Cisco Sg3008 Manual
Have a look at the manual Cisco Sg3008 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Quality of Service QoS Basic Mode 503 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25 If there is any port that, as an exception, should not trust the incoming CoS mark, disable the QoS state on that port using the Interface Settings page. Enable or disable the global selected trusted mode at the ports by using the Interface Settings page. If a port is disabled without trusted mode, all its ingress packets are forward in best effort. It is recommended that you disable the trusted mode at the ports where the CoS/802.1p and/or DSCP values in the incoming packets are not trustworthy. Otherwise, it might negatively affect the performance of your network Configuring Global Settings The Global Settings page contains information for enabling Trust on the device (see the Trust Mode field below). This configuration is active when the QoS mode is Basic mode. Packets entering a QoS domain are classified at the edge of the QoS domain. To define the Trust configuration: STEP 1Click Quality of Service > QoS Basic Mode > Global Settings. STEP 2Select the Trust Mode while the device is in Basic mode. If a packet CoS level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: •CoS/802.1p—Traffic is mapped to queues based on the VPT field in the VLAN tag, or based on the per-port default CoS/802.1p value (if there is no VLAN tag on the incoming packet), the actual mapping of the VPT to queue can be configured in the mapping CoS/802.1p to Queue page. •DSCP—All IP traffic is mapped to queues based on the DSCP field in the IP header. The actual mapping of the DSCP to queue can be configured in the DSCP to Queue page. If traffic is not IP traffic, it is mapped to the best effort queue. •CoS/802.1p-DSCP—Either CoS/802.1p or DSCP whichever has been set. STEP 3Select Override Ingress DSCP to override the original DSCP values in the incoming packets with the new values according to the DSCP Override Table. When Override Ingress DSCP is enabled, the device uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values. NOTEThe frame is mapped to an egress queue using the new, rewritten value, and not by the original DSCP value.
Quality of Service QoS Basic Mode Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 504 25 STEP 4If Override Ingress DSCP was enabled, click DSCP Override Table to reconfigure DSCP. DSCP In displays the DSCP value of the incoming packet that needs to be re- marked to an alternative value. STEP 5Select the DSCP Out value to indicate the outgoing value is mapped. STEP 6Click Apply. The Running Configuration file is updated with the new DSCP values. Interface QoS Settings The Interface Settings page enables configuring QoS on each port of the device, as follows: QoS State Disabled on an Interface—All inbound traffic on the port is mapped to the best effort queue and no classification/prioritization takes place. QoS State of the Port is Enabled—Port prioritize traffic on ingress is based on the system wide configured trusted mode, which is either CoS/ 802.1p trusted mode or DSCP trusted mode. To enter QoS settings per inter face: STEP 1Click Quality of Service > QoS Basic Mode > Interface Settings. STEP 2Select Port or LAG to display the list of ports or LAGs. QoS State displays whether QoS is enabled on the interface. STEP 3Select an interface, and click Edit. STEP 4Select the Port or LAG interface. STEP 5Click to enable or disable QoS State for this interface. STEP 6Click Apply. The Running Configuration file is updated.
Quality of Service QoS Advanced Mode 505 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25 QoS Advanced Mode Frames that match an ACL and were permitted entrance are implicitly labeled with the name of the ACL that permitted their entrance. Advanced mode QoS actions can then be applied to these flows. In QoS advanced mode, the device uses policies to support per flow QoS. A policy and its components have the following characteristics and relationships: •A policy contains one or more class maps. •A class map defines a flow with one or more associating ACLs. Packets that match only ACL rules (ACE) in a class map with Permit (forward) action are considered belonging to the same flow, and are subjected to the same quality of services. Thus, a policy contains one or more flows, each with a user defined QoS. •The QoS of a class map (flow) is enforced by the associating policer. There are two type of policers, single policer and aggregate policer. Each policer is configured with a QoS specification. A single policer applies the QoS to a single class map, and thus to a single flow, based on the policer QoS specification. An aggregate policer applies the QoS to one or more class maps, and thus one or more flows. An aggregate policer can support class maps from different policies. •Per flow QoS are applied to flows by binding the policies to the desired ports. A policy and its class maps can be bound to one or more ports, but each port is bound with at most one policy. Notes: •Single policer and aggregation policer are available when the device is in Layer 2 mode. •An ACL can be configured to one or more class maps regardless of policies. •A class map can belong to only one policy. •When a class map using single policer is bound to multiple ports, each port has its own instance of single policer; each applying the QoS on the class map (flow) at a port independent of each other. •An aggregate policer applies the QoS to all its flow(s) in aggregation regardless of policies and ports.
