39-9
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 39 Configuring QoS Understanding QoS
To enable the policy map, you attach it to a port by using the service-policy interface configuration
command.
You can apply a nonhierarchical policy map to a physical port or an SVI. However, a hierarchical policy
map can only be applied to an SVI. A hierarchical policy map contains two levels. The first level, the
VLAN level, specifies the actions to be taken against a traffic flow on the SVI. The second level, the
interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the
SVI. The interface-level actions are specified in the interface-level policy map.
For more information, see the “Policing and Marking” section on page 39-9. For configuration
information, see the “Configuring a QoS Policy” section on page 39-46.
Policing and Marking
After a packet is classified and has a DSCP-based or CoS-based QoS label assigned to it, the policing
and marking process can begin as shown in Figure 39-4.
Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed
the limits are out of profile or nonconforming. Each policer decides on a packet-by-packet basis whether
the packet is in or out of profile and specifies the actions on the packet. These actions, carried out by the
marker, include passing through the packet without modification, dropping the packet, or modifying
(marking down) the assigned DSCP of the packet and allowing the packet to pass through. The
configurable policed-DSCP map provides the packet with a new DSCP-based QoS label. For information
on the policed-DSCP map, see the “Mapping Tables” section on page 39-13. Marked-down packets use
the same queues as the original QoS label to prevent packets in a flow from getting out of order.
Note All traffic, regardless of whether it is bridged or routed, is subjected to a policer, if one is configured.
As a result, bridged packets might be dropped or might have their DSCP or CoS fields modified when
they are policed and marked.
You can configure policing on a physical port or an SVI. For more information about configuring
policing on physical ports, see the “Policing on Physical Ports” section on page 39-10. When
configuring policy maps on an SVI, you can create a hierarchical policy map and can define an individual
policer only in the secondary interface-level policy map. For more information, see the “Policing on
SVIs” section on page 39-11.
After you configure the policy map and policing actions, attach the policy to an ingress port or SVI by
using the service-policy interface configuration command. For configuration information, see the
“Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps” section on
page 39-56, the “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy
Maps” section on page 39-60, and the “Classifying, Policing, and Marking Traffic by Using Aggregate
Policers” section on page 39-67.