The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To specify or modify the bandwidth allocated for a class belonging to a policy map, or to enable ATM overhead accounting, use the bandwidth command in QoS policy-map class configuration mode. To remove the bandwidth specified for a class or disable ATM overhead accounting, use the no form of this command.
bandwidth { kbps | [ remaining ] percent percentage } [ account { qinq | dot1q } aal5 subscriber-encapsulation ]
no bandwidth
bandwidth { kbps | [ remaining ] percent percentage } account { qinq | dot1q } { aal5 | aal3 } subscriber-encapsulation user-defined offset [atm]
no bandwidth
No bandwidth is specified.
ATM overhead accounting is disabled.
QoS policy-map class configuration (config-pmap-c)
Release |
Modification |
---|---|
12.0(5)T |
This command was introduced. |
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE and implemented on Versatile Interface Processor (VIP)-enabled Cisco 7500 series routers. |
12.0(7)T |
This command was modified. The percent keyword was added. |
12.0(17)SL |
This command was integrated into Cisco IOS Release 12.0(17)SL and implemented on Cisco 10000 series routers. |
12.0(22)S |
This command was modified. Support for the percent keyword was added on Cisco 10000 series routers. |
12.0(23)SX |
This command was modified. Support for theremaining percent keyword was added on Cisco 10000 series routers. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T and implemented on VIP-enabled Cisco 7500 series routers. |
12.2(2)T |
This command was modified. The remaining percent keyword was added. |
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on Cisco 10000 series routers. |
12.2(31)SB2 |
This command was integrated into Cisco IOS Release 12.0(17)SL and implemented on the PRE3 for the Cisco 10000 series router, and was enhanced for ATM overhead accounting on the Cisco 10000 series router for the PRE3. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
12.2(31)SB6 |
This command was modified to specify an offset size when calculating ATM overhead and implemented on the Cisco 10000 series router for the PRE3. |
12.2(33)SRC |
This command was integrated into Cisco IOS Release 12.2(33)SRC and implemented on Cisco 7600 series routers. |
12.2(33)SB |
This command was integrated into Cisco IOS Release 12.2(33)SB and implemented on Cisco 7300 series routers. |
12.4(20)T |
This command was modified. Support was added for hierarchical queueing framework (HQF) using the modular quality of service (QoS)CLI (MQC). |
15.1(1)T |
This command was modified. The allowed values for the kbps argument were changed. The value must be from 8 to 2000000. |
15.2(1)T |
This command was modified. The allowed values for the offset argument and kbps arguments were changed. |
Use the bandwidth command when you configure a policy map for a class defined by the class-map command. The bandwidth command specifies the bandwidth for traffic in that class. Class-based weighted fair queueing (CBWFQ) derives the weight for packets belonging to the class from the bandwidth allocated to the class. CBWFQ then uses the weight to ensure that the queue for the class is serviced fairly.
You can configure only one class with strict priority. Other classes cannot have priority or bandwidth configuration. To configure minimum bandwidth for another class, use thebandwidthremainingpercent command.
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion, the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth percentage is based on the interface bandwidth. Available bandwidth is equal to the interface bandwidth minus the sum of all bandwidths reserved by the Resource Reservation Protocol (RSVP) feature, the IP RTP Priority feature, and the low latency queueing (LLQ) feature.
Note |
It is important to remember that when the bandwidth remaining percent command is configured, hard bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class bandwidths are always proportional to the specified percentages of the interface bandwidth. When the link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in kbps. |
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion, the classes are serviced in proportion to their configured bandwidth percentages. The minimum bandwidth percentage is based on the nearest parent shape rate.
Note |
It is important to remember that when the bandwidth remaining percent command is configured, hard bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class bandwidths are always proportional to the specified percentages of the interface bandwidth. When the link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in kbps. |
The router converts the specified bandwidth to the nearest multiple of 1/255 (ESR-PRE1) or 1/65535 (ESR-PRE2) of the interface speed. Use the show policy-map interface command to display the actual bandwidth.
The following restrictions apply to the bandwidth command:
Note |
With CSCsy73939, if the bandwidth percent command results in a bandwidth value that is lower than the valid range then the policy map specifying this value cannot be attached to an interface, and the router displays the following error message: "service-policy output parent Configured Percent results in out of range kbps. Allowed range is min-value–max-value. The present CIR value is n." |
For more information on bandwidth allocation, see the “Congestion Management Overview” module in the Cisco IOS Quality of Service Solutions Configuration Guide.
Note that when the policy map containing class policy configurations is attached to the interface to stipulate the service policy for that interface, available bandwidth is assessed. If a policy map cannot be attached to a particular interface because of insufficient interface bandwidth, then the policy is removed from all interfaces to which it was successfully attached.
The bandwidth command can be used with MQC to specify the bandwidth for a particular class. When used with MQC, the bandwidth command uses a default queue limit for the class. This queue limit can be modified using the queue-limit command, thereby overriding the default set by the bandwidth command.
Note |
To meet the minimum bandwidth guarantees required by interfaces, modify the default queue limit of high-speed interfaces by using the queue-limit command. |
The Cisco 10000 series routers supports the bandwidth command on outbound interfaces only. They do not support this command on inbound interfaces.
On the PRE2, you specify a bandwidth value and a unit for the bandwidth value. Valid values for the bandwidth are from 1 to 2488320000. The units are bps, kbps, mbps, and gbps. The default unit is kbps. For example, the following commands configure a bandwidth of 10000 bps and 10000 kbps on the PRE2:
bandwidth 10000 bps bandwidth 10000
On the PRE3, youspecify only a bandwidth value. Because the unit is always kbps, the PRE3 does not support the unit argument. Valid values are from 1 to 2000000. For example, the following command configures a bandwidth of 128,000 kbps on the PRE3:
bandwidth 128000
The PRE3 accepts the PRE2 bandwidth command only if the command is used without the unit argument. The PRE3 rejects the PRE2 bandwidth command if the specified bandwidth is outside the valid PRE3 bandwidth value range (1 to 2000000).
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion, the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth percentage is based on the interface bandwidth. However, in a hierarchical policy the minimum bandwidth percentage is based on the nearest parent shape rate.
Note |
When the bandwidth remaining percent command is configured, hard bandwidth guarantees may not be provided and only relative bandwidths are assured. Class bandwidths are always proportional to the specified percentages of the interface bandwidth. When the link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in kbps. |
The router converts the specified bandwidth to the nearest multiple of 1/255 (PRE1) or 1/65535 (PRE2, PRE3) of the interface speed. Use the show policy-map interface command to display the actual bandwidth.
When configuring ATM overhead accounting, you must specify the BRAS-DSLAM, DSLAM-CPE, and subscriber line encapsulation types. The router supports the following subscriber line encapsulation types:
The router calculates the offset size unless you specify the user-defined offset option.
For hierarchical policies, configure ATM overhead accounting in the following ways:
The encapsulation types must match for the child and parent policies.
The user-defined offset values must match for the child and parent policies.
In the following example, the policy map named VLAN guarantees 30 percent of the bandwidth to the class named Customer1 and 60 percent of the bandwidth to the class named Customer2. If you apply the VLAN policy map to a 1-Mbps link, 300 kbps (30 percent of 1 Mbps) is guaranteed to class Customer1 and 600 kbps (60 percent of 1 Mbps) is guaranteed to class Customer2, with 100 kbps remaining for the class-default class. If the class-default class does not need additional bandwidth, the unused 100 kbps is available for use by class Customer1 and class Customer2. If both classes need the bandwidth, they share it in proportion to the configured rates. In this example, the sharing ratio is 30:60 or 1:2:
router(config)# policy-map VLAN router(config-pmap)# class Customer1 router(config-pmap-c)# bandwidth percent 30 router(config-pmap-c)# exit router(config-pmap)# class Customer2 router(config-pmap-c)# bandwidth percent 60
The following example shows how to create a policy map with two classes, shows how bandwidth is guaranteed when only CBWFQ is configured, and shows how to attach the policy to serial interface 3/2/1:
Router(config)# policy-map policy1 Router(config-pmap)# class class1 Router(config-pmap-c)# bandwidth percent 50 Router(config-pmap-c)# exit Router(config-pmap)# class class2 Router(config-pmap-c)# bandwidth percent 25 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface serial3/2/1 Router(config-if)# service output policy1 Router(config-if)# end
The following output from the show policy-map command shows the configuration for the policy map named policy1:
Router# show policy-map policy1 Policy Map policy1 Class class1 Weighted Fair Queuing Bandwidth 50 (%) Max Threshold 64 (packets) Class class2 Weighted Fair Queuing Bandwidth 25 (%) Max Threshold 64 (packets)
The output from the show policy-map interfacecommand shows that 50 percent of the interface bandwidth is guaranteed for the class named class1, and 25 percent is guaranteed for the class named class2. The output displays the amount of bandwidth as both a percentage and a number of kbps.
Router# show policy-map interface serial3/2 Serial3/2 Service-policy output:policy1 Class-map:class1 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:none Weighted Fair Queuing Output Queue:Conversation 265 Bandwidth 50 (%) Bandwidth 772 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0 Class-map:class2 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:none Weighted Fair Queuing Output Queue:Conversation 266 Bandwidth 25 (%) Bandwidth 386 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0 Class-map:class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:any
In this example, serial interface 3/2 has a total bandwidth of 1544 kbps. During periods of congestion, 50 percent (or 772 kbps) of the bandwidth is guaranteed to the class named class1, and 25 percent (or 386 kbps) of the link bandwidth is guaranteed to the class named class2.
