Cisco Cisco routing switching is the most difficult of all devices. Many netizens don't know how to configure QOS speed limit under Cisco switch. In fact, the steps are not difficult. Let me introduce you to the gymnastics method for your reference!

Cisco qos speed limit

Example1:QOS speed limit problem on Cisco switch

It is used to control the bandwidth of private line users on the switch. Switches usually have three rates:10/100/1000. For other rates, QOS is required to limit the speed, and some ports can also be restricted, and some ports can be restricted by policies.

First, the network description

User 1_PC 1 connects to cisco3560f0/1at the rate of 1M;

IP _ add 192. 168. 1. 1/24

User2_PC2 connects to Cisco 3560f0/2 at a speed of 2M;

IP _ add 192. 168.2 . 1/24

G0/ 1 of Cisco3560 is an exit or cascade port.

Second, the detailed configuration process

Note: Each interface only supports one policy in each direction; A policy can be used for multiple interfaces. Therefore, all PC download rate limits should be defined in the same policy (in this case, policy-map user-down), and the differences between different PC rates are defined in Class-map.

1. Start QOS on the switch.

Switch (configuration) #mls qos // Start qos on the switch.

2. Define PC1(192.168.1.1) and PC2 (192.168.2./kloc-) respectively.

Switch (config) # access-list1permit192.168.1.00.255//controls the upstream traffic of pc 1.

Switch (config) # access-list101permit any192.168.1.00.255//controls the downstream traffic of pc 1.

Switch (config) # access-list2permit192.168.1.200.0.255//controls the upstream traffic of pc2.

Switch (config) # access-list102 Permit Any192.168.2.10.0.255//controls the downstream traffic of pc2.

3. Define classes and bind them to the access control list defined above.

Switch (config) # class-mapuser 1-up//defines the class of PC 1 and binds the access list1.

Switch (Configuration -cmap)# Matching Access Group 1

Switch (Configuration -cmap)# Exit

Switch (Configuration) # Category Mapping User 2- above

Switch (config-cmap) # matchaccess-group2//defines the category of PC2 uplink and binds the access list 2.

Switch (Configuration -cmap)# Exit

Switch (Configuration) # Category Mapping User 1- Down

Switch (config-cmap) # matchaccess-group 10 1/defines the classes under PC 1 and binds the access list101.

Switch (Configuration -cmap)# Exit

Switch (Configuration) # Category Mapping User 2- Off

Switch (config-cmap) # matchaccess-group 102//Define the classes downstream of PC2 and bind the access list102.

Switch (Configuration -cmap)# Exit

4. Define a policy and bind the class defined above to the policy.

Switch (config) # policy-mapuser1-up//defines the uplink rate of PC 1 as 1M, and discards the excess.

Switch (configuration -pmap)# class user 1-up

Switch (Configuration -pmap-c)# Trust dscp

Switch (configuration-pmap-c) # police10000001000000 super action drop

Switch (config) # policy-mapuser2-up//defines the uplink rate of PC2 as 2M, which is greater than discarding.

Switch (Configuration -pmap)# User Level 2 or above

Switch (Configuration -pmap-c)# Trust dscp

Switch (configuration -pmap-c)# Policeman 2000000 2000000 Super-action Fall

Switch (Configuration) # Policy-Map User-Off

Switch (Configuration -pmap)# class User 1- Down

Switch (Configuration -pmap-c)# Trust dscp

Switch (configuration-pmap-c) # police10000001000000 super action drop

Switch (Configuration -pmap-c)# Exit

Switch (Configuration -pmap)# Class User 2- Off

Switch (Configuration -pmap-c)# Trust dscp

Switch (configuration -pmap-c)# Policeman 2000000 2000000 Super-action Fall

Switch (Configuration -pmap-c)# Exit

5. Use policies on the interface.

Switch (Configuration) # Interface f0/ 1

Switch (Configuration -if)# Service Policy Input User 1-up

Switch (Configuration) # Interface f0/2

Switch (Configuration -if)# Service Policy Input User 2-up

Switch (configuration) # interface g0/ 1

Switch (Configuration -if)# Service-Policy Input User-Off

Example 2: Example of QOS Configuration for Restricting BT Download

First find out the open connection port of BT program, and the default is 688 1 to 6889.