Quality of Service QoS Advanced Mode Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 506 25 Advanced QoS settings consist of three parts: •Definitions of the rules to match. All frames matching a single group of rules are considered to be a flow. •Definition of the actions to be applied to frames in each flow that match the rules. •Binding the combinations of rules and action to one or more interfaces. Workflow to Configure Advanced QoS Mode To configure Advanced QoS mode, perform the following: 1. Select Advanced mode for the system by using the QoS Properties page . Select the Trust Mode using the Global Settings page. If a packet CoS level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: •If internal DSCP values are different from those used on incoming packets, map the external values to internal values by using the Out-of-Profile DSCP Mapping page. This in turn opens the DSCP Remarking page. 2. Create ACLs, as described in Create ACL Workflow. 3. If ACLs were defined, create class maps and associate the ACLs with them by using the Class Mapping page. 4. Create a policy using the Policy Table page, and associate the policy with one or more class maps using the Policy Class Map page. You can also specify the QoS, if needed, by assigning a policer to a class map when you associate the class map to the policy. •Single Policer—Create a policy that associates a class map with a single policer by using the Policy Table page and the Class Mapping page. Within the policy, define the single policer. •Aggregate Policer—Create a QoS action for each flow that sends all matching frames to the same policer (aggregate policer) by using the Aggregate Policer page. Create a policy that associates a class map with the aggregate policer by using the Policy Table page. 5. Bind the policy to an interface by using the Policy Binding page.
Quality of Service QoS Advanced Mode 507 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25 Configuring Global Settings The Global Settings page contains information for enabling Trust on the device. Packets entering a QoS domain are classified at the edge of the QoS domain. To define the Trust configuration: STEP 1Click Quality of Service > QoS Advanced Mode > Global Settings. STEP 2Select the Trust Mode while the device is in Advanced mode. If a packet CoS level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: •CoS/802.1p—Traffic is mapped to queues based on the VPT field in the VLAN tag, or based on the per-port default CoS/802.1p value (if there is no VLAN tag on the incoming packet), the actual mapping of the VPT to queue can be configured in the mapping CoS/802.1p to Queue page. •DSCP—All IP traffic is mapped to queues based on the DSCP field in the IP header. The actual mapping of the DSCP to queue can be configured in the DSCP to Queue page. If traffic is not IP traffic, it is mapped to the best effort queue. •CoS/802.1p-DSCP—Select to use Trust CoS mode for non-IP traffic and Trust DSCP for IP traffic. STEP 3Select the default Advanced mode QoS trust mode (either trusted or untrusted) for interfaces in the Default Mode Status field. This provides basic QoS functionality on Advanced QoS, so that you can trust CoS/DSCP on Advanced QoS by default (without having to create a policy). In QoS Advanced Mode, when the Default Mode Status is set to Not Trusted, the default CoS values configured on the interface is ignored and all the traffic goes to queue 1. See the Quality of Service > QoS Advanced Mode > Global Settings page for details. If you have a policy on an interface then the Default Mode is irrelevant, the action is according to the policy configuration and unmatched traffic is dropped. STEP 4Select Override Ingress DSCP to override the original DSCP values in the incoming packets with the new values according to the DSCP Override Table. When Override Ingress DSCP is enabled, the device uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values.
