To enter policy-map
configuration mode and create or modify a policy map that can be attached to
one or more interfaces to specify a service policy, use the
policy-map command in global configuration mode. To
delete a policy map, use the
no form of this
command.
Supported Platforms Other
Than Cisco 10000 and Cisco 7600 Series Routers
policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}] policy-map-name
no policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}] policy-map-name
Cisco 10000 Series
Router
policy-map [type {control | service}] policy-map-name
no policy-map [type {control | service}] policy-map-name
Cisco CMTS and 7600 Series
Router
policy-map [type {class-routing ipv4 unicast unicast-name | control control-name | service service-name}] policy-map-name
no policy-map [type {class-routing ipv4 unicast unicast-name | control control-name | service service-name}] policy-map-name
Syntax Description
type
|
(Optional) Specifies the policy-map type.
|
stack
|
(Optional) Determines the exact pattern to look for in the protocol stack of
interest.
|
access-control
|
(Optional) Enables the policy map for the flexible packet matching feature.
|
port-filter
|
(Optional) Enables the policy map for the port-filter feature.
|
queue-threshold
|
(Optional) Enables the policy map for the queue-threshold feature.
|
logging
|
(Optional) Enables the policy map for the control-plane packet logging feature.
|
log-policy
|
(Optional) Type of log policy for control-plane logging.
|
policy-map-name
|
Name of
the policy map.
|
control
|
(Optional) Creates a control policy map.
|
control-name
|
Name of
the control policy map.
|
service
|
(Optional) Creates a service policy map.
|
service-name
|
Name of
the policy-map service.
|
class-routing
|
Configures the class-routing policy map.
|
ipv4
|
Configures the class-routing IPv4 policy map.
|
unicast
|
Configures the class-routing IPv4 unicast policy map.
|
unicast-name
|
Unicast
policy-map name.
|
Command Default
The policy map is
not configured.
Command Modes
Global
configuration (config)
Command History
Release
|
Modification
|
12.0(5)T
|
This
command was introduced.
|
12.4(4)T
|
This
command was modified. The
type
andaccess-control keywords were added to support
flexible packet matching. The
port-filter and
queue-threshold keywords were added to support
control-plane protection.
|
12.4(6)T
|
This
command was modified. The
logging
keyword was added to support control-plane packet logging.
|
12.2(31)SB
|
This
command was modified. The
control and
service keywords were added to support the Cisco
10000 series router.
|
12.2(18)ZY
|
This
command was modified.
-
The
type
andaccess-control keywords were integrated into Cisco
IOS Release 12.2(18)ZY on the Catalyst 6500 series switch that is equipped with
the Supervisor 32/programmable intelligent services accelerator (PISA) engine.
-
The
command was modified to enhance the Network-Based Application Recognition
(NBAR) functionality on the Catalyst 6500 series switch that is equipped with
the Supervisor 32/PISA engine.
|
12.2SX
|
This
command is supported in the Cisco IOS Release 12.2SX train. Support in a
specific 12.2SX release of this train depends on your feature set, platform,
and platform hardware.
|
12.2(33)SRC
|
This
command was modified. Support for this command was implemented on Cisco 7600
series routers.
|
Cisco
IOS XE Release 2.1
|
This
command was integrated into Cisco IOS XE Release 2.1 and implemented on Cisco
ASR 1000 series routers.
|
12.2(33)SCF
|
This
command was integrated into Cisco IOS Release 12.2(33)SCF.
|
Usage Guidelines
Use the
policy-map
command to specify the name of the policy map to be created, added, or modified
before you configure policies for classes whose match criteria are defined in a
class map. The
policy-map
command enters policy-map configuration mode, in which you can configure or
modify the class policies for a policy map.
You can configure
class policies in a policy map only if the classes have match criteria defined
for them. Use the
class-map and
match
commands to configure match criteria for a class. Because you can configure a
maximum of 64 class maps, a policy map cannot contain more than 64 class
policies, except as noted for quality of service (QoS) class maps on Cisco 7600
systems.
 Note |
For QoS class
maps on Cisco 7600 series routers, the limits are 1024 class maps and 256
classes in a policy map.
|
A policy map
containing ATM set cell loss priority (CLP) bit QoS cannot be attached to PPP
over X (PPPoX) sessions. The policy map is accepted only if you do not specify
the
set atm-clp
command.
A single policy
map can be attached to more than one interface concurrently. Except as noted,
when you attempt to attach a policy map to an interface, the attempt is denied
if the available bandwidth on the interface cannot accommodate the total
bandwidth requested by class policies that make up the policy map. In such
cases, if the policy map is already attached to other interfaces, the map is
removed from those interfaces.