2. Statistic the IP that frequently pulls BT in the local area network, and establish the extended access list as follows:

Expand the IP access list Bt download permit TCP anyhost192.168.120 range68816889 permit TCP anyhost192.1 68.1.135 Range6816889 Permit tcp Anyhost168.1.159 Range 688 1 6889 Allow any host of TCP/kloc. 68. 1 Range 688 1 6889 Allow tcp to any host 192.65438.

Third, the establishment of class-map class_bt

Cisco(config)# class-map class _ Bt Cisco(config-cmap)# match access-group name Bt download

Fourthly, a policy mapping qos_bt is established to limit the rate.

Cisco (config) # policy-mapqos _ btcisco (config-pmap) # class _ btcisco (config-pmap-c) # police500000008000 overrun operation is discarded.

5.QOS configuration has been completed, but before applying QOS to ports, it is necessary to understand the concept that QOS mechanism cannot be stored on the same port as flow control function. About flow control? Enable traffic control on the directly connected Ethernet port, which allows the congested node at the other end to suspend link operation during congestion to control the traffic rate. If a port is congested and cannot receive any more traffic, it will inform the opposite port to stop sending until the congestion disappears. When a local device detects any congestion in its local area, it can send a pause frame to inform link partners or remote devices that congestion has occurred. After receiving the pause frame, the remote device immediately stops sending any data packets, thus preventing any data packets from being discarded during congestion. There are two design methods for flow control, symmetrical and asymmetrical. Symmetric design is suitable for point-to-point links, and asymmetric design is suitable for radial node connections. The central router in the radiation node can interrupt the terminal system, but not vice versa. Use the command to set the transmission or reception pause frame of the interface to ON, OFF or required. (Interface) Flow Control {Receive | Send} {On | Off | Required} The default fast Ethernet ports are Receive and Send. On the Catalyst3550 switch, the GBT port can receive and send pause frames. Fast Ethernet ports can only receive paused frames. Therefore, for fast Ethernet ports, only send off can be used to describe their status.

6. Apply QOS to the corresponding port.

Cisco(config-if)# service policy input qos_bt

QoS other content

Four steps of QoS configuration:

1, set ACL to match application traffic;

2. Set the class mapping to match the corresponding ACL or the corresponding port, etc. , but generally match ACL.

3. Set the policy map to match the category map, and then carry out general operations;

4. Bind the policy map to the corresponding interface.

Of course, it should be noted that qos is globally enabled and disabled by default. Use the global command mls qos to enable it, and you can check whether it is enabled by displaying mlsqos. (mls: Multilayer Exchange Information)

Detailed description of QoS command

Basic introduction

The tag is to modify the IP priority or DSCP, but because both IP priority and DSCP occupy the TOS field, the latter is equivalent to the extension of the former, so they cannot be the same.

When setting these two values, if you set these two values at the same time, only the value of IP DSCP will take effect.

Tagging is the basis of many subsequent QOS policy applications, and policy maps are used.

deploy

1. Define the class mapping.

A class map is a matching table, similar to an ACL. All policy mappings are essentially operated on category mappings.

Nimoka (config) # class-map [match-all | match-any] {map-name}-In the parameter, match-all means that all conditions are met, and match-any means that at least one condition is met.

2.2. Matching of Class Diagram

Nimoka (Configuration -cmap)#

Match access-group {ACL}-Match IP ACL (mainly corresponding to packet).

Matching protocol {protocol}-Matching protocol (this is in NBAR? Used in network-based applications)

Match Input Interface {interface}-Matches the inbound interface.

Matchqos-group {groupid}-matching group id (I don't know what it is).

Match Target Address {MAC MAC Address}-Matches the target MAC address.

Match source address {MAC MAC-address}-matches the source MAC address.

Match IP {dscp dscp}-matches the IP DSCP value.

Match IP {Priority Priority}-Match IP priority.

Match Category Map {map-name}-Match Category Map (nested category map).

Match VLAN {VLAN ID }- match VLAN.

3. Set policy mapping

Nimoka (Configuration) # Policy Map {Policy Name}

Nimoka (configuration -pmap)#class {class-map}

4. Configure the priority and DSCP value.

Nimoka (Configuration -pmap-c)#

Some tag operation options:

Set IP {precedence precedence}-sets the IP priority.

Set IP {dscp dscp }- sets the IP DSCP value.

Set QoS-group {groupID}-sets the group ID.

Set CoS {CoS }- sets the CoS value.