Quality of Service QoS Advanced Mode Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 508 25 NOTEThe frame is mapped to an egress queue using the new, rewritten value, and not by the original DSCP value. STEP 5If Override Ingress DSCP was enabled, click DSCP Override Table to reconfigure DSCP. See the DSCP Override Table page for details. Configuring Out-of-Profile DSCP Mapping When a policer is assigned to a class maps (flows), you can specify the action to take when the amount of traffic in the flow(s) exceeds the QoS-specified limits. The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out-of-profile packets. If the exceed action is Out of Profile DSCP, the device remaps the original DSCP value of the out-of-profile IP packets with a new value based on the Out of Profile DSCP Mapping Table. The device uses the new values to assign resources and the egress queues to these packets. The device also physically replaces the original DSCP value in the out of profile packets with the new DSCP value. To use the out-of-profile DSCP exceed action, remap the DSCP value in the Out Of Profile DSCP Mapping Table. Otherwise the action is null, because the DSCP value in the table remaps the packets to itself by factory default. This feature changes the DSCP tags for incoming traffic switched between trusted QoS domains. Changing the DSCP values used in one domain, sets the priority of that type of traffic to the DSCP value used in the other domain to identify the same type of traffic. These settings are active when the system is in the QoS basic mode, and once activated they are active globally. For example: Assume that there are three levels of service: Silver, Gold, and Platinum and the DSCP incoming values used to mark these levels are 10, 20, and 30 respectively. If this traffic is forwarded to another service provider that has the same three levels of service, but uses DSCP values 16, 24, and 48, Out of Profile DSCP Mapping changes the incoming values as they are mapped to the outgoing values.
Quality of Service QoS Advanced Mode 509 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25 To m a p D S C P v a l u e s : STEP 1Click Quality of Service > QoS Advanced Mode > Out of Profile DSCP Mapping. This page enables setting the change-the-DSCP-value of traffic entering or leaving the device. DSCP In displays the DSCP value of the incoming packet that needs to be re- marked to an alternative value. STEP 2Select the DSCP Out value to where the incoming value is mapped. STEP 3Click Apply. The Running Configuration file is updated with the new DSCP Mapping table. Defining Class Mapping A Class Map defines a traffic flow with ACLs (Access Control Lists). A MAC ACL, IP ACL, and IPv6 ACL can be combined into a class map. Class maps are configured to match packet criteria on a match-all or match-any basis. They are matched to packets on a first-fit basis, meaning that the action associated with the first-matched class map is the action performed by the system. Packets that matches the same class map are considered to belong to the same flow. NOTEDefining class maps does not have any effect on QoS; it is an interim step, enabling the class maps to be used later. If more complex sets of rules are needed, several class maps can be grouped into a super-group called a policy (see Configuring a Policy). The Class Mapping page shows the list of defined class maps and the ACLs comprising each, and enables you to add/delete class maps. To define a Class Map: STEP 1Click Quality of Service > QoS Advanced Mode > Class Mapping. This page displays the already-defined class maps. STEP 2Click Add. A new class map is added by selecting one or two ACLs and giving the class map a name. If a class map has two ACLs, you can specify that a frame must match both ACLs, or that it must match either one or both of the ACLs selected. STEP 3Enter the parameters.
