Scenarios

Scenario 1

The commit-rate is greater or equal to peak rate, an error is displayed when the commit-rate exceeds the peak-rate value.

switch(policy-qos)# 10 class ipv4 class1 action meter commit-rate kbps 1000 dscp-remark cs7 peak-rate kbps 1000 drop
The commit rate must be less than the peak rate.

Scenario 2

If you apply a policy action meter on a MAC class, an error "Only IPv4 and IPv6 classes are supported" appears.

Scenario 3

If the commit-rate and peak-rate are not in the range <1 to 10000000>, an error that the rates are not within the configured values appears.

Scenario 4

If you apply a policy with action meter on an interface with 'out' direction, an error "QoS policy with action meter cannot be applied for a port with outbound direction" appears.

switch(config)# interface 1 service-policy qos-policy-1
in                    Apply the policy to inbound packets on the port.
out                   Apply the policy to outbound packets on the port.
switch(config)# interface 1 service-policy qos-policy-1
out
The QoS policy with the action 'meter' cannot be applied to a port in the
outbound direction.

Scenario 5

Meter classifier action is supported only on Ethernet ports. An error "QoS policy with classifier action meter is applicable only on Ethernet ports" appears.
switch(vlan-1)# service-policy test in
QoS policy with classifier action meter is applicable only on Ethernet ports.

Scenario 6

When you configure a class with action meter for a policy applied on trunk or VLAN, an error "Class with meter action cannot be configured for the policy applied on trunk or VLAN" appears.

Scenario 7

Remarking of 802.1q priority (CoS) field with the corresponding DSCP value is not supported. If attempted, the CoS field of the packet will be set to zero and only the DSCP field of the packet is remarked. The following behavior is noted due to this restriction:
Meter has a higher precedence over ACLs

Occurs if you apply CoS through QoS ACL on the same port as two rate meter. The CoS value of the packet is set to zero as CIR/PIR DSCP are applied through a meter.

Packets that are remarked by meter are always egressed out of the default-priority queue

Occurs if the egress queue is selected based on the CoS value and ASIC limitation.

In the preceding illustration, the packets that are remarked by the meter are always egressed out of the default-priority queue, Q3. The egress queue is selected based on CoS value and the ASIC limitation. The CoS packet is marked as zero and the queue corresponding to CoS value of zero is selected.
Metered outcome is undetermined if multiple meters are applied on the same port

Occurs when you meter the traffic on a port using a QoS policy, and apply a new meter on the same port for that class of traffic using a user-policy. Due to ASIC limitation, the outcome of the metered rate is not determined.

The following example shows difference in rate limit when a QoS policy and user policy is applied on the same port:

‘policy-qos’ is a QoS policy
‘policy-user’ is an user policy
‘c1’ is a class which matches all IP traffic

switch(config)# show policy policy-qos

Statements for policy "policy-qos"
policy qos "policy-qos"
     10 class ipv4 "c1" action rate-limit kbps 2000
   exit

switch(config)# show policy policy-user

Statements for policy "policy-user"
policy user "policy-user"
     10 class ipv4 "c1" action rate-limit kbps 1000
   exit

switch(config)# show class ipv4 c1

Statements for class IPv4 "c1"
class ipv4 "c1"
     10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit

The QoS Policy, policy-qos is applied to the interface
switch(config)# show run int 1
 
Running configuration:
 
interface 1
   service-policy "policy-qos" in
   untagged vlan 10
   aaa port-access mac-based
   exit

In the preceding example, we observe that the rate at which traffic 
is limited is as per the configuration (2000 kbps). 
We also observe that port 1 is enabled with mac-based authentication. 
As part of mac-based authentication, user-policy is applied to the client. 

The following show command displays the client details. 


A mac-auth client is applied on the same port with user policy, policy-user
switch(config)# show port-access client detail   
 
 Port Access Client Status Detail
 
  Client Base Details :                     
   Port            : 1                     Authentication Type : mac-based   
   Client Status   : authenticated         Session Time        : 145 seconds   
   Client Name     : 00000087b9fe          Session Timeout     : 0 seconds     
   MAC Address     : 000000-87b9fe    
   IP              : n/a                                    
 
 User Role Information
 
   Name                              : authRole
   Type                              : local
   Reauthentication Period (seconds) : 0
   Untagged VLAN                     : 10
   Tagged VLANs                      :                                                        
   Captive Portal Profile            : 
   Policy                            : policy-user
 
Statements for policy "policy-user"
policy user "policy-user"
     10 class ipv4 "c1" action rate-limit kbps 1000
   exit
 
 
Statements for class IPv4 "c1"
class ipv4 "c1"
     10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
   exit
 
   Tunnelednode Server Redirect      : Disabled
   Secondary Role Name               : 

 After the port is applied with the meter specified in user policy, policy-user (1000 kbps), 
 the rate of traffic varies between 0 kbps and 1000 kbps.
You can overcome the preceding restrictions using the following work-around:
  • Stop the incoming traffic or the lower the rate to less than 100 kbps for a couple of seconds after you apply the second meter on the port.

  • Before the traffic flow, apply the meters on the interface.