Applying a service policy to an interface
To apply feature-specific service policies to inbound port or VLAN interfaces, use the
interface service-policy in
or
vlan service-policy in
command.
A service policy is supported only on inbound traffic.
Only one feature-specific policy (for example, QoS or mirroring) is supported on a port or VLAN interface.
PBR is only supported within a
vlan [vlan-id] service-policy [policy-name] in
command or within a VLAN context. PBR is not applicable a port‐specific interface.If you apply a policy to a port or VLAN interface on which a policy of the same type (for example, QoS) is already configured, an error message is displayed. The new policy does not overwrite the existing one.
Before you can apply a new policy, you must first remove the existing policy with the
no interface service-policy in
orno vlan service-policy in
command.
Because only one policy of each type is supported on a port or VLAN interface, ensure that the policy you want to apply contains all the required classes and actions for your configuration.
If ICMP rate limiting is already configured on a port, a service policy cannot be applied to the port until you disable the ICMP rate limiting configuration.
To apply a service policy to the port, maintain ICMP rate limiting by configuring a QoS policy in which you add the necessary
match
statements for ICMP packets to a class configuration and configure a
rate-limit
action for the class in the policy configuration.
For information on globally configured ICMP, see the ArubaOS-Switch Management Configuration Guide for your switch.
To apply a service policy on a port or VLAN interface, enter one of the following commands from the global configuration context.
Context: Global configuration
Syntax:
interface port-list service-policy policy-name in | out
Configures the specified ports with a policy that is applied to inbound traffic on each interface. Separate individual port numbers in a series with a comma; for example,
a1, b4, d3
. Enter a range of ports by using a dash; for example,
a1-a5
.
The policy name you enter must be the same as the policy name you configured with the
policy
command.
Context: Global configuration
Syntax:
vlan vlan-id service-policy policy-name in | out
Configures a policy on the specified VLAN that is applied to inbound traffic on the VLAN interface. Valid VLAN ID numbers range from
1
to
4094
.
The policy name you enter must be the same as the policy name you configured with the
policy
command.
Applying a QoS policy to a port range and a VLAN interface
switch(config)# interface a4 service-policy RateLimitPrioritizeSuspectTraffic in switch(config)# vlan 10 service-policy RateLimitPrioritizeSuspectTraffic in