In the following example, the interface has a total bandwidth of 1544 kbps. During periods of congestion, 50 percent (or 772 kbps) of the bandwidth is guaranteed to the class named class1, and 25 percent (or 386 kbps) of the link bandwidth is guaranteed to the class named class2.
The following sample output from the show policy-map command shows the configuration of a policy map named p1:
Router# show policy-map p1 Policy Map p1 Class voice Weighted Fair Queuing Strict Priority Bandwidth 500 (kbps) Burst 12500 (Bytes) Class class1 Weighted Fair Queuing Bandwidth remaining 50 (%) Max Threshold 64 (packets) Class class2 Weighted Fair Queuing Bandwidth remaining 25 (%) Max Threshold 64 (packets)
The following output from the show policy-map interface command on serial interface 3/2 shows that 500 kbps of bandwidth is guaranteed for the class named voice1. The classes named class1 and class2 receive 50 percent and 25 percent of the remaining bandwidth, respectively. Any unallocated bandwidth is divided proportionally among class1, class2, and any best-effort traffic classes.
Note |
In this sample output (unlike many of the others earlier in this section) the bandwidth is displayed only as a percentage for class 1 and class 2. Bandwidth expressed as a number of kbps is not displayed because the percent keyword was used with the bandwidth remaining command. The bandwidth remaining percent command allows you to allocate bandwidth as a relative percentage of the total bandwidth available on the interface. |
Router# show policy-map interface serial3/2 Serial3/2 Service-policy output:p1 Class-map:voice (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:ip precedence 5 Weighted Fair Queuing Strict Priority Output Queue:Conversation 264 Bandwidth 500 (kbps) Burst 12500 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0 Class-map:class1 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:none Weighted Fair Queuing Output Queue:Conversation 265 Bandwidth remaining 50 (%) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0 Class-map:class2 (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:none Weighted Fair Queuing Output Queue:Conversation 266 Bandwidth remaining 25 (%) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0 Class-map:class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match:any
When a parent policy has ATM overhead accounting enabled, you are not required to enable ATM overhead accounting on a child traffic class that does not contain the bandwidth or shape command. In the following configuration example, ATM overhead accounting is enabled for bandwidth on the gaming and class-default class of the child policy map named subscriber_classes and on the class-default class of the parent policy map named subscriber_line. The voip and video classes do not have ATM overhead accounting explicitly enabled; these priority queues have overhead accounting implicitly enabled because ATM overhead accounting is enabled on the parent policy. Notice that the features in the parent and child policies use the same encapsulation type.
Router(config)# policy-map subscriber_classes Router(config-pmap)# class voip Router(config-pmap-c)# priority level 1 Router(config-pmap-c)# police 8000 Router(config-pmap-c)# exit Router(config-pmap)# class video Router(config-pmap-c)# priority level 2 Router(config-pmap-c)# police 20 Router(config-pmap-c)# exit Router(config-pmap)# class gaming Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-rbe-dot1q Router(config-pmap-c)# exit Router(config-pmap)# class class-default Router(config-pmap-c)# bandwidth remaining percent 20 account aal5 snap-rbe-dot1q Router(config-pmap-c)# policy-map subscriber_line Router(config-pmap-c)# exit Router(config-pmap)# class class-default Router(config-pmap-c)# bandwidth remaining ratio 10 account aal5 snap-rbe-dot1q Router(config-pmap-c)# shape average 512 account aal5 snap-rbe-dot1q Router(config-pmap-c)# service policy subscriber_classes
In the following example, the router uses 20 overhead bytes and ATM cell tax in calculating ATM overhead. The child and parent policies contain the required matching offset values. The parent policy is attached to virtual template 1.
Router(config)# policy-map child Router(config-pmap)# class class1 Router(config-pmap-c)# bandwidth 500 account user-defined 20 atm Router(config-pmap-c)# exit Router(config-pmap)# class class2 Router(config-pmap-c)# shape average 30000 account user-defined 20 atm Router(config-pmap)# exit Router(config)# exit Router(config)#
Command |
Description |
---|---|
class (policy-map) |
Specifies the name of the class whose policy you want to create or change, and the default class (commonly known as the class-default class) before you configure its policy. |
class-map |
Creates a class map to be used for matching packets to a specified class. |
max-reserved-bandwidth |
Changes the percent of interface bandwidth allocated for CBWFQ, LLQ, and IP RTP Priority. |
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
priority |
Specifies the priority of a class of traffic belonging to a policy map. |
queue-limit |
Specifies or modifies the maximum number of packets the queue can hold for a class policy configured in a policy map. |
random-detect (interface) |
Enables WRED or DWRED. |
random-detect exponential-weighting- constant |
Configures the WRED and DWRED exponential weight factor for the average queue size calculation. |
random-detect precedence |
Configures WRED and DWRED parameters for a particular IP precedence. |
show policy-map |
Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps. |
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface. |
To specify a bandwidth-remaining ratio for class-level or subinterface-level queues to be used during congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to nonpriority queues, use thebandwidthremainingratio command in policy-map class configuration mode. To remove the bandwidth-remaining ratio, use the no form of this command.
bandwidth remaining ratio ratio
no bandwidth remaining ratio ratio
bandwidth remaining ratio ratio [ account { qinq | dot1q } [aal5] { subscriber-encapsulation | user-defined offset } ]
no bandwidth remaining ratio ratio [ account { qinq | dot1q } [aal5] { subscriber-encapsulation | user-defined offset } ]
bandwidth remaining ratio ratio
no bandwidth remaining ratio ratio
ratio |
Relative weight of this subinterface or class queue with respect to other subinterfaces or class queues. Valid values are from 1 to 1000. At the subinterface level, the default value is platform dependent. At the class queue level, the default is 1. |
||||
Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router |
|||||
ratio |
Relative weight of this subinterface or class queue with respect to other subinterfaces or class queues.
|
||||
account |
(Optional) Enables ATM overhead accounting. |
||||
qinq |
(Optional) Specifies queue-in-queue encapsulation as the Broadband Remote Access Server - Digital Subscriber Line Access Multiplexer (BRAS-DSLAM) encapsulation type. |
||||
dot1q |
(Optional) Specifies IEEE 802.1Q VLAN encapsulation as the BRAS-DSLAM encapsulation type. |
||||
aal5 |
(Optional) Specifies the ATM adaptation layer 5 that supports connection-oriented variable bit rate (VBR) services. |
||||
subscriber-encapsulation |
(Optional) Specifies the encapsulation type at the subscriber line. Encapsulation type varies according to subscriber line. |
||||
user-defined offset |
(Optional) Specifies the offset size, in bytes, that the router uses when calculating the ATM overhead.
|
||||
Cisco ASR 1000 Series Routers |
|||||
ratio |
Relative weight of this subinterface or class queue with respect to other subinterfaces or class queues. Valid values are from 1 to 1000. At the subinterface level and class-queue level, the default is 1. |
For most platforms, the default bandwidth ratio is 1.
When you use default bandwidth-remaining ratios at the subinterface level, the Cisco 10000 series router distinguishes between interface types. At the subinterface level, the default bandwidth-remaining ratio is 1 for VLAN subinterfaces and Frame Relay Data Link Connection Identifiers (DLCI). For ATM subinterfaces, the router computes the default bandwidth-remaining ratio based on the subinterface speed.
When you use default bandwidth-remaining ratios at the class level, the Cisco 10000 series router makes no distinction between interface types. At the class level, the default bandwidth-remaining ratio is 1.
Policy-map class (config-pmap-c)
Release |
Modification |
---|---|
12.2(31)SB2 |
This command was introduced. This command was implemented on the Cisco 10000 series router for the PRE3. |
12.2(33)SRC |
This command was modified. It was implemented on the Cisco 7600 series routers. Additional keywords and arguments were added to support ATM overhead accounting (optional) on the Cisco 7600 series router and the Cisco 10000 series router for the PRE3. |
12.2(33)SB |
This comand was modified. Support for the Cisco 7300 series routers was added. The additional keyword and arguments associated with ATM overhead accounting were also supported. |
Cisco IOS XE Release 2.1 |
This command was integrated into Cisco IOS XE Release 2.1. |
Cisco 10000 Series Router
The scheduler uses the ratio specified in the bandwidthremainingratio command to determine the amount of excess bandwidth (unused by priority traffic) to allocate to a class-level queue or a subinterface-level queue during periods of congestion. The scheduler allocates the unused bandwidth relative to other queues or subinterfaces.
The bandwidthremainingratio command cannot coexist with another bandwidth command in different traffic classes of the same policy map. For example, the following configuration is not valid and causes an error message to display:
policy-map Prec1 class precedence_0 bandwidth remaining ratio 10 class precedence_2 bandwidth 1000
For the PRE2, the bandwidthremainingratio command can coexist with another bandwidth command in the same class of a policy map. On the PRE3, the bandwidthremainingratio command cannot coexist with another bandwidthcommand in the same class. For example, the following configuration is not valid on the PRE3 and causes an error message to display:
policy-map Prec1 class precedence_0 bandwidth 1000 bandwidth remaining ratio 10
In a hierarchical policy map in which the parent policy has only the class-default class defined with a child queuing policy applied, the router accepts only the bandwidthremainingratio form of the bandwidth command in the class-default class.
