Configuring QoS on VLANs

This chapter contains the following sections:

Information About VLAN QoS

On Cisco Nexus devices, you can configure quality of service (QoS) policies for classification and marking on VLANs. The policies that you apply to a VLAN are applied to the traffic on the VLAN's Layer 2 and switch virtual interface (SVI) ports.

Precedence of QoS Policies

The marking requirements in a QoS policy determine its precedence. Interface QoS policies take the highest precedence, the VLAN QoS policies are next, and the System QoS policies have the lowest precedence.

However, if a VLAN is assigned both a VLAN QoS policy and a VLAN ACL (VACL), the VACL takes the highest precedence.

Example of Interface, System, and VLAN Policy Precedence

This example shows a configuration where the traffic on interface 1/1 with CoS 5 goes to qos-group 3. Traffic on the other interfaces with VLAN 10 and CoS 5 go to qos-group 4. Traffic on interfaces other than VLAN 10 and CoS 5 go to qos-group 5.


class-map type qos match-all cm1
  match cos 5
policy-map type qos pm-ifc
  class cm1
    set qos-group 3
  class class-default
policy-map type qos pm-vlan
  class cm1
    set qos-group 4
  class class-default
policy-map type qos pm-sys
  class cm1
    set qos-group 5
  class class-default

system qos
  service-policy type qos input pm-sys
vlan configuration 10
  service-policy type qos input pm-vlan
interface Ethernet1/1
  service-policy type qos input pm-ifc

Example of Interface and System QoS Policy Precedence

This example shows a configuration where the traffic on interface 1/1 with CoS 5 goes to qos-group 3. Traffic on the other interfaces with CoS 5 go to qos-group 5.


class-map type qos match-all cm1
  match cos 5
policy-map type qos pm-ifc
  class cm1
    set qos-group 3
  class class-default
policy-map type qos pm-sys
  class cm1
    set qos-group 5
  class class-default

system qos
  service-policy type qos input pm-sys

interface Ethernet1/1
  service-policy type qos input pm-ifc

Example of System and VLAN Policy Precedence

This example shows a configuration where the traffic on VLAN 10 with CoS 5 goes to qos-group 4. Traffic on the other VLANs with CoS 5 go to qos-group 5.


class-map type qos match-all cm1
  match cos 5
policy-map type qos pm-vlan
  class cm1
    set qos-group 4
  class class-default
policy-map type qos pm-sys
  class cm1
    set qos-group 5
  class class-default

system qos
  service-policy type qos input pm-sys
vlan configuration 10
  service-policy type qos input pm-vlan

Example of VLAN QoS and VACL Policy Precedence

In this example, the packets with source IP address 10.10.10.1 are dropped. However, the other packets with VLAN 10 and CoS 5 go to qos-group 4.


ip access-list al1
  10 permit ip 10.10.10.1/24 any
vlan access-map v-am1
  match ip address al1
  action drop
vlan filter v-am1 vlan-list 10

class-map type qos match-all cm1
  match cos 5
policy-map type qos pm-vlan
  class cm1
    set qos-group 4
  class class-default

vlan configuration 10
  service-policy type qos input pm-vlan

Limiting TCAM Entries for VLAN QoS

The QoS TCAM region is shared by the interface QoS, system QoS, and VLAN QoS policies. You need to limit the number of TCAM entries for the interface QoS policies in order to define VLAN QoS policies. Use the hardware profile tcam feature interface-qos limit tcam-size to configure this limit.

Figure 1. QoS TCAM Region


Guidelines and Limitations for VLAN QoS

  • A VLAN must have at least one active member port for a service policy to be configured on. If a VLAN does not have at least one active member, and you configure a service policy on it, the configuration is accepted; however, the TCAM is not programmed.

  • If a VLAN is removed with the no vlan number command, the service policy that is configured on that VLAN is still present, but it is not active.

  • The TCAM must have enough free entries to configure the service policy on the VLAN.

  • A rollback might fail if the interface QoS limit is different in the running configuration than in the rollback configuration.

  • If a VLAN with a QoS policy is configured on an interface with no QoS policy, the show policy-map interface number command does not display the QoS policy configured on the VLAN.

  • Remove all interface QoS policies before changing the interface QoS limit.

  • Acllogs can only support logging levels of 3 or later.

  • We support only logging denials on the ACL, permits will not be logged.

