Configuring Input Policy Maps With Individual Policing - Cisco ME 3400 Software Configuration Manual

Chapter 33 Configuring QoS
•
•
•
•
•
•
These sections describe how to configure different types of input policy maps:
•
•
•
•

Configuring Input Policy Maps with Individual Policing

You use the police policy-map class configuration command to configure individual policers to define
the committed rate limitations, committed burst size limitations of the traffic, and the action to take for
a class of traffic.
Follow these guidelines when configuring individual policers:
•
•
•
OL-9639-07
The number of input policy maps that can be attached in a switch is limited by the availability of
hardware resources. If you attempt to attach an input policy map that causes any hardware resource
limitation to be exceeded, the configuration fails.
After you have attached a single-level policy map to an interface by using the service-policy input
interface configuration command, you can modify the policy without detaching it from the interface.
You can add or delete classification criteria, add or delete classes, add or delete actions, or change
the parameters of the configured actions (policers, rates, mapping, marking, and so on). This also
applies to changing criteria for the child policy of a hierarchical policy map, as in a per-port
per-VLAN hierarchical policy map.
For the parent policy of a hierarchical policy map, you cannot add or delete a class at the parent level
if the policy map is attached to an interface. You must detach the policy from the interface, modify
the policy, and then re-attach it to the interface.
You can configure a maximum 2-level hierarchical policy map as an input policy map only with
VLAN-based classification at the parent level and no VLAN-based classification at the child level.
When an input policy map with only Layer 2 classification is attached to a routed port or a switch
port containing a routed SVI, the service policy acts only on switching eligible traffic and not on
routing eligible traffic.
On an 802.1Q tunnel port, you can use only an input policy map with Layer 2 classification based
on MAC ACLs to classify traffic. Input policy maps with Layer 3 classification or with Layer 2
classification based on CoS or VLAN ID are not supported on tunnel ports.
Input policy maps support policing and marking, not scheduling or queuing. You cannot configure
bandwidth, priority, queue-limit, or shape average in input policy maps.
Configuring Input Policy Maps with Individual Policing, page 33-39
Configuring Input Policy Maps with Aggregate Policing, page 33-44
Configuring Input Policy Maps with Marking, page 33-46
Configuring Per-Port Per-VLAN QoS with Hierarchical Input Policy Maps, page 33-48
Policing is supported only on input policy maps.
The switch supports a maximum of 229 policers. (228 user-configurable policers and 1 policer
reserved for internal use).
When CPU protection is enabled (the default), you can configure 45 ingress policers per port. If you
disable CPU protection by entering the no policer cpu uni all global configuration command and
reloading the switch, you can configure a maximum of 63 policers per port (62 on every 4th port)
for user-defined classes and one for class-default. You can enter the show policer cpu uni-eni {drop
| rate} privileged EXEC command to see if CPU protection is enabled.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring QoS
33-39