mode:
Configure the standard transmit-queue tail-drop thresholds on all 2q2t ports.
set qos drop-threshold port_type tx queue q# thr1 thr2
Queue number 1 is the low-priority transmit queue, and queue number 2 is high priority. In each queue, the low-priority threshold number is 1 and the high-priority threshold number is 2.
The thresholds are all specified as percentages ranging from 1-100. A value of 10 indicates a threshold when the buffer is 10 percent full.
This example shows how to configure the low-priority transmit-queue tail-drop thresholds:
Console> (enable) set qos drop-threshold 2q2t tx queue 1 40 100Transmit drop thresholds for queue 1 set at 40% 100%Console> (enable)
Note
Configuring the Standard Queue WRED-Drop Thresholds
The 1p1q8t ports have weighted random early detection (WRED)-drop thresholds in their standard receive queue.
The 1p2q2t, 1p3q1t, 1p2q1t, 1p3q8t, and 1p7q8t ports have WRED-drop thresholds in their standard transmit queues.
Note
To configure the standard queue WRED-drop thresholds on all ports of each type, perform this task in privileged mode:
When configuring the 1p1q8t ports, note the following:
•
•
–
–
–
When configuring the 1p7q8t ports, note the following:
•
•
•
–
–
–
When configuring the 1p3q8t ports, note the following:
•
•
•
•
–
–
–
When configuring the 1p2q2t ports, note the following:
•
•
•
–
–
When configuring the 1p3q1t ports, note the following:
•
•
•
•
When configuring the 1p2q1t ports, note the following:
•
•
•
When configuring thresholds, note the following:
•
•
•
This example shows how to configure the low-priority transmit-queue WRED-drop thresholds:
Console> (enable) set qos wred 1p2q2t queue 1 40:70 70:100WRED thresholds for queue 1 set to 40:70 and 70:100 on all WRED-capable 1p2q2t ports.Console> (enable)
Note
Allocating Bandwidth Between the Standard Transmit Queues
The switch transmits frames from one standard queue at a time using one of these dequeuing algorithms, which use weights to allocate relative bandwidth to each queue as it is serviced in a round-robin fashion:
•
•
•
The higher the weight that is assigned to a queue, the more transmit bandwidth is allocated to it. The ratio of the weights divides the total bandwidth of the queue. For example, for three queues on a Gigabit Ethernet port, weights of 25:25:50 provide this division:
•
•
•
Note
To allocate the bandwidth between the standard transmit queues, perform this task in privileged mode:
Allocate the bandwidth between the standard transmit queues.
set qos wrr port_type queue1-weight queue2-weight [queue3-weight] [srr]
The valid values for the port_type parameter are 2q2t, 1p2q2t, 1p3q1t, 1p2q1t, 1p3q8t, and 1p7q8t.
QoS maintains separate configurations for each port type. This command configures only the standard queues; the strict-priority queue requires no configuration. The valid values for weight range from 1-255.
This example shows how to allocate the bandwidth for the 2q2t ports:
Console> (enable) set qos wrr 2q2t 30 70QoS wrr ratio is set successfully.Console> (enable)Configuring the Receive-Queue Size Ratio
For the 1p1q0t and 1p1q8t ports, estimate the mix of standard-priority and strict-priority traffic on your network (for example, 85 percent standard-priority traffic and 15 percent strict-priority traffic). Specify the queue ratios with the estimated percentages, which must range from 1- 99 and together add up to 100.
To configure the receive-queue size ratio, perform this task in privileged mode:
Configure the receive-queue size ratio between receive queue 1 (standard priority) and receive queue 2 (strict priority).
set qos rxq-ratio {1p1q0t | 1p1q8t} queue1-val queue2-val
This example shows how to configure the receive-queue size ratio:
Console> (enable) set qos rxq-ratio 1p1q0t 80 20QoS rxq-ratio is set successfully.Console> (enable)Configuring the Transmit-Queue Size Ratio
For the 2q2t, 1p2q2t, 1p2q1t, 1p3q8t, and 1p7q8t ports, estimate the mix of the traffic of various priorities on your network (for example, 75 percent low-priority traffic, 15 percent high-priority traffic, and 10 percent strict-priority traffic). Specify the queue ratios with the estimated percentages, which must range from 1- 99 and together add up to 100.