Quality of Service QoS Advanced Mode Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 510 25 •Class Map Name—Enter the name of a new class map. •Match ACL Type—The criteria that a packet must match in order to be considered to belong to the flow defined in the class map. The options are: - IP—A packet must match either of the IP based ACLs in the class map. - MAC—A packet must match the MAC based ACL in the class map. - IP and MAC—A packet must match the IP based ACL and the MAC based ACL in the class map. - IP or MAC—A packet must match either the IP based ACL or the MAC based ACL in the class map. •IP—Select the IPv4 based ACL or the IPv6 based ACL for the class map. •MAC—Select the MAC based ACL for the class map. •Preferred ACL—Select whether packets are first matched to an IP-based ACL or a MAC-based ACL. STEP 4Click Apply. The Running Configuration file is updated. QoS Policers NOTEQoS policers are not supported on Sx500 devices in Layer 3 system mode. They are always supported on SG500X devices. You can measure the rate of traffic that matches a pre-defined set of rules, and to enforce limits, such as limiting the rate of file-transfer traffic that is allowed on a port. This can be done by using the ACLs in the class map(s) to match the desired traffic, and by using a policer to apply the QoS on the matching traffic. A policer is configured with a QoS specification. There are two kinds of policers: •Single (Regular) Policer—A single policer applies the QoS to a single class map, and to a single flow based on the policers QoS specification. When a class map using single policer is bound to multiple ports, each port has its own instance of single policer; each applying the QoS on the class map (flow) at ports that are otherwise independent of each other. A single policer is created in the Policy Table page.
Quality of Service QoS Advanced Mode 511 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25 •Aggregate Policer—An aggregate policer applies the QoS to one or more class maps, and one or more flows. An aggregation policer can support class maps from different policies. An aggregate policer applies QoS to all its flow(s) in aggregation regardless of policies and ports. An aggregate policer is created in the Aggregate Policer page. An aggregate policer is defined if the policer is to be shared with more than one class. Policers on a port cannot be shared with other policers in another device. Each policer is defined with its own QoS specification with a combination of the following parameters: •A maximum allowed rate, called a Committed Information Rate (CIR), measured in Kbps. •An amount of traffic, measured in bytes, called a Committed Burst Size (CBS). This is traffic that is allowed to pass as a temporary burst even if it is above the defined maximum rate. •An action to be applied to frames that are over the limits (called out-of- profile traffic), where such frames can be passed as is, dropped, or passed, but remapped to a new DSCP value that marks them as lower-priority frames for all subsequent handling within the device. Assigning a policer to a class map is done when a class map is added to a policy. If the policer is an aggregate policer, you must create it using the Aggregate Policer page. Defining Aggregate Policers An aggregate policer applies the QoS to one or more class maps, therefore one or more flows. An aggregation policer can support class maps from different policies and applies the QoS to all its flow(s) in aggregation regardless of policies and ports. NOTEThe device supports aggregate policers and single policers only when operating in Layer 2 mode in devices that support a separate Layer 2 system mode. To define an aggregate policer: STEP 1Click Quality of Service > QoS Advanced Mode > Aggregate Policer. This page displays the existing aggregate policers. STEP 2Click Add.
Quality of Service QoS Advanced Mode Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 512 25 STEP 3Enter the parameters. •Aggregate Policer Name—Enter the name of the Aggregate Policer. •Ingress Committed Information Rate (CIR)—Enter the maximum bandwidth allowed in bits per second. See the description of this in the Bandwidth page. •Ingress Committed Burst Size (CBS)—Enter the maximum burst size (even if it goes beyond the CIR) in bytes. See the description of this in the Bandwidth page. •Exceed Action—Select the action to be performed on incoming packets that exceed the CIR. Possible values are: -For ward—Packets exceeding the defined CIR value are forwarded. -Drop—Packets exceeding the defined CIR value are dropped. -Out of Profile DSCP—The DSCP values of packets exceeding the defined CIR value are remapped to a value based on the Out Of Profile DSCP Mapping Table. STEP 4Click Apply. The Running Configuration file is updated. Configuring a Policy The Policy Table Map page displays the list of advanced QoS polices defined in the system. The page also allows you to create and delete polices. Only those policies that are bound to an interface are active (see Policy Binding page). Each policy consists of: •One or more class maps of ACLs which define the traffic flows in the policy. •One or more aggregates that applies the QoS to the traffic flows in the policy. After a policy has been added, class maps can be added by using the Policy Table page.