Creating a service policy

In the classifier-based configuration model, the service policy you create for one or more traffic classes is always relative to a software feature, such as QoS, port and VLAN mirroring, or PBR. The software feature must support class and policy configuration. Each feature supports different actions for managing selected packets.

NOTE:

Policy Based Routing (PBR) is available on the 5400 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning.

For example, QoS policies support QoS-specific actions, such as rate limiting, 802.1p-priority, IP-precedence, and DSCP-codepoint assignment. Port and VLAN mirroring policies support mirror-destination assignment for matching packets. PBR policies support specifying the IP next-hop and IP default next-hop, tunnel ID, or null for matching packets.

Procedure
  1. To create a service policy that performs feature-specific actions on selected packets, enter the policy feature-name command from the global configuration context.

    Context: Global configuration

    Syntax
    
    no policy [qos | mirror | pbr] [policy-name]
    

    Defines the name of a service policy and enters the policy configuration context, where policy-name is a text string (64 characters maximum).

    A traffic policy consists of one or more actions that are configured for each class of traffic. The configured actions are executed on packets that match a match statement in a class. No policy action is performed on packets that match an ignore statement. You can configure multiple classes in a policy.

  2. To configure the actions that you want to execute on packets that match the match criteria in a specified class, enter one or more class action commands from the policy configuration context.

    Context: Policy configuration

    
    no [seq-number] class [ipv4 | ipv6 classname action action-name] [action action-name ...]
    

    Defines the actions to be applied on a pre-configured IPv4 or IPv6 traffic class when a packet matches the match criteria in the class.

    You can enter multiple class-action statements for the same class. The actions supported for a class command differ according to the feature-specific policy (for example, QoS or mirroring) configured with the policy command in Step 1.

    seq-number

    (Optional) Sequentially orders the class-action statements in a policy configuration. Actions are executed on matching packets in numerical order.

    Default: Class-action statements are numbered in increments of 10, starting at 10.

    class ipv4|ipv6 classname

    Defines the preconfigured class on which the actions in a class-action statement are executed, and specifies whether the class consists of IPv4 or IPv6 traffic. The class name is a text string (64 characters maximum).

    NOTE:

    You can configure multiple class-action statements to include different classes in a policy. The execution of actions is performed in the order in which the class-actions are numerically listed.

    
    action action-name [action action-name ...]
    

    The action keyword configures the action specified by the action-name parameter. The action is executed on any packet that matches the match criteria in the class. The action is not executed on packets that match ignore criteria. You can configure more than one action for a class. The complete no form of the class action command or the no seq-number command removes an action from the policy configuration.

    Be sure to enter a class and its associated actions in the precise order in which you want packets to be checked and handled by class action commands.

  3. (Optional) To configure a default class, enter the default-class command and specify one or more actions to be executed on packets that are not matched and not ignored.

    Context: Policy configuration

    
    no default-class action action-name [action action-name ...]
    

    Configures a default class to be used to execute one or more actions on packets that are not matched nor ignored in any of the class configurations in a policy. The default-class action command supports only the feature-specific commands supported in the class actioncommand.

    The default class manages packets that do not match the match or ignore criteria in all classes in a policy, and otherwise would have no actions performed on them.

    The default class differs from other classes because it contains no match/ignore statements and uses implicit match ipv4 any any and match ipv6 any any statements to manage all unmatched packets. If you do not configure a default class, unmatched and ignored packets are transmitted without an action performed on them.

  4. Enter the exit command to exit the policy configuration context.

To display a policy configuration, enter the show policy policy-name feature-name command where feature-name is a software feature (such as qos, mirror, or pbr) that supports classifier-based configuration.

To edit a policy configuration, re-enter the policy context (policy command) and modify class-action statements.

To resequence the order in which class-action statements are listed, enter the resequence command.

In the following QoS policy configuration, matching HTTP packets are rate limited to 10000 kbps. All unmatched packets are managed by the default class, which assigns a slightly higher 802.1p priority (4) and a new DSCP codepoint (5).

switch(config)# class ipv4 http
switch(config-class)# match tcp any any eq 80
switch(config-class)# match tcp any any eq 8080
switch(config-class)# exit
switch(config)# policy qos RateLimitPrioritizeSuspectTraffic
switch(policy-qos)# class ipv4 http action rate-limit kbps 10000
switch(policy-qos)# default-class action priority 4 action dscp 5
switch(policy-qos)# exit
A policy configuration requires a feature-specific policy command to identify the software feature used to manage one or more traffic classes:
  • To configure a QoS policy, use the policyqos command as described in the "Quality of Service" chapter in the Advanced Traffic Management Guide.

  • To configure a mirroring policy, use the policy mirror command as described in the Management and Configuration Guide for your switch.