Scenario 1
The commit-rate is greater or equal to peak rate, an error is displayed when the commit-rate exceeds the peak-rate value.
switch(policy-qos)# 10 class ipv4 class1 action meter commit-rate kbps 1000 dscp-remark cs7 peak-rate kbps 1000 drop
The commit rate must be less than the peak rate.
Scenario 2
If you apply a policy action meter on a MAC class, an error "Only IPv4 and IPv6 classes are supported" appears.
Scenario 3
If the commit-rate and peak-rate are not in the range <1 to 10000000>, an error that the rates are not within the configured values appears.
Scenario 4
If you apply a policy with action meter on an interface with 'out' direction, an error "QoS policy with action meter cannot be applied for a port with outbound direction" appears.
switch(config)# interface 1 service-policy qos-policy-1
in Apply the policy to inbound packets on the port.
out Apply the policy to outbound packets on the port.
switch(config)# interface 1 service-policy qos-policy-1
out
The QoS policy with the action 'meter' cannot be applied to a port in the
outbound direction.
Scenario 5
Meter classifier action is supported only on Ethernet ports. An error "QoS policy with classifier action meter is applicable only on Ethernet ports" appears.
switch(vlan-1)# service-policy test in
QoS policy with classifier action meter is applicable only on Ethernet ports.
Scenario 6
When you configure a class with action meter for a policy applied on trunk or VLAN, an error "Class with meter action cannot be configured for the policy applied on trunk or VLAN" appears.
Scenario 7
Remarking of 802.1q priority (CoS) field with the corresponding DSCP value is not supported. If attempted, the CoS field of the packet will be set to zero and only the DSCP field of the packet is remarked. The following behavior is noted due to this restriction:
- Meter has a higher precedence over ACLs
Occurs if you apply CoS through QoS ACL on the same port as two rate meter. The CoS value of the packet is set to zero as CIR/PIR DSCP are applied through a meter.
- Packets that are remarked by meter are always egressed out of the default-priority queue
Occurs if the egress queue is selected based on the CoS value and ASIC limitation.
- In the preceding illustration, the packets that are remarked by the meter are always egressed out of the default-priority queue, Q3. The egress queue is selected based on CoS value and the ASIC limitation. The CoS packet is marked as zero and the queue corresponding to CoS value of zero is selected.
- Metered outcome is undetermined if multiple meters are applied on the same port
Occurs when you meter the traffic on a port using a QoS policy, and apply a new meter on the same port for that class of traffic using a user-policy. Due to ASIC limitation, the outcome of the metered rate is not determined.
The following example shows difference in rate limit when a QoS policy and user policy is applied on the same port:
‘policy-qos’ is a QoS policy
‘policy-user’ is an user policy
‘c1’ is a class which matches all IP traffic
switch(config)# show policy policy-qos
Statements for policy "policy-qos"
policy qos "policy-qos"
10 class ipv4 "c1" action rate-limit kbps 2000
exit
switch(config)# show policy policy-user
Statements for policy "policy-user"
policy user "policy-user"
10 class ipv4 "c1" action rate-limit kbps 1000
exit
switch(config)# show class ipv4 c1
Statements for class IPv4 "c1"
class ipv4 "c1"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
The QoS Policy, policy-qos is applied to the interface
switch(config)# show run int 1
Running configuration:
interface 1
service-policy "policy-qos" in
untagged vlan 10
aaa port-access mac-based
exit
In the preceding example, we observe that the rate at which traffic
is limited is as per the configuration (2000 kbps).
We also observe that port 1 is enabled with mac-based authentication.
As part of mac-based authentication, user-policy is applied to the client.
The following show command displays the client details.
A mac-auth client is applied on the same port with user policy, policy-user
switch(config)# show port-access client detail
Port Access Client Status Detail
Client Base Details :
Port : 1 Authentication Type : mac-based
Client Status : authenticated Session Time : 145 seconds
Client Name : 00000087b9fe Session Timeout : 0 seconds
MAC Address : 000000-87b9fe
IP : n/a
User Role Information
Name : authRole
Type : local
Reauthentication Period (seconds) : 0
Untagged VLAN : 10
Tagged VLANs :
Captive Portal Profile :
Policy : policy-user
Statements for policy "policy-user"
policy user "policy-user"
10 class ipv4 "c1" action rate-limit kbps 1000
exit
Statements for class IPv4 "c1"
class ipv4 "c1"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
After the port is applied with the meter specified in user policy, policy-user (1000 kbps),
the rate of traffic varies between 0 kbps and 1000 kbps.
You can overcome the preceding restrictions using the following work-around:
Stop the incoming traffic or the lower the rate to less than 100 kbps for a couple of seconds after you apply the second meter on the port.
Before the traffic flow, apply the meters on the interface.