The bandwidthremainingratio command cannot coexist with the priority command in the same class. For example, the following configuration is not valid and causes an error message to display:
policy-map Prec1 class precedence_1 priority police percent 30 bandwidth remaining ratio 10
All of the queues for which the bandwidthremainingratio command is not specified receive the platform-specified minimum bandwidth-remaining ratio. The router determines the minimum committed information rate (CIR) based on the configuration.
ATM Overhead Accounting (Optional)
The bandwidthremainingratio command can also be used to enable ATM overhead accounting. To enable ATM overhead accounting, use the account keyword and the subsequent keywords and arguments as documented in the Syntax Description table.
Cisco 7200 Series Routers
Thebandwidthremainingratio command is not supported on the Cisco 7200 series routers. If you have upgraded from Cisco IOS Release 12.2(33)SRD to Cisco IOS Release 12.2(33)SRE, you may see parser errors when you run this command. You can use the bandwidthremainingpercent command in place of the bandwidthremainingratiocommand on Cisco 7200 series routers to achieve the same functionality.
The following example shows how to configure a bandwidth-remaining ratio on an ATM subinterface. In the example, the router guarantees a peak cell rate of 50 Mbps for the variable bit rate nonreal-time (VBR-nrt) PVC 0/200. During periods of congestion, the subinterface receives a share of excess bandwidth (unused by priority traffic) based on the bandwidth-remaining ratio of 10, relative to the other subinterfaces configured on the physical interface.
policy-map Child class precedence_0 bandwidth 10000 class precedence_1 shape average 100000 bandwidth 100 ! policy-map Parent class class-default bandwidth remaining ratio 10 shape average 20000000 service-policy Child ! interface ATM2/0/3.200 point-to-point ip address 10.20.1.1 255.255.255.0 pvc 0/200 protocol ip 10.20.1.2 vbr-nrt 50000 encapsulation aal5snap service-policy output Parent
The following example shows how to configure bandwidth remaining ratios for individual class queues. Some of the classes configured have bandwidth guarantees and a bandwidth-remaining ratio explicitly specified. When congestion occurs within a subinterface level, the class queues receive excess bandwidth (unused by priority traffic) based on their class-level bandwidth-remaining ratios: 20, 30, 120, and 100, respectively, for the precedence_0, precedence_1, precedence_2, and precedence_5 classes. Normally, the precedence_3 class (without a defined ratio) would receive bandwidth based on the bandwidth-remaining ratio of the class-default class defined in the Child policy. However, in the example, the Child policy does not define a class-default bandwidth remaining ratio. Therefore, the router uses a ratio of 1 to allocate excess bandwidth to precedence_3 traffic.
policy-map Child class precedence_0 shape average 100000 bandwidth remaining ratio 20 class precedence_1 shape 10000 bandwidth remaining ratio 30 class precedence_2 shape average 200000 bandwidth remaining ratio 120 class precedence_3 set ip precedence 3 class precedence_5 set ip precedence 5 bandwidth remaining ratio 100 policy-map Parent class class-default bandwidth remaining ratio 10 service-policy Child ! interface GigabitEthernet 2/0/1.10 encapsulation dot1q 10 service-policy output Parent
The following example shows how to configure overhead accounting by using the optional accountkeyword and associated keywords and arguments:
policy-map subscriber_line class class-default bandwidth remaining ratio 10 account dot1q aal5 snap-rbe-dot1q shape average 512 account dot1q aal5 snap-rbe-dot1q service policy subscriber_classes
Command |
Description |
---|---|
bandwidth remaining percent |
Specifies a bandwidth-remaining percentage for class-level or subinterface-level queues to be used during congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to nonpriority queues. |
show policy-map |
Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps. |
show policy-map interface |
Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface. |
To specify the name of the class whose policy you want to create or change or to specify the default class (commonly known as the class-default class) before you configure its policy, use the classcommand in policy-map configuration mode. To remove a class from the policy map, use the no form of this command.
class { class-name | class-default [ fragment fragment-class-name ] } [ insert-before class-name ] [ service-fragment fragment-class-name ]
no class { class-name | class-default }
class-name |
Name of the class to be configured or whose policy is to be modified. The class name is used for both the class map and to configure a policy for the class in the policy map. |
class-default |
Specifies the default class so that you can configure or modify its policy. |
fragment f ragment-class-name |
(Optional) Specifies the default traffic class as a fragment, and names the fragment traffic class. |
insert-before class-name |
(Optional) Adds a class map between any two existing class maps. Inserting a new class map between two existing class map provides more flexibility when modifying existing policy map configurations. Without this option, the class map is appended to the end of the policy map. This keyword is supported only on flexible packet matching (FPM) policies. |
service-fragment fragment-class-name |
(Optional) Specifies that the class is classifying a collection of fragments. The fragments being classified by this class must all share the same fragment-class-name. |
No class is specified.
Policy-map configuration (config-pmap)
Release |
Modification |
---|---|
12.0(5)T |
This command was introduced. |
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
12.2(14)SX |
Support for this command was introduced on Cisco 7600 routers. |
12.2(17d)SXB |
This command was implemented on the Cisco 7600 router and integrated into Cisco IOS Release 12.2(17d)SXB. |
12.2(18)SXE |
The class-default keyword was added to the Cisco 7600 router. |
12.4(4)T |
Theinsert-beforeclass-name option was added. |
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
12.2(31)SB2 |
This command was introduced on the PRE3 for the Cisco 10000 series router. |
12.2(18)ZY |
The insert-beforeclass-name option was integrated into Cisco IOS Release 12.2(18)ZY on the Catalyst 6500 series of switches equipped with the Programmable Intelligent Services Accelerator (PISA). |
Cisco IOS XE Release 2.1 |
This command was implemented on Cisco ASR 1000 series routers. The fragmentfragment-class-name and service-fragmentfragment-class-name options were introduced. |
Policy Map Configuration Mode
Within a policy map, the class(policy-map)command can be used to specify the name of the class whose policy you want to create or change. First, the policy map must be identified.
To identify the policy map (and enter the required policy-map configuration mode), use the policy-map command before you use the class(policy-map)command. After you specify a policy map, you can configure policy for new classes or modify the policy for any existing classes in that policy map.
Class Characteristics
The class name that you specify in the policy map ties the characteristics for that class--that is, its policy--to the class map and its match criteria, as configured using the class-map command.
When you configure policy for a class and specify its bandwidth and attach the policy map to an interface, class-based weighted fair queueing (CBWFQ) determines if the bandwidth requirement of the class can be satisfied. If so, CBWFQ allocates a queue for the bandwidth requirement.
When a class is removed, available bandwidth for the interface is incremented by the amount previously allocated to the class.
The maximum number of classes that you can configure for a router--and, therefore, within a policy map--is 64.
Predefined Default Class
The class-default keyword is used to specify the predefined default class called class-default. The class-default class is the class to which traffic is directed if that traffic does not match any of the match criteria in the configured class maps.
Tail Drop or WRED
You can define a class policy to use either tail drop by using the queue-limit command or Weighted Random Early Detection (WRED) by using the random-detect command. When using either tail drop or WRED, note the following points:
Fragments
A default traffic class is marked as a fragment within a policy map class statement using the fragmentkeyword. Multiple fragments can then be classified collectively in a separate policy map that is created using the service-fragment keyword. When fragments are used, default traffic classes marked as fragments have QoS applied separately from the non-default traffic classes.
When using fragments, note the following guidelines:
Cisco 10000 Series Router
The PRE2 allows you to configure 31 class queues in a policy map.
In a policy map, the PRE3 allows you to configure one priority level 1 queue, plus one priority level 2 queue, plus 12 class queues, plus one default queue.
Cisco ASR 1000 Series Routers
The maximum number of classes that you can configure for a Cisco ASR 1000 Series Router--and, therefore, within a policy map--is 8.