To configure the transmit-queue size ratio for each port type, perform this task in privileged mode:
Configure the transmit-queue size ratio.
set qos txq-ratio {2q2t | 1p2q2t | 1p2q1t | 1p3q8t | 1p7q8t} queue1-val queue2-val [queue3-val [queue4-val]]
This example shows how to configure the transmit-queue size ratio:
Console> (enable) set qos txq-ratio 2q2t 80 20QoS txq-ratio is set successfully.Console> (enable)Mapping the CoS Values to the Drop Thresholds
This command associates the CoS values with the receive- and transmit-queue drop thresholds. QoS maintains separate configurations for each port type.
These sections describe how to map the CoS values to the drop thresholds:
•
•
•
•
•
Associating the 1q4t/2q2t Ports
On the 1q4t/2q2t ports, you configure the receive queues and the transmit queues with the same command.
To associate the CoS values to the drop thresholds on the 1q4t/2q2t ports, perform this task in privileged mode:
Step 1
Associate the CoS value to a drop threshold.
set qos map 2q2t tx q# thr# cos coslist
Step 2
Verify the configuration.
show qos info config {1q4t rx | 2q2t tx}
The receive- and transmit-drop thresholds have this relationship:
•
•
•
•
Use the transmit queue and transmit-queue drop-threshold values in this command. This example shows how to associate the CoS values 0 and 1 to both the standard receive-queue 1/threshold 1 and the standard transmit-queue 1/threshold 1:
Console> (enable) set qos map 2q2t tx 1 1 cos 0,1Qos tx priority queue and threshold mapped to cos successfully.Console> (enable)Associating the 1q8t, 1q2t/1p2q2t, and 1p1q4t/1p2q2t Ports
On the 1q8t, 1q2t/1p2q2t and 1p1q4t/1p2q2t ports, you configure the receive queues and the transmit queues separately.
1q8t Receive Queues
To associate the CoS values to the 1q8t receive-queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a receive-queue drop threshold.
set qos map 1q8t rx 1 thr# cos coslist
Step 2
Verify the configuration.
show qos info config 1q2t rx
Threshold 1 is the lowest-priority threshold. The priority increases with the threshold number.
This example shows how to associate the CoS value 3 to threshold 2:
Console> (enable) set qos map 1q8t rx 1 2 cos 3QoS rx priority queue and threshold mapped to cos successfully.Console> (enable)1q2t Receive Queues
To associate the CoS values to the 1q2t receive-queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a receive-queue drop threshold.
set qos map 1q2t rx 1 1 cos coslist
Step 2
Verify the configuration.
show qos info config 1q2t rx
Threshold 1 is the low-priority threshold. Threshold 2, which is the high-priority threshold, is not configurable.
This example shows how to associate the CoS value 3 to threshold 1:
Console> (enable) set qos map 1q2t rx 1 1 cos 3QoS rx priority queue and threshold mapped to cos successfully.Console> (enable)1p1q4t Receive Queues
To associate the CoS values to the 1p1q4t receive-queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a receive-queue drop threshold.
set qos map 1p1q4t rx q# thr# cos coslist
Step 2
Verify the configuration.
show qos info config 1p1q4t rx
Queue 1 is the standard queue. Queue 2 is the strict-priority queue.
The threshold numbers range from 1 for low priority to 4 for high priority.
This example shows how to associate the CoS value 5 to the strict-priority receive-queue 2/threshold 1:
Console> (enable) set qos map 1p1q4t rx 2 1 cos 5Qos rx strict queue and threshold mapped to cos successfully.Console> (enable)1p2q2t Transmit Queues
To associate the CoS values to the 1p2q2t transmit-queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a transmit-queue drop threshold.
set qos map 1p2q2t tx q# thr# cos coslist
Step 2
Verify the configuration.
show qos info config 1p2q2t tx
Queue 1 is standard low priority, queue 2 is high priority, and queue 3 is strict priority.
Threshold 1 is low priority, and threshold 2 is high priority.
