Cisco IOS Quality of Service Solutions Command Reference

Cisco IOS Quality of Service Solutions
Command Reference
July 2008
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are
trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,
Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing,
FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo,
LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels,
ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the
WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0807R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco IOS Quality of Service Solutions Command Reference

© 2008 Cisco Systems, Inc. All rights reserved.
Quality of Service Commands
Cisco IOS quality of service (QoS) commands are used to configure quality of service, a measure of
performance for a transmission system that reflects its transmission quality and service availability.

QOS-1
access-list rate-limit
To configure an access list for use with committed access rate (CAR) policies, use the access-list
rate-limit command in global configuration mode. To remove the access list from the configuration, use
the no form of this command.
access-list rate-limit acl-index {precedence | mac-address | exp | mask mask}
no access-list rate-limit acl-index {precedence | mac-address | exp | mask mask}
Syntax Description acl-index Access list number. To classify packets by

• IP precedence, use any number from 1 to 99
• MAC address, use any number from 100 to 199
• Multiprotocol Label Switching (MPLS) experimental field, use
any number from 200 to 299
precedence IP precedence. Valid values are numbers from 0 to 7.
mac-address MAC address.
exp MPLS experimental field. Valid values are numbers from 0 to 7.
mask mask Mask. Use this option if you want to assign multiple IP precedences
or MPLS experimental field values to the same rate-limit access list.
Command Default No CAR access lists are configured.
Command Modes Global configuration
Command History Release Modification

11.1CC This command was introduced.
12.1(5)T This command now includes an access list based on the MPLS
experimental field.
12.2(2)T This command was integrated into Cisco IOS Release 12.2(2)T.
12.2(4)T This command was implemented on the Cisco MGX 8850 switch and
the MGX 8950 switch with a Cisco MGX RPM-PR card.
12.2(4)T2 This command was implemented on the Cisco 7500 series.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train.
Support in a specific 12.2SX release of this train depends on your
feature set, platform, and platform hardware.

QOS-2
Usage Guidelines Use this command to classify packets by the specified IP precedence, MAC address, or MPLS
experimental field values for a particular CAR access list. You can then apply CAR policies, using the
rate-limit command, to individual rate-limit access lists. When packets in an access list are classified in
this manner, the packets with different IP precedences, MAC addresses, or MPLS experimental field
values are treated differently by the CAR process.
You can specify only one command for each rate-limit access list. If you enter this command multiple
times using the same access list number, the new command overwrites the previous command.
Use the mask keyword to assign multiple IP precedences or MPLS experimental field values to the same
rate-limit list. To ascertain the mask value, perform the following steps.
1. Decide which precedences you want to assign to this rate-limit access list.
2. Convert the precedences or MPLS experimental field values into 8-bit numbers with each bit
corresponding to one value. For example, an MPLS experimental field value of 0 corresponds to
00000001; 1 corresponds to 00000010; 6 corresponds to 01000000; and 7 corresponds to 10000000.
3. Add the 8-bit numbers for the selected MPLS experimental field values. For example, the mask for
MPLS experimental field values 1 and 6 is 01000010.
4. The access-list rate-limit command expects hexadecimal format. Convert the binary mask into the
corresponding hexadecimal number. For example, 01000010 becomes 42 and is used in the
command. Any packets that have an MPLS experimental field value of 1 or 6 will match this access
list.
A mask of FF matches any precedence, and 00 does not match any precedence.
Examples In the following example, MPLS experimental fields with the value of 7 are assigned to the rate-limit
access list 200:
Router(config)# access-list rate-limit 200 7
You can then use the rate-limit access list in a rate-limit command so that the rate limit is applied only
to packets matching the rate-limit access list.
Router(config)# interface atm4/0.1 mpls
Router(config-if)# rate-limit input access-group rate-limit 200 8000 8000 8000
conform-action set-mpls-exp-transmit 4 exceed-action set-mpls-exp-transmit 0
Related Commands Command Description

rate-limit Configures CAR and DCAR policies.
show access-lists rate-limit Displays information about rate-limit access lists.

QOS-3
atm-address (qos)
atm-address (qos)
To specify the QoS parameters associated with a particular ATM address, use the atm-address command
in LANE QoS database configuration mode. To revert to the default value, use the no form of this
command.
atm-address atm-address [ubr+ pcr value mcr value]
no atm-address atm-address [ubr+ pcr value mcr value]
Syntax Description atm-address Control ATM address.

ubr+ (Optional) Unspecified bit rate plus virtual channel connection (VCC).
pcr (Optional) Peak cell rate (PCR).
value (Optional) UBR+ pcr value in kbps.
mcr value (Optional) Minimum cell rate (MCR) value in kbps
Command Default No default ATM address.
Command Modes LANE QoS database configuration

12.1(2)E This command was introduced.
12.2(14)S This command was integrated into Cisco IOS Release 12.2(14)S.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
Examples The following example shows how to enter the required QoS parameters using PCR and MCR values on
a specific ATM address. This command is entered from LANE QoS database configuration mode.
Router(lane-qos)# atm-address 47.0091810000000061705B0C01.00E0B0951A40.0A ubr+ pcr 500000
mcr 100000

lane client qos Applies a QoS over LANE database to an interface.
lane qos database Begins the process of building a QoS over LANE database.
show lane qos database Displays the contents of a specific QoS over LANE database.
ubr+ cos Maps a CoS value to a UBR+ VCC.

QOS-4
auto discovery qos
auto discovery qos

To begin discovering and collecting data for configuring the AutoQoS for the Enterprise feature, use the
auto discovery qos command in interface configuration mode. To stop discovering and collecting data,
use the no form of this command.
auto discovery qos [trust]
no auto discovery qos
Syntax Description trust (Optional) Indicates that the differentiated services code point (DSCP)
markings of a packet are trust (that is, relied on) for classification of the
voice, video, and data traffic.
If the optional trust keyword is not specified, the voice, video, and data
traffic is classified using network-based application recognition (NBAR),
and the packets are marked with the appropriate DSCP value.
Defaults No data collection is performed.
Command Modes Interface configuration

12.3(7)T This command was introduced.
12.3(11)T The trust mode was modified to classify packets by DSCP value rather than
by protocol type.
Usage Guidelines The auto discovery qos command initiates the Auto-Discovery (data collection) phase of the AutoQoS
for the Enterprise feature. This command invokes NBAR protocol discovery to collect data and analyze
the traffic at the egress direction of the interface.
The no auto discovery qos command terminates the Auto-Discovery phase and removes any data
collection reports generated.
The trust keyword is used for the trusted model based on the specified DSCP marking. For more
information, see the “Trusted Boundary” section of the AutoQoS for the Enterprise feature module,
Cisco IOS Release 12.3(7)T.
Examples The following is a sample configuration showing the Auto-Discovery (data collection) phase of the
AutoQoS for the Enterprise feature enabled on a serial2/1/1 subinterface.
Router> enable
Router# configure terminal
Router(config)# interface serial2/1.1

QOS-5
auto discovery qos
Router(config-if)# frame-relay interface-dlci 58

Router(config-if)# auto discovery qos
Router(config-if)# end

auto qos Installs the QoS class maps and policy maps created by the AutoQoS for the
Enterprise feature.
service policy Attaches a policy map to an input interface or VC, or an output interface or
VC, to be used as the service policy for that interface or VC.
show auto qos Displays the interface configurations, policy maps, and class maps created
by AutoQoS on a specific interface or all interfaces.

QOS-6
auto qos
auto qos
To install the quality-of-service (QoS) class maps and policy maps created by the AutoQoS for the
Enterprise feature, use the auto qos command in interface configuration mode. To remove the QoS
policies, use the no form of this command.
auto qos
no auto qos
Syntax Description This command has no arguments or keywords.
Command Default No QoS policies are installed.

Usage Guidelines The class maps and policy maps are created from the templates that are automatically generated by the
AutoQoS for the Enterprise feature. These templates (and the resulting class maps and policy maps) are
generated on the basis of the data collected during the Auto-Discovery phase of the AutoQoS for the
Enterprise feature. For more information about the Auto-Discovery phase, see the “Configuration
Phases” section of the AutoQoS for the Enterprise feature module, Cisco IOS Release 12.3(7)T.
The no auto qos command removes any AutoQoS-generated class maps and policy maps installed on
the interface.
Examples The following is a sample configuration showing the AutoQoS for the Enterprise feature enabled on a
serial2/1/1 subinterface. In this configuration, the AutoQoS class maps and policy maps will be installed
on the serial2/1 interface.
Router> enable
Router(config)# interface serial2/1
Router(config-if)# auto qos

QOS-7
auto qos

service policy Attaches a policy map to an input interface or VC, or an output interface or

QOS-8
auto qos voip
auto qos voip

To configure the AutoQoS—VoIP feature on an interface, use the auto qos voip command in interface
configuration mode or Frame Relay DLCI configuration mode. To remove the AutoQoS—VoIP feature
from an interface, use the no form of this command.
auto qos voip [trust] [fr-atm]
no auto qos voip [trust] [fr-atm]
Syntax Description trust (Optional) Indicates that the differentiated services code point (DSCP)
markings of a packet are trusted (relied on) for classification of the voice
traffic. If the optional trust keyword is not specified, the voice traffic is
classified using network-based application recognition (NBAR), and the
packets are marked with the appropriate DSCP value.
fr-atm (Optional) Enables the AutoQoS—VoIP feature for Frame-Relay-to-ATM
links. This option is available on the Frame Relay data-link connection
identifiers (DLCIs) for Frame-Relay-to-ATM interworking only.
Command Default Default mode is Disabled.

Frame Relay DLCI configuration (for use with Frame Relay DLCIs)

Usage Guidelines To enable the AutoQoS—VoIP feature for Frame-Relay-to-ATM interworking, the fr-atm keyword must
be configured explicitly. However, the fr-atm keyword affects low-speed DLCIs only. It does not affect
high-speed DLCIs.
Note DLCIs with link speeds lower than or equal to 768 kbps are considered low-speed DLCIs; DLCIs with
link speeds higher than 768 kbps are considered high-speed DLCIs.
Depending on whether the trust keyword has been configured for this command, the AutoQoS—VoIP
feature automatically creates one of the following two policy maps:
• “AutoQoS-Policy-Trust” (created if the trust keyword is configured)
• “AutoQoS-Policy-UnTrust” (created if the trust keyword is not configured)

QOS-9
auto qos voip
Both of these policy maps are designed to handle the Voice over IP (VoIP) traffic on an interface or a
permanent virtual circuit (PVC) and can be modified to suit the quality of service (QoS) requirements
of the network. To modify these policy maps, use the appropriate Cisco IOS command.
These policy maps should not be attached to an interface or PVC by using the service-policy command.
If the policy maps are attached in this manner, the AutoQoS—VoIP feature (that is, the policy maps, class
maps, and access control lists [ACLs]) will not be removed properly when the no auto qos voip
command is configured.
For low-speed Frame Relay DLCIs that are interconnected with ATM PVCs in the same network, the
fr-atm keyword must be explicitly configured in the auto qos voip command to configure the
AutoQoS—VoIP feature properly. That is, the command must be configured as auto qos voip fr-atm.
For low-speed Frame Relay DLCIs that are configured with Frame-Relay-to-ATM, Multilink PPP (MLP)
over Frame Relay (MLPoFR) is configured automatically. The subinterface must have an IP address.
When MLPoFR is configured, this IP address is removed and put on the MLP bundle. The
AutoQoS—VoIP feature must also be configured on the ATM side by using the auto qos voip command.
The auto qos voip command is not supported on subinterfaces.
The auto qos voip command is available for Frame Relay DLCIs.
Disabling AutoQoS—VoIP
The no auto qos voip command disables the AutoQoS—VoIP feature and removes the configurations
associated with the feature.
When the no auto qos voip command is used, the no forms of the individual commands originally
generated by the AutoQoS—VoIP feature are configured. With the use of individual no forms of the
commands, the system defaults are reinstated. The no forms of the commands will be applied just as if
the user had entered the commands individually. As the configuration reinstating the default setting is
applied, any messages resulting from the processing of the commands are displayed.
Note If you delete a subinterface or PVC (either ATM or Frame Relay PVCs) without configuring the
no auto qos voip command, the AutoQoS—VoIP feature will not be removed properly.
Examples The following example shows the AutoQoS—VoIP feature configured on serial point-to-point
subinterface 4/1.2. In this example, both the trust and fr-atm keywords are configured.
Router> enable
Router(config)# interface serial4/1.2 point-to-point
Router(config-if)# bandwidth 100
Router(config-if)# ip address 192.168.0.0 255.255.255.0
Router(config-fr-dlci)# auto qos voip trust fr-atm
Router(config-fr-dlci)# end
Router(config-if# exit

service-policy Attaches a policy map to an input interface or VC, or an output interface
or VC, to be used as the service policy for that interface or VC.
show auto qos Displays the configurations created by the AutoQoS—VoIP feature on a
specific interface or all interfaces.

QOS-10
auto qos voip (6500)

To configure AutoQoS on a voice over IP (VoIP) port interface, use the auto qos voip command in
interface configuration mode. To remove AutoQos from the configuration, use the no form of this
command.
auto qos voip {cisco-phone | cisco-softphone | trust}
no auto qos voip {cisco-phone | cisco-softphone | trust}
Syntax Description cisco-phone Enables the quality of service (QoS) ingress macro for the Cisco IP Phone.
cisco-softphone Enables the QoS ingress macro for the Cisco IP SoftPhone.
trust Specifies AutoQoS for ports trusting differentiated services code point
(DSCP) and class of service (CoS) traffic markings.
Command Default AutoQos trusts DSCP and CoS traffic markings.
Command Modes Interface configuration (config-if)

12.2(33)SXH This command was introduced.
Usage Guidelines The automation of QoS (AutoQoS) allows you to specify the type of QoS parameters desired on a
particular port. For example, entering the auto qos voip cisco-softphone command enables the QoS
ingress macro for the Cisco IP SoftPhone.
The Smartports feature provides a set of tools for configuring all switch settings related to a specific
application with a single command. For example, entering the auto qos voip cisco-phone command
configures all the settings necessary to connect an IP phone to the switch.
You can enter the show auto qos command to display the configured AutoQoS macros.
AutoQoS and Smartports are supported on the following modules:
• WS-X6548-RJ45
• WS-X6548-RJ21
• WS-X6148-GE_TX
• WS-X6548-GE-TX-CR
• WS-X6148-RJ45V
• WS-X6148-RJ21V
• WS-X6348-RJ45
• WS-X6348-RJ21
• WS-X6248-TEL

QOS-11
Note The no auto qos voip interface configuration command does not disable QoS globally or delete the
received CoS-to-internal-DSCP maps created by AutoQoS.
The auto qos voip cisco-phone and the auto qos voip cisco-softphone commands allow you to enable
the inbound QoS configuration macros for AutoQoS on an interface. In some cases, the interface-specific
auto qos voip commands also generate configuration commands that are applied globally.
You must configure the interface with the switchport command if you enter the auto qos voip
cisco-phone command. You cannot configure the interface with the switchport command if you enter
the auto qos voip cisco-softphone command.
If you configure an interface with the switchport command, AutoQoS configures the interface to trust
CoS. If you do not configure the interface with the switchport command, AutoQoS configures the
interface to trust DSCP.
AutoQoS uses a nondefault CoS-to-DSCP map. For this reason, you must configure port trust on a
per-port-ASIC basis.
When you enter the auto qos voip cisco-phone command, the following behavior occurs:
• QoS is enabled if it is disabled.
• The port is changed to port-based QoS.
• The appropriate CoS map is set.
• All ports are changed to port-based mode (if applicable).
• A trust-CoS QoS policy is created and applied for the ports that need a trust-CoS QoS policy (COIL2
and COIL1).
• A trusted boundary is enabled on the port.
• The CoS value for a trust boundary is set to zero.
• The port trust is set to trust-cos.
• Only 10/100 ports and 10/100/1000 ports are supported.
• A warning message is displayed if the CDP version is not version 2.
When you enter the auto qos voip cisco-softphone command, the following behavior occurs:
• The cisco-softphone macro is a superset of the cisco-phone macro and configures all features that
are required for a Cisco IP Phone to work properly on the Catalyst 6500 series switch.
• The global settings for AutoQoS policy maps, class maps, and access lists are created to classify
VoIP packets and to put them in the priority queue or another low-latency queue. The interface
settings are created depending on the type of interface and the link speed.
• Two rate limiters are associated with the interface on which the cisco-softphone port-based autoqos
macro is executed. The two rate limiters ensure that all inbound traffic on a cisco-softphone port
have the following characteristics:
– The rate of DCSP 46 is at or less than that of the expected softphone rate.
– The rate of DSCP 26 is at or less than the expected signaling rate.
– All other traffic is re-marked to DSCP 0 (default traffic).

QOS-12
• DSCP 46 is policed at the rate of 320 kbps with a burst of 2 Kb. DSCP 26 is policed at 32 kbps with
a burst of 8 Kb.
• The port is set to untrusted for all port types. The policed-dscp-map is set to ensure that DSCP 46
is marked down to DSCP 0 and DSCP 26 is marked down to DSCP 0. The default QoS IP ACL
re-marks all other traffic to DSCP 0.
When you enter the auto qos voip soft-phone command, the following behavior occurs:
• Enables QoS if QoS is disabled.
• Changes the port to port-based QoS.
• Sets the appropriate police-dscp-map.
• Sets the appropriate CoS-to-DSCP map.
• Changes all ports to port-based mode (if applicable).
• Creates a trust-dscp QoS policy for the ports that need it (COIL2 and COIL1).
• Applies the trust-dscp QoS policy to the port (COIL2 and COIL1).
• Disables a trusted boundary on the port.
• Changes trust to untrusted.
• Allows 10/100 ports and 10/100/1000 ports only.
• Applies two rate limiters, one for DSCP 46 and one for DSCP 26 inbound traffic, and trusts only
inbound DSCP 46 and DSCP 26 traffic.
• Marks violations of either rate limiter results in traffic down to DSCP 0.
• Re-marks all other (non-DSCP 26 and 46) inbound traffic to DSCP 0.
When you enter the auto qos voip trust command, the following applies:
• The DSCP and the CoS markings are trusted for classification of the voice traffic.
• Enables QoS if QoS is disabled.
• Changes the port to port-based QoS.
• Changes all ports to port-based mode (if applicable).
• Creates a trust-dscp and a trust-cos QoS policy for the ports that need it (COIL2 and COIL1).
• Applies the trust-dscp and a trust-cos QoS policy to the port (COIL2 and COIL1).
• Disables the trusted boundary on the port.
• Sets port trust to trust-cos.
• All ports are supported.
• Bases queueing for all ports that allow dscp-to-q mapping on DSCP. If not, queueing is based on
CoS.
Examples The following example shows how to enable the QoS ingress macro for the Cisco IP Phone:
Router(config-if)# auto qos voip cisco-phone

QOS-13

show auto qos Displays AutoQoS information.
show running-config interface Displays the status and configuration of the interface.
switchport Configures the LAN interface as a Layer 2 switched interface.

QOS-14
bandwidth (policy-map class)

To specify or modify the bandwidth allocated for a class belonging to a policy map, or to enable ATM
overhead accounting, use the bandwidth command in policy-map class configuration mode. To remove
the bandwidth specified for a class or disable ATM overhead accounting, use the no form of this
command.
bandwidth {bandwidth-kbps | remaining percent percentage | percent percentage} [
no bandwidth
Cisco 10000 Series Router (PRE3)
bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account

{{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
no bandwidth
Syntax Description bandwidth-kbps Amount of bandwidth, in kilobits per second (kbps), to be assigned to the
class. The amount of bandwidth varies according to the interface and platform
in use.
remaining percent Percentage of guaranteed bandwidth based on a relative percent of available
percentage bandwidth. The percentage can be a number from 1 to 100.
percent percentage Percentage of guaranteed bandwidth based on an absolute percent of available
bandwidth to be set aside for the priority class. The percentage can be a
number from 1 to 100.
aal3 Specifies the ATM Adaptation Layer 5 that supports both connectionless and
connection-oriented links. You must specify either aal3 or aal5.
user-defined Specifies that the router is to use an offset size when calculating ATM
overhead.
offset Specifies the offset size when calculating ATM overhead. Valid values are
from -63 to 63 bytes.
Note The router configures the offset size if you do not specify the
user-defined offset option.
atm Applies ATM cell tax in the ATM overhead calculation.
Note Configuring both the offset and atm options adjusts the packet size to
the offset size and then adds ATM cell tax.
Command Default No bandwidth is specified.

ATM overhead accounting is disabled.
Command Modes Policy-map class configuration (config-pmap-c)

QOS-15

12.0(5)XE This command was integrated into Cisco IOS Release 12.0(5)XE and was
implemented on Versatile Interface Processor (VIP)-enabled Cisco 7500
series routers.
12.0(7)T The percent keyword was added.
12.0(17)SL This command was introduced on the Cisco 10000 series router.
12.0(22)S Support for the percent keyword was added on the Cisco 10000 series router.
12.0(23)SX Support for the remaining percent keyword was added on the Cisco 10000
series router.
12.1(5)T This command was implemented on VIP-enabled Cisco 7500 series routers.
12.2(2)T The remaining percent keyword was added.
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(31)SB This command was implemented on the Cisco 10000 series routers.
12.2(31)SB2 This command was introduced on the PRE3 for the Cisco 10000 series router,
and was enhanced for ATM overhead accounting on the Cisco 10000 series
router for the PRE3.
12.2(31)SB6 This command was enhanced to specify an offset size when calculating ATM
overhead and was implemented on the Cisco 10000 series router for the
PRE3.
12.2(33)SRC Support for the Cisco 7600 series router was added.
12.2(33)SB Support for the Cisco 7300 series router was added.
12.4(20)T Support was added for hierarchical queueing framework (HQF) using the
Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
Usage Guidelines Configuring a Policy Map

Use the bandwidth command when you configure a policy map for a class defined by the class-map
command. The bandwidth command specifies the bandwidth for traffic in that class. Class-based
weighted fair queueing (CBWFQ) derives the weight for packets belonging to the class from the
bandwidth allocated to the class. CBWFQ then uses the weight to ensure that the queue for the class is
serviced fairly.
Configuring Strict Priority with Bandwidth

You can configure only one class with strict priority. Other classes cannot have priority or bandwidth
configuration. To configure minimum bandwidth for another class, use the bandwidth remaining
percent command.
Specifying Bandwidth as a Percentage for All Supported Platforms Except the Cisco 10000 Series Routers
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth
as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion,
the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth

QOS-16
percentage is based on the interface bandwidth or when used in a hierarchical policy. Available
bandwidth is equal to the interface bandwidth minus the sum of all bandwidths reserved by the Resource
Reservation Protocol (RSVP) feature, the IP RTP Priority feature, and the low latency queueing (LLQ)
feature.
Note It is important to remember that when the bandwidth remaining percent command is configured, hard
bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class
bandwidths are always proportional to the specified percentages of the interface bandwidth. When the
link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If
the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in
kbps.
Specifying Bandwidth as a Percentage for the Cisco 10000 Series Routers

the classes are serviced in proportion to their configured bandwidth percentages. The minimum
bandwidth percentage is based on the nearest parent shape rate.
bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class
bandwidths are always proportional to the specified percentages of the interface bandwidth. When the
link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If
the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in
kbps.
The router converts the specified bandwidth to the nearest multiple of 1/255 (ESR–PRE1) or 1/65,535
(ESR–PRE2) of the interface speed. Use the show policy-map interface command to display the actual
bandwidth.
Restrictions for All Supported Platforms

The following restrictions apply to the bandwidth command:
• The amount of bandwidth configured should be large enough to also accommodate Layer 2
overhead.
• A policy map can have all the class bandwidths specified in kbps or all the class bandwidths
specified in percentages, but not a mix of both in the same class. However, the unit for the priority
command in the priority class can be different from the bandwidth unit of the nonpriority class.
• When the bandwidth percent command is configured, and a policy map containing class policy
configurations is attached to the interface to stipulate the service policy for that interface, available
bandwidth is assessed. If a policy map cannot be attached to a particular interface because of
insufficient interface bandwidth, the policy is removed from all interfaces to which it was
successfully attached. This restriction does not apply to the bandwidth remaining percent
command.
For more information on bandwidth allocation, see the “Congestion Management Overview” module in
the Cisco IOS Quality of Service Solutions Configuration Guide.
Note that when the policy map containing class policy configurations is attached to the interface to
stipulate the service policy for that interface, available bandwidth is assessed. If a policy map cannot be
attached to a particular interface because of insufficient interface bandwidth, then the policy is removed
from all interfaces to which it was successfully attached.

QOS-17
Modular QoS Command-Line Interface Queue Limits

The bandwidth command can be used with MQC to specify the bandwidth for a particular class. When
used with MQC, the bandwidth command uses a default queue limit for the class. This queue limit can
be modified using the queue-limit command, thereby overriding the default set by the bandwidth
command.
Note To meet the minimum bandwidth guarantees required by interfaces, it is especially important to modify
the default queue limit of high-speed interfaces by using the queue-limit command.
Cisco 10000 Series Router

The Cisco 10000 series router supports the bandwidth command on outbound interfaces only. It does
not support this command on inbound interfaces.
On the PRE2, you specify a bandwidth value and a unit for the bandwidth value. Valid values for the
bandwidth are from 1 to 2488320000 and units are bps, kbps, mbps, gbps. The default unit is kbps. For
example, the following commands configure a bandwidth of 10000 bps and 10000 kbps on the PRE2:
bandwidth 10000 bps
bandwidth 10000
On the PRE3, you only specify a bandwidth value. Because the unit is always kbps, the PRE3 does not
support the unit argument. Valid values are from 1 to 2000000. For example, the following command
configures a bandwidth of 128,000 kbps on the PRE3:
bandwidth 128000
The PRE3 accepts the PRE2 bandwidth command only if the command is used without the unit
argument. The PRE3 rejects the PRE2 bandwidth command if the specified bandwidth is outside the
valid PRE3 bandwidth value range (1 to 2000000).
the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth
percentage is based on the interface bandwidth or when used in a hierarchical policy the minimum
bandwidth percentage is based on the nearest parent shape rate.
bandwidth guarantees may not be provided and only relative bandwidths are assured. Class bandwidths
are always proportional to the specified percentages of the interface bandwidth. When the link
bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If the
link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in kbps.
The router converts the specified bandwidth to the nearest multiple of 1/255 (PRE1) or 1/65535 (PRE2,
PRE3) of the interface speed. Use the show policy-map interface command to display the actual
bandwidth.
Overhead Accounting for ATM (Cisco 10000 Series Router)

When configuring ATM overhead accounting, you must specify the BRAS-DSLAM, DSLAM-CPE, and
subscriber line encapsulation types. The router supports the following subscriber line encapsulation
types:
• snap-rbe

QOS-18
• mux-rbe
• snap-dot1q-rbe
• mux-dot1q-rbe
• snap-pppoa
• mux-pppoa
• snap-1483routed
• mux-1483routed
The user-defined offset values must match for the child and parent policies.
Examples Cisco 10000 Series Router: Example

In the following example, the policy map named VLAN guarantees 30 percent of the bandwidth to the
class named Customer1 and 60 percent of the bandwidth to the class named Customer2. If you apply the
VLAN policy map to a 1–Mbps link, 300 kbps (30 percent of 1 Mbps) is guaranteed to class Customer1
and 600 kbps (60 percent of 1 Mbps) is guaranteed to class Customer2, with 100 kbps remaining for the
class-default class. If the class-default class does not need additional bandwidth, the unused 100 kbps is
available for use by class Customer1 and class Customer2. If both classes need the bandwidth, they share
it in proportion to the configured rates. In this example, the sharing ratio is 30:60 or 1:2:
Router(config)# policy-map VLAN
Router(config-pmap)# class Customer1
Router(config-pmap-c)# bandwidth percent 30
Router(config-pmap-c)# exit
CBWFQ Bandwidth Guarantee: Example

The following example creates a policy map with two classes, shows how bandwidth is guaranteed when
only CBWFQ is configured, and attaches the policy to serial interface 3/2/1:
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap)# exit
Router(config)# interface serial3/2/1
Router(config-if)# service output policy1
The following output from the show policy-map command shows the configuration for the policy map
called policy1:
Router# show policy-map policy1
Policy Map policy1

Class class1
Weighted Fair Queueing
Bandwidth 50 (%) Max Threshold 64 (packets)
Class class2
Bandwidth 25 (%) Max Threshold 64 (packets)

QOS-19
The output from the show policy-map interface command shows that 50 percent of the interface
bandwidth is guaranteed for the class called class1, and 25 percent is guaranteed for the class called
class2. The output displays the amount of bandwidth as both a percentage and a number of kbps.
Router# show policy-map interface serial3/2
Serial3/2
Service-policy output:policy1
Class-map:class1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:none
Output Queue:Conversation 265
Bandwidth 50 (%)
Bandwidth 772 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
0 packets, 0 bytes
Match:none
Bandwidth 25 (%)
Class-map:class-default (match-any)
0 packets, 0 bytes
Match:any
In this example, serial interface 3/2 has a total bandwidth of 1544 kbps. During periods of congestion,
50 percent (or 772 kbps) of the bandwidth is guaranteed to the class called class1, and 25 percent
(or 386 kbps) of the link bandwidth is guaranteed to the class called class2.
CBWFQ and LLQ Bandwidth Allocation: Example

In the following example, the interface has a total bandwidth of 1544 kbps. During periods of congestion,
50 percent (or 772 kbps) of the bandwidth is guaranteed to the class called class1, and 25 percent
(or 386 kbps) of the link bandwidth is guaranteed to the class called class2.
The following sample output from the show policy-map command shows the configuration of a policy
map called p1:
Router# show policy-map p1
Policy Map p1
Class voice
Strict Priority
Bandwidth 500 (kbps) Burst 12500 (Bytes)
Class class1
Bandwidth remaining 50 (%) Max Threshold 64 (packets)
Class class2

QOS-20
The following output from the show policy-map interface command on serial interface 3/2 shows that
500 kbps of bandwidth is guaranteed for the class called voice1. The classes called class1 and class2
receive 50 percent and 25 percent of the remaining bandwidth, respectively. Any unallocated bandwidth
is divided proportionally among class1, class2, and any best-effort traffic classes.
Note Note that in this sample output (unlike many of the others earlier in this section) the bandwidth is
displayed only as a percentage for class 1 and class 2. Bandwidth expressed as a number of kbps is not
displayed because the percent keyword was used with the bandwidth remaining command. The
bandwidth remaining percent command allows you to allocate bandwidth as a relative percentage of
the total bandwidth available on the interface.
Serial3/2
Service-policy output:p1
Class-map:voice (match-all)
0 packets, 0 bytes
Match:ip precedence 5
Strict Priority
(total drops/bytes drops) 0/0
0 packets, 0 bytes
Match:none
0 packets, 0 bytes
Match:none
0 packets, 0 bytes
Match:any

QOS-21
Traffic Shaping Overhead Accounting for ATM: Example

When a parent policy has ATM overhead accounting enabled, you are not required to enable ATM
overhead accounting on a child traffic class that does not contain the bandwidth or shape command. In
the following configuration example, ATM overhead accounting is enabled for bandwidth on the gaming
and class-default class of the child policy map named subscriber_classes and on the class-default class
of the parent policy map named subscriber_line. The voip and video classes do not have ATM overhead
accounting explicitly enabled; these priority queues have overhead accounting implicitly enabled
because ATM overhead accounting is enabled on the parent policy. Notice that the features in the parent
and child policies use the same encapsulation type.
Router(config)# policy-map subscriber_classes
Router(config-pmap)# class voip
Router(config-pmap-c)# priority level 1
Router(config-pmap-c)# police 8000
Router(config-pmap)# class video
Router(config-pmap)# class gaming
Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-rbe-dot1q
Router(config-pmap)# class class-default
Router(config-pmap-c)# bandwidth remaining percent 20 account aal5 snap-rbe-dot1q
Router(config-pmap-c)# policy-map subscriber_line
Router(config-pmap-c)# bandwidth remaining ratio 10 account aal5 snap-rbe-dot1q
Router(config-pmap-c)# shape average 512 account aal5 snap-rbe-dot1q
Router(config-pmap-c)# service policy subscriber_classes
In the following example, the router uses 20 overhead bytes and ATM cell tax in calculating ATM
overhead. The child and parent policies contain the required matching offset values. The parent policy
is attached to virtual template 1.
Router(config)# policy-map child
Router(config-pmap-c)# bandwidth 500 account user-defined 20 atm
Router(config-pmap-c)# shape average 30000 account user-defined 20 atm
Router(config)# exit
Router(config)# Router(config-pmap)#Router(config-pmap-c)#Router(config-pmap-c)# Router(co
nfig-pmap-c)# exit
Router(config)# Router(config-if)# Router(config-if)# end

class (policy-map) Specifies the name of the class whose policy you want to create or
change, and the default class (commonly known as the
class-default class) before you configure its policy.
class-map Creates a class map to be used for matching packets to a specified
class.
max-reserved-bandwidth Changes the percent of interface bandwidth allocated for
CBWFQ, LLQ, and IP RTP Priority.

QOS-22
Command Description
policy-map Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
priority Specifies the priority of a class of traffic belonging to a policy
map.
queue-limit Specifies or modifies the maximum number of packets the queue
can hold for a class policy configured in a policy map.
random-detect (interface) Enables WRED or DWRED.
random-detect Configures the WRED and DWRED exponential weight factor for
exponential-weighting- the average queue size calculation.
constant
random-detect precedence Configures WRED and DWRED parameters for a particular IP
precedence.
show policy-map Displays the configuration of all classes for a specified service
policy map or all classes for all existing policy maps.
show policy-map interface Displays the packet statistics of all classes that are configured for
all service policies either on the specified interface or subinterface
or on a specific PVC on the interface.

QOS-23
bandwidth remaining ratio

To specify a bandwidth-remaining ratio for class-level or subinterface-level queues to be used during
congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to
nonpriority queues, use the bandwidth remaining ratio command in policy-map class configuration
mode. To remove the bandwidth-remaining ratio, use the no form of this command.
bandwidth remaining ratio ratio
no bandwidth remaining ratio ratio
Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
bandwidth remaining ratio ratio [account {qinq | dot1q} [aal5] {subscriber-encapsulation |

user-defined offset}]
no bandwidth remaining ratio ratio [account {qinq | dot1q} [aal5] {subscriber-encapsulation |

user-defined offset}]
Cisco ASR 1000 Series Router
bandwidth remaining ratio ratio
no bandwidth remaining ratio ratio
Syntax Description ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues. Valid values are from 1 to 1000. At the
subinterface level, the default value is platform dependent. At the class
queue level, the default is 1.
Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues.
Note For the Cisco 7300 series router and 7600 series router, valid values
are from 1 to 10000, and the default value is 1.
Note For the Cisco 10000 series router, valid values are from 1 to 1000,
and the default is 1.
account (Optional) Enables ATM overhead accounting.
qinq (Optional) Specifies queue-in-queue encapsulation as the BRAS-DSLAM
encapsulation type.
dot1q (Optional) Specifies IEEE 802.1Q VLAN encapsulation as the
BRAS-DSLAM encapsulation type.
aal5 (Optional) Specifies the ATM adaptation layer 5 that supports
connection-oriented variable bit rate (VBR) services.
subscriber-encapsulation (Optional) Specifies the encapsulation type at the subscriber line.
Encapsulation type varies according to subscriber line.

QOS-24
user-defined offset (Optional) Specifies the offset size, in bytes, that the router uses when
calculating the ATM overhead.
Note For the Cisco 7300 series router and 7600 series router, valid values
are from –48 to +48.
Note For the Cisco 10000 series router, valid values are from –63 to +63.
Cisco ASR 1000 Series Routers
ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues. Valid values are from 1 to 1000. At the
subinterface level and class-queue level, the default is 1.
Command Default For most platforms, the default bandwidth ratio is 1.

When using default bandwidth-remaining ratios at the subinterface level, the Cisco 10000 series router
distinguishes between interface types. At the subinterface level, the default bandwidth-remaining ratio
is 1 for VLAN subinterfaces and Frame Relay DLCIs. For ATM subinterfaces, the router computes the
default bandwidth-remaining ratio based on the subinterface speed.
When using default bandwidth-remaining ratios at the class level, the Cisco 10000 series router makes
no distinction between interface types. At the class level, the default bandwidth-remaining ratio is 1.
Command Modes Policy-map class (config-pmap-c)

12.2(31)SB2 This command was introduced and implemented on the Cisco 10000 series
router for the PRE3.
12.2(33)SRC This command was implemented on the Cisco 7600 series router. Additional
keywords and arguments were added to support ATM overhead accounting
(optional) on the Cisco 7600 series router and the Cisco 10000 series router
for the PRE3.
12.2(33)SB Support for the Cisco 7300 series router was added. The additional keyword
and arguments associated with ATM overhead accounting are also
supported.
Cisco IOS XE 2.1 This command integrated into Cisco IOS XE Release 2.1 and was
implemented on the Cisco ASR 1000 series router.
Usage Guidelines Cisco 10000 Series Router

The scheduler uses the ratio specified in the bandwidth remaining ratio command to determine the
amount of excess bandwidth (unused by priority traffic) to allocate to a class-level queue or a
subinterface-level queue during periods of congestion. The scheduler allocates the unused bandwidth
relative to other queues or subinterfaces.

QOS-25
The bandwidth remaining ratio command cannot coexist with another bandwidth command in
different traffic classes of the same policy map. For example, the following configuration is not valid
and causes an error message to display:
policy-map Prec1
class precedence_0
bandwidth remaining ratio 10
class precedence_2
bandwidth 1000
For the PRE2, the bandwidth remaining ratio command can coexist with another bandwidth command
in the same class of a policy map. On the PRE3, the bandwidth remaining ratio command cannot
coexist with another bandwidth command in the same class. For example, the following configuration
is not valid on the PRE3 and causes an error message to display:
policy-map Prec1
class precedence_0
bandwidth 1000
In a hierarchical policy map in which the parent policy has only the class-default class defined with a
child queuing policy applied, the router accepts only the bandwidth remaining ratio form of the
bandwidth command in the class-default class.
The bandwidth remaining ratio command cannot coexist with the priority command in the same class.
For example, the following configuration is not valid and causes an error message to display:
policy-map Prec1
class precedence_1
priority
police percent 30
All of the queues for which the bandwidth remaining ratio command is not specified receive the
platform-specified minimum bandwidth-remaining ratio. The router determines the minimum
committed information rate (CIR) based on the configuration.
ATM Overhead Accounting (Optional)

The bandwidth remaining ratio command can also be used to enable ATM overhead accounting. To
enable ATM overhead accounting, use the account keyword and the subsequent keywords and arguments
as documented in the Syntax Description table.
Examples Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
The following example shows how to configure a bandwidth-remaining ratio on an ATM subinterface.
In the example, the router guarantees a peak cell rate of 50 Mbps for the variable bit rate-non-real time
(VBR-nrt) PVC 0/200. During periods of congestion, the subinterface receives a share of excess
bandwidth (unused by priority traffic) based on the bandwidth-remaining ratio of 10, relative to the other
subinterfaces configured on the physical interface.
policy-map Child
class precedence_0
bandwidth 10000
class precedence_1
shape average 100000
bandwidth 100
!
policy-map Parent
class class-default

QOS-26

service-policy Child
!
interface ATM2/0/3.200 point-to-point
ip address 10.20.1.1 255.255.255.0
pvc 0/200
protocol ip 10.20.1.2
vbr-nrt 50000
encapsulation aal5snap
service-policy output Parent
The following example shows how to configure bandwidth remaining ratios for individual class queues.
Some of the classes configured have bandwidth guarantees and a bandwidth-remaining ratio explicitly
specified. When congestion occurs within a subinterface level, the class queues receive excess
bandwidth (unused by priority traffic) based on their class-level bandwidth-remaining ratios: 20, 30,
120, and 100, respectively for the precedence_0, precedence_1, precedence_2, and precedence_5
classes. Normally, the precedence_3 class (without a defined ratio) would receive bandwidth based on
the bandwidth-remaining ratio of the class-default class defined in the Child policy. However, in the
example, the Child policy does not define a class-default bandwidth remaining ratio, therefore, the router
uses a ratio of 1 to allocate excess bandwidth to precedence_3 traffic.
policy-map Child
class precedence_0
class precedence_1
shape 10000
class precedence_2
class precedence_3
set ip precedence 3
class precedence_5
set ip precedence 5
policy-map Parent
class class-default
!
interface GigabitEthernet 2/0/1.10
encapsulation dot1q 10
service-policy output Parent
Overhead Accounting: Example

The following example shows how to configure overhead accounting by using the optional account
keyword and associated keywords and arguments.
policy-map subscriber_line
class class-default
bandwidth remaining ratio 10 account aal5 snap-rbe-dot1q
shape average 512 account dot1q aal5 snap-rbe-dot1q
service policy subscriber_classes

QOS-27

show policy-map Displays the configuration of all classes for a specified service policy
map or all classes for all existing policy maps. If configured, the
command output includes information about ATM overhead accounting
and bandwidth-remaining ratios, used to determine a queue’s fair share
of excess bandwidth during congestion.
show policy-map interface Displays the packet statistics of all classes that are configured for all
service policies either on the specified interface or subinterface or on a
specific PVC on the interface. If configured, the command output
includes information about bandwidth-remaining ratios, used to
determine a queue’s fair share of excess bandwidth during congestion.

QOS-28
bump
bump
To configure the bumping rules for a virtual circuit (VC) class that can be assigned to a VC bundle, use
the bump command in VC-class configuration mode. To remove the explicit bumping rules for the VCs
assigned to this class and return to the default condition of implicit bumping, use the no bump explicit
command or the bump implicit command. To specify that the VC bundle members do not accept any
bumped traffic, use the no form of this command.
To configure the bumping rules for a specific VC or permanent virtual circuit (PVC) member of a bundle,
use the bump command in bundle-vc or SVC-bundle-member configuration mode. To remove the
explicit bumping rules for the VC or PVC bundle member and return to the default condition of implicit
bumping, use the bump implicit command. To specify that the VC or PVC bundle member does not
accept any bumped traffic, use the no bump traffic command.
bump {explicit precedence-level | implicit | traffic}
no bump {explicit precedence-level | implicit | traffic}
Syntax Description explicit precedence-level Specifies the precedence level to which traffic on a VC or PVC will be
bumped when the VC or PVC goes down. Valid values for the
precedence-level argument are numbers from 0 to 7.
implicit Applies the implicit bumping rule, which is the default, to a single VC or
PVC bundle member or to all VCs in the bundle (VC-class mode). The
implicit bumping rule stipulates that bumped traffic is to be carried by a
VC or PVC with a lower precedence level.
traffic Specifies that the VC or PVC accepts bumped traffic (the default
condition). The no form stipulates that the VC or PVC does not accept
any bumped traffic.
Command Default Implicit bumping

Permit bumping (VCs accept bumped traffic)
Command Modes VC-class configuration (for a VC class)

Bundle-vc configuration (for an ATM VC bundle member)
SVC-bundle-member configuration (for an SVC bundle member)

12.2(4)T This command was made available in SVC-bundle-member
configuration mode.
12.0(23)S This command was made available in VC-class and bundle-vc
configuration modes on the 8-port OC-3 STM-1 ATM line card for
Cisco 12000 series Internet routers.
12.0(26)S This command was integrated into Cisco IOS Release 12.0(26)S and
implemented on the Cisco 10000 series router.

QOS-29
bump
Release Modification
12.2(16)BX This command was implemented on the ESR-PRE2.
Usage Guidelines Use the bump command in bundle-vc configuration mode (for an ATM VC bundle member) or
SVC-bundle-member configuration mode (for an SVC bundle member) to configure bumping rules for
a discrete VC or PVC bundle member. Use the bump command in VC-class configuration mode to
configure a VC class that can be assigned to a bundle member.
The effects of different bumping configuration approaches are as follows:
• Implicit bumping: If you configure implicit bumping, bumped traffic is sent to the VC or PVC
configured to handle the next lower precedence level. When the original VC or PVC that bumped
the traffic comes back up, the traffic that it is configured to carry is restored to it. If no other positive
forms of the bump command are configured, the bump implicit command takes effect.
• Explicit bumping: If you configure a VC or PVC with the bump explicit command, you can specify
the precedence level to which traffic will be bumped when that VC or PVC goes down, and the traffic
will be directed to a VC or PVC mapped with that precedence level. If the VC or PVC that picks up
and carries the traffic goes down, the traffic is subject to the bumping rules for that VC or PVC. You
can specify only one precedence level for bumping.
• Permit bumping: The VC or PVC accepts bumped traffic by default. If the VC or PVC has been
previously configured to reject bumped traffic, you must use the bump traffic command to return
the VC or PVC to its default condition.
• Reject bumping: To configure a discrete VC or PVC to reject bumped traffic when the traffic is
directed to it, use the no bump traffic command.
Note When no alternative VC or PVC can be found to handle bumped traffic, the bundle is declared down. To
avoid this occurrence, configure explicitly the bundle member VC or PVC that has the lowest precedence
level.
To use this command in VC-class configuration mode, you must enter the vc-class atm global
configuration command before you enter this command.
To use this command to configure an individual bundle member in bundle-VC configuration mode, first
issue the bundle command to enter bundle configuration mode for the bundle to which you want to add
or modify the VC member to be configured. Then use the pvc-bundle command to specify the VC to be
created or modified and enter bundle-vc configuration mode.
This command has no effect if the VC class that contains the command is attached to a standalone VC;
that is, if the VC is not a bundle member. In this case, the attributes are ignored by the VC.

QOS-30
bump
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next-highest precedence):
• VC configuration in bundle-vc mode
• Bundle configuration in bundle mode (with the effect of assigned VC-class configuration)
• Subinterface configuration in subinterface mode
Examples The following example configures the class called “five” to define parameters applicable to a VC in a
bundle. If the VC goes down, traffic will be directed (bumped explicitly) to a VC mapped with
precedence level 7.
vc-class atm five
ubr 5000
precedence 5
bump explicit 7
The following example configures the class called “premium-class” to define parameters applicable to a
VC in a bundle. Unless overridden with a bundle-vc bump configuration, the VC that uses this class will
not allow other traffic to be bumped onto it.
vc-class atm premium-class
no bump traffic
bump explicit 7

bundle Enters bundle configuration mode to create a bundle or modify an existing
bundle.
class Assigns a map class or VC class to a PVC or PVC bundle member.
class-vc Assigns a VC class to an ATM PVC, SVC, or VC bundle member.
dscp (frame-relay Specifies the DSCP value or values for a specific Frame Relay PVC bundle
vc-bundle-member) member.
precedence Configures precedence levels for a VC or PVC class that can be assigned to
a VC or PVC bundle and thus applied to all members of that bundle.
protect Configures a VC or PVC class with protected group or protected VC or PVC
status for application to a VC or PVC bundle member.
pvc-bundle Adds a PVC to a bundle as a member of the bundle and enters bundle-vc
configuration mode in order to configure that PVC bundle member.
pvc (frame-relay Creates a PVC and PVC bundle member and enters frame-relay
vc-bundle) vc-bundle-member configuration mode.
svc-bundle Creates or modifies a member of an SVC bundle.
ubr Configures UBR QoS and specifies the output peak cell rate for an ATM
PVC, SVC, VC class, or VC bundle member.
ubr+ Configures UBR QoS and specifies the output peak cell rate and output
minimum guaranteed cell rate for an ATM PVC, SVC, VC class, or VC
bundle member.

QOS-31
bump
Command Description
bundle.
vbr-nrt Configures the VBR-NRT QoS and specifies output peak cell rate, output
sustainable cell rate, and output maximum burst cell size for an ATM PVC,
SVC, VC class, or VC bundle member.
vc-class atm Configures a VC class or an ATM VC or interface.

QOS-32
bundle
bundle
To create a bundle or modify an existing bundle to enter bundle configuration mode, use the bundle
command in subinterface configuration mode. To remove the specified bundle, use the no form of this
command.
bundle bundle-name
no bundle bundle-name
Syntax Description bundle-name The name of the bundle to be created. The limit is 16 alphanumeric
characters.
Command Default No bundle is specified.
Command Modes Subinterface configuration

Usage Guidelines From within bundle configuration mode you can configure the characteristics and attributes of the bundle
and its members, such as the encapsulation type for all virtual circuits (VCs) in the bundle, the bundle
management parameters, and the service type. Attributes and parameters you configure in bundle
configuration mode are applied to all VC members of the bundle.
next highest precedence):
• Bundle configuration in bundle mode
To display status on bundles, use the show atm bundle and show atm bundle statistics commands.

QOS-33
bundle
Examples The following example configures a bundle called bundle1. The example specifies the IP address of the
subinterface and the router protocol—the router uses Intermediate System-to-Intermediate System
(IS-IS) as an IP routing protocol—then configures the bundle.
interface atm1/0.1 multipoint
ip address 10.0.0.1 255.255.255.0
ip router isis
bundle bundle1

class-bundle Configures a VC bundle with the bundle-level commands
contained in the specified VC class.
oam-bundle Enables end-to-end F5 OAM loopback cell generation and OAM
management for all VC members of a bundle, or for a VC class
that can be applied to a VC bundle.
pvc-bundle Adds a PVC to a bundle as a member of the bundle and enters
bundle-vc configuration mode in order to configure that PVC
bundle member.
show atm bundle Displays the bundle attributes assigned to each bundle VC
member and the current working status of the VC members.
show atm bundle statistics Displays statistics on the specified bundle.

QOS-34
bundle svc
bundle svc
To create or modify a switched virtual circuit (SVC) bundle, use the bundle svc command in interface
configuration mode. To remove the specified bundle, use the no form of this command.
bundle svc bundle-name nsap nsap-address
no bundle svc bundle-name nsap nsap-address
Syntax Description bundle-name Unique bundle name that identifies the SVC bundle in the router. The bundle
names at each end of the virtual circuit (VC) must be the same. Length limit
is 16 alphanumeric characters.
nsap nsap-address Destination network services access point (NSAP) address of the SVC
bundle.
Command Default No SVC bundle is created or modified.

Usage Guidelines This command causes the system to enter SVC-bundle configuration mode. The bundle name must be
the same on both sides of the VC.
From SVC-bundle configuration mode, you can configure the characteristics and attributes of the bundle
and its members, such as the encapsulation type for all virtual circuits (VCs) in the bundle, the bundle
management parameters, the service type, and so on. Attributes and parameters you configure in
SVC-bundle configuration mode are applied to all VC members of the bundle.
• VC configuration in bundle-VC mode
• Bundle configuration in bundle mode
To display the status of bundles, use the show atm bundle svc and show atm bundle svc statistics
commands.

QOS-35
bundle svc
Examples The following example configures an SVC bundle called “sanfrancisco”:

interface ATM1/0.1 multipoint
ip address 10.0.0.1 255.255.255.0
atm esi-address 111111111111.11
bundle svc sanfrancisco nsap 47.0091810000000003E3924F01.999999999999.99
protocol ip 10.0.0.2
broadcast
oam retry 4 3 10
oam-bundle manage
svc-bundle seven
class-vc seven
svc-bundle six
class-vc six
svc-bundle five
class-vc five
svc-bundle four
class-vc four
svc-bundle three
class-vc three
svc-bundle two
class-vc two
svc-bundle one
class-vc one
svc-bundle zero
class-vc zero

class-bundle Configures a VC bundle with the bundle-level commands contained in the
specified VC class.
management for all VC members of a bundle, or for a VC class that can be
applied to a VC bundle.
show atm bundle svc Displays the bundle attributes assigned to each bundle VC member and the
current working status of the VC members.
show atm bundle svc Displays statistics on the specified bundle.
statistics

QOS-36
class (EtherSwitch)
class (EtherSwitch)
To define a traffic classification for a policy to act on using the class-map name or access group, use the
class command in policy-map configuration mode. To delete an existing class map, use the no form of
this command.
class class-map-name [access-group acl-index-or-name]
no class class-map-name
Syntax Description class-map-name Name of the class map.

access-group (Optional) Number or name of an IP standard or extended access control list
acl-index-or-name (ACL). For an IP standard ACL, the index range is 1 to 99 and 1300 to 1999;
for an IP extended ACL, the index range is 100 to 199 and 2000 to 2699.
Command Default No policy-map class maps are defined.
Command Modes Policy-map configuration

12.1(6)EA2 This command was introduced.
12.2(15)ZJ This command was implemented on the following platforms: Cisco 2600
series, Cisco 3600 series, and Cisco 3700 series routers.
12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T on the
following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700
series routers.
Usage Guidelines Before you use the class (EtherSwitch) command, use the policy-map global configuration command to
identify the policy map and to enter policy-map configuration mode. After you specify a policy map, you
can configure a policy for new classes or modify a policy for any existing classes in that policy map. You
attach the policy map to an interface by using the service-policy interface configuration command;
however, you cannot attach one that uses an ACL classification to the egress direction.
The class name that you specify in the policy map ties the characteristics for that class to the class map
and its match criteria as configured by using the class-map global configuration command.
The class (EtherSwitch) command performs the same function as the class-map global configuration
command. Use the class (EtherSwitch) command when a new classification, which is not shared with
any other ports, is needed. Use the class-map command when the map is shared among many ports.
Note In a policy map, the class named “class-default” is not supported. The Ethernet switch network module
does not filter traffic on the basis of the policy map defined by the class class-default policy-map
configuration command.

QOS-37
class (EtherSwitch)
After entering the class (EtherSwitch) command, you enter policy-map class configuration mode. When
you are in this mode, these configuration commands are available:
• default: sets a command to its default.
• exit: exits policy-map class configuration mode and returns to policy-map configuration mode.
• no: returns a command to its default setting.
• police: defines a policer for the classified traffic. The policer specifies the bandwidth limitations and
the action to take when the limits are exceeded. For more information, see the police command.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Note For more information about configuring IP ACLs, refer to the “Configuring IP Services” chapter in the
Cisco IOS IP Application Services Configuration Guide.
Examples The following example shows how to create a policy map named “policy1.” When attached to the ingress
port, it matches all the incoming traffic defined in class1 and polices the traffic at an average rate of
1 Mbps and bursts at 131072 bytes. Traffic exceeding the profile is dropped.
Router(config-pmap-c)# police 1000000 131072 exceed-action drop
You can verify your settings by entering the show policy-map privileged EXEC command.

class-map Creates a class map to be used for matching packets to the class whose name
you specify.
match (class-map Defines the match criteria to classify traffic.
configuration)
police Configures traffic policing.
policy-map Creates or modifies a policy map that can be attached to multiple interfaces
to specify a service policy.
service-policy Attaches a policy map to an input interface or VC, or an output interface or
show policy-map Displays QoS policy maps.

QOS-38
class (policy-map)
class (policy-map)
To specify the name of the class whose policy you want to create or change or to specify the default class
(commonly known as the class-default class) before you configure its policy, use the class command in
policy-map configuration mode. To remove a class from the policy map, use the no form of this
command.
class {class-name | class-default} [insert-before class-name]
no class {class-name | class-default}
Syntax Description class-name Name of the class to be configured or whose policy is to be modified. The
class name is used for both the class map and to configure a policy for the
class in the policy map.
class-default Specifies the default class so that you can configure or modify its policy.
insert-before (Optional) Adds a class map between any two existing class maps.
class-name
Inserting a new class map between two existing class map provides more
flexibility when modifying existing policy map configurations. Without this
option, the class map is appended to the end of the policy map.
This keyword is supported only on flexible packet matching (FPM) policies.
Command Default No class is specified.
Command Modes QoS policy-map configuration

12.0(5)XE This command was integrated into Cisco IOS Release 12.0(5)XE.
12.1(1)E This command was integrated into Cisco IOS Release 12.1(1)E.
12.2(14)SX Support for this command was introduced on Cisco 7600 routers.
12.2(17d)SXB This command was implemented on the Cisco 7600 router and integrated
into Cisco IOS Release 12.2(17d)SXB.
12.2(18)SXE The class-default keyword was added to the Cisco 7600 router.
12.4(4)T The insert-before class-name option was added.
12.2(31)SB2 This command was introduced on the PRE3 for the Cisco 10000 series
router.
12.2(18)ZY The insert-before class-name option was integrated into Cisco IOS
Release 12.2(18)ZY on the Catalyst 6500 series of switches equipped with
the Programmable Intelligent Services Accelerator (PISA).

QOS-39
class (policy-map)
Usage Guidelines Policy Map Configuration Mode

Within a policy map, the class (policy-map) command can be used to specify the name of the class whose
policy you want to create or change. First, the policy map must be identified.
To identify the policy map (and enter the required policy-map configuration mode), use the policy-map
command before you use the class (policy-map) command. After you specify a policy map, you can
configure policy for new classes or modify the policy for any existing classes in that policy map.
Class Characteristics
The class name that you specify in the policy map ties the characteristics for that class—that is, its
policy—to the class map and its match criteria, as configured using the class-map command.
When you configure policy for a class and specify its bandwidth and attach the policy map to an
interface, class-based weighted fair queueing (CBWFQ) determines if the bandwidth requirement of the
class can be satisfied. If so, CBWFQ allocates a queue for the bandwidth requirement.
When a class is removed, available bandwidth for the interface is incremented by the amount previously
allocated to the class.
The maximum number of classes that you can configure for a router—and, therefore, within a policy
map—is 64.
Predefined Default Class

The class-default keyword is used to specify the predefined default class called class-default. The
class-default class is the class to which traffic is directed if that traffic does not match any of the match
criteria in the configured class maps.
Tail Drop or WRED

You can define a class policy to use either tail drop by using the queue-limit command or Weighted
Random Early Detection (WRED) by using the random-detect command. When using either tail drop
or WRED, note the following points:
• The queue-limit and random-detect commands cannot be used in the same class policy, but they
can be used in two class policies in the same policy map.
• You can configure the bandwidth command when either the queue-limit command or the
random-detect command is configured in a class policy. The bandwidth command specifies the
amount of bandwidth allocated for the class.
• For the predefined default class, you can configure the fair-queue (class-default) command. The
fair-queue command specifies the number of dynamic queues for the default class. The fair-queue
command can be used in the same class policy as either the queue-limit command or the
random-detect command. It cannot be used with the bandwidth command.

The PRE2 allows you to configure 31 class queues in a policy map.
In a policy map, the PRE3 allows you to configure one priority level 1 queue, plus one priority level 2
queue, plus 12 class queues, plus one default queue.
Examples The following example configures three class policies included in the policy map called policy1. Class1
specifies policy for traffic that matches access control list 136. Class2 specifies policy for traffic on
interface ethernet101. The third class is the default class to which packets that do not satisfy configured
match criteria are directed.

QOS-40
class (policy-map)
! The following commands create class-maps class1 and class2

! and define their match criteria:
class-map class1
match access-group 136
class-map class2
match input-interface ethernet101
! The following commands create the policy map, which is defined to contain policy
! specification for class1, class2, and the default class:
policy-map policy1

Router(config-pmap-c)# bandwidth 2000
Router(config-pmap-c)# queue-limit 40

Router(config-pmap-c)# random-detect
Router(config-pmap-c)# random-detect exponential-weighting-constant 10

Router(config-pmap-c)# fair-queue 16
Class1 has these characteristics: A minimum of 2000 kbps of bandwidth is expected to be delivered to
this class in the event of congestion, and the queue reserved for this class can enqueue 40 packets before
tail drop is enacted to handle additional packets.
Class2 has these characteristics: A minimum of 3000 kbps of bandwidth is expected to be delivered to
this class in the event of congestion, and a weight factor of 10 is used to calculate the average queue size.
For congestion avoidance, WRED packet drop is used, not tail drop.
The default class has these characteristics: 16 dynamic queues are reserved for traffic that does not meet
the match criteria of other classes whose policy is defined by the policy map called policy1, and a
maximum of 20 packets per queue is enqueued before tail drop is enacted to handle additional packets.
Note When the policy map that contains these classes is attached to the interface to stipulate the service policy
for that interface, available bandwidth is assessed, taking into account all class policies and Resource
Reservation Protocol (RSVP), if configured.
The following example configures policy for the default class included in the policy map called policy8.
The default class has these characteristics: 20 dynamic queues are available for traffic that does not meet
the match criteria of other classes whose policy is defined by the policy map called policy8, and a weight
factor of 14 is used to calculate the average queue size. For congestion avoidance, WRED packet drop
is used, not tail drop.
The following example configures policy for a class called acl136 included in the policy map called
policy1. Class acl136 has these characteristics: a minimum of 2000 kbps of bandwidth is expected to be
delivered to this class in the event of congestion, and the queue reserved for this class can enqueue 40
packets before tail drop is enacted to handle additional packets. Note that when the policy map that
contains this class is attached to the interface to stipulate the service policy for that interface, available
bandwidth is assessed, taking into account all class policies and RSVP, if configured.

QOS-41
class (policy-map)

Router(config-pmap)# class acl136
The following example configures policy for a class called int101 included in the policy map called
policy8. Class int101 has these characteristics: a minimum of 3000 kbps of bandwidth are expected to
be delivered to this class in the event of congestion, and a weight factor of 10 is used to calculate the
average queue size. For congestion avoidance, WRED packet drop is used, not tail drop. Note that when
the policy map that contains this class is attached to the interface to stipulate the service policy for that
interface, available bandwidth is assessed.
Router(config-pmap)# class int101
The following example configures policy for the class-default default class included in the policy map
called policy1. The class-default default class has these characteristics: 10 hashed queues for traffic that
does not meet the match criteria of other classes whose policy is defined by the policy map called
policy1; and a maximum of 20 packets per queue before tail drop is enacted to handle additional
enqueued packets.
Router(config-pmap-c)# fair-queue
The following example configures policy for the class-default default class included in the policy map
called policy8. The class-default default class has these characteristics: 20 hashed queues for traffic that
does not meet the match criteria of other classes whose policy is defined by the policy map called
policy8; and a weight factor of 14 is used to calculate the average queue size. For congestion avoidance,
WRED packet drop is used, not tail drop.
The following example shows how to configure FPM for blaster packets. The class map contains the
following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start
of IP header.
load protocol disk2:ip.phdf
load protocol disk2:tcp.phdf
load protocol disk2:udp.phdf
class-map type stack match-all ip-tcp

match field ip protocol eq 0x6 next tcp
class-map type stack match-all ip-udp

match field ip protocol eq 0x11 next udp
class-map type access-control match-all blaster1

match field tcp dest-port eq 135
match start 13-start offset 3 size 2 eq 0x0030

Router(config-cmap)# match start 13-start offset 3 size 2 eq 0x0030

QOS-42
class (policy-map)

match field udp dest-port eq 69
policy-map type access-control fpm-tcp-policy

class blaster1
drop
class blaster2
drop
policy-map type access-control fpm-udp-policy

class blaster3
drop
policy-map type access-control fpm-policy

class ip-tcp
service-policy fpm-tcp-policy
class ip-udp
service-policy fpm-udp-policy
interface gigabitEthernet 0/1

service-policy type access-control input fpm-policy

bandwidth (policy-map class) Specifies or modifies the bandwidth allocated for a class
belonging to a policy map.
class.
fair-queue (class-default) Specifies the number of dynamic queues to be reserved for use by
the class-default class as part of the default class policy.
exponential-weighting-constant the average queue size calculation.
Precedence.

QOS-43
class arp-peruser
class arp-peruser
To create a control class for arp-peruser, use the class arp-peruser command in policy map
configuration mode. To remove the arp-peruser class, use the no form of this command.
class arp-peruser
no class arp-peruser
Command Default A control policy map is not created.
Command Modes Policy map configuration

12.2(33)SRB This command was introduced.
Usage Guidelines Use this command when creating a per-user policy map.
Examples The following example shows creating a per-user policy map.

Router(config-pmap)# class arp-peruser
Router(config)# policy-map copp-peruser
Router(config-pmap-c)# police rate 5 pps burst 50 packets
Router(config-pmap-c)# class dhcp-peruser

class-map arp-peruser Creates a class map to be used for matching ARP per–user packets.
policy-map copp-peruser Creates a policy map that defines a CoPP per-user policy.