The following example shows how to configure three class policies included in the policy map called policy1. Class1 specifies policy for traffic that matches access control list 136. Class2 specifies policy for traffic on interface ethernet101. The third class is the default class to which packets that do not satisfy configured match criteria are directed:
! The following commands create class-maps class1 and class2 ! and define their match criteria: class-map class1 match access-group 136 class-map class2 match input-interface ethernet101 ! The following commands create the policy map, which is defined to contain policy ! specification for class1, class2, and the default class: policy-map policy1 Router(config)# policy-map policy1 Router(config-pmap)# class class1 Router(config-pmap-c)# bandwidth 2000 Router(config-pmap-c)# queue-limit 40 Router(config-pmap)# class class2 Router(config-pmap-c)# bandwidth 3000 Router(config-pmap-c)# random-detect Router(config-pmap-c)# random-detect exponential-weighting-constant 10 Router(config-pmap)# class class-default Router(config-pmap-c)# fair-queue 16 Router(config-pmap-c)# queue-limit 20
Note |
When the policy map that contains these classes is attached to the interface to stipulate the service policy for that interface, available bandwidth is assessed, taking into account all class policies and Resource Reservation Protocol (RSVP), if configured. |
The following example shows how to configure policy for the default class included in the policy map called policy8. The default class has these characteristics:20 dynamic queues are available for traffic that does not meet the match criteria of other classes whose policy is defined by the policy map called policy8, and a weight factor of 14 is used to calculate the average queue size. For congestion avoidance, WRED packet drop is used, not tail drop:
Router(config)# policy-map policy8 Router(config-pmap)# class class-default Router(config-pmap-c)# fair-queue 20 Router(config-pmap-c)# random-detect exponential-weighting-constant 14
The following example shows how to configure policy for a class called acl136 included in the policy map called policy1. Class acl136 has these characteristics:a minimum of 2000 kbps of bandwidth is expected to be delivered to this class in the event of congestion, and the queue reserved for this class can enqueue 40 packets before tail drop is enacted to handle additional packets. Note that when the policy map that contains this class is attached to the interface to stipulate the service policy for that interface, available bandwidth is assessed, taking into account all class policies and RSVP, if configured:
Router(config)# policy-map policy1 Router(config-pmap)# class acl136 Router(config-pmap-c)# bandwidth 2000 Router(config-pmap-c)# queue-limit 40
The following example shows how to configure policy for a class called int101 included in the policy map called policy8. Class int101 has these characteristics:a minimum of 3000 kbps of bandwidth are expected to be delivered to this class in the event of congestion, and a weight factor of 10 is used to calculate the average queue size. For congestion avoidance, WRED packet drop is used, not tail drop. Note that when the policy map that contains this class is attached to the interface to stipulate the service policy for that interface, available bandwidth is assessed:
Router(config)# policy-map policy8 Router(config-pmap)# class int101 Router(config-pmap-c)# bandwidth 3000 Router(config-pmap-c)# random-detect exponential-weighting-constant 10
The following example shows how to configure policy for the class-default default class included in the policy map called policy1. The class-default default class has these characteristics:10 hashed queues for traffic that does not meet the match criteria of other classes whose policy is defined by the policy map called policy1; and a maximum of 20 packets per queue before tail drop is enacted to handle additional enqueued packets:
Router(config)# policy-map policy1 Router(config-pmap)# class class-default Router(config-pmap-c)# fair-queue Router(config-pmap-c)# queue-limit 20
The following example shows how to configure policy for the class-default default class included in the policy map called policy8. The class-default default class has these characteristics:20 hashed queues for traffic that does not meet the match criteria of other classes whose policy is defined by the policy map called policy8; and a weight factor of 14 is used to calculate the average queue size. For congestion avoidance, WRED packet drop is used, not tail drop:
Router(config)# policy-map policy8 Router(config-pmap)# class class-default Router(config-pmap-c)# fair-queue 20 Router(config-pmap-c)# random-detect exponential-weighting-constant 14
The following example shows how to configure FPM for blaster packets. The class map contains the following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start of IP header:
load protocol disk2:ip.phdf load protocol disk2:tcp.phdf load protocol disk2:udp.phdf class-map type stack match-all ip-tcp match field ip protocol eq 0x6 next tcp class-map type stack match-all ip-udp match field ip protocol eq 0x11 next udp class-map type access-control match-all blaster1 match field tcp dest-port eq 135 match start 13-start offset 3 size 2 eq 0x0030 class-map type access-control match-all blaster2 match field tcp dest-port eq 4444 Router(config-cmap)# match start 13-start offset 3 size 2 eq 0x0030 class-map type access-control match-all blaster3 match field udp dest-port eq 69 match start 13-start offset 3 size 2 eq 0x0030 policy-map type access-control fpm-tcp-policy class blaster1 drop class blaster2 drop policy-map type access-control fpm-udp-policy class blaster3 drop policy-map type access-control fpm-policy class ip-tcp service-policy fpm-tcp-policy class ip-udp service-policy fpm-udp-policy interface gigabitEthernet 0/1 service-policy type access-control input fpm-policy
The following example shows how to create a fragment class of traffic to classify the default traffic class named BestEffort. All default traffic from the policy maps named subscriber1 and subscriber2 is part of the fragment default traffic class named BestEffort. This default traffic is then shaped collectively by creating a class called data that uses the service-fragment keyword and the shape command:
Note the following about this example:
policy-map subscriber1 class voice set cos 5 priority level 1 class video set cos 4 priority level 2 class class-default fragment BestEffort shape average 200 bandwidth remaining ratio 10 policy-map subscriber 2 class voice set cos 5 priority level 1 class video set cos 4 priority level 2 class class-default fragment BestEffort shape average 200 bandwidth remaining ratio 10 policy-map input_policy class class-default set dscp default policy-map main-interface class data service-fragment BestEffort shape average 400 interface portchannel1.1001 encapsulation dot1q 1001service-policy output subscriber1 service-policy input input_policy interface portchannel1.1002 encapsulation dot1q 1002 service-policy output subscriber2 service-policy input input_policy interface gigabitethernet 0/1 description member-link1 port channel 1 service-policy output main-interface interface gigabitethernet 0/2 description member-link2 port channel 1
service-policy output main-interface
Command |
Description |
---|---|
bandwidth (policy-map class) |
Specifies or modifies the bandwidth allocated for a class belonging to a policy map. |
class-map |
Creates a class map to be used for matching packets to a specified class. |
fair-queue (class-default) |
Specifies the number of dynamic queues to be reserved for use by the class-default class as part of the default class policy. |
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
queue-limit |
Specifies or modifies the maximum number of packets the queue can hold for a class policy configured in a policy map. |
random-detect (interface) |
Enables WRED or DWRED. |
random-detect exponential-weighting-constant |
Configures the WRED and DWRED exponential weight factor for the average queue size calculation. |
random-detect precedence |
Configures WRED and DWRED parameters for a particular IP Precedence. |
To create a class map to be used for matching packets to a specified class and to enter QoS class-map configuration mode, use the class-map command in global configuration mode. To remove an existing class map from a device, use the no form of this command.
class-map [ type { stack | access-control | port-filter | queue-threshold | logging log-class } ] [ match-all | match-any ] class-map-name
no class-map [ type { stack | access-control | port-filter | queue-threshold | logging log-class } ] [ match-all | match-any ] class-map-name
class-map class-map-name [ match-all | match-any ]
no class-map class-map-name [ match-all | match-any ]
class-map class-map-name
no class-map class-map-name
type |
(Optional) Specifies the class-map type. |
||
stack |
(Optional) Enables the flexible packet matching (FPM) functionality to determine the protocol stack to examine. When you use the load protocol command to load protocol header description files (PHDFs) on the device, a stack of protocol headers can be defined so that the filter can determine which headers are present and in what order. |
||
access-control |
(Optional) Determines the pattern to look for in the configured protocol stack.
|
||
port-filter |
(Optional) Creates a port-filter class map that enables the TCP or UDP port policing of control plane packets. When this keyword is enabled, the command filters the traffic that is destined to specific ports on the control-plane host subinterface. |
||
queue-threshold |
(Optional) Enables queue thresholding, which limits the total number of packets for a specified protocol allowed in the control plane IP input queue. The queue-thresholding applies only to the control-plane host subinterface. |
||
logging log-class |
(Optional) Enables the logging of packet traffic on the control plane. The value for the log-class argument is the name of the log class. |
||
match-all |
(Optional) Determines how packets are evaluated when multiple match criteria exist. Matches statements under this class map based on the logical AND function. A packet must match all statements to be accepted. If you do not specify the match-all or match-any keyword, the default keyword used is match-all. |
||
match-any |
(Optional) Determines how packets are evaluated when multiple match criteria exist. Matches statements under this class map based on the logical OR function. A packet must match any of the match statements to be accepted. If you do not specify the match-any or match-all keyword, the default keyword is used match-all. |
||
class-map-name |
Name of the class for the class map. The class name is used for both the class map and to configure a policy for the class in the policy map.
|
A class map is not configured.
Global configuration (config)
Release |
Modification |
---|---|
12.0(5)T |
This command was introduced. |
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
12.2(14)SX |
This command was integrated into Cisco IOS Release 12.2(14)SX and implemented on Cisco 7600 series routers. |
12.2(17d)SXB |
This command was integrated into Cisco IOS Release 12.2(17d)SXB and implemented on Cisco 7600 series routers. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.4(4)T |
This command was modified. The stack and access-control keywords were added to support FPM. The port-filter and queue-threshold keywords were added to support control-plane protection. |
12.4(6)T |
This command was modified. The logging log-class keyword and argument pair was added to support control-plane packet logging. |
12.2(18)ZY |
This command was modified. The stack and access-control keywords were integrated into Cisco IOS Release 12.2(18)ZY on Catalyst 6500 series switches equipped with the programmable intelligent services accelerator (PISA). |
Cisco IOS XE Release 2.1 |
This command was integrated into Cisco IOS XE Release 2.1 and implemented on Cisco ASR 1000 Series Aggregation Services Routers. |
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor with the class-map-name argument as the only syntax element available. |
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor with the class-map-name argument. |
12.2(33)SCF |
This command was integrated into Cisco IOS Release 12.2(33)SCF. |
15.2(3)T |
This command was modified. The software does not accept spaces in a class map name entered without quotation marks. |
15.1(2)SNG |
This command was integrated into Cisco ASR 901 Series Aggregation Services Routers. |
Only the class-map-name argument is available.
Use the class-map command to specify the class that you will create or modify to meet the class-map match criteria. This command enters QoS class-map configuration mode in which you can enter one or more match commands to configure the match criteria for this class. Packets that arrive at either the input interface or the output interface (determined by how the service-policy command is configured) are checked against the match criteria that are configured for a class map to determine if packets belong to that class.
When configuring a class map, you can use one or more match commands to specify the match criteria. For example, you can use the match access-group command, the match protocol command, or the match input-interface command. The match commands vary according to the Cisco software release. For more information about match criteria and match commands, see the “Modular Quality of Service Command-Line Interface (CLI) (MQC)” chapter of the Cisco IOS Quality of Service Solutions Configuration Guide.
