35-9
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter35 Configuring QoS
Understanding QoS
You create and name a policy map by using the policy-map global configuration command. When you
enter this command, the switch enters the policy-map configuration mode. In this mode, you specify the
actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and
policy-map class configuration commands.
The policy map can contain the police and police aggregate policy-map class configuration commands,
which define the policer, the bandwidth limitations of the traffic, and the action to take if the limits are
exceeded.
To enable the policy map, you attach it to a port by using the service-policy interface configuration
command.
You can apply a nonhierarchical policy map to a physical port or an SVI. However, a hierarchical policy
map can only be applied to an SVI. A hierarchical policy map contains two levels. The first level, the
VLAN level, specifies the actions to be taken against a traffic flow on the SVI. The second level, the
interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the
SVI. The interface-level actions are specified in the interface-level policy map.
For more information, see the “Policing and Marking” section on page35-9. For configuration
information, see the “Configuring a QoS Policy” section on page35-47.
Policing and Marking
After a packet is classified and has a DSCP-based or CoS-based QoS label assigned to it, the policing
and marking process can begin as shown in Figure35-4.
Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed
the limits are out of profile or nonconforming. Each policer decides on a packet-by-packet basis whether
the packet is in or out of profile and specifies the actions on the packet. These actions, carried out by the
marker, include passing through the packet without modification, dropping the packet, or modifying
(marking down) the assigned DSCP of the packet and allowing the packet to pass through. The
configurable policed-DSCP map provides the packet with a new DSCP-based QoS label. For information
on the policed-DSCP map, see the “Mapping Tables” section on page35-13. Marked-down packets use
the same queues as the original QoS label to prevent packets in a flow from getting out of order.
Note All traffic, regardless of whether it is bridged or routed, is subjected to a policer, if one is configured.
As a result, bridged packets might be dropped or might have their DSCP or CoS fields modified when
they are policed and marked.
You can configure policing (either individual or aggregate policers) on a physical port or an SVI. On a
physical port, you can configure the trust state, set a new DSCP or IP precedence value in the packet, or
define an individual or aggregate policer. For more information about configuring policing on physical
ports, see the “Policing on Physical Ports” section on page35-10. When configuring policy maps on an
SVI, you can create a hierarchical policy map and can define an individual policer only in the secondary
interface-level policy map. For more information, see the “Policing on SVIs” section on page35-11.
After you configure the policy map and policing actions, attach the policy to an ingress port or SVI by
using the service-policy interface configuration command. For configuration information, see the
“Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps” section on
page 35-53, the “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy
Maps” section on page 35-57, and the “Classifying, Policing, and Marking Traffic by Using Aggregate
Policers” section on page 35-64.