In the classifier-based configuration model, the service policy you create for one or more traffic classes is always relative to a software feature, such as QoS, port and VLAN mirroring, or PBR. The software feature must support class and policy configuration. Each feature supports different actions for managing selected packets.
NOTE: Policy Based Routing (PBR) is available on the 5400 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning.
For example, QoS policies support QoS-specific actions, such as rate limiting, 802.1p-priority, IP-precedence, and DSCP-codepoint assignment. Port and VLAN mirroring policies support mirror-destination assignment for matching packets. PBR policies support specifying the IP next-hop and IP default next-hop, tunnel ID, or null for matching packets.
Procedure
-
To create a service policy that performs feature-specific actions on selected packets, enter the
policy
feature-name
command from the global configuration context.
Context: Global configuration
Syntax
no policy [qos | mirror | pbr] [policy-name]
Defines the name of a service policy and enters the policy configuration context, where
policy-name is a text string (64 characters maximum).
A traffic policy consists of one or more actions that are configured for each class of traffic. The configured actions are executed on packets that match a
match
statement in a class. No policy action is performed on packets that match an
ignore
statement. You can configure multiple classes in a policy.
-
To configure the actions that you want to execute on packets that match the
match
criteria in a specified class, enter one or more
class action
commands from the policy configuration context.
Context: Policy configuration
no [seq-number] class [ipv4 | ipv6 classname action action-name] [action action-name ...]
Defines the actions to be applied on a pre-configured IPv4 or IPv6 traffic class when a packet matches the
match
criteria in the class.
You can enter multiple class-action statements for the same class. The actions supported for a class command differ according to the feature-specific policy (for example, QoS or mirroring) configured with the
policy
command in Step 1.
seq-number
(Optional) Sequentially orders the class-action statements in a policy configuration. Actions are executed on matching packets in numerical order.
Default: Class-action statements are numbered in increments of 10, starting at 10.
class ipv4|ipv6
classname
Defines the preconfigured class on which the actions in a class-action statement are executed, and specifies whether the class consists of IPv4 or IPv6 traffic. The class name is a text string (64 characters maximum).
NOTE: You can configure multiple class-action statements to include different classes in a policy. The execution of actions is performed in the order in which the class-actions are numerically listed.
action action-name [action action-name ...]
The
action
keyword configures the action specified by the
action-name
parameter. The action is executed on any packet that matches the
match
criteria in the class. The action is not executed on packets that match
ignore
criteria. You can configure more than one action for a class. The complete
no
form of the
class action
command or the
no
seq-number
command removes an action from the policy configuration.
Be sure to enter a class and its associated actions in the precise order in which you want packets to be checked and handled by
class action
commands.
-
(Optional) To configure a default class, enter the
default-class
command and specify one or more actions to be executed on packets that are not matched and not ignored.
Context: Policy configuration
no default-class action action-name [action action-name ...]
Configures a default class to be used to execute one or more actions on packets that are not matched nor ignored in any of the class configurations in a policy. The
default-class action
command supports only the feature-specific commands supported in the
class action
command.
The default class manages packets that do not match the
match
or
ignore
criteria in all classes in a policy, and otherwise would have no actions performed on them.
The default class differs from other classes because it contains no match/ignore statements and uses implicit
match ipv4 any any
and
match ipv6 any any
statements to manage all unmatched packets. If you do not configure a default class, unmatched and ignored packets are transmitted without an action performed on them.
-
Enter the
exit
command to exit the policy configuration context.
To display a policy configuration, enter the
show policy
policy-name
feature-name
command where
feature-name is a software feature (such as
qos
,
mirror
, or
pbr
) that supports classifier-based configuration.
To edit a policy configuration, re-enter the policy context (policy
command) and modify class-action statements.
To resequence the order in which class-action statements are listed, enter the
resequence
command.
In the following QoS policy configuration, matching HTTP packets are rate limited to 10000 kbps. All unmatched packets are managed by the default class, which assigns a slightly higher 802.1p priority (4) and a new DSCP codepoint (5).
switch(config)# class ipv4 http
switch(config-class)# match tcp any any eq 80
switch(config-class)# match tcp any any eq 8080
switch(config-class)# exit
switch(config)# policy qos RateLimitPrioritizeSuspectTraffic
switch(policy-qos)# class ipv4 http action rate-limit kbps 10000
switch(policy-qos)# default-class action priority 4 action dscp 5
switch(policy-qos)# exit
A policy configuration requires a feature-specific
policy
command to identify the software feature used to manage one or more traffic classes:
To configure a QoS policy, use the
policy
qos
command as described in the "Quality of Service" chapter in the
Advanced Traffic Management Guide.
To configure a mirroring policy, use the
policy mirror
command as described in the
Management and Configuration Guide for your switch.