Apply the class-map command and commands available in QoS class-map configuration mode on a per-interface basis to define packet classification, marking, aggregating, and flow policing as part of a globally named service policy.
You can attach a service policy to an EtherChannel. Do not attach a service policy to a port that is a member of an EtherChannel.
When a device is in QoS class-map configuration mode, the following configuration commands are available:
The following commands appear in the CLI help but are not supported on LAN interfaces or WAN interfaces on Optical Service Modules (OSMs):
OSMs are not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 32.
Policy Feature Card (PFC) QoS does not support the following commands:
If you enter these commands, PFC QoS does not detect unsupported keywords until you attach a policy map to an interface. When you try to attach the policy map to an interface, an error message is generated. For additional information, see the Cisco 7600 Series Router Cisco IOS Software Configuration Guide and Cisco IOS command references.
After configuring the class-map name and the device you can enter the match access-group and match ip dscp commands in QoS class-map configuration mode. The syntax for these commands is as follows:
match [access-group {acl-index | acl-name} | ip dscp | precedence} value]
See the table below for a description of match command keywords.
Optional command |
Description |
---|---|
access-group acl-index | acl-name |
(Optional) Specifies the access list index or access list names. Valid access list index values are from 1 to 2699. |
access-group acl-name |
(Optional) Specifies the named access list. |
ip dscp value1 value2 ... value8 |
(Optional) Specifies IP differentiated services code point (DSCP) values to match. Valid values are from 0 to 63. You can enter up to eight DSCP values separated by spaces. |
ip precedence value1 value2 ... value8 |
(Optional) Specifies the IP precedence values to match. Valid values are from 0 to 7. You can enter up to eight precedence values separated by spaces. |
The following example shows how to specify class101 as the name of a class and define a class map for this class. The class named class101 specifies policy for the traffic that matches ACL 101.
Device(config)# class-map class101 Device(config-cmap)# match access-group 101 Device(config-cmap)# end
The following example shows how to define FPM traffic classes for slammer and UDP packets. The match criteria defined within class maps are for slammer and UDP packets with an IP length that does not exceed 404 (0x194) bytes, UDP port 1434 (0x59A), and pattern 0x4011010 at 224 bytes from the start of the IP header.
Device(config)# load protocol disk2:ip.phdf Device(config)# load protocol disk2:udp.phdf Device(config)# class-map type stack match-all ip-udp Device(config-cmap)# description “match UDP over IP packets” Device(config-cmap)# match field ip protocol eq 0x11 next udp Device(config-cmap)#exit Device(config)# class-map type access-control match-all slammer Device(config-cmap)# description “match on slammer packets” Device(config-cmap)# match field udp dest-port eq 0x59A Device(config-cmap)# match field ip length eq 0x194 Device(config-cmap)# match start 13-start offset 224 size 4 eq 0x 4011010 Device(config-cmap)# end
The following example shows how to configure a port-filter policy to drop all traffic that is destined to closed or “nonlistened” ports except Simple Network Management Protocol (SNMP):
Device(config)# class-map type port-filter pf-class Device(config-cmap)# match not port udp 123 Device(config-cmap)# match closed-ports Device(config-cmap)# exit Device(config)# policy-map type port-filter pf-policy Device(config-pmap)# class pf-class Device(config-pmap-c)# drop Device(config-pmap-c)# end
The following example shows how to configure a class map named ipp5 and enter a match statement for IP precedence 5:
Device(config)# class-map ipp5 Device(config-cmap)# match ip precedence 5
The following example shows how to set up a class map and match traffic classes for the 802.1p domain with packet class of service (CoS) values:
Device> enable Device# configure terminal Device(config)# class-map cos1 Device(config-cmap)# match cos 0 Device(config-pmap-c)# end
The following example shows how to set up a class map and match traffic classes for the Multiprotocol Label Switching (MPLS) domain with packet experimental (EXP) values:
Device> enable Device# configure terminal Device(config)# class-map exp7 Device(config-cmap)# match mpls experimental topmost 2 Device(config-pmap-c)# end
Command |
Description |
---|---|
description |
Specifies the description for a class map or policy map configuration. |
drop |
Configures the traffic class to discard packets belonging to a specific class map. |
class (policy-map) |
Specifies the name of the class whose policy you want to create or change, and the default class before you configure its policy. |
load protocol |
Loads a PHDF onto a router. |
match (class-map) |
Configures the match criteria for a class map on the basis of port filter or protocol queue policies. |
match access-group |
Configures the match criteria for a class map on the basis of the specified ACL. |
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
match ip dscp |
Identifies one or more DSCP, AF, and CS value as a match criterion. |
match mpls experimental |
Configures a class map to use the specified EXP field value as a match criterion. |
match protocol |
Configures the match criteria for a class map on the basis of the specified protocol. |
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
protocol |
Configures a timer and authentication method for a control interface. |
qos-group |
Associates a QoS group value for a class map. |
service-policy |
Attaches a policy map to an input interface or VC or to an output interface or VC to be used as the service policy for that interface or VC. |
show class-map |
Displays class map information. |
show policy-map interface |
Displays statistics and configurations of input and output policies that are attached to an interface. |
source-address |
Configures the source-address control on a port. |
To change the minimum and maximum packet thresholds for the differentiated services code point (DSCP) value, use the dscp command in random-detect-group configuration mode. To return the minimum and maximum packet thresholds to the default for the DSCP value, use the no form of this command.
dscp dscp-value min-threshold max-threshold [mark-probability-denominator]
no dscp dscp-value min-threshold max-threshold [mark-probability-denominator]
dscp-value |
Specifies the DSCP value. The DSCP value can be a number from 0 to 63, or it can be one of the following keywords: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7. |
min-threshold |
Minimum threshold in number of packets. The value range of this argument is from 1 to 4096. When the average queue length reaches the minimum threshold, Weighted Random Early Detection (WRED) randomly drops some packets with the specified DSCP value. |
max-threshold
|
Maximum threshold in number of packets. The value range of this argument is the value of the min-threshold argument to 4096. When the average queue length exceeds the maximum threshold, WRED drops all packets with the specified DSCP value. |
mark-probability-denominator
|
(Optional) Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. For example, if the denominator is 512, one out of every 512 packets is dropped when the average queue is at the maximum threshold. The value range is from 1 to 65536. The default is 10; one out of every ten packets is dropped at the maximum threshold. |
If WRED is using the DSCP value to calculate the drop probability of a packet, all entries of the DSCP table are initialized with the default settings shown in the table in the “Usage Guidelines” section.
Random-detect-group configuration
Release |
Modification |
---|---|
12.1(5)T |
This command was introduced. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
This command must be used in conjunction with the random-detect-group command.
Additionally, the dscp command is available only if you specified the dscp-based argument when using the random-detect-group command.
The table below lists the DSCP default settings used by the dscp command. The table below lists the DSCP value, and its corresponding minimum threshold, maximum threshold, and mark probability. The last row of the table (the row labeled “default”) shows the default settings used for any DSCP value not specifically shown in the table.
DSCP (Precedence) |
Minimum Threshold |
Maximum Threshold |
Mark Probability |
---|---|---|---|
af11 |
32 |
40 |
1/10 |
af12 |
28 |
40 |
1/10 |
af13 |
24 |
40 |
1/10 |
af21 |
32 |
40 |
1/10 |
af22 |
28 |
40 |
1/10 |
af23 |
24 |
40 |
1/10 |
af31 |
32 |
40 |
1/10 |
af32 |
28 |
40 |
1/10 |
af33 |
24 |
40 |
1/10 |
af41 |
32 |
40 |
1/10 |
af42 |
28 |
40 |
1/10 |
af43 |
24 |
40 |
1/10 |
cs1 |
22 |
40 |
1/10 |
cs2 |
24 |
40 |
1/10 |
cs3 |
26 |
40 |
1/10 |
cs4 |
28 |
40 |
1/10 |
cs5 |
30 |
40 |
1/10 |
cs6 |
32 |
40 |
1/10 |
cs7 |
34 |
40 |
1/10 |
ef |
36 |
40 |
1/10 |
rsvp |
36 |
40 |
1/10 |
default |
20 |
40 |
1/10 |
The following example enables WRED to use the DSCP value af22. The minimum threshold for the DSCP value af22 is 28, the maximum threshold is 40, and the mark probability is 10.
Router> enable Router# configure terminal Router(config)# random-detect-group class1 dscp-based Router(cfg-red-group)# dscp af22 28 40 10 Router(cfg-red-group)# end
Command |
Description |
---|---|
random-detect-group |
Enables per-VC WRED or per-VC DWRED. |
show queueing |
Lists all or selected configured queueing strategies. |
show queueing interface |
Displays the queueing statistics of an interface or VC. |
To use a traffic class as a classification policy, use the match class-map command in class-map or policy inline configuration mode. To remove a specific traffic class as a match criterion, use the no form of this command.
match class-map class-map-nam e
no match class-map class-map-name
class-map-name |
Name of the traffic class to use as a match criterion. |
No match criteria are specified.
Class-map configuration (config-cmap)
Release |
Modification |
---|---|
12.0(5)XE |
This command was introduced. |
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.4(6)T |
This command was enhanced to support Zone-Based Policy Firewall. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(31)SB |
This command was implemented on the Cisco 10000 series. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Cisco IOS XE Release 3.2S |
This command was integrated into Cisco IOS XE Release 3.2S. |
The only method of including both match-any and match-all characteristics in a single traffic class is to use the match class-map command. To combine match-any and match-all characteristics into a single class, do one of the following:
You can also use the match class-map command to nest traffic classes within one another, saving users the overhead of re-creating a new traffic class when most of the information exists in a previously configured traffic class.
