Cisco Systems 3560-X, 3750-X Policing and Marking

39-9

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 39 Configuring QoS Understanding QoS

To enable the policy map, you attach it to a port by using the service-policy interface configuration

command.

You can apply a nonhierarchical policy map to a physical port or an SVI. However, a hierarchical policy

map can only be applied to an SVI. A hierarchical policy map contains two levels. The first level, the

VLAN level, specifies the actions to be taken against a traffic flow on the SVI. The second level, the

interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the

SVI. The interface-level actions are specified in the interface-level policy map.

For more information, see the “Policing and Marking” section on page 39-9. For configuration

information, see the “Configuring a QoS Policy” section on page 39-46.

Policing and Marking

After a packet is classified and has a DSCP-based or CoS-based QoS label assigned to it, the policing

and marking process can begin as shown in Figure 39-4.

Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed

the limits are out of profile or nonconforming. Each policer decides on a packet-by-packet basis whether

the packet is in or out of profile and specifies the actions on the packet. These actions, carried out by the

marker, include passing through the packet without modification, dropping the packet, or modifying

(marking down) the assigned DSCP of the packet and allowing the packet to pass through. The

configurable policed-DSCP map provides the packet with a new DSCP-based QoS label. For information

on the policed-DSCP map, see the “Mapping Tables” section on page 39-13. Marked-down packets use

the same queues as the original QoS label to prevent packets in a flow from getting out of order.

Note All traffic, regardless of whether it is bridged or routed, is subjected to a policer, if one is configured.

As a result, bridged packets might be dropped or might have their DSCP or CoS fields modified when

they are policed and marked.

You can configure policing on a physical port or an SVI. For more information about configuring

policing on physical ports, see the “Policing on Physical Ports” section on page 39-10. When

configuring policy maps on an SVI, you can create a hierarchical policy map and can define an individual

policer only in the secondary interface-level policy map. For more information, see the “Policing on

SVIs” section on page 39-11.

After you configure the policy map and policing actions, attach the policy to an ingress port or SVI by

using the service-policy interface configuration command. For configuration information, see the

“Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps” section on

page 39-56, the “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy

Maps” section on page 39-60, and the “Classifying, Policing, and Marking Traffic by Using Aggregate

Policers” section on page 39-67.