  • Only one log message will be displayed until the flow stops and the rest is displayed later.

Configuring VLAN QoS

Configuring or Changing the Interface QoS TCAM Limit

To configure the interface_qos_limit to a specific number, the QoS region of the TCAMs in all of the ASICs cannot have any interfaces policies configured beyond the offset of that number. For example, to configure the interface_qos_limit to 1000, the QoS regions of the TCAMs in all of the ASICs cannot have any interface policies configured beyond offset 1000.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# hardware profile tcam feature interface-qos limit tcam-size

Configures the interface QoS TCAM limit. The tcam-size range is from 7 to 446 entries.

Step 3

switch(config)# show hardware profile tcam feature qos

Displays the limits of the QoS TCAMs.

Step 4

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to set the interface QoS TCAM limit to 20 entries:


switch(config)# configure terminal
switch(config)# hardware profile tcam feature interface-qos limit 20
switch(config)# show hardware profile tcam feature qos 
Feature                  Limit (number of tcam entries)
------------------------------------------------------
interface-qos              20
vlan-qos + global-qos     428

switch(config)# copy running-config startup-config

Removing the Interface QoS Limit from the TCAM

Before you begin

  • Remove all VLAN QoS policies.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# show hardware profile tcam feature qos

Displays the limits of the QoS TCAMs.

Step 3

switch(config)# no hardware profile tcam feature interface-qos limit tcam-size

Configures the interface QoS TCAM limit. The tcam-size range is from 7 to 446 entries.

Step 4

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to remove the interface QoS TCAM limit:


switch(config)# configure terminal
switch(config)# show hardware profile tcam feature qos 
Feature                  Limit (number of tcam entries)
------------------------------------------------------
interface-qos              20
vlan-qos + global-qos     428

switch(config)# no hardware profile tcam feature interface-qos limit 20
switch(config)# copy running-config startup-config

Configuring a Service Policy on a VLAN

Before you begin

  • You must configure the interface QoS limit.

  • You must configure a policy map.

  • The TCAM must have enough free entries to configure the service policy on the VLAN.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# vlan configuration vlan-number

Creates a VLAN and enters VLAN configuration mode. The vlan-number range is from 1 to 4094.

Step 3

switch(config-vlan)# service-policy type qos input policy-name

Assigns a policy map to the VLAN. The policy-name is the name assigned to the policy map. The name can be a maximum of 40 alphanumeric characters.

Step 4

(Optional) switch(config-vlan)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to create a service policy and assign it to VLAN 10:


switch# configure terminal
switch(config)# class-map type qos cm1
switch(config-cmap-qos)# match cos 5
switch(config-cmap-qos)# policy-map type qos pm-vlan
switch(config-pmap-qos)# class cm1
switch(config-pmap-c-qos)# set qos-group 4
switch(config-pmap-c-qos)# exit
switch(config-pmap-qos)# exit
switch(config)# vlan configuration 10
switch(config-vlan-config)# service-policy type qos input pm-vlan
switch(config-vlan-config)#

Removing a Service Policy from a VLAN

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# vlan configuration vlan-number

Enters VLAN configuration mode for the specified VLAN. The vlan-number range is from 1 to 4094.

Step 3

switch(config-vlan-config)#no service-policy type qos input policy-name

Removes the policy from the VLAN. The policy-name is the name assigned to the policy map. The name can be a maximum of 40 alphanumeric characters.

Step 4

(Optional) switch(config-vlan-config)# copy running-config startup-config

(Optional)

Saves the changes persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to remove the pm-vlan policy map from VLAN 10:


swtich# configure terminal
switch(config)# vlan configuration 10
switch(config-vlan-config)# no service-policy type qos input pm-vlan
switch(config-vlan-config)# copy running-config startup-config

Verifying the VLAN QoS Configuration

Use one of the following commands to verify the configuration:

Command

Purpose

show policy-map vlan vlan-number

Displays the QoS policies configured on the specified VLAN.

show policy-map [name]

Displays the policy maps defined on the switch. Optionally, you can display the named policy only.

running-config ipqos

Displays information about the running configuration for QoS.

startup-config ipqos

Displays information about the startup configuration for QoS.

Feature History for VLAN QoS

Table 1. Feature History for VLAN QoS

Feature Name

Release

Feature Information

VLAN QoS

5.1(3)N2(1)

This feature was introduced.