When packets are matched to a class map, a traffic rate is generated for these packets. In a zone-based firewall policy, only the first packet that creates a session matches the policy. Subsequent packets in this flow do not match the filters in the configured policy, but instead match the session directly. The statistics related to subsequent packets are shown as part of the 'inspect' action.
In the following example, the traffic class called class1 has the same characteristics as traffic class called class2, with the exception that traffic class class1 has added a destination address as a match criterion. Rather than configuring traffic class class1 line by line, you can enter the match class-map class2 command. This command allows all of the characteristics in the traffic class called class2 to be included in the traffic class called class1, and you can simply add the new destination address match criterion without reconfiguring the entire traffic class.
Router(config)# class-map match-any class2 Router(config-cmap)# match protocol ip Router(config-cmap)# match qos-group 3 Router(config-cmap)# match access-group 2 Router(config-cmap)# exit Router(config)# class-map match-all class1 Router(config-cmap)# match class-map class2 Router(config-cmap)# match destination-address mac 1.1.1 Router(config-cmap)# exit
The following example shows how to combine the characteristics of two traffic classes, one with match-any and one with match-all characteristics, into one traffic class with the match class-map command. The result of traffic class called class4 requires a packet to match one of the following three match criteria to be considered a member of traffic class called class 4: IP protocol and QoS group 4, destination MAC address 1.1.1, or access group 2. Match criteria IP protocol and QoS group 4 are required in the definition of the traffic class named class3 and included as a possible match in the definition of the traffic class named class4 with the match class-map class3 command.
In this example, only the traffic class called class4 is used with the service policy called policy1.
Router(config)# class-map match-all class3 Router(config-cmap)# match protocol ip Router(config-cmap)# match qos-group 4 Router(config-cmap)# exit Router(config)# class-map match-any class4 Router(config-cmap)# match class-map class3 Router(config-cmap)# match destination-address mac 1.1.1 Router(config-cmap)# match access-group 2 Router(config-cmap)# exit Router(config)# policy-map policy1 Router(config-pmap)# class class4 Router(config-pmap-c)# police 8100 1500 2504 conform-action transmit exceed-action set-qos-transmit 4 Router(config-pmap-c)# exit
Command |
Description |
---|---|
class-map |
Creates a class map to be used for matching packets to a specified class. |
To match a packet on the basis of a Layer 2 class of service (CoS)/Inter-Switch Link (ISL) marking, use the matchcos command in class-map configuration or policy inline configuration mode. To remove a specific Layer 2 CoS/ISL marking as a match criterion, use the no form of this command.
match cos cos-value [ cos-value [ cos-value [cos-value] ] ]
no match cos cos-value [ cos-value [ cos-value [cos-value] ] ]
Supported Platforms Other Than the Cisco 10000 Series Routers |
|
---|---|
cos-value |
Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to four CoS values, separated by a space, can be specified in one matchcos statement. |
Cisco 10000 Series Routers |
|
cos-value |
Specific packet CoS bit value. Specifies that the packet CoS bit value must match the specified CoS value. The cos-value is from 0 to 7; up to four CoS values, separated by a space, can be specified in one matchcos statement. |
Packets are not matched on the basis of a Layer 2 CoS/ISL marking.
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Release |
Modification |
---|---|
12.1(5)T |
This command was introduced. |
12.0(25)S |
This command was integrated into Cisco IOS Release 12.0(25)S. |
12.2(28)SB |
This command was integrated into Cisco IOS Release 12.2(28)SB. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
12.2(33)SRC |
This command was integrated into Cisco IOS Release 12.2(33)SRC and support for the Cisco 7600 series routers was added. |
12.4(15)T2 |
This command was integrated into Cisco IOS Release 12.4(15)T2. |
12.2(33)SB |
This command was integrated into Cisco IOS Release 12.2(33)SB and support for the Cisco 7300 series router was added. |
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
12.2(33)SCF |
This command was integrated into Cisco IOS Release 12.2(33)SCF. |
3.2SE |
This command was integrated into Cisco IOS XE Release 3.2SE. |
15.1(2)SNG |
This command was integrated into Cisco ASR 901 Series Aggregation Services Routers. |
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
In the following example, the CoS values of 1, 2, and 3 are successful match criteria for the interface that contains the classification policy named cos:
Router(config)# class-map cos Router(config-cmap)# match cos 1 2 3
In the following example, classes named voice and video-n-data are created to classify traffic based on the CoS values. QoS treatment is then given to the appropriate packets in the CoS-based-treatment policy map (in this case, the QoS treatment is priority 64 and bandwidth 512). The service policy configured in this example is attached to all packets leaving Fast Ethernet interface 0/0.1. The service policy can be attached to any interface that supports service policies.
Router(config)# class-map voice Router(config-cmap)# match cos 7 Router(config)# class-map video-n-data Router(config-cmap)# match cos 5 Router(config)# policy-map cos-based-treatment Router(config-pmap)# class voice Router(config-pmap-c)# priority 64 Router(config-pmap-c)# exit Router(config-pmap)# class video-n-data Router(config-pmap-c)# bandwidth 512 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fastethernet0/0.1 Router(config-if)# service-policy output cos-based-treatment
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of a CoS value of 2 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match cos 2 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
The following example shows how to match traffic classes for the 802.1p domain with packet CoS values:
Router> enable Router# config terminal Router(config)# class-map cos7 Router(config-cmap)# match cos 2 Router(config-cmap)# exit
Command |
Description |
---|---|
class-map |
Creates a class map to be used for matching packets to a specified class. |
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
set cos |
Sets the Layer 2 CoS value of an outgoing packet. |
show class-map |
Displays all class maps and their matching criteria. |
To configure the match criterion for a class map on the basis of a specified protocol, use the matchprotocol command in class-map configuration or policy inline configuration mode. To remove the protocol-based match criterion from the class map, use the no form of this command.
match protocol protocol-name
no match protocol protocol-name
protocol-name |
Name of the protocol (for example, bgp) used as a matching criterion. See the “Usage Guidelines” for a list of protocols supported by most routers. |
No match criterion is configured.
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Release |
Modification |
---|---|
12.0(5)T |
This command was introduced. |
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
12.0(7)S |
This command was integrated into Cisco IOS Release 12.0(7)S. |
12.1(1)E |
This command was integrated into Cisco IOS Release 12.1(1)E. |
12.1(13)E |
This command was integrated into Cisco IOS Release 12.1(13)E and implemented on Catalyst 6000 family switches without FlexWAN modules. |
12.2(8)T |
This command was integrated into Cisco IOS Release 12.2(8)T. |
12.2(13)T |
This command was modified to remove apollo, vines, and xns from the list of protocols used as matching criteria. These protocols were removed because Apollo Domain, Banyan VINES, and Xerox Network Systems (XNS) were removed in this release. The IPv6 protocol was added to support matching on IPv6 packets. |
12.0(28)S |
This command was integrated into Cisco IOS Release 12.0(28)S for IPv6. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(17a)SX1 |
This command was integrated into Cisco IOS Release 12.2(17a)SX1. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE and implemented on the Supervisor Engine 720. |
12.4(6)T |
This command was modified. The Napster protocol was removed because it is no longer supported. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(31)SB2 |
This command was integrated into Cisco IOS Release 12.2(31)SB2 and implemented on the Cisco 10000 series routers. |
12.2(18)ZY |
This command was integrated into Cisco IOS Release 12.2(18)ZY. This command was modified to enhance Network-Based Application Recognition (NBAR) functionality on the Catalyst 6500 series switch that is equipped with the Supervisor 32/programmable intelligent services accelerator (PISA) engine. |
12.4(15)XZ |
This command was integrated into Cisco IOS Release 12.4(15)XZ. |
12.4(20)T |
This command was integrated into Cisco IOS Release 12.4(20)T and implemented on the Cisco 1700, Cisco 1800, Cisco 2600, Cisco 2800, Cisco 3700, Cisco 3800, Cisco 7200, and Cisco 7300 series routers. |
Cisco IOS XE Release 2.2 |
This command was integrated into Cisco IOS XE Release 2.2 and implemented on the Cisco ASR 1000 Series Routers. |
Cisco IOS XE Release 3.1S |
This command was modified. Support for more protocols was added. |
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
Supported Platforms Other Than Cisco 7600 Routers and Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria protocols, access control lists (ACLs), input interfaces, quality of service (QoS) labels, and Experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocol command specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
The matchprotocolipx command matches packets in the output direction only.
To use the matchprotocol command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish. After you identify the class, you can use one of the following commands to configure its match criteria:
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
To configure NBAR to match protocol types that are supported by NBAR traffic, use the matchprotocol(NBAR)command.
Cisco 7600 Series Routers
The matchprotocol command in QoS class-map configuration configures NBAR and sends all traffic on the port, both ingress and egress, to be processed in the software on the Multilayer Switch Feature Card 2 (MSFC2).
For CBWFQ, you define traffic classes based on match criteria like protocols, ACLs, input interfaces, QoS labels, and Multiprotocol Label Switching (MPLS) EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocolcommand specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
If you want to use the matchprotocolcommand, you must first enter the class-map command to specify the name of the class to which you want to establish the match criteria.
