Cisco Systems OL-8550-09 QoS ACL Guidelines, Applying QoS on Interfaces

35-38

Catalyst 3750 SwitchSoftware Configuration Guide

OL-8550-09

Chapter35 Configuring QoS

Configuring Standard QoS

QoS ACL Guidelines

•It is not possible to match IP fragments against configured IP extended ACLs to enforce QoS. IP

fragments are sent as best-effort. IP fragments are denoted by fields in the IP header.

•Only one ACL per class map and only one match class-map configuration command per class map

are supported. The ACL can have multiple ACEs, which match fields against the contents of the

packet.

•A trust statement in a policy map requires multiple TCAM entries per ACL line. If an input service

policy map contains a trust statement in an ACL, the access-list might be too large to fit into the

available QoS TCAM and an error can occur when you apply the policy map to a port. Whenever

possible, you should minimize the number of lines in a QoS ACL.

Applying QoS on Interfaces

These guidelines apply to configuring QoS on physical ports and SVIs (Layer 3 interfaces):

•You can configure QoS on physical ports and SVIs. When configuring QoS on physical ports, you

create and apply nonhierarchical policy maps. When configuring QoS on SVIs, you can create and

apply nonhierarchical and hierarchical policy maps.

•Incoming traffic is classified, policed, and marked down (if configured) regardless of whether the

traffic is bridged, routed, or sent to the CPU. It is possible for bridged frames to be dropped or to

have their DSCP and CoS values modified.

•Follow these guidelines when configuring policy maps on physical ports or SVIs:

–

You cannot apply the same policy map to a physical port and to an SVI.

–

If VLAN-based QoS is configured on a physical port, the switch removes all the port-based

policy maps on the port. The traffic on this physical port is now affected by the policy map

attached to the SVI to which the physical port belongs.

–

In a hierarchical policy map attached to an SVI, you can only configure an individual policer at

the interface level on a physical port to specify the bandwidth limits for the traffic on the port.

The ingress port must be configured as a trunk or as a static-access port. You cannot configure

policers at the VLAN level of the hierarchical policy map.

–

The switch does not support aggregate policers in hierarchical policy maps.

–

After the hierarchical policy map is attached to an SVI, the interface-level policy map cannot

be modified or removed from the hierarchical policy map. A new interface-level policy map also

cannot be added to the hierarchical policy map. If you want these changes to occur, the

hierarchical policy map must first be removed from the SVI. You also cannot add or remove a

class map specified in the hierarchical policy map.