This example shows how to associate the CoS value 5 to the strict-priority transmit-queue 3/drop threshold 1:
Console> (enable) set qos map 1p2q2t tx 3 1 cos 5Qos tx strict queue and threshold mapped to cos successfully.Console> (enable)Associating the 1p1q0t/1p3q1t Ports
On the 1p1q0t/1p3q1t ports, you configure the receive queues and the transmit queues separately.
1p1q0t Receive Queues
To associate the CoS values to the 1p1q0t receive queues, perform this task in privileged mode:
Step 1
Associate the CoS value to a receive queue.
set qos map 1p1q0t rx q# cos coslist
Step 2
Verify the configuration.
show qos info config 1p1q0t rx
Queue 1 is the standard queue, and queue 2 is the strict-priority queue.
This example shows how to associate the CoS value 5 to the strict-priority receive-queue 2:
Console> (enable) set qos map 1p1q0t rx 2 cos 5QoS queue mapped to cos successfully.Console> (enable)1p3q1t Transmit Queues
With the 1p3q1t transmit queues, you can associate a CoS value with either the nonconfigurable tail-drop threshold or the configurable WRED-drop threshold as follows:
•
•
To associate the CoS values to the 1p3q1t transmit-queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a transmit-queue drop threshold.
set qos map 1p3q1t tx q# [thr#] cos coslist
Step 2
Verify the configuration.
show qos info config 1p3q1t tx
Queue 1 is the standard low priority, queue 2 is medium priority, queue 3 is high priority, and queue 4 is strict priority.
To map the CoS values to the tail-drop threshold, omit the threshold number or enter 0.
The WRED-drop threshold number is 1.
This example shows how to associate the CoS value 0 to the transmit-queue 1/drop threshold 1:
Console> (enable) set qos map 1p3q1t tx 1 1 cos 0Qos tx strict queue and threshold mapped to cos successfully.Console> (enable)Associating the 1p1q8t/1p2q1t, 1p3q8t, and 1p7q8t Ports
When you configure the 1p1q8t/1p2q1t and 1p3q8t ports, note the following:
•
•
–
–
1p1q8t Receive Queues
To associate the CoS values to the 1p1q8t receive queue drop thresholds, perform this task in privileged mode:
Step 1
Associate the CoS value to a receive queue.
set qos map 1p1q8t rx q# [thr#] cos coslist
Step 2
Verify the configuration.
show qos info config 1p1q8t rx
On the 1p1q8t ports, queue 1 is the standard receive queue, and queue 2 is the strict-priority receive queue.
To map the CoS values to a tail-drop threshold, omit the threshold number or enter 0.
This example shows how to associate the CoS value 5 to the strict-priority receive-queue 2:
Console> (enable) set qos map 1p1q8t rx 2 cos 5QoS queue mapped to cos successfully.Console> (enable)1p2q1t, 1p3q8t, and 1p7q8t Transmit Queues
To associate the CoS values to the 1p2q1t, 1p3q8t, or 1p7q8t transmit-queue drop thresholds, perform this task in privileged mode:
On the 1p2q1t ports, queue 1 is the low-priority standard transmit queue, queue 2 is the high-priority standard transmit queue, and queue 3 is the strict-priority transmit queue.
On the 1p3q8t ports, queue 1 is the low-priority standard transmit queue, queue 2 is the medium-priority standard transmit queue, queue 3 is the high-priority standard transmit queue, and queue 4 is the strict-priority transmit queue.
On the 1p7q8t ports, queue 1 is the lowest-priority standard transmit queue, queue 7 is the highest-priority standard transmit queue, and queue 8 is the strict-priority transmit queue.
To map the CoS values to the tail-drop threshold, omit the threshold number or enter 0.