If you specify more than one command in a class map, only the last command entered applies. The last command overrides the previously entered commands.
This command can be used to match protocols that are known to the NBAR feature. For a list of protocols supported by NBAR, see the “Classification” part of the Cisco IOS Quality of Service Solutions Configuration Guide.
Cisco 10000 Series Routers
For CBWFQ, you define traffic classes based on match criteria including protocols, ACLs, input interfaces, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute the traffic for that class.
The matchprotocol command specifies the name of a protocol to be used as the match criteria against which packets are checked to determine if they belong to the class specified by the class map.
The matchprotocolipx command matches packets in the output direction only.
To use the matchprotocol command, you must first enter the class-map command to specify the name of the class whose match criteria you want to establish.
If you are matching NBAR protocols, use the matchprotocol(NBAR) command.
Match Protocol Command Restrictions (Catalyst 6500 Series Switches Only)
Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be used to match packets (and organize them into groups) on the basis of a protocol type or application. You can create as many traffic classes as needed.
Cisco IOS Release 12.2(18)ZY includes software intended for use on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine. For this release and platform, note the following restrictions for using policy maps and matchprotocol commands:
Supported Protocols
The table below lists the protocols supported by most routers. Some routers support a few additional protocols. For example, the Cisco 7600 router supports the AARP and DECnet protocols, while the Cisco 7200 router supports the directconnect and PPPOE protocols. For a complete list of supported protocols, see the online help for the matchprotocol command on the router that you are using.
Protocol Name |
Description |
---|---|
802-11-iapp |
IEEE 802.11 Wireless Local Area Networks Working Group Internet Access Point Protocol |
ace-svr |
ACE Server/Propagation |
aol |
America-Online Instant Messenger |
appleqtc |
Apple QuickTime |
arp * |
IP Address Resolution Protocol (ARP) |
bgp |
Border Gateway Protocol |
biff |
Biff mail notification |
bootpc |
Bootstrap Protocol Client |
bootps |
Bootstrap Protocol Server |
bridge * |
bridging |
cddbp |
CD Database Protocol |
cdp * |
Cisco Discovery Protocol |
cifs |
CIFS |
cisco-fna |
Cisco FNATIVE |
cisco-net-mgmt |
cisco-net-mgmt |
cisco-svcs |
Cisco license/perf/GDP/X.25/ident svcs |
cisco-sys |
Cisco SYSMAINT |
cisco-tdp |
cisco-tdp |
cisco-tna |
Cisco TNATIVE |
citrix |
Citrix Systems Metaframe |
citriximaclient |
Citrix IMA Client |
clns * |
ISO Connectionless Network Service |
clns_es * |
ISO CLNS End System |
clns_is * |
ISO CLNS Intermediate System |
clp |
Cisco Line Protocol |
cmns * |
ISO Connection-Mode Network Service |
cmp |
Cluster Membership Protocol |
compressedtcp * |
Compressed TCP |
creativepartnr |
Creative Partner |
creativeserver |
Creative Server |
cuseeme |
CU-SeeMe desktop video conference |
daytime |
Daytime (RFC 867) |
dbase |
dBASE Unix |
dbcontrol_agent |
Oracle Database Control Agent |
ddns-v3 |
Dynamic DNS Version 3 |
dhcp |
Dynamic Host Configuration |
dhcp-failover |
DHCP Failover |
directconnect |
Direct Connect |
discard |
Discard port |
dns |
Domain Name Server lookup |
dnsix |
DNSIX Security Attribute Token Map |
echo |
Echo port |
edonkey |
eDonkey |
egp |
Exterior Gateway Protocol |
eigrp |
Enhanced Interior Gateway Routing Protocol |
entrust-svc-handler |
Entrust KM/Admin Service Handler |
entrust-svcs |
Entrust sps/aaas/aams |
exec |
Remote Process Execution |
exchange |
Microsoft RPC for Exchange |
fasttrack |
FastTrack Traffic (KaZaA, Morpheus, Grokster, and so on) |
fcip-port |
FCIP |
finger |
Finger |
ftp |
File Transfer Protocol |
ftps |
FTP over TLS/SSL |
gdoi |
Group Domain of Interpretation |
giop |
Oracle GIOP/SSL |
gnutella |
Gnutella Version 2 Traffic (BearShare, Shareeza, Morpheus, and so on) |
gopher |
Gopher |
gre |
Generic Routing Encapsulation |
gtpv0 |
GPRS Tunneling Protocol Version 0 |
gtpv1 |
GPRS Tunneling Protocol Version 1 |
h225ras |
H225 RAS over Unicast |
h323 |
H323 Protocol |
h323callsigalt |
H323 Call Signal Alternate |
hp-alarm-mgr |
HP Performance data alarm manager |
hp-collector |
HP Performance data collector |
hp-managed-node |
HP Performance data managed node |
hsrp |
Hot Standby Router Protocol |
http |
Hypertext Transfer Protocol |
https |
Secure Hypertext Transfer Protocol |
ica |
ica (Citrix) |
icabrowser |
icabrowser (Citrix) |
icmp |
Internet Control Message Protocol |
ident |
Authentication Service |
igmpv3lite |
IGMP over UDP for SSM |
imap |
Internet Message Access Protocol |
imap3 |
Interactive Mail Access Protocol 3 |
imaps |
IMAP over TLS/SSL |
ip * |
IP (version 4) |
ipass |
IPASS |
ipinip |
IP in IP (encapsulation) |
ipsec |
IP Security Protocol (ESP/AH) |
ipsec-msft |
Microsoft IPsec NAT-T |
ipv6 * |
IP (version 6) |
ipx |
IPX |
irc |
Internet Relay Chat |
irc-serv |
IRC-SERV |
ircs |
IRC over TLS/SSL |
ircu |
IRCU |
isakmp |
ISAKMP |
iscsi |
iSCSI |
iscsi-target |
iSCSI port |
kazaa2 |
Kazaa Version 2 |
kerberos |
Kerberos |
l2tp |
Layer 2 Tunnel Protocol |
ldap |
Lightweight Directory Access Protocol |
ldap-admin |
LDAP admin server port |
ldaps |
LDAP over TLS/SSL |
llc2 * |
llc2 |
login |
Remote login |
lotusmtap |
Lotus Mail Tracking Agent Protocol |
lotusnote |
Lotus Notes |
mgcp |
Media Gateway Control Protocol |
microsoft-ds |
Microsoft-DS |
msexch-routing |
Microsoft Exchange Routing |
msnmsgr |
MSN Instant Messenger |
msrpc |
Microsoft Remote Procedure Call |
msrpc-smb-netbios |
MSRPC over TCP port 445 |
ms-cluster-net |
MS Cluster Net |
ms-dotnetster |
Microsoft .NETster Port |
ms-sna |
Microsoft SNA Server/Base |
ms-sql |
Microsoft SQL |
ms-sql-m |
Microsoft SQL Monitor |
mysql |
MySQL |
n2h2server |
N2H2 Filter Service Port |
ncp |
NCP (Novell) |
net8-cman |
Oracle Net8 Cman/Admin |
netbios |
Network Basic Input/Output System |
netbios-dgm |
NETBIOS Datagram Service |
netbios-ns |
NETBIOS Name Service |
netbios-ssn |
NETBIOS Session Service |
netshow |
Microsoft Netshow |
netstat |
Variant of systat |
nfs |
Network File System |
nntp |
Network News Transfer Protocol |
novadigm |
Novadigm Enterprise Desktop Manager (EDM) |
ntp |
Network Time Protocol |
oem-agent |
OEM Agent (Oracle) |
oracle |
Oracle |
oracle-em-vp |
Oracle EM/VP |
oraclenames |
Oracle Names |
orasrv |
Oracle SQL*Net v1/v2 |
ospf |
Open Shortest Path First |
pad * |
Packet assembler/disassembler (PAD) links |
pcanywhere |
Symantec pcANYWHERE |
pcanywheredata |
pcANYWHEREdata |
pcanywherestat |
pcANYWHEREstat |
pop3 |
Post Office Protocol |
pop3s |
POP3 over TLS/SSL |
pppoe |
Point-to-Point Protocol over Ethernet |
pptp |
Point-to-Point Tunneling Protocol |
printer |
Print spooler/ldp |
pwdgen |
Password Generator Protocol |
qmtp |
Quick Mail Transfer Protocol |
radius |
RADIUS & Accounting |
rcmd |
Berkeley Software Distribution (BSD) r-commands (rsh, rlogin, rexec) |
rdb-dbs-disp |
Oracle RDB |
realmedia |
RealNetwork’s Realmedia Protocol |
realsecure |
ISS Real Secure Console Service Port |
rip |
Routing Information Protocol |
router |
Local Routing Process |
rsrb * |
Remote Source-Route Bridging |
rsvd |
RSVD |
rsvp |
Resource Reservation Protocol |
rsvp-encap |
RSVP ENCAPSULATION-1/2 |
rsvp_tunnel |
RSVP Tunnel |
rtc-pm-port |
Oracle RTC-PM port |
rtelnet |
Remote Telnet Service |
rtp |
Real-Time Protocol |
rtsp |
Real-Time Streaming Protocol |
r-winsock |
remote-winsock |
secure-ftp |
FTP over Transport Layer Security/Secure Sockets Layer (TLS/SSL) |
secure-http |
Secured HTTP |
secure-imap |
Internet Message Access Protocol over TLS/SSL |
secure-irc |
Internet Relay Chat over TLS/SSL |
secure-ldap |
Lightweight Directory Access Protocol over TLS/SSL |
secure-nntp |
Network News Transfer Protocol over TLS/SSL |
secure-pop3 |
Post Office Protocol over TLS/SSL |
secure-telnet |
Telnet over TLS/SSL |
send |
SEND |
shell |
Remote command |
sip |
Session Initiation Protocol |
sip-tls |
Session Initiation Protocol-Transport Layer Security |
skinny |
Skinny Client Control Protocol |
sms |
SMS RCINFO/XFER/CHAT |
smtp |
Simple Mail Transfer Protocol |
snapshot |
Snapshot routing support |
snmp |
Simple Network Protocol |
snmptrap |
SNMP Trap |
socks |
Sockets network proxy protocol (SOCKS) |
sqlnet |
Structured Query Language (SQL)*NET for Oracle |
sqlserv |
SQL Services |
sqlsrv |
SQL Service |
sqlserver |
Microsoft SQL Server |
ssh |
Secure shell |
sshell |
SSLshell |
ssp |
State Sync Protocol |
streamwork |
Xing Technology StreamWorks player |
stun |
cisco Serial Tunnel |
sunrpc |
Sun remote-procedure call (RPC) |
syslog |
System Logging Utility |
syslog-conn |
Reliable Syslog Service |
tacacs |
Login Host Protocol (TACACS) |
tacacs-ds |
TACACS-Database Service |
tarantella |
Tarantella |
tcp |
Transport Control Protocol |
telnet |
Telnet |
telnets |
Telnet over TLS/SSL |
tftp |
Trivial File Transfer Protocol |
time |
Time |
timed |
Time server |
tr-rsrb |
cisco RSRB |
tto |
Oracle TTC/SSL |
udp |
User Datagram Protocol |
uucp |
UUCPD/UUCP-RLOGIN |
vdolive |
VDOLive streaming video |
vofr * |
Voice over Frame Relay |
vqp |
VLAN Query Protocol |
webster |
Network Dictionary |
who |
Who’s service |
wins |
Microsoft WINS |
x11 |
X Window System |
xdmcp |
XDM Control Protocol |
xwindows * |
X-Windows remote access |
ymsgr |
Yahoo! Instant Messenger |
* This protocol is not supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine.