Priority {kbps | percent percent} [BC]-Defines the reserved bandwidth (Kb or%) for priority traffic and burst traffic.

Bandwidth {kbps | percent percent}-Defines the reserved bandwidth (Kb or%).

Police {cirbc be} conform-action {action} exceed-action {action} [violence-action {action}]-use token bucket algorithm to speed limit.

Random detection enabled WRED

Queue-limit {packets} defines the maximum number of packets in the queue.

Service-policy {policy-map} uses other nested strategies as matching criteria for matching statements.

Shape {average | peak} {cir [BC] [Be]} defines cir, BC and be used for shaping.

5. Attach the configuration to the interface.

Nimoka (config-if) Service-Policy [Input | Output] Policy-Name

Check the configuration

Nimokaka # displays the policy map [policy name]

To view policy mapping information for an interface:

Nimokaka # Display Strategy-Map Interface [Interface]

situation

Set the IP priority of outbound telnet traffic from 1 92.168.10.0/24 to 5, and set the IP priority of other outbound traffic to1:

The access list 100 allows TCP192.168.10.00.0.255 any eq telnet.

Category Map Matching-All telnet

Matching access group 100

Policy map Nimoka

Remote login class

Set ip priority 5

Category Category-Default

Set ip priority 1

Interface serial number 1

Clock frequency 100

have nothing to do with

Ip address1.1.1.1255.252.

Service policy output nimokaka

Postscript (same as postscript); Police officer (police sergeant)

Class maps are nested: There are two reasons: calling an existing class map when creating a class map.

1, easy to manage, add a modification on the existing basis to realize a smooth transition.

2. Allow users to use match-all and match-any respectively in the same category mapping.

For example, four matching conditions: a, b, c and d. Now, if you want the class map to match A, B or both C and D, you can use nesting of class maps:

Create a new category mapping, defined as match-all, matching E, that is, matching C and D at the same time; Then define another that matches any

(match-any) class map, match a, or b, or e (that is, match c and d at the same time).

Configuration method of switch QoS (cisco3550/3560, cisco3750)

(1) Configure traffic classification and policies.

1.global # class-map [match-all (default: perfect match) /match-any]- (establish traffic classification policy)

2.Map # Match Access-Group- (use ACL to classify traffic, which can be configured repeatedly)

3.Map#match input interface < interface > ————— (interface-based traffic classification)

4. Map # Match vlan < # >—————— (VLAN-based traffic classification)

5.Map # matching protocol? ——————— (Protocol-based traffic classification)

(B) determine the strategy

1.global # policy-map ——————— (Create policy file)

2.PM # class-(formulate policies for defined classified traffic)

3.pm-c # bandwidth & ltvalue/percentage >—————————— (used to set the weight * bandwidth ratio of the interface).

4.pm-c # sets ip priority & lt0-7 & gt；; -(Set tag value)

5.pm-c# sets cos?

6.pm-c # Set dscp?

(3) Loading strategy

1. Interface # Service-Policy-(Load Policy on Interface)

(4) Global # mlsqos-(Turn on qos function)

(5) Interface # mlsqost-(trust state and trust boundary are set on the interface, and once the corresponding tag value is received on the interface, it will be processed according to the policy).

Eight. Display command

# Show Category Mapping

Configuration method of switch port speed limit (cisco3550/3560, cisco3750)

Mls service quality

!

Class mapping match-all IP classes-all grab all traffic.

Matching ip dscp 0

!

!

Policy chart interest rate -256K

Category IPclass

Police 256000 20000 ultra-action drop

Policy chart interest rate -5 12K

Category IPclass

Police 5 12000 20000 Super Action Drop

Policy-Map Rate -2M

Category IPclass

Police 2096000 200000 ultra-action drop

Policy chart interest rate -6M

Category IPclass

Police 6296000 600000 Super Action Drop

Policy chart interest rate -4M

Category IPclass

Police 4.2 million 30 Wan Chao action drops.

Policy-Map Rate -800 meters

Category IPclass

Police 8000000000000 800000 Super-Action Drop-Definition Strategy-Map, the delay increases at 800M, and it starts to be discarded (lost) after reaching 800.8M m.

Interface FastEthernet0/22

Service Policy Input Rate -256k-Applies the policy to the switch port.

Service policy output rate -256K

(2)# Display Strategy-Map

(3) # showpolicy-map interface-(display interface loading strategy)

I shared the solution of Cisco ap settings. I hope you like it.