This example shows how to associate the CoS value 0 to the transmit-queue 1/drop threshold 1:
Console> (enable) set qos map 1p2q1t tx 1 1 cos 0Qos tx strict queue and threshold mapped to cos successfully.Console> (enable)Reverting to the CoS Map Default
To revert to the default CoS value/drop threshold mapping, perform this task in privileged mode:
This example shows how to revert to the QoS map defaults:
Console> (enable) clear qos map 1p3q1t txQos map setting cleared.Console> (enable)Configuring the DSCP Value Maps
Note
These sections describe how the DSCP values are mapped to other values:
•
•
•
•
Mapping the Received CoS Values to the Internal DSCP Values
To map the received CoS values to the internal DSCP value (see the "Internal DSCP Values" section), perform this task in privileged mode:
Enter 8 DSCP values to which the QoS maps received CoS values 0-7. This example shows how to map the received CoS values to the internal DSCP values:
Console> (enable) set qos cos-dscp-map 20 30 1 43 63 12 13 8QoS cos-dscp-map set successfully.Console> (enable)To revert to the default CoS to DSCP value mapping, perform this task in privileged mode:
This example shows how to revert to the CoS-DSCP map defaults:
Console> (enable) clear qos cos-dscp-mapQoS cos-dscp-map setting restored to default.Console> (enable)Mapping the Received IP Precedence Values to the Internal DSCP Values
To map the received IP precedence values to the internal DSCP value (see the "Internal DSCP Values" section), perform this task in privileged mode:
Enter 8 internal DSCP values to which QoS maps received IP precedence values 0-7. This example shows how to map the received IP precedence values to the internal DSCP values:
Console> (enable) set qos ipprec-dscp-map 20 30 1 43 63 12 13 8QoS ipprec-dscp-map set successfully.Console> (enable)To revert to the default IP precedence-to-DSCP value mapping, perform this task in privileged mode:
This example shows how to revert to the QoS map defaults:
Console> (enable) clear qos ipprec-dscp-mapQoS ipprec-dscp-map setting restored to default.Console> (enable)Mapping the Internal DSCP Values to the Egress CoS Values
To map the internal DSCP values to the egress CoS values that are used for egress port scheduling and congestion avoidance, perform this task in privileged mode:
For more information, see the "Internal DSCP Values" section and the "Ethernet Egress Port Scheduling, Congestion Avoidance, and Marking" section.
Enter up to 64 internal DSCP value list/egress CoS value pairs. This example shows how to map the internal DSCP values to the egress CoS values:
Console> (enable) set qos dscp-cos-map 20-25:7 33-38:3QoS dscp-cos-map set successfully.Console> (enable)To revert to the default CoS-to-DSCP value mapping, perform this task in privileged mode:
This example shows how to revert to the CoS-to-DSCP map defaults:
Console> (enable) clear qos dscp-cos-mapQoS dscp-cos-map setting restored to default.Console> (enable)Mapping the DSCP Markdown Values
To map the DSCP markdown values that are used by the policers, perform this task in privileged mode:
For more information, see the "Policers" section.
Enter up to 64 DSCP-value-list/DSCP-value pairs.
This example shows how to map the DSCP markdown values:
Console> (enable) set qos policed-dscp-map 20-25:7 33-38:3QoS dscp-dscp-map set successfully.Console> (enable)This example shows how to map the DSCP markdown values for the packets exceeding the excess rate:
Console> (enable) set qos policed-dscp-map 33:30QoS normal-rate policed-dscp-map set successfully.Console> (enable) set qos policed-dscp-map excess-rate 33:30QoS excess-rate policed-dscp-map set successfully.Console> (enable)
Note
To revert to the default DSCP markdown value mapping, perform this task in privileged mode:
This example shows how to revert to the DSCP markdown map defaults:
Console> (enable) clear qos policed-dscp-mapQoS dscp-cos-map setting restored to default.Console> (enable)
Note
Displaying QoS Information
To display the QoS information, perform this task:
This example shows how to display the QoS runtime information for port 2/1:
Console> show qos info config 2/1QoS setting in NVRAM:QoS is enabledPort 2/1 has 2 transmit queue with 2 drop thresholds (2q2t).Port 2/1 has 1 receive queue with 4 drop thresholds (1q4t).Interface type:vlan-basedACL attached:The qos trust type is set to untrusted.Default CoS = 0Queue and Threshold Mapping:Queue Threshold CoS----- --------- ---------------1 1 0 11 2 2 32 1 4 52 2 6 7Rx drop thresholds:Rx drop thresholds are disabled for untrusted ports.Queue # Thresholds - percentage (abs values )------- -------------------------------------1 50% 60% 80% 100%Tx drop thresholds:Queue # Thresholds - percentage (abs values )------- -------------------------------------1 40% 100%2 40% 100%Tx WRED thresholds:WRED feature is not supported for this port_type.Queue Sizes:Queue # Sizes - percentage (abs values )------- -------------------------------------1 80%2 20%WRR Configuration of ports with speed 1000Mbps:Queue # Ratios (abs values )------- -------------------------------------1 1002 255Console> (enable)Displaying the QoS Statistics
To display the QoS statistics, perform this task:
Display the QoS statistics.