The following example specifies a class map named ftp and configures the FTP protocol as a match criterion:
Router(config)# class-map ftp Router(config-cmap) # match protocol ftp
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 for the IP protocol will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match protocol ip Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Command |
Description |
---|---|
class-map |
Creates a class map to be used for matching packets to a specified class. |
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
match access-group |
Configures the match criteria for a class map based on the specified ACL. |
match input-interface |
Configures a class map to use the specified input interface as a match criterion. |
match mpls experimental |
Configures a class map to use the specified value of the experimental field as a match criterion. |
match precedence |
Identifies IP precedence values as match criteria. |
match protocol (NBAR) |
Configures NBAR to match traffic by a protocol type known to NBAR. |
match qos-group |
Configures a class map to use the specified EXP field value as a match criterion. |
To identify a specific quality of service (QoS) group value as a match criterion, use the matchqos-groupcommand in class-map configuration or policy inline configuration mode. To remove a specific QoS group value from a class map, use the no form of this command.
match qos-group qos-group-value
no match qos-group qos-group-value
qos-group-value |
The exact value from 0 to 99 used to identify a QoS group value. |
No match criterion is specified.
Class-map configuration (config-cmap)
Policy inline configuration (config-if-spolicy-inline)
Release |
Modification |
---|---|
11.1CC |
This command was introduced. |
12.0(5)XE |
This command was integrated into Cisco IOS Release 12.0(5)XE. |
12.2(13)T |
This command was integrated into Cisco IOS Release 12.2(13)T. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(31)SB |
This command was integrated into Cisco IOS Release 12.2(31)SB and implemented on the Cisco 10000 series routers. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Cisco IOS XE Release 2.1 |
This command was integrated into Cisco IOS XE Release 2.1 and implemented on Cisco ASR 1000 Series Routers. |
15.1(3)T |
This command was integrated into Cisco IOS Release 15.1(3)T for Cisco Performance Monitor. Support was added for policy inline configuration mode. |
12.2(58)SE |
This command was integrated into Cisco IOS Release 12.2(58)SE for Cisco Performance Monitor. |
This command can be used with both Flexible NetFlow and Performance Monitor. These products use different commands to enter the configuration mode in which you issue this command.
The matchqos-group command is used by the class map to identify a specific QoS group value marking on a packet. This command can also be used to convey the received Multiprotocol Label Switching (MPLS) experimental (EXP) field value to the output interface.
The qos-group-value argument is used as a marking only. The QoS group values have no mathematical significance. For instance, the qos-group-value of 2 is not greater than 1. The value simply indicates that a packet marked with the qos-group-value of 2 is different than a packet marked with the qos-group-value of 1. The treatment of these packets is defined by the user through the setting of QoS policies in QoS policy-map class configuration mode.
The QoS group value is local to the router, meaning that the QoS group value that is marked on a packet does not leave the router when the packet leaves the router. If you need a marking that resides in the packet, use IP precedence setting, IP differentiated services code point (DSCP) setting, or another method of packet marking.
This command can be used with the random-detectdiscard-class-basedcommand.
Cisco Performance Monitor in Cisco IOS Release 15.1(3)T and 12.2(58)SE
You must first enter the service-policytypeperformance-monitorinlinecommand.
The following example shows how to configure the service policy named priority50 and attach service policy priority50 to an interface. In this example, the class map named qosgroup5 will evaluate all packets entering Fast Ethernet interface 1/0/0 for a QoS group value of 5. If the incoming packet has been marked with the QoS group value of 5, the packet will be treated with a priority level of 50.
Router(config)# class-map qosgroup5 Router(config-cmap) # match qos-group 5 Router(config)# exit Router(config)# policy-map priority50 Router(config-pmap)# class qosgroup5 Router(config-pmap-c)# priority 50 Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# interface fastethernet1/0/0 Router(config-if)# service-policy output priority50
The following example shows how to use the policy inline configuration mode to configure a service policy for Performance Monitor. The policy specifies that packets traversing Ethernet interface 0/0 that match the criteria of a QoS value of 4 will be monitored based on the parameters specified in the flow monitor configuration namedfm-2:
Router(config)# interface ethernet 0/0 Router(config-if)# service-policy type performance-monitor inline input Router(config-if-spolicy-inline)# match qosgroup 4 Router(config-if-spolicy-inline)# flow monitor fm-2 Router(config-if-spolicy-inline)# exit
Command |
Description |
---|---|
class-map |
Creates a class map to be used for matching packets to a specified class. |
service-policy type performance-monitor |
Associates a Performance Monitor policy with an interface. |
policy-map |
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy. |
random-detect discard-class-based |
Bases WRED on the discard class value of a packet. |
service-policy |
Attaches a policy map to an input interface or VC, or an output interface or VC, to be used as the service policy for that interface or VC. |
set precedence |
Specifies an IP precedence value for packets within a traffic class. |
set qos-group |
Sets a group ID that can be used later to classify packets. |
To enable the quality of service (QoS) functionality globally, use the mlsqoscommand in global configuration mode. To disable the QoS functionality globally, use the no form of this command.
mls qos
no mls qos
This command has no arguments or keywords.
QoS is globally disabled.
Global configuration
Release |
Modification |
---|---|
12.2(14)SX |
Support for this command was introduced on the Supervisor Engine 720. |
12.2(17d)SXB |
This command was implemented on the Supervisor Engine 2 and integrated into Cisco IOS Release 12.2(17d)SXB. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
If you enable QoS globally, QoS is enabled on all interfaces with the exception of the interfaces where you disabled QoS. If you disable QoS globally, all traffic is passed in QoS pass-through mode.
In port-queueing mode, Policy Feature Card (PFC) QoS (marking and policing) is disabled, and packet type of service (ToS) and class of service (CoS) are not changed by the PFC. All queueing on rcv and xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or Inter-Switch Link (ISL)-encapsulated port links, queueing is based on the packet 802.1Q or ISL CoS.
For the router main interfaces or access ports, queueing is based on the configured per-port CoS (the default CoS is 0).
This command enables or disables ternary content addressable memory (TCAM) QoS on all interfaces that are set in the OFF state.
This example shows how to enable QoS globally:
Router(config)# mls qos Router(config)#
This example shows how to disable QoS globally on the Cisco 7600 series routers:
Router(config)# no mls qos Router(config)#
Command |
Description |
---|---|
mls qos (interface configuration mode) |
Enables the QoS functionality on an interface. |
show mls qos |
Displays MLS QoS information. |
To enable the quality of service (QoS) functionality on an interface, use the mlsqoscommand in interface configuration command mode. To disable QoS functionality on an interface, use the no form of this command.
mls qos
no mls qos
This command has no arguments or keywords.
Enabled
Interface configuration
Release |
Modification |
---|---|
12.2(14)SX |
Support for this command was introduced on the Supervisor Engine 720. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
This command is deprecated on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on these OSMs.
If you disable QoS globally, it is also disabled on all interfaces.
This command enables or disables TCAM QoS (classification, marking, and policing) for the interface.
This example shows how to enable QoS on an interface:
Router(config-if)# mls qos
Command |
Description |
---|---|
mls qos (global configuration mode) |
Enables the QoS functionality globally. |
show mls qos |
Displays MLS QoS information. |