Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual page 729

Chapter 41 Configuring QoS
For example, you could create a microflow policing rule named "group_individual" with bandwidth
limits suitable for individuals in a group and you could create an aggregate policing rule named
"group_all" with bandwidth limits suitable for the group as a whole. You could include both policing
rules in ACEs that match the group's traffic. The combination would affect individuals separately and
the group cumulatively.
For ACEs that include both a microflow policing rule and an aggregate policing rule, QoS responds to
an out-of-profile status from either policing rule and, as specified by the policing rule, applies a new
DSCP value or drops the packet. If both policing rules return an out-of-profile status, then if either
policing rule specifies that the packet is to be dropped, it is dropped; otherwise, QoS applies a new DSCP
value.
Follow these guidelines when creating policing rules:
•
•
•
•
•
PFC2 Policing Decisions
With a PFC2, the policing decision consists of two levels:
•
•
Packets are dropped if the excess rate aggregate policer returns an out-of-profile decision and the drop
indication flag is set, or if the microflow policer returns an out-of-profile decision and the drop
indication flag is set.
If an excess police level is set, the excess DSCP mapping is used to replace the original DSCP value with
a marked-down value. If only a normal police level is set, the normal DSCP mapping is used. The excess
police level has precedence for selecting mapping rules when both police levels are set because the
excess police level represents the worst out-of-profile transgression.
Attaching ACLs
You can configure each port for either port-based QoS (default) or VLAN-based QoS (see the
Port-Based or VLAN-Based QoS" section on page
the "Attaching ACLs to Interfaces" section on page
of each type (IP, IPX, and Ethernet) to each port and VLAN.
78-13315-02
You can include a microflow policing rule in IP ACEs. You cannot include a microflow policing
rule in IPX or MAC ACEs. IPX and MAC ACEs support only aggregate policing rules.
By default, microflow policing rules do not affect bridged traffic. To enable microflow policing of
bridged traffic, enter the set qos bridged-microflow-policing command (for more information, see
the "Enabling or Disabling Microflow Policing of Bridged Traffic" section on page
With a Layer 3 Switching Engine II, to do any microflow policing, you must enable microflow
policing of bridged traffic.
With an MSFC, QoS does not apply microflow policing rules to Multilayer Switching (MLS)
candidate frames (MSFC2 does not use candidate and enabler frames).
To avoid inconsistent results, all ACEs that include the same aggregate policing rule must use the
same ACE keyword: trust-dscp, trust-ipprec, trust-cos, or dscp. If the ACE uses the dscp
keyword, all traffic that matches the ACE must come through ports configured with the same port
keyword: trust-dscp, trust-ipprec, trust-cos, or untrusted. If the ACL is attached to a VLAN, all
ports in the VLAN must be configured with the same port keyword.
Normal Police Level—Set if either the microflow policer or the aggregate normal rate policer
returns an out-of-profile decision.
Excess Police Level—Set if the aggregate excess rate policer returns an out-of-profile decision.
41-32) and attach ACLs to the selected interface (see
41-46). You can attach up to three named ACLs, one
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
Understanding How QoS Works
41-48).
"Enabling
41-23