show qos statistics {mod[/port] | l3stats | aggregate-policer [policer_name]}
This example shows how to display the QoS statistics for port 2/1:
Console> (enable) show qos statistics 5/1Tx port type of port 5/1 : 2q2tQ# Threshold# Packets Average Packet Peak Packetdropped (pkts) drop rate (pps) drop rate (pps)-- ---------- -------------- --------------- ---------------1 1 963646 2052 43691 2 0 0 02 1 0 0 02 2 0 0 0Rx port type of port 5/1 : 1q4tFor untrusted ports all the packets are sent to the same queue,Rx thresholds are disabled, tail drops are reported instead.Q# Threshold# Packets Average Packet Peak Packetdropped (pkts) drop rate (pps) drop rate (pps)-- ---------- -------------- --------------- ---------------1 1 0 0 01 2 0 0 01 3 0 0 01 4 0 0 0This example shows how to display the QoS Layer 3 statistics:
Console> (enable) show qos statistics l3statsTotal packets Average Peak RateRage(pps) (pps)--------------- ---------- --------Packets dropped due to policing: 621085 1289 3618IP packets with ToS changed: 4495508 9937 18507IP packets with CoS changed: 4495508 9937 18507Non-IP packets with CoS changed: 0 0 0Console> (enable)This example shows how to display the QoS aggregate policer statistics:
Console> (enable) show qos statistics aggregate-policer ag1QoS aggregate-policer statistics:Aggregate policer Allowed packet Packets exceedcount excess rate-------------------- --------------- ------------ag1 2171253 411450QoS aggregate-policer average rate statistics over 5 minutes:Aggregate policer Allowed packet Traffic exceedingcount excess rate-------------------- --------------- --------------ag1 5399 1024QoS aggregate-policer peak rate statistics over 5 minutes:(collected every 30 seconds)Aggregate policer Peak Allowedrate (pps)--------------- --------------ag1 20802For PFC3B- or PFC3BXL-based switches, the peak allowed packet count rate will not be displayed. The peak byte count rate will be displayed as shown here:
Console> (enable) show qos statistics aggregate-policer ag1QoS aggregate-policer statistics:Aggregate policer Allowed byte Bytes exceedcount excess rate-------------------- -------------- ------------ag1 9992929900 2819929466QoS aggregate-policer average rate statistics over 5 minutes:Aggregate policer Allowed rate Traffic exceeding(kbps) excess rate (kbps)------------------------------- ---------------- ------------------------ag1 152080 42911QoS aggregate-policer peak rate statistics over 5 minutes:(collected every 30 seconds)Aggregate policer Peak Allowedrate (pps)--------------- --------------ag1 218912Reverting to the QoS Defaults
Note
To revert to the QoS defaults, perform this task in privileged mode:
This example shows how to revert to the QoS defaults:
Console> (enable) clear qos configThis command will disable QoS and take values back to factory default.Do you want to continue (y/n) [n]? yQoS config cleared.Console> (enable)Disabling QoS
To disable QoS, perform this task in privileged mode:
This example shows how to disable QoS:
Console> (enable) set qos disableQoS is disabled.Console> (enable)Configuring COPS Support
Note
•
•
These sections describe configuring COPS support:
•
•
•
•
•
•
•
•
•
Port ASICs
Some COPS support features affect all ports that are controlled by a port ASIC. The following sections use the term per-ASIC to identify the features that configure all ports on the same port ASIC:
•
•
•
•
Understanding QoS Policy
The term QoS policy refers to the QoS values in effect, such as port trust state and which ACLs are applied to the ports and the VLANs.