 Note |
This limitation
does not apply on Cisco 7600 series routers that have session initiation
protocol (SIP)-400 access-facing line cards.
|
Whenever you
modify a class policy in an attached policy map, class-based weighted fair
queuing (CBWFQ) is notified and the new classes are installed as part of the
policy map in the CBWFQ system.
 Note |
Policy-map
installation via subscriber-profile is not supported. If you configure an
unsupported policy map and there are a large number of sessions, an equally
large number of messages print on the console. For example, if there are 32,000
sessions, then 32,000 messages print on the console at 9,600 baud.
|
Class Queues (Cisco 10000
Series Routers Only)
The Performance
Routing Engine (PRE)2 allows you to configure 31 class queues in a policy map.
In a policy map,
the PRE3 allows you to configure one priority level 1 queue, one priority level
2 queue, 12 class queues, and one default queue.
Control Policies (Cisco
10000 Series Routers Only)
Control policies
define the actions that your system will take in response to the specified
events and conditions.
A control policy
is made of one or more control policy rules. A control policy rule is an
association of a control class and one or more actions. The control class
defines the conditions that must be met before the actions are executed.
There are three
steps involved in defining a control policy:
-
Using the
class-map
type
control command, create one or more control class
maps.
-
Using the
policy-map
type
control command, create a control policy map.
A control policy
map contains one or more control policy rules. A control policy rule associates
a control class map with one or more actions. Actions are numbered and executed
sequentially.
-
Using the
service-policy
type
control command, apply the control policy map to a
context.
Service Policies (Cisco
10000 Series Routers Only)
Service policy
maps and service profiles contain a collection of traffic policies and other
functions. Traffic policies determine which function is applied to which
session traffic. A service policy map or service profile may also contain a
network-forwarding policy, which is a specific type of traffic policy that
determines how session data packets will be forwarded to the network.
Policy Map Restrictions
(Catalyst 6500 Series Switches Only)
Cisco IOS Release
12.2(18)ZY includes software intended for use on the Catalyst 6500 series
switch that is equipped with a Supervisor 32/PISA engine. This release and
platform has the following restrictions for using policy maps and
match
commands:
Examples
The following
example shows how to create a policy map called “policy1” and configure two
class policies included in that policy map. The class policy called “class1”
specifies a policy for traffic that matches access control list (ACL) 136. The
second class is the default class to which packets that do not satisfy the
configured match criteria are directed.
! The following commands create class-map class1 and define its match criteria:
class-map class1
match access-group 136
! The following commands create the policy map, which is defined to contain policy
! specification for class1 and the default class:
policy-map policy1
class class1
bandwidth 2000
queue-limit 40
class class-default
fair-queue 16
queue-limit 20
The following
example shows how to create a policy map called “policy9” and configure three
class policies to belong to that map. Of these classes, two specify the policy
for classes with class maps that specify match criteria based on either a
numbered ACL or an interface name, and one specifies a policy for the default
class called “class-default” to which packets that do not satisfy the
configured match criteria are directed.
policy-map policy9
class acl136
bandwidth 2000
queue-limit 40
class ethernet101
bandwidth 3000
random-detect exponential-weighting-constant 10
class class-default
fair-queue 10
queue-limit 20
The following is
an example of a modular QoS command-line interface (MQC) policy map configured
to initiate the QoS service at the start of a session.
Router> enable
Router# configure terminal
Router(config)# policy-map type control TEST
Router(config-control-policymap)# class type control always event session-start
Router(config-control-policymap-class-control)# 1
service-policy type service name QoS_Service
Router(config-control-policymap-class-control)# end
Examples
The following
example shows the configuration of a control policy map named “rule4”. Control
policy map rule4 contains one policy rule, which is the association of the
control class named “class3” with the action to authorize subscribers using the
network access server (NAS) port ID. The
service-policy
type
control command is used to apply the control
policy map globally.
class-map type control match-all class3
match vlan 400
match access-type pppoe
match domain cisco.com
available nas-port-id
!
policy-map type control rule4
class type control class3
authorize nas-port-id
!
service-policy type control rule4
The following
example shows the configuration of a service policy map named
“redirect-profile”:
policy-map type service redirect-profile
class type traffic CLASS-ALL
redirect to group redirect-sg
Examples
The following
example shows how to define a policy map for the 802.1p domain:
enable
configure terminal
policy-map cos7
class cos7
set cos 2
end
The following
example shows how to define a policy map for the MPLS domain:
enable
configure terminal
policy-map exp7
class exp7
set mpls experimental topmost 2
end