CANOGA PERKINS 9175 Configuration Guide User Manual

Page 216

Advertising
background image

CanogaOS Configuration Guide

31-10

Note: There can be only one policy map per interface per direction.
Note: The no policy-map command deletes an existing policy-map. The no set priority
color command removes a specified priority color value. The no police command
removes an existing policer. The no trust command removes trust policy. The no
service-policy input|output command removes a policy map from interface.

The following example shows creating a policy map, and attaching it to an ingress
interface. In this example, the IP ACL allows traffic from network 10.1.0.0. If the matched
traffic exceeds a 48000-kbps average traffic rate, it is dropped.

DUT(config)# ip access-list ip-acl
DUT(config-ip-acl)# permit any 10.1.0.0 0.0.255.255 any
DUT(config-ip-acl)# exit
DUT(config)# class-map cmap1
DUT(config-cmap)# match access-group ip-acl
DUT(config-cmap)# exit
DUT(config)# policy-map pmap1
DUT(config-pmap)# class cmap1
DUT(config-pmap-c)# policer color-blind cir 48000 cbs 10000 ebs 20000
drop-color red
DUT(config-pmap-c)# exit
DUT(config-pmap)# exit
DUT(config)# interface eth-0-1
DUT(config-if)# service-policy input pmap1


Create Aggregate Policer
The following shows creating an aggregate policer to classify, police, and mark traffic.

• configure

terminal.

• qos aggregate-policer NAME color-blind|color-aware cir <1-1000000> cbs

<0-4000000> ebs <0-4000000>| pir <1-1000000> pbs <0-4000000> drop-color
red|yellow (use-l3-length) to specify policer parameters to apply to multiple traffic
classes in the same or different policy-map.

• class-map (match-any|match-all) NAME to create a class map.

• policy-map NAME to create a policy map.

• class NAME to define a traffic classification.

• policer-aggregate NAME to apply the previously named aggregate policer to

multiple classes in the same or different policy-map.

• exit.

• exit.

• interface IFNAME to specify the interface to match to the policy map.

• service-policy input|output NAME to apply a policy map to the input or output of

the specified interface.

Note: There can be only one policy map per interface per direction.
Note: The no policer-aggregate command deletes an aggregate policer from a policy
map. The no qos aggregate-policer command deletes an aggregate policer.

The following example shows creating an aggregate policer, and attaching it to multiple
classes within a policy map. In this example, the IP ACLs allow traffic from network
10.1.0.0 and host 11.3.1.1. The traffic rate from network 10.1.0.0 and host 11.3.1.1 is
policed. If the traffic exceeds a 48000-kbps average traffic rate and an 8000-byte normal
burst size, it is considered out of profile, and is dropped. The policy map is attached to an

Advertising
Popular Brands
Popular manuals