Selecting COPS as the QoS Policy Source
QoS uses the locally configured QoS values as the default QoS policy source. To select COPS as the QoS policy source, perform this task in privileged mode:
Step 1
Select COPS as the QoS policy source.
set qos policy-source {local | cops}
Step 2
Verify the QoS policy source.
show qos policy-source
This example shows how to select COPS as the QoS policy source:
Console> (enable) set qos policy-source copsQoS policy source for the switch set to COPS.Console> (enable) show qos policy-sourceQoS policy source for the switch set to COPS.Console> (enable)Selecting COPS as the QoS policy source switches the following values from the locally configured values to the received COPS values:
•
•
•
•
•
•
•
Selecting the Locally Configured QoS Policy
To select the locally configured QoS policy, perform this task in privileged mode:
Step 1
Select the locally configured QoS policy.
set qos policy-source {local | cops}
Step 2
Verify the QoS policy source.
show qos policy-source
This example shows how to select the locally configured QoS policy:
Console> (enable) set qos policy-source localQoS policy source for the switch set to local.Console> (enable) show qos policy-sourceQoS policy source for the switch set to local.Console> (enable)Enabling Use of the Locally Configured QoS Policy
When enabled, COPS is the default QoS policy source for all ports. You can use a locally configured QoS policy on a per-ASIC basis. To enable use of the locally configured QoS policy on a port ASIC, perform this task in privileged mode:
Step 1
Enable use of the locally configured QoS policy on a port.
set port qos policy-source {local | cops}
Step 2
Verify the QoS policy source for the port.
show port qos
This example shows how to enable use of the locally configured QoS policy:
Console> (enable) set port qos 1/1 policy-source localQoS policy source set to local on port(s) 1/1-2.Console> (enable)Assigning a Port Role
COPS does not configure the ports using the slot number and port number parameters. COPS uses roles that you create and assign to the port ASICs.
A role is a name that describes the capability of the ports (for example, access or mod2_1-4). QoS supports 64 roles per switch. You can assign more than one role to a port ASIC (for example, mod2ports1-12 and access), with the limitation that the combined length of the role names that are assigned to a port ASIC cannot exceed 255 characters.
The role name can be up to 31 characters, is not case sensitive but may include uppercase and lowercase characters, and may consist of a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.). The role names cannot start with the underscore character.
The first assignment of a new role to a port creates the role.
To assign the roles to a port ASIC, perform this task in privileged mode:
Step 1
Assign the roles to a port ASIC.
set port cops {mod/port} roles role1 [role2] ...
Step 2
Verify the roles for the port.
show port cops [mod[/port]]
This example shows how to assign two new roles to the ASIC controlling port 2/1:
Console> (enable) set port cops 2/1 roles mod2ports1-12 accessNew role `mod2ports1-12' created.New role `access' created.Roles added for port 2/1-12.Console> (enable)Removing a Role from the Port ASICs
To remove a role from a port ASIC, perform this task in privileged mode:
Step 1
Remove a role from a port ASIC.
clear port cops {mod/port} {all-roles | roles role1 [role2] ...}
Step 2
Verify the roles for the port.
show port cops [mod[/port]]
This example shows how to remove a role from a port ASIC:
Console> (enable) clear port cops 3/1 roles backbone_port main_portRoles cleared for port(s) 3/1-4.Console> (enable)Deleting a Role
To delete a role (which removes it from all ports), perform this task in privileged mode:
Step 1
Delete a role.
clear cops {all-roles | roles role1 [role2] ...}
Step 2
Verify the roles for the port.
show port cops [mod[/port]]
This example shows how to delete a role:
Console> (enable) clear cops roles backbone_port main_portRoles cleared.Console> (enable)Configuring the Policy Decision Point Servers
Note
COPS obtains the QoS policy from a PDP server. Configure a primary PDP server and optionally, a backup PDP server.
To configure a PDP server, perform this task in privileged mode:
Step 1
Configure a PDP server.
set cops server ip_address [port] [primary] [diff-serv | rsvp]
Step 2
Verify the PDP server configuration.
show cops info
The ip_address parameter can be the IP address or the name of the server.
The port variable is the PDP server TCP port number.
Use the diff-serv keyword to set the address only for COPS.
This example shows how to configure a PDP server:
Console> (enable) set cops server my_server1 primarymy_server1 added to the COPS diff-serv server table as primary server.my_server1 added to the COPS rsvp server table as primary server.Console> (enable)Deleting the PDP Server Configuration
To delete the PDP server configuration, perform this task in privileged mode:
