Applying a service policy to an interface

To apply feature-specific service policies to inbound port or VLAN interfaces, use the interface service-policy in or vlan service-policy in command.

The following service-policy restrictions apply to all software features:
  • A service policy is supported only on inbound traffic.

  • Only one feature-specific policy (for example, QoS or mirroring) is supported on a port or VLAN interface.

  • PBR is only supported within a vlan [vlan-id] service-policy [policy-name] in command or within a VLAN context. PBR is not applicable a port‐specific interface.

  • If you apply a policy to a port or VLAN interface on which a policy of the same type (for example, QoS) is already configured, an error message is displayed. The new policy does not overwrite the existing one.

    Before you can apply a new policy, you must first remove the existing policy with the no interface service-policy in or no vlan service-policy in command.

Because only one policy of each type is supported on a port or VLAN interface, ensure that the policy you want to apply contains all the required classes and actions for your configuration.

NOTE:

If ICMP rate limiting is already configured on a port, a service policy cannot be applied to the port until you disable the ICMP rate limiting configuration.

To apply a service policy to the port, maintain ICMP rate limiting by configuring a QoS policy in which you add the necessary match statements for ICMP packets to a class configuration and configure a rate-limit action for the class in the policy configuration.

For information on globally configured ICMP, see the ArubaOS-Switch Management Configuration Guide for your switch.

To apply a service policy on a port or VLAN interface, enter one of the following commands from the global configuration context.

Context: Global configuration

Syntax:


interface port-list service-policy policy-name in | out

Configures the specified ports with a policy that is applied to inbound traffic on each interface. Separate individual port numbers in a series with a comma; for example, a1, b4, d3. Enter a range of ports by using a dash; for example, a1-a5.

The policy name you enter must be the same as the policy name you configured with the policy command.

Context: Global configuration

Syntax:


vlan vlan-id service-policy policy-name in | out

Configures a policy on the specified VLAN that is applied to inbound traffic on the VLAN interface. Valid VLAN ID numbers range from 1 to 4094.

The policy name you enter must be the same as the policy name you configured with the policy command.

Applying a QoS policy to a port range and a VLAN interface

The following example shows how to apply a QoS policy to a port range and a VLAN interface:
switch(config)# interface a4 service-policy RateLimitPrioritizeSuspectTraffic in
switch(config)# vlan 10 service-policy RateLimitPrioritizeSuspectTraffic in