QOS-44
class type tag
class type tag

To associate a class map with a policy map, use the class type tag command in policy map configuration
mode. To disassociate the command, use the no form of this command.
class type tag class-name [ insert-before {class-name}]
no class type tag class-name [ insert-before {class-name}]
Syntax Description class-name Name of the class map.

insert-before (Optional) Adds a class map between any two existing class maps.
class-name
Note Inserting a new class map between two existing class maps provides
more flexibility when modifying existing policy map
configurations. Without this option, the class map is appended to the
end of the policy map.
Command Default A class map is not associated with a policy map.
Command Modes Policy map configuration

Usage Guidelines If this command is used and the class is not configured, an error is generated. The error may be
something such as “% class map {name} not configured.” If the class needs to be inserted before a
specific class map, the insert-before keyword can be used. The insert-before keyword is typically
needed if the administrator is configuring any per-host class maps and would like it inserted before a
specific class map. The class type tag command creates the policy-map class configuration mode. There
can be multiple classes under the policy map.
Examples The following example shows the class map “usergroup1_class” is to be associated with a policy map:
class type tag usergroup1_class


QOS-45
class-bundle
class-bundle
To configure a virtual circuit (VC) bundle with the bundle-level commands contained in the specified
VC class, use the class-bundle command in bundle or SVC-bundle configuration mode. To remove the
VC class parameters from a VC bundle, use the no form of this command.
class-bundle vc-class-name
no class-bundle vc-class-name
Syntax Description vc-class-name Name of the VC class that you are assigning to your VC bundle.
Command Default No VC class is assigned to the VC bundle.
Command Modes Bundle configuration

SVC-bundle configuration

12.0T This command was introduced, replacing the class command for configuring
ATM VC bundles.
12.2(4)T This command was made available in SVC-bundle configuration mode.
Usage Guidelines To use this command, you must first enter the bundle or bundle svc command to create the bundle and
enter bundle or SVC-bundle configuration mode.
Use this command to assign a previously defined set of parameters (defined in a VC class) to an ATM
VC bundle. Parameters set through bundle-level commands that are contained in a VC class are applied
to the bundle and its VC members.
You can add the following commands to a VC class to be used to configure a VC bundle: broadcast,
encapsulation, inarp, oam-bundle, oam retry, and protocol.
Bundle-level parameters applied through commands that are configured directly on a bundle supersede
bundle-level parameters applied through a VC class by the class-bundle command. Some bundle-level
parameters applied through a VC class or directly to the bundle can be superseded by commands that
you directly apply to individual VCs in bundle-VC configuration mode.

QOS-46
class-bundle
Examples In the following example, a class called “class1” is created and then applied to the bundle called
“bundle1”:
! The following commands create the class class1:
vc-class atm class1
broadcast
protocol ip inarp
oam-bundle manage 3
oam 4 3 10
! The following commands apply class1 to the bundle called bundle1:

bundle bundle1
class-bundle class1
With hierarchy precedence rules taken into account, VCs belonging to the bundle called “bundle1” will
be characterized by these parameters: aal5snap, encapsulation, broadcast on, use of Inverse Address
Resolution Protocol (Inverse ARP) to resolve IP addresses, and Operation, Administration, and
Maintenance (OAM) enabled.

broadcast Configures broadcast packet duplication and transmission for an ATM VC
class, PVC, SVC, or VC bundle.
bundle Creates a bundle or modifies an existing bundle to enter bundle configuration
mode.
bundle svc Creates an SVC bundle or modifies an existing SVC bundle.
class-int Assigns a VC class to an ATM main interface or subinterface.
encapsulation Sets the encapsulation method used by the interface.
inarp Configures the Inverse ARP time period for an ATM PVC, VC class, or VC
bundle.
management for all VC members of a bundle, or for a VC class that can be
applied to a VC bundle.
oam retry Configures parameters related to OAM management for an ATM PVC, SVC,
VC class, or VC bundle.
protocol (ATM) Configures a static map for an ATM PVC, SVC, VC class, or VC bundle.
Enables Inverse ARP or Inverse ARP broadcasts on an ATM PVC by
configuring Inverse ARP either directly on the PVC, on the VC bundle, or in
a VC class (applies to IP and IPX protocols only).

QOS-47
class-map
class-map
To create a class map to be used for matching packets to a specified class, use the class-map command
in global configuration mode. To remove an existing class map from the router, use the no form of this
command.
Note The class-map command enters class-map configuration mode in which you can enter one of the match
commands to configure the match criteria for this class.
Cisco 2600, 3660, 3845, 6500, 7200, 7401, and 7500 Series Routers
class-map [type {stack | access-control | port-filter | queue-threshold | logging log-class}]

[match-all | match-any] class-map-name
no class-map [type {stack | access-control | port-filter | queue-threshold | logging log-class}]

[match-all | match-any] class-map-name
Cisco 7600 Series Routers
class-map class-map-name [match-all | match-any]
no class-map class-map-name [match-all | match-any]
Syntax Description type stack (Optional) Enables flexible packet matching (FPM) functionality to
determine the correct protocol stack to examine.
If the appropriate protocol header description files (PHDFs) have been
loaded onto the router (via the load protocol command), a stack of protocol
headers can be defined so that the filter can determine which headers are
present and in what order.
type access-control (Optional) Determines the exact pattern to look for in the protocol stack of
interest.
Note You must specify a stack class map (via the type stack keywords)
before you can specify an access-control class map (via the type
access-control keywords).
type port-filter (Optional) Creates a port-filter class map that enables the TCP/UDP port
policing of control plane packets. When enabled, it provides filtering of
traffic that is destined to specific ports on the control-plane host
subinterface.
type queue-threshold (Optional) Enables queue thresholding that limits the total number of
packets for a specified protocol that are allowed in the control plane IP input
queue. This feature applies only to the control-plane host subinterface.
type logging log-class (Optional) Enables logging of packet traffic on the control plane. The
log-class is the name of the log class. The name can be a maximum of 40
alphanumeric characters.

QOS-48
class-map
match-all (Optional) Determines how packets are evaluated when multiple match
criteria exist. Matches statements under this class map based on the logical
AND function. One statement and another are accepted. If you do not
specify the match-all or match-any keyword, the default keyword is
match-all.
match-any (Optional) Determines how packets are evaluated when multiple match
criteria exist. Matches statements under this class map based on the logical
OR function. One statement or another is accepted. If you do not specify the
match-any or match-all keyword, the default keyword is match-all.
class-map-name Name of the class for the class map. The name can be a maximum of
40 alphanumeric characters. The class name is used for both the class map
and to configure a policy for the class in the policy map.
Command Default No class map is configured by default.

12.2(14)SX Support for this command was introduced on Cisco 7600 series routers.
12.2(17d)SXB This command was implemented on the Cisco 7600 series routers and
integrated into Cisco IOS Release 12.2(17d)SXB.
12.4(4)T The type stack and type access-control keywords were added to support
FPM. The type port-filter and type queue-threshold keywords were added
to support Control Plane Protection.
12.4(6)T The type logging keyword was added to support control plane packet
logging.
12.2(18)ZY The type stack and type access-control keywords were integrated into
Cisco IOS Release 12.2(18)ZY on the Catalyst 6500 series of switches
equipped with the Programmable Intelligent Services Accelerator (PISA)
Usage Guidelines Cisco 2600, 3660, 3845, 6500, 7200, 7401, and 7500 Series Routers
Use the class-map command to specify the class that you will create or modify to meet the class-map
match criteria. This command enters class-map configuration mode in which you can enter one of the
match commands to configure the match criteria for this class. Packets that arrive at either the input
interface or the output interface (determined by how the service-policy command is configured) are
checked against the match criteria configured for a class map to determine if the packets belong to that
class.

QOS-49
class-map
When configuring a class map, you can use one or more match commands to specify match criteria. For
example, you can use the match access-group command, the match protocol command, or the match
input-interface command. The match commands vary according to the Cisco IOS release. For more
information about match criteria and match commands, see the “Modular Quality of Service
Command-Line Interface (CLI) (MQC)” chapter of the Cisco IOS Quality of Service Solutions
Configuration Guide.

You apply the class-map command and its subcommands on a per-interface basis to define packet
classification, marking, aggregate, and flow policing as part of a globally named service policy.
You can attach a service policy to an EtherChannel. Do not attach a service policy to a port that is a
member of an EtherChannel.
After you are in class-map configuration mode, the following configuration commands are available:
• exit—Used to exit from class-map configuration mode.
• no—Used to remove a match statement from a class map.
• match—Used to configure classification criteria. The following optional match subcommands are
available:
– access-group {acl-index | acl-name}
– ip {dscp | precedence} value1 value2 ... value8
The following subcommands appear in the CLI help but are not supported on LAN interfaces or WAN
interfaces on the Optical Service Modules (OSMs):
• input-interface {interface-type interface-number | null number | vlan vlan-id}
• protocol link-type
• destination-address mac mac-address
• source-address mac mac-address
OSMs are not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 32.
Policy Feature Card (PFC) QoS does not support the following commands:
• input-interface {interface-type interface-number | null number | vlan vlan-id}
• protocol link-type
• destination-address mac mac-address
• source-address mac mac-address
• qos-group group-value
If you enter these subcommands, PFC QoS does not detect the unsupported keywords until you attach a
policy map to an interface. When you try to attach the policy map to an interface, you get an error
message. For additional information, see the Cisco 7600 Series Router Cisco IOS Software
Configuration Guide and the Cisco IOS Release 12.2 Command Reference publications.
After you have configured the class-map name and are in class-map configuration mode, you can enter
the match access-group and match ip dscp subcommands. The syntax for these subcommands is as
follows:
match [[access-group {acl-index | acl-name}] | [ip {dscp | precedence} value]]
See Table 6 for a syntax description of the match subcommands.

QOS-50
class-map
Table 6 match Syntax Description
Optional Subcommand Description

access-group acl-index | (Optional) Specifies the access list index or access list names;
acl-name valid access list index values are from 1 to 2699.
access-group acl-name (Optional) Specifies the named access list.
ip dscp value1 value2 ... value8 (Optional) Specifies the IP DSCP values to match; valid values
are from 0 to 63. You can enter up to 8 DSCP values and separate
each value with one white space.
ip precedence value1 value2 ... (Optional) Specifies the IP precedence values to match; valid
value8 values are from 0 to 7. You can enter up to 8 precedence values
and separate each value with one white space.
Examples The following example specifies class101 as the name of a class, and it defines a class map for this class.
The class called class101 specifies policy for traffic that matches access control list 101.
Router(config)# class-map class101
Router(config-cmap)# match access-group 101
The following example shows how to define FPM traffic classes for slammer and UDP packets. The
match criteria defined within the class maps are for slammer and UDP packets with an IP length not to
exceed 404 bytes, UDP port 1434, and pattern 0x4011010 at 224 bytes from the start of the IP header.
Router(config)# load protocol disk2:ip.phdf
Router(config)# load protocol disk2:udp.phdf
Router(config)# class-map type stack match-all ip-udp

Router(config-cmap)# description “match UDP over IP packets”
Router(config-cmap)# match field ip protocol eq 0x11 next udp
Router(config)# class-map type access-control match-all slammer

Router(config-cmap)# description “match on slammer packets”
Router(config-cmap)# match field udp dest-port eq 0x59A
Router(config-cmap)# match field ip length eq 0x194
The following example shows how to configure a port-filter policy to drop all traffic that is destined to
closed or “nonlistened” ports except SNMP.
Router(config)# class-map type port-filter pf-class
Router(config-cmap)# match not port udp 123
Router(config-cmap)# match closed-ports
Router(config-cmap)# exit
Router(config)# policy-map type port-filter pf-policy
Router(config-pmap)# class pf-class
Router(config-pmap-c)# drop
Router(config-pmap-c)# end
The following example shows how to access the class-map commands and subcommands, configure a
class map named ipp5, and enter a match statement for IP precedence 5:
Router(config)# class-map ipp5
Router(config-cmap)# match ip precedence 5

QOS-51
class-map

class (policy-map) Specifies the name of the class whose policy you want to create or change,
and the default class (commonly known as the class-default class) before you
configure its policy.
class class-default Specifies the default class for a service policy map.
match (class-map) Configures the match criteria for a class map on the basis of port filter and/or
protocol queue policies.
match access-group Configures the match criteria for a class map on the basis of the specified
ACL.
match input-interface Configures a class map to use the specified input interface as a match
criterion.
match ip dscp Identifies one or more DSCP, AF, and CS values as a match criterion
match mpls Configures a class map to use the specified EXP field value as a match
experimental criterion.
match protocol Configures the match criteria for a class map on the basis of the specified
protocol.
policy-map Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
service-policy Attaches a policy map to an input interface or virtual circuit (VC) or to an
output interface or VC to be used as the service policy for that interface or
VC.
show class-map Displays class-map information.
show policy-map Displays the statistics and the configurations of the input and output policies
interface that are attached to an interface.

QOS-52
class-map arp-peruser
To create a class map to be used for matching Address Resolution Protocol (ARP) per-user packets, use
the class-map arp-peruser command in global configuration mode. To disable, use the no form of the
command.
no class map arp-peruser
Command Default No class map is configured.

Usage Guidelines Use this command to create an ARP class map when configuring CoPP.
Examples The following example shows creating an ARP class-map:

Router(config)# class-map arp-peruser
Router(config-cmap)# match protocol arp
Router(config-cmap)# match subscriber access

match protocol arp Matches ARP traffic to a policy map.
match subscriber Matches subscriber access traffic to a policy map.
access

QOS-53
clear control-plane
clear control-plane
To clear counters for control-plane interfaces or subinterfaces, use the clear control-plane command in
privileged EXEC mode.
clear control-plane [* | aggregate | host | transit | cef-exception]
Syntax Description * (Optional) Clears counters for all control-plane features.

aggregate (Optional) Clears counters for all features on the control-plane aggregate
path.
host (Optional) Clears counters for all features on the control-plane host feature
path.
transit (Optional) Clears counters for all features on the control-plane transit
feature path.
cef-exception (Optional) Clears counters for all features on the control-plane
CEF-exception feature path.
Command Modes Privileged EXEC

Usage Guidelines Use the clear control-plane command to clear counters for all features on the control-plane interfaces
or subinterfaces.
Examples The following example clears the counters for all features on the control-plane host feature path.
Router# clear control-plane host

control-plane Enters control-plane configuration mode, which allows you to associate or
modify attributes or parameters that are associated with the control plane of
the device.
debug control-plane Displays debugging output from the control-plane routines.
show control-plane Displays the control plane packet counters for the control-plane
cef-exception counters CEF-exception subinterface.
show control-plane Displays the configured features for the control-plane CEF-exception
cef-exception features subinterface.
show control-plane Displays the control-plane packet counters for the aggregate control-plane
counters interface.

QOS-54
clear control-plane
Command Description
show control-plane Displays the configured features for the aggregate control-plane interface.
features
show control-plane Displays the control-plane packet counters for the control-plane host
host counters subinterface.
show control-plane Displays the configured features for the control-plane host subinterface.
host features
show control-plane Displays a list of open TCP/UDP ports that are registered with the port-filter
host open-ports database.
show control-plane Displays the control-plane packet counters for the control-plane transit
transit counters subinterface.
show control-plane Displays the configured features for the control-plane transit subinterface.
transit features

QOS-55
clear ip rsvp authentication

To eliminate Resource Reservation Protocol (RSVP) security associations before their lifetimes expire,
use the clear ip rsvp authentication command in privileged EXEC mode.
clear ip rsvp authentication [ip-address | hostname]
Syntax Description ip-address (Optional) Frees security associations with a specific neighbor.
hostname (Optional) Frees security associations with a specific host.
Note The difference between the ip-address and hostname arguments is the difference of specifying the
neighbor by its IP address or by its name.
Command Default The default behavior is to clear all security associations.
Command Modes Privileged EXEC (#)

12.2(33)SXH This command was integrated into Cisco IOS Release 12.2(33)SXH.
Usage Guidelines Use the clear ip rsvp authentication command for the following reasons:
• To eliminate security associations before their lifetimes expire
• To free up memory
• To resolve a problem with a security association being in some indeterminate state
• To force reauthentication of neighbors
You can delete all RSVP security associations if you do not enter an IP address or a hostname, or just
the ones with a specific RSVP neighbor or host.
If you delete a security association, it is re-created as needed when the trusted RSVP neighbors start
sending more RSVP messages.
Examples The following command shows how to clear all security associations before they expire:
Router# clear ip rsvp authentication

QOS-56

ip rsvp authentication Controls how long RSVP maintains security associations with other trusted
lifetime RSVP neighbors.
show ip rsvp Displays the security associations that RSVP has established with other RSVP
authentication neighbors.

QOS-57
clear ip rsvp counters
clear ip rsvp counters

To clear (set to zero) all IP Resource Reservation Protocol (RSVP) counters that are being maintained,
use the clear ip rsvp counters command in privileged EXEC mode.
clear ip rsvp counters [confirm]
Syntax Description confirm (Optional) Requests a confirmation that all IP RSVP counters were cleared.

12.0(14)ST This command was introduced.
Usage Guidelines This command allows you to set all IP RSVP counters to zero so that you can see changes easily.
Examples In the following example, all IP RSVP counters that are being maintained are cleared:
Router# clear ip rsvp counters
Clear rsvp counters [confirm]

show ip rsvp counters Displays counts of RSVP messages that were sent and
received.

QOS-58
clear ip rsvp hello instance counters

To clear (refresh) the values for hello instance counters, use the clear ip rsvp hello instance counters
command in privileged EXEC mode.

12.0(22)S This command was introduced.
12.2(18)SXD1 This command was integrated into Cisco IOS Release 12.2(18)SXD1.
12.2(31)SB2 This command was integrated into Cisco IOS Release 12.2(31)SB2.
Examples Following is sample output from the show ip rsvp hello instance detail command and then the clear ip
rsvp hello instance counters command. Notice that the “Statistics” fields have been cleared to zero.
Router# show ip rsvp hello instance detail
Neighbor 10.0.0.2 Source 10.0.0.1

State: UP (for 2d18h)
Type: PASSIVE (responding to requests)
I/F: Et1/1
LSPs protecting: 0
Refresh Interval (msec) (used when ACTIVE)
Configured: 100
Statistics: (from 2398195 samples)
Min: 100
Max: 132
Average: 100
Waverage: 100 (Weight = 0.8)
Current: 100

QOS-59
Src_instance 0xA9F07C13, Dst_instance 0x9BBAA407

Counters:
Communication with neighbor lost:
Num times: 0
Reasons:
Missed acks: 0
Bad Src_Inst received: 0
Bad Dst_Inst received: 0
I/F went down: 0
Neighbor disabled Hello: 0
Msgs Received: 2398194
Sent: 2398195
Suppressed: 0
Router# clear ip rsvp hello instance counters

State: UP (for 2d18h)
Type: PASSIVE (responding to requests)
I/F: Et1/1
LSPs protecting: 0
Refresh Interval (msec) (used when ACTIVE)
Configured: 100
Statistics:
Min: 0
Max: 0
Average: 0
Waverage: 0
Current: 0
Src_instance 0xA9F07C13, Dst_instance 0x9BBAA407
Counters:
Num times: 0
Reasons:
Missed acks: 0
I/F went down: 0
Sent: 2398195
Suppressed: 0

ip rsvp signalling hello (configuration) Enables hello globally on a router.
ip rsvp signalling hello (interface) Enables hello on an interface where you need Fast
Reroute protection.
ip rsvp signalling hello statistics Enables hello statistics on a router.
show ip rsvp hello statistics Displays how long hello packets have been in the hello
input queue.

QOS-60
clear ip rsvp hello instance statistics

To clear hello statistics for an instance, use the clear ip rsvp hello instance statistics command in
Command Default Hello statistics are not cleared for an instance.

Examples This example shows sample output from the show ip rsvp hello statistics command and the values in
those fields after you enter the clear ip rsvp hello instance statistics command.
Router# show ip rsvp hello statistics
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:4
Current length: 0 (max:500)
Number of samples taken: 2398525
Router# clear ip rsvp hello instance statistics
Status: Enabled
Wait times (msec)
Current:0
Average:0
Max:0

QOS-61

ip rsvp signalling hello (configuration) Enables hello globally on a router.
Reroute protection.
input queue.

QOS-62
clear ip rsvp hello statistics

To clear hello statistics globally, use the clear ip rsvp hello statistics command in privileged EXEC
mode.
Command Default Hello statistics are not globally cleared.

12.2(31)SB2s This command was integrated into Cisco IOS Release 12.2(31)SB2.
Usage Guidelines Use this command to remove all information about how long hello packets have been in the hello input
queue.
Examples Following is sample output from the show ip rsvp hello statistics command and the clear ip rsvp hello
statistics command. Notice that the values in the “Packet arrival queue” fields have been cleared.
Status: Enabled
Wait times (msec)
Current:0
Average:0
Max:4

QOS-63
Router# clear ip rsvp hello statistics
Status: Enabled
Wait times (msec)
Current:0
Average:0
Max:0

input queue.

QOS-64
clear ip rsvp high-availability counters

To clear (set to zero) the Resource Reservation Protocol (RSVP) traffic engineering (TE) high
availability (HA) counters that are being maintained by a Route Processor (RP), use the clear ip rsvp
high-availability counters command in privileged EXEC mode.

12.2(33)SRA This command was introduced.
12.2(33)SRB Support for In-Service Software Upgrade (ISSU) was added.
Usage Guidelines Use the clear ip rsvp high-availability counters command to clear (set to zero) the HA counters, which
include state, ISSU, resource failures, and historical information.
Examples The following example clears all the HA information currently being maintained by the RP:
Router# clear ip rsvp high-availability counters

show ip rsvp Displays the RSVP TE HA counters that are being maintained by an RP.
high-availability
counters

QOS-65
clear ip rsvp msg-pacing

Note Effective with Cisco IOS Release 12.4(20)T, the clear ip rsvp msg-pacing command is not available in
Cisco IOS software. This command was replaced by the clear ip rsvp signalling rate-limit command.
To clear the Resource Reservation Protocol (RSVP) message pacing output from the show ip rsvp
neighbor command, use the clear ip rsvp msg-pacing command in privileged EXEC mode.

12.2(13)T This command was replaced by the clear ip rsvp signalling rate-limit
command.
12.4(20)T This command was removed.
Examples The following example clears the RSVP message pacing output:
Router# clear ip rsvp msg-pacing

show ip rsvp counters Displays the number of RSVP messages that were sent and
received.
show ip rsvp neighbor Displays the current RSVP neighbors and indicates
whether the neighbor is using IP or UDP encapsulation for
a specified interface or for all interfaces.

QOS-66
clear ip rsvp reservation

To remove Resource Reservation Protocol (RSVP) RESV-related receiver information currently in the
database, use the clear ip rsvp reservation command in EXEC mode.
clear ip rsvp reservation {session-ip-address sender-ip-address {tcp | udp | ip-protocol}

session-dport sender-sport | *}
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, it is the IP multicast address of the session.
sender-ip-address The IP address of the sender.
tcp | udp | ip-protocol TCP, User Datagram Protocol (UDP), or IP protocol in the range from 0 to
65535.
session-dport The destination port.
Note Port numbers are specified in all cases, because the use of 16-bit
ports following the IP header is not limited to UDP or TCP. If
destination is zero, source must be zero, and the implication is that
ports are not checked. If destination is nonzero, source must be
nonzero (except for wildcard filter (wf) reservations, for which the
source port is always ignored and can therefore be zero).
sender-sport The source port.
* Wildcard used to clear all senders.
Command Modes EXEC

11.2 This command was introduced.

QOS-67
Usage Guidelines Use the clear ip rsvp reservation command to remove the RESV-related sender information currently
in the database so that when reservation requests arrive, based on the RSVP admission policy, the
relevant ones can be reestablished.
Whenever you change the clockrate or bandwidth of an interface, RSVP does not update its database to
reflect the change. This is because such a change requires that RSVP reestablish reservations based on
the new clockrate or bandwidth value and arbitrarily dropping some reservations while retaining others
is not desired. The solution is to clear the RESV state by issuing the clear ip rsvp reservation command.
The clear ip rsvp reservation command clears the RESV state from the router on which you issued the
command and causes the router to send a PATH TEAR message to the upstream routers thereby clearing
the RESV state for that reservation on all the upstream routers.
Examples The following example clears all the RESV-related receiver information currently in the database:
Router# clear ip rsvp reservation *
The following example clears all the RESV-related receiver information for a specified reservation
currently in the database:
Router# clear ip rsvp reservation 10.2.1.1 10.1.1.2 udp 10 20

clear ip rsvp sender Removes RSVP PATH-related sender information currently in the database.

QOS-68
clear ip rsvp sender

To remove Resource Reservation Protocol (RSVP) PATH-related sender information currently in the
database, use the clear ip rsvp sender command in EXEC mode.
clear ip rsvp sender {session-ip-address sender-ip-address {tcp | udp | ip-protocol} session-dport

sender-sport | *}
sender-ip-address The IP address of the sender.
tcp | udp | ip-protocol TCP, User Datagram Protocol (UDP), or IP protocol in the range from 0 to
65535.
session-dport The destination port.
sender-sport The source port.
* Wildcard used to clear all senders.
Command Modes EXEC


QOS-69
Usage Guidelines Use the clear ip rsvp sender command to remove the PATH-related sender information currently in the
database so that when reservation requests arrive, based on the RSVP admission policy, the relevant ones
can be reestablished.
Whenever you change the clockrate or bandwidth of an interface, RSVP does not update its database to
reflect the change. This is because such a change requires that RSVP reestablish reservations based on
the new clockrate or bandwidth value and arbitrarily dropping some reservations while retaining others
is not desired. The solution is to clear the PATH state by issuing the clear ip rsvp sender command.
The clear ip rsvp sender command clears the PATH state from the router on which you issued the
command and causes the router to send a PATH TEAR message to the downstream routers thereby
clearing the PATH state for that reservation on all the downstream routers.
Examples The following example clears all the PATH-related sender information currently in the database:
Router# clear ip rsvp sender *
The following example clears all the PATH-related sender information for a specified reservation
currently in the database:
Router# clear ip rsvp sender 10.2.1.1 10.1.1.2 udp 10 20

clear ip rsvp Removes RSVP RESV-related receiver information currently in the
reservation database.

QOS-70
clear ip rsvp signalling fast-local-repair statistics

To clear (set to zero) the Resource Reservation Protocol (RSVP) fast local repair (FLR) counters, use
the clear ip rsvp signalling fast-local-repair statistics command in user EXEC or privileged EXEC
mode.
Syntax Description This command has no keywords or arguments.
Command Default The default is to clear all the RSVP FLR counters.
Command Modes User EXEC

Privileged EXEC

Usage Guidelines Use the clear ip rsvp signalling fast-local-repair statistics command to set all the RSVP FLR counters
to zero. The statistics include information about FLR procedures such as the current state, the start time,
and the repair rate.
Examples The following example clears all the RSVP FLR counters being maintained in the database:
Router# clear ip rsvp signalling fast-local-repair statistics

show ip rsvp signalling Displays FLR-related information.
fast-local-repair

QOS-71
clear ip rsvp signalling rate-limit

To clear (set to zero) the number of Resource Reservation Protocol (RSVP) messages that were dropped
because of a full queue, use the clear ip rsvp signalling rate-limit command in privileged EXEC mode.

12.2(13)T This command was introduced. This command replaces the clear ip rsvp
msg-pacing command.
Usage Guidelines Use the clear ip rsvp signalling rate-limit command to clear the counters recording dropped messages.
Examples The following command shows how all dropped messages are cleared:
Router# clear ip rsvp signalling rate-limit

debug ip rsvp rate-limit Displays debug messages for RSVP rate-limiting events.
ip rsvp signalling rate-limit Controls the transmission rate for RSVP messages sent to a
neighboring router during a specified amount of time.
show ip rsvp signalling rate-limit Displays rate-limiting parameters for RSVP messages.

QOS-72
clear ip rsvp signalling refresh reduction

To clear (set to zero) the counters associated with the number of retransmissions and the number of
out-of-order Resource Reservation Protocol (RSVP) messages, use the clear ip rsvp signalling refresh
reduction command in EXEC mode.
Command Modes EXEC

Usage Guidelines Use the clear ip rsvp signalling refresh reduction command to clear the counters recording
retransmissions and out-of-order RSVP messages.
Examples The following command shows how all the retransmissions and out-of-order messages are cleared:
Router# clear ip rsvp signalling refresh reduction

ip rsvp signalling Enables refresh reduction.
refresh reduction
show ip rsvp signalling Displays refresh-reduction parameters for RSVP messages.
refresh reduction

QOS-73
clear mls qos
clear mls qos

To clear the multilayer switching (MLS) aggregate-quality of service (QoS) statistics, use the
clear mls qos command in privileged EXEC mode.
clear mls qos [ip | ipx | mac | mpls | ipv6 | arp [interface-type interface-number |
null interface-number | port-channel number | vlan vlan-id]]
Syntax Description ip (Optional) Clears MLS IP aggregate-QoS statistics.

ipx (Optional) Clears MLS IPX aggregate-QoS statistics.
mac (Optional) Clears MLS MAC aggregate-QoS statistics.
mpls (Optional) Clears MLS MPLS aggregate-QoS statistics.
ipv6 (Optional) Clears MLS IPv6 aggregate QoS statistics.
arp (Optional) Clears MLS ARP aggregate QoS statistics.
interface-type (Optional) Interface type; possible valid values are ethernet, fastethernet,
gigabitethernet, and tengigabitethernet. See the “Usage Guidelines”
section for additional valid values.
interface-number (Optional) Module and port number; see the “Usage Guidelines” section for
valid values.
null (Optional) Specifies the null interface; the valid value is 0.
interface-number
port-channel (Optional) Specifies the channel interface; valid values are a maximum of
number 64 values ranging from 1 to 256.
vlan vlan-id (Optional) Specifies the VLAN ID; valid values are from 1 to 4094.
Command Default This command has no default settings.

12.2(14)SX Support for this command was introduced on the Supervisor Engine 720.
12.2(17a)SX This command was changed to include the mpls keywords.
12.2(17d)SXB Support for this command on the Supervisor Engine 2 was extended to
Release 12.2(17d)SXB.
12.2(18)SXD This command was changed to include the arp keyword.
12.2(18)SXE This command was changed to include the ipv6 and arp keywords on the
Supervisor Engine 720 only.

QOS-74
clear mls qos
Usage Guidelines The valid values for interface-type include the ge-wan, atm, and pos keywords that are supported on
Cisco 7600 series routers that are configured with a Supervisor Engine 2.
The ipx keyword is supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2 only.
The ipv6 and arp keywords are supported on Cisco 7600 series routers that are configured with a
The interface-number argument designates the module and port number. Valid values for
interface-number depend on the specified interface type and the chassis and module that are used. For
example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module
that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values
for the port number are from 1 to 48.
If you enter the clear mls qos command with no arguments, the global and per-interface aggregate QoS
counters for all protocols are cleared.
If you do not enter an interface type, the protocol aggregate-QoS counters for all interfaces are cleared.
Note Entering the clear mls qos command affects the policing token bucket counters and might briefly allow
traffic to be forwarded that would otherwise be policed.
Examples This example shows how to clear the global and per-interface aggregate-QoS counters for all protocols:
Router# clear mls qos
This example shows how to clear the specific protocol aggregate-QoS counters for all interfaces:
Router# clear mls qos ip

show mls qos Displays MLS QoS information.

QOS-75
compression header ip
To configure Real-Time Transport Protocol (RTP) or TCP IP header compression for a specific class,
use the compression header ip command in policy-map class configuration mode. To remove RTP or
TCP IP header compression for a specific class, use the no form of this command.
compression header ip [rtp | tcp]
no compression header ip
Syntax Description rtp (Optional) Configures RTP header compression.

tcp (Optional) Configures TCP header compression.
Defaults If you do not specify either RTP or TCP header compression (that is, you press the enter key after the
command name) both RTP and TCP header compressions are configured. This is intended to cover the
“all compressions” scenario.
Command Modes Policy-map class configuration

Usage Guidelines Using any form of the compression header ip command overrides any previously entered form.
The compression header ip command can be used at any level in the policy map hierarchy configured
with the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) feature.
Examples In the following example, the compression header ip command has been configured to use RTP header
compression for a class called “class1”. Class1 is part of policy map called “policy1”.
Router(config-pmap)# class-map class1
Router(config-pmap-c)# compression header ip rtp

QOS-76

show policy-map Displays the configuration of all classes for a specified service policy map
or all classes for all existing policy maps.
show policy-map class Displays the configuration for the specified class of the specified policy
map.
show policy-map Displays the packet statistics of all classes that are configured for all service
interface policies either on the specified interface or subinterface or on a specific
PVC on the interface.

QOS-77
control-plane
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or
parameters (such as a service policy) that are associated with the control plane of the device, use the
control-plane command in global configuration mode. To remove an existing control-plane
configuration from the router, use the no form of this command.
Syntax for T Releases
control-plane [host | transit | cef-exception]
no control-plane [host | transit | cef-exception]
Syntax for 12.0S Releases
control-plane [slot slot-number] [host | transit | cef-exception]
no control-plane [slot slot-number] [host | transit | cef-exception]
Syntax for 12.2S Releases for Cisco 7600 Series Routers
no control-plane
Syntax Description host (Optional) Applies policies to host control-plane traffic.

transit (Optional) Applies policies to transit control-plane traffic.
cef-exception (Optional) Applies policies to CEF-exception control-plane traffic.
slot slot-number (Optional) Specifies the slot number for the line card to which you want to
attach a QoS policy to perform distributed control-plane services.
Command Default No control-plane service policies are defined.

12.0(30)S The slot slot-number parameter was added to configure distributed Contol
Point (CP) services.
12.4(4)T The host, transit, and cef-exception keywords were added.

QOS-78
control-plane
Usage Guidelines After you enter the control-plane command, you can apply a control-plane policing (CoPP), port-filter,
or queue-threshold policy to police traffic destined for the control plane. You can define aggregate CoPPs
for the route processor (RP) and configure a service policy to police all traffic destined to the control
plane:
• From all line cards on the router (aggregate CP services)
• From all interfaces on a line card (distributed CP services)
Aggregate CP services manage traffic destined for the control plane and received on the central switch
engine from all line cards in the router.
Distributed CP services manage CP traffic from interfaces on a specified line card before CP packets are
forwarded to the central switch engine where aggregate CP services are applied.
Note On the Cisco 12000 series Internet router, you can combine distributed and aggregate CP services to
protect the control plane from DoS attacks and provide packet QoS. The slot slot-number parameter is
used only for distributed CP services configurations.
Control-plane policing includes enhanced control-plane functionality. It provides a mechanism for early
dropping of packets directed toward closed or nonlistened Cisco IOS TCP/UPD ports on the router. It
also provides the ability to limit protocol queue usage such that no single misbehaving protocol process
can wedge the control plane interface hold queue.
Note The control-plane command is supported by Cisco IOS Release 12.2S only for the Cisco 7600 router.
For other Cisco IOS releases, the Cisco 7600 supports only the no control-plane command to
discontinue a previously existing configuration condition.
With this enhancement, you can classify control-plane traffic into different categories of traffic. These
categories are as follows:
• Control-plane host subinterface—Subinterface that receives all control-plane IP traffic that is
directly destined for one of the router interfaces. Examples of control-plane host IP traffic include
tunnel termination traffic, management traffic, or routing protocols such as SSH, SNMP, BGP,
OSPF, and EIGRP. All host traffic terminates on and is processed by the router. Most control-plane
protection features and policies operate strictly on the control-plane host subinterface. Since most
critical router control-plane services, such as routing protocols and management traffic, are received
on the control-plane host subinterface, it is critical to protect this traffic through policing and
protection policies. CoPP, port-filtering, and per-protocol queue thresholding protection features
can be applied on the control-plane host subinterface.
• Control-plane transit subinterface—Subinterface that receives all control-plane IP traffic that is
software switched by the route processor. This means packets not directly destined to the router
itself but rather traffic traversing through the router. Nonterminating tunnels handled by the router
are an example of this type of control-plane traffic. Control-plane protection allows specific
aggregate policing of all traffic received at this subinterface.
• Control-plane CEF-exception subinterface—Subinterface that receives all traffic that is either
redirected as a result of a configured input feature in the CEF packet forwarding path for process
switching or directly enqueued in the control-plane input queue by the interface driver (for example,
ARP, L2 keepalives, and all non-IP host traffic). Control-plane protection allows specific aggregate
policing of this specific type of control-plane traffic.

QOS-79
control-plane
Examples The following example shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
to forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets to be policed at the specified rate. The QoS policy is then applied for aggregate CP services to
all packets that are entering the control plane from all line cards in the router.
! Allow 10.1.1.1 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Rate-limit all other Telnet traffic.
Router(config)# access-list 140 permit tcp any any eq telnet
! Define class map “telnet-class.”
Router(config)# class-map telnet-class
Router(config)# policy-map control-plane-in
Router(config-pmap)# class telnet-class
Router(config-pmap-c)# police 80000 conform transmit exceed drop
! Define aggregate control plane service for the active route pSrocessor.
Router(config)# control-plane
Router(config-cp)# service-policy input control-plane-in
Router(config-cp)# exit
The next example also shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
packets that enter through slot 1 to be policed at the specified rate. The QoS policy is applied for
distributed CP services to all packets that enter through the interfaces on the line card in slot 1 and are
destined for the control plane.
! Rate-limit all other Telnet traffic.
! Define class map “telnet-class.”
Router(config)# policy-map control-plane-in
! Define aggregate control plane service for the active route processor.
Router(config)# control-plane slot 1
Router(config-cp)# service-policy input control-plane-in
The following shows how to apply an aggregate CoPP policy to the host control-plane traffic by applying
it to the host control-plane feature path:
Router(config)# control-plane host
Router(config-cp)# service-policy input cpp-policy-host
The following shows how to apply an aggregate CoPP policy to the transit control-plane traffic by
applying it to the control-plane transit feature path:
Router(config)# control-plane transit
Router(config-cp)# service-policy input cpp-policy-transit

QOS-80
control-plane
The following shows how to apply an aggregate CoPP policy to the Cef-exception control-plane traffic
by applying it to the control-plane CEF-exception feature path:
Router(config)# control-plane cef-exception
Router(config-cp)# service-policy input cpp-policy-cef-exception

class (policy-map) Specifies the name of the class whose policy you want to create or change or
specifies the default class (commonly known as the class-default class)
before you configure its policy.
class-map Accesses the QoS class-map configuration mode to configure QoS class
maps.
drop Configures a traffic class to discard packets that belonging to a specific class.
match access-group Configures the match criteria for a class map on the basis of the specified
ACL.
policy-map Accesses QoS policy-map configuration mode to configure the QoS policy
map.
service-policy Attaches a policy map to the control plane for aggregate or distributed
(control-plane) control-plane services.
show policy-map Displays the configuration of a class or all classes for the policy map
control-plane attached to the control plane.

QOS-81
custom-queue-list
custom-queue-list
To assign a custom queue list to an interface, use the custom-queue-list command in interface
configuration mode. To remove a specific list or all list assignments, use the no form of this command.
custom-queue-list [list-number]
no custom-queue-list [list-number]
Syntax Description list-number Any number from 1 to 16 for the custom queue list.
Command Default No custom queue list is assigned.

Usage Guidelines Only one queue list can be assigned per interface. Use this command in place of the priority-list
interface command (not in addition to it). Custom queueing allows a fairness not provided with priority
queueing. With custom queueing, you can control the bandwidth available on the interface when the
interface is unable to accommodate the aggregate traffic enqueued. Associated with each output queue
is a configurable byte count, which specifies how many bytes of data should be delivered from the
current queue by the system before the system moves on to the next queue. When a particular queue is
being processed, packets are sent until the number of bytes sent exceeds the queue byte count or until
the queue is empty.
Use the show queueing custom and show interfaces commands to display the current status of the
custom output queues.
Examples In the following example, custom queue list number 3 is assigned to serial interface 0:
interface serial 0
custom-queue-list 3

QOS-82
custom-queue-list

priority-list interface Establishes queueing priorities on packets entering from a given
interface.
queue-list default Assigns a priority queue for those packets that do not match any other
rule in the queue list.
queue-list interface Establishes queueing priorities on packets entering on an interface.
queue-list queue byte-count Specifies how many bytes the system allows to be delivered from a
given queue during a particular cycle.
queue-list queue limit Designates the queue length limit for a queue.
show interfaces Displays statistics for all interfaces configured on the router or access
server.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.

QOS-83
description (class-map)
To add a description to the class map or the policy map, use the description command in class-map
configuration or policy-map configuration mode. To remove the description from the class map or the
policy map, use the no form of this command.
description character-string
no description
Syntax Description character-string Comment or a description that is added to the class map or the policy map.
The character-string cannot exceed 161 characters.
Defaults If this command is not issued, a description does not exist.
Command Modes Class-map configuration

Policy-map configuration

12.2(18)ZY This command was integrated into Cisco IOS Release 12.2(18)ZY on the
Catalyst 6500 series of switches equipped with the Programmable Intelligent
Services Accelerator (PISA).
Usage Guidelines The description command is meant solely as a comment to be put in the configuration to help you
remember information about the class map or policy map, such as which packets are included within the
class map.
Examples The following example shows how to specify a description within the class map “ip-udp” and the policy
map “fpm-policy”:
description “match UDP over IP packets”
!
description “drop worms and malicious attacks”
class ip-udp
!
!

QOS-84

class-map Creates a class map to be used for matching packets to a specified class.
policy-map Create or modifies a policy map that can be attached to one or more

QOS-85
disconnect qdm
disconnect qdm
To disconnect a Quality of Service Device Manager (QDM) client, use the disconnect qdm command
in EXEC or privileged EXEC mode.
disconnect qdm [client client-id]
Syntax Description client (Optional) Specifies that a specific QDM client will be disconnected.
client-id (Optional) Specifies the specific QDM identification number to disconnect.
A QDM identification number can be a number from 0 to 2,147,483,647.
Command Modes EXEC

Privileged EXEC

12.2(17d)SXB This command was implemented on the Supervisor Engine 2 and integrated
Usage Guidelines Use the disconnect qdm command to disconnect all QDM clients that are connected to the router.
Use the disconnect qdm [client client-id] command to disconnect a specific QDM client connected to
a router. For instance, using the disconnect qdm client 42 command will disconnect the QDM client
with the ID 42.
Note For the Cisco 7600 series QDM is not supported on Cisco Optical Services Module (OSM)
interfaces.
Examples The following example shows how to disconnect all connected QDM clients:
Router# disconnect qdm
The following example shows how to disconnect a specific QDM client with client ID 9:
Router# disconnect qdm client 9

QOS-86
disconnect qdm

show qdm status Displays the status of connected QDM clients.

QOS-87
drop
drop
To configure a traffic class to discard packets belonging to a specific class, use the drop command in
policy-map class configuration mode. To disable the packet discarding action in a traffic class, use the
no form of this command.
drop
no drop
Defaults Disabled

Usage Guidelines Note the following points when configuring the drop command to unconditionally discard packets in a
traffic class:
• Discarding packets is the only action that can be configured in a traffic class. That is, no other
actions can be configured in the traffic class.
• When a traffic class is configured with the drop command, a “child” (nested) policy cannot be
configured for this specific traffic class through the service policy command.
• Discarding packets cannot be configured for the default class known as the class-default class.
Examples In the following example a traffic class called “class1” has been created and configured for use in a
policy map called “policy1.” The policy map (service policy) is attached to an output serial interface 2/0.
All packets matching access-group 101 are placed in a class called “c1.” Packets belonging to this class
are discarded.
Router(config-cmap)# policy-map policy1
Router(config-pmap)# class c1
Router(config-pmap-c)# interface s2/0
Router(config-if)# service-policy output policy1

QOS-88
drop

show class-map Displays all class maps and their matching criteria.

QOS-89
dscp
dscp
To change the minimum and maximum packet thresholds for the differentiated services code point
(DSCP) value, use the dscp command in random-detect-group configuration mode. To return the
minimum and maximum packet thresholds to the default for the DSCP value, use the no form of this
command.
dscp dscp-value min-threshold max-threshold [mark-probability-denominator]
no dscp dscp-value min-threshold max-threshold [mark-probability-denominator]
Syntax Description dscp-value Specifies the DSCP value. The DSCP value can be a number from
0 to 63, or it can be one of the following keywords: ef, af11, af12,
af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2,
cs3, cs4, cs5, or cs7.
min-threshold Minimum threshold in number of packets. The value range of this
argument is from 1 to 4096. When the average queue length reaches
the minimum threshold, Weighted Random Early Detection
(WRED) randomly drops some packets with the specified DSCP
value.
max-threshold Maximum threshold in number of packets. The value range of this
argument is the value of the min-threshold argument to 4096. When
the average queue length exceeds the maximum threshold, WRED
drops all packets with the specified DSCP value.
mark-probability-denominator (Optional) Denominator for the fraction of packets dropped when
the average queue depth is at the maximum threshold. For example,
if the denominator is 512, one out of every 512 packets is dropped
when the average queue is at the maximum threshold. The value
range is from 1 to 65536. The default is 10; one out of every ten
packets is dropped at the maximum threshold.
Command Default If WRED is using the DSCP value to calculate the drop probability of a packet, all entries of the DSCP
table are initialized with the default settings shown in Table 7 of the “Usage Guidelines” section.
Command Modes Random-detect-group configuration


QOS-90
dscp
Usage Guidelines This command must be used in conjunction with the random-detect-group command.
Additionally, the dscp command is available only if you specified the dscp-based argument when using
the random-detect-group command.
Table 7 lists the DSCP default settings used by the dscp command. Table 7 lists the DSCP value, and its
corresponding minimum threshold, maximum threshold, and mark probability. The last row of the table
(the row labeled “default”) shows the default settings used for any DSCP value not specifically shown
in the table.
Table 7 dscp Default Settings
DSCP Minimum Maximum Mark

(Precedence) Threshold Threshold Probability
af11 32 40 1/10
af12 28 40 1/10
af13 24 40 1/10
af21 32 40 1/10
af22 28 40 1/10
af23 24 40 1/10
af31 32 40 1/10
af32 28 40 1/10
af33 24 40 1/10
af41 32 40 1/10
af42 28 40 1/10
af43 24 40 1/10
cs1 22 40 1/10
cs2 24 40 1/10
cs3 26 40 1/10
cs4 28 40 1/10
cs5 30 40 1/10
cs6 32 40 1/10
cs7 34 40 1/10
ef 36 40 1/10
rsvp 36 40 1/10
default 20 40 1/10
Examples The following example enables WRED to use the DSCP value af22. The minimum threshold for the
DSCP value af22 is 28, the maximum threshold is 40, and the mark probability is 10.
Router> enable
Router(config)# random-detect-group class1 dscp-based
Router(cfg-red-group)# dscp af22 28 40 10
Router(cfg-red-group)# end

QOS-91
dscp

random-detect-group Enables per-VC WRED or per-VC DWRED.
show queueing interface Displays the queueing statistics of an interface or VC.

QOS-92
estimate bandwidth
estimate bandwidth
To estimate the bandwidth needed per traffic class for given quality of service (QoS) targets based on
traffic data, use the estimate bandwidth command in policy-map class configuration mode. To disable
the estimated bandwidth processing, use the no form of this command.
estimate bandwidth [drop-one-in n] [delay-one-in n milliseconds n]
no estimate bandwidth
Syntax Description drop-one-in n (Optional) The packet loss rate; for example, a value of 999 means drop no
more than one packet out of 999. The range for n is 50 to 1000000 packets.
delay-one-in n (Optional) The packet delay time and probability; the range for n is 50 to
milliseconds n 1000000 packets. The delay threshold; the range for n is 8 to 1000
milliseconds.
Defaults Disabled

Usage Guidelines Use the estimate bandwidth command to specify the target drop probability, the delay time and
probability, and the timeframe.
If you specify a delay time, you must also specify a delay threshold.
If you issue the estimate bandwidth command with no keywords, the default target is drop less than
2 percent, which is the same as entering estimate bandwidth drop-one-in 500.
Examples In the following example, the QoS targets are drop no more than one packet in 100, and delay no more
than one packet in 100 by more than 50 milliseconds:
Router(config-pmap-c)# estimate bandwidth drop-one-in 100 delay-one-in 100 milliseconds 50

bandwidth Specifies or modifies the bandwidth allocated for a class belonging to a
(policy-map class) policy map.

QOS-93
exponential-weighting-constant
To configure the exponential weight factor for the average queue size calculation for a Weighted Random
Early Detection (WRED) parameter group, use the exponential-weighting-constant command in
random-detect-group configuration mode. To return the exponential weight factor for the group to the
default, use the no form of this command.
exponential-weighting-constant exponent
no exponential-weighting-constant
Syntax Description exponent Exponent from 1 to 16 used in the average queue size calculation.
Command Default The default weight factor is 9.

11.1(22)CC This command was introduced.
Usage Guidelines When used, this command is issued after the random-detect-group command is entered.
Use this command to change the exponent used in the average queue size calculation for a WRED
parameter group. The average queue size is based on the previous average and the current size of the
queue. The formula is:
average = (old_average * (1-1/2^x)) + (current_queue_size * 1/2^x)
where x is the exponential weight factor specified in this command. Thus, the higher the factor, the more
dependent the average is on the previous average.
Note The default WRED parameter values are based on the best available data. We recommend that you do
not change the parameters from their default values unless you have determined that your applications
would benefit from the changed values.
For high values of x, the previous average becomes more important. A large factor smooths out the peaks
and lows in queue length. The average queue size is unlikely to change very quickly. The WRED process
will be slow to start dropping packets, but it may continue dropping packets for a time after the actual
queue size has fallen below the minimum threshold. The resulting slow-moving average will
accommodate temporary bursts in traffic.

QOS-94
If the value of x gets too high, WRED will not react to congestion. Packets will be sent or dropped as if
WRED were not in effect.
For low values of x, the average queue size closely tracks the current queue size. The resulting average
may fluctuate with changes in the traffic levels. In this case, the WRED process will respond quickly to
long queues. Once the queue falls below the minimum threshold, the process will stop dropping packets.
If the value of x gets too low, WRED will overreact to temporary traffic bursts and drop traffic
unnecessarily.
Examples The following example configures the WRED group called sanjose with a weight factor of 10:
random-detect-group sanjose
exponential-weighting-constant 10

protect Configures a VC or PVC class with protected group or protected
VC or PVC status for application to a VC or PVC bundle member.
random-detect-group Defines the WRED or DWRED parameter group.

QOS-95
fair-queue (class-default)
To specify the number of dynamic queues to be reserved for use by the class-default class as part of the
default class policy, use the fair-queue command in policy-map class configuration mode. To delete the
configured number of dynamic queues from the class-default policy, use the no form of this command.
fair-queue [number-of-dynamic-queues]
no fair-queue [number-of-dynamic-queues]
Syntax Description number-of-dynamic-queues (Optional) A power of 2 that specifies the number of dynamic queues.
Range is from 16 to 4096.
Command Default The number of dynamic queues is derived from the interface or ATM permanent virtual circuit (PVC)
bandwidth. See Table 8 in the “Usage Guidelines” section for the default number of dynamic queues that
weighted fair queueing (WFQ) and class-based WFQ (CBWFQ) use when they are enabled on an
interface. See Table 9 in the “Usage Guidelines” section for the default number of dynamic queues used
when WFQ or CBWFQ is enabled on an ATM PVC.

Usage Guidelines This command can be used for the default class (commonly known as the class-default class) only. You
can use it in conjunction with either the queue-limit command or the random-detect command.
The class-default class is the default class to which traffic is directed if that traffic does not satisfy the
match criteria of other classes whose policy is defined in the policy map.
Table 8 lists the default number of dynamic queues that weighted fair queueing (WFQ) and class-based
WFQ (CBWFQ) use when they are enabled on an interface.
Table 8 Default Number of Dynamic Queues as a Function of Interface Bandwidth
Bandwidth Range Number of Dynamic Queues

Less than or equal to 64 kbps 16
More than 64 kbps and less than or equal to 128 kbps 32

QOS-96
Table 8 Default Number of Dynamic Queues as a Function of Interface Bandwidth (continued)

More than 512 kbps 256
Table 9 lists the default number of dynamic queues used when WFQ or CBWFQ is enabled on an
ATM PVC.
Table 9 Default Number of Dynamic Queues as a Function of ATM PVC Bandwidth

Less than or equal to 128 kbps 16
More than 8000 kbps 256
Examples The following example configures policy for the default class included in the policy map called policy9.
Packets that do not satisfy match criteria specified for other classes whose policies are configured in the
same service policy are directed to the default class, for which 16 dynamic queues have been reserved.
Because the queue-limit command is configured, tail drop is used for each dynamic queue when the
maximum number of packets are enqueued and additional packets arrive.
policy-map policy9
class class-default
fair-queue 16
queue-limit 20
The following example configures policy for the default class included in the policy map called policy8.
The fair-queue command reserves 20 dynamic queues to be used for the default class. For congestion
avoidance, Weighted Random Early Detection (WRED) packet drop is used, not tail drop.
policy-map policy8
class class-default
fair-queue 64
random-detect


QOS-97
fair-queue (DWFQ)
fair-queue (DWFQ)
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ), use the
fair-queue command in interface configuration mode. To disable DWFQ, use the no form of this
command.
fair-queue
no fair-queue
Command Default DWFQ is enabled by default for physical interfaces whose bandwidth is less than or equal to
2.048 Mbps.
DWFQ can be configured on interfaces but not subinterfaces. It is not supported on Fast EtherChannel,
tunnel, or other logical or virtual interfaces such as Multilink PPP (MLP).
See Table 10 in the “Usage Guidelines” section of this command for a list of the default queue lengths
and thresholds.

Usage Guidelines The fair-queue (DWFQ) command enables DWFQ on an interface using a VIP2-40 or greater interface
processor.
With DWFQ, packets are classified by flow. Packets with the same source IP address, destination IP
address, source TCP or User Datagram Protocol (UDP) port, destination TCP or UDP port, and protocol
belong to the same flow.
DWFQ allocates an equal share of the bandwidth to each flow.
Table 10 lists the default queue lengths and thresholds.
Table 10 Default Fair Queue Lengths and Thresholds
Queue or Threshold Default

Congestive discard threshold 64 messages

QOS-98
fair-queue (DWFQ)
Table 10 Default Fair Queue Lengths and Thresholds (continued)
Queue or Threshold Default

Dynamic queues 256 queues
Reservable queues 0 queues
Examples The following example enables DWFQ on the High-Speed Serial Interface (HSSI) interface 0/0/0:
interface Hssi0/0/0
description 45Mbps to R2
ip address 10.200.14.250 255.255.255.252
fair-queue

fair-queue (WFQ) Enables WFQ for an interface.
fair-queue Sets the maximum number of packets in all queues combined for
aggregate-limit DWFQ.
fair-queue Sets the maximum individual queue depth for DWFQ.
individual-limit
fair-queue limit Sets the maximum queue depth for a specific DWFQ class.
fair-queue qos-group Enables DWFQ and classifies packets based on the internal QoS-group
number.
fair-queue tos Enables DWFQ and classifies packets using the ToS field of packets.
server.
show interfaces Displays information and statistics about WFQ for a VIP-based
fair-queue interface.

QOS-99
fair-queue (policy-map class)

To specify the number of queues to be reserved for use by a traffic class, use the fair-queue command
in policy-map class configuration mode. To delete the configured number of queues from the traffic
class, use the no form of this command.
fair-queue [dynamic-queues]
no fair-queue [dynamic-queues]
Syntax Description dynamic-queues (Optional) A number specifying the number of dynamic conversation
queues. The number can be in the range of 16 to 4096.
Command Default No queues are reserved.

12.0(5)XE This command was integrated into Cisco IOS Release 12.0(5)XE and
implemented on Versatile Interface Processor (VIP)-enabled
Cisco 7500 series routers.
12.1(5)T This command was integrated into Cisco IOS Release 12.1(5)T and
was implemented on VIP-enabled Cisco 7500 series routers.
Usage Guidelines On a VIP, the fair-queue command can be used for any traffic class (as opposed to non-VIP platforms,
which can only use the fair-queue command in the default traffic class). The fair-queue command can
be used in conjunction with either the queue-limit command or the random-detect
exponential-weighting-constant command.
Examples The following example configures the default traffic class for the policy map called policy9 to reserve
ten queues for packets that do not satisfy match criteria specified for other traffic classes whose policy
is configured in the same service policy. Because the queue-limit command is configured, tail drop is
used for each queue when the maximum number of packets is enqueued and additional packets arrive.
policy-map policy9
class class-default
fair-queue 10
queue-limit 20

QOS-100
The following example configures a service policy called policy8 that is associated with a user-defined
traffic class called class1. The fair-queue command reserves 20 queues to be used for the service policy.
For congestion avoidance, Weighted Random Early Detection (WRED) or distributed WRED (DWRED)
packet drop is used, not tail drop.
policy-map policy8
class class1
fair-queue 20
random-detect exponential-weighting-constant 14

class class-default Specifies the default traffic class for a service policy map.
random-detect Configures the WRED and DWRED exponential weight factor
exponential-weighting-constant for the average queue size calculation.

QOS-101
fair-queue (WFQ)
fair-queue (WFQ)
To enable weighted fair queueing (WFQ), use the fair-queue command in interface configuration or
policy-map class configuration mode. To disable WFQ, use the no form of this command.
fair-queue [congestive-discard-threshold [dynamic-queues [reservable-queues]]]
no fair-queue
Syntax Description congestive-discard-threshold (Optional) Number of messages allowed in each queue. The range is
1 to 4096 and the default is 64 messages. When a conversation
reaches this threshold, new message packets are discarded.
dynamic-queues (Optional) Number of dynamic queues used for best-effort
conversations (that is, a normal conversation not requiring any
special network services). Values are 16, 32, 64, 128, 256, 512, 1024,
2048, and 4096. See Table 4 and Table 5 in the fair-queue
(class-default) command for the default number of dynamic queues.
reservable-queues (Optional) Number of reservable queues used for reserved
conversations in the range 0 to 1000. The default is 0. Reservable
queues are used for interfaces configured for features such as
Resource Reservation Protocol (RSVP).
Command Default Fair queueing is enabled by default for physical interfaces whose bandwidth is less than or equal to
2.048 Mbps and that do not use the following:
• X.25 and Synchronous Data Link Control (SDLC) encapsulations
• Link Access Procedure, Balanced (LAPB)
• Tunnels
• Loopbacks
• Dialer
• Bridges
• Virtual interfaces
Fair queueing is not an option for the protocols listed above. However, if custom queueing or priority
queueing is enabled for a qualifying link, it overrides fair queueing, effectively disabling it. Additionally,
fair queueing is automatically disabled if you enable the autonomous or silicon switching engine
mechanisms.
Note A variety of queueing mechanisms can be configured using multilink; for example, Multichassis
Multilink PPP (MMP). However, if only PPP is used on a tunneled interface—for example, virtual
private dialup network (VPND), PPP over Ethernet (PPPoE), or PPP over Frame Relay (PPPoFR)—no
queueing can be configured on the virtual interface.

QOS-102
fair-queue (WFQ)
The number of dynamic queues is derived from the interface or ATM permanent virtual circuit (PVC)
bandwidth. See Table 11 in the fair-queue (class-default) command for the default number of dynamic
queues that WFQ and class-based WFQ (CBWFQ) use when they are enabled on an interface. See
Table 11 in the fair-queue (class-default) command for the default number of dynamic queues used
when WFQ and CBWFQ are enabled on an ATM PVC.

Policy-map class configuration (config-pmap-c)

12.2(13)T This command was modified to remove apollo, vines, and xns from the list
of protocols and traffic stream discrimination fields. These protocols were
removed because Apollo Domain, Banyan VINES, and Xerox Network
Systems (XNS) were removed in this release.
12.4(20)T Support was added for hierarchical queueing framework (HQF) and
user-defined classes using the Modular Quality of Service (QoS)
Command-Line Interface (CLI) (MQC).
Usage Guidelines This command enables WFQ. With WFQ, packets are classified by flow. For example, packets with the
same source IP address, destination IP address, source TCP or User Datagram Protocol (UDP) port,
destination TCP or UDP port, and protocol belong to the same flow; see Table 11 for a full list of
protocols and traffic stream discrimination fields.
When enabled for an interface, WFQ provides traffic priority management that automatically sorts
among individual traffic streams without requiring that you first define access lists. Enabling WFQ
requires use of this command only.
When WFQ is enabled for an interface, new messages for high-bandwidth traffic streams are discarded
after the configured or default congestive discard threshold has been met. However, low-bandwidth
conversations, which include control message conversations, continue to enqueue data. As a result, the
fair queue may occasionally contain more messages than its configured threshold number specifies.
WFQ uses a traffic data stream discrimination registry service to determine which traffic stream a
message belongs to. For each forwarding protocol, Table 11 shows the message attributes that are used
to classify traffic into data streams.

QOS-103
fair-queue (WFQ)
Table 11 Weighted Fair Queueing Traffic Stream Discrimination Fields
Forwarder Fields Used

AppleTalk • Source net, node, socket
• Destination net, node, socket
• Type
Connectionless Network • Source network service access point (NSAP)
Service (CLNS)
• Destination NSAP
DECnet • Source address
• Destination address
Frame Relay switching • Data-link connection identified (DLCI) value
IP • Type of service (ToS)
• IP protocol
• Source IP address (if message is not fragmented)
• Destination IP address (if message is not fragmented)
• Source TCP/UDP port
• Destination TCP/UDP port
Transparent bridging • Unicast: source MAC, destination MAC
• Ethertype Service Advertising Protocol (SAP)/Subnetwork Access
Protocol (SNAP) multicast: destination MAC address
Source-route bridging • Unicast: source MAC, destination MAC
• SAP/SNAP multicast: destination MAC address
Novell NetWare • Source/destination network/host/socket
• Level 2 protocol
All others (default) • Control protocols (one queue per protocol)
IP Precedence, congestion in Frame Relay switching, and discard eligible (DE) flags affect the weights
used for queueing.
IP Precedence, which is set by the host or by policy maps, is a number in the range from 0 to 7. Data
streams of precedence number are weighted so that they are given an effective bit rate of number+1 times
as fast as a data stream of precedence 0, which is normal.
In Frame Relay switching, message flags for forward explicit congestion notification (FECN), backward
explicit congestion notification (BECN), and DE message flags cause the algorithm to select weights
that effectively impose reduced queue priority. The reduced queue priority provides the application with
“slow down” feedback and sorts traffic, giving the best service to applications within their committed
information rate (CIR).
Fair queueing is supported for all LAN and line (WAN) protocols except X.25, including LAPB and
SDLC; see the notes in the section “Defaults.” Because tunnels are software interfaces that are
themselves routed over physical interfaces, fair queueing is not supported for tunnels. Fair queueing is
on by default for interfaces with bandwidth less than or equal to 2 Mbps.

QOS-104
fair-queue (WFQ)
Note For Release 10.3 and earlier releases for the Cisco 7000 and 7500 routers with a Route Switch Processor
(RSP) card, if you used the tx-queue-limit command to set the transmit limit available to an interface
on a Multiport Communications Interface (MCI) or serial port communications interface (SCI) card and
you configured custom queueing or priority queueing for that interface, the configured transmit limit was
automatically overridden and set to 1. With Cisco IOS Release 12.0 and later releases, for WFQ, custom
queueing, and priority queueing, the configured transmit limit is derived from the bandwidth value set
for the interface using the bandwidth (interface) command. Bandwidth value divided by 512 rounded
up yields the effective transmit limit. However, the derived value only applies in the absence of a
tx-queue-limit command; that is, a configured transmit limit overrides this derivation.
When you configure Resource Reservation Protocol (RSVP) on an interface that supports fair queueing
or on an interface that is configured for fair queueing with the reservable queues set to 0 (the default),
the reservable queue size is automatically configured using the following method: interface bandwidth
divided by 32 kbps. You can override this default by specifying a reservable queue other than 0. For more
information on RSVP, refer to the chapter “Configuring RSVP” in the Cisco IOS Quality of Service
Solutions Configuration Guide.
Examples The following example enables WFQ on serial interface 0, with a congestive threshold of 300. This
threshold means that messages are discarded from the queueing system only when 300 or more messages
have been queued and the message is in a data stream that has more than one message in the queue. The
transmit queue limit is set to 2, based on the 384-kilobit (Kb) line set by the bandwidth command:
interface serial 0
bandwidth 384
fair-queue 300
Unspecified parameters take the default values.

The following example requests a fair queue with a congestive discard threshold of 64 messages,
512 dynamic queues, and 18 RSVP queues:
interface Serial 3/0
ip unnumbered Ethernet 0/0
fair-queue 64 512 18
You can apply the fair-queue command to a user-defined class as shown in the following example:
policy-map p1
class c1
bandwidth 1000
fair-queue

QOS-105
fair-queue (WFQ)

bandwidth (interface) Sets a bandwidth value for an interface.
custom-queue-list Assigns a custom queue list to an interface.
fair-queue Specifies the number of dynamic queues to be reserved for use by the
(class-default) class-default class as part of the default class policy.
fair-queue (DWFQ) Enables DWFQ.
priority-group Assigns the specified priority list to an interface.
priority-list default Assigns a priority queue for those packets that do not match any other rule
in the priority list.
show interfaces Displays statistics for all interfaces configured on the router or access server.
show queue Displays the contents of packets inside a queue for a particular interface or
VC.
tx-queue-limit Controls the number of transmit buffers available to a specified interface on
the MCI and SCI cards.

QOS-106
fair-queue aggregate-limit
To set the maximum number of packets in all queues combined for Versatile Interface Processor
(VIP)-distributed weighted fair queueing (DWFQ), use the fair-queue aggregate-limit command in
interface configuration mode. To return the value to the default, use the no form of this command.
fair-queue aggregate-limit aggregate-packets
no fair-queue aggregate-limit
Syntax Description aggregate-packets Total number of buffered packets allowed before some packets may be
dropped. Below this limit, packets will not be dropped.
Command Default The total number of packets allowed is based on the transmission rate of the interface and the available
buffer space on the VIP.

11.1 CC This command was introduced.
Usage Guidelines In general, you should not change the maximum number of packets allows in all queues from the default.
Use this command only if you have determined that you would benefit from using a different value,
based on your particular situation.
DWFQ keeps track of the number of packets in each queue and the total number of packets in all queues.
When the total number of packets is below the aggregate limit, queues can buffer more packets than the
individual queue limit.
When the total number of packets reaches the aggregate limit, the interface starts enforcing the
individual queue limits. Any new packets that arrive for a queue that is over its individual queue limit
are dropped. Packets that are already in the queue will not be dropped, even if the queue is over the
individual limit.
In some cases, the total number of packets in all queues put together may exceed the aggregate limit.
Examples The following example sets the aggregate limit to 54 packets:

interface Fddi9/0/0
fair-queue tos
fair-queue aggregate-limit 54

QOS-107

number.
show interfaces Displays information and statistics about WFQ for a VIP-based interface.
fair-queue

QOS-108
fair-queue individual-limit
To set the maximum individual queue depth for Versatile Interface Processor (VIP)-distributed weighted
fair queueing (DWFQ), use the fair-queue individual-limit command in interface configuration mode.
To return the value to the default, use the no form of this command.
fair-queue individual-limit individual-packet
no fair-queue individual-limit
Syntax Description individual-packet Maximum number of packets allowed in each per-flow or per-class queue
during periods of congestion.
Command Default Half of the aggregate queue limit

Usage Guidelines In general, you should not change the maximum individual queue depth from the default. Use this
command only if you have determined that you would benefit from using a different value, based on your
particular situation.
DWFQ keeps track of the number of packets in each queue and the total number of packets in all queues.
When the total number of packets is below the aggregate limit, queues can buffer more packets than the
individual queue limit.
When the total number of packets reaches the aggregate limit, the interface starts enforcing the
individual queue limits. Any new packets that arrive for a queue that is over its individual queue limit
are dropped. Packets that are already in the queue will not be dropped, even if the queue is over the
individual limit.
In some cases, the total number of packets in all queues put together may exceed the aggregate limit.

QOS-109
Examples The following example sets the individual queue limit to 27:
interface Fddi9/0/0
mac-address 0000.0c0c.2222
ip address 10.1.1.1 255.0.0.0
fair-queue tos
fair-queue individual-limit 27

fair-queue Sets the maximum number of packets in all queues combined for DWFQ.
(class-default)
number.
fair-queue

QOS-110
fair-queue limit
fair-queue limit
To set the maximum queue depth for a specific Versatile Interface Processor (VIP)-distributed weighted
fair queueing (DWFQ) class, use the fair-queue limit command in interface configuration mode. To
return the value to the default, use the no form of this command.
fair-queue {qos-group number | tos number} limit class-packet
no fair-queue {qos-group number | tos number} limit class-packet
Syntax Description qos-group number Number of the QoS group, as assigned by a committed access rate (CAR)
policy or the Policy Propagation via Border Gateway Protocol (BGP)
feature. The value can range from 1 to 99.
tos number Two low-order IP Precedence bits of the type of service (ToS) field.
class-packet Maximum number of packets allowed in the queue for the class during
periods of congestion.
Command Default The individual queue depth, as specified by the fair-queue individual-limit command. If the fair-queue
individual-limit command is not configured, the default is half of the aggregate queue limit.

Usage Guidelines Use this command to specify the number queue depth for a particular class for class-based DWFQ. This
command overrides the global individual limit specified by the fair-queue individual-limit command.
In general, you should not change this value from the default. Use this command only if you have
determined that you would benefit from using a different value, based on your particular situation.
Examples The following example sets the individual queue limit for ToS group 3 to 20:
interface Fddi9/0/0
mac-address 0000.0c0c.2222
ip address 10.1.1.1 255.0.0.0
fair-queue tos
fair-queue tos 3 limit 20

QOS-111
fair-queue limit

(class-default)
number.
fair-queue

QOS-112
fair-queue qos-group
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ) and classify
packets based on the internal QoS-group number, use the fair-queue qos-group command in interface
configuration mode. To disable QoS-group-based DWFQ, use the no form of this command.
no fair-queue qos-group
Command Default QoS-group-based DWFQ is disabled.

Usage Guidelines Use this command to enable QoS-group-based DWFQ, a type of class-based DWFQ. Class-based DWFQ
overrides flow-based DWFQ. Therefore, this command overrides the fair-queue (DWFQ) command.
When this command is enabled, packets are assigned to different queues based on their QoS group. A
QoS group is an internal classification of packets used by the router to determine how packets are treated
by certain QoS features, such as DWFQ and committed access rate (CAR). Use a CAR policy or the QoS
Policy Propagation via Border Gateway Protocol (BGP) feature to assign packets to QoS groups.
Specify a weight for each class. In periods of congestion, each group is allocated a percentage of the
output bandwidth equal to the weight of the class. For example, if a class is assigned a weight of 50,
packets from this class are allocated at least 50 percent of the outgoing bandwidth during periods of
congestion.
Examples The following example enables QoS-based DWFQ and allocates bandwidth for nine QoS groups (QoS
groups 0 through 8):
interface Hssi0/0/0
ip address 10.200.14.250 255.255.255.252
fair-queue qos-group 1 weight 5

QOS-113


(class-default)
fair-queue weight Assigns a weight to a class for DWFQ.
fair-queue

QOS-114
fair-queue tos
fair-queue tos
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ) and classify
packets using the type of service (ToS) field of packets, use the fair-queue tos command in interface
configuration command. To disable ToS-based DWFQ, use the no form of this command.
fair-queue tos
no fair-queue tos
Command Default Disabled

By default, class 0 is assigned a weight of 10; class 1 is assigned a weight of 20; class 2 is assigned a
weight of 30; and class 3 is assigned a weight of 40.

Usage Guidelines Use this command to enable ToS-based DWFQ, a type of class-based DWFQ. Class-based DWFQ
overrides flow-based DWFQ. Therefore, this command overrides the fair-queue (DWFQ) command.
When this command is enabled, packets are assigned to different queues based on the two low-order IP
Precedence bits in the ToS field of the packet header.
In periods of congestion, each group is allocated a percentage of the output bandwidth equal to the
weight of the class. For example, if a class is assigned a weight of 50, packets from this class are
allocated at least 50 percent of the outgoing bandwidth during periods of congestion.
If you wish to change the weights, use the fair-queue weight command.
Examples The following example enables ToS-based DWFQ on the High-Speed Serial Interface (HSSI) interface
0/0/0:
interface Hssi0/0/0
ip address 10.200.14.250 255.255.255.252
fair-queue
fair-queue tos

QOS-115
fair-queue tos

(class-default)
number.
fair-queue weight Assigns a weight to a class for DWFQ.
fair-queue

QOS-116
fair-queue weight
fair-queue weight
To assign a weight to a class for Versatile Interface Processor (VIP)-distributed weighted fair queueing
(DWFQ), use the fair-queue weight command in interface configuration mode. To remove the
bandwidth allocated for the class, use the no form of this command.
fair-queue {qos-group number | tos number} weight weight
no fair-queue {qos-group number | tos number} weight weight
Syntax Description qos-group number Number of the quality of service (QoS) group, as assigned by a committed
access rate (CAR) policy or the Policy Propagation via Border Gateway
Protocol (BGP) feature. The value range is from 1 to 99.
tos number Two low-order IP Precedence bits of the type of service (ToS) field. The
value range is from 1 to 3.
weight Percentage of the output link bandwidth allocated to this class. The sum of
weights for all classes cannot exceed 99.
Command Default For QoS DWFQ, unallocated bandwidth is assigned to QoS group 0.
For ToS-based DWFQ, class 0 is assigned a weight of 10; class 1 is assigned a weight of 20; class 2 is
assigned a weight of 30; and class 3 is assigned a weight of 40.

Usage Guidelines Use this command to allocate percentages of bandwidth for specific DWFQ classes. You must also
enable class-based DWFQ on the interface with either the fair-queue qos-group or fair-queue tos
command.
Enter this command once for every class to allocate bandwidth to the class.
For QoS-group-based DWFQ, packets that are not assigned to any QoS groups are assigned to QoS group
0. When assigning weights to QoS group class, remember the following guidelines:
• One percent of the available bandwidth is automatically allocated to QoS group 0.
• The total weight for all the other QoS groups combined cannot exceed 99.
• Any unallocated bandwidth is assigned to QoS group 0.

QOS-117
fair-queue weight
For ToS-based DWFQ, remember the following guidelines:

• One percent of the available bandwidth is automatically allocated to ToS class 0.
• The total weight for all the other ToS classes combined cannot exceed 99.
• Any unallocated bandwidth is assigned to ToS class 0.
Examples The following example allocates bandwidth to different QoS groups. The remaining bandwidth
(5 percent) is allocated to QoS group 0.
interface Fddi9/0/0

number.
fair-queue

QOS-118
feedback
feedback
To enable the context-status feedback messages from the interface or link, use the feedback command
in IPHC-profile configuration mode. To disable the context-status feedback messages, use the no form
of this command.
feedback
no feedback
Command Default Context-status feedback messages are enabled.
Command Modes IPHC-profile configuration

Usage Guidelines Intended for Use with IPHC Profiles

The feedback command is intended for use as part of an IP Header Compression (IPHC) profile. An
IPHC profile is used to enable and configure header compression on your network. For more information
about using IPHC profiles to configure header compression, see the “Header Compression” module and
the “Configuring Header Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service
Solutions Configuration Guide, Release 12.4T.
Restriction
There are two types of IPHC profiles: Internet Engineering Task Force (IETF) profiles and van-jacobson
profiles. The feedback command is supported for IETF IPHC profiles only. The feedback command is
not supported for van-jacobson IPHC profiles. For more information about IPHC profile types, see the
“Header Compression” section of the Cisco IOS Quality of Service Solutions Configuration Guide,
Release 12.4T.
Prerequisite
Before using the feedback command, you must enable either TCP header compression or non-TCP
header compression. To enable TCP header compression, use the tcp command. To enable non-TCP
header compression, use the non-tcp command.
Disabling of Context-Status Messages

During header compression, a session context is defined. For each context, the session state is
established and shared between the compressor and the decompressor. The context state consists of the
full IP/UDP/RTP, IP/UDP, or IP/TCP headers, a few first-order differential values, a link sequence
number, a generation number, and a delta encoding table.

QOS-119
feedback
When the decompressor loses synchronization with the compressor, the decompressor sends a context
status message to the compressor with a list of context IDs to invalidate. The compressor then sends a
full-header packet to the decompressor to reestablish a consistent state. Note that all packets for the
invalid context IDs are discarded until a full-header packet is received for that context ID.
You can disable the sending of context-status messages either when the time it takes for the packet to
traverse the uplink and the downlink portions of the data path is greater than the refresh period (in which
case, the sending of the context-status message would not be useful) or when a feedback path does not
exist.
Examples The following is an example of an IPHC profile called profile2. In this example, context-status feedback
messages have been disabled.
Router> enable
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# no feedback
Router(config-iphcp)# end

iphc-profile Creates an IPHC profile.
non-tcp Enables non-TCP header compression within an IPHC profile.
tcp Enables TCP header compression within an IPHC profile.

QOS-120
frame-relay interface-queue priority

To enable the Frame Relay PVC Interface Priority Queueing (FR PIPQ) feature, use the frame-relay
interface-queue priority command in interface configuration mode. To disable FR PIPQ, use the no
form of this command.
frame-relay interface-queue priority [high-limit medium-limit normal-limit low-limit]
no frame-relay interface-queue priority
To assign priority to a permanent virtual circuit (PVC) within a Frame Relay map class, use the
frame-relay interface-queue priority command in map-class configuration mode. To remove priority
from a PVC within a Frame Relay map class, use the no form of this command.
frame-relay interface-queue priority {high | medium | normal | low}
no frame-relay interface-queue priority
Syntax Description high-limit (Optional) Size of the high priority queue specified in maximum number of
packets.
medium-limit (Optional) Size of the medium priority queue specified in maximum number
of packets.
normal-limit (Optional) Size of the normal priority queue specified in maximum number
of packets.
low-limit (Optional) Size of the low priority queue specified in maximum number of
packets.
high Assigns high priority to a PVC.
medium Assigns medium priority to a PVC.
normal Assigns normal priority to a PVC.
low Assigns low priority to a PVC.
Command Default The default sizes of the high, medium, normal, and low priority queues are 20, 40, 60, and 80 packets,
respectively.
When FR PIPQ is enabled on the interface, the default PVC priority is normal priority.

Map-class configuration


QOS-121
Usage Guidelines FR PIPQ must be enabled on the interface in order for the map-class configuration of PVC priority to be
effective.
Before you configure FR PIPQ using the frame-relay interface-queue priority command, the
following conditions must be met:
• PVCs should be configured to carry a single type of traffic.
• The network should be configured with adequate call admission control to prevent starvation of any
of the priority queues.
You will not be able to configure FR PIPQ if any queueing other than first-in first out (FIFO) queueing
is already configured at the interface level. You will be able to configure FR PIPQ when weighted fair
queueing (WFQ) is in use, as long as WFQ is the default interface queueing method. Disabling FR PIPQ
will restore the interface to dual FIFO queueing if FRF.12 is enabled, FIFO queueing if Frame Relay
Traffic Shaping (FRTS) is enabled, or the default queueing method for the interface.
Examples In the following example, FR PIPQ is enabled on serial interface 0, and the limits of the high, medium,
normal, and low priority queues are set to 10, 20, 30, and 40 packets, respectively. PVC 100 is assigned
high priority, so all traffic destined for PVC 100 will be sent to the high priority interface queue.
interface serial0
encapsulation frame-relay
frame-relay interface-queue priority 10 20 30 40
frame-relay interface-dlci 100
class high_priority_class
!
map-class frame-relay high_priority_class
frame-relay interface-queue priority high

debug priority Displays priority queueing events.
show frame-relay pvc Displays statistics about PVCs for Frame Relay interfaces.
server.
VC.

QOS-122
frame-relay ip rtp compression-connections

To specify the maximum number of Real-Time Transport Protocol (RTP) header compression
connections that can exist on a Frame Relay interface, use the frame-relay ip rtp
compression-connections command in interface configuration mode. To restore the default, use the no
frame-relay ip rtp compression-connections number
no frame-relay ip rtp compression-connections
Syntax Description number Maximum number of RTP header compression connections. The range is
from 3 to 256.
Command Default 256 header compression connections

Usage Guidelines Before you can configure the maximum number of connections, RTP header compression must be
configured on the interface using the frame-relay ip rtp header-compression command.
The number of RTP header compression connections must be set to the same value at each end of the
connection.
Examples The following example shows the configuration of a maximum of 150 RTP header compression
connections on serial interface 0:
interface serial 0
frame-relay ip rtp header-compression
frame-relay ip rtp compression-connections 150

QOS-123

frame-relay ip rtp header-compression Enables RTP header compression for all Frame
Relay maps on a physical interface.
frame-relay map ip compress Enables both RTP and TCP header compression
on a link.
frame-relay map ip rtp header-compression Enables RTP header compression per DLCI.
show frame-relay ip rtp header-compression Displays RTP header compression statistics for
Frame Relay.

QOS-124

To enable Real-Time Transport Protocol (RTP) header compression for all Frame Relay maps on a
physical interface, use the frame-relay ip rtp header-compression command in interface configuration
mode. To disable the compression, use the no form of this command.
frame-relay ip rtp header-compression [active | passive] [periodic-refresh]
no frame-relay ip rtp header-compression [active | passive] [periodic-refresh]
Syntax Description active (Optional) Compresses all outgoing RTP packets.

passive (Optional) Compresses the outgoing RTP/User Datagram Protocol (UDP)/IP
header only if an incoming packet had a compressed header.
periodic-refresh (Optional) Indicates that the compressed IP header will be refreshed
periodically.
Command Default Disabled.

By default, whatever type of header compression is configured on the interface will be inherited. If
header compression is not configured on the interface, the active keyword will be used, but no
header-compression keyword will appear on the show running-config command output.

12.3(2)T This command was integrated into Cisco IOS Release 12.3(2)T. This command
was modified to include the periodic-refresh keyword.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support in
a specific 12.2SX release of this train depends on your feature set, platform,
and platform hardware.
Usage Guidelines When the frame-relay ip rtp header-compression command is used on the physical interface, all the
interface maps inherit the command; that is, all maps will perform UDP and RTP IP header compression.
Examples The following example enables RTP header compression for all Frame Relay maps on a physical
interface:
Router> enable
Router(config)# interface Serial2/0.1

QOS-125
Router(config-if)# frame-relay ip rtp header-compression

In the following example, RTP header compression is enabled and the optional periodic-refresh
keyword is specified:
Router> enable
Router(config-if)# frame-relay ip rtp header-compression periodic-refresh

frame-relay ip rtp compression-connections Specifies maximum number of RTP header
compression connections on a Frame Relay
interface.
frame-relay map ip nocompress Disables both RTP and TCP header compression
on a link.
Frame Relay.

QOS-126
frame-relay ip rtp priority

To reserve a strict priority queue on a Frame Relay permanent virtual circuit (PVC) for a set of
Real-Time Transport Protocol (RTP) packet flows belonging to a range of User Datagram Protocol
(UDP) destination ports, use the frame-relay ip rtp priority command in map-class configuration
mode. To disable the strict priority queue, use the no form of this command.
frame-relay ip rtp priority starting-rtp-port-number port-number-range bandwidth
no frame-relay ip rtp priority
Syntax Description starting-rtp-port-number The starting UDP port number. The lowest port number to which the
packets are sent. A port number can be a number from 2000 to 65535.
port-number-range The range of UDP destination ports. Number, which added to the
starting-rtp-port-number argument, yields the highest UDP port
number. The range can be from 0 to 16383.
bandwidth Maximum allowed bandwidth, in kbps. The bandwidth can range
from 0 to 2000 kbps.
Command Default No default behavior or values
Command Modes Map-class configuration

Usage Guidelines This command is most useful for voice applications, or other applications that are delay-sensitive. To
use this command, you must first enter the map-class frame-relay command. After the Frame Relay
map class has been configured, it must then be applied to a PVC.
This command extends the functionality offered by the ip rtp priority command by supporting Frame
Relay PVCs. The command allows you to specify a range of UDP ports whose voice traffic is guaranteed
strict priority service over any other queues or classes using the same output interface. Strict priority
means that if packets exist in the priority queue, they are dequeued and sent first—that is, before packets
in other queues are dequeued.
Frame Relay Traffic Shaping (FRTS) and Frame Relay Fragmentation (FRF.12) must be configured
before the frame-relay ip rtp priority command is used.

QOS-127
Compressed RTP (CRTP) can be used to reduce the bandwidth required per voice call. When using CRTP
with Frame Relay, you must use the encapsulation frame-relay cisco command instead of the
encapsulation frame-relay ietf command.
Remember the following guidelines when configuring the bandwidth parameter:
• It is always safest to allocate to the priority queue slightly more than the known required amount of
bandwidth, to allow room for network bursts.
• The IP RTP Priority admission control policy takes RTP header compression into account.
Therefore, while configuring the bandwidth parameter of the ip rtp priority command you need to
configure only for the bandwidth of the compressed call. Because the bandwidth parameter is the
maximum total bandwidth, you need to allocate enough bandwidth for all calls if there will be more
than one call.
• Configure a bandwidth that allows room for Layer 2 headers. The bandwidth allocation takes into
account the payload plus the IP, UDP, and RTP headers but does not account for Layer 2 headers.
Allowing 25 percent bandwidth for other overhead is conservative and safe.
• The sum of all bandwidth allocation for voice and data flows on an interface cannot exceed
75 percent of the total available bandwidth, unless you change the default maximum reservable
bandwidth. To change the maximum reservable bandwidth, use the max-reserved-bandwidth
command on the interface.
For more information on IP RTP Priority bandwidth allocation, refer to the section “IP RTP Priority” in
the chapter “Congestion Management Overview” in the Cisco IOS Quality of Service Solutions
Examples The following example first configures the Frame Relay map class called voip and then applies the map
class to PVC 100 to provide strict priority service to matching RTP packets:
map-class frame-relay voip
frame-relay cir 256000
frame-relay bc 2560
frame-relay be 600
frame-relay mincir 256000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 250
frame-relay ip rtp priority 16384 16380 210
interface Serial5/0
ip address 10.10.10.10 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
load-interval 30
clockrate 1007616
frame-relay traffic-shaping
class voip
frame-relay intf-type dce
In this example, RTP packets on PVC 100 with UDP ports in the range from 16384 to 32764
(32764 = 16384 + 16380) will be matched and given strict priority service.

QOS-128

encapsulation Enables Frame Relay encapsulation.
frame-relay
ip rtp priority Reserves a strict priority queue for a set of RTP packet flows belonging
to a range of UDP destination ports.
map-class frame-relay Specifies a map class to define QoS values for an SVC.
max-reserved-bandwidth Changes the percent of interface bandwidth allocated for CBWFQ,
LLQ, and IP RTP Priority.
priority Gives priority to a class of traffic belonging to a policy map.
show queue Displays the contents of packets inside a queue for a particular interface
or VC.
show traffic-shape queue Displays information about the elements queued by traffic shaping at the
interface level or the DLCI level.

QOS-129
frame-relay ip tcp compression-connections

To specify the maximum number of TCP header compression connections that can exist on a Frame
Relay interface, use the frame-relay ip tcp compression-connections command in interface
configuration mode. To restore the default, use the no form of this command.
frame-relay ip tcp compression-connections number
no frame-relay ip tcp compression-connections
Syntax Description number Maximum number of TCP header compression connections. The range is
from 3 to 256.
Command Default 256 header compression connections

Usage Guidelines Before you can configure the maximum number of connections, TCP header compression must be
configured on the interface using the frame-relay ip tcp header-compression command.
The number of TCP header compression connections must be set to the same value at each end of the
connection.
Examples The following example shows the configuration of a maximum of 150 TCP header compression
connections on serial interface 0:
interface serial 0
frame-relay ip tcp header-compression
frame-relay ip tcp compression-connections 150

frame-relay ip tcp Enables TCP header compression for all Frame Relay maps on a
header-compression physical interface.
frame-relay map ip compress Enables both RTP and TCP header compression on a link.

QOS-130
Command Description
frame-relay map ip tcp Assigns header compression characteristics to an IP map that differ
header-compression from the compression characteristics of the interface with which the
IP map is associated.
show frame-relay ip tcp Displays statistics and TCP/IP header compression information for
header-compression the interface.

QOS-131

To configure an interface to ensure that the associated permanent virtual circuit (PVC) will always carry
outgoing TCP/IP headers in compressed form, use the frame-relay ip tcp header-compression
command in interface configuration mode. To disable compression of TCP/IP packet headers on the
interface, use the no form of this command.
frame-relay ip tcp header-compression [passive]
no frame-relay ip tcp header-compression
Syntax Description passive (Optional) Compresses the outgoing TCP/IP packet header only if an incoming packet
had a compressed header.
Command Default Active TCP/IP header compression; all outgoing TCP/IP packets are subjected to header compression.

Usage Guidelines This command applies to interfaces that support Frame Relay encapsulation, specifically serial ports and
High-Speed Serial Interface (HSSI).
Frame Relay must be configured on the interface before this command can be used.
TCP/IP header compression and Internet Engineering Task Force (IETF) encapsulation are mutually
exclusive. If an interface is changed to IETF encapsulation, all encapsulation and compression
characteristics are lost.
When you use this command to enable TCP/IP header compression, every IP map inherits the
compression characteristics of the interface, unless header compression is explicitly rejected or modified
by use of the frame-relay map ip tcp header compression command.
We recommend that you shut down the interface prior to changing encapsulation types. Although this is
not required, shutting down the interface ensures the interface is reset for the new type.

QOS-132
Examples The following example configures serial interface 1 to use the default encapsulation (cisco) and passive
TCP header compression:
interface serial 1
frame-relay ip tcp header-compression passive

frame-relay map ip tcp header-compression Assigns header compression characteristics to an IP
map different from the compression characteristics
of the interface with which the IP map is associated.

QOS-133
frame-relay map ip compress

To enable both Real-Time Transport Protocol (RTP) and TCP header compression on a link, use the
frame-relay map ip compress command in interface configuration mode.
frame-relay map ip ip-address dlci [broadcast] compress [active | passive]

[connections number]
Syntax Description ip-address IP address of the destination or next hop.

dlci Data-link connection identifier (DLCI) number.
broadcast (Optional) Forwards broadcasts to the specified IP address.
active (Optional) Compresses all outgoing RTP and TCP packets. This is the default.
passive (Optional) Compresses the outgoing RTP and TCP header only if an incoming
packet had a compressed header.
connections (Optional) Specifies the maximum number of RTP and TCP header compression
number connections. The range is from 3 to 256.
Command Default RTP and TCP header compression are disabled.

The default maximum number of header compression connections is 256.

12.1(2)T This command was modified to enable the configuration of the maximum
number of header compression connections.
Usage Guidelines This command does not have a “no” form. That is, a command called no frame-relay map ip compress
does not exist.
Examples The following example enables both RTP and TCP header compression on serial interface 1 and sets the
maximum number of RTP and TCP header connections at 16:
interface serial 1
ip address 10.108.175.110 255.255.255.0
frame-relay map ip 10.108.175.220 180 compress connections 16

QOS-134

frame-relay ip rtp compression-connections Specifies the maximum number of RTP header
interface.
frame-relay ip tcp header-compression Enables TCP header compression for all Frame
frame-relay map ip nocompress Disables both RTP and TCP header compression
on a link.
frame-relay map ip rtp header-compression Enables RTP header compression for all Frame
Frame Relay.
show frame-relay ip tcp header-compression Displays statistics and TCP/IP header
compression information for the interface.

QOS-135
frame-relay map ip nocompress

To disable both Real-Time Transport Protocol (RTP) and TCP header compression on a link, use the
frame-relay map ip nocompress command in interface configuration mode.
frame-relay map ip ip-address dlci [broadcast] nocompress

dlci Data-link connection identifier (DLCI) number.
Command Default No default behaviors or values

Usage Guidelines This command does not have a “no” form. That is, a command called no frame-relay map ip
nocompress does not exist.
Examples The following example disables RTP and TCP header compression on DLCI 180:
interface serial 1
frame-relay map ip 10.108.175.220 180 nocompress

frame-relay ip tcp header-compression Enables TCP header compression for all Frame
frame-relay map ip compress Enables RTP and TCP header compression on a
link.

QOS-136
Command Description
Frame Relay.
show frame-relay ip tcp header-compression Displays statistics and TCP/IP header
compression information for the interface.

QOS-137
frame-relay map ip rtp header-compression

To enable Real-Time Transport Protocol (RTP) header compression per data-link connection identifier
(DLCI), use the frame-relay map ip rtp header-compression command in interface configuration
mode. To disable RTP header compression per DLCI and delete the DLCI, use the no form of this
command.
frame-relay map ip ip-address dlci [broadcast] rtp header-compression [active | passive]

[periodic-refresh] [connections number]
no frame-relay map ip ip-address dlci [broadcast] rtp header-compression [active | passive]

[periodic-refresh] [connections number]

dlci DLCI number.
active (Optional) Compresses outgoing RTP packets.
passive (Optional) Compresses the outgoing RTP/User Datagram Protocol (UDP)/IP
header only if an incoming packet had a compressed header.
periodic-refresh (Optional) Refreshes the compressed IP header periodically.
connections (Optional) Specifies the maximum number of RTP header compression
number connections. The range is from 3 to 256.
Command Default Disabled.

By default, whatever type of header compression is configured on the interface will be inherited. If
header compression is not configured on the interface, the active keyword will be used, but no
header-compression keyword will appear on the show running-config command output.
The default maximum number of header-compression connections is 256.

was modified to enable the configuration of the maximum number of header
compression connections.
12.3(2)T This command was modified to include the periodic-refresh keyword.

QOS-138
Usage Guidelines When this command is configured, the specified maps inherit RTP header compression. You can have
multiple Frame Relay maps, with and without RTP header compression. If you do not specify the number
of RTP header compression connections, the map will inherit the current value from the interface.
Examples The following example enables RTP header compression on the Serial1/2.1 subinterface and sets the
maximum number of RTP header compression connections at 64:
Router> enable
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay map ip 10.108.175.220 180 rtp header-compression
connections 64
In the following example, RTP header compression is enabled on the Serial1/1.0 subinterface, and the
optional periodic-refresh keyword is included in the configuration:
Router> enable
Router(config-if)# frame-relay map ip 10.108.175.220 180 rtp header-compression
periodic-refresh

frame-relay ip rtp compression-connections Specifies the maximum number of RTP header
interface.
frame-relay map ip compress Enables both RTP and TCP header compression
on a link.
Frame Relay.

QOS-139
identity policy (policy-map)
identity policy (policy-map)

To create an identity policy, use the identity policy command in policy-map class configuration mode.
To remove the policy, use the no form of this command.
identity policy policy-name
no identity policy policy-name
Syntax Description policy-name Name of the policy.
Command Default An identity policy is not created.

Usage Guidelines This command refers to the global identity policy that is configured on the device that contains the access
policies that are to be applied. Only a single identity policy can be configured under the policy class
configuration submode. If the identity policy is not defined on the device, an error is generated during
the application of the policy.
Examples The following example shows that an identity policy is being configured:
Router(config)# policy-map type control tag healthy_pmap
Router(config-pmap)# class healthy_class
Router(config-pmap-class)# identity policy healthy_identity
Router(config-pmap-class)# end
In the following example, an identity policy named “healthy_identity” is being configured:

Router(config)# identity policy healthy_identity
Router(config-identity-policy)# access-group healthy_acl
Router(config-identity-policy)# end

class type tag Associates a class map with a policy map.

QOS-140
ip header-compression disable-feedback
To disable the context-status feedback messages from the interface or link, use the ip
header-compression disable-feedback command in interface configuration mode. To enable
context-status feedback messages from the interface or link, use the no form of this command.
no ip header-compression disable-feedback
Command Default Context-status feedback messages are enabled by default.

Usage Guidelines The ip header-compression disable-feedback command is designed for use with satellite links where
the path for the upward link is different from the path for the downward link. When the paths are
different, context-status messages are not useful.
The ip header-compression disable-feedback command can be used with either Real-Time Transport
Protocol (RTP) or TCP header compression.
Examples The following example disables the context-status messages on serial interface 2/0:
Router> enable
Router(config)# interface Serial2/0
Router(config-if)# ip header-compression disable-feedback

ip header-compression Specifies the maximum size of the compressed IP header.
max-header
ip header-compression Specifies the maximum number of compressed packets between full headers.
max-period
ip header-compression Specifies the maximum amount of time to wait before the compressed IP
max-time header is refreshed.

QOS-141
ip header-compression max-header
ip header-compression max-header
To specify the maximum amount of time to wait before the compressed IP header is refreshed, use the
ip header-compression max-header command in interface configuration mode. To return the amount
of time to wait before the compressed IP header is refreshed to the default value, use the no form of this
command.
ip header-compression max-header max-header-size
no ip header-compression max-header max-header-size
Syntax Description max-header-size Size of the IP header, in bytes. The size of the IP header can be in the range of
20 to 168.
Defaults 168 bytes

Usage Guidelines The max-header-size argument of the ip header-compression max-header command can be used to
restrict the size of the header to be compressed.
Examples In the following example, the ip header-compression max-header command is configured to specify
the maximum IP header size of the packet. In this configuration, the maximum IP header size is
100 bytes.
Router> enable
Router(config-if)# ip header-compression max-header 100

ip header-compression Disables context-status feedback messages from the interface or link.
disable-feedback
max-period

QOS-142
ip header-compression max-period
To specify the maximum number of compressed packets between full headers, use the ip
header-compression max-period command in interface configuration mode. To return the number of
compressed packets to the default value, use the no form of this command.
ip header-compression max-period number-of-packets
no ip header-compression max-period number-of-packets
Syntax Description number-of-packets Specifies a number of packets between full headers. The number can be in the
range of 0 to 65535.
Defaults 256 packets

Usage Guidelines With the ip header-compression max-period command, full IP packet headers are sent in an
exponentially increasing period after there has been a change in the context status. This exponential
increase in the time period avoids the necessity of exchanging messages between the mechanism
compressing the header and the mechanism decompressing the header.
By default, the ip header-compression max-period command operates on User Datagram Protocol
(UDP) traffic only. However, if the periodic refresh keyword of either the frame-relay ip rtp
header-compression command or the frame-relay map ip rtp header-compression command is
configured, the ip header-compression max-period command operates on both UDP and Real-Time
Transport Protocol (RTP) traffic.
Examples In the following example, the ip header-compression max-period command is configured to specify
the number of packets between full header packets. In this configuration, the packet number specified is
160.
Router> enable
Router(config-if)# ip header-compression max-period 160

QOS-143

frame-relay ip rtp Enables RTP header compression for all Frame Relay maps on a physical
header-compression interface.
frame-relay map ip rtp Enables RTP header compression per DLCI.
header-compression
disable-feedback
max-header

QOS-144
ip header-compression max-time
To specify the maximum amount of time to wait before the compressed IP header is refreshed, use the
ip header-compression max-time command in interface configuration mode. To return to the default
value, use the no form of this command.
ip header-compression max-time length-of-time
no ip header-compression max-time length-of-time
Syntax Description length-of-time Specifies a different amount of time (other than the default) in seconds to wait
before the IP header is refreshed. The range is 0 to 65535.
Defaults 5 seconds

Usage Guidelines The ip header-compression max-time command is designed to avoid losing too many packets if the
context status of the receiver has been lost.
If a packet is to be sent and the maximum amount of time has elapsed since the last time the IP header
was refreshed, a full header is sent.
By default, the ip header-compression max-time command operates on User Datagram Protocol (UDP)
traffic only. However, if the periodic refresh keyword of either the frame-relay ip rtp
header-compression command or the frame-relay map ip rtp header-compression command is
configured, the ip header-compression max-time command operates on UDP and Real-Time Transport
Protocol (RTP) traffic.
Examples In the following example, the ip header-compression max-time command is configured to specify the
maximum amount of time to wait before refreshing the compressed IP header. In this configuration the
amount of time to wait is 30 seconds.
Router> enable
Router(config-if)# ip header-compression max-time 30

QOS-145

frame-relay ip rtp Enables RTP header compression for all Frame Relay maps on a physical
header-compression interface.
header-compression
disable-feedback
max-header
max-period

QOS-146
ip header-compression recoverable-loss
To enable Enhanced Compressed Real-Time Transport Protocol (ECRTP) on an interface, use the ip
header-compression recoverable-loss command in interface configuration mode. To disable ECRTP on
an interface, use the no form of this command.
ip header-compression recoverable-loss {dynamic | packet-drops}
no ip header-compression recoverable-loss
Syntax Description dynamic Dynamic recoverable loss calculation.

packet-drops Maximum number of consecutive packet drops. Ranges from 1 to 8.
Defaults When using the keyword dynamic, the default value is 4.

Usage Guidelines Enhanced CRTP reduces corruption by changing the way the compressor updates the context at the
decompressor. The compressor sends changes multiple times to keep the compressor and decompressor
synchronized. This method is characterized by the number of packet-drops that represent the quality of
the link between the hosts. By repeating the updates, the probability of context corruption due to packet
loss is minimized.
The packet-drops value is maintained independently for each context and is not required to be the same
for all contexts.
Examples In the following example, a serial interface is configured with Point-to-Point Protocol (PPP)
encapsulation, and ECRTP is enabled with dynamic loss recovery:
Router(config)# interface serial 2/0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression ietf-format
Router(config-if)# ip header-compression recoverable-loss dynamic

QOS-147

debug ip rtp error Displays RTP header compression errors.
debug ip rtp Displays events specific to RTP header compression.
header-compression
ip rtp Enables RTP header compression.
header-compression
show ip rtp Displays RTP header compression statistics.
header-compression

QOS-148
ip nbar custom
ip nbar custom
To extend the capability of network-based application recognition (NBAR) Protocol Discovery to
classify and monitor additional static port applications or to allow NBAR to classify nonsupported static
port traffic, use the ip nbar custom command in global configuration mode. To disable NBAR from
classifying and monitoring additional static port application or classifying nonsupported static port
traffic, use the no form of this command.
ip nbar custom name [offset [format value]] [variable field-name field-length]

[source | destination] [tcp | udp] [range start end | port-number]
no ip nbar custom name [offset [format value]] [variable field-name field-length]

[source | destination] [tcp | udp] [range start end | port-number]
Syntax Description name The name given to the custom protocol. This name is reflected wherever
the name is used, including NBAR Protocol Discovery, the match
protocol command, the ip nbar port-map command, and the NBAR
Protocol Discovery MIB.
The name must be no longer than 24 characters and can only contain
uppercase and lowercase letters, digits, and the underscore (_) character.
offset (Optional) A digit representing the byte location for payload inspection.
The offset function is based on the beginning of the payload directly
after the TCP or User Datagram Protocol (UDP) header.
format value (Optional) Defines the format of the value and the length of the value
that is being inspected in the packet payload. Current format options are
ascii, hex, and decimal. The length of the value is dependent on the
chosen format. The length restrictions for each format are listed below:
• ascii—Up to 16 characters can be searched. Regular expressions are
not supported.
• hex—Up to 4 bytes.
• decimal—Up to 4 bytes.
variable field-name (Optional) When the variable keyword is entered, a specific portion of
field-length the custom protocol can be treated as an NBAR-supported protocol (for
example, a specific portion of the custom protocol can be tracked using
class-map statistics and can be matched using the class-map command).
If the variable keyword is entered, the following fields must be defined:
• field-name—Provides a name for the field to search in the payload.
After a custom protocol is configured using a variable, this
field-name can be used with up to 24 different values per router
configuration.
• field-length—Enters the field length in bytes. The field length can be
up to 4 bytes, so the field-length value can be entered as 1, 2, 3, or 4.
source | destination (Optional) Specifies the direction in which packets are inspected. If
source or destination is not specified, all packets traveling in either
direction are monitored by NBAR.
tcp | udp (Optional) Specifies the TCP or the UDP implemented by the
application.

QOS-149
ip nbar custom
range start end (Optional) Specifies a range of ports that the custom application
monitors. The start is the first port in the range, and the end is the last
port in the range. One range of up to 1000 ports can be specified for each
custom protocol.
port-number (Optional) The port that the custom application monitors. Up to 16
individual ports can be specified as a single custom protocol.
Defaults If source or destination is not specified, traffic flowing in both directions is inspected if the custom
protocol is enabled in NBAR.

12.3(11)T The variable field-name field-length keyword-argument group was
introduced.
12.2(17a)SX1 This command was integrated into Cisco IOS Release 12.2(17a)SX1.
Usage Guidelines More than 30 custom applications can be created on the router.
NBAR can support up to 128 protocols total.
If the variable keyword is entered while you configure the custom protocol, traffic statistics for the
variable appear in some NBAR class map show outputs.
Up to 24 variable values per custom protocol can be expressed in class maps. For instance, in the
following configuration, 4 variables are used and 20 more “scid” values could be used.
Router(config)# ip nbar custom ftdd 23 variable scid 1 tcp range 5001 5005
Router(config)# class-map match-any active-craft

Router(config-cmap)# match protocol ftdd scid 0x15
Router(config)# class-map match-any passive-craft

Examples In the following example, the custom protocol “app_sales1” identifies TCP packets that have a source
port of 4567 and that contains the term “SALES” in the fifth byte of the payload:
Router(config)# ip nbar custom app_sales1 5 ascii SALES source tcp 4567
In the following example, the custom protocol “virus_home” identifies UDP packets that have a
destination port of 3000 and that contains “0x56” in the seventh byte of the payload:
Router(config)# ip nbar custom virus_home 7 hex 0x56 destination udp 3000

QOS-150
ip nbar custom
In the following example, the custom protocol “media_new” identifies TCP packets that have a
destination or source port of 4500 and have a value of 90 in the sixth byte of the payload:
Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500
In the following example, the custom protocol “msn1” looks for TCP packets that have a destination or
source port of 6700:
Router(config)# ip nbar custom msn1 tcp 6700
In the following example, the custom protocol “mail_x” looks for UDP packets that have a destination
port of 8202.
Router(config)# ip nbar custom mail_x destination udp 8202
In the following example, the custom protocol “mail_y” looks for UDP packets that have destination
ports between 3000 and 4000, inclusive:
Router(config)# ip nbar custom mail_y destination udp range 3000 4000
In the following example, the custom protocol “ftdd” is created by using a variable. A class map
matching this custom protocol based on the variable is also created. In this example, class map
“matchscidinftdd” matches all traffic that has the value “804” at byte 23 entering or leaving TCP ports
5001 to 5005. The variable scid is 2 bytes in length.
Router(config)# class-map matchscidinftdd

Router(config-cmap)# match protocol ftdd scid 804
The same example above can also be done using hexadecimal values in the class map as follows:

In the following example, the variable keyword is used while you create a custom protocol, and class
maps are configured to classify different values within the variable field into different traffic classes.
Specifically, in the example below, variable scid values 0x15, 0x21, and 0x27 are classified into class
map “active-craft” while scid values 0x11, 0x22, and 0x25 are classified into class map “passive-craft.”
Router(config)# class-map match-any active-craft

Router(config)# class-map match-any passive-craft


QOS-151
ip nbar pdlm
ip nbar pdlm
To extend or enhance the list of protocols recognized by network-based application recognition (NBAR)
through a Cisco-provided Packet Description Language Module (PDLM), use the ip nbar pdlm
command in global configuration mode. To unload a PDLM previously loaded, use the no form of this
command.
ip nbar pdlm pdlm-name
no ip nbar pdlm pdlm-name
Syntax Description pdlm-name URL at which the PDLM can be found on the flash card.

12.0(5)XE2 This command was introduced.
12.1(13)E This command was implemented on Catalyst 6000 family switches
without FlexWAN modules.
Usage Guidelines The ip nbar pdlm command is used to extend the list of protocols recognized by a given version of
NBAR or to enhance an existing protocol recognition capability. NBAR can be given an external PDLM
at run time. In most cases, the PDLM enables NBAR to recognize new protocols without requiring a new
Cisco IOS image or a router reload. Only Cisco can provide you with a new PDLM.
A list of the available PDLMs can be viewed online at Cisco.com.
Examples The following example configures NBAR to load the citrix.pdlm PDLM from flash memory on the
router:
ip nbar pdlm flash://citrix.pdlm

show ip nbar pdlm Displays the current PDLM in use by NBAR.

QOS-152
ip nbar port-map
ip nbar port-map
To configure network-based application recognition (NBAR) to search for a protocol or protocol name
using a port number other than the well-known port, use the ip nbar port-map command in global
configuration mode. To look for the protocol name using only the well-known port number, use the no
ip nbar port-map protocol-name [tcp | udp] port-number
no ip nbar port-map protocol-name [tcp | udp] port-number
Syntax Description protocol-name Name of protocol known to NBAR.

tcp (Optional) Specifies that a TCP port will be searched for the specified
protocol-name argument.
udp (Optional) Specifies that a User Datagram Protocol (UDP) port will be
searched for the specified protocol-name argument.
port-number Assigned port for named protocol. The port-number argument is either
a UDP or a TCP port number, depending on which protocol is specified
in this command line. Up to 16 port-number arguments can be specified
in one command line. Port number values can range from 0 to 65535.

Usage Guidelines The ip nbar port-map command is used to tell NBAR to look for the protocol or protocol name, using
a port number or numbers other than the well-known Internet Assigned Numbers Authority
(IANA)-assigned) port number. For example, use this command to configure NBAR to look for Telnet
on a port other than 23. Up to 16 ports can be specified with this command.

QOS-153
ip nbar port-map
Some of the NBAR protocols look at the ports as well as follow the heuristic approach for traffic
classification. If you apply different ports to a protocol using the ip nbar port-map command, the
heuristic nature of the protocol does not change. The advantage to adding a port number is better
performance.
You can remove well-known ports from a predefined port map only if you first set the predefined port
map to a port not belonging to any existing port map. For example, if you want to define a custom port
map X and also associate it with port 20, you get an error saying that it is not possible. However, if you
associate port map A with another port first, such as port 100, and then remove its association with port
20, you can associate custom port map X with port 20.
Examples The following example configures NBAR to look for the protocol Structured Query Language
(SQL)*NET on port numbers 63000 and 63001 instead of on the well-known port number:
ip nbar port-map sqlnet tcp 63000 63001

show ip nbar port-map Displays the current protocol-to-port mappings in use by NBAR.

QOS-154
ip nbar protocol-discovery
To configure Network-Based Application Recognition (NBAR) to discover traffic for all protocols that
are known to NBAR on a particular interface, use the ip nbar protocol-discovery command in interface
configuration mode or VLAN configuration mode. To disable traffic discovery, use the no form of this
command.
no ip nbar protocol-discovery
Command Default Traffic discovery is disabled.

VLAN configuration (config-vlan)—Catalyst switches only

12.2(18)ZYA This command was integrated into Cisco IOS Release 12.2(18)ZYA.
Support for Layer 2 Etherchannels, Layer 3 Etherchannels, and VLAN
configuration mode was provided (Catalyst switches only).
Usage Guidelines Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all
protocols that are known to NBAR. Protocol discovery provides an easy way to discover application
protocols transiting an interface so that QoS policies can be developed and applied. The protocol
discovery feature discovers any protocol traffic supported by NBAR. Protocol discovery can be used to
monitor both input and output traffic and may be applied with or without a service policy enabled.
Layer 2/3 Etherchannel Support

With Cisco IOS Release 12.2(18)ZYA, intended for use on the Cisco 6500 series switch that is equipped
with a Supervisor 32/PISA, the ip nbar protocol-discovery command is supported on both Layer 2 and
Layer 3 Etherchannels.

QOS-155
Examples The following example configures protocol discovery on an Ethernet interface:

Router> enable
Router(config)# interface ethernet 2/4
Router(config-if)# ip nbar protocol-discovery

show ip nbar protocol-discovery Displays the statistics gathered by the NBAR Protocol
Discovery feature.

QOS-156
ip nbar resources
ip nbar resources
The ip nbar resources command is replaced by the ip nbar resources protocol and the ip nbar
resources system commands. See the ip nbar resources protocol and the ip nbar resources system
commands for more information.

QOS-157
ip nbar resources protocol

To set the expiration time for network-based application recognition (NBAR) flow-link tables on a
protocol basis, use the ip nbar resources protocol command in global configuration mode. To set the
expiration time to its default value, use the no form of this command.
ip nbar resources protocol link-age [protocol-name]
no ip nbar resources protocol
Syntax Description link-age Time, in seconds, at which the links for a protocol are aged (expire). The
range of values is from 1 to 1000000000. The default is 30.
Note The link-age argument must be a multiple of the value currently set
in the ip nbar resources system system-link-age command. For
example, if you set the system-link-age argument to 30, then the
range of values for the link-age argument is 30, 60, 90, 120, and so
on.
protocol-name (Optional) Name of the protocol as registered in a loaded Protocol
Description Language (PDL) module.
Note To display a list of supported protocols, enter the match protocol ?
or the show ip nbar port-map commands.
Command Default The default link age for all protocols is 120 seconds upon NBAR activation.

Usage Guidelines You must enter a value for the link-age argument that is a multiple of the system-link-age argument that
you set using the ip nbar resources system command. In other words, the protocol link age is dependent
upon the system link age.
The system link age defaults to 30 seconds, and each protocol defaults to 120 seconds. Internally, each
protocol then has a link age value of 4 seconds; that is, 120/30. If you change the system link age, the
protocol link age becomes whatever the new system link age is times 4. For example, if the system link
age is 30 and each protocol is set to 240, the internal protocol link age is 8; that is, 240/30. Then if you
change the system link age, the protocol link age becomes whatever the new system link age is times 8.
If you enter an invalid value for the link-age argument, the following error message displays:
%NBAR ERROR: protocol link age entered must be an even multiple of the system link age,
<system link age>
The no form of this command must include the link-age argument to set the protocol link age of the
specific protocol or all protocols with the specified link age to zero.

QOS-158
If you omit the optional protocol-name argument, all protocols update to the specified link age value.
If you enter a protocol name that does not exist, the following error message displays:
%NBAR ERROR: <entered string> is not a valid protocol
In addition to resetting the link age in all state nodes associated with a specified protocol, the protocol
name along with its link age is saved in NVRAM for potential router system resets.
Examples In the following example, the link age for the kazaa2 protocol is set to 180 seconds:
Router(config)# ip nbar resources protocol 180 kazaa2
In the following example, the link age for all protocols is set to 360 seconds:
Router(config)# ip nbar resources protocol 360

ip nbar resources Sets the expiration time and memory requirements for NBAR flow-link
system tables on a systemwide basis.

QOS-159
ip nbar resources system

To set the expiration time and memory requirements for network-based application recognition (NBAR)
flow-link tables on a systemwide basis, use the ip nbar resources system command in global
configuration mode. To remove the active links, use the no form of this command.
ip nbar resources system system-link-age initial-memory exp-memory
no ip nbar resources system
Syntax Description system-link-age Time, in seconds, at which the links for a system are aged (expire). The range
of values is from 10 to 86400. The default is 30.
initial-memory Size of memory, in kilobytes, allocated for the links at initialization. The
range of values is from 1 to 30000. The default is 10 percent of the total
amount of free memory at system initialization and varies from platform to
platform.
exp-memory Size of memory, in kilobytes, that can be expanded if NBAR detects that
more space is needed for the links. The range of values is from 0 to 112. The
default is 112.
Note The default is based on the size of an internal NBAR structure and
may change in future releases.
Command Default The default system link age is 30 seconds upon NBAR activation.

Usage Guidelines Because the ip nbar resources system command affects NBAR on a systemwide basis, you should not
change the parameters arbitrarily. Doing so may cause NBAR to perform inefficiently or incorrectly. The
default values are effective in most instances.
Examples In the following example, the system link age is 30 seconds, the initial memory is 200 kilobytes, and the
expanded memory is 112 kilobytes:
Router(config)# ip nbar resources system 30 200 112

QOS-160

ip nbar resources Sets the expiration time for NBAR flow-link tables on a protocol basis.
protocol

QOS-161
ip options
ip options
To drop or ignore IP options packets that are sent to the router, use the ip options command in global
configuration mode. To disable this functionality and allow all IP options packets to be sent to the router,
ip options {drop | ignore}
no ip options {drop | ignore}
Syntax Description drop Router drops all IP options packets that it receives.
ignore Router ignores all options and treats the packets as though they did not have
any IP options. (The options are not removed from the packet—just
ignored.)
Note This option is not available on the Cisco 10000 series router.
Defaults This command is not enabled.

12.2(27)SBC This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.3(19) This command was integrated into Cisco IOS Release 12.3(19).
12.2(31)SB2 This command was integrated into Cisco IOS Release 12.2(31)SB2 for the
PRE3.
Usage Guidelines The ip options command allows you to filter IP options packets, mitigating the effects of IP options on
the router, and on downstream routers and hosts.
Drop and ignore modes are mutually exclusive; that is, if the drop mode is configured and you configure
the ignore mode, the ignore mode overrides the drop mode.
Cisco 10720 Internet Router

The ip options ignore command is not supported. Only drop mode (the ip options drop command) is
supported.

This command is only available on the PRE3. The PRE2 does not support this command.

QOS-162
ip options
The ip options ignore command is not supported. The router supports only the ip options drop
command.
Examples The following example shows how to configure the router (and downstream routers) to drop all options
packets that enter the network:
ip options drop
% Warning:RSVP and other protocols that use IP Options packets may not function in drop or
ignore modes.
end

QOS-163
ip rsvp admission-control compression predict

To configure Resource Reservation Protocol (RSVP) admission control compression prediction, use the
ip rsvp admission-control compression predict command in interface configuration mode. To disable
compression prediction, use the no form of this command.
ip rsvp admission-control compression predict [method {rtp | udp} [bytes-saved N]]
no ip rsvp admission-control compression predict [method {rtp | udp} [bytes-saved N]]
Syntax Description method (Optional) Type of compression used.

rtp | udp Real-Time Transport Protocol (RTP) or User Data Protocol (UDP)
compression schemes.
bytes-saved N (Optional) Predicted number of bytes saved per packet when RSVP predicts
that compression will occur using the specified method. Values for N for
RTP are 1 to 38; for UDP, 1 to 26.
Defaults This command is enabled by default. The default value of bytes saved for RTP is 36; for UDP, 20.

Usage Guidelines Use the ip rsvp admission-control compression predict command to disable or enable the RSVP
prediction of compression for a specified method or all methods if neither rtp nor udp is selected. You
can adjust the default compressibility parameter that RSVP uses to compute the compression factor for
each flow.
If you use the ip rsvp admission-control compression predict command to change the compression
method or the number of bytes saved per packet, these values affect only new flows, not existing
ones.
There are two approaches to compression—conservative and aggressive. When you predict compression
conservatively, you assume savings of fewer bytes per packet, but receive a higher likelihood of
guaranteed quality of service (QoS). You are allowed more bandwidth per call, but each link
accommodates fewer calls. When you predict compression aggressively, you assume savings of more
bytes per packet, but receive a lower likelihood of guaranteed QoS. You are allowed less bandwidth per
call, but each link accommodates more calls.
Examples The following command sets the compressibility parameter for flows using the RTP method to 30 bytes
saved per packet:
Router(config-if)# ip rsvp admission-control compression predict method rtp bytes-saved 30

QOS-164
The following command sets the compressibility parameter for flows using the UDP method to 20 bytes
saved per packet:
Router(config-if)# ip rsvp admission-control compression predict method udp bytes-saved 20
The following command disables RTP header compression prediction:

Router(config-if)# no ip rsvp admission-control compression predict method rtp
The following command disables UDP header compression prediction:

Router(config-if)# no ip rsvp admission-control compression predict method udp
Note Disabling the compressibility parameter affects only those flows using the specified method.

show ip rtp Displays statistics about RTP header compression.
header-compression

QOS-165
ip rsvp aggregation ip
To enable Resource Reservation Protocol (RSVP) aggregation on a router, use the ip rsvp aggregation
ip command in global configuration mode. To disable RSVP aggregation, use the no form of this
command.
no ip rsvp aggregation ip
Command Default RSVP aggregation is disabled.
Command Modes Global configuration (config)

12.2(33)SRC This command was introduced.
Usage Guidelines When you enable aggregation on a router, the router can act as an aggregator, a deaggregator, or an
interior router. To perform aggregator and deaggregator functions, the RSVP process must see messages
with the RSVP-E2E-IGNORE protocol type (134) on a router; otherwise, the messages are forwarded as
data by the router’s data plane. The ip rsvp aggregation ip command enables RSVP to identify messages
with the RSVP-E2E-IGNORE protocol. You then configure additional commands to specify the
aggregation and deaggregation behavior of end-to-end (E2E) reservations.
The ip rsvp aggregation ip command registers a router to receive RSVP-E2E-IGNORE messages. It is
not necessary to issue this command on interior routers because they are only processing RSVP
aggregate reservations. If you do so, you may decrease performance because the interior router will then
unnecessarily process all the RSVP-E2E-IGNORE messages.
Note If you enable RSVP aggregation globally on an interior router, then you should configure all interfaces
as interior. Otherwise, interfaces default to exterior and discard RSVP-E2E-IGNORE packets.
Examples The following example shows how to enable RSVP aggregation on a router:
Router(config)# ip rsvp aggregation ip

QOS-166

show ip rsvp Displays RSVP summary aggregation information.
aggregation ip

QOS-167
ip rsvp aggregation ip map

To configure Resource Reservation Protocol (RSVP) aggregation rules that tell a router how to map
end-to-end (E2E) reservations onto aggregate reservations, use the ip rsvp aggregation ip map
command in global configuration mode. To disable RSVP aggregation mapping rules, use the no form
of this command.
ip rsvp aggregation ip map {access-list {acl-number} | any} dscp value
no ip rsvp aggregation ip map {access-list {acl-number} | any} dscp value
Syntax Description access-list Specifies an access control list (ACL).

acl-number Number of the ACL. Values are 1 to 199.
any Indicates the match criteria used if all reservations between an aggregator
and a deaggregator are to be aggregated onto a single DSCP.
dscp value Specifies the differentiated services code point (DSCP). Values can be the
following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af1 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
Command Default No aggregation mapping rules are configured.

Usage Guidelines Use the ip rsvp aggregation ip map command to configure a single global rule for mapping E2E
reservations onto aggregates.
Before using the ip rsvp aggregation ip map command, you should configure an ACL to define a group
of RSVP endpoints whose reservations are to be aggregated onto a single DSCP. The ACL can be a
standard or extended ACL and matches as follows:
Standard ACLs
• IP address matches the RSVP PATH message sender template or RSVP RESV message filter spec;
this is the IP source address or the RSVP sender.

QOS-168
Extended ACLs
The ACLs used within the ip rsvp aggregation ip map command match the RSVP message objects as
follows for an extended ACL:
• Source IP address and port match the RSVP PATH message sender template or RSVP RESV
message filter spec; this is the IP source or the RSVP sender.
• Destination IP address and port match the RSVP PATH/RESV message session object IP address;
this is the IP destination address or the RSVP receiver.
• Protocol matches the RSVP PATH/RESV message session object protocol; if protocol = IP, then it
matches the source or destination address as above.
Note In classic (unaggregated) RSVP, a session is identified in the reservation message session object by the
destination IP address and protocol information. In RSVP aggregation, a session is identified by the
destination IP address and DSCP within the session object of the aggregate RSVP message. E2E
reservations are mapped onto a particular aggregate RSVP session identified by the E2E reservation
session object alone or a combination of the session object and sender template or filter spec.
Examples In the following example, access list 1 is defined for all RSVP messages whose RSVP PATH message
session object destination address is in the 10.1.0.0 subnet so that the deaggregator maps those
reservations onto an aggregate reservation for the DSCP associated with the AF41 per hop behavior:
Router(config)# access-list 1 permit host 10.1.0.0 0.0.255.255
Router(config)# ip rsvp aggregation ip map access-list 1 dscp af41
In the following example, all reservations between an aggregator and a deaggregator are to be aggregated
onto a single DSCP:
Router(config)# ip rsvp aggregation ip map any dscp af41

ip rsvp aggregation ip Enables RSVP aggregation on a router.
aggregation ip

QOS-169
ip rsvp aggregation ip reservation dscp traffic-params static rate
ip rsvp aggregation ip reservation dscp traffic-params static

rate
To configure Resource Reservation Protocol (RSVP) aggregate reservation attributes (also called token
bucket parameters) on a per-differentiated services code point (DSCP) basis, use the ip rsvp
aggregation ip reservation dscp traffic-params static rate command in global configuration mode. To
remove aggregation reservation attributes, use the no form of this command.
ip rsvp aggregation ip reservation dscp value [aggregator agg-ip-address] traffic-params static

rate data-rate [burst burst-size] [peak peak-rate]
no ip rsvp aggregation ip reservation dscp value [aggregator agg-ip-address] traffic-params

static rate data-rate [burst burst-size] [peak peak-rate]
Syntax Description value The differentiated services code point (DSCP) for aggregate reservations.
Values can be the following:
aggregator (Optional) Specifies the IP address of the aggregator for which the data-rate,
agg-ip-address burst-size, and peak-rate traffic parameters apply.
Note If omitted, all aggregate reservations to an deaggregator use the same
token bucket parameters.
data-rate The average data rate, which is a bandwidth number of kilobits per second
from 1 to 10000000.
burst-size (Optional) The data burst size, which is a number of kilobytes from 1 to
8192.
Note If omitted, this value is equal to the aggregate rate value.
peak-rate (Optional) The peak data rate, which is a bandwidth number of kilobits per
second from 1 to 10000000.
Note If omitted, this value is equal to the aggregate rate value.
Command Default No aggregation reservation attributes (token bucket parameters) are configured.


QOS-170
ip rsvp aggregation ip reservation dscp traffic-params static rate
Usage Guidelines Because Cisco IOS Release 12.2(33)SRC does not support dynamic resizing of aggregate reservations,
you issue the ip rsvp aggregation ip reservation dscp traffic-params static rate command to
configure the token bucket parameters statically.
The data-rate, burst-size, and peak-rate parameters are required on deggregators to help construct the
flowspec object for aggregate RESV messages. Existing RSVP procedures specify that the size of a
reservation established for a flow is set to the minimum of the PATH sender_tspec and the RESV
flowspec. So if the aggregate PATH sender_tspec data-rate, burst-size, or peak-rate parameters are
greater than the data-rate, burst-size, or peak-rate parameters configured on the deaggregator, the
aggregate RESV flowspec object will contain the minimum of data-rate, burst-size, and peak-rate from
the PATH message and the configured values.
When the aggregate reservation size is changed to a value less strict than the total bandwidth of the
end-to-end (E2E) reservations mapped to the aggregate, preemption may occur.
When the aggregate bandwidth is lowered, if preemption is required and has not been enabled by issuing
the ip rsvp policy preempt command, then the change is rejected and the following messages may
appear:
RSVP:AGG: Command not accepted.
RSVP-AGG: This change requires some E2E reservations to be removed and
RSVP:AGG: preemption is not enabled. Issue 'ip rsvp policy preempt'
RSVP:AGG: in order to make this change.
Examples In the following example, the aggregate RESV message for an aggregate reservation established with
aggregator 10.10.10.10 for DSCP = AF11 includes a flowspec that requests an average rate and peak rate
of 100K bps and a burst size of 8 KB:
Router(config)# ip rsvp aggregation ip reservation dscp af11 aggregator 10.10.10.10
traffic-params static rate 10 burst 8 peak 10

ip rsvp policy preempt Redistributes bandwidth from lower-priority reservations to high-priority
reservations.
aggregation ip

QOS-171
ip rsvp aggregation ip role interior

To configure Resource Reservation Protocol (RSVP) aggregation on aggregator and deaggregator
interior routers facing an aggregation region, use the ip rsvp aggregation ip role interior command in
interface configuration mode. To disable RSVP aggregation on aggregator and deaggregator routers, use
no ip rsvp aggregation ip role interior
Command Default RSVP aggregation is not configured on aggregator and deaggregator interior routers.

Usage Guidelines This command does not have any effect on a router until end-to-end (E2E) messages arrive on an
interface.
If a router is an interior node for all E2E flows, you do not have to configure any aggregation commands.
RSVP will not get notifications on any of the RSVP-E2E-IGNORE messages that are forwarded as IP
datagrams; however, because the router is loaded with an image that supports aggregation, the router will
process aggregate signaling messages correctly.
If you enable aggregation on an interior node, all its interfaces must be configured as interior. Otherwise,
all the interfaces have the exterior role, and any E2E Path (E2E-IGNORE) messages arriving at the router
are discarded.
In summary, there are two options for an interior router:
• No RSVP aggregation configuration commands are entered.
• Aggregation is enabled and all interfaces are configured as interior.
If the interior role of an interface is unconfigured, all aggregate and E2E reservations installed on that
interface are brought down.
Additional Required Configuration Commands

If you enable aggregation on any RSVP interface on an aggregator or deaggregator as well as interfaces
of interior routers, you must also configure the following commands:
• ip rsvp resource-provider none
• ip rsvp data-packet classification none

QOS-172
The reason for configuring these commands is because Cisco IOS Release 12.2(33)SRC supports control
plane aggregation only. The RSVP data packet classifier does not support aggregation. Data plane
aggregation must be achieved by using the RSVP Scalability Enhancements feature.
Examples The following example shows how to configure the Ethernet 0/0 interface on an aggregator or
deaggregator interior router:
Router(config)# interface Ethernet0/0
Router(config-if)# ip rsvp aggregation ip role interior

ip rsvp data-packet Disables RSVP data packet classification.
classification none
ip rsvp Configures a resource provider for an aggregate flow.
resource-provider
none
aggregation ip

QOS-173
ip rsvp atm-peak-rate-limit
To set a limit on the peak cell rate (PCR) of reservations for all newly created Resource Reservation
Protocol (RSVP) switched virtual circuits (SVCs) established on the current interface or any of its
subinterfaces, use the ip rsvp atm-peak-rate-limit command in interface configuration mode. To
remove the current peak rate limit, in which case the reservation peak rate is limited by the line rate, use
ip rsvp atm-peak-rate-limit limit
no ip rsvp atm-peak-rate-limit
Syntax Description limit The peak rate limit of the reservation specified, in KB. The minimum value allowed is
1 KB; the maximum value allowed is 2 GB.
Command Default The peak rate of a reservation defaults to the line rate.

Usage Guidelines Each RSVP reservation corresponds to an ATM SVC with a certain peak cell rate (PCR), sustainable cell
rate (SCR), and maximum burst size. The PCR, also referred to as the peak rate, can be configured by
the user or allowed to default to the line rate.
RSVP controlled-load reservations do not define any peak rate for the data. By convention, the allowable
peak rate in such reservations is taken to be infinity, which is usually represented by a very large number.
Under these circumstances, when a controlled-load reservation is converted to an ATM SVC, the PCR
for the SVC becomes correspondingly large and may be out of range for the switch. You can use the ip
rsvp atm-peak-rate-limit command to limit the peak rate.
The following conditions determine the peak rate limit on the RSVP SVC:
• The peak rate defaults to the line rate.
• If the peak rate is greater than the configured peak rate limiter, the peak rate is lowered to the peak
rate limiter.
• The peak rate cannot be less than the reservation bandwidth. If this is the case, the peak rate is raised
to the reservation bandwidth.

QOS-174
Note Bandwidth conversions applied to the ATM space from the RSVP space are also applied to the peak rate.
The peak rate limit is local to the router; it does not affect the normal messaging of RSVP. Only the SVC
setup is affected. Large peak rates are sent to the next host without modification.
For RSVP SVCs established on subinterfaces, the peak rate limit applied to the subinterface takes effect
on all SVCs created on that subinterface. If a peak rate limit is applied to the main interface, the rate
limit has no effect on SVCs created on a subinterface of the main interface even if the limit value on the
main interface is lower than the limit applied to the subinterface.
For a given interface or subinterface, a peak rate limit applied to that interface affects only new SVCs
created on the interface, not existing SVCs.
Note This command is available only on interfaces that support the ip rsvp svc-required command.
Use the show ip rsvp atm-peak-rate-limit command to determine the peak rate limit set for an interface
or subinterface, if one is configured.
Examples The following configuration sample sets the peak rate limit for ATM interface 2/0/0.1 to 100 KB:
interface atm2/0/0.1
ip rsvp atm-peak-rate-limit 100

ip rsvp svc-required Enables creation of an SVC to service any new RSVP reservation made on
the interface or subinterface.
show ip rsvp interface Displays RSVP-related interface information.

QOS-175
ip rsvp authentication
To activate Resource Reservation Protocol (RSVP) cryptographic authentication, use the ip rsvp
authentication command in interface configuration mode. To deactivate authentication, use the no form
of this command.
no ip rsvp authentication
Command Default RSVP cryptographic authentication is deactivated.

Usage Guidelines Use the ip rsvp authentication command to deactivate and then reactivate RSVP authentication without
reentering the other RSVP authentication configuration commands. You should not enable
authentication unless you have previously configured a key. If you issue this command before the ip rsvp
authentication key command, you get a warning message indicating that RSVP discards all messages
until you specify a key. The no ip rsvp authentication command disables RSVP cryptographic
authentication. However, the command does not automatically remove any other authentication
parameters that you have configured. You must issue a specific no ip rsvp authentication command;
for example, no ip rsvp authentication key, no ip rsvp authentication type, or no ip rsvp
authentication window-size, if you want to remove them from the configuration.
The ip rsvp authentication command is similar to the ip rsvp neighbor command. However, the ip
rsvp authentication command provides better authentication and performs system logging.
Examples The following command activates authentication on an interface:

Router(config-if)# ip rsvp authentication
The following command deactivates authentication on an interface:

Router(config-if)# no ip rsvp authentication

QOS-176

ip rsvp authentication key Specifies the key (string) for the RSVP authentication algorithm.
ip rsvp authentication type Specifies the algorithm used to generate cryptographic signatures in
RSVP messages.
ip rsvp authentication Specifies the maximum number of RSVP authenticated messages that
window-size can be received out of order.
ip rsvp neighbor Enables neighbors to request a reservation.

QOS-177
ip rsvp authentication challenge

To make Resource Reservation Protocol (RSVP) perform a challenge-response handshake with any new
RSVP neighbors on a network, use the ip rsvp authentication challenge command in interface
configuration mode. To disable the challenge-response handshake, use the no form of this command.
no ip rsvp authentication challenge
Command Default The challenge-response handshake initiated by this command is disabled.

Usage Guidelines The ip rsvp authentication challenge command requires RSVP to perform a challenge-response
handshake with any new RSVP neighbors that are discovered on a network. Such a handshake allows the
router to thwart RSVP message replay attacks while booting, especially if there is a long period of inactivity
from trusted RSVP neighbors following the reboot. If messages from trusted RSVP neighbors arrive very
quickly after the router reboots, then challenges may not be required because the router will have
reestablished its security associations with the trusted nodes before the untrusted nodes can attempt replay
attacks.
If you enable RSVP authentication globally on an interface over which a Multiprotocol Label Switching
(MPLS) Traffic Engineering (TE) label switched path (LSP) travels and the router on which
authentication is enabled experiences a stateful switchover (SSO), the following occurs:
• If challenges are disabled (you did not specify the ip rsvp authentication challenge command), the
LSP recovers properly.
• If challenges are enabled (you specified the ip rsvp authentication challenge command), more
RSVP signaling messages are required and the LSP takes longer to recover or the forwarding state
may time out and the LSP does not recover. If a timeout occurs, data packet forwarding is interrupted
while the headend router signals a new LSP.
If you enable RSVP authentication challenges, you should consider enabling RSVP refresh reduction by
using the ip rsvp signalling refresh reduction command. While a challenge handshake is in progress,
the receiving router that is initiating the handshake discards all RSVP messages from the node that is
being challenged until the handshake-initiating router receives a valid challenge response.

QOS-178
Note If a neighbor does not reply to the first challenge message after 1 second, the Cisco IOS software sends
another challenge message and waits 2 seconds. If no response is received to the second challenge, the
Cisco IOS software sends another and waits 4 seconds. If no response to the third challenge is received,
the Cisco IOS software sends a fourth challenge and waits 8 seconds. If there is no response to the fourth
challenge, the Cisco IOS software stops the current challenge to that neighbor, logs a system error
message, and does not create a security association for that neighbor. This kind of exponential backoff
is used to recover from challenges dropped by the network or busy neighbors.
Activating refresh reduction enables the challenged node to resend dropped messages more quickly once
the handshake has completed. This causes RSVP to reestablish reservation state faster when the router
reboots.
Enable authentication challenges wherever possible to reduce the router’s vulnerability to replay attacks.
Examples The following command shows how to enable RSVP to perform a challenge-response handshake:
Router(config-if)# ip rsvp authentication challenge

ip rsvp signalling Enables RSVP refresh reduction.
refresh reduction

QOS-179
ip rsvp authentication key

To specify the key (string) for the Resource Reservation Protocol (RSVP) authentication algorithm, use
the ip rsvp authentication key command in interface configuration mode. To disable the key, use the
ip rsvp authentication key pass-phrase
no ip rsvp authentication key
Syntax Description pass-phrase Phrase that ranges from 8 to 40 characters. See “Usage Guidelines” for
additional information.
Command Default No key is specified.

Usage Guidelines Use the ip rsvp authentication key command to select the key for the authentication algorithm. This
key is a passphrase of 8 to 40 characters. It can include spaces; quotes are not required if spaces are used.
The key can consist of more than one word. We recommend that you make the passphrase as long as
possible. This key must be the same for all RSVP neighbors on this interface. As with all passwords, you
should choose them carefully so that attackers cannot easily guess them.
Here are some guidelines:
• Use a mixture of upper- and lowercase letters, digits, and punctuation.
• If using just a single word, do not use a word contained in any dictionary of any language, spelling
lists, or other lists of words.
• Use something easily remembered so you do not have to write it down.
• Do not let it appear in clear text in any file or script or on a piece of paper attached to a terminal.
By default, RSVP authentication keys are stored in clear text in the router configuration file, but they
can optionally be stored as encrypted text in the configuration file. To enable key encryption, use the
global configuration key config-key 1 string command. After you enter this command, the passphrase
parameter of each ip rsvp authentication key command is encrypted with the Data Encryption Standard
(DES) algorithm when you save the configuration file. If you later issue a no key config-key 1 string
command, the RSVP authentication key is stored in clear text again when you save the configuration.

QOS-180
The string argument is not stored in the configuration file; it is stored only in the router’s private
NVRAM and will not appear in the output of a show running-config or show config command.
Therefore, if you copy the configuration file to another router, any encrypted RSVP keys in that file will
not be successfully decrypted by RSVP when the router boots and RSVP authentication will not operate
correctly. To recover from this, follow these steps on the new router:
1. For each RSVP interface with an authentication key, issue a no ip rsvp authentication key
command to clear the old key.
2. For that same set of RSVP interfaces, issue an ip rsvp authentication key command to reconfigure
the correct clear text keys.
3. Issue a global key config-key 1 string command to reencrypt the RSVP keys for the new router.
4. Save the configuration.
Examples The following command sets the passphrase to 11223344 in clear text:
Router(config-if)# ip rsvp authentication key 11223344
To encrypt the authentication key, issue the key config-key 1 string command as follows:
Router(config)# key config-key 1 11223344
Router(config)# end

key config-key Defines a private DEF key for the router.

QOS-181
ip rsvp authentication key-chain

To specify a list of keys for the Resource Reservation Protocol (RSVP) neighbors, use the ip rsvp
authentication key-chain command in global configuration mode. To disable the key chain, use the no
form of this command. To set the key chain to its default, use the default form of this command.
ip rsvp authentication key-chain string
no ip rsvp authentication key-chain
default ip rsvp authentication key-chain
Syntax Description string Name of key chain; must have at least one key, but can have up to
2,147,483647 keys.
Command Default No key chain is specified.

Usage Guidelines Use the ip rsvp authentication key-chain command to select the key chain.
Note You cannot use the ip rsvp authentication key and the ip rsvp authentication key-chain commands
on the same router interface. The commands supersede each other; however, no error message is
generated.
Examples The following commands set the key chain to RSVPkey for neighbor authentication:
Router(config)# ip rsvp authentication neighbor address 10.1.1.1 key-chain RSVPkey
or
Router(config)# ip rsvp authentication neighbor access-list 1 key-chain RSVPkey
The following command sets the global default key chain to RSVPkey:
Router(config)# ip rsvp authentication key-chain RSVPkey

QOS-182

ip rsvp authentication Specifies the interface key (string) for the RSVP authentication algorithm.
key
show key chain Displays authentication key information.

QOS-183
ip rsvp authentication lifetime

To control how long Resource Reservation Protocol (RSVP) maintains security associations with other
trusted RSVP neighbors, use the ip rsvp authentication lifetime command in interface configuration
mode. To disable the lifetime setting, use the no form of this command.
ip rsvp authentication lifetime hh:mm:ss
no ip rsvp authentication lifetime hh:mm:ss
Syntax Description hh:mm:ss Hours: minutes: seconds that RSVP maintains security associations with
other trusted RSVP neighbors. The range is 1 second to 24 hours. The
default is 30 minutes.
Command Default If you do not specify a security association lifetime setting, 30 minutes is used.

Usage Guidelines Use the ip rsvp authentication lifetime command to indicate when to end security associations with
RSVP trusted neighbors. If an association’s lifetime expires, but at least one valid, RSVP authenticated
message was received in that time period, RSVP resets the security association’s lifetime to this
configured value. When a neighbor stops sending RSVP signaling messages (that is, the last reservation
has been torn down), the memory used for the security association is freed as well as when the
association’s lifetime period ends. The association can be re-created if that RSVP neighbor resumes its
signaling. Setting the lifetime to shorter periods allows memory to be recovered faster when the router
is handling a lot of short-lived reservations. Setting the lifetime to longer periods reduces the workload
on the router when establishing new authenticated reservations.
Use the clear ip rsvp authentication command to free security associations before their lifetimes
expire.
Examples The following command sets the lifetime period for 30 minutes and 5 seconds:
Router(config-if)# ip rsvp authentication lifetime 00:30:05

QOS-184

clear ip rsvp Eliminates RSVP security associations before their lifetimes expire.
authentication

QOS-185
ip rsvp authentication neighbor

To activate Resource Reservation Protocol (RSVP) cryptographic authentication for a neighbor, use the ip
rsvp authentication neighbor command in global configuration mode. To deactivate authentication for
a neighbor, use the no form of this command. To set this command to the global default, use the default
ip rsvp authentication neighbor [{access-list acl-name-or-number} | {address address}] [challenge]

[key-chain name] [type {md5 | sha-1}] [window-size number-of-messages]
no ip rsvp authentication neighbor
default ip rsvp authentication neighbor
Syntax Description access-list A standard numbered or named IP access list that describes the set of
acl-name-or-number neighbor IP addresses that share this key.
address address A single IP address for a specific neighbor; usually one of the neighbor’s
physical or logical (loopback) interfaces.
challenge (Optional) Requires RSVP to perform a challenge-response handshake with
an RSVP neighbor for which RSVP does not have an existing security
association in memory.
key-chain name (Optional) The name of a key chain that contains the set of keys to be used
to communicate with the neighbor.
type (Optional) The algorithm to generate cryptographic signatures in RSVP
messages.
md5 (Optional) RSA Message Digest 5 algorithm.
sha-1 (Optional) National Institute of Standards and Technologies (NIST) Secure
Hash Algorithm-1; it is newer and more secure than md5.
window-size (Optional) The maximum number of authenticated messages that can be
number-of-messages received out of order. The range is 1 to 64, with a default of 1.
Command Default Neighbor cryptographic authentication is disabled.

Usage Guidelines If you omit the optional keywords, the ip rsvp authentication neighbor command enables RSVP
cryptographic authentication for a neighbor. Using the optional keywords inherits the global defaults.

QOS-186
In order to enable per-neighbor authentication, you must issue the ip rsvp authentication neighbor
command (or the no ip rsvp authentication neighbor command to disable authentication). If you issue
the ip rsvp authentication command without neighbor, then this command enables authentication for
all neighbors and interfaces, regardless of whether there are any per-neighbor or per-interface keys
defined. If you issue the ip rsvp authentication neighbor command, then authentication is enabled only
for that neighbor.
Access Control Lists

A single ACL can describe all the physical and logical interfaces that one neighbor can use to receive
RSVP messages from a router; this can be useful when multiple routes exist between two neighbors. One
ACL could also specify a number of different neighbors who, along with your router, will share the same
key(s); however, this is generally not considered to be good network security practice.
If numbered, the ACL must be in the 1 to 99 range or the 1300 to 1999 range, giving a total of 798
numbered ACLs that can be used to configure neighbor keys (assuming some of them are not being used
for other purposes). There is no enforced limit on the number of standard named IP ACLs. The IP
addresses used in the ACL should contain at least the neighbor’s physical interface addresses; router ID
addresses can be added if necessary, especially when using Multi-Protocol Label Switching (MPLS)
Traffic Engineering (TE).
The existing ip access-list standard command must be used for creating named or numbered standard
IP ACLs for RSVP neighbors because standard ACLs deal with just source or destination addresses
while extended ACLs deal with five tuples and are more complex to configure. The RSVP CLI returns
an error message if any type of ACL other than standard is specified; for example,
Router(config)# ip rsvp authentication neighbor access-list 10 key-chain wednesday
% Invalid access list name.

RSVP error: unable to find/create ACL
Named standard IP ACLs are also recommended because you can include the neighbor router’s hostname
as part of the ACL name, thereby making it easy to identify the per-neighbor ACLs in your router
configuration.
The RSVP CLI displays an error message if a valid named or numbered ACL is specified, but a
nonexistent or invalid key chain has not been associated with it, since the lack of a key chain could cause
RSVP messages to or from that neighbor to be dropped; for example,
Router(config)# ip rsvp authentication neighbor access-list myneighbor key-chain xyz
RSVP error: Invalid argument(s)
Key Chains
In the key-chain parameter, the keys are used in order of ascending expiration deadlines. The only
restriction on the name is that it cannot contain spaces. The key-chain parameter is optional; that is, you
could omit it if you were trying to change other optional authentication parameters for the RSVP
neighbor. However, when searching for a key, RSVP ignores any ip rsvp authentication neighbor
access-list command that does not include a key-chain parameter that refers to a valid key chain with at
least one unexpired key.

QOS-187
Error and Warning Conditions

The RSVP CLI returns an error if any of the key IDs in the chain are duplicates of key IDs in any other
chains already assigned to RSVP; for example,
Router(config)# ip rsvp authentication neighbor access-list myneighbor key-chain abc
RSVP error: key chains abc and xyz contain duplicate key ID 1
RSVP error: Invalid argument(s)
The RSVP CLI returns an error if the specified key chain does not exist or does not contain at least one
unexpired key.
If a key chain is properly defined and RSVP later tries to send a message to that neighbor, but cannot
find a valid, unexpired per-neighbor or per-interface key, RSVP generates the
RSVP_AUTH_NO_KEYS_LEFT system message indicating that a key could not be obtained for that
neighbor.
If the key chain contains keys with finite expiration times, RSVP generates the
RSVP_AUTH_ONE_KEY_EXPIRED message to indicate when each key has expired.
If RSVP receives a message from a neighbor with the wrong digest type, it generates the
RSVP_MSG_AUTH_TYPE_MISMATCH system message indicating that there is a digest type
mismatch with that neighbor.
If RSVP receives a message that is a duplicate of a message already in the window or is outside the
window, RSVP logs the BAD_RSVP_MSG_RCVD_AUTH_DUP or the
BAD_RSVP_MSG_RCVD_AUTH_WIN error message indicating that the message sequence number is
invalid.
If a challenge of a neighbor fails or times out, RSVP generates the
BAD_RSVP_MSG_RCVD_AUTH_COOKIE system message or the
RSVP_MSG_AUTH_CHALLENGE_TIMEOUT message, indicating that the specified neighbor failed
to respond successfully to a challenge.
Examples In the following example, an access list and a key chain are created for neighbors V, Y, and Z and
authentication is enabled globally using inheritance for all other authentication parameters:
Router(config)# ip access-list standard neighbor_V
Router(config-std-nacl)# permit 10.0.0.2
Router(config-std-nacl)# exit
Router(config)# ip access-list standard neighbor_Y
Router(config)# ip access-list standard neighbor_Z
Router(config)# ip rsvp authentication neighbor access-list neighbor_V key-chain
neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y key-chain
neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z key-chain
neighbor_Z
Router(config)# ip rsvp authentication
Router(config)# end

QOS-188
In the following example, an access list and a key chain are created for neighbors V, Y, and Z and
authentication is explicitly enabled for each neighbor:
Router(config)# ip rsvp authentication neighbor access-list neighbor_V key-chain
neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y key-chain
neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z key-chain
neighbor_Z
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z
Router(config)# end

ip rsvp authentication Activates RSVP cryptographic authentication.

QOS-189
ip rsvp authentication type

To specify the type of algorithm used to generate cryptographic signatures in Resource Reservation Protocol
(RSVP) messages, use the ip rsvp authentication type command in interface configuration or global
configuration mode. To specify that no type of algorithm is used, use the no form of this command. To
remove the type from your configuration, use the default form of this command.
Note Before you use the no ip rsvp authentication type command, see the “Usage Guidelines” section for
more information.
ip rsvp authentication type {md5 | sha-1}
no ip rsvp authentication type
default ip rsvp authentication type
Syntax for 12.0S and 12.2S Releases
ip rsvp authentication type {md5 | sha-1}
default ip rsvp authentication type
Syntax Description md5 RSA Message Digest 5 algorithm.

sha-1 National Institute of Standards and Technologies (NIST) Secure Hash
Algorithm-1; it is newer and more secure than MD5.
Command Default If no algorithm is specifed, md5 is used.

Global configuration (config)

12.0(29)S This command was introduced in global configuration mode for all
neighbors. A default form of the command was added.
Usage Guidelines Use the ip rsvp authentication type command to specify the algorithm to generate cryptographic
signatures in RSVP messages. If you do not specify an algorithm, md5 is used.

QOS-190
If you use the ip rsvp authentication type command rather than the ip rsvp authentication neighbor
type command, the global default for type changes.
The no ip rsvp authentication type command is not supported in Cisco IOS Releases 12.0S and 12.2S
because every security association must have a digest type, and you cannot disable it. Use the default ip
rsvp authentication type command to remove the authentication type from a configuration and force the
type to its default.
Although the no ip rsvp authentication type command is supported in Cisco IOS T releases, the default
ip rsvp rsvp authentication type command is recommended to remove the authentication type from a
configuration and force the type to its default.
Examples T Releases Example

The following command sets the type to sha-1 for interface authentication:
Router(config-if)# ip rsvp authentication type sha-1
12.0S and 12.2S Releases Examples

The following commands set the type to sha-1 for neighbor authentication:
Router(config)# ip rsvp authentication neighbor address 10.1.1.1 type sha-1
or
Router(config)# ip rsvp authentication neighbor access-list 1 type sha-1
The following command sets the global default type to sha-1 for authentication:
Router(config)# ip rsvp authentication type sha-1
Default Command Example

The following command removes the type from your configuration and forces the type to its default:
Router(config)# default ip rsvp authentication type

ip rsvp authentication key Specifies the key (string) for the RSVP authentication algorithm.
ip rsvp authentication Sets the type for a specific neighbor.
neighbor type

QOS-191
ip rsvp authentication window-size
ip rsvp authentication window-size

To specify the maximum number of Resource Reservation Protocol (RSVP) authenticated messages that can
be received out of order, use the ip rsvp authentication window-size command in interface configuration
mode. To disable the window size (or to use the default value of 1), use the no form of this command.
ip rsvp authentication window-size [number-of-messages]
no ip rsvp authentication window-size
Syntax Description number-of-messages (Optional) Maximum number of authenticated messages that can be
received out of order. The range is 1 to 64; the default value is 1.
Command Default If no window size is specified, a value of 1 is used.

Usage Guidelines Use the ip rsvp authentication window-size command to specify the maximum number of RSVP
authenticated messages that can be received out of order. All RSVP authenticated messages include a
sequence number that is used to prevent replays of RSVP messages.
With a default window size of one message, RSVP rejects any duplicate authenticated messages because
they are assumed to be replay attacks. However, sometimes bursts of RSVP messages become reordered
between RSVP neighbors. If this occurs on a regular basis, and you can verify that the node sending the
burst of messages is trusted, you can use the ip rsvp authentication window-size command option to
allow for the burst size such that RSVP will not discard such reordered bursts. RSVP will still check for
duplicate messages within these bursts.
Examples The following command sets the window size to 2:

Router(config-if)# ip rsvp authentication window-size 2

ip rsvp authentication Activates RSVP cryptographic authentication.

QOS-192
ip rsvp bandwidth
ip rsvp bandwidth
To enable Resource Reservation Protocol (RSVP) for IP on an interface, use the ip rsvp bandwidth
command in interface configuration mode. To disable RSVP completely, use the no form of this
command. To eliminate only the subpool portion of the bandwidth, use the no form of this command
with the sub-pool keyword.
ip rsvp bandwidth [interface-kbps] [single-flow-kbps] [ [rdm kbps {[subpool kbps] | [bc1

subpool]}] | [mam max-reservable-bw kbps bc0 kbps bc1 kbps] ]
no ip rsvp bandwidth [interface-kbps] [single-flow-kbps] [ [rdm kbps {[subpool kbps] | [bc1

subpool]}] | [mam max-reservable-bw kbps bc0 kbps bc1 kbps] ]
Syntax Description interface-kbps (Optional) Maximum amount of bandwidth, in kbps, that may be allocated
by RSVP flows. The range is from 1 to 10,000,000.
single-flow-kbps (Optional) Maximum amount of bandwidth, in kbps, that may be allocated
to a single flow. The range is from 1 to 10,000,000. [This value is ignored by
the Diff-Serv-aware MPLS Traffic Engineering feature].
rdm kbps Russian Doll Model for DiffServ-aware traffic engineering. The keyword is
optional.
subpool kbps This keyword and value are used in the traditional (pre-IETF-Standard)
implementation of DS-TE to specify the amount of bandwidth, in kbps, on
the interface that is to be reserved to a portion of the total. The range is from
1 to the value of the smaller of the interface-kbps and rdm kbps arguments.
bc1 subpool This keyword and value are used in the IETF-Standard implementation of
DS-TE to specify the same bandwidth portion as subpool kbps, namely the
amount of bandwidth, in kbps, on the interface that is to be reserved to a
portion of the total. The range is from 1 to the value of the smaller of the
interface-kbps and rdm kbps arguments.
mam Maximum Allocation Model for DiffServ-aware traffic engineering.
max-reservable-bw The maximum reservable bandwidth — this sets a limit on the size of the
kbps total pool.
bc0 kbps Amount of bandwidth, in kbps, on the interface to be reserved to the total
(formerly called “global pool”). The range is from 1 to the value of the
max-reservable-bw kbps argument.
bc1 kbps Amount of bandwidth, in kbps, on the interface to be reserved to a portion of
the total. (Formerly this portion was called the “subpool”). The range is from
1 to the value of the max-reservable-bw kbps argument.
Command Default RSVP is disabled by default.

If the ip rsvp bandwidth command is entered but no bandwidth values are supplied (for example,
ip rsvp bandwidth is entered followed by pressing the Enter key), a default bandwidth value (that is,
75% of the link bandwidth) is assumed for both the interface-kbps and single-flow-kbps arguments.

QOS-193
ip rsvp bandwidth

12.0(11)ST This command was integrated into Cisco IOS Release 12.0(11)ST, and the
sub-pool keyword was added.
12.2(4)T This command was integrated into Cisco IOS Release 12.2(4)T. This
command was implemented on the Cisco 7500 series and the
ATM-permanent virtual circuit (PVC) interface.
12.2(18)SXD This command was integrated into Cisco IOS Release 12.2(18)SX.
12.2(33)SRB The IETF Standard for DiffServ-aware traffic engineering (DS-TE) was
added through the keyword alternatives rdm (Russian Dolls Model) and
mam (Maximum Allocation Model), and their subsidiary arguments.
Usage Guidelines RSVP cannot be configured with distributed Cisco Express Forwarding (dCEF).
RSVP is disabled by default to allow backward compatibility with systems that do not implement RSVP.
Weighted Random Early Detection (WRED) or fair queueing must be enabled first.
When you issue the ip rsvp bandwidth command, the RSVP bandwidth pool adjusts dynamically when
the bandwidth of the interface changes.
When using this command for DiffServ-aware traffic engineering (DS-TE) in IETF Standard mode, you
must use either rdm and its arguments or mam and its arguments; you cannot use both. For more details
about each alternative, see Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic
Engineering ed. by F. Le Faucheur (RFC 4127) and Maximum Allocation Bandwidth Constraints Model
for Diffserv-aware MPLS Traffic Engineering by F. Le Faucheur & W. Lai (RFC 4125).
Examples The following example shows a T1 (1536 kbps) link configured to permit RSVP reservation of up to
1158 kbps, but no more than 100 kbps for any given flow on serial interface 0. Fair queueing is
configured with 15 reservable queues to support those reserved flows, should they be required.
Router(config)# interface serial 0
Router(config-if)# fair-queue 64 256 15
Router(config-if)# ip rsvp bandwidth 1158 100

ip rsvp reservation Enables a router to behave like it is receiving and forwarding RSVP RESV
messages.
ip rsvp sender Enables a router to behave like it is receiving and forwarding RSVP PATH
messages.

QOS-194
ip rsvp bandwidth
Command Description
ip rsvp udp-multicasts Instructs the router to generate UDP-encapsulated RSVP multicasts
whenever it generates an IP-encapsulated multicast packet.
random-detect Enables WRED or DWRED.
(interface)
show ip rsvp installed Displays RSVP-related installed filters and corresponding bandwidth
information.
show ip rsvp neighbor Displays current RSVP neighbors.
show ip rsvp Displays RSVP-related receiver information currently in the database.
reservation
show ip rsvp sender Displays RSVP PATH-related sender information currently in the
database.

QOS-195
ip rsvp bandwidth percent

To enable Resource Reservation Protocol (RSVP) for IP on an interface and to specify a percentage of
the total interface bandwidth as available in the RSVP bandwidth pool, use the ip rsvp bandwidth
percent command in interface configuration mode. To disable RSVP on an interface, use the no form of
this command.
ip rsvp bandwidth percent percentage max-flow-bw
no ip rsvp bandwidth percent
Syntax Description percentage Percentage of bandwidth configured. The range is from 1 to 100.
max-flow-bw Maximum amount of bandwidth, in kbps, configured for a single flow. The
range is from 1 to 10000000; however, the amount you can configure
depends on how much bandwidth remains in the pool.
Command Default RSVP is disabled by default; therefore, no percentage of bandwidth is set.

Usage Guidelines RSVP cannot be configured with distributed Cisco Express Forwarding (dCEF).
RSVP is disabled by default to allow backward compatibility with systems that do not implement RSVP.
Weighted Random Early Detection (WRED) or fair queueing must be enabled first.
Use the ip rsvp bandwidth percent command to set the RSVP bandwidth pool to a specified percentage
of interface bandwidth. When you issue the ip rsvp bandwidth percent command, the RSVP bandwidth
pool adjusts dynamically whenever the bandwidth of the interface changes.
Examples The following example shows a serial link configured to permit an RSVP reservation of up to 90 percent
of interface bandwidth but no more than 1000 kbps for any given flow on serial interface 0:
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)# ip rsvp bandwidth percent 90 1000

QOS-196

ip rsvp bandwidth Enables RSVP for IP on an interface.
ip rsvp reservation Enables a router to behave as though it were receiving and forwarding
RSVP RESV messages.
ip rsvp sender Enables a router to behave as though it were receiving and forwarding
RSVP PATH messages.
(interface)
information.
show ip rsvp Displays RSVP-related receiver information currently in the database.
reservation
database.

QOS-197
ip rsvp burst policing
ip rsvp burst policing

To configure a burst factor within the Resource Reservation Protocol (RSVP) token bucket policer on a
per-interface basis, use the ip rsvp burst policing command in interface configuration mode. To return
to the default value, enter the no form of this command.
ip rsvp burst policing [factor]
no ip rsvp burst policing
Syntax Description factor (Optional) Indicates a burst factor value as a percentage of the requested
burst of the receiver.
Command Default The default value is 200; the minimum value is 100, and the maximum value is 700.

Usage Guidelines You configure the burst police factor per interface, not per flow. The burst factor controls how strictly or
loosely the traffic of the sender is policed with respect to burst.
The burst factor applies to all RSVP flows installed on a specific interface. You can configure each
interface independently for burst policing.
Examples Here is an example of the ip rsvp burst policing command with a burst factor of 200:
ip rsvp burst policing 200

QOS-198
ip rsvp data-packet classification none

To turn off (disable) Resource Reservation Protocol (RSVP) data packet classification, use the ip rsvp
data-packet classification none command in interface configuration mode. To turn on (enable)
data-packet classification, use the no form of this command.
no ip rsvp data-packet classification none
Command Default RSVP data packet classification is disabled.

12.2(18)SXF2 This command was integrated into Cisco IOS Release 12.2(18)SXF2.
12.2(33)SRB This command was integrated into Cisco IOS Release 12.2(33)SRB.
Usage Guidelines Use the ip rsvp data-packet classification none command when you do not want RSVP to process
every packet. Configuring RSVP so that not every packet is processed eliminates overhead and improves
network performance and scalability.
Examples This section contains two examples of the ip rsvp data-packet classification none command. In the first
example, data packet classification is turned off (disabled), as follows:
Router(config)# interface atm6/0
Router(config-if)# ip rsvp data-packet classification none
In the second example, data packet classification is turned on (enabled), as follows:

Router(config-if)# no ip rsvp data-packet classification none

QOS-199


QOS-200
ip rsvp dsbm candidate

To configure an interface as a Designated Subnetwork Bandwidth Manager (DSBM) candidate, use the
ip rsvp dsbm candidate command in interface configuration mode. To disable DSBM on an interface,
which exempts the interface as a DSBM candidate, use the no form of this command.
ip rsvp dsbm candidate [priority]
no ip rsvp dsbm candidate
Syntax Description priority (Optional) A value in the range from 64 to 128. Among contenders for the
DSBM, the interface with the highest priority number wins the DSBM
election process.
Command Default An interface is not configured as a DSBM contender by default. If you use this command to enable the
interface as a DSBM candidate and you do not specify a priority, the default priority of 64 is assumed.

Usage Guidelines SBM protocol entities, any one of which can manage resources on a segment, can reside in Layer 2 or
Layer 3 devices. Many SBM-capable devices may be attached to a shared Layer 2 segment. When more
than one SBM exists on a given segment, one of the SBMs is elected to be the DSBM. The elected DSBM
is responsible for exercising admission control over requests for resource reservations on a segment,
which, in the process, becomes a managed segment. A managed segment includes those interconnected
parts of a shared LAN that are not separated by DSBMs. In all circumstances, only one, if any, DSBM
exists for each Layer 2 segment.
You can configure an interface to have a DSBM priority in the range from 64 to 128. You can exempt an
interface from participation in the DSBM election on a segment but still allow the system to interact with
the DSBM if a DSBM is present on the segment. In other words, you can allow a Resource Reservation
Protocol (RSVP)-enabled interface on a router connected to a managed segment to be managed by the
DSBM even if you do not configure that interface to participate as a candidate in the DSBM election
process. To exempt an interface from DSBM candidacy, do not issue the ip rsvp dsbm candidate
command on that interface.
RSVP cannot be configured with Versatile Interface Processor (VIP)-distributed Cisco Express
Forwarding (dCEF).

QOS-201
Examples The following example configures Ethernet interface 2 as a DSBM candidate with a priority of 100:
interface Ethernet2
ip rsvp dsbm candidate 100

debug ip rsvp Displays information about SBM message processing, the DSBM election
process, and standard RSVP enabled message processing information.
debug ip rsvp detail Displays detailed information about RSVP and SBM.
debug ip rsvp detail Displays detailed information about SBM messages only, and SBM and
sbm DSBM state transitions.
ip rsvp dsbm Configures the NonResvSendLimit object parameters.
non-resv-send-limit
show ip rsvp sbm Displays information about an SBM configured for a specific RSVP-enabled
interface or for all RSVP-enabled interfaces on the router.

QOS-202
ip rsvp dsbm non-resv-send-limit

To configure the NonResvSendLimit object parameters, use the ip rsvp dsbm non-resv-send-limit
command in interface configuration mode. To use the default NonResvSendLimit object parameters, use
ip rsvp dsbm non-resv-send-limit {rate kbps | burst kilobytes | peak kbps | min-unit bytes |
max-unit bytes}
no ip rsvp dsbm non-resv-send-limit {rate kbps | burst kilobytes | peak kbps | min-unit bytes |
max-unit bytes}
Syntax Description rate kbps The average rate, in kbps, for the Designated Subnetwork Bandwidth
Manager (DSBM) candidate. The average rate is a number from 1 to
2147483.
burst kilobytes The maximum burst size, in kb, for the DSBM candidate. The maximum
burst size is a number from 1 to 2147483.
peak kbps The peak rate, in kBps, for the DSBM candidate. The peak rate is a number
from 1 to 2147483.
min-unit bytes The minimum policed unit, in bytes, for the DSBM candidate. The minimum
policed unit is a number from 1 to 2147483647.
max-unit bytes The maximum packet size, in bytes, for the DSBM candidate. The maximum
packet size is a number from 1 to 2147483647.
Command Default The default for the rate, burst, peak, min-unit, and max-unit keywords is unlimited; all traffic can be
sent without a valid Resource Reservation Protocol (RSVP) reservation.


QOS-203
Usage Guidelines To configure the per-flow limit on the amount of traffic that can be sent without a valid RSVP
reservation, configure the rate, burst, peak, min-unit, and max-unit values for finite values greater
than 0.
To allow all traffic to be sent without a valid RSVP reservation, configure the rate, burst, peak,
min-unit, and max-unit values for unlimited traffic. To configure the parameters for unlimited traffic,
you can either omit the command, or enter the no form of the command (for example, no ip rsvp dsbm
non-resv-send-limit rate). Unlimited is the default value.
The absence of the NonResvSendLimit object allows any amount of traffic to be sent without a valid
RSVP reservation.
RSVP cannot be configured with VIP-distributed Cisco Express Forwarding (dCEF).
Examples The following example configures Ethernet interface 2 as a DSBM candidate with a priority of 100, an
average rate of 500 kBps, a maximum burst size of 1000 KB, a peak rate of 500 kBps, and unlimited
minimum and maximum packet sizes:
interface Ethernet2
ip rsvp dsbm candidate 100
ip rsvp dsbm non-resv-send-limit rate 500
ip rsvp dsbm non-resv-send-limit burst 1000
ip rsvp dsbm non-resv-send-limit peak 500

ip rsvp dsbm candidate Configures an interface as a DSBM candidate.
show ip rsvp sbm Displays information about an SBM configured for a specific
RSVP-enabled interface or for all RSVP-enabled interfaces on the
router.

QOS-204
ip rsvp flow-assist
ip rsvp flow-assist
To enable Resource Reservation Protocol (RSVP) to integrate with the Cisco Express Forwarding (CEF)
path for flow classification, policing, and marking, use the ip rsvp flow-assist command in interface
configuration mode. To disable integration of RSVP with CEF for this purpose, use the ip rsvp
data-packet classification none command.
ip rsvp flow-assist
Command Default This command is on by default; RSVP integrates with CEF for classification, policing, and marking of
data packets.

12.4 The behavior of this command was modified. See the “Usage Guidelines”
section for additional information.
Usage Guidelines To police and mark data packets of a reserved flow, RSVP must interact with the underlying packet
forwarding mechanism, which is CEF.
In Cisco IOS Release 12.4, the no form of the ip rsvp flow-assist command is no longer supported since
you can use the existing ip rsvp data-packet classification none command to disable RSVP from
integrating with any mechanism for handling data packets.
Examples The following example enables RSVP on ATM interface 2/0/0:

interface atm2/0/0
ip rsvp flow-assist

QOS-205
ip rsvp flow-assist

ip rsvp data-packet Avoids integrating RSVP with the data plane.
classification none
ip rsvp precedence Allows you to set the IP Precedence values to be applied to packets that
either conform to or exceed the RSVP flowspec.
ip rsvp svc-required Enables creation of an SVC to service any new RSVP reservation made on
the interface or subinterface.
ip rsvp tos Allows you to set the ToS values to be applied to packets that either conform
to or exceed the RSVP flowspec.

QOS-206
ip rsvp layer2 overhead

To control the overhead accounting performed by Resource Reservation Protocol (RSVP)/weighted fair
queueing (WFQ) when a flow is admitted onto an ATM permanent virtual circuit (PVC), use the ip rsvp
layer2 overhead command in interface configuration mode. To disable the overhead accounting, use the
ip rsvp layer2 overhead [h c n]
no ip rsvp layer2 overhead [h c n]
Syntax Description h (Optional) Layer 2 encapsulation header plus trailer size applied to each
Layer 3 packet in bytes. Valid sizes are numbers from 0 to 65535.
c (Optional) Layer 2 cell header size applied to each Layer 2 cell in bytes.
Valid sizes are numbers from 0 to 65535.
n (Optional) Layer 2 payload size in bytes. Valid sizes are numbers from 0
to 65534.
Defaults This command is enabled by default on ATM interfaces that are running RSVP and WFQ. You can also
use this command on non-ATM interfaces.
The default version of the command, which you specify by entering the default prefix, default ip rsvp
layer2 overhead, or by omitting the parameters (h, c, and n) and entering the ip rsvp layer2 overhead
command causes RSVP to determine the overhead values automatically, based on the interface/PVC
encapsulation. (Currently, RSVP recognizes ATM Adaptation Layer 5 (AAL5) subnetwork access
protocol (SNAP) and MUX (multiplexer) encapsulations.)
On non-ATM/PVC interfaces, the configured h, c, and n parameters determine the values that RSVP uses
for its overhead.

Usage Guidelines When an IP flow traverses a link, the overhead of Layer 2 encapsulation can increase the amount of
bandwidth that the flow requires to exceed the advertised (Layer 3) rate.
In many cases, the additional bandwidth a flow requires because of Layer 2 overhead is negligible and
can be transmitted as part of the 25 percent of the link, which is unreservable and kept for routing updates
and Layer 2 overhead. This situation typically occurs when the IP flow uses large packet sizes or when
the Layer 2 encapsulation allows for frames of variable size (such as in Ethernet and Frame Relay
encapsulations).

QOS-207
However, when a flow’s packet sizes are small and the underlying Layer 2 encapsulation uses fixed-size
frames, the Layer 2 encapsulation overhead can be significant, as is the case when Voice Over IP (VoIP)
flows traverse ATM links.
To avoid oversubscribing ATM PVCs, which use AAL5 SNAP or AAL5 MUX encapsulations, RSVP
automatically accounts for the Layer 2 overhead when admitting a flow. For each flow, RSVP determines
the total amount of bandwidth required, including Layer 2 overhead, and uses this value for admission
control with the WFQ bandwidth manager.
Note The ip rsvp layer2 overhead command does not affect bandwidth requirements of RSVP flows on ATM
switched virtual circuits (SVCs).
Examples In the following example, the total amount of bandwidth reserved with WFQ appears:
Router# show ip rsvp installed detail
RSVP:ATM6/0 has the following installed reservations

RSVP Reservation. Destination is 10.1.1.1, Source is 10.1.1.1,
Protocol is UDP, Destination port is 1000, Source port is 1000
Reserved bandwidth:50K bits/sec, Maximum burst:1K bytes, Peak rate:50K bits/sec
Min Policed Unit:60 bytes, Max Pkt Size:60 bytes
Resource provider for this flow:
WFQ on ATM PVC 100/101 on AT6/0: PRIORITY queue 40. Weight:0, BW 89 kbps
Conversation supports 1 reservations
Data given reserved service:0 packets (0M bytes)
Data given best-effort service:0 packets (0 bytes)
Reserved traffic classified for 9 seconds
Long-term average bitrate (bits/sec):0M reserved, 0M best-effort
In the preceding example, the flow’s advertised Layer 3 rate is 50 kbps. This value is used for admission
control with the ip rsvp bandwidth value. The actual bandwidth required, inclusive of Layer 2 overhead,
is 89 kbps. WFQ uses this value for admission control.
Typically, you should not need to configure or disable the Layer 2 overhead accounting. RSVP uses the
advertised Layer 3 flow rate, minimum packet size, and maximum unit size in conjunction with the
Layer 2 encapsulation characteristics of the ATM PVC to compute the required bandwidth for admission
control. However, you can disable or customize the Layer 2 overhead accounting (for any link type) with
the ip rsvp layer2 overhead command. The parameters of this command are based on the following
steps that show how a Layer 3 packet is fragmented and encapsulated for Layer 2 transmission.
Step 1 Start with a Layer 3 packet, as shown in Figure 1, which includes an IP header and a payload.
Figure 1 Layer 3 Packet

52716
Layer 3 packet

QOS-208
Step 2 Add an encapsulation header or trailer, as shown in Figure 2, of size h.
Figure 2 Layer 3 Packet with Layer 2 Header
Layer 2
52717
Layer 3 packet
header
h bytes
Step 3 Segment the resulting packet into fixed-sized cells, as shown in Figure 3, with a cell header of c bytes
and a cell payload of n bytes.
Figure 3 Segmented Packet

Unused
cell
payload
c bytes
Cell Cell Cell
52718
header header header
n bytes n bytes n bytes
Step 4 Transmit the resulting Layer 2 cells.
More Configuration Examples

In the following example, Layer 2 overhead accounting is disabled for all reservations on the interface
and its PVCs:
Router(config-if)# no ip rsvp layer2 overhead
In the following example, Layer 2 overhead accounting is configured with ATM AAL5 SNAP
encapsulation:
Router(config-if)# no ip rsvp layer2 overhead 8 5 48
In the following example, Layer 2 overhead accounting is configured with ATM AAL5 MUX
encapsulation:
Router(config-if)# ip rsvp layer2 overhead 0 5 48
In the following example, Layer 2 overhead accounting is configured with Ethernet V2.0 encapsulation
(including 8-byte preamble, 6-byte source-active (SA) messages, 6-byte destination-active (DA)
messages, 2-byte type, and 4-byte frame check sequence (FCS) trailer):
Router(config-if)# ip rsvp layer2 overhead 26 0 1500

information.

QOS-209
ip rsvp listener
ip rsvp listener
To configure a Resource Reservation Protocol (RSVP) router to listen for PATH messages, use the ip
rsvp listener command in global configuration mode. To disable listening, use the no form of this
command.
ip rsvp listener dst {udp | tcp | any | number} {any | dst-port} {announce | reply | reject}
no ip rsvp listener dst {udp | tcp | any | number} {any | dst-port} {announce | reply | reject}
Syntax Description dst IP address of the receiving interface.

udp UDP for the receiving interface.
tcp TCP for the receiving interface.
any Protocol for the receiving interface.
number Source port number from 0 to 255; the protocol is IP.
any Destination port for the receiving interface.
dst-port Port number from 0 to 65535 for the receiving interface.
announce Receiver announces the arrival of the flow at its destination, but does
not send a RESV message in response.
reply Sender requests a reply when the flow is received and sends a RESV
message when a matching PATH message arrives.
reject Router sends a PATHERROR (reject) message in response to an
incoming PATH message that matches specified listener parameters.
Command Default This command is disabled by default; therefore, no listeners are configured.

12.4(6)T Support for RSVP application identity (ID) was added.
Usage Guidelines Use the ip rsvp listener command to allow a router to send a matching RESV message when a PATH
message arrives with the desired destination address, port, and protocol. This command copies the
application ID and preemption priority value, if present, from the PATH message and includes them in
the RESV message.
This command is similar to the ip rsvp reservation and ip rsvp reservation-host commands. However,
they do not allow you to specify more than one port or protocol per command; so you may have to enter
many commands to proxy for a set of ports and protocols. In contrast, the ip rsvp listener command
allows you to use a wildcard for a set of ports and protocols by using just that one command.

QOS-210
ip rsvp listener
You can use the debug ip rsvp api command to look for a matching PATH message, but no RESV
message will be sent.
Examples In the following example, the sender is requesting that the receiver reply with a RESV message for the
flow if the PATH message destination is 192.168.2.1:
Router(config)# ip rsvp listener 192.168.2.1 any any reply

ip rsvp reservation Enables a router to simulate receiving and forwarding RSVP RESV
messages.
ip rsvp Enables a router to simulate a host generating RSVP RESV messages.
reservation-host
show ip rsvp listeners Displays configured RSVP listeners.

QOS-211
ip rsvp listener outbound

To configure a Resource Reservation Protocol (RSVP) router to listen for PATH messages sent through
a specified interface, use the ip rsvp listener outbound command in interface configuration mode. To
disable listening, use the no form of this command.
ip rsvp listener outbound {reply | reject}
no ip rsvp listener outbound {reply | reject}
Syntax Description reply For a PATH message that usually exits from a specified interface, the
router does the following:
• Installs local PATH state for the message.
• Terminates the PATH message and does not forward it
downstream.
• Generates and sends a RESV (reply) message upstream on behalf
of the PATH message with the following.
– The objects in the RESV message are the same as those in the
PATH message.
– The policy objects, such as preemption and application IDs,
are echoed back.
– Shared explicit style is used.
reject For a PATH message that usually exits from a specified interface, the
router does the following:
• Terminates the PATH message and does not forward it
downstream.
• Generates and sends a PATHERROR (reject) message upstream.
• Does not install local PATH state and discards the PATH message.
Command Default This command is disabled by default; therefore, no listeners are configured.

12.2(18)SFX5 This command was introduced.

QOS-212
Usage Guidelines Use the ip rsvp listener outbound command to match all PATH messages that are being sent from a
specified interface.
When you configure an interface-based receiver proxy to reply, RSVP performs Call Admission Control
(CAC) on the outbound (or egress) interface for the flow. If CAC fails, the reservation is not generated.
This is the same behavior as for the global RSVP receiver proxy command.
The outbound interface that a flow uses is determined when the flow is set up, and the interface-based
receiver proxy is consulted at that time. The interface-based receiver proxy is not consulted if there is a
change in routing for an existing flow.
If the interface-based receiver proxy receives a RESVERR message with an admission control failure
error or a policy reject error, the interface-based receiver proxy generates a PATHERR message with the
same error to provide explicit notification to the sender of the reservation failure.
Examples In the following example, PATH messages sent through Ethernet interface 3/0 are rejected and
PATHERROR messages are generated:
Router(config)# interface Ethernet3/0
Router(config-if)# ip rsvp listener outbound reject

ip rsvp listener Configures an RSVP router to listen for PATH messages.
messages.
ip rsvp Enables a router to simulate a host generating RSVP RESV messages.
reservation-host
show ip rsvp listeners Displays configured RSVP listeners.

QOS-213
ip rsvp msg-pacing
ip rsvp msg-pacing
Note Effective with Cisco IOS Release 12.2(13)T, the ip rsvp msg-pacing command is replaced by the ip
rsvp signalling rate-limit command. See the ip rsvp signalling rate-limit command for more
information.
To configure the transmission rate for Resource Reservation Protocol (RSVP) messages, use the ip rsvp
msg-pacing command in global configuration mode. To disable this feature, use the no form of this
command.
ip rsvp msg-pacing [period ms [burst msgs [maxsize qsize]]]
no rsvp msg-pacing
Syntax Description period ms (Optional) Length of the interval, in milliseconds, during which a router can
send the number of RSVP messages specified in the burst keyword. The
value can be from 1 to 1000 milliseconds.
burst msgs (Optional) Maximum number of RSVP messages that a router can send to
an output interface during each interval specified in the period keyword.
The value can be from 1 to 2000.
maxsize qsize (Optional) Size of per-interface output queues in the sending router. Valid
values are from 1 to 2000.
Command Default RSVP messages are not paced.

If you enter the command without the optional burst keyword, the transmission rate for RSVP messages
is limited to 200 messages per second per outgoing interface.
The default output queue size, specified in the maxsize keyword, is 500.

12.2(13)T This command was replaced with the ip rsvp signalling rate-limit
command.

QOS-214
ip rsvp msg-pacing
Usage Guidelines You can use this command to prevent a burst of RSVP traffic engineering signaling messages from
overflowing the input queue of a receiving router. Overflowing the input queue with signaling messages
results in the router dropping some messages. Dropped messages substantially delay the completion of
signaling for LSPs for which messages have been dropped.
If you enter the ip rsvp msg-pacing command without the optional burst keyword, the transmission rate
for RSVP messages is limited to 200 messages per second per outgoing interface. The default output
queue size, specified in the maxsize keyword, is 500.
Examples In the following example, a router can send a maximum of 150 RSVP traffic engineering signaling
messages in 1 second to a neighbor, and the size of the output queue is 750:
Router(config)# ip rsvp msg-pacing period 1 burst 150 maxsize 750

clear ip rsvp msg-pacing Clears the RSVP message pacing output from the show ip
rsvp neighbor command.

QOS-215
ip rsvp neighbor
ip rsvp neighbor
To enable neighbors to request a reservation, use the ip rsvp neighbor command in interface
configuration mode. To disable this function, use the no form of this command.
ip rsvp neighbor access-list-number
no ip rsvp neighbor access-list-number
Syntax Description access-list-number Number of a standard or extended IP access list. It can be any number in the
range from 1 to 199.
Command Default The router accepts messages from any neighbor.

Usage Guidelines Use this command to allow only specific Resource Reservation Protocol (RSVP) neighbors to make a
reservation. If no limits are specified, any neighbor can request a reservation. If an access list is
specified, only neighbors meeting the specified access list requirements can make a reservation.
RSVP cannot be configured with Versatile Interface Processor (VIP)-distributed Cisco Express
Forwarding (dCEF).
Examples The following example allows neighbors meeting access list 1 requirements to request a reservation:
interface ethernet 0
ip rsvp neighbor 1

messages.

QOS-216
ip rsvp neighbor
Command Description
ip rsvp sender Enables a router to simulate receiving and forwarding RSVP PATH
messages.
information.
show ip rsvp reservation Displays RSVP-related receiver information currently in the database.
database.

QOS-217
ip rsvp policy cops minimal

To lower the load of the Common Open Policy Service (COPS) server and to improve latency times for
messages on the governed router, use the ip rsvp policy cops minimal command in global configuration
mode to restrict the COPS RSVP policy to adjudicate only PATH and RESV messages. To turn off the
restriction, use the no form of this command.
no ip rsvp policy cops minimal
Command Default The default state is OFF, causing all adjudicable RSVP messages to be processed by the configured
COPS policy.

Usage Guidelines When this command is used, COPS does not attempt to adjudicate PATHERROR and RESVERROR
messages. Instead, those messages are all accepted and forwarded.
Examples In the following example, COPS authentication is restricted to PATH and RESV messages:
In the following example, that restriction is removed:

no ip rsvp policy cops minimal

QOS-218
ip rsvp policy cops report-all

To enable a router to report on its success and failure with outsourcing decisions, use the ip rsvp policy
cops report-all command in global configuration mode. To return the router to its default, use the no
no ip rsvp policy cops report-all
Command Default The default state of this command is to send reports to the Policy Decision Point (PDP) about
configuration decisions only.

Usage Guidelines In the default state, the router reports to the PDP when the router has succeeded or failed to implement
Resource Reservation Protocol (RSVP) configuration decisions.
A configuration decision contains at least one of the following:
• A RESV ALLOC context (with or without additional contexts)
• A stateless or named decision object
A decision that does not contain at least one of those elements is an outsourcing decision.
Some brands of policy server might expect reports about RSVP messaging, which the default state of the
Cisco Common Open Policy Service (COPS) for RSVP does not issue. In such cases, use the ip rsvp
policy cops report-all command to ensure interoperability between the router and the policy server.
Doing so does not adversely affect policy processing on the router.
Unicast FF reservation requests always stimulate a report from the router to the PDP, because those
requests contain a RESV ALLOC context (combined with an IN CONTEXT and an OUT CONTEXT).
Examples In order to show the Policy Enforcement Point (PEP)-to-PDP reporting process, the debug cops
command in the following example already is enabled when a new PATH message arrives at the router:
Router(config)# ip rsvp policy cops report-all

QOS-219
00:02:48:COPS:** SENDING MESSAGE **

Contents of router’s request to PDP:
COPS HEADER:Version 1, Flags 0, Opcode 1 (REQ), Client-type:1, Length:216
HANDLE (1/1) object. Length:8. 00 00 02 01
CONTEXT (2/1) object. Length:8. R-type:5. M-type:1
IN_IF (3/1) object. Length:12. Address:10.1.2.1. If_index:4
OUT_IF (4/1) object. Length:12. Address:10.33.0.1. If_index:3
CLIENT SI (9/1) object. Length:168. CSI data:
[A 27-line Path message omitted here]
00:02:48:COPS:Sent 216 bytes on socket,
00:02:48:COPS:Message event!
00:02:48:COPS:State of TCP is 4
00:02:48:In read function
00:02:48:COPS:Read block of 96 bytes, num=104 (len=104)
00:02:48:COPS:** RECEIVED MESSAGE **
Contents of PDP’s decision received by router:
COPS HEADER:Version 1, Flags 1, Opcode 2 (DEC), Client-type:1, Length:104
DECISION (6/1) object. Length:8. COMMAND cmd:1, flags:0
DECISION (6/3) object. Length:56. REPLACEMENT
[A 52-byte replacement object omitted here]
DECISION (6/1) object. Length:8. COMMAND cmd:1, flags:0
00:02:48:Notifying client (callback code 2)
00:02:48:COPS:** SENDING MESSAGE **
Contents of router’s report to PDP:
COPS HEADER:Version 1, Flags 1, Opcode 3 (RPT), Client-type:1, Length:24
REPORT (12/1) object. Length:8. REPORT type COMMIT (1)
00:02:48:COPS:Sent 24 bytes on socket,

QOS-220
ip rsvp policy cops servers

To specify that Resource Reservation Protocol (RSVP) should use Common Open Policy Service
(COPS) policy for remote adjudication, use the ip rsvp policy cops servers command in global
configuration mode. To turn off the use of COPS for RSVP, use the no form of this command.
ip rsvp policy cops [acl] servers server-ip [server-ip]
no ip rsvp policy cops [acl] servers
Syntax Description acl (Optional) Specifies the access control list (ACL) whose sessions will be
governed by the COPS policy.
server-ip (Optional) Specifies the IP addresses of the servers governing the COPS
policy. As many as eight servers can be specified, with the first being
treated as the primary server.
Command Default If no ACL is specified, the default behavior is for all reservations to be governed by the specified policy
servers.

Usage Guidelines If more than one server is specified, the first server is treated by RSVP as the primary serer, and functions
as such for all ACLs specified.
All servers in the list must have the same policy configuration.
If the connection of the router to the server breaks, the router tries to reconnect to that same server. If
the reconnection attempt fails, the router then obeys the following algorithm:
If the connection to the Policy Decision Point (PDP) is closed (either because the PDP closed the
connection, a TCP/IP error occurred, or the keepalives failed), the Policy Enforcement Point (PEP)
issues a CLIENT-CLOSE message and then attempts to reconnect to the same PDP. If the PEP receives
a CLIENT-CLOSE message containing a PDP redirect address, the PEP attempts to connect to the
redirected PDP.

QOS-221
Note the following points:

• If either attempt fails, the PEP attempts to connect to the PDPs previously specified in the ip rsvp
policy cops servers configuration command, obeying the sequence of servers given in that
command, always starting with the first server in that list.
• If the PEP reaches the end of the list of servers without connecting, it waits a certain time (called
the reconnect delay) before trying again to connect to the first server in the list. This reconnect delay
is initially 30 seconds, and doubles each time the PEP reaches the end of the list without having
connected, until the reconnect delay becomes its maximum of 30 minutes. As soon as a connection
is made, the delay is reset to 30 seconds.
The no form of this command need not contain any server IP addresses, but it must contain all the
previously specified access lists (see the last example in the following section).
Examples This first example applies the COPS policy residing on server 172.27.224.117 to all reservations passing
through router-9. It also identifies the backup COPS server for this router as the one at address
172.27.229.130:
Router(config)# ip rsvp policy cops servers 172.27.224.117 172.27.229.130
The next example applies the COPS policy residing on server 172.27.224.117 to reservations passing
through router-9 only if they match access lists 40 and 160. Other reservations passing through that
router will not be governed by this server. The command statement also identifies the backup COPS
server for that router to be the one at address 172.27.229.130:
Router(config)# ip rsvp policy cops 40 160 servers 172.27.224.117 172.27.229.130
The following example turns off COPS for the previously specified access lists 40 and 160 (you cannot
turn off just one of the previously specified lists):
Router(config)# no ip rsvp policy cops 40 160 servers

QOS-222
ip rsvp policy cops timeout
ip rsvp policy cops timeout

To configure the amount of time the Policy Enforcement Point (PEP) router will retain policy
information after losing connection with the Common Open Policy Service (COPS) server, use the ip
rsvp policy cops timeout command in global configuration mode. To restore the router to the default
value (5 minutes), use the no form of this command.
ip rsvp policy cops timeout policy-timeout
no ip rsvp policy cops timeout
Syntax Description policy-timeout Duration of timeout, from 1 to 10,000 seconds.
Command Default Timeout default is 300 seconds (5 minutes).

Examples The following example configures the router to time out all policy information relating to a lost server
in 10 minutes:
ip rsvp policy cops timeout 600
The following example resets the timeout to the default value:

no ip rsvp policy cops timeout

QOS-223
ip rsvp policy default-reject

To reject all messages that do not match the policy access control lists (ACLs), use the ip rsvp policy
default-reject command in global configuration mode. To restore the default behavior, which passes
along all messages that do not match the ACLs, use the no form of this command.
no ip rsvp policy default-reject
Command Default Without this command, the default behavior of Resource Reservation Protocol (RSVP) is to accept,
install, or forward all unmatched RSVP messages. Once this command is invoked, all unmatched RSVP
messages are rejected.

Usage Guidelines If COPS is configured without an ACL, or if any policy ACL is configured to use the permit ip any any
command, the behavior of that ACL will take precedence, and no session will go unmatched.
Note This command makes one exception to its blocking of unmatched messages. It forwards RESVERROR
and PATHERROR messages that were generated by its own rejection of RESV and PATH messages. That
is done to ensure that the default-reject operation does not remain totally hidden from network managers.
Caution Be extremely careful with this command. It will shut down all RSVP processing on the router if access
lists are too narrow or if no Common Open Policy Service (COPS) server has been specified. (Use the
ip rsvp policy cops servers command to specify a COPS server.)
Examples The following example configures RSVP to reject all unmatched reservations:

QOS-224
The following example configures RSVP to accept all unmatched reservations:

no ip rsvp policy default-reject

QOS-225
ip rsvp policy identity

To define Resource Reservation Protocol (RSVP) application identities (IDs), use the ip rsvp policy
identity command in global configuration mode. To delete RSVP application IDs, use the no form of
this command.
ip rsvp policy identity alias policy-locator locator
no ip rsvp policy identity alias [policy-locator locator]
Syntax Description alias A string used within the router to reference the identity in RSVP
configuration commands and show displays. The string can have as many as
64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator string
itself, you must type the CTRL/V key sequence before entering the
embedded “ ”or ? characters. The alias is never transmitted to other
routers.
policy-locator locator A string that is signaled in RSVP messages and contains application IDs in
X.500 Distinguished Name (DN) format. (See the “Usage Guidelines”
section for detailed information.)
Command Default This command is disabled by default; therefore, no RSVP application identities are defined.

Usage Guidelines You can use RSVP identities as criteria for matching RSVP PATH and RESV messages to local policies.
Identities can also be used to configure static senders and receivers. When you use an RSVP identity as
the match criterion for a local policy, RSVP treats the policy locator string as a type of pattern-matching
string known as a regular expression. Regular expressions allow you to configure a single identity for
use with a local policy that can match multiple X.500 DNs. Regular expressions, by default, are not exact
matches unless you add appropriate control characters to the expression to force it to be an exact match.
In Cisco IOS software, the locator is the primary piece of information that the router uses to find the
correct policy to apply to RSVP messages that contain application IDs. This string assumes the format
of an X.500 DN and includes the following attributes as recommended in RFC 2872:
• APP = Application identifier, a required attribute.
• VER = Version number of the application, a required attribute.

QOS-226
• SAPP = Subapplication identifier, an optional attribute. An arbitrary number of subapplication

elements can be included.
• GUID = Global unique identifier, an optional attribute.
Here are some examples:
• APP = CCM, VER = 1.1, SAPP = Voice
• GUID = http://www.cisco.com/apps, APP = VideoConference, VER = 1.2.3
You can create a maximum of 100 identities on a router. If you attempt to create more, the command fails
and the following error message is generated: “RSVP error: maximum number of identities already
created”.
When you use the ip rsvp policy identity command, be aware of the following behavior:
• If you specify alias or locator strings that are empty or invalid, the command is rejected and an error
message is generated.
• Cisco IOS software automatically adds quotes to the alias or locator strings in the configuration if
quotes are required.
• If you specify the optional policy-locator keyword in the no version of this command, the command
is rejected if locator does not match the configured locator string for the alias being deleted.
• If you specify an alias that is missing, empty, or contains invalid characters, the command is rejected
and an error message is generated.
• RSVP does not check the locator string to see if it is a valid X.500 DN; therefore, the locator string
can be anything that you want. (Future versions of Cisco IOS software may force RSVP messages
to contain valid X.500 DNs.)
Command Restrictions
• User identities are not supported in Cisco IOS Release 12.4(6)T.
• You cannot configure a single router with more than 100 identities at a time.
Examples Exact Application ID Match

The following example shows an application ID for RSVP messages containing a locator string whose
contents are the exact string “APP=Voice”:
Router(config)# ip rsvp policy identity “rsvp-voice” policy-locator “^APP=Voice$”
Router(config-rsvp-id)# end
Wildcard (or Partial) Application ID Match

The following example shows an application ID that is a partial match for RSVP messages containing a
locator string with the substring “APP=Voice” anywhere in the signaled application ID:
Router(config)# ip rsvp policy identity “rsvp-voice” policy-locator ".*APP=Voice.*"
Router(config-rsvp-id)# end

QOS-227

ip rsvp policy local Creates a local procedure that determines the use of RSVP resources in a
network.
show ip rsvp policy Displays selected RSVP identities in a router configuration.
identity
show ip rsvp policy Displays selected local policies that have been configured.
local

QOS-228
ip rsvp policy local

To determine how to perform authorization on Resource Reservation Protocol (RSVP) requests and enter
local policy configuration mode, use the ip rsvp policy local command in global configuration or
interface configuration mode. To disable this function, use the no form of this command.
ip rsvp policy local {acl acl1 [acl2...acl8] | dscp-ip value1 [value2...value8] | default | identity
alias1 [alias2...alias4] | origin-as as1 [as2...as8]}
no ip rsvp policy local {acl acl1 [acl2...acl8] | dscp-ip value1 [value2...value4] | default | identity
alias1 [alias2...alias4] | origin-as as1 [as2...as8]}
Syntax Description acl acl1 [acl2...acl8] Specifies an access control list (ACL). Values for each ACL are 1 to 199.
Note You must associate at least one ACL with an ACL-based policy.
However, you can associate as many as eight.
dscp-ip value1 Specifies the differentiated services code point (DSCP) for matching
[value2...value8] aggregate reservations. Values can be the following:
Note You must associate at least one DSCP with a DSCP-based policy.
However, you can associate as many as eight.
default Specifies a default when an RSVP message does not match any ACL, DSCP,
identity, or autonomous system.
identity alias1 Specifies an application ID alias for an application ID previously
[alias2...alias4] configured using the ip rsvp policy identity command.
Note You must associate at least one alias with an application-ID-based
policy. However, you can associate as many as four.
origin-as as1 Specifies an autonomous system. Values for each autonomous system are
[as2...as8] 1 to 65535.
Note You must associate at least one autonomous system with an
autonomous-system-based policy. However, you can associate as
many as eight.
Command Default This command is disabled by default; therefore, no local policies are configured.

Interface configuration (config-if)

QOS-229

12.0(29)S The origin-as as keyword and argument combination and new submode
commands were added.
12.0(30)S This command was modified so that you can no longer use 0 as the protocol
when you configure an ACL.
12.4(6)T The command was modified as follows:
• Interface configuration mode was added to support per-interface local
policies.
• The identity alias keyword and argument combination was added.
• The maximum submode command was changed to support RESV
messages.
12.2(33)SRC The dscp-ip value keyword and argument combination was added.
Usage Guidelines Use the ip rsvp policy local command to determine how to perform authorization on RSVP requests.
Note Before entering the origin-as as keyword and argument combination, you must have Border Gateway
Protocol (BGP) running; otherwise, an RSVP warning message appears stating that the
autonomous-system-based policy will be ineffective.
You can use all types of match criteria with non-Traffic-Engineering (TE) reservations. You can use all
types of match criteria except application ID with TE reservations because TE PATH and RESV
messages sent by Cisco routers do not contain application IDs.
There are five types of local policies—one default local policy, one or more ACL-based policies, one or
more autonomous-system-based policies, one or more application-ID-based policies, and one or more
DSCP-based policies. The default policy is used when an RSVP message does not match any ACL-,
autonomous-system-, application-ID-, or DSCP-based policies.
You can configure a mixture of local policy types including ACL, autonomous system, application ID,
DSCP, or default on the same interface or globally. Policies have the following priority (from highest to
lowest):
• Nondefault interface policies
• Default interface policy
• Nondefault global policies
• Global default policy
Note If you configure an ACL to use with a TE tunnel, do not use 0 as the protocol because RSVP cannot
accept any messages since they do not match the ACL.

QOS-230
Policy-Match Criteria
Note You cannot specify a policy-match criteria more than once using the ip rsvp policy local command.
An ACL-based policy must have at least one ACL associated with it, but it can optionally have up to
eight ACLs. The ACLs can be standard or extended IP ACLs. They are matched against
source/destination addresses/ports based on RSVP objects inside RSVP signaling messages as described
below.
• ACL source address—Matched against the source address in the SENDER_TEMPLATE object in
RSVP messages. If this object is not present, the source address in the IP header is used.
• ACL destination address—Matched against the destination address in the SESSION object in RSVP
messages. If this object is not present, the destination address in the IP header is used.
• ACL source port—Matched against the source port in the SENDER_TEMPLATE object in RSVP
messages. If this object is not present, the source port of 0 is used.
• ACL destination port—Matched against the destination port in the SESSION object in RSVP
messages. If this object is not present, the destination port of 0 is used.
• ACL IP protocol—Matched against the IP protocol in the SESSION object in RSVP messages. If
this object is not present, the IP protocol of 0 is used. If the IP protocol is for a TE session, then the
ACL IP protocol should be UDP.
• ACL differentiated services code point (DSCP) values—Matched against the DSCP value in the IP
header of the RSVP message.
Note These same policy-match criteria apply when you create ACLs for the debug ip rsvp filter command
except the command does not use DSCP and the protocol is ignored for TE sessions.
An autonomous-system-based policy must have at least one autonomous system associated with it, but
it can optionally have up to eight autonomous systems. They are matched against the incoming
interface/source IP address contained in RSVP objects inside RSVP signaling messages, not on the IP
headers of the RSVP messages.
An application-ID-based policy must have at least one application ID associated with it, but it can
optionally have up to four application IDs. They are matched against the incoming interface/source IP
address contained in RSVP objects inside RSVP signaling messages, not on the IP headers of the RSVP
messages.
A DSCP-based policy must have at least one DSCP associated with it, but it can optionally have up to
four DSCPs. RSVP extracts the DSCP from the aggregate message SESSION object and applies the local
policy that matches the DSCP criteria.
Command Restrictions
• You cannot configure more than 300 local policies per router. This limit is independent of policy
location (global or per interface) or match criteria such as application IDs, access control lists, or
autonomous systems.
• You cannot configure a single local policy with more than four RSVP identities.
CLI Submodes
Once you type the ip rsvp policy local command, you enter the local policy CLI submode where you
define the properties of the local policy that you are creating.

QOS-231
Note The local policy that you create automatically rejects all RSVP messages unless you enter a submode
command that instructs RSVP on the types of messages to accept or forward.
The submode commands are as follows:

• accept—Accepts, but does not forward RSVP messages.
accept {all | path | path-error | resv | resv-error}
– all—Accepts all incoming RSVP messages.
– path—Accepts incoming PATH messages that meet the match criteria for this policy, which
includes ACL(s), autonomous system(s), application ID(s), or default(s). If you omit this command,
incoming PATH messages that meet the policy-match criteria are rejected and a PATHERROR
message is sent in reply. However, the PATHERROR reply is also subject to local policy.
– path-error—Accepts incoming PATHERROR messages that meet the match criteria for this
policy. If you omit this command, incoming, including locally-generated, PATHERROR messages
that meet the policy-match criteria are rejected.
– resv—Accepts incoming RESV messages that meet the match criteria for this policy and performs
any required admission control. If you omit this command, incoming RESV messages that meet the
policy-match criteria are rejected and a RESVERROR message is sent in reply. However, the
RESVERROR reply is also subject to local policy.
The default bandwidth for a policy is unlimited. Therefore, if the policy has no configured
bandwidth, a RESV message is always accepted by the local policy because any bandwidth
request is less than or equal to unlimited. However, the RESV message may subsequently fail
admission control if there is insufficient bandwidth in the RSVP pool on the input interface to
which the RESV message applies. (See the ip rsvp bandwidth command for more
information.) If the bandwidth requested by the RESV messages is too large, a RESVERROR
message that is also subject to local policy is transmitted to the RESV sender.
– resv-error—Accepts incoming RESVERROR messages that meet the policy-match criteria for
this policy. If you omit this command, the incoming, including locally-generated,
RESVERROR messages that meet the policy-match criteria are rejected.
• default—Sets a command to its defaults.
• exit—Exits local policy configuration mode.
• fast-reroute—Allows TE LSPs that request Fast Reroute service. The default value is accept.
• forward—Accepts and forwards RSVP messages.
forward {all | path | path-error | resv | resv-error}
– all—Accepts and forwards all RSVP messages.
– path—Accepts and forwards PATH messages that meet the match criteria for this policy. If you
omit this command, PATH messages that meet the policy-match criteria are not forwarded to the next
(downstream) hop.
– path-error—Accepts and forwards PATHERROR messages that meet the match criteria for this
policy. If you omit this command, the PATHERROR messages that meet the match criteria are
not forwarded to the previous (upstream) hop. You may want to reject outbound PATHERROR
messages if you are receiving PATH messages from an untrusted node because someone could
be trying to port-scan for RSVP. If you reply with a PATHERROR message, the untrusted node
knows that you support RSVP and your IP address. Such information could be used to attempt
RSVP-based attacks.

QOS-232
– resv—Accepts and forwards RESV messages that meet the match criteria for this policy. If you
omit this command, RESV messages that meet the match criteria are not forwarded to the previous
(upstream) hop.
– resv-error—Accepts and forwards RESVERROR messages that meet the match criteria for this
policy. If you omit this command, the RESVERROR messages that meet the match criteria are
not forwarded to the next (downstream) hop. You may want to reject outbound RESVERROR
messages if you are receiving RESV messages from an untrusted node because someone could
be trying to port-scan for RSVP. If you reply with a RESVERROR message, then the untrusted
node knows that you support RSVP and your IP address. Such information could be used to
attempt RSVP-based attacks.
• local-override—Overrides any other policy sources by enforcing this local policy. Finalizes any
decisions by this policy. If local-override is omitted, RSVP holds onto the local policy decision to
see if another local or remote policy exists that will make a decision on the RSVP message, and only
if there is no other policy decision will the local policy decision be enforced.
• maximum [bandwidth [group x] [single y] | senders n]—Sets the limits for resources.
– bandwidth [group x] [single y]—Indicates bandwidth limits for RSVP reservations. The group
keyword specifies the amount of bandwidth that can be requested by all reservations covered by this
policy. The single keyword specifies the maximum bandwidth that can be requested by any specific
RSVP reservation covered by this policy. The x and y values are in kilobits per second and can range
from 1 to 10,000,000 (similar in concept to the existing interface mode ip rsvp bandwidth
command). Absence of a bandwidth command implies that there is no policy limit on bandwidth
requests.
Previously, the maximum bandwidth command applied only to PATH messages. However, as
part of the application ID enhancement, this command now applies only to RESV messages.
This change has the following benefits:
Allows the local policy bandwidth limit to be used by RSVP’s admission control process for
both shared and nonshared reservations. Previous releases that performed group bandwidth
checks on PATH messages could not account for bandwidth sharing, and, as a result, you had to
account for sharing by creating a larger maximum group bandwidth for the policy.
Allows a local policy to trigger preemption during the admission control function if there is
insufficient policy bandwidth to meet the needs of an incoming RESV message.
– senders n—Limits the number of RSVP senders affected by this policy that can be active at the same
time on this router. The value for n ranges from 1 to 50,000 with a default of 1000.
Note If you do not configure the ip rsvp policy preempt command, the maximum command may
be rejected, resulting in the following error message: “RSVP error: insufficient preemptable
bandwidth” if there are reservations admitted against the policy, and you try to reduce the
group bandwidth to less than the amount of admitted bandwidth on the policy.
• no—Negates a command or sets its defaults.

• preempt-priority [traffic-eng x] setup-priority [hold-priority]—Specifies the RSVP QoS priorities
to be inserted into PATH and RESV messages if they were not signaled from an upstream or
downstream neighbor or local client application, and the maximum setup or hold priority that RSVP
QoS or MPLS/TE sessions can signal. A PATHERROR, RESVERROR, or local application error is
returned if these limits are exceeded.

QOS-233
The x value indicates the upper limit of the priority for TE reservations. The range of x values is
0 to 7 in which the smaller the number, the higher the reservation’s priority. For non-TE reservations,
the range of x values is 0 to 65535 in which the higher the number, the higher the reservation’s
priority.
The setup-priority argument indicates the priority of a reservation when it is initially installed. The
optional hold-priority argument indicates the priority of a reservation after it has been installed; if
omitted, it defaults to the setup-priority. Values for the setup-priority and hold-priority arguments
range from 0 to 7 where 0 is considered the highest priority.
If the incoming message has a preemption priority that requests a priority higher than the policy
allows, the message is rejected. Use the tunnel mpls traffic-eng priority command to configure
preemption priority for TE tunnels.
A single policy can contain a preempt-priority traffic-eng and a preempt-priority command,
which may be useful if the policy is bound to an ACL that identifies a subnet containing a mix of
TE and non-TE endpoints or midpoints.
Note If you exit local policy configuration mode without entering any submode commands, the policy that
you have created rejects all RSVP messages.
Per-Interface Local Policies

All the local policy submode commands are also supported on a per-interface basis. You simply enter
Cisco IOS interface configuration mode for the selected interface and type in any number and mix of the
submode commands.
Per-interface local policies take precedence over global local policies. However, if there is a default local
policy configured for an interface, the router does not try to match any RSVP messages arriving on that
interface to any of the global local policies. Policies have the following priority (from highest to lowest):
• Nondefault interface policies
• Default interface policy
• Nondefault global policies
• Global default policy
There are some important points to note about per-interface local policies:
• Per-interface local policies do not take the place of the ip rsvp bandwidth command. The ip rsvp
bandwidth command indicates if RSVP is enabled on an interface as well as the size of the RSVP
bandwidth pool. The ip rsvp bandwidth pool is used by the admission control function of RSVP;
per-interface policies are used by the policy control function of RSVP. Policy control is the third
phase of RSVP message processing, which consists of validation, authentication, policy control
(authorization), and admission control.
• The sum of the group bandwidth of all the local policies assigned to an interface can be greater than
the maximum total bandwidth configured in the ip rsvp bandwidth command. However, the ip rsvp
bandwidth command makes the final decision as to whether there is sufficient bandwidth to admit
the reservation.

QOS-234
Examples ACL-, Default-, and Autonomous-System-Based Policies

In the following example, any RSVP nodes in the 192.168.101.0 subnet can initiate or respond to
reservation requests, but all other nodes can respond to reservation requests only. This means that any
192.168.101.x node can send and receive PATH, PATHERROR, RESV, or RESVERROR messages. All
other nodes can send only RESV or RESVERROR messages, and all reservations for autonomous system
1 are rejected.
Router(config)# access-list 104 permit ip 192.168.101.0 0.0.0.255 any
Router(config)# ip rsvp policy local acl 104
Router(config-rsvp-policy-local)# forward all
Router(config-rsvp-policy-local)# exit
Router(config)# ip rsvp policy local default
Router(config-rsvp-policy-local)# forward resv
Router(config-rsvp-policy-local)# forward resverror
Router(config-rsvp-policy-local)# exit
Router(config)# ip rsvp policy local origin-as 1
Router(config-rsvp-policy-local)# end
Application-ID-Based Policy
RSVP matches incoming RSVP messages with IDs to configured IDs and policies. The following
example configures a global RSVP local policy that limits voice calls to 200 kbps for the whole router
regardless of which interface the RSVP signaling occurs on:
Router(config)# ip rsvp policy local identity rsvp-voice policy-locator
"GUID=www.cisco.com, APP=Voice"
Router(config)# ip rsvp policy local identity rsvp-voice
Router(config-rsvp-local-policy)# forward all
Router(config-rsvp-local-policy)# maximum bandwidth group 200
Router(config-rsvp-local-policy)# end
Per-Interface Application ID-Based Policy

The following example configures a local policy that limits all RSVP voice calls on serial interface 2/0/0
to a total of 200 kbps:
Router(config)# ip rsvp policy local identity rsvp-voice policy-locator APP=Voice
Router(config-if)# ip rsvp policy local identity rsvp-voice
Router(config-rsvp-local-policy)# exit
Router(config-if)# ip rsvp policy local default
DSCP-Based Policy
The following example configures a local policy to match RSVP aggregation reservations with an RSVP
session object DSCP value of 46 and sets the preempt-priority with a setup and hold priority equal to 5.
Router(config)# ip rsvp policy local dscp-ip 46
Router(config-rsvp-local-policy)# preempt-priority 5 5

QOS-235

ip rsvp policy preempt Enables RSVP to redistribute bandwidth from lower-priority reservations
to new, higher-priority reservations.
show ip rsvp policy Displays the configured local policies.
show ip rsvp policy cops Displays the policy server addresses, ACL IDs, and current state of the
router’s TCP connections to COPS servers.
show ip rsvp policy local Displays selected local policies that have been configured.
tunnel mpls traffic-eng Configures the setup and reservation priority for an MPLS traffic
priority engineering tunnel.

QOS-236
ip rsvp policy preempt

To enable Resource Reservation Protocol (RSVP) to take bandwidth from lower-priority reservations
and give it to new, higher-priority reservations, use the ip rsvp policy preempt command in global
configuration mode. To disable this function, use the no form of this command.
no ip rsvp policy preempt
Command Default RSVP does not reassign bandwidth from lower-priority reservations to higher-priority reservations.

Usage Guidelines Use the ip rsvp policy preempt command to enable or disable the preemption parameter for all
configured local and remote policies without setting the preemption parameter for each policy
individually. This command allows you to give preferential quality of service (QoS) treatment to one
group of RSVP hosts or applications over another.
Examples The following example enables preemption:

Router(config)# ip rsvp policy preempt
The following example disables preemption:

Router(config)# no ip rsvp policy preempt

show ip rsvp policy Displays the configured local policies.

QOS-237
ip rsvp pq-profile
ip rsvp pq-profile
To specify the criteria for Resource Reservation Protocol (RSVP) to use to determine which flows to
direct into the priority queue (PQ) within weighted fair queueing (WFQ), use the ip rsvp pq-profile
command in global configuration mode. To disable the specified criteria, use the no form of this
command.
ip rsvp pq-profile [voice-like | r’ [b’[p-to-r’ | ignore-peak-value]]
no ip rsvp pq-profile
Syntax Description voice-like (Optional) Indicates pq-profile parameters sufficient for most voice flows.
The default values for r’, b’, and p-to-r’ are used. These values should cause
all voice flows generated from Cisco IOS applications and most voice flows
from other RSVP applications, such as Microsoft NetMeeting, to be
directed into the PQ.
r’ (Optional) Indicates maximum rate of a flow in bytes per second. Valid
range is from 1 to 1048576 bytes per second.
b’ (Optional) Indicates maximum burst of a flow in bytes. Valid range is
from 1 to 8192 bytes.
p-to-r’ (Optional) Indicates maximum ratio of peak rate to average rate as a
percentage. Valid range is from 100 to 4000 percent.
ignore-peak-value (Optional) Indicates that the peak rate to average rate ratio of the flow is not
evaluated when RSVP identifies flows.
Command Default The default value for r’ is 12288 bytes per second.
The default value for b’ is 592 bytes.
The default value for p-to-r’ is 110 percent.

Usage Guidelines Use this command to define the profile of RSVP flows to be placed in the PQ within the WFQ system.
You can have only one profile in effect at a time. Changes to this configuration affect only new flows,
not existing flows.
This command applies only on interfaces that are running RSVP and WFQ.

QOS-238
ip rsvp pq-profile
RSVP recognizes voice flows based upon the r, b, and p values within the flowspec of a receiver. A
reserved flow is granted to the PQ as long as the flowspec parameters of a receiver meet the following
default criteria:
(r <= r’) AND (b <= b’) AND (p/r <= p-to-r’)
Examples In the following example, voice-like flows (with the default criteria for voice) are put into the PQ:
Router(config)# ip rsvp pq-profile
Router(config)# ip rsvp pq-profile voice-like
Router(config)# ip rsvp pq-profile 12288 592 110
Router(config)# default ip rsvp pq-profile
Router# show running-config | include pq-profile
In the following example, all flows matching the voice criteria are put into the PQ:
Router(config)# ip rsvp pq-profile 10240 512 100
ip rsvp pq-profile 10240 512 100
In the following example, no flows are put into the PQ:

Router(config)# no ip rsvp pq-profile
no ip rsvp pq-profile
In the following example, flows with the criteria given for r’ and b’ and the default value for p-to-r’ are
put into the PQ:
Router(config)# ip rsvp pq-profile 9000 300
ip rsvp pq-profile 9000 300 110
In the following example, flows with the criteria given for r’ and b’ and ignoring the peak value of the
flow are put into the PQ:
Router(config)# ip rsvp pq-profile 9000 300 ignore-peak-value
ip rsvp pq-profile 9000 300 ignore-peak-value
In the following example, Microsoft NetMeeting voice flows with G.711 or adaptive differential pulse
code modulation (ADPCM) codecs are put into the PQ:
Router(config)# ip rsvp pq-profile 10200 1200

QOS-239
ip rsvp precedence
ip rsvp precedence
To enable the router to mark the IP Precedence value of the type of service (ToS) byte for packets in a
Resource Reservation Protocol (RSVP) reserved path using the specified values for packets that either
conform to or exceed the RSVP flowspec, use the ip rsvp precedence command in interface
configuration mode. To remove existing IP Precedence settings, use the no form of this command.
ip rsvp precedence {conform precedence-value | exceed precedence-value}
no ip rsvp precedence [conform | exceed]
Syntax Description conform precedence-value Specifies an IP Precedence value in the range from 0 to 7 for traffic that
conforms to the RSVP flowspec. The IP Precedence value is written to
the three high-order bits (bits 5 to 7) of the ToS byte in the IP header of
a packet. Either the conform or exceed keyword is required; both
keywords may be specified.
When used with the no form of the command, the conform keyword is
optional.
exceed precedence-value Specifies an IP Precedence value in the range from 0 to 7 for traffic that
exceeds the RSVP flowspec. The IP Precedence value is written to the
three high-order bits (bits 5 to 7) of the ToS byte in the IP header of a
packet. Either the conform or exceed keyword is required; both
keywords may be specified.
When used with the no form of the command, the exceed keyword is
optional.
Command Default The IP Precedence bits of the ToS byte are left unmodified when this command is not used. The default
state is equivalent to execution of the no ip rsvp precedence command.

Usage Guidelines Packets in an RSVP reserved path are divided into two classes: those that conform to the reservation
flowspec and those that correspond to a reservation but that exceed, or are outside, the reservation
flowspec.

QOS-240
ip rsvp precedence
The ip rsvp precedence command allows you to set the IP Precedence values to be applied to packets
belonging to these two classes. You must specify the IP Precedence value for at least one class of traffic
when you use this command. You can use a single instance of the command to specify values for both
classes, in which case you can specify the conform and exceed keywords in either order.
As part of its input processing, RSVP uses the ip rsvp precedence command to set the IP Precedence
bits on conforming and nonconforming packets. If per-VC DWRED is configured, the system uses the
IP Precedence and ToS bit settings on the output interface in its packet drop process. The IP Precedence
setting of a packet can also be used by interfaces on downstream routers.
Execution of the ip rsvp precedence command causes IP Precedence values for all preexisting
reservations on the interface to be modified.
Note RSVP must be enabled on an interface before you can use this command; that is, use of the ip rsvp
bandwidth command must precede use of the ip rsvp precedence command. RSVP cannot be
configured with VIP-distributed Cisco Express Forwarding (dCEF).
RSVP receives packets from the underlying forwarding mechanism. Therefore, before you use
the ip rsvp precedence command to set IP Precedence, one of the following features is required:
• Weighted fair queueing (WFQ) must be enabled on the interface.
• RSVP switched virtual circuits (SVCs) must be used.
• NetFlow must be configured to assist RSVP.
Note Use of the no form of this command is not equivalent to giving the ip rsvp precedence 0 command,
which sets all precedence on the packets to 0, regardless of previous precedence setting.
Examples The following example sets the IP Precedence value to 3 for all traffic on the ATM interface 0 that
conforms to the RSVP flowspec and to 2 for all traffic that exceeds the flowspec:
interface atm0
ip rsvp precedence conform 3 exceed 2
The following example sets the IP Precedence value to 2 for all traffic on ATM interface 1 that conforms
to the RSVP flowspec. The IP Precedence values of those packets that exceed the flowspec are not
altered in any way.
interface ATM1
ip rsvp precedence conform 2

ip rsvp policy cops minimal Lowers the COPS server’s load and improves latency times for
messages on the governed router.
ip rsvp tos Allows you to set the ToS values to be applied to packets that either
conform to or exceed the RSVP flowspec.
show ip rsvp Displays the IP Precedence and ToS bit values to be applied to
packets that either conform to or exceed the RSVP flowspec for a
given interface.

QOS-241
ip rsvp qos
ip rsvp qos
To enable Resource Reservation Protocol (RSVP) quality of service (QoS) flows on a router running
Multiprotocol Label Switching Traffic Engineering (MPLS TE), use the ip rsvp qos command in global
configuration mode. To disable RSVP QoS flows, use the no form of this command.
ip rsvp qos
no ip rsvp qos
Command Default RSVP QoS flows are not enabled.

Usage Guidelines If RSVP QoS flows and MPLS TE are enabled, the router processes and installs RSVP label-switched
path (LSP) and IPv4 messages such as PATH and RESV. If RSVP QoS flows and MPLS TE are then
disabled with IPv4 and LSP states installed, all installed IPv4 states are immediately cleared. LSP states
remain unmodified. Further refreshes or new IPv4 RSVP messages are forwarded unmodified.
Use the show ip rsvp command to see the status of the ip rsvp qos command.
Examples The following example configures RSVP QoS flows on a router running MPLS TE:
Router(config)# ip rsvp qos

show ip rsvp Displays specific information for RSVP categories.

QOS-242
ip rsvp reservation
ip rsvp reservation
To enable a router to simulate receiving Resource Reservation Protocol (RSVP) RESV messages from a
downstream host, use the ip rsvp reservation command in global configuration mode. To disable this
function, use the no form of this command.
ip rsvp reservation session-ip-address sender-ip-address {tcp | udp | ip-protocol} session-d-port

sender-s-port next-hop-ip-address next-hop-interface {ff | se | wf} {rate | load} bandwidth
burst-size [identity alias]
no ip rsvp reservation session-ip-address sender-ip-address {tcp | udp | ip-protocol}

session-d-port sender-s-port next-hop-ip-address next-hop-interface {ff | se | wf} {rate | load}
bandwidth burst-size [identity alias]
multicast sessions, this is the IP multicast address of the session.
sender-ip-address IP address of the sender.
tcp | udp | ip-protocol TCP, UDP, or IP protocol in the range from 0 to 255.
session-d-port The session-d-port argument is the destination port. The sender-s-port
sender-s-port argument is the source port. Port numbers are specified in all cases,
because the use of 16-bit ports following the IP header is not limited to
UDP or TCP. If the destination is zero, the source must be zero, and the
implication is that ports are not checked. If the destination is nonzero, the
source must be nonzero (except for wf reservations, for which the source
port is always ignored and can therefore be zero).
next-hop-ip-address Hostname or address of the receiver or the router closest to the receiver.
next-hop-interface Next-hop interface or subinterface type and number. Interface type can be
ethernet, loopback, null, or serial.
ff | se | wf Reservation style:
• Fixed Filter (ff) is single reservation.
• Shared Explicit (se) is shared reservation, limited scope.
• Wildcard Filter (wf) is shared reservation, unlimited scope.
rate | load QoS guaranteed bit rate service or controlled load service.
bandwidth Average bit rate, in kbps, to reserve up to 75 percent of the total on the
interface. The range is from 1 to 10000000.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to
65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can
have as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator
string itself, you must type the CTRL/V key sequence before
entering the embedded “ ” or ? characters. The alias is never
transmitted to other routers.
Command Default The router does not simulate receiving RSVP RESV messages.

QOS-243
ip rsvp reservation

12.4(6)T The optional identity alias keyword and argument combination was added.
Usage Guidelines Use the ip rsvp reservation command to make the router simulate receiving RSVP RESV messages
from a downstream host and to proxy RSVP RESV messages for that host. By giving a local (loopback)
next-hop address and next-hop interface, you can also use this command to proxy RSVP for the router
that you are configuring or you can use the ip rsvp reservation-host command.
An alias must reference an RSVP identity that you created by using the ip rsvp identity command. The
policy-locator string associated with this identity is signaled in the RESV message. This identity
overrides any application ID that is contained in the matching PATH message.
If the matching PATH message has an application ID, but you have not specified an application ID using
the ip rsvp reservation command, the RESV message will not contain an application ID. However, the
RESV message proxied by the ip rsvp listener command does put the matching PATH message
application ID into the proxied RESV message.
Examples The following example specifies the use of a Shared Explicit style of reservation and the controlled load
service, with token buckets of 100 or 150 kbps and 60 or 65 kbytes maximum queue depth:
Router(config)# ip rsvp reservation 239.250.0.2 172.16.1.1 udp 20 30 172.16.4.1 Ethernet1
se load 100 60
Router(config)# ip rsvp reservation 239.250.0.2 172.16.2.1 tcp 20 30 172.16.4.1 Ethernet1

se load 150 65
The following example specifies the use of a Wildcard Filter style of reservation and the guaranteed bit
rate service, with token buckets of 300 or 350 kbps, 60 or 65 kbytes maximum queue depth, and an
application ID:
Router(config)# ip rsvp reservation 239.250.0.3 0.0.0.0 udp 20 0 172.16.4.1 Ethernet1 wf
rate 300 60 identity xyz
Router(config)# ip rsvp reservation 239.1.1.1 0.0.0.0 udp 20 0 172.16.4.1 Ethernet1 wf

rate 350 65 identity xyz
Note that the wildcard filter does not admit the specification of the sender; it accepts all senders. This
action is denoted by setting the source address and port to zero. If, in any filter style, the destination port
is specified to be zero, RSVP does not permit the source port to be anything else; it understands that such
protocols do not use ports or that the specification applies to all ports.

QOS-244
ip rsvp reservation

ip rsvp identity Defines RSVP application IDs.
ip rsvp neighbor Enables a router to control who its authorized neighbors are.
ip rsvp reservation-host Enables a router to simulate a host generating RSVP RESV messages.
ip rsvp sender Enables a router to simulate receiving RSVP PATH messages.
ip rsvp sender-host Enables a router to simulate a host generating RSVP PATH messages.
show ip rsvp installed Displays RSVP-related bandwidth information.
identity
show ip rsvp Displays RSVP RESV-related receiver information currently in the
database.

QOS-245
ip rsvp reservation-host
To enable a router to simulate a host generating Resource Reservation Protocol (RSVP) RESV messages,
use the ip rsvp reservation-host command in global configuration mode. To disable this function, use
ip rsvp reservation-host session-ip-address sender-ip-address {tcp | udp | ip-protocol}

session-d-port sender-s-port {ff | se | wf} {rate | load} bandwidth burst-size [identity alias]
no ip rsvp reservation-host session-ip-address sender-ip-address {tcp | udp | ip-protocol}

session-d-port sender-s-port {ff | se | wf} {rate | load} bandwidth burst-size [identity alias]
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver. IP
multicast addresses cannot be used with this argument. It must be a
logical address configured on an interface on the router that you are
configuring.
source must be nonzero (except for wf reservations, for which the source
port is always ignored and can therefore be zero).
ff | se | wf Reservation style:
• Fixed Filter (ff) is single reservation.
• Shared Explicit (se) is shared reservation, limited scope.
• Wildcard Filter (wf) is shared reservation, unlimited scope.
rate | load QoS guaranteed bit rate service or controlled load service.
65535.
Command Default The router does not simulate a host generating RSVP RESV messages.

QOS-246

Usage Guidelines Use the ip rsvp reservation-host command to make a router simulate a host generating its own RSVP
RESV messages. This command is similar to the ip rsvp reservation command, which can cause a
router to generate RESV messages on behalf of another host. The main differences between the ip rsvp
reservation-host and ip rsvp reservation commands follow:
• When you enter the ip rsvp reservation-host command, the session-ip-address argument must be a
local address configured on an interface on the router. Therefore, you cannot proxy a reservation on
behalf of a flow that is destined for another host. Also, you cannot use this command to generate
reservation messages for multicast sessions.
• Because the message is assumed to originate from the router that you are configuring, you do not
specify a next-hop or incoming interface for the RSVP RESV message when entering the ip rsvp
reservation-host command.
• Use the ip rsvp reservation-host command for debugging and testing purposes because you cannot
use it to proxy RSVP for non-RSVP-capable hosts or for multicast sessions.
If the matching PATH message has an application ID, but you have not specified an application ID using
the ip rsvp reservation-host command, the RESV message does not contain an application ID.
However, the RESV message proxied by the ip rsvp listener command does put the matching PATH
message application ID into the proxied RESV message.
Examples The following example specifies the use of a Shared Explicit style of reservation and the controlled load
service, with token buckets of 100 or 150 kbps, 60 or 65 kbps maximum queue depth, and an application
ID:
Router(config)# ip rsvp reservation-host 10.1.1.1 10.30.1.4 udp 20 30 se load 100 60
identity xyz
Router(config)# ip rsvp reservation-host 10.40.2.2 10.22.1.1 tcp 20 30 se load 150 65

identity xyz

ip rsvp neighbor Enables a router to control who its authorized RSVP neighbors are.
ip rsvp reservation Enables a router to simulate receiving RSVP RESV messages.

QOS-247
Command Description
identity
database.

QOS-248
ip rsvp resource-provider
To configure a resource provider for an aggregate flow, use the ip rsvp resource-provider command in
interface configuration mode. To disable a resource provider for an aggregate flow, use the no form of
this command.
ip rsvp resource-provider {none | wfq interface | wfq pvc}
no ip rsvp resource-provider
Syntax Description none No resource provider specified regardless of whether one is configured on
the interface.
wfq interface Weighted fair queueing (WFQ) specified as the resource provider on the
interface.
wfq pvc WFQ specified as the resource provider on the permanent virtual circuit
(PVC) or connection.
Command Default The wfq interface is the default resource provider that Resource Reservation Protocol (RSVP)
configures on the interface.

Usage Guidelines Use the ip rsvp resource-provider command to configure the resource provider with which you want
RSVP to interact when it installs a reservation.
To ensure that a flow receives quality of service (QoS) guarantees when using WFQ on a per-flow basis,
configure wfq interface or wfq pvc as the resource provider. To ensure that a flow receives QoS
guarantees when using class-based weighted fair queueing (CBWFQ) for data packet processing,
configure none as the resource provider.
Note Resource provider was formerly called QoS provider.

QOS-249
Examples In the following example, the ip rsvp resource-provider command is configured with wfq interface or
wfq pvc as the resource provider, ensuring that a flow receives QoS guarantees when using WFQ on a
per-flow basis:
Router(config-if)# ip rsvp resource-provider wfq pvc
In the following example, the ip rsvp resource-provider command is configured with none as the
resource provider, ensuring that a flow receives QoS guarantees when using CBWFQ for data packet
processing:
Router(config-if)# ip rsvp resource-provider none


QOS-250
ip rsvp sender
ip rsvp sender
To enable a router to simulate receiving Resource Reservation Protocol (RSVP) PATH messages, use the
ip rsvp sender command in global configuration mode. To disable this function, use the no form of this
command.
ip rsvp sender session-ip-address sender-ip-address {tcp | udp | ip-protocol} session-d-port

sender-s-port previous-hop-ip-address previous-hop-interface bandwidth burst-size
[identity alias]
no ip rsvp sender session-ip-address sender-ip-address {tcp | udp | ip-protocol} session-d-port

sender-s-port previous-hop-ip-address previous-hop-interface bandwidth burst-size
[identity alias]
source must be nonzero.
previous-hop-ip-address Address of the sender or the router closest to the sender.
previous-hop-interface Previous-hop interface or subinterface. Interface type can be ethernet,
loopback, null, or serial.
65535.
Command Default The router does not simulate receiving RSVP PATH messages.

QOS-251
ip rsvp sender

Usage Guidelines Use the ip rsvp sender command to make the router simulate that it is receiving RSVP PATH messages
from an upstream host and to proxy RSVP PATH messages from that host. By including a local
(loopback) previous-hop address and previous-hop interface, you can also use this command to proxy
RSVP for the router that you are configuring.
policy-locator string associated with this identity is supplied in the PATH message.
Examples The following example sets up the router to act as though it is receiving RSVP PATH messages using
UDP over loopback interface 1:
Router(config)# ip rsvp sender 239.250.0.1 172.16.2.1 udp 20 30 172.16.2.1 loopback 1 50 5
identity xyz
Router(config)# ip rsvp sender 239.250.0.2 172.16.2.1 udp 20 30 172.16.2.1 loopback 1 50 5

identity xyz

ip rsvp neighbor Enables a router to control who its authorized RSVP neighbors are.
identity
database.

QOS-252
ip rsvp sender-host
ip rsvp sender-host
To enable a router to simulate a host generating a Resource Reservation Protocol (RSVP) PATH
message, use the ip rsvp sender-host command in global configuration mode. To disable this function,
ip rsvp sender-host session-ip-address sender-ip-address {tcp | udp | ip-protocol} session-d-port

sender-s-port bandwidth burst-size [identity alias]
no ip rsvp sender-host session-ip-address sender-ip-address {tcp | udp | ip-protocol}

session-d-port sender-s-port bandwidth burst-size [identity alias]
sender-ip-address IP address of the sender. It must be a logical address configured on an
interface on the router that you are configuring.
sender-s-port argument is the source port. Port numbers are specified in all cases, because
the use of 16-bit ports following the IP header is not limited to UDP or TCP.
If the destination is zero, the source must be zero, and the implication is that
ports are not checked. If the destination is nonzero, the source must be
nonzero.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to 65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can have
as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the string itself, you must
type the CTRL/V key sequence before entering the embedded “ ” or
? characters. The alias is never transmitted to other routers.
Command Default The router does not simulate RSVP PATH message generation.


QOS-253
ip rsvp sender-host
Usage Guidelines Use the ip rsvp sender-host command to make a router simulate a host generating its own RSVP PATH
messages. This command is similar to the ip rsvp sender command, which can cause a router to generate
RSVP PATH messages on behalf of another host. The main differences between the ip rsvp sender-host
and ip rsvp sender commands follow:
• When you enter the ip rsvp sender-host command, the sender-ip-address argument must be a local
address configured on an interface of the router.
• Because the message is assumed to originate from the router that you are configuring, you do not
specify a previous-hop or incoming interface for the RSVP PATH message when entering the ip rsvp
sender-host command.
• Use the ip rsvp sender-host command for debugging and testing purposes because you cannot use
it to proxy RSVP for non-RSVP-capable hosts.
Examples The following example sets up the router to act like a host that sends traffic to the given address:
Router(config)# ip rsvp sender-host 10.0.0.7 10.0.0.1 udp 1 1 10 10 identity xyz

ip rsvp neighbor Enables a router to control who its authorized neighbors are.
identity
database.

QOS-254
ip rsvp signalling dscp
ip rsvp signalling dscp

To specify the differentiated services code point (DSCP) value to be used on all Resource Reservation
Protocol (RSVP) messages transmitted on an interface, use the ip rsvp signalling dscp command in
interface configuration mode. To disable this function, use the no form of this command.
ip rsvp signalling dscp value
no ip rsvp signalling dscp
Syntax Description value A number for the DSCP. Range is from 0 to 63. Default is 0.
Command Default The default value is 0.
Command Modes Interface configuration.

12.1 This command was introduced
Usage Guidelines You configure the DSCP per interface, not per flow. The DSCP determines the priority that a packet
receives from various hops as it travels to its destination.
The DSCP applies to all RSVP flows installed on a specific interface. You can configure each interface
independently for DSCP.
Examples Here is an example of the ip rsvp signalling dscp command with a DSCP value of 6
Router(config-if)# ip rsvp signalling dscp 6
To verify the DSCP value, enter the show ip rsvp interface detail command:
Router# show ip rsvp interface serial2/0 detail
Se2/0:
Bandwidth:
Curr allocated:10K bits/sec
Max. allowed (total):1536K bits/sec
Max. allowed (per flow):1536K bits/sec
Neighbors:
Using IP enacp:1. Using UDP encaps:0
DSCP value used in Path/Resv msgs:0x6
Burst Police Factor:300%
RSVP:Data Packet Classification provided by: none

QOS-255
ip rsvp signalling fast-local-repair notifications

To configure the number of per flow notifications that Resource Reservation Protocol (RSVP) processes
during a fast local repair (FLR) procedure before suspending, use the ip rsvp signalling
fast-local-repair notifications command in global configuration mode. To set the number of
notifications to its default, use the no form of this command.
ip rsvp signalling fast-local-repair notifications number
no ip rsvp signalling fast-local-repair notifications
Syntax Description number Total number of notifications to be sent. The range is 10 to 10000. The
default is 1000.
Command Default There are always notifications sent by the routing information base (RIB) and processed by RSVP. If this
command is not configured, RSVP processes 1000 notifications, suspends, then resumes processing of
another 1000 notifications, and so on.

Usage Guidelines Upon a route change, RIB builds a list of notifications, one per affected flow, and notifies RSVP by
sending an event including these notifications. Therefore, these events can contain thousands of elements
depending on the number of path state blocks (PSBs) affected.
RSVP processes, by default, 1000 notifications at a time and then suspends if required, to prevent the
CPU from being overwhelmed. However, you can configure this number using the ip rsvp signalling
fast-local-repair notifications command.
Examples The following example configures the number of flows that are repaired before RSVP suspends to 100:
Router(config)# ip rsvp signalling fast-local-repair notifications 100

ip rsvp signalling Configures the repair rate that RSVP uses for an FLR procedure.
fast-local-repair rate

QOS-256
Command Description
ip rsvp signalling Configures the delay that RSVP uses to start an FLR procedure.
fast-local-repair
wait-time
show ip rsvp signalling Displays FLR-specific information maintained by RSVP.
fast-local-repair

QOS-257
ip rsvp signalling fast-local-repair rate

To configure the repair rate that Resource Reservation Protocol (RSVP) uses for a fast local repair (FLR)
procedure, use the ip rsvp signalling fast-local-repair rate command in global configuration mode. To
set the repair rate to its default, use the no form of this command.
ip rsvp signalling fast-local-repair rate rate
no ip rsvp signalling fast-local-repair rate
Syntax Description rate FLR rate for PATH state refresh and repair, in messages per second
(msg/sec). The range is 0 to 5000. The default is 400.
Command Default If this command is not configured, the RSVP message pacing rate is used.
Note The RSVP message pacing rate is enabled by default in Cisco IOS Release 12.2 and later.

Usage Guidelines The default repair rate is based on the RSVP message pacing rate.
If you configure the FLR rate by using the ip rsvp signalling fast-local-repair rate command, and
RSVP message pacing is enabled, the minimum between the FLR rate and the RSVP message pacing
rate takes effect. If you disable the RSVP rate limit by using the no ip rsvp signalling rate-limit
command, then the FLR rate is used. However, if you disable the RSVP rate limit and do not configure
an FLR rate, then RSVP performs no message pacing and messages are sent back-to-back. This action
is not recommended because the point of local repair (PLR) may flood the downstream node with PATH
messages causing some of them to be dropped.
The repair rate is determined at notification time, and this same rate is used during the time of the repair
even if you change either the RSVP message pacing rate or the FLR rate during this time.
Examples The following example configures a repair rate of 100 messages per second:
Router(config)# ip rsvp signalling fast-local-repair rate 100

QOS-258

ip rsvp signalling Configures the number of notifications that are processed before RSVP
fast-local-repair suspends.
notifications
ip rsvp signalling Configures the delay used to start an FLR procedure.
fast-local-repair
wait-time
ip rsvp signalling Controls the transmission rate for RSVP messages sent to a neighboring
rate-limit router during a specified amount of time.

QOS-259
ip rsvp signalling fast-local-repair wait-time
ip rsvp signalling fast-local-repair wait-time

To configure the delay that Resource Reservation Protocol (RSVP) uses before starting a fast local repair
(FLR) procedure, use the ip rsvp signalling fast-local-repair wait-time command in interface
configuration mode. To set the delay to its default, use the no form of this command.
ip rsvp signalling fast-local-repair wait-time interval
no ip rsvp signalling fast-local-repair wait-time
Syntax Description interval Amount of time before an FLR procedure begins, in milliseconds (ms). The
range is 0 to 5000 ms. The default is 0.
Command Default This command is disabled by default; therefore, no delay is configured.

Usage Guidelines Use the ip rsvp signalling fast-local-repair wait-time command to configure the delay desired in
starting an FLR procedure. If you do not configure a delay, then path refreshes are triggered immediately
after RSVP receives a route change notification from the routing information base (RIB).
Examples The following example configures a delay of 100 ms:

Router(config-if)# ip rsvp signalling fast-local-repair wait-time 100

notifications

QOS-260
ip rsvp signalling hello (configuration)
ip rsvp signalling hello (configuration)

To enable hello globally on a router, use the ip rsvp signalling hello command in global configuration
mode. To disable hello globally on a router, use the no form of this command.
ip rsvp signalling hello
no ip rsvp signalling hello
Command Default No hellos are enabled.

Usage Guidelines To enable hello globally on a router, you must enter this command. You also must enable hello on the
interface.
Examples In the following example, hello is enabled globally on a router:

Router(config)# ip rsvp signalling hello

ip rsvp signalling hello (interface) Enables Hello on an interface where you need Fast Reroute
protection.
ip rsvp signalling hello statistics Enables Hello statistics on the router.

QOS-261
ip rsvp signalling hello (interface)
ip rsvp signalling hello (interface)

To enable hello on an interface where you need Fast Reroute protection, use the ip rsvp signalling hello
command in interface configuration mode. To disable hello on an interface where you need Fast Reroute
protection, use the no form of this command
ip rsvp signalling hello
no ip rsvp signalling hello
Command Default No hellos are enabled.

Usage Guidelines You must configure hello globally on a router and on the specific interface.
Examples In the following example, hello is enabled on an interface:

Router(config-if)# ip rsvp signalling hello

ip rsvp signalling hello (configuration) Enables Hello globally on the router.
ip rsvp signalling hello dscp Sets the DSCP value that is in the IP header of the
Hello messages sent out from the interface.
ip rsvp signalling hello refresh misses Specifies how many Hello acknowledgments a node
can miss in a row before the node considers that
communication with its neighbor is down.
ip rsvp signalling hello refresh interval Configures the Hello request interval.

QOS-262
ip rsvp signalling hello dscp

To set the differentiated services code point (DSCP) value that is in the IP header of a Resource
Reservation Protocol (RSVP) traffic engineering (TE) hello message sent from an interface, use the ip
rsvp signalling hello dscp command in interface configuration mode. To set the DSCP value to its
ip rsvp signalling hello [fast-reroute] dscp num
no ip rsvp signalling hello [fast-reroute] dscp
Syntax Description fast-reroute (Optional) Initiates Fast Reroute capability.

num DSCP value. Valid values are from 0 to 63.
Command Default The default DSCP value is 48.

12.0(29)S The optional fast-reroute keyword was added.
Usage Guidelines If a link is congested, it is recommended that you set the DSCP to a value higher than 0 to reduce the
likelihood that hello messages will be dropped.
You configure the DSCP per interface, not per flow.
The DSCP applies to the RSVP hellos created on a specific interface. You can configure each interface
If you issue the ip rsvp signalling hello dscp command without the optional fast-reroute keyword, the
command applies to Fast Reroute hellos. This command is provided for backward compatibility;
however, we recommend that you use the ip rsvp signalling hello fast-reroute dscp command.
Examples In the following example, hello messages sent from this interface have a DSCP value of 30 and Fast
Reroute capability is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute dscp 30

QOS-263
In the following example, hello messages sent from this interface have a DSCP value of 30 and Fast
Reroute capability is enabled by default:
Router(config-if)# ip rsvp signalling hello dscp 30

ip rsvp signalling hello Enables hellos on an interface where you need Fast Reroute protection.
(interface)
ip rsvp signalling hello Sets the hello refresh interval in hello messages.
refresh interval
ip rsvp signalling hello Sets the missed refresh limit in hello messages.
reroute refresh misses

QOS-264
ip rsvp signalling hello graceful-restart dscp
ip rsvp signalling hello graceful-restart dscp

Reservation Protocol (RSVP) traffic engineering (TE) graceful restart hello message, use the ip rsvp
signalling hello graceful-restart dscp command in global configuration mode. To set the DSCP valueto
its default, use the no form of this command.
ip rsvp signalling hello graceful-restart dscp num
no ip rsvp signalling hello graceful-restart dscp
Syntax Description num DSCP value. Valid values are from 0 to 63.

Usage Guidelines If a link is congested, set the DSCP to a value higher than 0 to reduce the likelihood that hello messages
get dropped.
The DSCP applies to the RSVP hellos created on a specific router. You can configure each router
independently for the DSCP.
Examples In the following example, hello messages have a DSCP value of 30:
Router(config)# ip rsvp signalling hello graceful-restart dscp 30

ip rsvp signalling hello Sets the hello request interval in graceful restart hello messages.
graceful-restart
refresh interval
ip rsvp signalling hello Sets the missed refresh limit in graceful restart hello messages.
graceful-restart
refresh misses

QOS-265
ip rsvp signalling hello graceful-restart mode

To enable Resource Reservation Protocol (RSVP) traffic engineering (TE) graceful restart capability on
a Route Processor (RP), use the ip rsvp signalling hello graceful-restart mode command in global
configuration mode. To disable graceful restart capability, use the no form of this command.
ip rsvp signalling hello graceful-restart mode {help-neighbor | full}
no ip rsvp signalling hello graceful-restart mode
Syntax Description help-neighbor Enables support for a neighboring router to restart after a failure.
full Enables support for a router to perform self recovery or to help a neighbor
restart after a failure.
Command Default Graceful restart is disabled until you issue this command.

12.0(29)S This command was introduced as ip rsvp signalling hello graceful-restart
mode help-neighbor.
12.2(33)SRA The full keyword was added.This command replaces the as ip rsvp
signalling hello graceful-restart mode help-neighbor command.
Usage Guidelines Use the ip rsvp signalling hello graceful-restart mode help-neighbor command to enable support
capability for a neighboring router to restart after a failure.
Use the ip rsvp signalling hello graceful-restart mode full command to enable support capability for
a router to begin self recovery or help its neighbor to restart on platforms that support stateful switchover
(SSO), such as Cisco 7600 series routers, provided that you have installed and configured a standby RP.
Examples In the following example, an RP is configured with support capability to perform self recovery after a
failure:
Router(config)# ip rsvp signalling hello graceful-restart mode full

QOS-266

ip rsvp signalling hello Sets the DSCP value in the IP header of a RSVP TE graceful restart hello
graceful-restart dscp message.
ip rsvp signalling hello Enables RSVP-TE graceful restart support capability on a neighboring
graceful-restart router.
neighbor
ip rsvp signalling hello Sets the value to control the request interval in graceful restart hello
graceful-restart messages.
refresh interval
ip rsvp signalling hello Sets the value to control the missed refresh limit in graceful restart hello
refresh misses
show ip rsvp hello Displays information about RSVP-TE graceful restart hello messages.
graceful-restart

QOS-267
ip rsvp signalling hello graceful-restart mode help-neighbor

Note Effective with Cisco IOS Release 12.2(33)SRA, the ip rsvp signalling hello graceful-restart mode
help-neighbor command is replaced by the ip rsvp signalling hello graceful-restart mode command.
See the ip rsvp signalling hello graceful-restart mode command for more information.
a neighboring router, use the ip rsvp signalling hello graceful-restart mode help-neighbor command
in global configuration mode. To disable graceful restart capability, use the no form of this command.
no ip rsvp signalling hello graceful-restart mode help-neighbor
Command Default Graceful restart is disabled.

12.2(33)SRA This command was replaced by the ip rsvp signalling hello
graceful-restart mode command.
Usage Guidelines Use the ip rsvp signalling hello graceful-restart mode help-neighbor command to restart a
neighboring router.
Examples In the following example, graceful restart is enabled:

Router(config)# ip rsvp signalling hello graceful-restart mode help-neighbor

QOS-268

ip rsvp signalling hello Sets the value to control the request interval in graceful restart hello
refresh interval
ip rsvp signalling hello Sets the value to control the missed refresh limit in graceful restart hello
refresh misses

QOS-269
ip rsvp signalling hello graceful-restart neighbor
ip rsvp signalling hello graceful-restart neighbor

a neighboring router, use the ip rsvp signalling hello graceful-restart neighbor command in interface
configuration mode. To disable graceful restart capability, use the no form of this command.
ip rsvp signalling hello graceful-restart neighbor ip-address
no ip rsvp signalling hello graceful-restart neighbor ip-address
Syntax Description ip-address IP address of a neighbor on a given interface.
Command Default No neighboring routers have graceful restart capability enabled until you issue this command.

Usage Guidelines Use the ip rsvp signalling hello graceful-restart neighbor command to enable support for graceful
restart on routers helping their neighbors recover TE tunnels following stateful switchover (SSO).
Note You must issue this command on every interface of the neighboring router that you want to help restart.
Examples The following example configures graceful restart on POS interface 1/0/0 of a neighboring router with
the IP address 10.0.0.1:
Router(config)# interface POS1/0/0
Router(config-if)# ip rsvp signalling hello graceful-restart neighbor 10.0.0.1

ip rsvp signalling hello Enables RSVP-TE graceful restart support capability on an RP.
graceful-restart mode
show ip rsvp hello Displays information about RSVP-TE graceful restart hello messages.
graceful-restart

QOS-270
ip rsvp signalling hello graceful-restart refresh interval

To configure the Resource Reservation Protocol (RSVP) traffic engineering (TE) refresh interval in
graceful restart hello messages, use the ip rsvp signalling hello grateful-restart refresh interval
command in global configuration mode. To set the interval to its default value, use the no form of this
command.
ip rsvp signalling hello graceful-restart refresh interval interval-value
no ip rsvp signalling hello graceful-restart refresh interval
Syntax Description interval-value Frequency, in milliseconds (ms), at which a node sends hello messages to a
neighbor. Valid values are from 1000 to 30000.
Command Default 1000 milliseconds (10 seconds)

Usage Guidelines A node periodically generates a hello message that contains a Hello Request object for all its neighbors.
The frequency of those hello messages is determined by the hello interval.
Note If you change the default value for this command and you are also using the ip rsvp signalling refresh
interval command, ensure that the value for the ip rsvp signalling hello graceful-restart refresh
interval command is less than the value for the ip rsvp signalling refresh interval command.
Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after a stateful
switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling refresh interval
command be twice the value for the ip rsvp signalling hello graceful-restart refresh interval
command.
Examples In the following example, hello requests are sent to a neighbor every 5000 ms:
Router(config)# ip rsvp signalling hello graceful-restart refresh interval 5000

QOS-271

ip rsvp signalling hello Sets the missed refresh limit in graceful restart hello messages.
graceful-restart
refresh misses
ip rsvp signalling Specifies the interval between sending refresh messages for each RSVP
refresh interval state.

QOS-272
ip rsvp signalling hello graceful-restart refresh misses

To specify how many sequential Resource Reservation Protocol (RSVP) traffic engineering (TE)
graceful restart hello acknowledgments (ACKs) a node can miss before the node considers
communication with its neighbor lost, use the ip rsvp signalling hello graceful-restart refresh misses
command in global configuration mode. To return the missed refresh limit to its default value, use the
ip rsvp signalling hello graceful-restart refresh misses msg-count
no ip rsvp signalling hello graceful-restart refresh misses
Syntax Description msg-count The number of sequential hello acknowledgments (ACKs) that a node can
miss before RSVP considers the state expired and tears it down. Valid
Command Default The default number of sequential hello acknowledgments is 4.

12.2(33)SXH This command was integrated into Cisco IOS Release 12.2(33)SXH
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T
Usage Guidelines A hello message comprises a hello message, a Hello Request object, and a Hello ACK object. Each
request is answered by an acknowledgment. If a link is congested or a router has a heavy load, set this
number to a value higher than the default value to ensure that hello does not falsely declare that a
neighbor is down.
Note If you change the default value for this command and you are also using the ip rsvp signalling hello
refresh misses command, ensure that the value for the ip rsvp signalling hello graceful-restart refresh
misses command is less than the value for the ip rsvp signalling hello refresh misses command.
Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after a stateful
switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling hello refresh
misses command be twice the value for the ip rsvp signalling hello graceful-restart refresh misses
command.
Examples In the following example, if the node does not receive five sequential hello acknowledgments, the node
declares that its neighbor is down:

QOS-273
Router(config)# ip rsvp signalling hello graceful-restart refresh misses 5

ip rsvp signalling hello Sets the DSCP value in graceful restart hello messages.
graceful-restart dscp
ip rsvp signalling hello Sets the refresh interval in graceful restart hello messages.
graceful-restart
refresh interval
ip rsvp signalling Specifies the number of successive refresh messages that can be missed
refresh misses before RSVP removes a state from the database.
ip rsvp signalling hello Specifies how many Hello acknowledgments a node can miss in a row
refresh misses before the node considers that communication with its neighbor is down.

QOS-274
ip rsvp signalling hello refresh interval

To configure the Resource Reservation Protocol (RSVP) traffic engineering (TE) hello refresh interval,
use the ip rsvp signalling hello refresh interval command in interface configuration mode. To set the
refresh interval to its default value, use the no form of this command.
ip rsvp signalling hello [fast-reroute] refresh interval interval-value
no ip rsvp signalling hello [fast-reroute] refresh interval

interval-value Frequency, in milliseconds (msec), at which a node sends hello messages to
a neighbor. Valid values are from 1000 to 30000 (1 to 30 seconds).
Note We recommend that you configure a value greater than 200 msec to
avoid a hello message falsely detecting a neighbor down event and
triggering Fast Reroute unnecessarily.
Command Default The default frequency at which a node sends hello messages to a neighbor is 1000 milliseconds (10
seconds).

Usage Guidelines You can configure the hello request interval on a per-interface basis. A node periodically generates a
hello message containing a Hello Request object for each neighbor whose status is being tracked. The
frequency of those hello messages is determined by the hello interval.
If you issue the ip rsvp signalling hello refresh interval command without the optional fast-reroute
keyword, the command applies to Fast Reroute hellos. This command is provided for backward
compatibility; however, we recommend that you use the ip rsvp signalling hello fast-reroute refresh
interval command.
Examples In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by specifying the fast-reroute keyword:

QOS-275
Router(config-if)# ip rsvp signalling hello fast-reroute refresh interval 5000
In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by default:
Router(config-if)# ip rsvp signalling hello refresh interval 5000

ip rsvp signalling hello Sets the DSCP value in hello messages.
dscp
ip rsvp signalling hello Sets the refresh interval in graceful restart hello messages.
graceful-restart fresh
interval
ip rsvp signalling hello Sets the missed refresh limit in hello messages.

QOS-276
ip rsvp signalling hello refresh misses

To specify how many Resource Reservation Protocol (RSVP) traffic engineering (TE) hello
acknowledgments a node can miss in a row before the node considers that communication with its
neighbor is down, use the ip rsvp signalling hello refresh misses command in interface configuration
mode. To return the missed refresh limit to its default value, use the no form of this command.
ip rsvp signalling hello [fast-reroute] refresh misses msg-count
no ip rsvp signalling hello [fast-reroute] refresh misses

msg-count Number of sequential hello acknowledgments that a node can miss before
RSVP considers the state expired and tears it down. Valid values are from 4
to 10.
Command Default The default number of sequential hello acknowledgments is 4.

Usage Guidelines A hello comprises a hello message, a Hello Request object, and a Hello ACK object. Each request is
answered by an acknowledgment. If a link is very congested or a router has a very heavy load, set this
neighbor is down.
If you issue the ip rsvp signalling hello refresh misses command without the optional fast-reroute
keyword, the command applies to Fast Reroute hellos and Fast Reroute capability is enabled by default.
This command is provided for backward compatibility; however, we recommend that you use the ip rsvp
signalling hello fast-reroute refresh misses command.
Examples In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down and Fast Reroute is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute refresh misses 5

QOS-277
In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down and Fast Reroute is enabled by default:
Router(config-if)# ip rsvp signalling hello refresh misses 5

ip rsvp signalling hello Sets the DSCP value in hello messages.
dscp
ip rsvp signalling hello Sets the refresh interval in hello messages.
refresh interval

QOS-278
ip rsvp signalling hello reroute dscp
ip rsvp signalling hello reroute dscp

Reservation Protocol (RSVP) traffic engineering (TE) reroute hello (for state timeout) message sent
from an interface, use the ip rsvp signalling hello reroute dscp command in interface configuration
mode. To set the DSCP value to its default, use the no form of this command.
ip rsvp signalling hello reroute dscp num
no ip rsvp signalling hello reroute dscp
Syntax Description num DSCP value. Valid values are from 0 to 63.

Usage Guidelines If a link is congested, you should set the DSCP to a value higher than 0 to reduce the likelihood that hello
messages get dropped.
You configure the DSCP per interface, not per flow.
The DSCP applies to the RSVP hellos created on a specific interface. You can configure each interface
Examples In the following example, hello messages sent from this interface have a DSCP value of 30:
Router(config-if)# ip rsvp signalling hello reroute dscp 30

ip rsvp signalling hello Sets the hello request interval in reroute hello messages.
reroute refresh
interval
ip rsvp signalling hello Sets the missed refresh limit in reroute hello messages.

QOS-279
ip rsvp signalling hello reroute refresh interval

To configure the Resource Reservation Protocol (RSVP) Traffic Engineering (TE) reroute hello (for state
timeout) refresh interval, use the ip rsvp signalling hello reroute refresh interval command in interface
configuration mode. To set the refresh interval to its default value, use the no form of this command.
ip rsvp signalling hello reroute [fast-reroute] refresh interval interval-value
no ip rsvp signalling hello reroute [fast-reroute] refresh interval

interval-value Frequency, in milliseconds, at which a node sends hello messages to a
neighbor. Valid values are from 1000 to 30000 (1 to 30 seconds).
Command Default The default frequency at which a node sends hello messages to a neighbor is 1000 milliseconds (10
seconds).

Usage Guidelines You can configure the hello request interval on a per-interface basis. A node periodically generates a
hello message containing a Hello Request object for each neighbor whose status is being tracked. The
frequency of those hello messages is determined by the hello interval. For some routers, if you set the
interval to a value less than the default value, CPU usage may be high.
Examples In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute refresh interval 5000
In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by default:
Router(config-if)# ip rsvp signalling hello reroute refresh interval 5000

QOS-280

ip rsvp signalling hello Sets the missed refresh limit in reroute hello messages.

QOS-281
ip rsvp signalling hello reroute refresh misses

To specify how many Resource Reservation Protocol (RSVP) traffic engineering (TE) reroute hello (for
state timeout) acknowledgments (ACKs) a node can miss in a row before the node considers
communication with its neighbor is down, use the ip rsvp signalling hello reroute refresh misses
command in interface configuration mode. To return the missed refresh limit to its default value, use the
ip rsvp signalling hello reroute refresh misses msg-count
no ip rsvp signalling hello reroute refresh misses
Syntax Description msg-count The number of sequential hello acknowledgments (ACKs) that a node can
miss before RSVP considers the state expired and tears it down. Valid
Command Default The default is 4.

Usage Guidelines A hello comprises a hello message, a Hello Request object, and a Hello ACK object. Each request is
answered by an acknowledgment. If a link is very congested or a router has a very heavy load, set this
neighbor is down.
Examples In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down:
Router(config-if)# ip rsvp signalling hello reroute refresh misses 5

QOS-282

ip rsvp signalling hello Sets the DSCP value in reroute hello messages.
reroute dscp
ip rsvp signalling hello Sets the refresh interval in reroute hello messages.
reroute refresh
interval

QOS-283
ip rsvp signalling hello statistics

To enable hello statistics on a router, use the ip rsvp signalling hello statistics command in global
configuration mode. To disable hello statistics on a router, use the no form of this command.
no ip rsvp signalling hello statistics
Command Default No hello statistics are enabled.

Examples In the following example, hello statistics are enabled on a router:

Router(config)# ip rsvp signalling hello statistics

clear ip rsvp hello instance statistics Clears Hello statistics for an instance.
ip rsvp signalling hello (configuration) Enables Hello globally on the router.
show ip rsvp hello statistics Displays how long Hello packets have been in the Hello
input queue.

QOS-284
ip rsvp signalling initial-retransmit-delay
ip rsvp signalling initial-retransmit-delay

To configure the minimum amount of time that a Resource Reservation Protocol (RSVP)-configured
router waits for an acknowledgment (ACK) message before retransmitting the same message, use the ip
rsvp signalling initial-retransmit-delay command in global configuration mode. To reset the delay
value to its default, use the no form of this command.
ip rsvp signalling initial-retransmit-delay delay-value
no ip rsvp signalling initial-retransmit-delay
Syntax Description delay-value Minimum amount of time that a router waits for an ACK message before the
first retransmission of the same message. The delay value ranges from 500
to 30,000 milliseconds (ms).
Defaults The default value is 1000 ms (1.0 sec).

Usage Guidelines Use the ip rsvp signalling initial-retransmit-delay command to configure the minimum amount of time
that a router waits for an ACK message before retransmitting the same message.
If an ACK is not received for a state, the first retransmit occurs after the initial retransmit interval. If no
ACK is received after the first retransmit, a second retransmit occurs. The message continues to be
retransmitted, with the gap between successive retransmits being twice the previous interval, until an
ACK is received. Then the message drops into normal refresh schedule if it needs to be refreshed (Path
and Resv messages), or is processed (Error or Tear messages). If no ACK is received after five
retransmits, the message is discarded as required.
Examples The following command shows how to set the initial-retransmit-delay to 2 seconds:
Router(config)# ip rsvp signalling initial-retransmit-delay 2000
The following command shows how to reset the initial-retransmit-delay to the default (1.0 sec):
Router(config)# no ip rsvp signalling initial-retransmit-delay

QOS-285
ip rsvp signalling patherr state-removal

To reduce the amount of Resource Reservation Protocol (RSVP) traffic messages in a network, use the
ip rsvp signalling patherr state-removal command in global configuration mode. To disable this
function, use the no form of this command.
ip rsvp signalling patherr state-removal [neighbor acl]
no ip rsvp signalling patherr state-removal
Syntax Description neighbor (Optional) Adjacent routers that are part of a particular traffic engineering
tunnel.
acl (Optional) A simple access list with values from 1 to 99.
Defaults Disabled

Usage Guidelines Use the ip rsvp signalling patherr state-removal command to allow routers to delete Path state
automatically when forwarding a PathError message, thereby eliminating the need for a subsequent
PathTear message.
This command is most effective when all network nodes support this feature. All nodes need to have the
latest version of Cisco IOS software configured.
This command applies only to label-switched path (LSP) flows.
Examples The following command shows how to enable ip rsvp signalling patherr state-removal:
Router(config)# ip rsvp signalling patherr state-removal
The following command shows how to disable ip rsvp signalling patherr state-removal:
Router(config)# no ip rsvp signalling patherr state-removal

QOS-286
The following command shows how to enable ip rsvp signalling patherr state-removal based on an
access control list (ACL):
Router(config)# ip rsvp signalling patherr state-removal neighbor 98
The following command shows how to disable ip rsvp signalling patherr state-removal based on an
ACL:
Router(config)# no ip rsvp signalling patherr state-removal neighbor 98

QOS-287
ip rsvp signalling rate-limit

To control the transmission rate for Resource Reservation Protocol (RSVP) messages sent to a
neighboring router during a specified amount of time, use the ip rsvp signalling rate-limit command in
global configuration mode. To disable this function, use the no form of this command.
Syntax for T Releases Prior to Cisco IOS Release 12.4(20)T
ip rsvp signalling rate-limit [burst number] [maxsize bytes] [period ms]
no ip rsvp signalling rate-limit
Syntax for Cisco IOS 12.0S Releases, 12.2S Releases, and Release 12.4()20)T and Later T Releases
ip rsvp signalling rate-limit [burst number] [limit number] [maxsize bytes] [period ms]
no ip rsvp signalling rate-limit
Syntax Description burst number (Optional) Maximum number of RSVP messages sent to a neighboring
router during each interval. The range is from 1 to 5000. The default is 8.
maxsize bytes (Optional) Maximum size of the message queue, in bytes. The range is from
1 to 5000. The default is 2000.
period ms (Optional) Length of the interval (time frame) in milliseconds (ms). The
range is from 10 to 5000. The default is 20.
limit number (Optional) Maximum number of messages to send per queue interval when
the number of messages sent is less than the number of messages to be sent
normally. The range is from 1 to 5000. The default is 37.
Command Default If you do not enter this command, the default values are used.

12.2(13)T This command was introduced. This command replaces the ip rsvp
msg-pacing command.
12.0(24)S The limit keyword was added and this command was integrated into
Cisco IOS Release 12.0(24)S.
12.0(29)S The burst and maxsize keyword default arguments were increased to 8
messages and 2000 bytes, respectively.

QOS-288
Usage Guidelines Use the ip rsvp signalling rate-limit command to prevent a burst of RSVP traffic engineering signaling
messages from overflowing the input queue of a receiving router, which would cause the router to drop
some messages. Dropped messages substantially delay the completion of signaling.
This command replaces the ip rsvp msg-pacing command.
Examples The following command shows how 6 messages with a message queue of 500 bytes are sent every 10 ms
to any neighboring router:
Router(config)# ip rsvp signalling rate-limit period 10 burst 6 maxsize 500

debug ip rsvp rate-limit Displays debug messages for RSVP rate-limiting events.

QOS-289
ip rsvp signalling refresh interval

To specify the interval between sending refresh messages for each Resource Reservation Protocol
(RSVP) state, use the ip rsvp signalling refresh interval command in global configuration mode. To
set the interval to its default value, use the no form of the command.
ip rsvp signalling refresh interval interval-value
no ip rsvp signalling refresh interval
Syntax Description interval-value Time between sending refreshes for each RSVP state. Specified in
milliseconds and ranges from 5000 to 4294967295 milliseconds; default
value is 30000 milliseconds (30 seconds).
Command Default 30 seconds

12.2(33)SRB This feature was integrated into Cisco IOS Release 12.2(33)SRB.
Usage Guidelines Use the ip rsvp signalling refresh interval command to specify the interval between sending refresh
messages for each RSVP state.
The RSVP protocol relies on a soft-state mechanism to maintain state consistency in the face of network
losses. This mechanism is based on continuous refresh messages to keep a state current. Each RSVP
router is responsible for sending periodic refresh messages to its neighbors.
graceful-restart refresh interval command, ensure that the value for the ip rsvp signalling hello
graceful-restart refresh interval command is less than the value for the ip rsvp signalling refresh
interval command. Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after
a stateful switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling
refresh interval command be twice the value for the ip rsvp signalling hello graceful-restart refresh
interval command.
Examples The following example specifies a refresh interval of 60000 milliseconds (60 seconds):
Router(config)# ip rsvp signalling refresh interval 60000

QOS-290
The following example returns the refresh interval to the default value of 30 seconds:
Router(config)# no ip rsvp signalling refresh interval

ip rsvp signalling Specifies the number of successive refresh messages that can be missed
refresh misses before RSVP removes a state from the database.

QOS-291
ip rsvp signalling refresh misses

To specify the number of successive refresh messages that can be missed before Resource Reservation
Protocol (RSVP) removes a state from the database, use the ip rsvp signalling refresh misses command
in global configuration mode. To return the missed refresh limit to its default value, use the no form of
this command.
ip rsvp signalling refresh misses msg-count
no ip rsvp signalling refresh misses
Syntax Description msg-count Number of successive refresh messages that can be missed before RSVP
considers the state expired and tears it down. Range is 2 to 10.
Command Default 4 messages

12.2(33)SRB This feature was integrated into Cisco IOS Release 12.2(33)SRB.
Usage Guidelines Use the ip rsvp signalling refresh misses command to specify the number of successive refresh
messages that can be missed before RSVP regards the router state as expired and removes that state from
the database.
graceful-restart refresh misses command, ensure that the value for the ip rsvp signalling hello
graceful-restart refresh misses command is less than the value for the ip rsvp signalling refresh
misses command. Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after
a stateful switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling
refresh misses command be twice the value for the ip rsvp signalling hello graceful-restart refresh
misses command.
Examples The following example specifies a missed refresh limit of 6 messages:

Router(config)# ip rsvp signalling refresh misses 6

QOS-292
The following example returns the refresh misses limit to the default value of 4:
Router(config)# no ip rsvp signalling refresh misses

ip rsvp signalling Specifies the interval between sending refresh messages for each RSVP
refresh interval state.

QOS-293
ip rsvp signalling refresh reduction

To enable Resource Reservation Protocol (RSVP) refresh reduction, use the ip rsvp signalling refresh
reduction command in global configuration mode. To disable refresh reduction, use the no form of this
command.
no ip rsvp signalling refresh reduction
Defaults Disabled

Usage Guidelines RSVP refresh reduction is a set of extensions to reduce the messaging load imposed by RSVP and to
help it scale to support larger numbers of flows.
The following features of the refresh reduction standard (RFC 2961) are supported and will be turned on
with this command:
• Setting the refresh-reduction-capable bit in message headers
• Message-Identifier (ID) usage
• Reliable messaging with rapid retransmit, acknowledgement (ACK) messages, and MESSAGE_ID
objects
• Summary refresh extension
• Bundle messages (reception only)
Refresh reduction requires the cooperation of the neighbor to operate; for this purpose, the neighbor
must also support the standard. If the router detects that a directly connected neighbor is not supporting
the refresh reduction standard (either through observing the refresh-reduction-capable bit in messages
received from the next hop, or by sending a MESSAGE_ID object to the next hop and receiving an error),
refresh reduction will not be used on this link irrespective of this command.
Examples The following command shows how to enable RSVP refresh reduction:
Router(config)# ip rsvp signalling refresh reduction
The following command shows how to disable RSVP refresh reduction:

Router(config)# no ip rsvp signalling refresh reduction

QOS-294

show ip rsvp signalling Displays refresh-reduction parameters for RSVP messages.
refresh reduction

QOS-295
ip rsvp signalling refresh reduction ack-delay
ip rsvp signalling refresh reduction ack-delay

To configure the maximum amount of time that a Resource Reservation Protocol (RSVP)-configured
router holds on to an acknowledgment (ACK) message before sending it, use the ip rsvp signalling
refresh reduction ack-delay command in global configuration mode. To reset the ack-delay value to its
ip rsvp signalling refresh reduction ack-delay delay-value
no ip rsvp signalling refresh reduction ack-delay
Syntax Description delay-value Maximum amount of time that a router holds on to an ACK message before
sending it. Values range from 100 to 10000 milliseconds (ms).
Defaults The default value is 250 ms (0.25 sec).

Usage Guidelines Use the ip rsvp signalling refresh reduction ack-delay command to configure the maximum amount
of time that an RSVP-configured router keeps an ACK message before sending it.
Examples The following command shows how to set the ack-delay value to 1 second:
Router(config)# ip rsvp signalling refresh reduction ack-delay 1000
The following command shows how to set the ack-delay value to the default value:
Router(config)# no ip rsvp signalling refresh reduction ack-delay

QOS-296
ip rsvp source
ip rsvp source
To configure a Resource Reservation Protocol (RSVP) router to populate an address other than the native
interface address in the previous hop (PHOP) address field of the PHOP object when forwarding a PATH
message onto that interface, use the ip rsvp source command in interface configuration mode. To keep
the native interface address in the PHOP field, use the no form of this command.
ip rsvp source {address ip-address | interface type number}
no ip rsvp source
Syntax Description address ip-address IP address for the PHOP address field.
interface type number Interface type and number for the PHOP address field.
Command Default No additional addresses or interfaces are configured.

Examples The following example configures IP address 10.1.3.13 for the PHOP address field:
Router(config-if)# ip rsvp bandwidth
Router(config-if)# ip rsvp source address 10.1.3.13
The following example configures loopback interface 0 for the PHOP address field:
Router(config-if)# ip rsvp bandwidth
Router(config-if)# ip rsvp source interface loopback 0

QOS-297
ip rsvp source

show ip rsvp interface Displays RSVP-related information.

QOS-298
ip rsvp svc-required
To enable creation of a switched virtual circuit (SVC) to service any new Resource Reservation Protocol
(RSVP) reservation made on the interface or subinterface of an Enhanced ATM port adapter (PA-A3),
use the ip rsvp svc-required command in interface configuration mode. To disable SVC creation for
RSVP reservations, use the no form of this command.
no ip rsvp svc-required

Usage Guidelines This command applies exclusively to the RSVP-ATM QoS Interworking feature.
Usually reservations are serviced when RSVP classifies packets and a queueing mechanism schedules
them for transmission to manage congestion. Traditionally, RSVP is used with weighted fair queueing
(WFQ). When RSVP is coupled with WFQ, all of the packets visible to WFQ are also visible to RSVP,
which allows RSVP to identify and take action on packets important to it. In this case, WFQ provides
bandwidth guarantees.
However, when the ip rsvp svc-required command is used to configure an interface or subinterface, a
new SVC is established and used to service each new reservation on the interface. ATM SVCs are used
to provide bandwidth guarantees and NetFlow is used on input interfaces to make data packets visible to
RSVP.
Note When RSVP is enabled, all packets are processed by the Route Switch Processor (RSP).
This command must be executed on both ends of an SVC driven by RSVP. This command is supported
only for the Enhanced ATM port adapter (PA-A3) and its subinterfaces.

QOS-299
Note For this command to take effect, NetFlow must be enabled. Therefore, the ip route-cache flow command
must precede this command in the configuration.
Use the show ip rsvp interface command to determine whether this command is in effect for any
interface or subinterface.
Examples The following example signals RSVP that reservations made on ATM interface 2/0/0 will be serviced by
creation of an SVC:
interface atm2/0/0

ip route-cache flow Enables NetFlow switching for IP routing.
ip rsvp Sets a limit on the peak cell rate of reservations for all newly created RSVP
atm-peak-rate-limit SVCs established on the current interface or any of its subinterfaces.
ip rsvp precedence Allows you to set the IP Precedence values to be applied to packets that
either conform to or exceed the RSVP flowspec.

QOS-300
ip rsvp tos
ip rsvp tos
To enable the router to mark the five low-order type of service (ToS) bits of the IP header ToS byte for
packets in a Resource Reservation Protocol (RSVP) reserved path using the specified values for traffic
that either conforms to or exceeds the RSVP flowspec, use the ip rsvp tos command in interface
configuration mode. To remove existing settings for the ToS bits, use the no form of this command; if
neither the conform nor exceed keyword is specified, all settings for the ToS bits are removed.
ip rsvp tos {conform tos-value} {exceed tos-value}
no ip rsvp tos [conform] [exceed]
Syntax Description conform tos-value Specifies a ToS value in the range from 0 to 31 for traffic that conforms to
the RSVP flowspec. The ToS value is written to the five low-order bits (bits
0 to 4) of the ToS byte in the IP header of a packet. Either the conform or
exceed keyword is required; both keywords may be specified.
When used with the no form of the command, the conform keyword is
optional.
exceed tos-value (Optional) Specifies a ToS value in the range from 0 to 31 for traffic that
exceeds the RSVP flowspec. The ToS byte value is written to the five
low-order bits (bits 0 to 4) of the ToS byte in the IP header of a packet. Either
the conform or exceed keyword is required; both keywords may be
specified.
When used with the no form of the command, the exceed keyword is
optional.
Command Default The ToS bits of the ToS byte are left unmodified when this command is not used. (The default behavior
is equivalent to use of the no ip rsvp tos command.)

Usage Guidelines Packets in an RSVP reserved path are divided into two classes: those that conform to the reservation
flowspec and those that correspond to a reservation but that exceed, or are outside, the reservation
flowspec.

QOS-301
ip rsvp tos
The ip rsvp tos command allows you to set the ToS values to be applied to packets belonging to these
two classes. You must specify the ToS value for at least one class of traffic when you use this command.
You can use a single instance of the command to specify values for both classes, in which case you can
specify the conform and exceed keywords in either order.
As part of its input processing, RSVP uses the ip rsvp tos command configuration to set the ToS bits of
the ToS byte on conforming and nonconforming packets. If per-virtual circuit (VC) VIP-distributed
Weighted Random Early Detection (DWRED) is configured, the system uses the ToS bit and IP
Precedence bit settings on the output interface in its packet drop process. The ToS bit and IP Precedence
bit settings of a packet can also be used by interfaces on downstream routers.
Execution of the ip rsvp tos command causes ToS bit values for all preexisting reservations on the
interface to be modified.
Note RSVP must be enabled on an interface before you can use this command; that is, use of the ip rsvp
bandwidth command must precede use of the ip rsvp tos command. RSVP cannot be configured with
VIP-distributed Cisco Express Forwarding (dCEF).
Note The ip rsvp tos command sets bits 0 to 4 so that in combination with the IP Precedence bit settings every
bit in the ToS byte is set. Use of these bits is made with full knowledge of the fact that certain canonical
texts that address the ToS byte specify that only bits 1 to 4 are used as the ToS bits.
RSVP receives packets from the underlying forwarding mechanism. Therefore, to use the ip rsvp tos
command to set the ToS bits, one of the following features is required:
• Weighted fair queueing (WFQ) must be enabled on the interface.
• RSVP switched virtual circuits (SVCs) must be used.
• NetFlow must be configured to assist RSVP.
Note Use of the no form of this command is not equivalent to giving the ip rsvp tos 0 command, which sets
all precedence on the packets to 0, regardless of previous precedence setting.
Examples The following example sets the ToS bits value to 4 for all traffic on ATM interface 1 that conforms to
the RSVP flowspec. ToS bits on packets exceeding the flowspec are not altered.
interface atm1
ip rsvp tos conform 4

ip rsvp flow-assist Enables RSVP to attach itself to NetFlow so that it can leverage NetFlow
services.
ip rsvp policy cops Lowers the COPS server’s load and improves latency times for messages on
minimal the governed router.
show ip rsvp Displays the IP Precedence and ToS bit values to be applied to packets that
either conform to or exceed the RSVP flowspec for a given interface.

QOS-302
ip rsvp udp-multicasts
To instruct the router to generate User Datagram Protocol (UDP)-encapsulated Resource Reservation
Protocol (RSVP) multicasts whenever it generates an IP-encapsulated multicast packet, use the ip rsvp
udp-multicasts command in interface configuration mode. To disable this function, use the no form of
this command.
ip rsvp udp-multicasts [multicast-address]
no ip rsvp udp-multicasts [multicast-address]
Syntax Description multicast-address (Optional) Host name or UDP multicast address of router.
Command Default The generation of UDP multicasts is disabled. If a system sends a UDP-encapsulated RSVP message to
the router, the router begins using UDP for contact with the neighboring system. The router uses
multicast address 224.0.0.14 and starts sending to UDP port 1699. If the command is entered with no
specifying multicast address, the router uses the same multicast address.

Usage Guidelines Use this command to instruct a router to generate UDP-encapsulated RSVP multicasts whenever it
generates an IP-encapsulated multicast packet. Some hosts require this trigger from the router.
RSVP cannot be configured with VIP-distributed Cisco Express Forwarding (dCEF).
Examples The following example reserves up to 7500 kbps on Ethernet interface 2, with up to 1 Mbps per flow.
The router is configured to use UDP encapsulation with the multicast address 224.0.0.14.
interface ethernet 2
ip rsvp bandwidth 7500 1000
ip rsvp udp-multicasts 224.0.0.14

QOS-303

messages.
ip rsvp sender Enables a router to simulate receiving and forwarding RSVP PATH
messages.

QOS-304
ip rtp compression-connections
To specify the total number of Real-Time Transport Protocol (RTP) header compression connections that
can exist on an interface, use the ip rtp compression-connections command in interface configuration
mode. To restore the default value, use the no form of this command.
ip rtp compression-connections number
no ip rtp compression-connections
Syntax Description number Number of RTP header compression connections the cache supports, in the
Command Default For PPP and High-Level Data Link Control (HDLC) interfaces, the default is 16 compression
connections.
For Frame Relay interfaces, the default is 256 compression connections.

12.0(7)T For PPP and HDLC interfaces, the maximum number of compression
connections increased from 256 to 1000.
For Frame Relay interfaces, the maximum number of compression connections
increased from 32 to 256. The default number of compression connections was
increased from 32 (fixed) to 256 (configurable).
12.1(4)E This command was implemented on the Cisco 7100 series.
Usage Guidelines You should configure one connection for each RTP call through the specified interface.
Each connection sets up a compression cache entry, so you are in effect specifying the maximum number
of cache entries and the size of the cache. Too few cache entries for the specified interface can lead to
degraded performance, and too many cache entries can lead to wasted memory.
Note Both ends of the serial connection must use the same number of cache entries.

QOS-305
Examples The following example changes the number of RTP header compression connections supported to 150:
Router> enable
Router(config-if)# ip rtp header-compression
Router(config-if)# ip rtp compression-connections 150

ip rtp header-compression Enables RTP header compression.
show ip rtp header-compression Displays RTP header compression statistics.

QOS-306
ip rtp header-compression
To enable Real-Time Transport Protocol (RTP) header compression, use the ip rtp header-compression
command in interface configuration mode. To disable RTP header compression, use the no form of this
command.
ip rtp header-compression [passive | iphc-format | ietf-format] [periodic-refresh]
no ip rtp header-compression [passive | iphc-format | ietf-format] [periodic-refresh]
Syntax Description passive (Optional) Compresses outgoing RTP packets only if incoming RTP packets on
the same interface are compressed. If you do not specify the passive keyword, all
RTP packets are compressed.
iphc-format (Optional) Indicates that the IP Header Compression (IPHC) format of header
compression will be used.
ietf-format (Optional) Indicates that the Internet Engineering Task Force (IETF) format of
header compression will be used.
periodic-refresh (Optional) Indicates that the compressed IP header will be refreshed periodically.

For PPP interfaces, the default format for header compression is the IPHC format.
For High-Level Data Link Control (HDLC) and Frame Relay interfaces, the default format for header
compression is the original proprietary Cisco format. The maximum number of compression connections
for the proprietary Cisco format is 256.

12.0 This command was integrated into Cisco IOS Release 12.0. This command was
modified to include the iphc-format keyword.
was modified to include the periodic-refresh keyword.
12.3(4)T This command was modified to include the ietf-format keyword.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support in a
specific 12.2SX release of this train depends on your feature set, platform, and
platform hardware.

QOS-307
Usage Guidelines You can compress IP/User Datagram Protocol (UDP)/RTP headers to reduce the size of your packets.
Compressing headers is especially useful for RTP because RTP payload size can be as small as 20 bytes,
and the uncompressed header is 40 bytes.
The passive Keyword

By default, the ip rtp header-compression command compresses outgoing RTP traffic. If you specify
the passive keyword, outgoing RTP traffic is compressed only if incoming RTP traffic on the same
interface is compressed. If you do not specify the passive keyword, all outgoing RTP traffic is
compressed.
The passive keyword is ignored on PPP interfaces. PPP interfaces negotiate the use of
header-compression, regardless of whether the passive keyword is specified. Therefore, on PPP
interfaces, the passive keyword is replaced by the IPHC format, the default format for PPP interfaces.
The iphc-format Keyword

The iphc-format keyword indicates that the IPHC format of header compression that will be used. For
PPP and HDLC interfaces, when the iphc-format keyword is specified, TCP header compression is also
enabled. For this reason, the ip tcp header-compression command appears in the output of the show
running-config command. Since both RTP header compression and TCP header compression are
enabled, both UDP packets and TCP packets are compressed.
The iphc-format keyword includes checking whether the destination port number is even and is in the
ranges of 16,385 to 32,767 (for Cisco audio) or 49,152 to 65,535 (for Cisco video). Valid RTP packets
that meet the criteria (that is, the port number is even and is within the specified range) are compressed
using the compressed RTP packet format. Otherwise, packets are compressed using the less-efficient
compressed non-TCP packet format.
The iphc-format keyword is not available for interfaces that use Frame Relay encapsulation.
Note The header compression format (in this case, IPHC) must be the same at both ends of the network. That
is, if you specify the iphc-format keyword on the local router, you must also specify the iphc-format
keyword on the remote router.
The ietf-format Keyword

The ietf-format keyword indicates that the IETF format of header compression will be used. For HDLC
interfaces, the ietf-format keyword compresses only UDP packets. For PPP interfaces, when the
ietf-format keyword is specified, TCP header compression is also enabled. For this reason, the ip tcp
header-compression command appears in the output of the show running-config command. Since both
RTP header compression and TCP header compression are enabled, both UDP packets and TCP packets
are compressed.
With the ietf-format keyword, any even destination port number higher than 1024 can be used. Valid
RTP packets that meet the criteria (that is, the port number is even and is higher than 1024) are
compressed using the compressed RTP packet format. Otherwise, packets are compressed using the
less-efficient compressed non-TCP packet format.
The ietf-format keyword is not available for interfaces that use Frame Relay encapsulation.
Note The header compression format (in this case, IETF) must be the same at both ends of the network. That
is, if you specify the ietf-format keyword on the local router, you must also specify the ietf-format

QOS-308
Support for Serial Lines

RTP header compression is supported on serial lines using Frame Relay, HDLC, or PPP encapsulation.
You must enable compression on both ends of a serial connection.
Unicast or Multicast RTP Packets

This command can compress unicast or multicast RTP packets, and, hence, multicast backbone
(MBONE) traffic can also be compressed over slow links. The compression scheme is beneficial only
when you have small payload sizes, as in audio traffic.
Custom or Priority Queueing

When you use the ip rtp header-compression command and configure custom or priority queueing on
an encapsulated HDLC or Frame Relay interface, the compressed packets may go to the default queue
instead of the user-defined queue, which results in protocol flaps (loss of keepalives). Therefore, we
recommend that you use the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC)
model for configuring QoS features.
Examples The following example enables RTP header compression on the Serial1/0 interface and limits the number
of RTP header compression connections to 10. In this example, the optional iphc-format keyword of the
ip rtp header-compression command is specified.
Router> enable
Router(config-if)# ip rtp header-compression iphc-format
The following example enables RTP header compression on the Serial2/0 interface and limits the number
of RTP header compression connections to 20. In this example, the optional ietf-format keyword of the
ip rtp header-compression command is specified.
Router> enable
Router(config-if)# ip rtp header-compression ietf-format
In the following example, RTP header compression is enabled on the Serial1/0 interface and the optional
periodic-refresh keyword of the ip rtp header-compression command is specified:
Router> enable
Router(config-if)# ip rtp header-compression iphc-format periodic-refresh

QOS-309

clear ip rtp header-compression Clears RTP header compression structures and statistics.
ip rtp compression-connections Specifies the total number of RTP header compression
connections that can exist on an interface.
show ip rtp header-compression Displays RTP header compression statistics.
show running-config Displays the contents of the currently running
configuration file or the configuration for a specific
interface, or map class information.

QOS-310
ip rtp priority
ip rtp priority
To reserve a strict priority queue for a set of Real-Time Transport Protocol (RTP) packet flows belonging
to a range of User Datagram Protocol (UDP) destination ports, use the ip rtp priority command in
interface configuration mode. To disable the strict priority queue, use the no form of this command.
ip rtp priority starting-rtp-port-number port-number-range bandwidth
no ip rtp priority
Syntax Description starting-rtp-port-number The starting RTP port number. The lowest port number to which the
packets are sent. The port number can be a number from 2000
to 65,535.
port-number-range The range of UDP destination ports. Number, when added to the
starting-rtp-port-number argument, that yields the highest UDP port
number. The range of UDP destination ports is from 0 to 16,383.
bandwidth Maximum allowed bandwidth, in kbps. The maximum allowed
bandwidth is from 0 to 2000.

Usage Guidelines This command is most useful for voice applications, or other applications that are delay-sensitive.
This command extends and improves on the functionality offered by the ip rtp reserve command by
allowing you to specify a range of UDP/RTP ports whose voice traffic is guaranteed strict priority service
over any other queues or classes using the same output interface. Strict priority means that if packets
exist in the priority queue, they are dequeued and sent first—that is, before packets in other queues are
dequeued. We recommend that you use the ip rtp priority command instead of the ip rtp reserve
command for voice configurations.
This command can be used in conjunction with either weighted fair queueing (WFQ) or class-based
WFQ (CBWFQ) on the same outgoing interface. In either case, traffic matching the range of ports
specified for the priority queue is guaranteed strict priority over other CBWFQ classes or WFQ flows;
voice packets in the priority queue are always serviced first.

QOS-311
ip rtp priority
Remember the following guidelines when using the ip rtp priority command:
• When used in conjunction with WFQ, the ip rtp priority command provides strict priority to voice,
and WFQ scheduling is applied to the remaining queues.
• When used in conjunction with CBWFQ, the ip rtp priority command provides strict priority to
voice. CBWFQ can be used to set up classes for other types of traffic (such as Systems Network
Architecture [SNA]) that need dedicated bandwidth and need to be treated better than best effort and
not as strict priority; the nonvoice traffic is serviced fairly based on the weights assigned to the
enqueued packets. CBWFQ can also support flow-based WFQ within the default CBWFQ class if
so configured.
Remember the following guidelines when configuring the bandwidth argument:
• It is always safest to allocate to the priority queue slightly more than the known required amount of
bandwidth, to allow room for network bursts.
• The IP RTP Priority admission control policy takes RTP header compression into account.
Therefore, while configuring the bandwidth argument of the ip rtp priority command you need to
configure only for the bandwidth of the compressed call. Because the bandwidth argument is the
maximum total bandwidth, you need to allocate enough bandwidth for all calls if there will be more
than one call.
• Configure a bandwidth that allows room for Layer 2 headers. The bandwidth allocation takes into
account the payload plus the IP, UDP, and RTP headers but does not account for Layer 2 headers.
Allowing 25 percent bandwidth for other overhead is conservative and safe.
• The sum of all bandwidth allocation for voice and data flows on an interface cannot exceed
75 percent of the total available bandwidth, unless you change the default maximum reservable
bandwidth. To change the maximum reservable bandwidth, use the max-reserved-bandwidth
command on the interface.
For more information on IP RTP Priority bandwidth allocation, refer to the section “IP RTP Priority” in
the chapter “Congestion Management Overview” in the Cisco IOS Quality of Service Solutions
Examples The following example first defines a CBWFQ configuration and then reserves a strict priority queue
with the following values: a starting RTP port number of 16384, a range of 16383 UDP ports, and a
maximum bandwidth of 40 kbps:
! The following commands define a class map:
class-map class1
exit
! The following commands create and attach a policy map:

policy-map policy1
class class1
bandwidth 3000
queue-limit 30
random-detect
random-detect precedence 0 32 256 100
exit
interface Serial1
service-policy output policy1
! The following command reserves a strict priority queue:

ip rtp priority 16384 16383 40

QOS-312
ip rtp priority

fair queue (WFQ) Enables WFQ for an interface.
frame-relay ip rtp priority Reserves a strict priority queue on a Frame Relay PVC for a set
of RTP packet flows belonging to a range of UDP destination
ports.
ip rtp reserve Reserves a special queue for a set of RTP packet flows
belonging to a range of UDP destination ports.
max-reserved-bandwidth Changes the percent of interface bandwidth allocated for
CBWFQ, LLQ, and IP RTP Priority.
ppp multilink Enables MLP on an interface and, optionally, enables dynamic
bandwidth allocation.
ppp multilink fragment-delay Configures a maximum delay allowed for transmission of a
packet fragment on an MLP bundle.
ppp multilink interleave Enables interleaving of RTP packets among the fragments of
larger packets on an MLP bundle.
service-policy Attaches a policy map to an input interface or VC, or an output
interface or VC, to be used as the service policy for that
interface or VC.
interface or VC.

QOS-313
ip tcp compression-connections
To specify the total number of Transmission Control Protocol (TCP) header compression connections
that can exist on an interface, use the ip tcp compression-connections command in interface
configuration mode. To restore the default, use the no form of this command.
ip tcp compression-connections number
no ip tcp compression-connections
Syntax Description number Number of TCP header compression connections the cache supports, in the
Command Default For PPP and High-Level Data Link Control (HDLC) interfaces, the default is 16 compression
connections.
For Frame Relay interfaces, the default is 256 compression connections.

12.0(7)T For Frame Relay interfaces, the maximum number of compression connections
increased from 32 to 256. The default number of compression connections was
increased from 32 (fixed) to 256 (configurable).
a specific 12.2SX release of this train depends on your feature set, platform, and
platform hardware.
Usage Guidelines You should configure one connection for each TCP connection through the specified interface.
Each connection sets up a compression cache entry, so you are in effect specifying the maximum number
of cache entries and the size of the cache. Too few cache entries for the specified interface can lead to
degraded performance, and too many cache entries can lead to wasted memory.
Note Both ends of the serial connection must use the same number of cache entries.

QOS-314
Examples The following example sets the first serial interface for header compression with a maximum of ten
cache entries:
Router> enable
Router(config-if)# ip tcp header-compression
Router(config-if)# ip tcp compression-connections 10

ip tcp header-compression Enables TCP header compression.
show ip tcp header-compressions Displays TCP header compression statistics.

QOS-315
ip tcp header-compression
To enable Transmission Control Protocol (TCP) header compression, use the ip tcp
header-compression command in interface configuration mode. To disable compression, use the no
ip tcp header-compression [passive | iphc-format | ietf-format]
no ip tcp header-compression [passive | iphc-format | ietf-format]
Syntax Description passive (Optional) Compresses outgoing TCP packets only if incoming TCP packets
on the same interface are compressed. If you do not specify the passive
keyword, all TCP packets are compressed.
iphc-format (Optional) Indicates that the IP Header Compression (IPHC) format of header
compression will be used.
ietf-format (Optional) Indicates that the Internet Engineering Task Force (IETF) format
of header compression will be used.

For PPP interfaces, the default format for header compression is the IPHC format.
For High-Level Data Link Control (HDLC) and Frame Relay interfaces, the default format is as
described in RFC 1144, Compressing TCP/IP Headers for Low-Speed Serial Links.

12.0 This command was integrated into Cisco IOS Release 12.0. This command
was modified to include the iphc-format keyword.
command was modified to include the ietf-format keyword.
Support in a specific 12.2SX release of this train depends on your feature
set, platform, and platform hardware.
Usage Guidelines You can compress the headers of your TCP/IP packets in order to reduce the size of your packets. TCP
header compression is supported on serial lines using Frame Relay, HDLC, or PPP encapsulation. You
must enable compression on both ends of a serial connection. Compressing the TCP header can speed
up Telnet connections dramatically.

QOS-316
In general, TCP header compression is advantageous when your traffic consists of many small packets,
not for traffic that consists of large packets. Transaction processing (usually using terminals) tends to
use small packets and file transfers use large packets. This feature only compresses the TCP header, so
it has no effect on User Datagram Protocol (UDP) packets or other protocol headers.
The passive Keyword

By default, the ip tcp header-compression command compresses outgoing TCP traffic. If you specify
the passive keyword, outgoing TCP traffic is compressed only if incoming TCP traffic on the same
interface is compressed. If you do not specify the passive keyword, all outgoing TCP traffic is
compressed.
For PPP interfaces, the passive keyword is ignored. PPP interfaces negotiate the use of
header-compression, regardless of whether the passive keyword is specified. Therefore, on PPP
interfaces, the passive keyword is replaced by the IPHC format, the default format for PPP interfaces.
The iphc-format Keyword

The iphc-format keyword indicates that the IPHC format of header compression will be used. For PPP
and HDLC interfaces, when the iphc-format keyword is specified, Real-Time Transport Protocol (RTP)
header compression is also enabled. For this reason, the ip rtp header-compression command appears
in the output of the show running-config command. Since both TCP header compression and RTP
header compression are enabled, both TCP packets and UDP packets are compressed.
The iphc-format keyword is not available for interfaces that use Frame Relay encapsulation.
Note The header compression format (in this case, IPHC) must be the same at both ends of the network. That
is, if you specify the iphc-format keyword on the local router, you must also specify the iphc-format
The ietf-format Keyword

The ietf-format keyword indicates that the IETF format of header compression will be used. For HDLC
interfaces, the ietf-format keyword compresses only TCP packets. For PPP interfaces, when the
ietf-format keyword is specified, RTP header compression is also enabled. For this reason, the ip rtp
header-compression command appears in the output of the show running-config command. Since both
TCP header compression and RTP header compression are enabled, both TCP packets and UDP packets
are compressed.
The ietf-format keyword is not available for interfaces that use Frame Relay encapsulation.
Note The header compression format (in this case, IETF) must be the same at both ends of the network. That
is, if you specify the ietf-format keyword on the local router, you must also specify the ietf-format
Examples The following example sets the first serial interface for header compression with a maximum of ten
cache entries:
Router> enable
Router(config-if)# ip tcp header-compression

QOS-317
The following example enables RTP header compression on the Serial1/0.0 subinterface and limits the
number of RTP header compression connections to 10. In this example, the optional iphc-format
keyword of the ip tcp header-compression command is specified.
Router> enable
Router(config-if)# ip tcp header-compression iphc-format
The following example enables RTP header compression on the Serial2/0.0 subinterface and limits the
number of RTP header compression connections to 20. In this example, the optional ietf-format
keyword of the ip tcp header-compression command is specified.
Router> enable
Router(config-if)# ip tcp header-compression ietf-format

ip tcp Specifies the total number of TCP header compression connections
compression-connections that can exist on an interface.
show ip tcp Displays TCP/IP header compression statistics.
header-compression
show running-config Displays the contents of the currently running configuration file or
the configuration for a specific interface, or map class information.

QOS-318
iphc-profile
iphc-profile
To create an IP Header Compression (IPHC) profile and to enter IPHC-profile configuration mode, use
the iphc-profile command in global configuration mode. To attach an existing IPHC profile to an
interface or subinterface, use the iphc-profile command in interface configuration mode. To delete the
IPHC profile, use the no form of this command.
iphc-profile profile-name {ietf | van-jacobson}
no iphc-profile profile-name
Syntax Description profile-name Name of the IPHC profile to be created or attached. The IPHC profile name
can be a maximum of 32 characters.
ietf Specifies that the IPHC profile is for Internet Engineering Task Force (IETF)
header compression.
van-jacobson Specifies that the IPHC profile is for Van Jacobson header compression.
Command Default No IPHC profile is created or attached.
Command Modes Global configuration (to create an IPHC profile)

Interface configuration (to attach an existing IPHC profile to an interface or subinterface)

Usage Guidelines The iphc-profile command creates an IPHC profile used for enabling header compression and enters
IPHC-profile configuration mode (config-iphcp). An IPHC profile is a template within which you can
configure the type of header compression that you want to use, enable any optional features and settings
for header compression, and then apply the profile to an interface, a subinterface, or a Frame Relay
permanent virtual circuit (PVC).
Specifying the IPHC Profile Type

When you create an IPHC profile, you must specify the IPHC profile type by using either the ietf
keyword or the van-jacobson keyword. The IETF profile type conforms to and supports the standards
established with RFC 2507, RFC 2508, RFC 3544, and RFC 3545 and is typically associated with
non-TCP header compression (for example, RTP header compression). The Van Jacobson profile type
conforms to and supports the standards established with RFC 1144 and is typically associated with TCP
header compression.
Note If you are using Frame Relay encapsulation, you must specify the ietf keyword (not the van-jacobson
keyword).

QOS-319
iphc-profile
Considerations When Specifying the IPHC Profile Type

When specifying the IPHC profile type, consider whether you are compressing TCP traffic or non-TCP
traffic (that is, RTP traffic). Also consider the header compression format capabilities of the remote
network link that will receive traffic. The IPHC profile type that you specify directly affects the header
compression format used on the remote network links to which the IPHC profile is applied. Only TCP
traffic is compressed on remote network links using a Van Jacobson IPHC profile, whereas TCP and/or
non-TCP traffic (for example, RTP traffic) is compressed on remote network links using an IETF IPHC
profile.
Note The header compression format in use on the router that you are configuring and the header compression
format in use on the remote network link must match.
Configurable Header Compression Features and Settings

The specific set of header compression features and settings that you can configure (that is, enable or
modify) is determined by the IPHC profile type that you specify (either IETF or Van Jacobson) when
you create the IPHC profile. Both sets are listed below.
If you specify Van Jacobson as the IPHC profile type, you can enable TCP header compression and set
the number of TCP contexts. Table 12 lists each available Van Jacobson IPHC profile type header
compression feature and setting and the command used to enable it.
Table 12 Van Jacobson IPHC Profile Type Header Compression Features and Settings
Command Feature or Setting

tcp Enables TCP header compression.
tcp contexts Sets the number of contexts available for TCP header compression.
If you specify IETF as the IPHC profile type, you can enable non-TCP header compression (that is, RTP
header compression), along with a number of additional features and settings. Table 13 lists each
available IETF IPHC profile type header compression feature and setting and the command or
commands used to enable it.
Table 13 IETF IPHC Profile Type Header Compression Features and Settings
Command Feature or Setting

feedback Enables the context-status feedback messages from the interface or link.
maximum header Sets the maximum size of the compressed IP header.
non-tcp Enables non-TCP header compression.
non-tcp contexts Sets the number of contexts available for non-TCP header compression.
rtp Enables RTP header compression.
recoverable-loss Enables Enhanced Compressed Real-Time Transport Protocol (ECRTP) on
an interface.
refresh max-period Sets the context refresh (full-header refresh) options, such as the amount of
refresh max-time time to wait before a full header is refreshed.
refresh rtp
tcp Enables TCP header compression.
tcp contexts Sets the number of contexts available for TCP header compression.

QOS-320
iphc-profile
For More Information About IPHC Profiles

For more information about using IPHC profiles to configure header compression, see the
“Header Compression” module and the “Configuring Header Compression Using IPHC Profiles”
module of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.
Examples In the following example, an IPHC profile called profile1 is created, and the Van Jacobson IPHC profile
type is specified.
Router> enable
Router(config)# iphc-profile profile1 van-jacobson
In the following example, a second IPHC profile called profile2 is created. For this IPHC profile, the
IETF IPHC profile type is specified.
Router> enable
In the following example, an existing IPHC profile called profile2 is attached to serial interface 3/0. For
this IPHC profile, the IPHC profile type (in this case, IETF) of profile2 is specified.
Router> enable
Router(config)# interface serial 3/0
Router(config-if)# iphc-profile profile2 ietf

feedback Enables the context-status feedback messages from the interface or link.
maximum header Specifies the maximum size of the compressed IP header.
non-tcp contexts Sets the number of contexts available for non-TCP header compression.
recoverable-loss Enables ECRTP on an interface.
refresh max-period Sets the number of packets sent between full-header refresh occurrences.
refresh max-time Sets the amount of time to wait before a full-header refresh occurrence.
refresh rtp Enables a context refresh occurrence for RTP header compression.
rtp Enables RTP header compression within an IPHC profile.
show iphc-profile Displays configuration information for one or more IPHC profiles.
tcp contexts Set the number of contexts available for TCP header compression.

QOS-321
lane client qos
lane client qos

To apply a LAN Emulation (LANE) quality of service (QoS) database to an interface, use the
lane client qos command in subinterface configuration mode. To remove the QoS over LANE feature
from the interface, use the no form of this command.
lane client qos database-name
no lane client qos database-name
Syntax Description database-name Name of the QoS database.
Command Default This command is not configured by default.
Command Modes Subinterface configuration

Examples This example shows how to apply a LANE QoS database to a subinterface:
Router(config-subif)# lane client qos user1

atm-address Specifies the QoS parameters associated with a particular ATM
address.
lane qos database Begins the process of building a QoS over LANE database

QOS-322
lane qos database
lane qos database

To build the LAN Emulation (LANE) quality-of-service database, use the lane qos database command
in global configuration mode. To remove a LANE QoS database name, use the no form of this command.
lane qos database name
no lane qos database name
Syntax Description name Name of the LANE QoS database.

Usage Guidelines This command specifies a named database of QoS parameters. The database can be applied on the
subinterfaces on which a LANE client is configured.
Examples This example shows how to begin configuring a QoS over LANE database named user1 on a Catalyst
5000 family ATM switch:
ATM# configure terminal
ATM(config)# lane qos database user1
This example shows how to begin configuring a QoS over LANE database named user2 on a router:
Router(config)# lane qos database user2

QOS-323
lane qos database

atm-address Specifies the QoS parameters associated with a particular ATM address.

QOS-324
load protocol
load protocol
To load a protocol header description file (PHDF) onto a router, use the load protocol command in
global configuration mode. To unload all protocols from a specified location or a single protocol, use the
load protocol location:filename
no load protocol {location:filename | protocol-name}
Syntax Description location:filename Location of the PHDF that is to be loaded onto the router.
When used with the no version of this command, all protocols loaded from
the specified filename will be unloaded.
Note The location must be local to the router.
protocol-name Unloads only the specified protocol.
Note If you attempt to unload a protocol that is being referenced by a filter,
you will receive an error.
Command Default If this command is not issued, no PHDFs will be loaded onto the router.

Usage Guidelines Flexible packet matching allows users to classify traffic on the basis of any portion of a packet header
given the protocol field, length, and pattern. Protocol headers are defined in separate files called PHDFs;
the field names that are defined within the PHDFs are used for defining the packet filters. A PHDF is a
file that allows the user to leverage the flexibility of extensible markup language (XML) to describe
almost any protocol header. The important components of the PHDF are the version, the XML file
schema location, and the protocol field definitions. The protocol field definitions name the appropriate
field in the protocol header, allow for a comment describing the field, provide the location of the protocol
header field in the header (the offset is relative to the start of the protocol header), and provide the length
of the field. Users can choose to specify the measurement in bytes or in bits.
Note The total length of the header must be specified at the end of each PHDF.

QOS-325
load protocol
In case of a redundant setup, users should ensure all PHDFs that are used in the flexible packet matching
configuration are present on the corresponding standby disk. If the PHDFs are not on standby disk, all
flexible packet matching policies using the PHDFs will be broken.
Users can write their own custom PHDFs via XML. However, the following standard PHDFs can also
be loaded onto the router: ip.phdf, ether.phdf, tcp.phdf, and udp.phdf.
Standard PHDFs are available on Cisco.com at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/fpm
Because PHDFs are defined via XML, they are not shown in a running configuration.
Issue the load protocol command to apply filters to a protocol by defining and loading a PHDF for that
protocol header.
Examples The following example shows how to configure FPM for blaster packets. The class map contains the
of IP header.






class blaster1
drop
class blaster2
drop

class blaster3
drop

class ip-tcp
class ip-udp


QOS-326
match access-group
match access-group
To configure the match criteria for a class map on the basis of the specified access control list (ACL),
use the match access-group command in class-map configuration mode. To remove ACL match criteria
from a class map, use the no form of this command.
match access-group {access-group | name access-group-name}
no match access-group access-group
Syntax Description access-group Numbered ACL whose contents are used as the match criteria against
which packets are checked to determine if they belong to this class.
An ACL number can be a number from 1 to 2699.
name access-group-name Named ACL whose contents are used as the match criteria against
which packets are checked to determine if they belong to this class.
The name can be a maximum of 40 alphanumeric characters.
Command Default No match criteria are configured.

12.0(17)SL This command was enhanced to include matching on access lists on the
Cisco 10000 series router.
12.4(6)T This command was enhanced to support Zone-Based Policy Firewall.
Usage Guidelines For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
including ACLs, protocols, input interfaces, quality of service (QoS) labels, and EXP field values.
Packets satisfying the match criteria for a class constitute the traffic for that class.
Note For Zone-Based Policy Firewall, this command is not applicable to CBWFQ.

QOS-327
match access-group
The match access-group command specifies a numbered or named ACL whose contents are used as the
match criteria against which packets are checked to determine if they belong to the class specified by the
class map.
Supported Platforms Other than Cisco 10000 Series Routers

To use the match access-group command, you must first enter the class-map command to specify the
name of the class whose match criteria you want to establish. After you identify the class, you can use
one of the following commands to configure its match criteria:
• match access-group
• match input-interface
• match mpls experimental
• match protocol
Note Zone-Based Policy Firewall supports only the match access-group, match protocol, and match
class-map commands.
If you specify more than one command in a class map, only the last command entered applies. The last
command overrides the previously entered commands.
Note The match access-group command specifies the numbered access list against whose contents packets
are checked to determine if they match the criteria specified in the class map. Access lists configured
with the optional log keyword of the access-list command are not supported when you configure match
criteria. For more information about the access-list command, refer to the Cisco IOS IP Application
Services Command Reference.

To use the match access-group command, you must first enter the class-map command to specify the
name of the class whose match criteria you want to establish.
Note The match access-group command specifies the numbered access list against whose contents packets
are checked to determine if they match the criteria specified in the class map. Access lists configured
with the optional log keyword of the access-list command are not supported when you configure match
criteria.
Examples The following example specifies a class map called acl144 and configures the ACL numbered 144 to be
used as the match criterion for that class:
class-map acl144
The following example pertains to Zone-Based Policy Firewall. The example defines a class
map called c1 and configures the ACL numbered 144 to be used as the match criterion for
that class.
class-map type inspect match-all c1


QOS-328
match access-group

access-list (IP extended) Defines an extended IP access list.
access-list (IP standard) Defines a standard IP access list.
class-map Creates a class map to be used for matching packets to a
specified class.
match input-interface Configures a class map to use the specified input interface as a
match criterion.
match mpls experimental Configures a class map to use the specified EXP field value as
a match criterion.
match protocol Configures the match criteria for a class map on the basis of the
specified protocol.

QOS-329
match any
match any
To configure the match criteria for a class map to be successful match criteria for all packets, use the
match any command in class-map configuration mode. To remove all criteria as successful match
criteria, use the no form of this command.
match any
no match any
Command Default No match criteria are specified.

12.0(5)XE This command was introduced.
12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB and
Examples In the following configuration, all packets leaving Ethernet interface 1/1 will be policed based on the
parameters specified in policy-map class configuration mode:
Router(config)# class-map matchany
Router(config-cmap)# match any

Router(config-pmap-c)# police 8100 1500 2504 conform-action transmit exceed-action
set-qos-transmit 4
Router(config)# interface ethernet1/1


QOS-330
match any

class.
criterion.
match protocol Configures the match criteria for a class map on the basis of the
specified protocol.

QOS-331
match atm-clp
match atm-clp
To enable packet matching on the basis of the ATM cell loss priority (CLP), use the match atm-clp
command in class-map configuration mode. To disable packet matching on the basis of the ATM CLP,
match atm-clp
no match atm-clp
Command Default Packets are not matched on the basis of the ATM CLP.
Command Modes Class-map configuration (config-cmap)

12.4(15)T2 This command was integrated into Cisco IOS Release 12.4(15)T2.
Usage Guidelines This command is supported on policy maps that are attached to ATM main interfaces, ATM
subinterfaces, or ATM permanent virtual circuits (PVCs). However, policy maps (containing the match
atm-clp command) that are attached to these types of ATM interfaces can be input policy maps only.
This command is supported on the PA-A3 adaptor only.
Examples In this example, a class called “class-c1” has been created using the class-map command, and the match
atm-clp command has been configured inside that class. Therefore, packets are matched on the basis of
the ATM CLP and are placed into this class.
Router> enable
Router(config)# class-map class-c1
Router(config-cmap)# match atm-clp
Router(config-cmap)# end

QOS-332
match atm-clp

show atm pvc Displays all ATM PVCs and traffic information.
interface policies either on the specified interface or subinterface or on a specific PVC
on the interface.

QOS-333
match cos
match cos
To match a packet on the basis of a Layer 2 class of service (CoS)/Inter-Switch Link (ISL) marking, use
the match cos command in class-map configuration mode. To remove a specific Layer 2 CoS/ISL
marking as a match criterion, use the no form of this command.
match cos cos-value [cos-value [cos-value [cos-value]]]
no match cos cos-value [cos-value [cos-value [cos-value]]]
Syntax Description Supported Platforms Other Than the Cisco 10000 Series Routers
cos-value Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to
four CoS values, separated by a space, can be specified in one match cos
statement.
cos-value Specific packet CoS bit value. Specifies that the packet CoS bit value must
match the specified CoS value. The cos-value is from 0 to 7; up to four CoS
values, separated by a space, can be specified in one match cos statement.
Command Default Packets are not matched on the basis of a Layer 2 CoS/ISL marking.

12.2(31)SB This command was implemented on the Cisco 10000 series router.
12.4(15)T2 This command was integrated into Cisco IOS Release 12.4(15)T2.
Examples In the following example, the CoS values of 1, 2, and 3 are successful match criteria for the interface
that contains the classification policy called cos:
Router(config)# class-map cos
Router(config-cmap)# match cos 1 2 3

QOS-334
match cos
In the following example, classes called voice and video-n-data are created to classify traffic based on
the CoS values. QoS treatment is then given to the appropriate packets in the CoS-based-treatment policy
map (in this case, the QoS treatment is priority 64 and bandwidth 512). The service policy configured in
this example is attached to all packets leaving Fast Ethernet interface 0/0.1. The service policy can be
attached to any interface that supports service policies.
Router(config)# class-map voice
Router(config-cmap)# match cos 7
Router(config)# class-map video-n-data

Router(config-cmap)# match cos 5
Router(config)# policy-map cos-based-treatment

Router(config-pmap)# class voice
Router(config-pmap-c)# priority 64
Router(config-pmap)# class video-n-data
Router(config)# interface fastethernet0/0.1

Router(config-if)# service-policy output cos-based-treatment

set cos Sets the Layer 2 CoS value of an outgoing packet.

QOS-335
match cos inner
match cos inner

To match the inner cos of QinQ packets on a Layer 2 class of service (CoS) marking, use the match cos
inner command in class-map configuration mode. To remove a specific Layer 2 CoS inner tag marking,
match cos cos-value
no match cos cos-value
Syntax Description cos-value Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to
four CoS values can be specified in one match cos statement.

12.2(18)SXE This command was introduced.
Examples In the following example, the inner CoS-values of 1, 2, and 3 are successful match criteria for the
interface that contains the classification policy called cos:
Router(config)# class-map cos
Router(config-cmap)# match cos inner 1 2 3


QOS-336
match destination-address mac
match destination-address mac

To use the destination MAC address as a match criterion, use the match destination-address mac
command in class-map configuration mode. To remove a previously specified destination MAC address
as a match criterion, use the no form of this command.
match destination-address mac address
no match destination-address mac address
Syntax Description address Destination MAC address to be used as a match criterion.
Command Default No destination MAC address is specified.

12.2(31)SB This command implemented on the Cisco 10000 series.
Examples The following example specifies a class map called macaddress and specifies the destination MAC
address to be used as the match criterion for this class:
class-map macaddress
match destination-address mac 00:00:00:00:00:00


QOS-337
match discard-class
match discard-class
To specify a discard class as a match criterion, use the match discard-class command in class-map
configuration mode. To remove a previously specified discard class as a match criterion, use the no form
of this command.
match discard-class class-number
no match discard-class class-number
Syntax Description class-nmber Number of the discard class being matched. Valid values are 0 to 7.
Command Default Packets will not be classified as expected.

Usage Guidelines A discard-class value has no mathematical significance. For example, the discard-class value 2 is not
greater than 1. The value simply indicates that a packet marked with discard-class 2 should be treated
differently than a packet marked with discard-class 1.
Packets that match the specified discard-class value are treated differently from packets marked with
other discard-class values. The discard-class is a matching criterion only, used in defining per hop
behavior (PHB) for dropping traffic.
Examples The following example shows that packets in discard class 2 are matched:
Router(config-cmap)# match discard-class 2

set discard-class Marks a packet with a discard-class value.

QOS-338
match dscp
match dscp
To identify one or more differentiated service code point (DSCP), Assured Forwarding (AF), and
Certificate Server (CS) values as a match criterion, use the match dscp command in class-map
configuration mode. To remove a specific DSCP value from a class map, use the no form of this
command.
match [ip] dscp dscp-value [dscp-value dscp-value dscp-value dscp-value dscp-value dscp-value
dscp-value]
no match [ip] dscp dscp-value
Syntax Description ip (Optional) Specifies that the match is for IPv4 packets only. If not used, the
match is on both IPv4 and IPv6 packets.
Note For the Cisco 10000 series router, the ip keyword is required.
dscp-value The DSCP value used to identify a DSCP value. For valid values, see the
“Usage Guidelines.”
Command Default No match criteria is configured.

If you do not enter the ip keyword, matching occurs on both IPv4 and IPv6 packets.

12.2(13)T This command was introduced. This command replaces the match ip dscp
command.
12.0(28)S Support for this command in IPv6 was added in Cisco IOS
Release S12.0(28)S on the
12.0(17)SL This command was implemented on the Cisco 10000 series router.
Usage Guidelines DSCP Values

You must enter one or more differentiated service code point (DSCP) values. The command may include
any combination of the following:
• numbers (0 to 63) representing differentiated services code point values
• af numbers (for example, af11) identifying specific AF DSCPs
• cs numbers (for example, cs1) identifying specific CS DSCPs
• default—Matches packets with the default DSCP.
• ef—Matches packets with EF DSCP.

QOS-339
match dscp
For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the IP DSCP
values must be a successful match criterion, not all of the specified DSCP values), enter the match dscp
0 1 2 3 4 5 6 7 command.
This command is used by the class map to identify a specific DSCP value marking on a packet. In this
context, dscp-value arguments are used as markings only and have no mathematical significance. For
instance, the dscp-value of 2 is not greater than 1. The value simply indicates that a packet marked with
the dscp-value of 2 is different than a packet marked with the dscp-value of 1. The treatment of these
marked packets is defined by the user through the setting of Quality of Service (QoS) policies in
policy-map class configuration mode.
Match Packets on DSCP Values

To match DSCP values for IPv6 packets only, the match protocol ipv6 command must also be used.
Without that command, the DSCP match defaults to match both IPv4 and IPv6 packets.
To match DSCP values for IPv4 packets only, use the ip keyword. Without the ip keyword the match
occurs on both IPv4 and IPv6 packets. Alternatively, the match protocol ip command may be used with
match dscp to classify only IPv4 packets.
After the DSCP bit is set, other QoS features can then operate on the bit settings.
The network can give priority (or some type of expedited handling) to marked traffic. Typically, you set
the precedence value at the edge of the network (or administrative domain); data is then queued
according to the precedence. Weighted fair queueing (WFQ) can speed up handling for high-precedence
traffic at congestion points. Weighted Random Early Detection (WRED) can ensure that
high-precedence traffic has lower loss rates than other traffic during times of congestion.

The Cisco 10000 series router supports DSCP matching of IPv4 packets only. You must include the
ip keyword when specifying the DSCP values to use as match criterion.
You cannot use the set ip dscp command with the set ip precedence command to mark the same packet.
DSCP and precedence values are mutually exclusive. A packet can have one value or the other, but not
both.
Examples The following example shows how to set multiple match criteria. In this case, two IP DSCP value and
one AF value.
Router(config)# class-map map1
Router(config-cmap)# match dscp 1 2 af11

match protocol ip Matches DSCP values for packets.
match protocol ipv6 Matches DSCP values for IPv6 packets.
set dscp Marks the DSCP value for packets within a traffic class.

QOS-340
match field
match field
To configure the match criteria for a class map on the basis of the fields defined in the protocol header
description files (PHDFs), use the match field command in class-map configuration mode. To remove
the specified match criteria, use the no form of this command.
match field protocol protocol-field {eq [mask] | neq [mask] | gt | lt | range range | regex string}
value [next next-protocol]
no match field protocol protocol-field {eq [mask] | neq [mask] | gt | lt | range range | regex string}
value [next next-protocol]
Syntax Description protocol Name of protocol whose PHDF has been loaded onto a router.
protocol field Match criteria is based upon the specified field within the loaded protocol.
eq Match criteria is met if the packet is equal to the specified value or mask.
neq Match criteria is met if the packet is not equal to the specified value or mask.
mask (Optional) Can be used when the eq or the neq keywords are issued.
gt Match criteria is met if the packet does not exceed the specified value.
lt Match criteria is met if the packet is less than the specified value.
range range Match criteria is based upon a lower and upper boundary protocol field
range.
regex string Match criteria is based upon a string that is to be matched.
value Value for which the packet must be in accordance with.
next next-protocol Specify the next protocol within the stack of protocols that is to be used as
the match criteria.
Command Default No match criteria are configured.

Usage Guidelines Before issuing the match-field command, you must load a PHDF onto the router via the load protocol
command. Thereafter, you must first enter the class-map command to specify the name of the class
whose match criteria you want to establish.
Match criteria are defined via a start point, offset, size, value to match, and mask. A match can be defined
on a pattern with any protocol field.

QOS-341
match field
of IP header.






class blaster1
drop
class blaster2
drop

class blaster3
drop

class ip-tcp
class ip-udp


load protocol Loads a PHDF onto a router.
match start Configures the match criteria for a class map on the basis of the datagram
header (Layer 2) or the network header (Layer 3).

QOS-342
match flow pdp
match flow pdp

To specify a Packet Data Protocol (PDP) flow as a match criterion in a class map, use the
match flow pdp command in class-map configuration mode. To remove a PDP flow as a match criterion,
match flow pdp
no match flow pdp
Command Default A PDP flow is not specified as a match criterion.

12.3(8)XU This command was introduced.
12.3(11)YJ This command was integrated into Cisco IOS Release 12.3(11)YJ.
12.3(14)YQ This command was integrated into Cisco IOS Release 12.3(14)YQ.
12.3(14)YU This command was integrated into Cisco IOS Release 12.3(14)YU.
12.4(2)XB This command was integrated into Cisco IOS Release 12.4(2)XB.
Usage Guidelines The match flow pdp command allows you to match and classify traffic on the basis of a PDP flow.
The match flow pdp command is included with the Flow-Based QoS for GGSN feature available with
Cisco IOS Release 12.4(9)T. The Flow-Based QoS for GGSN feature is designed specifically for the
Gateway General Packet Radio Service (GPRS) Support Node (GGSN).
Per-PDP Policing
The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).
The match flow pdp command (when used in conjunction with the class-map command, the
policy-map command, the police rate pdp command, and the service-policy command) allows you to
configure per-PDP policing (session-based policing) for downlink traffic on a GGSN.
Note the following points related to per-PDP policing:
• When using the class-map command to define a class map for PDP flow classification, do not use
the match-any keyword.
• Per-PDP policing functionality requires that you configure Universal Mobile Telecommunications
System (UMTS) quality of service (QoS). For information on configuring UMTS QoS, see the
“Configuring QoS on the GGSN” section of the Cisco GGSN Release 6.0 Configuration Guide,
Cisco IOS Release 12.4(2)XB.

QOS-343
match flow pdp
• The policy map created to configure per-PDP policing cannot contain multiple classes within which
only the match flow pdp command has been specified. In other words, if there are multiple classes
in the policy map, the match flow pdp command must be used in conjunction with another match
statement (for example, match precedence) in at least one class.
For More Information

For more information about the GGSN, along with the instructions for configuring the Flow-Based QoS
for GGSN feature, see the Cisco GGSN Release 6.0 Configuration Guide, Cisco IOS Release 12.4(2)XB.
Note To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called
“Configuring Per-PDP Policing.”
For more information about the GGSN-specific commands, see the Cisco GGSN Release 6.0 Command
Reference, Cisco IOS Release 12.4(2)XB.
Examples The following example specifies PDP flows as the match criterion in a class map named “class-pdp”:
class-map class-pdp
match flow pdp

match precedence Identifies IP precedence values as match criteria.
police rate pdp Configures PDP traffic policing using the police rate.
service-policy Attaches a policy map to an interface.

QOS-344
match fr-dlci
match fr-dlci
To specify the Frame Relay data-link connection identifier (DLCI) number as a match criterion in a class
map, use the match fr-dlci command in class-map configuration mode. To remove a previously specified
DLCI number as a match criterion, use the no form of this command.
match fr-dlci dlci-number
no match fr-dlci dlci-number
Syntax Description dlci-number Number of the DLCI associated with the packet.
Command Default No DLCI number is specified.

Usage Guidelines This match criterion can be used in main interfaces and point-to-multipoint subinterfaces in Frame Relay
networks, and it can also be used in hierarchical policy maps.
Examples In the following example a class map called “class1” has been created and the Frame Relay DLCI
number of 500 has been specified as a match criterion. Packets matching this criterion are placed in
class1.
Router(config-cmap)# match fr-dlci 500


QOS-345
match input vlan
match input vlan

To configure a class map to match incoming packets that have a specific virtual local area network
(VLAN) ID, use the match input vlan command in class map configuration mode. To remove the
matching of VLAN IDs, use the no form of this command.
match input vlan input-vlan-list
no match input vlan input-vlan-list
Syntax Description input-vlan-list One or more VLAN IDs to be matched. The valid range for VLAN IDs is
from 1 to 4094, and the list of VLAN IDs can include one or all of the
following:
• Single VLAN IDs, separated by spaces. For example:
100 200 300
• One or more ranges of VLAN IDs, separated by spaces. For example:
1-1024 2000-2499
Command Default By default, no matching is done on VLAN IDs.
Command Modes Class map configuration

12.2(18)SXE This command was introduced for Cisco Catalyst 6500 series switches and
Usage Guidelines The match input vlan command allows you to create a class map that matches packets with one or more
specific VLAN IDs, as they were received on the input (ingress) interface. This enables hierarchical
Quality of Service (HQoS) for Ethernet over MPLS (EoMPLS) Virtual Circuits (VC), allowing parent
and child relationships between QoS class maps and policy maps. This in turn enables service providers
to easily classify and shape traffic for a particular EoMPLS network.
In EoMPLS applications, the parent class map typically specifies the maximum bandwidth for all of the
VCs in a specific EoMPLS network. Then the child class maps perform other QoS operations, such as
traffic shaping, on a subset of this traffic.

QOS-346
match input vlan
Do not confuse the match input vlan command with the match vlan command, which is also a
class-map configuration command.
• The match vlan command matches the VLAN ID on packets for the particular interface at which
the policy map is applied. Policy maps using the match vlan command can be applied to either
ingress or egress interfaces on the router, using the service-policy {input | output} command.
• The match input vlan command matches the VLAN ID that was on packets when they were
received on the ingress interface on the router. Typically, policy maps using the match input vlan
command are applied to egress interfaces on the router, using the service-policy output command.
The match input vlan command can also be confused with the match input-interface vlan command,
which matches packets being received on a logical VLAN interface that is used for inter-VLAN routing.
Tip Because class maps also support the match input-interface command, you cannot abbreviate the input
keyword when giving the match input vlan command.
Note The match input vlan command cannot be used only on Layer 2 LAN ports on FlexWAN, Enhanced
FlexWAN, and Optical Service Modules (OSM) line cards.
Restrictions
The following restrictions apply when using the match input vlan command:
• You cannot attach a policy with match input vlan to an interface if you have already attached a
service policy to a VLAN interface (a logical interface that has been created with the interface vlan
command).
• Class maps that use the match input vlan command support only the match-any option. You cannot
use the match-all option in class maps that use the match input vlan command.
• If the parent class contains a class map with a match input vlan command, you cannot use a match
exp command in a child class map.
Examples The following example creates a class map and policy map that matches packets with a VLAN ID of
1000. The policy map shapes this traffic to a committed information rate (CIR) value of 10 Mbps
(10,000,000 bps). The final lines then apply this policy map to a specific gigabit Ethernet WAN interface.
Router(config)# class-map match-any vlan1000
Router(config-cmap)# match input vlan 1000
Router(config-pmap)# class vlan1000
Router(config-pmap)# shape average 10000000
Router(config-pmap)# interface GE-WAN 3/0
Router(config-if)#
The following example shows a class map being configured to match VLAN IDs 100, 200, and 300:
Router(config)# class-map match-any hundreds
Router(config-cmap)# match input vlan 100 200 300
Router(config-cmap)#

QOS-347
match input vlan
The following example shows a class map being configured to match all VLAN IDs from 2000 to 2999
inclusive:
Router(config)# class-map match-any vlan2000s
Router(config-cmap)# match input vlan 2000-2999
The following example shows a class map being configured to match both a range of VLAN IDs, as well
as specific VLAN IDs:
Router(config)# class-map match-any misc
Router(config-cmap)# match input vlan 1 5 10-99 2000-2499

clear cef linecard Clears Cisco Express Forwarding (CEF) information on one or more line
cards, but does not clear the CEF information on the main route processor
(RP). This forces the line cards to synchronize their CEF information with
the information that is on the RP.
match qos-group Identifies a specified QoS group value as a match criterion.
mls qos trust Sets the trusted state of an interface, to determine which incoming QoS field
on a packet, if any, should be preserved.
show policy-map Displays the configuration of all classes configured for all service policies
interface on the specified interface or displays the classes for the service policy for a
specific PVC on the interface.
show platform qos Displays the type and number of policy maps that are configured on the
policy-map router.

QOS-348
match input-interface
To configure a class map to use the specified input interface as a match criterion, use the match
input-interface command in class-map configuration mode. To remove the input interface match
criterion from a class map, use the no form of this command.
match input-interface interface-name
no match input-interface interface-name
Syntax Description interface-name Name of the input interface to be used as match criteria.

12.0(17)SL This command was enhanced to include matching on the input interface.
implemented on the Cisco 10000 series.
Usage Guidelines Supported Platforms Other Than Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
including input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and
experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for
that class.
The match input-interface command specifies the name of an input interface to be used as the match
criterion against which packets are checked to determine if they belong to the class specified by the class
map.

QOS-349
To use the match input-interface command, you must first enter the class-map command to specify the
name of the class whose match criteria you want to establish. After you identify the class, you can use
one of the following commands to configure its match criteria:
• match protocol

For CBWFQ, you define traffic classes based on match criteria including input interfaces, ACLs,
protocols, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute
the traffic for that class.
To use the match input-interface command, you must first enter the class-map command to specify the
name of the class whose match criteria you want to establish.
Examples The following example specifies a class map called ethernet1 and configures the input interface named
ethernet1 to be used as the match criterion for this class:
class-map ethernet1
match input-interface ethernet1

match access-group Configures the match criteria for a class map based on the specified ACL.
match mpls Configures a class map to use the specified EXP field value as a match
experimental criterion.
protocol.

QOS-350
match ip dscp
match ip dscp
The match ip dscp command is replaced by the match dscp command. See the match dscp command
for more information.

QOS-351
match ip precedence
match ip precedence
The match ip precedence command is replaced by the match precedence command. See the match
precedence command for more information.

QOS-352
match ip rtp
match ip rtp
To configure a class map to use the Real-Time Protocol (RTP) port as the match criterion, use the match
ip rtp command in class-map configuration mode. To remove the RTP port match criterion, use the no
match ip rtp starting-port-number port-range
no match ip rtp
Syntax Description starting-port-number The starting RTP port number. Values range from 2000 to 65535.
port-range The RTP port number range. Values range from 0 to 16383.

12.2(31)SB This command was implemented on the Cisco 10000 series.
Usage Guidelines This command is used to match IP RTP packets that fall within the specified port range. It matches
packets destined to all even User Datagram Port (UDP) port numbers in the range from the starting port
number argument to the starting port number plus the port range argument.
Use of an RTP port range as the match criterion is particularly effective for applications that use RTP,
such as voice or video.
Examples The following example specifies a class map called ethernet1 and configures the RTP port number 2024
and range 1000 to be used as the match criteria for this class:
class-map ethernet1
match ip rtp 2024 1000

QOS-353
match ip rtp

ip rtp priority Reserves a strict priority queue for a set of RTP packet flows belonging to a
range of UDP destination ports.
match access-group Configures the match criteria for a class map based on the specified ACL
number.

QOS-354
match mpls experimental

To configure a class map to use the specified value or values of the experimental (EXP) field as a match
criteria, use the match mpls experimental command in class-map configuration mode. To remove the
EXP field match criteria from a class map, use the no form of this command.
match mpls experimental number
no match mpls experimental number
Syntax Description number EXP field value (any number from 0 through 7) to be used as a match
criterion. You can specify multiple values, separated by a space (for
example, 3 4 7).

12.2(4)T This command was implemented on the Cisco MGX 8850 switch and the
MGX 8950 switch with a Cisco MGX RPM-PR card.
Usage Guidelines Supported Platforms Other Than the Cisco 10000 Series
such as input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and
experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for
that class.
The match mpls experimental command specifies the name of an EXP field value to be used as the
match criterion against which packets are compared to determine if they belong to the class specified by
the class map.

QOS-355
To use the match mpls experimental command, you must first enter the class-map command to specify
the name of the class whose match criteria you want to establish. After you identify the class, you can
use one of the following commands to configure its match criteria:
• match protocol
Cisco 10000 Series

This command is available only on the ESR-PRE1 module.
For CBWFQ, you define traffic classes based on match criteria such as input interfaces, ACLs, protocols,
QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute the traffic
for that class.
To use the match mpls experimental command, you must first enter the class-map command to specify
the name of the class whose match criteria you want to establish.
Examples The following example specifies a class map called ethernet1 and configures the Multiprotocol Label
Switching (MPLS) experimental values of 1 and 2 to be used as the match criteria for this class:
Router(config)# class-map ethernet1
Router(config-cmap)# match mpls experimental 1 2

criterion.
match mpls Matches the EXP value in the topmost label.
experimental topmost
match protocol Matches traffic by a particular protocol.
match qos-group Configures the match criteria for a class map based on the specified protocol.

QOS-356
match mpls experimental topmost
match mpls experimental topmost

To match the experimental (EXP) value in the topmost label, use the match mpls experimental topmost
command in QoS class-map configuration mode. To remove the EXP match criterion, use the no form
of this command.
match mpls experimental topmost number
no match mpls experimental topmost number
Syntax Description number The Multiprotocol Label Switching (MPLS) EXP field in the topmost label
header. Valid values are 0 to 7.
Command Default No EXP match criterion is configured for the topmost label.
Command Modes QoS class-map configuration

Usage Guidelines You can enter this command on the input and the output interfaces. It will match only on MPLS packets.
Examples The following example shows that the EXP value 3 in the topmost label is matched:
match mpls experimental topmost 3

set mpls experimental Sets the MPLS EXP field value in the topmost MPLS label header at the
topmost input or output interfaces.

QOS-357
match not
match not
To specify the single match criterion value to use as an unsuccessful match criterion, use the match not
command in QoS class-map configuration mode. To remove a previously specified source value to not
use as a match criterion, use the no form of this command.
match not match-criterion
no match not match-criterion
Syntax Description match-criterion The match criterion value that is an unsuccessful match criterion. All
other values of the specified match criterion will be considered
successful match criteria.

12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB
and implemented on the Cisco 10000 series.
Usage Guidelines The match not command is used to specify a quality of service (QoS) policy value that is not used as a
match criterion. When the match not command is used, all other values of that QoS policy become
For instance, if the match not qos-group 4 command is issued in QoS class-map configuration mode,
the specified class will accept all QoS group values except 4 as successful match criteria.
Examples In the following traffic class, all protocols except IP are considered successful match criteria:
Router(config)# class-map noip
Router(config-cmap)# match not protocol ip

QOS-358
match not

class.

QOS-359
match packet length (class-map)

To specify the Layer 3 packet length in the IP header as a match criterion in a class map, use the match
packet length command in class-map configuration mode. To remove a previously specified Layer 3
packet length as a match criterion, use the no form of this command.
match packet length {max maximum-length-value [min minimum-length-value] | min

minimum-length-value [max maximum-length-value]}
no match packet length {max maximum-length-value [min minimum-length-value] | min

minimum-length-value [max maximum-length-value]}
Syntax Description max Maximum. Indicates that a maximum value for the Layer 3 packet length is
to be specified.
maximum-length-value Specifies the maximum length value of the Layer 3 packet length, in bytes.
The range is from 1 to 2000.
min Minimum. Indicates that a minimum value for the Layer 3 packet length is
to be specified.
minimum-length-value Specifies the minimum length value of the Layer 3 packet length, in bytes.
The range is from 1 to 2000.
Command Default If only the minimum value is specified, a packet with a Layer 3 length greater than the minimum is
viewed as matching the criterion.
If only the maximum value is specified, a packet with a Layer 3 length less than the maximum is viewed
as matching the criterion.

12.2(18)SXE This command was integrated into Cisco IOS Release 12.2(18)SXE.
Usage Guidelines This command considers only the Layer 3 packet length in the IP header. It does not consider the Layer 2
packet length in the IP header.
When using this command, you must at least specify the maximum or minimum value. However, you do
have the option of entering both values.

QOS-360
Examples In the following example a class map called “class 1” has been created, and the Layer 3 packet length
has been specified as a match criterion. In this example, packets with a minimum Layer 3 packet length
of 100 and a maximum Layer 3 packet length of 300 are viewed as meeting the match criteria.
Router> enable
Router(config)# class-map match-all class1
Router(config-cmap)# match packet length min 100 max 300


QOS-361
match port-type
match port-type
To match the access policy on the basis of the port for a class map, use the match port-type command
in class-map configuration mode. To delete the port type, use the no form of this command.
match port-type {routed | switched}
no match port-type {routed | switched}
Syntax Description routed Matches the routed interface. Use this keyword if the class map has to be
associated with only a routed interface.
switched Matches the switched interface. Use this keyword if the class map has to be
associated with only a switched interface.
Command Default Access policy is not matched.

Usage Guidelines This command is used because, on the basis of the port on which a user is connecting, the access policies
that are applied to it can be different.
Examples The following example shows that an access policy has been matched on the basis of the port for a class
map:
Router(config-cmap)# match port-type routed

specified class.
match tag (class-map) Specifies the tag to be matched for a tag type of class map.

QOS-362
match precedence
match precedence
To identify IP precedence values to use as the match criterion, use the match precedence command in
QoS class-map configuration mode. To remove IP precedence values from a class map, use the no form
of this command.
match [ip] precedence precedence-criteria1 precedence-criteria2 precedence-criteria3

precedence-criteria4
no match [ip] precedence precedence-criteria1 precedence-criteria2 precedence-criteria3

match is on both IP and IPv6 packets.
Note For the Cisco 10000 series router, the ip keyword is required.
precedence-criteria1 Identifies the precedence value. You may enter up to four different values,
separated by a space. See the “Usage Guidelines” for valid values.
Command Default No match criterion is configured.

If you do not enter the ip keyword, matching occurs on both IPv4 and IPv6 packets.
Command Modes QoS class-map configuration mode

12.2(13)T This command was introduced. This command replaces the match ip
precedence command.
12.0(28)S Support for this command in IPv6 was added on the Cisco 12000 series
Internet router.
Usage Guidelines You may enter up to four matching criteria, as number abbreviation (0 to 7) or criteria names (critical,
flash, and so on), in a single match statement. For example, if you wanted the precedence values of 0, 1,
2, or 3 (note that only one of the precedence values must be a successful match criterion, not all of the
specified precedence values), enter the match ip precedence 0 1 2 3 command. The precedence-criteria
numbers are not mathematically significant; that is, the precedence-criteria of 2 is not greater than 1.
The way that these different packets are treated depends upon quality of service (QoS) policies, set in
the policy-map configuration mode.

QOS-363
match precedence
You can configure a QoS policy to include IP precedence marking for packets entering the network.
Devices within your network can then use the newly marked IP precedence values to determine how to
treat the packets. For example, class-based weighted random early detection (WRED) uses IP
precedence values to determine the probability that a packet is dropped. You can also mark voice packets
with a particular precedence. You can then configure low-latency queueing (LLQ) to place all packets
of that precedence into the priority queue.
Matching Precedence for IPv6 and IPv4 Packets on the Cisco 10000 and 7600 Series Routers
On the Cisco 7600 Series and 10000 Series Routers, you set matching criteria based on precedence
values for only IPv6 packets using the match protocol command with the ipv6 keyword. Without that
keyword, the precedence match defaults to match both IPv4 and IPv6 packets. You set matching criteria
based on precedence values for IPv4 packets only, use the ip keyword. Without the ip keyword the match
occurs on both IPv4 and IPv6 packets.
Precedence Values and Names

The following table lists all criteria conditions by value, name, binary value, and recommended use. You
may enter up to four criteria, each separated by a space. Only one of the precedence values must be a
successful match criterion. Table 14 lists the IP precedence values.
Table 14 IP Precedence Values
Precedence Value Precedence Name Binary Value Recommended Use

0 routine 000 Default marking value
1 priority 001 Data applications
2 immediate 010 Data applications
3 flash 011 Call signaling
4 flash-override 100 Video conferencing and streaming
video
5 critical 101 Voice
6 internet (control) 110 Network control traffic (such as
7 network (control) 111 routing, which is typically
precedence 6)
Do not use IP precedence 6 or 7 to mark packets, unless you are marking control packets.
Examples IPv4-Specific Traffic Match

The following example shows how to configure the service policy called “priority50” and attach service
policy “priority50” to an interface, matching for IPv4 traffic only. In a network where both IPv4 and IPv6
are running, you might find it necessary to distinguish between the protocols for matching and traffic
segregation. In this example, the class map called “ipprec5” will evaluate all IPv4 packets entering Fast
Ethernet interface 1/0/0 for a precedence value of 5. If the incoming IPv4 packet has been marked with
the precedence value of 5, the packet will be treated as priority traffic and will be allocated with
bandwidth of 50 kbps.
Router(config)# class-map ipprec5
Router(config-cmap)# match ip precedence 5
Router(config)# policy-map priority50
Router(config-pmap)# class ipprec5

QOS-364
match precedence
Router(config)# interface fa1/0/0
Router(config-if)# service-policy input priority50
IPv6-Specific Traffic Match

The following example shows the same service policy matching on precedence for IPv6 traffic only.
Notice that the match protocol command with the ipv6 keyword precedes the match precedence
command. The match protocol command is required to perform matches on IPv6 traffic alone.
Router(config)# class-map ipprec5
Router(config-cmap)# match protocol ipv6
Router(config-cmap)# match precedence 5
Router(config-pmap)# class ipprec5
Router(config)# interface fa1/0/0
Router(config-if)# service-policy input priority50

match protocol Configures the match criteria for a class map on the basis of a specified
protocol.
set ip precedence Sets the precedence value in the IP header.
show class-map Displays all class maps and their matching criteria, or a specified class
map and its matching criteria.

QOS-365
match protocol
match protocol
To configure the match criterion for a class map on the basis of the specified protocol, use the match
protocol command in class-map configuration mode. To remove protocol-based match criterion from a
class map, use the no form of this command.
match protocol protocol-name
no match protocol protocol-name
Syntax Description protocol-name Name of the protocol (for example, bgp) used as a matching criterion. See
the “Usage Guidelines” for a list of protocols supported by most routers.
Command Default No match criterion is configured.

12.1(13)E This command was implemented on Catalyst 6000 family switches without
FlexWAN modules.
of protocols used as matching criteria. These protocols were removed
because Apollo Domain, Banyan VINES, and Xerox Network Systems
(XNS) were removed in this release. The IPv6 protocol was added to support
matching on IPv6 packets.
12.0(28)S Support was added for IPv6 on the
12.2(18)SXE Support for this command was added on the Supervisor Engine 720.
12.2(31)SB2 This command was integrated into Cisco IOS Release 12.2(31)SB2 and
12.2(18)ZY This command was integrated into Cisco IOS Release 12.2(18)ZY. This
command was modified to enhance Network-Based Application Recognition
(NBAR) functionality on the Catalyst 6500 series switch that is equipped
with the Supervisor 32/programmable intelligent services accelerator (PISA)
engine.

QOS-366
match protocol
12.4(15)XZ This command was integrated into Cisco IOS Release 12.4(15)XZ.
12.4(20)T This command was implemented on the Cisco 1700, Cisco 1800,
Cisco 2600, Cisco 2800, Cisco 3700, Cisco 3800, Cisco 7200, and
Cisco 7300 routers.
Usage Guidelines Supported Platforms Other Than Cisco 7600 Routers and Cisco 10000 Series Routers
protocols, access control lists (ACLs), input interfaces, quality of service (QoS) labels, and
Experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic
for that class.
The match protocol command specifies the name of a protocol to be used as the match criteria against
which packets are checked to determine if they belong to the class specified by the class map.
The match protocol ipx command matches packets in the output direction only.
To use the match protocol command, you must first enter the class-map command to specify the name
of the class whose match criteria you want to establish. After you identify the class, you can use one of
the following commands to configure its match criteria:
To configure NBAR to match protocol types that are supported by NBAR traffic, use the match protocol
(NBAR) command.
Cisco 7600 Routers

The match protocol command in QoS class-map configuration configures NBAR and sends all traffic
on the port, both ingress and egress, to be processed in the software on the Multilayer Switch Feature
Card 2 (MSFC2).
For CBWFQ, you define traffic classes based on match criteria like protocols, ACLs, input interfaces,
QoS labels, and Multiprotocol Label Switching (MPLS) EXP field values. Packets satisfying the match
criteria for a class constitute the traffic for that class.
If you want to use the match protocol command, you must first enter the class-map command to specify
the name of the class to which you want to establish the match criteria.
This command can be used to match protocols that are known to the NBAR feature. For a list of protocols
supported by NBAR, see the “Classification” part of the Cisco IOS Quality of Service Solutions

QOS-367
match protocol

For CBWFQ, you define traffic classes based on match criteria including protocols, ACLs, input
interfaces, QoS labels, and EXP field values. Packets satisfying the match criteria for a class constitute
the traffic for that class.
The match protocol ipx command matches packets in the output direction only.
To use the match protocol command, you must first enter the class-map command to specify the name
of the class whose match criteria you want to establish.
If you are matching NBAR protocols, use the match protocol (NBAR) command.
Supported Protocols
Table 15 lists the protocols supported by most routers. Some routers support a few additional protocols.
For example, the Cisco 7600 router supports the aarp and decnet protocols, while the Cisco 7200 router
supports the directconnect and pppoe protocols. For a complete list of supported protocols, see the online
help for the match protocol command on the router that you are using.
Table 15 Supported Protocols
Protocol Name Description

*
arp IP Address Resolution Protocol (ARP)
bgp Border Gateway Protocol
*
bridge bridging
*
cdp Cisco Discovery Protocol
citrix Citrix Systems Metaframe
*
clns ISO Connectionless Network Service
clns_es* ISO CLNS End System
*
clns_is ISO CLNS Intermediate System
*
cmns ISO Connection-Mode Network Service
*
compressedtcp compressed TCP
cuseeme CU-SeeMe desktop video conference
dhcp Dynamic Host Configuration
directconnect Direct Connect
dns Domain Name Server lookup
edonkey eDonkey
egp Exterior Gateway Protocol
eigrp Enhanced Interior Gateway Routing Protocol
exchange Microsoft RPC for Exchange
fasttrack FastTrack Traffic (KaZaA, Morpheus, Grokster, and so on)
finger Finger
ftp File Transfer Protocol
gnutella Gnutella Version 2 Traffic (BearShare, Shareeza, Morpheus, and so on)

QOS-368
match protocol
Table 15 Supported Protocols (continued)

gopher Gopher
gre Generic Routing Encapsulation
h323 H323 Protocol
http World Wide Web traffic
cmp Internet Control Message
imap Internet Message Access Protocol
*
ip IP (version 4)
ipinip IP in IP (encapsulation)
ipsec IP Security Protocol (ESP/AH)
*
ipv6 IP (version 6)
irc Internet Relay Chat
kazaa2 Kazaa Version 2
kerberos Kerberos
l2tp Layer 2 Tunnel Protocol
ldap Lightweight Directory Access Protocol
*
llc2 llc2
mgcp Media Gateway Control Protocol
napster Napster traffic
netbios NetBIOS
netshow Microsoft Netshow
nfs Network File System
nntp Network News Transfer Protocol
novadigm Novadigm Enterprise Desktop Manager (EDM)
ntp Network Time Protocol
ospf Open Shortest Path First
*
pad Packet assembler/disassembler (PAD) links
pcanywhere Symantec pcANYWHERE
pop3 Post Office Protocol
printer Print spooler/ldp
rcmd Berkeley Software Distribution (BSD) r-commands (rsh, rlogin, rexec)
rip Routing Information Protocol
*
rsrb Remote Source-Route Bridging
rsvp Resource Reservation Protocol
rtp Real-Time Protocol
rtsp Real-Time Streaming Protocol
secure-ftp FTP over Transport Layer Security/Secure Sockets Layer (TLS/SSL)

QOS-369
match protocol
Table 15 Supported Protocols (continued)

secure-http Secured HTTP
secure-imap Internet Message Access Protocol over TLS/SSL
secure-irc Internet Relay Chat over TLS/SSL
secure-ldap Lightweight Directory Access Protocol over TLS/SSL
secure-nntp Network News Transfer Protocol over TLS/SSL
secure-pop3 Post Office Protocol over TLS/SSL
secure-telnet Telnet over TLS/SSL
sip Session Initiation Protocol
skinny Skinny Protocol
smtp Simple Mail Transfer Protocol
snapshot Snapshot routing support
snmp Simple Network Protocol
socks Sockets network proxy protocol (SOCKS)
sqlnet Structured Query Language (SQL)*NET for Oracle
sqlserver Microsoft SQL Server
ssh Secured shell
streamwork Xing Technology StreamWorks player
sunrpc Sun remote-procedure call (RPC)
syslog System Logging Utility
telnet Telnet
tftp Trivial File Transfer Protocol
vdolive VDOLive streaming video
*
vofr Voice over Frame Relay packets
*
xwindows X-Windows remote access
* This protocol is not supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine.
Match Protocol Command Restrictions (Catalyst 6500 Series Switches Only)

Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be
used to match packets (and organize them into groups) on the basis of a protocol type or application. You
can create as many traffic classes as needed.
Cisco IOS Release 12.2(18)ZY includes software intended for use on the Catalyst 6500 series switch
that is equipped with a Supervisor 32/PISA engine. For this release and platform, note the following
restrictions for using policy maps and match protocol commands:
• A single traffic class can be configured to match a maximum of 8 protocols or applications.
• Multiple traffic classes can be configured to match a cumulative maximum of 95 protocols or
applications.

QOS-370
match protocol
Examples The following example specifies a class map called ftp and configures the protocol as a match criterion:
Router(config)# class-map ftp
Router(config-cmap)# match protocol ftp

criterion.
match mpls Configures a class map to use the specified value of the experimental field
experimental as a match criterion.
match protocol Configures NBAR to match traffic by a protocol type known to NBAR.
(NBAR)
match qos-group Configures a class map to use the specified EXP field value as a match
criterion.

QOS-371
match protocol (NBAR)

To configure Network-Based Application Recognition (NBAR) to match traffic by a protocol type that
is known to NBAR, use the match protocol command in class-map configuration mode. To disable
NBAR from matching traffic by a known protocol type, use the no form of this command.
match protocol protocol-name [variable-field-name value]
no match protocol protocol-name [variable-field-name value]
Syntax Description protocol-name Particular protocol type known to NBAR. These known protocol types
can be used to match traffic. For a list of protocol types that are known
to NBAR, see Table 16 in “Usage Guidelines.”
variable-field-name (Optional and usable only with custom protocols) Predefined variable
that was created when you created a custom protocol. The
variable-field-name will match the field-name variable entered when
you created the custom protocol.
value (Optional and usable only with custom protocols) Specific value in the
custom payload to match. A value can be entered along with a
variable-field-name only. The value can be expressed in decimal or
hexadecimal format.
Command Default Traffic is not matched by a protocol type that is known to NBAR.

12.1(1)E This command was integrated into Cisco IOS Release 12.1(1)E and the
variable-field-name value option was added.
12.1(13)T This command became available on Catalyst 6000 family switches without
FlexWAN modules.
12.4(2)T This command was modified to include support for additional protocols,
such as the BitTorrent protocol.
12.4(4)T This command was modified to include support for additional protocols,
such as the Skype and DirectConnect protocols.

QOS-372
12.2(18)ZY This command was integrated into Cisco IOS Release 12.2(18)ZY. This
command was modified to enhance NBAR functionality on the
Catalyst 6500 series switch that is equipped with the
Supervisor 32/programmable intelligent services accelerator (PISA)
engine.
12.2(18)ZYA This command was modified to integrate NBAR and Firewall Service
Module (FWSM) functionality on the Catalyst 6500 series switch that is
equipped with a Supervisor 32/PISA. This command now recognizes
additional protocols as noted in Table 16 in “Usage Guidelines.”
Usage Guidelines Use the match protocol (NBAR) command to match protocol types that are known to NBAR. NBAR is
capable of classifying the following types of protocols:
• Non-UDP and non-TCP IP protocols
• TCP and UDP protocols that use statically assigned port numbers
• TCP and UDP protocols that use statically assigned port numbers but still require stateful inspection
• TCP and UDP protocols that dynamically assign port numbers and therefore require stateful
inspection
Table 16 lists the NBAR-supported protocols available in Cisco IOS software, sorted by category. The
table also provides information about the protocol type, the well-known port numbers (if applicable), the
syntax for entering the protocol in NBAR, and the Cisco IOS release in which the protocol was initially
supported. This table is updated when a protocol is added to a new Cisco IOS release train.

QOS-373
Table 16 NBAR-Supported Protocols
Well-Known Cisco IOS

Category Protocol Type Port Number Description Syntax Release
Enterprise Citrix ICA TCP/ TCP: 1494, Citrix ICA traffic citrix 12.1(2)E
Application UDP 2512, 2513, by application citrix app 12.1(5)T
2598 name
UDP: 1604
PCAnywhere TCP 5631, 65301 Symantic pcanywhere 12.0(5)XE2
PCAnywhere 12.1(1)E
12.1(5)T
PCAnywhere UDP 22, 5632 Symantic pcanywhere 12.0(5)XE2
PCAnywhere 12.1(1)E
12.1(5)T
Novadigm TCP/ 3460–3465 Novadigm novadigm 12.1(2)E
UDP Enterprise 12.1(5)T
Desktop Manager
(EDM)
SAP TCP 3300–3315 Application server sap 12.1E
(sap-pgm. to application 12.2T
pdlm) server traffic 12.3
3200–3215 (sap-pgm.pdlm) 12.3T
(sap-app. Client to
pdlm) application server
3600–3615 traffic
(sap-msg. (sap-app.pdlm)
pdlm)
Client to message
server traffic
(sap-msg.pdlm)
Exchange1 TCP 135 MS-RPC for exchange 12.0(5)XE2
Exchange 12.1(1)E
12.1(5)T
12.2(18)ZY
12.2(18)ZYA

QOS-374
Table 16 NBAR-Supported Protocols (continued)

Routing BGP TCP/ 179 Border Gateway bgp 12.0(5)XE2
Protocol UDP Protocol 12.1(1)E
12.1(5)T
EGP IP 8 Exterior Gateway egp 12.0(5)XE2
Protocol 12.1(1)E
12.1(5)T
EIGRP IP 88 Enhanced Interior eigrp 12.0(5)XE2
Gateway Routing 12.1(1)E
Protocol 12.1(5)T
OSPF IP Dynamically Open Shortest ospf 12.3(8)T
Assigned Path First
RIP UDP 520 Routing rip 12.0(5)XE2
Information 12.1(1)E
Protocol 12.1(5)T
Database SQL*NET TCP/ 1521 SQL*NET for sqlnet 12.0(5)XE2
UDP Oracle 12.1(1)E
12.1(5)T
MS- TCP 1433 Microsoft SQL sqlserver 12.0(5)XE2
SQLServer Server Desktop 12.1(1)E
Videocon- 12.1(5)T
ferencing
CIFS TCP 139, 445 Common Internet cifs 12.2(18)ZYA
File System
Health DiCom TCP Dynamically Digital Imaging dicom 12.2(18)ZYA
Assigned and
Communications
in Medicine
HL7 TCP Dynamically Health Level hl7 12.2(18)ZYA
Assigned Seven
Financial FIX TCP Dynamically Financial fix 12.2(18)ZYA
Assigned Information
Exchange

QOS-375

Security and GRE IP 47 Generic Routing gre 12.0(5)XE2
Tunneling Encapsulation 12.1(1)E
12.1(5)T
IPINIP IP 4 IP in IP ipinip 12.0(5)XE2
12.1(1)E
12.1(5)T
IPsec IP 50, 51 IP Encapsulating ipsec 12.0(5)XE2
Security Payload/ 12.1(1)E
Authentication- 12.1(5)T
Header
L2TP UDP 1701 L2F/L2TP Tunnel l2tp 12.0(5)XE2
12.1(1)E
12.1(5)T
MS-PPTP TCP 1723 Microsoft pptp 12.0(5)XE2
Point-to-Point 12.1(1)E
Tunneling 12.1(5)T
Protocol for VPN
SFTP TCP 990 Secure FTP secure-ftp 12.0(5)XE2
12.1(1)E
12.1(5)T
SHTTP TCP 443 Secure HTTP secure-http 12.0(5)XE2
12.1(1)E
12.1(5)T
SIMAP TCP/ 585, 993 Secure IMAP secure-imap 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T
SIRC TCP/ 994 Secure IRC secure-irc 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T
SLDAP TCP/ 636 Secure LDAP secure-ldap 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T
SNNTP TCP/ 563 Secure NNTP secure-nntp 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T
SPOP3 TCP/ 995 Secure POP3 secure-pop3 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T

QOS-376

Security and STELNET TCP 992 Secure Telnet secure-telne 12.0(5)XE2
Tunneling t 12.1(1)E
(continued) 12.1(5)T
SOCKS TCP 1080 Firewall Security socks 12.0(5)XE2
Protocol 12.1(1)E
12.1(5)T
SSH TCP 22 Secured Shell ssh 12.0(5)XE2
12.1(1)E
12.1(5)T
Network ICMP IP 1 Internet Control icmp 12.0(5)XE2
Management Message Protocol 12.1(1)E
12.1(5)T
SNMP TCP/ 161, 162 Simple Network snmp 12.0(5)XE2
UDP Management 12.1(1)E
Protocol 12.1(5)T
Syslog UDP 514 System Logging syslog 12.0(5)XE2
Utility 12.1(1)E
12.1(5)T
Network Mail IMAP TCP/ 143, 220 Internet Message imap 12.0(5)XE2
Services UDP Access Protocol 12.1(1)E
12.1(5)T
POP3 TCP/ 110 Post Office pop3 12.0(5)XE2
UDP Protocol 12.1(1)E
12.1(5)T
Notes TCP/ 1352 Lotus Notes notes 12.0(5)XE2
UDP 12.1(1)E
12.1(5)T
SMTP TCP 25 Simple Mail smtp 12.0(5)XE2
Transfer Protocol 12.1(1)E
12.1(5)T

QOS-377

Directory DHCP/ UDP 67, 68 Dynamic Host dhcp 12.0(5)XE2
BOOTP Configuration 12.1(1)E
Protocol/ 12.1(5)T
Bootstrap
Protocol
Finger TCP 79 Finger User finger 12.0(5)XE2
Information 12.1(1)E
Protocol 12.1(5)T
DNS TCP/ 53 Domain Name dns 12.0(5)XE2
UDP System 12.1(1)E
12.1(5)T
Kerberos TCP/ 88, 749 Kerberos Network kerberos 12.0(5)XE2
UDP Authentication 12.1(1)E
Service 12.1(5)T
LDAP TCP/ 389 Lightweight ldap 12.0(5)XE2
UDP Directory Access 12.1(1)E
Protocol 12.1(5)T
Streaming CU-SeeMe TCP/ 7648, 7649 Desktop Video cuseeme 12.0(5)XE2
Media UDP Conferencing 12.1(1)E
12.1(5)T
CU-SeeMe UDP 24032 Desktop Video cuseeme 12.0(5)XE2
Conferencing 12.1(1)E
12.1(5)T
Netshow TCP/ Dynamically Microsoft netshow 12.0(5)XE2
UDP Assigned Netshow 12.1(1)E
12.1(5)T
RealAudio TCP/ Dynamically RealAudio realaudio 12.0(5)XE2
UDP Assigned Streaming 12.1(1)E
Protocol 12.1(5)T
StreamWork UDP Dynamically Xing Technology streamwork 12.0(5)XE2
s Assigned Stream Works 12.1(1)E
Audio and Video 12.1(5)T
VDOLive TCP/ Static (7000) VDOLive vdolive VDOLive
UDP with Streaming Video
inspection
RTSP TCP/ Dynamically Real Time rtsp 12.3(11)T
UDP Assigned Streaming
Protocol
MGCP TCP/ 2427, 2428, Media Gateway mgcp 12.3(7)T
UDP 2727 Control Protocol
YouTube2 TCP Both static Online youtube 12.2(18)ZYA
(80) and Video-Sharing
dynamically Website
assigned

QOS-378

Internet FTP TCP Dynamically File Transfer ftp 12.0(5)XE2
Assigned Protocol 12.1(1)E
12.1(5)T
Gopher TCP/ 70 Internet Gopher gopher 12.0(5)XE2
12.1(5)T
HTTP3 TCP 80 Hypertext http 12.0(5)XE2
Transfer Protocol 12.1(1)E
12.1(5)T
IRC TCP/ 194 Internet Relay irc 12.0(5)XE2
UDP Chat 12.1(1)E
12.1(5)T
Telnet TCP 23 Telnet Protocol telnet 12.0(5)XE2
12.1(1)E
12.1(5)T
TFTP UDP Static (69) Trivial File tftp 12.0(5)XE2
with Transfer Protocol 12.1(1)E
inspection 12.1(5)T
NNTP TCP/ 119 Network News nntp 12.0(5)XE2
UDP Transfer Protocol 12.1(1)E
12.1(5)T
Signaling RSVP UDP 1698, 1699 Resource rsvp 12.0(5)XE2
Reservation 12.1(1)E
Protocol 12.1(5)T
RPC NFS TCP/ 2049 Network File nfs 12.0(5)XE2
UDP System 12.1(1)E
12.1(5)T
Sunrpc TCP/ Dynamically Sun Remote sunrpc 12.0(5)XE2
UDP Assigned Procedure Call 12.1(1)E
12.1(5)T
MSM4 TCP 1863 MSN Messenger msn-chat 12.2(18)ZYA
Non-IP and NetBIOS TCP/ 137, 138, NetBIOS over IP netbios 12.0(5)XE2
LAN/ UDP 139 (MS Windows) 12.1(1)E
Legacy 12.1(5)T

QOS-379

Misc. NTP TCP/ 123 Network Time ntp 12.0(5)XE2
12.1(5)T
Printer TCP/ 515 Printer printer 12.1(2)E
UDP 12.1(5)T
X Windows TCP 6000–6003 X11, X Windows xwindows 12.0(5)XE2
12.1(1)E
12.1(5)T
r-commands TCP Dynamically rsh, rlogin, rexec rcmd 12.0(5)XE2
Assigned 12.1(1)E
12.1(5)T
Voice H.323 TCP Dynamically H.323 h323 12.3(7)T
Assigned Teleconferencing
Protocol
MAPI TCP 135 Messaging mapi 12.2(18)ZYA
Application
Programming
Interface
RTCP TCP/ Dynamically Real-Time rtcp 12.1E
UDP Assigned Control Protocol 12.2T
12.3
12.3T
12.3(7)T
RTP TCP/ Dynamically Real-Time rtp 12.2(8)T
UDP Assigned Transport
Protocol Payload
Classification
Softphone5 UDP 5060 Cisco IP cisco- 12.2(18)ZYA
SoftPhone softphone
SIP TCP/ 5060 Session Initiation sip 12.3(7)T
UPD Protocol
SCCP/ TCP 2000, 2001, Skinny Client skinny 12.3(7)T
Skinny 2002 Control Protocol
Skype6 TCP/ Dynamically Peer-to-Peer VoIP skype 12.4(4)T
UDP Assigned Client Software
Note Cisco
currently
supports
Skype
version 1
only.

QOS-380

Peer-to-Peer BitTorrent TCP Dynamically BitTorrent File bittorrent 12.4(2)T
File-Sharing Assigned, or Transfer Traffic
Applications 6881-6889
Direct TCP/ 411 Direct Connect direct 12.4(4)T
Connect UDP File Transfer connect
Traffic
eDonkey/ TCP 4662 eDonkey File- edonkey 12.3(11)T
eMule Sharing
Application
eMule traffic is
also classified as
eDonkey traffic in
NBAR.
FastTrack N/A Dynamically FastTrack fasttrack 12.1(12c)E
Assigned
Gnutella TCP Dynamically Gnutella gnutella 12.1(12c)E

Assigned
KaZaA TCP/ Dynamically KaZaA kazaa2 12.2(8)T

UPD Assigned
Note that earlier
KaZaA version 1
traffic can be
classified using
FastTrack.
WinMX TCP 6699 WinMX Traffic winmx 12.3(7)T
1. For Release 12.2(18)ZYA, Cisco supports Exchange 03 and 07 only. MS client access is recognized, but web client access is
not recognized.
2. For Release 12.2(18)ZYA, access to YouTube via HTTP only will be recognized.
3. In Release 12.3(4)T, the NBAR Extended Inspection for Hypertext Transfer Protocol (HTTP) Traffic feature was introduced.
This feature allows NBAR to scan TCP ports that are not well known and to identify HTTP traffic that is traversing these
ports.
4. For Release 12.2(18)ZYA, messages (“chat”) from Yahoo, MSN, and AOL are recognized. Messages from Lotus and
SameTime are not recognized. Video and voice from Instant Messages are also not recognized.
5. For Release 12.2(18)ZYA, only SIP and Skinny telephone connections (cisco-softphone traffic connections) are recognized.
H.323 telephone connections are not recognized.
6. Skype was introduced in Cisco IOS Release 12.4(4)T. As a result of this introduction, Skype is now native in (included with)
Cisco IOS software and uses the NBAR infrastructure new to Cisco IOS Release 12.4(4)T.

QOS-381
Custom Protocols Created with the ip nbar custom Command

The variable-field-name value is used in conjunction with the variable field-name field-length options
that are entered when you create a custom protocol using the ip nbar custom command. The variable
option allows NBAR to match traffic on the basis of a specific value of a custom protocol. For instance,
if ip nbar custom ftdd 125 variable scid 2 tcp range 5001 5005 is entered to create a custom protocol,
and then a class map using the match protocol ftdd scid 804 is created, the created class map will match
all traffic that has the value “804” at byte 125 entering or leaving TCP ports 5001 to 5000.
Up to 24 variable values per custom protocol can be expressed in class maps. For instance, in the
following configuration, 4 variables are used and 20 more “scid” values could be used.
Router(config)# ip nbar custom ftdd field scid 125 variable 1 tcp range 5001 5005
Router(config)# class-map active-craft
Router(config)# class-map passive-craft

Match Protocol Command Restrictions (Catalyst 6500 Series Switches Only)

Policy maps contain traffic classes. Traffic classes contain one or more match commands that can be
used to match packets (and organize them into groups) on the basis of a protocol type or application. You
can create as many traffic classes as needed.
restrictions for using policy maps and match protocol commands:
• A single traffic class can be configured to match a maximum of 8 protocols or applications.
• Multiple traffic classes can be configured to match a cumulative maximum of 95 protocols or
applications.
Examples The following example configures NBAR to match FTP traffic:

Router(config-cmap)# match protocol ftp
In the following example, custom protocol ftdd is created by using a variable. A class map matching this
custom protocol based on the variable is also created. In this example, class map matchscidinftdd will
match all traffic that has the value “804” at byte 125 entering or leaving TCP ports 5001 to 5005. The
variable scid is 2 bytes in length.

Router(config-cmap)# match protocol ftdd scid 804
The same example above can also be done by using hexadecimal values in the class map as follows:


QOS-382
In the following example, the variable keyword is used while you create a custom protocol, and class
maps are configured to classify different values within the variable field into different traffic classes.
Specifically, in the example below, variable scid values 0x15, 0x21, and 0x27 will be classified into class
map active-craft, while scid values 0x11, 0x22, and 0x25 will be classified into class map passive-craft.
Router(config)# ip nbar custom ftdd field scid 125 variable 1 tcp range 5001 5005
Router(config)# class-map active-craft

Router(config)# class-map passive-craft


ip nbar custom Extends the capability of NBAR Protocol Discovery to classify and monitor
additional static port applications, or allows NBAR to classify nonsupported
static port traffic.

QOS-383
match protocol citrix

To configure network-based application recognition (NBAR) to match Citrix traffic, use the
match protocol citrix command in class-map configuration mode. To disable NBAR from matching
Citrix traffic, use the no form of this command.
match protocol citrix [app application-name-string] [ica-tag ica-tag-value]
no match protocol citrix [app application-name-string] [ica-tag ica-tag-value]
Syntax Description app (Optional) Specifies matching of an application name string.

application-name-string (Optional) Specifies the string to be used as the subprotocol parameter.
ica-tag (Optional) Specifies tagging of Independent Computing Architecture
(ICA) packets.
ica-tag-value (Optional) Specifies the priority tag of ICA packets. Priority tag values
can be in the range of 0 to 3.

12.4(2)T This command was modified to include the ica-tag keyword and the
ica-tag-value argument.
Usage Guidelines Entering the match protocol citrix command without the app keyword establishes all Citrix traffic as
Entering the match protocol citrix command with the ica-tag keyword prioritizes Citrix ICA traffic.
The priority tag values can be a number from 0 to 3, with 0 having the highest priority and 3 the lowest.
Examples The following example configures NBAR to match all Citrix traffic:

QOS-384
The following example configures NBAR to match Citrix traffic with the application name of packet1:
match protocol citrix app packet1
The following example configures NBAR to give Citrix ICA traffic a priority of 1:
match protocol citrix ica-tag-1

QOS-385
match protocol fasttrack

To configure network-based application recognition (NBAR) to match FastTrack peer-to-peer traffic, use
the match protocol fasttrack command in class-map configuration mode. To disable NBAR from
matching FastTrack traffic, use the no form of this command.
match protocol fasttrack file-transfer “regular-expression”
no match protocol fasttrack file-transfer “regular-expression”
Syntax Description file-transfer Indicates that a regular expression will be used to identify specific
FastTrack traffic.
“regular-expression” Regular expression used to identify specific FastTrack traffic. For
instance, entering “cisco” as the regular expression would classify the
FastTrack traffic containing the string “cisco” as matches for the traffic
policy.
To specify that all FastTrack traffic be identified by the traffic class, use
“*” as the regular expression.
Command Default NBAR is not configured to match FastTrack peer-to-peer traffic

12.1(12c)E This command was introduced.
12.1(13)E This command became available on Catalyst 6000 family switches
Usage Guidelines To specify that all FastTrack traffic be identified by the traffic class, use “*” as the regular expression.
Applications that use FastTrack include KaZaA, Grokster, and Morpheus (although newer versions of
Morpheus use Gnutella).
Examples The following example configures NBAR to match all FastTrack traffic:
match protocol fasttrack file-transfer “*”

QOS-386
In the following example, all FastTrack files that have the “.mpeg” extension will be classified into class
map nbar:
class-map match-all nbar
match protocol fasttrack file-transfer "*.mpeg"
The following example configures NBAR to match FastTrack traffic that contains the string “cisco”:
match protocol fasttrack file-transfer “*cisco*”

QOS-387
match protocol gnutella

To configure network-based application recognition (NBAR) to match Gnutella peer-to-peer traffic, use
the match protocol gnutella command in class-map configuration mode. To disable NBAR from
matching Gnutella traffic, use the no form of this command.
match protocol gnutella file-transfer “regular-expression”
no match protocol gnutella file-transfer “regular-expression”
Syntax Description file-transfer Indicates that a regular expression will be used to identify specific
Gnutella traffic.
“regular-expression” The regular expression used to identify specific Gnutella traffic. For
instance, entering “cisco” as the regular expression would classify the
Gnutella traffic containing the string “cisco” as matches for the traffic
policy.
To specify that all Gnutella traffic be identified by the traffic class, use
“*” as the regular expression.
Command Default No behavior or values are predefined.

12.1(12c)E This command was introduced.
12.1(13)E This command became available on Catalyst 6000 family switches
Usage Guidelines To specify that all Gnutella traffic be identified by the traffic class, use “*” as the regular expression.
Applications that use Gnutella include the following:
• BearShare
• Gnewtellium
• Gnucleus
• Gtk-Gnutella
• JTella
• LimeWire

QOS-388
• Morpheus
• Mutella
• Phex
• Qtella
• Swapper
• XoloX
• XCache
Examples The following example configures NBAR to match all Gnutella traffic:
match protocol gnutella file-transfer “*”
In the following example, all Gnutella files that have the “.mpeg” extension will be classified into class
map nbar:
match protocol gnutella file-transfer "*.mpeg"
In the following example, only Gnutella traffic that contains the characters “cisco” is classified:
match protocol gnutella file-transfer “*cisco*”

QOS-389
match protocol http
match protocol http

To configure Network-Based Application Recognition (NBAR) to match HTTP traffic by URL, host,
Multipurpose Internet Mail Extension (MIME) type, or fields in HTTP packet headers, use the
match protocol http command in class-map configuration mode. To disable NBAR from matching
HTTP traffic by URL, host, or MIME type, or fields in HTTP packet headers, use the no form of this
command.
match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field
c-header-field-string | s-header-field s-header-field-string]
no match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field
c-header-field-string | s-header-field s-header-field-string]
Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine
match protocol http [content-encoding content-encoding-name-string | from from-address-string

| host hostname-string | location location-name-string | mime MIME-type | referer
referer-address-string | server server-software-name-string | url url-string | user-agent
user-agent-software-name-string]
no match protocol http [content-encoding content-encoding-name-string | from

from-address-string | host hostname-string | location location-name-string | mime
MIME-type | referer referer-address-string | server server-software-name-string | url
url-string | user-agent user-agent-software-name-string]
Syntax Description url (Optional) Specifies matching by a URL.

url-string (Optional) User-specified URL of HTTP traffic to be matched.
host (Optional) Specifies matching by a hostname.
hostname-string (Optional) User-specified hostname to be matched.
mime (Optional) Specifies matching by a MIME text string.
MIME-type (Optional) User-specified MIME text string to be matched.
c-header-field (Optional) Specifies matching by a string in the header field in HTTP
client messages.
Note HTTP client messages are often called HTTP request messages.
c-header-field-string (Optional) User-specified text string within the HTTP client message
(HTTP request message) to be matched.
s-header-field (Optional) Specifies matching by a string in the header field in the
HTTP server messages
Note HTTP server messages are often called HTTP response
messages.
s-header-field-string (Optional) User-specified text within the HTTP server message (HTTP
response message) to be matched.

QOS-390
match protocol http
Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine
content-encoding (Optional) Specifies matching by the encoding mechanism used to
package the entity body.
content-encoding-name-stri (Optional) User-specified content-encoding name.
ng
from (Optional) Specifies matching by the e-mail address of the person
controlling the user agent.
from-address-string (Optional) User-specified e-mail address.
location (Optional) Specifies matching by the exact location of the resource
from request.
location-name-string (Optional) User-specified location of the resource.
referer (Optional) Specifies matching by the address from which the resource
request was obtained.
referer-address-name-strin (Optional) User-specified address of the referer resource.
g
server (Optional) Specifies matching by the software used by the origin server
handling the request.
server-software-name-strin (Optional) User-specified software name.
g
user-agent (Optional) Specifies matching by the software used by the agent
sending the request.
user-agent-software-name-s (Optional) User-specified name of the software used by the agent
tring sending the request.
Command Default NBAR does not match HTTP traffic by URL, host, MIME type, or fields in HTTP packet headers.

12.1(2)E This command was modified to include the hostname-string argument.
12.1(13)E This command became available on Catalyst 6000 family switches without
FlexWAN modules.
12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T, and the
NBAR Extended Inspection for HTTP Traffic feature was introduced. This
feature allows NBAR to scan TCP ports that are not well known and to
identify HTTP traffic traversing these ports.

QOS-391
match protocol http
12.4(2)T The command was integrated into Cisco IOS Release 12.4(2)T and was
modified to include the c-header-field c-header-field-string and
s-header-field s-header-field-string keywords and arguments.
12.2(18)ZY2 This command was integrated into Cisco IOS Release 12.2(18)ZY2, and
support was provided for the Catalyst 6500 series switch that is equipped
with the Supervisor 32/PISA engine.
Note For this Cisco IOS release and this platform, the c-header-field
c-header-field-string and s-header-field s-header-field-string
keywords and arguments are not available. To achieve the same
functionality, use the individual keywords and arguments as shown
in the syntax for the Catalyst 6500 series switch.
Usage Guidelines Classification of HTTP Traffic by Host, URL, or MIME

In Cisco IOS Release 12.3(4)T, the NBAR Extended Inspection for HTTP Traffic feature was
introduced. This feature allows NBAR to scan TCP ports that are not well-known and that identify HTTP
traffic traversing these ports. This feature is enabled automatically when a service policy containing the
match protocol http command is attached to an interface.
When matching by MIME type, the MIME type can contain any user-specified text string. See the
following web page for the IANA-registered MIME types:
http://www.iana.org/assignments/media-types/index.html
When matching by MIME type, NBAR matches a packet containing the MIME type and all subsequent
packets until the next HTTP transaction.
When matching by host, NBAR performs a regular expression match on the host field contents inside the
HTTP packet and classifies all packets from that host.
HTTP client request matching supports GET, PUT, HEAD, POST, DELETE, OPTIONS, and TRACE.
When matching by URL, NBAR recognizes the HTTP packets containing the URL and then matches all
packets that are part of the HTTP request. When specifying a URL for classification, include only the
portion of the URL that follows the www.hostname.domain in the match statement. For example, for the
URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html with the match
statement (for instance, match protocol http url /latest/whatsnew.html).
Note For Cisco IOS Release 12.2(18)ZY2 on the Cisco Catalyst 6500 series switch that is equipped with a
Supervisor 32/PISA engine, up to 56 parameters or sub-classifications can be specified with the match
protocol http command. These parameters or sub-classifications can be a combination of any of the
available match choices, such as HOST matches, MIME matches, server matches, URL matches, and so
on. For other Cisco IOS releases and platforms, the maximum is 24 parameters or sub-classifications.

QOS-392
match protocol http
To match the www.anydomain.com portion, use the hostname matching feature. The parameter
specification strings can take the form of a regular expression with the following options:
Option Description
* Match any zero or more characters in this position.
? Match any one character in this position.
| Match one of a choice of characters.
(|) Match one of a choice of characters in a range. For example cisco.(gif | jpg) matches either
cisco.gif or cisco.jpg.
[] Match any character in the range specified, or one of the special characters. For example,
[0-9] is all of the digits. [*] is the “*” character and [[] is the “[” character.
Classification of HTTP Header Fields

In Cisco IOS Release 12.3(11)T, NBAR introduced expanded ability for users to classify HTTP traffic
using information in the HTTP Header Fields.
HTTP works using a client/server model: HTTP clients open connections by sending a request message
to an HTTP server. The HTTP server then returns a response message to the HTTP client (this response
message is typically the resource requested in the request message from the HTTP client). After
delivering the response, the HTTP server closes the connection and the transaction is complete.
HTTP header fields are used to provide information about HTTP request and response messages. HTTP
has numerous header fields. For additional information on HTTP headers, see section 14 of RFC 2616:
Hypertext Transfer Protocol—HTTP/1.1. This document can be read at the following URL:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
For request messages (client to server), the following HTTP header fields can be identified by using
NBAR:
• User-Agent
• Referer
For response messages (server to client), the following header fields can be identified by using NBAR:
• Server
• Location
• Content-Encoding
• Content-Base
Note Use of the Content-Base field has not been implemented by the HTTP community. (See
RFC 2616 for details.) Therefore, the Content-Base field is not identified by NBAR on
the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine.
Within NBAR, the match protocol http c-header-field command is used to specify request messages
(the “c” in the c-header-field portion of the command is for client). The match protocol http
s-header-field command is used to specify response messages (the “s” in the s-header-field portion of
the command is for server).
It is important to note that combinations of URL, host, MIME type, and HTTP headers can be used
during NBAR configuration. These combinations provide customers with more flexibility to classify
specific HTTP traffic based on their network requirements.

QOS-393
match protocol http
Note For Cisco IOS Release 12.2(18)ZY2 on the Cisco Catalyst 6500 series switch that is equipped with a
Supervisor 32/PISA engine, the c-header-field and s-header-field keywords and associated arguments
are not available. Instead, use the individual keywords and arguments as shown in the syntax to achieve
the same functionality.
Examples The following example classifies, within class map class1, HTTP packets based on any URL containing
the string whatsnew/latest followed by zero or more characters:
class-map class1
match protocol http url whatsnew/latest*
The following example classifies, within class map class2, packets based on any hostname containing
the string cisco followed by zero or more characters:
class-map class2
match protocol http host cisco*
The following example classifies, within class map class3, packets based on the JPEG MIME type:
class-map class3
match protocol http mime “*jpeg”
In the following example, any response message that contains “gzip” in the Content-Base (if available),
Content-Encoding, Location, or Server header fields will be classified by NBAR. Typically, the term
“gzip” would be found in the Content-Encoding header field of the response message.
class-map class4
match protocol http s-header-field “gzip”
In the following example, HTTP header fields are combined with a URL to classify traffic. In this
example, traffic with a User-Agent field of “CERN-LineMode/3.0” and a Server field of “CERN/3.0”,
along with URL “www.cisco.com”, will be classified using NBAR.
class-map match-all c-http
match protocol http c-header-field “CERN-LineMode/3.0”
match protocol http s-header-field “CERN/3.0”
match protocol http url “www.cisco.com”
Catalyst 6500 Series Router Equipped with a Supervisor 32/PISA Engine Example
In the following two examples, the individual keywords and associated arguments are used to specify
traffic (instead of the c-header-field and the s-header-field keywords).
In the first example, the user-agent, referrer, and from keywords are specified. In the second example,
the server, location, content-encoding keywords are specified.
class-map match-all test1
match protocol http user-agent Mozilla
match protocol http referrer *10.0.10.50
match protocol http from *cisco.com
class-map match-all test2

match protocol http server Apache
match protocol http location *cisco.com
match protocol http content-encoding compress

QOS-394
match protocol rtp
match protocol rtp

To configure network-based application recognition (NBAR) to match Real-Time Transfer Protocol
(RTP) traffic, use the match protocol rtp command in class-map configuration mode. To disable NBAR
from matching RTP traffic, use the no form of this command.
match protocol rtp [audio | video | payload-type payload-string]
no match protocol rtp [audio | video | payload-type payload-string]
Syntax Description audio (Optional) Specifies matching by audio payload-type values in the range of
0 to 23. These payload-type values are reserved for audio traffic.
video (Optional) Specifies matching by video payload-type values in the range of
24 to 33. These payload-type values are reserved for video traffic.
payload-type (Optional) Specifies matching by a specific payload-type value, providing

more granularity than is available with the audio or video keywords.
payload-string (Optional) User-specified string that contains the specific payload-type

values.
A payload-string argument can contain commas to separate payload-type
values and hyphens to indicate a range of payload-type values. A
payload-string argument can be specified in hexadecimal (prepend 0x to the
value) and binary (prepend b to the value) notation in addition to standard
number values.

12.1(11b)E This command was integrated into Cisco IOS Release 12.1(11b)E.
Usage Guidelines Entering the match protocol rtp command without any other keywords establishes all RTP traffic as

QOS-395
match protocol rtp
RTP is a packet format for multimedia data streams. It can be used for media-on-demand as well as
interactive services such as Internet telephony. RTP consists of a data and a control part. The control part
is called Real-Time Transport Control Protocol (RTCP). It is important to note that the NBAR RTP
Payload Classification feature does not identify RTCP packets and that RTCP packets run on
odd-numbered ports while RTP packets run on even-numbered ports.
The payload type field of an RTP packet identifies the format of the RTP payload and is represented by
a number. NBAR matches RTP traffic on the basis of this field in the RTP packet. A working knowledge
of RTP and RTP payload types is helpful if you want to configure NBAR to match RTP traffic. For more
information about RTP and RTP payload types, refer to RFC 1889, RTP: A Transport Protocol for
Real-Time Applications.
Examples The following example configures NBAR to match all RTP traffic:
class-map class1
match protocol rtp
The following example configures NBAR to match RTP traffic with the payload-types 0, 1, 4, 5, 6, 7, 8,
9, 10, 11, 12, 13, 14, 15, 16, 17, 18, and 64:
class-map class2
match protocol rtp payload-type "0, 1, 4-0x10, 10001b-10010b, 64"

QOS-396
match qos-group
match qos-group
To identify a specific quality of service (QoS) group value as a match criterion, use the match qos-group
command in class-map configuration mode. To remove a specific QoS group value from a class map, use
match qos-group qos-group-value
no match qos-group qos-group-value
Syntax Description qos-group-value The exact value from 0 to 99 used to identify a QoS group value.
Command Default No match criterion is specified.

12.05(XE) This command was integrated into Cisco IOS Release 12.0(5)XE.
Usage Guidelines The match qos-group command is used by the class map to identify a specific QoS group value marking
on a packet. This command can also be used to convey the received Multiprotocol Label Switching
(MPLS) experimental (EXP) field value to the output interface.
The qos-group-value argument is used as a marking only. The QoS group values have no mathematical
significance. For instance, the qos-group-value of 2 is not greater than 1. The value simply indicates that
a packet marked with the qos-group-value of 2 is different than a packet marked with the
qos-group-value of 1. The treatment of these packets is defined by the user through the setting of QoS
policies in QoS policy-map class configuration mode.
The QoS group value is local to the router, meaning that the QoS group value that is marked on a packet
does not leave the router when the packet leaves the router. If you need a marking that resides in the
packet, use IP precedence setting, IP differentiated services code point (DSCP) setting, or another
method of packet marking.
This command can be used with the random-detect discard-class-based command.

QOS-397
match qos-group
Examples The following example shows how to configure the service policy called “priority50” and attach service
policy “priority50” to an interface. In this example, the class map called “qosgroup5” will evaluate all
packets entering Fast Ethernet interface 1/0/0 for a QoS group value of 5. If the incoming packet has
been marked with the QoS group value of 5, the packet will be treated with a priority level of 50.
Router(config)# class-map qosgroup5
Router(config-cmap)# match qos-group 5
Router(config-pmap)# class qosgroup5
Router(config)# interface fastethernet1/0/0
Router(config-if)# service-policy output priority50

random-detect Bases WRED on the discard class value of a packet.
discard-class-based
set precedence Specifies an IP precedence value for packets within a traffic class.
set qos-group Sets a group ID that can be used later to classify packets.

QOS-398
match source-address mac
match source-address mac

To use the source MAC address as a match criterion, use the match source-address mac command in
QoS class-map configuration mode. To remove a previously specified source MAC address as a match
criterion, use the no form of this command.
match source-address mac address-destination
no match source-address mac address-destination
Syntax Description address-destination The source destination MAC address to be used as a match criterion.

12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB
and implemented on the Cisco 10000 series.
Usage Guidelines This command can be used only on an input interface with a MAC address, for example, Fast Ethernet
and Ethernet interfaces.
This command cannot be used on output interfaces with no MAC address, such as serial and ATM
interfaces.
Examples The following example uses the MAC address mac 0.0.0 as a match criterion:
Router(config)# class-map matchsrcmac
Router(config-cmap)# match source-address mac 0.0.0

class.

QOS-399
match start
match start
To configure the match criteria for a class map on the basis of the datagram header (Layer 2 ) or the
network header (Layer 3), use the match start command in class-map configuration mode. To remove
the specified match criteria, use the no form of this command.
match start {l2-start | l3-start} offset number size number

{eq | neq | gt | lt | range range | regex string} {value [value2] | [string]}
no match start {l2-start | l3-start} offset number size number

{eq | neq | gt | lt | range range | regex string} {value [value2] | [string]}
Syntax Description l2-start Match criterion starts from the datagram header.
l3-start Match criterion starts from the network header.
offset number Match criterion can be made according to any aribitrary offset.
size number Number of bytes in which to match.
eq Match criteria is met if the packet is equal to the specified value or mask.
neq Match criteria is met if the packet is not equal to the specified value or mask.
mask (Optional) Can be used when the eq or the neq keywords are issued.
gt Match criteria is met if the packet is greater than the specified value.
lt Match criteria is met if the packet is less than the specified value.
range range Match critera is based upon a lower and upper boundary protocol field range.
regex string Match critera is based upon a string that is to be matched.
value Value for which the packet must be in accordance with.
Defaults No match criteria are configured.


QOS-400
match start
Usage Guidelines To the match criteria that is to be used for flexible packet matching, you must first enter the class-map
command to specify the name of the class whose match criteria you want to establish. Thereafter, you
can enter one of the following commands:
• match-field (which configures the match criteria for a class map on the basis of the fields defined
in the protocol header description files [PHDFs])
• match-start (which can be used if a PHDF is not loaded onto the router)
of IP header.






class blaster1
drop
class blaster2
drop

class blaster3
drop

class ip-tcp
class ip-udp



QOS-401
match start
Command Description
match field Configures the match criteria for a class map on the basis of the fields
defined in the PHDFs.

QOS-402
match tag (class-map)
match tag (class-map)

To specify the tag to be matched for a tag type of class map, use the match tag command in class-map
configuration mode. To delete the tag, use the no form of this command.
match tag tag-name
no match tag tag-name
Syntax Description tag-name Name of the tag.
Command Default No match tags are defined.

Usage Guidelines The access control server (ACS) sends the tag attribute to the network access device (NAD) using the
Cisco attribute-value (AV) pair. (The tag attribute can also be sent to the NAD using the IETF attribute
88.)
Examples The following example shows that the tag to be matched is named “healthy”:
Router(config)# class-map type tag healthy_class
Router(config-cmap)# match tag healthy

specified class.

QOS-403
match vlan (QoS)
match vlan (QoS)

To match and classify traffic on the basis of the virtual local-area network (VLAN) identification
number, use the match vlan command in class-map configuration mode. To remove a previously
specified VLAN identification number as a match criterion, use the no form of this command.
match vlan vlan-id-number
no match vlan vlan-id-number
Syntax Description vlan-id-number VLAN identification number, numbers, or range of numbers. Valid
VLAN identification numbers must be in the range of 1 to 4095.
Command Default Traffic is not matched on the basis of the VLAN identification number.

12.2(31)SB2 This command was introduced for use on Cisco 10000 series routers only.
Usage Guidelines Specifying VLAN Identification Numbers

You can specify a single VLAN identification number, multiple VLAN identification numbers separated
by spaces (for example, 2 5 7), or a range of VLAN identification numbers separated by a hyphen (for
example, 25-35).
Support Restrictions
The following restrictions apply to the match vlan command:
• The match vlan command is supported for IEEE 802.1q and Inter-Switch Link (ISL) VLAN
encapsulations only.
• As of Cisco IOS Release 12.2(31)SB2, the match vlan command is supported on Cisco 10000 series
routers only.
Examples In the following sample configuration, the match vlan command is enabled to classify and match traffic
on the basis of a range of VLAN identification numbers. Packets with VLAN identification numbers in
the range of 25 to 50 are placed in the class called class1.
Router> enable
Router(config-cmap)# match vlan 25-50

QOS-404
match vlan (QoS)
Note Typically, the next step would be to configure class1 in a policy map, enable a quality of service (QoS)
feature (for example, class-based weighted fair queueing [CBWFQ]) in the policy map, and attach the
policy map to an interface. To configure a policy map, use the policy-map command. To enable
CBWFQ, use the bandwidth command (or use the command for the QoS feature that you want to
enable). To attach the policy map to an interface, use the service-policy command. For more information
about classifying network traffic on the basis of a match criterion, see the “Classification” part of the
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.

bandwidth Specify or modifies the bandwidth allocated for a class belonging to a policy
(policy-map class) map.
interfaces.
service-policy Attached a policy map to an interface.

QOS-405
match vlan inner
match vlan inner

To configure a class map to match the innermost VLAN ID in an 802.1q tagged frame, use the match
vlan inner command in ATM interface configuration mode. To remove matching on the innermost
VLAN ID of an 802.1q tagged frame, use the no form of this command.
match vlan inner vlan-ids
no match vlan inner vlan-ids
Syntax Description vlan-ids One or more VLAN IDs to be matched. The valid range for VLAN IDs is
from 1 to 4095, and the list of VLAN IDs can include one or all of the
following:
• Single VLAN IDs, separated by spaces. For example:
100 200 300
• One or more ranges of VLAN IDs, separated by spaces. For example:
1-1024 2000-2499
Command Default Packets are not matched on the basis of incoming dot1q VLAN inner IDs.
Command Modes Class map configuration

12.2(18)SXF This command was implemented on Cisco 7600 series routers.
Examples The following example creates a class map that matches packets with a VLAN IDs of 100 to 300.
Router(config)# class-map match-all vlan100
Router(config-cmap)# match vlan inner 100

QOS-406
match vlan inner

clear cef linecard Clears Cisco Express Forwarding (CEF) information on one or more line
cards, but does not clear the CEF information on the main route processor
(RP). This forces the line cards to synchronize their CEF information with
the information that is on the RP.
mls qos trust Sets the trusted state of an interface to determine which incoming QoS field
policy-map router.

QOS-407
maximum (local policy)

To set the limits for Resource Reservation Protocol (RSVP) resources, use the maximum command in
local policy configuration mode. To delete the limits, use the no form of this command.
maximum [bandwidth [group x] [single y] | senders n]
no maximum [bandwidth [group x] [single y] | senders n]
Syntax Description bandwidth (Optional) Indicates bandwidth limits for RSVP reservations.
group x (Optional) Specifies the amount of bandwidth, in kbps, that can be requested
by all the reservations covered by a local policy. The x value ranges from 1
to 10000000.
single y (Optional) Specifies the maximum bandwidth, in kbps, that can be requested by
any specific RSVP reservation covered by a local policy. The y value ranges
from 1 to 10000000.
senders n (Optional) Limits the number of RSVP senders affected by a local policy that
can be active at the same time on a router. The value for n ranges from 1 to
50000; the default is 1000.
Command Default No maximum bandwidth limit is set and no RSVP senders are configured.
Command Modes Local policy configuration

12.4(6)T This command was modified to apply to RESV messages.
Usage Guidelines Previously, the maximum bandwidth command applied only to PATH messages. However, as part of
the application ID enhancement, this command now applies only to RESV messages. This change has
the following benefits:
• Allows the local policy bandwidth limit to be used by RSVP’s admission control process for both
shared and nonshared reservations. Previous releases that performed group bandwidth checks on
PATH messages could not account for bandwidth sharing and, as a result, you had to account for
sharing by creating a larger maximum group bandwidth for the policy.
• Allows a local policy to trigger preemption during the admission control function if there is
insufficient policy bandwidth to meet the needs of an incoming RESV message.

QOS-408
Examples The following example specifies the maximum bandwidth for a group of reservations and for a single
reservation, respectively:
Router(config-rsvp-local-policy)# maximum bandwidth single 50

ip rsvp policy local Determines how to perform authorization on RSVP requests.

QOS-409
maximum header
maximum header
To specify the maximum size of the compressed IP header, use the maximum header command in
IPHC-profile configuration mode. To return the maximum size of the compressed IP header to the default
size, use the no form of this command.
maximum header number-of-bytes
no maximum header
Syntax Description number-of-bytes The maximum header size, in bytes. Valid entries are numbers from 20 to
168. Default is 168.
Command Default The maximum size of the compressed IP header is 168 bytes.

Usage Guidelines The maximum header command allows you to define the maximum size of the IP header of a packet to
be compressed. Any packet with an IP header that exceeds the maximum size is sent uncompressed.
Use the number-of-bytes argument of the maximum header command to restrict the size of the IP header
to be compressed.
Intended for Use with IPHC Profiles

The maximum header command is intended for use as part of an IPHC profile. An IPHC profile is used
to enable and configure header compression on your network. For more information about using IPHC
profiles to configure header compression, see the “Header Compression” module and the “Configuring
Header Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service Solutions
Configuration Guide, Release 12.4T.
Prerequisite
Before using the maximum header command, you must enable either TCP header compression or
non-TCP header compression. To enable TCP header compression, use the tcp command. To enable
non-TCP header compression, use the non-tcp command.

QOS-410
maximum header
Examples The following is an example of an IPHC profile called profile2. In this example, the maximum size of
the compressed IP header is set to 75 bytes.
Router> enable
Router(config-iphcp)# maximum header 75


QOS-411
max-reserved-bandwidth
To change the percent of interface bandwidth allocated for Resource Reservation Protocol (RSVP),
class-based weighted fair queueing (CBWFQ), low latency queueing (LLQ), IP RTP Priority, Frame
Relay IP RTP Priority, Frame Relay PVC Interface Priority Queueing (PIPQ), or hierarchical queueing
framework (HQF), use the max-reserved bandwidth command in interface configuration mode. To
restore the default value, use the no form of this command.
max-reserved-bandwidth percent
no max-reserved-bandwidth
Syntax Description percent Amount of interface bandwidth allocated for RSVP, CBWFQ, LLQ, IP RTP
Priority, Frame Relay IP RTP Priority, Frame Relay PIPQ, and HQF.
Command Default 75 percent on all supported platforms except the Cisco 7500 series routers, which do not have this
restriction.

12.4(20)T Support was added for HQF using the Modular Quality of Service (QoS)
Command-Line Interface (CLI) (MQC).
Usage Guidelines The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available
bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including
Layer 2 overhead, control traffic, and best-effort traffic.
If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP
RTP Priority, Frame Relay PIPQ, or HQF, you can use the max-reserved-bandwidth command. The
percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken
away from best-effort and control traffic.

QOS-412
Examples In the following example, the policy map called policy1 is configured for three classes with a total of
8 Mbps configured bandwidth, as shown in the output from the show policy-map command:
Policy Map policy1

Class class1
Class class2
Class class3
When you enter the service-policy command in an attempt to attach the policy map on a 10-Mbps
Ethernet interface, an error message such as the following is produced:
I/f Ethernet1/1 class class3 requested bandwidth 3000 (kbps) Available only 2500 (kbps)
The error message is produced because the default maximum configurable bandwidth is 75 percent of
the available interface bandwidth, which in this example is 7.5 Mbps. To change the maximum
configurable bandwidth to 80 percent, use the max-reserved-bandwidth command in interface
configuration mode, as follows:
max-reserved-bandwidth 80
service output policy1
end
To verify that the policy map was attached, enter the show policy-map interface command:
Router# show policy-map interface e1/1
Ethernet1/1 output :policy1

Class class1
Bandwidth 2500 (kbps) Packets Matched 0 Max Threshold 64 (packets)
(discards/tail drops) 0/0
Class class2
Class class3
Virtual Template Configuration Example

The following example configures a strict priority queue in a virtual template configuration with
CBWFQ. The max-reserved-bandwidth command changes the maximum bandwidth allocated between
CBWFQ and IP RTP Priority from the default (75 percent) to 80 percent.
multilink virtual-template 1
interface virtual-template 1
ip address 172.16.1.1 255.255.255.0
ip rtp priority 16384 16383 25
ppp multilink
ppp multilink fragment-delay 20
ppp multilink interleave
max-reserved-bandwidth 80
end

QOS-413
interface Serial0/1
bandwidth 64
ip address 10.1.1.2 255.255.255.0
encapsulation ppp
ppp multilink
end
Note To make the virtual access interface function properly, do not configure the bandwidth command on the
virtual template. Configure it on the actual interface, as shown in the example.

bandwidth (policy-map Specifies or modifies the bandwidth allocated for a class belonging to a
class) policy map.
ip rtp priority Reserves a strict priority queue for a set of RTP packet flows belonging to
a range of UDP destination ports.
show policy-map Displays the configuration of all classes comprising the specified service
interface on the specified interface or displays the classes for the service policy for
a specific PVC on the interface.

QOS-414
mls ip pbr
mls ip pbr
To enable the multilayer switching (MLS) support for policy-routed packets, use the mls ip pbr
command in global configuration mode. To disable the MLS support for policy-routed packets, use the
mls ip pbr [null0]
no mls ip pbr
Syntax Description null0 (Optional) Enables the hardware support for the interface null0 in the route-maps.
Command Default MLS support for policy-routed packets is disabled.

12.2(17d)SXB This command was introduced on the Supervisor Engine 2 and introduced
12.2(18)SXE This command was changed to support the null0 keyword.
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 720.
Note Do not enable PBR and SLB on the same interface; PBR-based packets are not forwarded correctly.
When you enable the hardware-policy routing by entering the mls ip pbr command, all policy routing
occurs in the hardware and is applied to all interfaces, regardless of which interface was configured for
policy routing.
Use the null0 keyword when you have routed traffic only to enable the hardware support for the set
interface null0 in the route-maps.
Examples This example shows how to enable the MLS support for policy-routed packets:
Router(config)# mls ip pbr

QOS-415
mls ip pbr

show tcam interface Displays information about the interface-based TCAM.
vlan acl

QOS-416
mls qos (global configuration mode)

To enable the quality of service (QoS) functionality globally, use the mls qos command in global
configuration mode. To disable the QoS functionality globally, use the no form of this command.
mls qos
no mls qos
Command Default QoS is globally disabled.

12.2(17d)SXB This command was implemented on the Supervisor Engine 2 and integrated into
Cisco IOS Release 12.2(17d)SXB.
Usage Guidelines If you enable QoS globally, QoS is enabled on all interfaces with the exception of the interfaces where
you disabled QoS. If you disable QoS globally, all traffic is passed in QoS pass-through mode.
In port-queueing mode, Policy Feature Card (PFC) QoS (marking and policing) is disabled, and packet
type of service (ToS) and class of service (CoS) are not changed by the PFC. All queueing on rcv and
xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or Inter-Switch Link (ISL)-encapsulated port links, queueing is based on the packet 802.1Q
or ISL CoS.
For the router main interfaces or access ports, queueing is based on the configured per-port CoS (the
default CoS is 0).
This command enables or disables ternary content addressable memory (TCAM) QoS on all interfaces
that are set in the OFF state.
Examples This example shows how to enable QoS globally:

Router(config)# mls qos
Router(config)#
This example shows how to disable QoS globally on the Cisco 7600 series router:
Router(config)# no mls qos
Router(config)#

QOS-417

mls qos (interface Enables the QoS functionality on an interface.
configuration mode)

QOS-418
mls qos (interface configuration mode)
mls qos (interface configuration mode)

To enable the quality of service (QoS) functionality on an interface, use the mls qos command in
interface configuration command mode. To disable QoS functionality on an interface, use the no form
of this command.
mls qos
no mls qos
Command Default Enabled

Usage Guidelines This command is deprecated on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs
and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on
these OSMs.
If you disable QoS globally, it is also disabled on all interfaces.
This command enables or disables TCAM QoS (classification, marking, and policing) for the interface.
Examples This example shows how to enable QoS on an interface:

Router(config-if)# mls qos

mls qos (global Enables the QoS functionality globally.
configuration mode)

QOS-419
mls qos aggregate-policer

To define a named aggregate policer for use in policy maps, use the mls qos aggregate-policer command
in global configuration mode. To delete a named aggregate policer, use the no form of this command.
mls qos aggregate-policer name rate-bps [normal-burst-bytes [maximum-burst-bytes | pir

peak-rate-bps | action-type action]]
no mls qos aggregate-policer name
Syntax Description name Name of the aggregate policer. See the “Usage Guidelines” section for
naming conventions.
rate-bps Maximum bits per second. Range is 32000 to 10000000000.
normal-burst-bytes (Optional) Normal burst bytes. Range is 1000 to 31250000.
maximum-burst-bytes (Optional) Maximum burst bytes. Range is 1000 to 31250000 (if entered,
this value must be set equal to normal-burst-bytes).
pir peak-rate-bps (Optional) Keyword and argument that set the peak information rate
(PIR). Range is 32000 to 10000000000. Default is equal to the normal
(cir) rate.

QOS-420
action-type action (Optional) Action type keyword. This command may include multiple
action types and corresponding actions to set several actions
simultaneously. Valid values are:
• conform-action—Keyword that specifies the action to be taken when
the rate is not exceeded. Valid actions are:
– drop—Drops the packet.
– set-dscp-transmit value—Sets the DSCP value and sends the
packet. Valid entries are: 0 to 63 (differentiated code point
value), af11 to af43 (match packets with specified AF DSCP),
cs1 to cs7 (match packets with specified CS DSCP), default, or
ef (match packets with the EF DSCP).
– set-mpls-exp-imposition-transmit number—Sets experimental
(exp) bits at the tag imposition. Valid range is 0 to 7.
– set-prec-transmit—Rewrites packet precedence and sends the
packet.
– transmit—Transmits the packet. This is the default.
• exceed-action—Keyword that specifies the action to be taken when
QoS values are exceeded. Valid actions are:
– drop—Drops the packet. This is the default.
– policed-dscp-transmit—Changes the DSCP value according to
the policed-dscp map and sends the packet.
– transmit—Transmits the packet.
• violate-action—Keyword that specifies the action to be taken when
QoS values are violated. Valid actions are:
– drop—Drops the packet.
– policed-dscp-transmit—Changes the DSCP value according to
the policed-dscp map and sends the packet.
– transmit—Transmits the packet.
Command Default The defaults are as follows:

• conform-action is transmit.
• exceed-action is drop.
• violate-action is equal to the exceed-action.
• pir peak-rate-bps is equal to the normal (cir) rate.

12.2(14)SX This command was introduced on the Supervisor Engine 720.
12.2(17d)SXB This command was integrated into Cisco IOS Release 12.2(17d)SXB.

QOS-421
12.3 This command was implemented on the Cisco 6500 and Cisco 7600.
Usage Guidelines This policer can be shared by different policy map classes and on different interfaces. The Cisco 7600
series router supports up to 1023 aggregates and 1023 policing rules.
The mls qos aggregate-policer command allows you to configure an aggregate flow and a policing rule
for that aggregate. When you enter the rate and burst parameters, the range for the average rate is 32 kbps
to 10 Gbps (entered as 32000 and 10000000000) and the range for the burst size is 1 KB (entered as
1000) to 31.25 MB (entered as 31250000). Modifying an existing aggregate rate limit entry causes that
entry to be modified in NVRAM and in the Cisco 7600 series router if that entry is currently being used.
Note Because of hardware granularity, the rate value is limited, so the burst that you configure may not be the
value that is used.
Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM as well as in the
Cisco 7600 series router if it is currently being used.
When you enter the aggregate policer name, follow these naming conventions:
• Maximum of 31 characters and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.).
• Must start with an alphabetic character and must be unique across all ACLs of all types.
• Case sensitive.
• Cannot be a number.
• Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer.
Aggregate policing works independently on each DFC-equipped switching module and independently
on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not
combine flow statistics from different DFC-equipped switching modules. You can display aggregate
policing statistics for each DFC-equipped switching module, PFC2, and any non-DFC-equipped
switching modules that are supported by the PFC2 by entering the show mls qos aggregate policer
command.
Examples The following example shows how to configure a QoS aggregate policer to allow a maximum of 100000
bits per second with a normal burst byte size of 10000, to set DSCP to 48 when these rates are not
exceeded, and to drop packets when these rates are exceeded:
Router(config)# mls qos aggregate-policer micro-one 100000 10000 conform-action
set-dscp-transmit 48 exceed-action drop

QOS-422

police (policy map) Creates a per-interface policer and configures the policy-map class to use it.
set ip dscp (policy-map Marks a packet by setting the IP DSCP in the ToS byte.
configuration)
show mls qos Displays information about the aggregate policer for MLS QoS.
aggregate policer

QOS-423
mls qos bridged
mls qos bridged

To enable the microflow policing for bridged traffic on Layer 3 LAN interfaces, use the mls qos bridged
command in interface configuration mode. To disable microflow policing for bridged traffic, use the no
mls qos bridged
no mls qos bridged

Usage Guidelines This command is supported on SVIs only.

On Cisco 7600 series routers that are configured with a Supervisor Engine 2, you must enable the mls
qos bridged command on an SVI for the microflow policing of IPv4 multicast packets if the user policy
is attached to an SVI.
Examples This example shows how to enable the microflow policing for bridged traffic on a VLAN interface:
Router(config-if)# mls qos bridged


QOS-424
mls qos channel-consistency

To enable the quality of service (QoS)-port attribute checks on EtherChannel bundling, use the
mls qos channel-consistency command in interface configuration mode. To disable the QoS-port
attribute checks on EtherChannel bundling, use the no form of this command.
no mls qos channel-consistency

Usage Guidelines The mls qos channel-consistency command is supported on port channels only.
Examples This example shows how to enable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# mls qos channel-consistency
This example shows how to disable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# no mls qos channel-consistency

QOS-425
mls qos cos
mls qos cos

To define the default multilayer switching (MLS) class of service (CoS) value of a port or to assign the
default CoS value to all incoming packets on the port, use the mls qos cos command in interface
configuration mode. To return to the default CoS setting, use the no form of this command.
Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
mls qos cos {cos-value | override}
no mls qos cos {cos-value | override}
mls qos cos cos-value
no mls qos cos cos-value
Syntax Description cos-value Assigns a default CoS value to a port. If the port is CoS trusted and packets are
untagged, the default CoS value is used to select one output queue as an index into
the CoS-to-DSCP map. The CoS range is 0 to 7. The default is 0.
override Overrides the CoS of the incoming packets and applies the default CoS value on the
port to all incoming packets.

• Default CoS value (cos-value) value for a port is 0.
• CoS override is not configured.

12.1(6)EA2 This command was introduced. It replaced the switchport priority
command.
12.2(14)SX Support for this command was introduced on the Cisco 7600 series router.
12.2(17d)SXB This command was implemented on the Cisco 7600 series router and
series routers.

QOS-426
mls qos cos
Usage Guidelines Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
You can assign the default CoS and differentiated services code point (DSCP) value to all packets
entering a port if the port has been configured by use of the override keyword.
Use the override keyword when all incoming packets on certain ports deserve a higher or lower priority
than packets the enter from other ports. Even if a port was previously set to trust DSCP or CoS, this
command overrides that trust state, and all the CoS values on the incoming packets are changed to the
default CoS value that is configured with the mls qos cos command. If an incoming packet is tagged, the
CoS value of the packet is modified at the ingress port. It is changed to the default CoS of that port.
Use the show mls qos interface privileged EXEC command to verify your settings.

CoS values are configurable on physical LAN ports only.
On Cisco 7600 series routers that are configured with a Supervisor Engine 2, the following restrictions
apply:
• This command is not supported on any WAN interface on the Optical Service Modules (OSMs).
• This command is not supported on 4-port Gigabit Ethernet WAN ports.
Examples Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
The following example shows how to assign 4 as the default port CoS:
Router(config)# interface gigabitethernet 0/1
Router(config-if)# mls qos trust cos
Router(config-if)# mls qos cos 4
The following example shows how to assign 4 as the default port CoS value for all packets the enter the
port:
Router(config)# interface gigabitethernet0/1
Router(config-if)# mls qos cos override

The following example shows how to configure the default QoS CoS value as 6:

mls qos map Defines the CoS-to-DSCP map or the DSCP-to-CoS map.
mls qos trust Configures the port trust state.
show interface fax/y Displays switch port interfaces.
switchport
show mls qos interface Displays QoS information.

QOS-427
mls qos cos-mutation
mls qos cos-mutation

To attach an ingress-class-of-service (CoS) mutation map to the interface, use the mls qos cos-mutation
command in interface configuration mode. To remove the ingress-CoS mutation map from the interface,
mls qos cos-mutation cos-mutation-table-name
no mls qos cos-mutation
Syntax Description cos-mutation-table-name Name of the ingress-CoS mutation table.
Command Default No ingress-CoS mutation table is defined.

12.2(17b)SXA This command was introduced on the Supervisor Engine 720.
Engine 2.
Examples This example shows how to attach the ingress-CoS mutation map named mutemap2:
Router(config-if)# mls qos cos-mutation mutemap2

mls qos map Maps a packet’s CoS to a new CoS value.
cos-mutation

QOS-428
mls qos dscp-mutation
mls qos dscp-mutation

To attach an egress-differentiated-services-code-point (DSCP) mutation map to the interface, use the
mls qos dscp-mutation command in interface configuration mode. To remove the egress-DSCP
mutation map from the interface, use the no form of this command.
mls qos dscp-mutation dscp-mutation-table-name
no mls qos dscp-mutation
Syntax Description dscp-mutation-table-name Name of the egress-DSCP mutation table.
Command Default No table is defined.

Engine 2.
Examples This example shows how to attach the egress-DSCP mutation map named mutemap1:
Router(config-if)# mls qos dscp-mutation mutemap1

mls qos map Defines a named DSCP mutation map.
dscp-mutation

QOS-429
mls qos exp-mutation
mls qos exp-mutation

To attach an egress-EXP mutation map to the interface in the interface configuration command mode,
use the mls qos exp-mutation command. Use the no form of this command to remove the egress-EXP
mutation map from the interface.
mls qos exp-mutation exp-mutation-table-name
no mls qos exp-mutation
Syntax Description exp-mutation-table-name Name of the egress-EXP mutation table.
Command Default No table is defined.

12.2(17a)SX Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines This command is supported in PFC3BXL or PFC3B mode only.

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Examples This example shows how to attach the egress-exp mutation map named mutemap2:
Router(config-if)# mls qos exp-mutation mutemap2
Router(config-if)#

mls qos map Defines a named DSCP mutation map.
dscp-mutation
show mls qos mpls Displays an interface summary for MPLS QoS classes in the policy maps.

QOS-430
mls qos loopback
mls qos loopback

To remove a router port from the Switched Virtual Interface (SVI) flood for VLANs that are carried
through by the loopback cable, use the mls qos loopback command in interface configuration mode. To
return to the default settings, use the no form of this command.
mls qos loopback
no mls qos loopback

Usage Guidelines With mls qos loopback applied at the interface, the packets are not forwarded to the destination.
Before you enter the mls qos loopback command, you must specify a MAC address for the Optical
Services Modules (OSM) interface. The MAC address must be different from the LAN router MAC
address that is used in PFC2 hardware switching.
Examples This example shows how to prevent packets from being forwarded to the destination:
Router(config-if)# mls qos loopback

QOS-431
mls qos map cos-dscp

To define the ingress Class of Service (CoS)-to-differentiated services code point (DSCP) map for
trusted interfaces, use the mls qos map cos-dscp command in global configuration mode. Use the no
form of this command to remove a prior entry.
mls qos map cos-dscp dscp1...dscp8
no mls qos map cos-dscp
Syntax Description dscp1...dscp8 Defines the CoS-to-DSCP map.

For dscp1...dscp8, enter eight DSCP values that correspond to CoS values 0 to 7.
Separate consecutive DSCP values from each other with a space.
The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56.
Command Default The default CoS-to-DSCP configuration is listed in Table 17.
Table 17 CoS-to-DSCP Default Map
CoS 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56

12.2(15)ZJ This command was implemented on the following platforms: Cisco 2600 series,
Cisco 3600 series, and Cisco 3700 series routers.
12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T on the following
platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers.
Usage Guidelines All of the CoS-to-DSCP and DSCP-to-CoS maps are globally defined. You apply all maps to all ports.
If you enter the mls qos trust cos command, the default CoS-to-DSCP map is applied.
If you enter the mls qos trust dscp command, the default DSCP-to-CoS map is applied.
After a default map is applied, you can define the CoS-to-DSCP or DSCP-to-CoS map by entering
consecutive mls qos map commands.

QOS-432
If the mls qos trust dscp command is entered and a packet with an untrusted DSCP value is at an ingress
port, the packet CoS value is set to 0.
Use the show mls qos maps privileged EXEC command to verify your settings.
Examples The following example shows how to define the CoS-to-DSCP map. CoS values 0 to 7 are mapped to
DSCP values 8, 8, 8, 8, 24, 32, 56, and 56.
Router(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56

mls qos map dscp-cos Defines an egress DSCP-to-CoS map.
mls qos map Defines an ingress-IP precedence-to-DSCP map for trusted interfaces.
ip-prec-dscp
mls qos map Sets the mapping of policed DSCP values to marked-down DSCP values.
policed-dscp
show mls qos maps Displays information about the QoS-map configuration and
runtime-version.

QOS-433
mls qos map cos-mutation

To map a class of service (CoS) value to a new CoS value for a packet, use the mls qos map
cos-mutation command in the global configuration mode. To remove the map, use the no form of this
command
mls qos map cos-mutation name mutated-cos1 mutated-cos2 mutated-cos3 mutated-cos4

mutated-cos5 mutated-cos6 mutated-cos7 mutated-cos8
no mls qos map cos-mutation name
Syntax Description name Name of the CoS map.

mutated-cos1 ... Eight CoS out values, separated by spaces; valid values are from 0 to 7. See the
mutated-cos8 “Usage Guidelines” section for additional information.
Command Default If the CoS-to-CoS mutation map is not configured, the default CoS-to-CoS mutation mapping is listed
in Table 18.
Table 18 CoS-to-CoS Default Map
CoS-in 0 1 2 3 4 5 6 7
CoS-out 0 1 2 3 4 5 6 7

12.2(17b)SXA This command was introduced on the Supervisor Engine 720.
Usage Guidelines This command is not supported on the Catalyst 6500 series switches and the Cisco 7600 series routers
that are configured with a Supervisor Engine 2.
This command is supported on the Catalyst 6500 series switches and the Cisco 7600 series routers that
are configured with the following modules only:
• WS-X6704-10GE
• WS-X6724-SFP
• WS-X6748-GE-TX
CoS mutation is not supported on non-802.1Q tunnel ports.

QOS-434
When you enter the mls qos map cos-mutation command, you are configuring the mutated-CoS values
map to sequential ingress-CoS numbers. For example, by entering the mls qos map cos-mutation 2 3 4
5 6 7 0 1 command, you configure this map:
CoS-in 0 1 2 3 4 5 6 7
CoS-out 2 3 4 5 6 7 0 1
Separate the eight CoS values by a space.

After you define the map in global configuration mode, you can attach the map to a port.
If QoS is disabled, the port is not in a trust CoS mode, and the port is not in 802.1Q tunneling mode. The
changes appear once you put the port into trust CoS mode and the port is configured as an 802.1Q tunnel
port.
Release 12.2(17b)SXA and later releases support ingress-CoS mutation on 802.1Q tunnel ports and is
on a per-port group basis only.
To avoid ingress-CoS mutation configuration failures, only create EtherChannels where all member
ports support ingress-CoS mutation or where no member ports support ingress-CoS mutation. Do not
create EtherChannels with mixed support for ingress-CoS mutation.
If you configure ingress-CoS mutation on a port that is a member of an EtherChannel, the ingress-CoS
mutation is applied to the port-channel interface.
You can configure ingress-CoS mutation on port-channel interfaces.
Examples This example shows how to define a CoS-to-CoS map:

Router(config)# mls qos map cos-mutation test-map 1 2 3 4 5 6 7 1

runtime-version.

QOS-435
mls qos map dscp-cos

To define an egress differentiated services code point (DSCP)-to-class of service (CoS) map, use the
mls qos map dscp-cos command in global configuration mode. To remove a prior entry, use the no form
of this command.
mls qos map dscp-cos dscp-values to cos-values
no mls qos map dscp-cos
Syntax Description dscp-values to Defines the DSCP-to-CoS map.

cos-values
For dscp-list, enter up to 13 DSCP values separated by spaces. Then enter the to
keyword. The supported DSCP values are 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46,
48, and 56.
For cos, enter the CoS value to which the DSCP value or values correspond.
Range: 0 to 7.
Command Default The default DSCP-to-CoS map is listed in Table 19.
Table 19 DSCP-to-CoS Default Map
DSCP 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63

CoS 0 1 2 3 4 5 6 7

12.2(15)ZJ This command was implemented on the following platforms: Cisco 2600 series,
Cisco 3600 series, and Cisco 3700 series routers.
Usage Guidelines The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map
determines the output queue and threshold to which the packet is assigned. The CoS map is written into
the Inter-Switch Link (ISL) header or 802.1Q tag of the transmitted packet on trunk interfaces and
contains a table of 64 DSCP values and the corresponding CoS values. The Catalyst 6500 series switch
and the Cisco 7600 series router have one map.

QOS-436
All of the CoS-to-DSCP and DSCP-to-CoS maps are globally defined. You apply all maps to all ports.
If you enter the mls qos trust cos command, the default CoS-to-DSCP map is applied.
If you enter the mls qos trust dscp command, the default DSCP-to-CoS map is applied.
After a default map is applied, you can define the CoS-to-DSCP or DSCP-to-CoS map by entering
consecutive mls qos map commands.
If the mls qos trust dscp command is entered and a packet with an untrusted DSCP value is at an ingress
port, the packet CoS value is set to 0.
Use the show mls qos maps privileged EXEC command to verify your settings.
Examples The following example shows how to define the DSCP-to-CoS map. DSCP values 16, 18, 24, and 26 are
mapped to CoS 1. DSCP values 0, 8, and 10 are mapped to CoS 0.
Router(config)# mls qos map dscp-cos 16 18 24 26 to 1
Router(config)# mls qos map dscp-cos 0 8 10 to 0

mls qos map cos-dscp Defines the ingress CoS-to-DSCP map for trusted interfaces.
runtime-version.

QOS-437
mls qos map dscp-exp

To map the final differentiated services code point (DSCP) value to the final experimental (EXP) value,
use the mls qos map dscp-exp command in global configuration mode. To remove a prior entry, use the
mls qos map dscp-exp dscp-values to exp-values
no mls qos map dscp-exp
Syntax Description dscp-values DSCP values; valid values are from 0 to 63.
to Defines mapping.
exp-values EXP values; valid values are from 0 to 7.
Command Default The default DSCP-to-EXP map is listed in Table 20.
Table 20 DSCP-to-EXP Default Map
DSCP 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63

EXP 0 1 2 3 4 5 6 7

12.2(17d)SXB Support for this command on the Supervisor Engine 2 was extended to Release
12.2(17d)SXB.

The DSCP-to-EXP map is used to map the final DSCP value to a final EXP value. This final map
determines the output queue and threshold to which the packet is assigned. The EXP map contains a table
of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch and the
Cisco 7600 series router have one map.
You can enter up to eight DSCP values separated by a space. You can enter up to eight EXP values
separated by a space.

QOS-438
Examples This example shows how to configure the final DSCP value to a final EXP value:
Router(config)# mls qos map dscp-exp 20 25 to 3

runtime-version.

QOS-439
mls qos map dscp-mutation

To define a named differentiated services code point (DSCP) mutation map, use the mls qos map
dscp-mutation command in global configuration mode. To return to the default mapping, use the no
mls qos map dscp-mutation map-name input-dscp1 [input-dscp2 [input-dscp3 [input-dscp4

[input-dscp5 [input-dscp6 [input-dscp7 [input-dscp8]]]]]]] to output-dscp
no mls qos map dscp-mutation map-name
Syntax Description map-name Name of the DSCP mutation map.

input-dscp# Internal DSCP value; valid values are from 0 to 63. See the “Usage Guidelines”
to Defines mapping.
output-dscp Egress DSCP value; valid values are from 0 to 63.
Command Default output-dscp equals input-dscp.

series routers.
Usage Guidelines This command is not supported on the Catalyst 6500 series switches and the Cisco 7600 series routers
that are configured with a Supervisor Engine 2.
When configuring a named DSCP mutation map, note the following:
• You can enter up to eight input DSCP values that map to a mutated DSCP value.
• You can enter multiple commands to map additional DSCP values to a mutated DSCP value.
• You can enter a separate command for each mutated DSCP value.
You can configure 15 egress-DSCP mutation maps to mutate the internal DSCP value before it is written
as the egress-DSCP value. You can attach egress-DSCP mutation maps to any interface that Policy
Feature Card (PFC) QoS supports.
PFC QoS derives the egress-class-of-service (CoS) value from the internal DSCP value. If you configure
egress-DSCP mutation, PFC QoS does not derive the egress-CoS value from the mutated DSCP value.

QOS-440
Examples This example shows how to map DSCP 30 to mutated DSCP value 8:
Router(config)# mls qos map dscp-mutation mutemap1 30 to 8

runtime-version.

QOS-441
mls qos map exp-dscp

To define the ingress Experimental (EXP) value to the internal differentiated services code point (DSCP)
map, use the mls qos map exp-dscp command in global configuration mode. To return to the default
mapping, use the no form of this command.
mls qos map exp-dscp dscp-values
no mls qos map exp-dscp
Syntax Description dscp-values Defines the ingress EXP value to the internal DSCP map. Range: 0 to 63.
Command Default The default EXP-to-DSCP map is listed in Table 21.
Table 21 EXP-to-DSCP Default Map
EXP 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56


The DSCP in these maps refers to the internal DSCP, not the packet DSCP.
The EXP-to-DSCP map is used to map the received EXP value to the internal DSCP map. This final map
determines the output queue and threshold to which the packet is assigned. The EXP map contains a table
of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch and the
Cisco 7600 series router have one map.
You can enter up to eight DSCP values separated by a space.
Examples This example shows how to configure the received EXP value to an internal DSCP value:
Router(config)# mls qos map exp-dscp 20 25 30 31 32 32 33 34

QOS-442

mls qos map Maps a packet’s EXP to a new EXP value.
exp-mutation

QOS-443
mls qos map exp-mutation

To map the Experimental (EXP) value of a packet to a new EXP value, use the mls qos map
exp-mutation command in global configuration mode. To return to the default mapping, use the no form
of this command.
mls qos map exp-mutation map-name mutated-exp1 mutated-exp2 mutated-exp3 mutated-exp4

mutated-exp5 mutated-exp6 mutated-exp7 mutated-exp8
no mls qos map exp-mutation map-name
Syntax Description map-name Name of the EXP-mutation map.

mutated-exp# Eight EXP values, separated by spaces; valid values are from 0 to 7. See the “Usage
Guidelines” section for additional information.
Command Default If the EXP-to-EXP mutation map is not configured, the default EXP-to-EXP mutation mapping is listed
in Table 22.
Table 22 EXP-to-EXP Mutation Default Map
EXP-in 0 1 2 3 4 5 6 7
EXP-out 0 1 2 3 4 5 6 7

Usage Guidelines This command is not supported on the Catalyst 6500 series switch and the Cisco 7600 series router that
are configured with a Supervisor Engine 2.
This command is supported in PFC3BXL or PFC3B mode only.
When you enter the mls qos map exp-mutation command, you are configuring the mutated EXP values
map to the sequential EXP numbers. For example, by entering the mls qos map exp-mutation 2 3 4 5 6
7 0 1 command, you configure the map as shown in Table 23 below:
Table 23 Mutated EXP Values Mapped to Sequential EXP Values
EXP-in 0 1 2 3 4 5 6 7
EXP-out 2 3 4 5 6 7 0 1

QOS-444
Separate the eight EXP values by a space.

After you define the map in global configuration mode, you can attach the map to a port.
You can configure 15 ingress-EXP mutation maps to mutate the internal EXP value before it is written
as the ingress-EXP value. You can attach ingress-EXP mutation maps to any interface that Policy Feature
Card (PFC) quality of service (QoS) supports.
The PFC QoS derives the egress EXP value from the internal differentiated services code point (DSCP)
value. If you configure ingress-EXP mutation, PFC QoS does not derive the ingress-EXP value from the
mutated EXP value.
Examples This example shows how to map the EXP value of a packet to a new EXP value:
Router(config)# mls qos map exp-mutation mutemap1 1 2 3 4 5 6 7 0

mls qos map exp-dscp Defines the ingress EXP value to the internal DSCP map.

QOS-445
mls qos map ip-prec-dscp

To define an ingress-IP precedence-to-differentiated-services-code-point (DSCP) map for trusted
interfaces, use the mls qos map ip-prec-dscp command in global configuration mode. To remove a prior
entry, use the no form of this command.
mls qos map ip-prec-dscp dscp-values
no mls qos map ip-prec-dscp
Syntax Description dscp-values DSCP values corresponding to IP precedence values 0 to 7; valid values are
from 0 to 63.
Command Default The default IP precedence-to-DSCP configuration is listed in Table 24.
Table 24 IP Precedence-to-DSCP Default Map
IP-Precedence 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56

series routers.
Usage Guidelines Use the mls qos map ip-prec-dscp command to map the IP precedence of IP packets arriving on trusted
interfaces (or flows) to a DSCP when the trust type is trust-ipprec.
This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The
Catalyst 6500 series switch and the Cisco 7600 series router have one map. The IP precedence values
are as follows:
• network 7
• internet 6
• critical 5
• flash-override 4

QOS-446
• flash 3
• immediate 2
• priority 1
• routine 0
Examples This example shows how to configure the ingress-IP precedence-to-DSCP mapping for trusted
interfaces:
Router(config)# mls qos map ip-prec-dscp 20 30 1 43 63 12 13 8

mls qos map Sets the mapping of policed DSCP values to marked-down DSCP values.
policed-dscp
runtime-version.

QOS-447
mls qos map policed-dscp

To set the mapping of policed differentiated services code point (DSCP) values to marked-down DSCP
values, use the mls qos map policed-dscp command in global configuration mode. To remove a prior
entry, use the no form of this command.
mls qos map policed-dscp dscp-list to policed-dscp
no mls qos map policed-dscp
Catalyst 6500 Series Switches and Cisco 7600 Series Routers
mls qos map policed-dscp {normal-burst | max-burst} dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6
[dscp7 [dscp8]]]]]]] to policed-dscp
no mls qos map policed-dscp
Syntax Description normal-burst Configures the markdown map used by the exceed-action
policed-dscp-transmit keywords.
max-burst Configures the markdown map used by the violate-action
policed-dscp-transmit keywords.
dscp1 DSCP value. Range: 0 to 63.
dscp2 through dscp8 (Optional) DSCP values. Range: 0 to 63.
to Defines mapping.
policed-dscp Policed-to-DSCP values; valid values are from 0 to 63.
Command Default No marked-down values are configured.

Usage Guidelines The DSCP-to-policed-DSCP map determines the marked-down DSCP value that is applied to
out-of-profile flows. The Catalyst 6500 series switch and the Cisco 7600 series router have one map.
You can enter up to eight policed DSCP values separated by a space.

QOS-448
Note To avoid out-of-sequence packets, configure the DSCP-to-policed-DSCP map so that marked-down
packets remain in the same queue as the in-profile traffic.
Examples This example shows how to map multiple DSCPs to a single policed-DSCP value:
Router(config)# mls qos map policed-dscp 20 25 43 to 4

mls qos map Defines an ingress-IP precedence-to-DSCP map for trusted interfaces.
in-prec-dscp

QOS-449
mls qos marking ignore port-trust

To mark packets even if the interface is trusted, use the mls qos marking ignore port-trust command
in global configuration mode. To return to the default settings, use the no form of this command.
no mls qos marking ignore port-trust
Command Default Port trust is enabled.

12.2(18)SXF5 This command was introduced.
Usage Guidelines Use the mls qos marking ignore port-trust command to mark packets even if the interface is trusted.
Examples This example shows how to mark packets even if the interface is trusted:
This example shows how to re-enable port trust:

no mls qos marking ignore port-trust

mls qos trust Sets the trusted state of an interface.

QOS-450
mls qos marking statistics

To disable allocation of the policer-traffic class identification with set actions, use the mls qos marking
statistics command in global configuration mode. To return to the default settings, use the no form of
this command.
no mls qos marking statistics

12.2(18)SXE This command was changed to add the collection of statistics for a policy that
sets a trust state.
Engine 2.
Use the show policy-map interface command to display policy-map statistics.
Examples This example shows how to disable allocation of the policer-traffic class identification with set actions:
Router(config)# mls qos marking statistics
This example shows how to allow allocation of the policer-traffic class identification with set actions:
Router(config)# no mls qos marking statistics

show policy-map Displays the statistics and the configurations of the input and output
interface policies that are attached to an interface.

QOS-451
mls qos mpls trust exp

To set the trusted state of Multiprotocol Label Switching (MPLS) packets only, use the mls qos mpls
trust exp command in interface configuration mode. To set the trusted state of MPLS packets to
untrusted, use the no form of this command.
no mls qos mpls trust exp
Command Default With the trusted state enabled, the defaults are as follows:
• Untrusted—The packets are marked to 0 or by policy.
• trust-cos.
With the trusted state disabled, the defaults are as follows:
• trust-exp—The port or policy trust state is ignored.
• The packets are marked by policy.

12.2(18)SXF2 This command was introduced on the Supervisor Engine 720.
Usage Guidelines You can enter the mls qos mpls trust exp command to treat MPLS packets as other Layer 2 packets for
class of service (CoS) and egress queueing purposes (for example, to apply port or policy trust). All
trusted cases (trust CoS/IP/Differentiated Services Code Point (DSCP)) are treated as trust-cos.
Class of Service (CoS) refers to three bits in either an ISL header or an 802.1Q header that are used to
indicate the priority of the Ethernet frame as it passes through a switched network. The CoS bits in the
802.1Q header are commonly referred to as the 802.1p bits. To maintain QoS when a packet traverses
both Layer 2 and Layer 3 domain, the ToS and CoS values can be mapped to each other.
Examples This example shows how to set the trusted state of MPLS packets to trust-cos:
This example shows how to set the trusted state of MPLS packets to untrusted:
no mls qos mpls trust exp

QOS-452


QOS-453
mls qos police redirected

To turn on access control list (ACL)-redirected packet policing, use the mls qos police redirected
command in global configuration mode. To turn off ACL-redirected packet policing, use the no form of
this command.
no mls qos police redirected

12.2(17b)SXA Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines This command is supported on PFC3BXL or PFC3B mode only. With Release 12.2(17b)SXA, enter the
show platform earl-mode command to display the PFC3 mode.
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Use the no mls qos police redirected command whenever you require NetFlow Data Export (NDE)
accuracy (if you do not require QoS-redirected packets).
Examples This example shows how to turn on the ACL-redirected packet policing:
Router(config)# mls qos police redirected
This example shows how to turn off the ACL-redirected packet policing:
Router(config)# no mls qos police redirected

show platform Displays platform information.
earl-mode

QOS-454
mls qos police serial

To enable serial mode for ingress and egress policers on the PFC3C or PFC3CXL, use the mls qos police
serial command in global configuration mode. To reset the policing mode to parallel, use the no form of
the command.
no mls qos police serial
Command Default This command is disabled by default.

Usage Guidelines You can use the mls qos police serial command to configure the PFC3C or PFC3CXL ingress and egress
policers to operate independently of each other (in serial mode). Normally, ingress and egress policers
operate in parallel mode, where action by one policer causes a corresponding action in the other. For
example, if the egress policer drops a packet, the ingress policer does not count the packet either. In serial
mode, however, action by one policer does not cause a corresponding action in the other.
Note This command does not affect marking using policers.
Examples The following command example shows how to enable serial policing mode on the PFC3C or PFC3CXL:
Router(config)# mls qos police serial

QOS-455
mls qos protocol
mls qos protocol

To define routing-protocol packet policing, use the mls qos protocol command in global configuration
mode. To return to the default settings, use the no form of this command.
mls qos protocol protocol-name pass-through | police rate burst | precedence value [police rate
burst]
no mls qos protocol
Syntax Description protocol-name Protocol name; valid values are arp, bgp, eigrp, igrp, isis, ldp, nd, ospf, and rip.
pass-through Specifies pass-through mode.
police rate Specifies the maximum bits per second (bps) to be policed; valid values are from
32000 to 4000000000 bps.
burst Normal burst bytes; valid values are from 1000 to 31250000 bytes.
precedence value Specifies the IP-precedence value of the protocol packets to rewrite; valid values
are from 0 to 7.

• burst is 1000 bits per second.
• If quality of service (QoS) is enabled, the differentiated services code point (DSCP) value is
rewritten to zero.
• If QoS is disabled, the port is in a pass-through mode (no marking or policing is applied).

12.2(17d)SXB This command was changed to support the ISIS protocol.
12.2(18)SXE This command was changed as follows on the Supervisor Engine 720 only:
• Support for the marking of global mls qos protocol QoS policies was
added.
• Support for this command was introduced on the Supervisor Engine 2 but
does not support Address Resolution Protocol (ARP), Integrated
Intermediate System-to-Intermediate System (ISIS), or Enhanced Interior
Gateway Routing Protocol (EIGRP).
• The nd keyword was added to support neighbor discovery protocol
packets.
• The igrp keyword was removed.

QOS-456
mls qos protocol
12.2(18)SXF The no form of this command was changed to remove the arguments and
keywords.
Usage Guidelines This command does not support ARP, ISIS, or EIGRP on Cisco 7600 series routers that are configured
with a Supervisor Engine 2.
If you enter the precedence value keyword and arguments without entering the police rate burst
keyword and arguments, only the packets from an untrusted port are marked.
You can make the protocol packets avoid the per-interface policy maps by entering the police rate,
pass-through, or precedence value keywords and arguments.
The mls qos protocol command allows you to define the routing-protocol packet policing as follows:
• When you specify the pass-through mode, the DSCP value does not change and is not policed.
• When you set the police rate, the DSCP value does not change and is policed.
• When you specify the precedence value, the DSCP value changes for the packets that come from
an untrusted port, the class of service (CoS) value that is based on DSCP-to-CoS map changes, and
the traffic is not policed.
• When you specify the precedence value and the police rate, the DSCP value changes, the CoS value
that is based on DSCP-to-CoS map changes, and the DSCP value is policed. In this case, the DSCP
value changes are based on the trust state of the port; the DSCP value is changed only for the packets
that come from an untrusted port.
• If you do not enter a precedence value, the DSCP value is based on whether or not you have enabled
multilayer switching (MLS) QoS as follows:
– If you enabled MLS QoS and the port is untrusted, the internal DSCP value is overwritten to
zero.
– If you enabled MLS QoS and the port is trusted, then the incoming DSCP value is maintained.
You can make the protocol packets avoid policing completely if you choose the pass-through mode. If
the police mode is chosen, the committed information rate (CIR) specified is the rate that is used to
police all the specified protocol’s packets, both entering or leaving the Cisco 7600 series router.
To protect the system by ARP broadcast, you can enter the mls qos protocol arp police bps command.
Examples This example shows how to define the routing-protocol packet policing:
Router(config)# mls qos protocol arp police 43000
This example shows how to avoid policing completely:

Router(config)# mls qos protocol arp pass-through
This example shows how to define the IP-precedence value of the protocol packets to rewrite:
Router(config)# mls qos protocol bgp precedence 4
This example shows how to define the IP-precedence value of the protocol packets to rewrite and police
the DSCP value:
Router(config)# mls qos protocol bgp precedence 4 police 32000 1200

QOS-457
mls qos protocol

show mls qos protocol Displays protocol pass-through information.

QOS-458
mls qos queueing-only

To enable port-queueing mode, use the mls qos queueing-only command in global configuration mode.
To disable the port-queueing mode, use the no form of this command.
no mls qos queueing-only
Command Default Quality of service (QoS) is globally disabled.

Usage Guidelines In port-queueing mode, Policy Feature Card (PFC) QoS (marking and policing) is disabled, and packet
type of service (ToS) and class of service (CoS) are not changed by the PFC. All queueing on rcv and
xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or Inter-Link Switch (ISL)-encapsulated port links, queueing is based on the packet 802.1Q
or ISL CoS.
For router main interfaces or access ports, queueing is based on the configured per-port CoS (the default
CoS is 0).
Examples This example shows how to enable the port-queueing mode globally:
Router(config)# mls qos queueing-only
This example shows how to disable the port-queueing mode globally:

Router(config)# no mls qos queueing-only

configuration mode)

QOS-459
mls qos queue-mode mode-dscp

To set the queuing mode to Differentiated Services Code Point (DSCP) on an interface, use the mls qos
queue-mode mode-dscp command in interface configuration mode. To return to the default settings, use
no mls qos queue-mode mode-dscp
Command Default The queuing mode of an interfaces is class of service (CoS) mode.

Usage Guidelines This command is supported on 10-Gigabit Ethernet ports only.

You should configure ports to trust DSCP only if they receive traffic that carries valid Layer 3 DSCP.
In Release 12.2(18)SXF5 and later releases, you can enable DSCP-based ingress queues and thresholds
on WS-X6708-10GE ports to provide congestion avoidance.
In releases earlier than Release 12.2(18)SXF5, the ingress port queues and thresholds use only Layer 2
Class of Service (CoS), and Policy Feature Card (PFC) QoS does not implement ingress port congestion
avoidance on ports configured to trust DSCP.
For traffic from trust DSCP ports, Policy Feature Card (PFC) QoS uses the received DSCP value as the
initial internal DSCP value. PFC QoS does not mark any traffic on ingress ports configured to trust
received DSCP.
Examples This example shows how to set the queuing mode to DSCP on an interface:

priority-queue Allocates the available buffer space to a queue.
queue-limit

QOS-460
mls qos rewrite ip dscp

To enable type of service (ToS)-to-differentiated services code point (DSCP) rewrite, use the mls qos
rewrite ip dscp command in global configuration mode. To disable ToS-to-DSCP rewrite, use the no
no mls qos rewrite ip dscp
Command Default Quality of service (QoS) is globally disabled.

Engine 2.
If you disable ToS-to-DSCP rewrite, and QoS is enabled globally, the following occurs:
• Final ToS-to-DSCP rewrite is disabled, and the ToS-to-DSCP packet is preserved.
• Policing and marking function according to the QoS configuration.
• Marked and marked-down class of service (CoS) is used for queueing.
• In QoS disabled mode, both ToS and CoS are preserved.
The no mls qos rewrite ip dscp command is incompatible with Multiprotocol Label Switching (MPLS).
The default mls qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or
PFC3B to assign the correct MPLS Experimental (EXP) value for the labels that it imposes.
Examples This example shows how to disable ToS-to-DSCP rewrite:

Router(config)# mls qos rewrite ip dscp
This example shows how to disable port-queueing mode globally:

Router(config)# no mls qos rewrite ip dscp

QOS-461

configuration mode)

QOS-462
mls qos statistics-export (global configuration)
mls qos statistics-export (global configuration)

To enable quality of service (QoS)-statistics data export globally, use the mls qos statistics-export
command in global configuration mode. To disable QoS-statistics data export globally, use the no form
of this command.
mls qos statistics-export
no mls qos statistics-export

Usage Guidelines You must enable data export globally to set up data export on your Cisco 7600 series router.
QoS-statistics data export is not supported on OSM interfaces.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or
IP address and the User Datagram Port (UDP) number.
Examples This example shows how to enable data export globally:

Router(config)# mls qos statistics-export
This example shows how to disable data export globally:

Router(config)# no mls qos statistics-export

show mls qos Displays information about the MLS-statistics data-export status and
statistics-export info configuration.

QOS-463
mls qos statistics-export (interface configuration)

To enable per-port quality of service (QoS)-statistics data export, use the mls qos statistics-export
command in interface configuration mode. To disable per-port QoS-statistics data export, use the no
mls qos statistics-export
no mls qos statistics-export

Usage Guidelines QoS-statistics data export is not supported on OSM interfaces.

You must enable data export on the port and globally to set up data export on your Cisco 7600 series
router.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or
IP address and the User Datagram Port (UDP) number.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the
mls qos statistics-export delimiter command.
Port statistics are exported; port QoS statistics are not exported. For each data export-enabled port, the
following information is exported:
• Type (1 denotes the type of port)
• Module/port
• In packets (cumulated hardware-counter values)
• In bytes (cumulated hardware-counter values)
• Out packets (cumulated hardware-counter values)
• Out bytes (cumulated hardware-counter values)
• Time stamp (time in seconds since January 1, 1970 UTC relative)

QOS-464
For example, if you have QoS-statistics data export that is enabled on FastEthernet4/5, the exported
records could be (in this example, the delimiter is a | [pipe]) as follows:
|1|4/5|123|80|12500|6800|982361894|
Examples This example shows how to enable QoS-statistics data export:

Router(config-if)# mls qos statistics-export
This example shows how to disable QoS-statistics data export:

Router(config-if)# no mls qos statistics-export

mls qos Sets the QoS-statistics data-export field delimiter.
statistics-export
delimiter

QOS-465
mls qos statistics-export aggregate-policer

To enable quality of service (QoS)-statistics data export on the named aggregate policer, use the mls qos
statistics-export aggregate-policer command in global configuration mode. To disable QoS-statistics
data export on the named aggregate policer, use the no form of this command.
mls qos statistics-export aggregate-policer policer-name
no mls qos statistics-export aggregate-policer policer-name
Syntax Description policer-name Name of the policer.
Command Default Disabled for all shared aggregate policers.

Usage Guidelines QoS-statistics data export is not supported on Optical Services Modules (OSM) interfaces.
You must enable data export on the shared aggregate policer and globally to set up data export on your
For each data export-enabled shared aggregate or named policer, statistics data per policer per EARL is
exported. For each data export-enabled shared aggregate or named policer, the following information is
exported:
• Type (3 denotes aggregate policer export type)
• Aggregate name
• Direction (in or out)
• Encoded Address Recognition Logic (EARL) identification
• Accepted packets (accumulated hardware-counter values)
• Exceeded normal-rate packets (accumulated hardware-counter values)
• Exceeded excess-rate packets (accumulated hardware-counter values)

QOS-466
If a shared aggregate policer is attached to policies in both directions, two records are exported (one in
each direction). Each record will contain the same counter values for accepted packets, exceeded normal
packet rates, and exceeded excess packet rates.
For example, if you have the following configuration:
• QoS-statistics data export that is enabled on the shared aggregate policer named “aggr_1”
• An EARL in the supervisor engine that is installed in slot 1
• An EARL on the Distributed Forwarding Card (DFC) that is installed in slot 3
the exported records could be (note that in this example, the delimiter is a | [pipe]) as follows:
|3|agg_1|in|1|45543|2345|982361894|
|3|agg_1|in|3|45543|2345|982361894|
Examples This example shows how to enable per-shared aggregate or named-policer data export:
Router(config)# mls qos statistics-export aggregate-policer aggr1M

statistics-export
delimiter

QOS-467
mls qos statistics-export class-map

To enable quality of service (QoS)-statistics data export for a class map, use the mls qos
statistics-export class-map command in global configuration mode. To disable QoS-statistics data
export for a class map, use the no form of this command.
mls qos statistics-export class-map classmap-name
no mls qos statistics-export class-map classmap-name
Syntax Description classmap-name Name of the class map.

Usage Guidelines QoS-statistics data export is not supported on OSM interfaces.

You must enable data export on the class map and globally to set up data export on your Cisco 7600
series router.
For each data export-enabled class map, statistics data per policer per interface is exported. If the
interface is a physical interface, the following information is exported:
• Type (4 denotes class map physical export)
• Class-map name
• Module/port
• Accepted packets (accumulated hardware-counter values)
• Exceeded normal-rate packets (accumulated hardware-counter values)
• Exceeded excess-rate packets (accumulated hardware-counter values)

QOS-468
If the interface is a Cisco 7600 series router VLAN, the following information is exported:
• Type (5 denotes class-map VLAN export)
• Class-map name
• Encoded Address Recognition Logic (EARL) identification (slot number in which the EARL is
installed)
• VLAN number
• Accepted packets (cumulated hardware-counter values)
• Exceeded normal-rate packets (cumulated hardware-counter values)
• Exceeded excess-rate packets (cumulated hardware-counter values)
If the interface is a Cisco 7600 series router port channel, the following information is exported:
• Type (6 denotes class-map port-channel export)
• Class-map name
• EARL identification (slot number in which the EARL is installed)
• Port-channel number
• Accepted packets (cumulated hardware-counter values)
• Exceeded normal-rate packets (cumulated hardware-counter values)
• Exceeded excess-rate packets (cumulated hardware-counter values)
For example, if you have the following configuration:
• QoS-statistics data export enabled on the class map named “class_1”
• An EARL in the supervisor engine that is installed in slot 1
• An EARL on the Distributed Forwarding Card (DFC) that is installed in slot 3
• The Cisco 7600 series router is in the policy map named “policy_1”
• policy_1 is attached to the following interfaces in the ingress direction:
– FastEthernet4/5
– VLAN 100
– Port-channel 24
The exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|4|class_1|in|4/5|45543|2345|2345|982361894|
|5|class_1|in|1|100|44000|3554|36678|982361894|
|5|class_1|in|3|100|30234|1575|1575|982361894|
Examples This example shows how to enable QoS-statistics data export for a class map:
Router(config)# mls qos statistics-export class-map class3

QOS-469

statistics-export
delimiter

QOS-470
mls qos statistics-export delimiter

To set the quality of service (QoS)-statistics data-export field delimiter, use the mls qos statistics-export
delimiter command in global configuration mode. To return to the default settings, use the no form of
this command.
no mls qos statistics-export delimiter
Command Default The default delimiter is the pipe character (|).

Usage Guidelines QoS-statistics data export is not supported on Optical Service Module (OSM) interfaces.
You must enable data export globally to set up data export on your Cisco 7600 series router.
Examples This example shows how to set the QoS-statistics data-export field delimiter (a comma) and verify the
configuration:
Router(config)# mls qos statistics-export delimiter ,


QOS-471
mls qos statistics-export destination

To configure the quality of service (QoS)-statistics data-export destination host and User Datagram
Protocol (UDP) port number, use the mls qos statistics-export destination command in global
configuration mode. To return to the default settings, use the no form of this command.
mls qos statistics-export destination {host-name | host-ip-address} {port port-number | syslog}

[facility facility-name] [severity severity-value]
Syntax Description host-name Hostname.

host-ip-address Host IP address.
port Specifies the UDP port number.
port-number
syslog Specifies the syslog port.
facility (Optional) Specifies the type of facility to export; see the “Usage Guidelines”
facility-name section for a list of valid values.
severity (Optional) Specifies the severity level to export; see the “Usage Guidelines”
severity-value section for a list of valid values.
Command Default The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
• port is 514.
• facility is local6.
• severity is debug.

Usage Guidelines QoS-statistics data export is not supported on Optical Service Module (OSM) interfaces.
Valid facility values are as follows:
• authorization—Security/authorization messages
• cron—Clock daemon
• daemon—System daemon
• kernel—Kernel messages
• local0—Local use 0

QOS-472
• lpr—Line printer subsystem
• mail—Mail system
• news—Network news subsystem
• syslog—Messages that are generated internally by syslogd
• user—User-level messages
• uucp—UNIX-to-UNIX Copy Program (UUCP) subsystem
Valid severity levels are as follows:
• alert—Action must be taken immediately
• critical—Critical conditions
• debug—Debug-level messages
• emergency—System is unusable
• error—Error conditions
• informational—Informational
• notice—Normal but significant conditions
• warning—Warning conditions
Examples This example shows how to specify the destination host address and syslog as the UDP port number:
Router(config)# mls qos statistics-export destination 172.20.52.3 syslog


QOS-473
mls qos statistics-export interval
mls qos statistics-export interval

To specify how often a port and/or aggregate-policer quality of service (QoS)-statistics data is read and
exported, use the mls qos statistics-export interval command in global configuration mode. To return to
the default settings, use the no form of this command.
mls qos statistics-export interval interval
no mls qos statistics-export interval
Syntax Description interval Export time; valid values are from 30 to 65535 seconds.
Command Default 300 seconds

Usage Guidelines QoS-statistics data export is not supported on Optical Services Module (OSM) interfaces.
The interval needs to be short enough to avoid counter wraparound with the activity in your
configuration.
Caution Be careful when decreasing the interval because exporting QoS statistics imposes a noticeable load on
the Cisco 7600 series router.
Examples This example shows how to set the QoS-statistics data-export interval:
Router(config)# mls qos statistics-export interval 250


QOS-474
mls qos supervisor 10g-only

To configure the Cisco 7600 RSP720-10GE to run QoS only on the 10GE uplink ports, use the mls qos
supervisor 10g-only command in global configuration mode. Use the no form of the command to
reconfigure the RSP to run QoS on all the uplink ports (10GE and 1GE).
no mls qos supervisor 10g-only
Defaults This command is disabled by default.

12.2(33)SRC This command was introduced on the Cisco 7600 series routers.
Usage Guidelines The RSP720-10GE has both 10GE and 1GE uplink ports. You can configure the RSP720-10GE to run
QoS features on all uplink ports (mixed mode) or on 10GE ports only. The number of queues available
for QoS depends on which mode is used:
• In mixed mode (10GE and 1GE ports), the default, only four queues are available for QoS.
The QoS port architecture for fixed mode for 1GE ports is (Rx/Tx): 2q8t/1p3q8t.
• In 10GE only mode, eight queues are available for QoS.
The QoS port architecture for 10GE only mode is as follows (Rx/Tx):
– 8q8t/1p7q8t (CoS)
– 16q8t/1p15q8t (DSCP)
– 16q1t/1p15q1t (VLAN)
When you switch between mixed-mode QoS and 10GE only mode, service is temporarily lost on the
RSP720-10GE uplinks. In addition, when you switch between modes, any existing QoS configuration
on the uplinks is lost. You must reconfigure QoS.
When you switch from 10GE only to mixed-mode QoS, you must issue the no shutdown command on
each of the three 1GE ports to resume QoS service on those ports.
In 10GE only mode, the 1GE ports are visible but they remain in an administratively down state.
Note To obtain more information on queues, use the show queueing interface command.

QOS-475
Examples The following example shows how to configure the RSP720-10GE to run QoS on 10GE ports only:
Router(config)# mls qos supervisor 10g-only
The following ports will be shut to enable 10g-only mode:
Gix/1 Gix/2 Gix/3
The following example shows how in a redundant setup (High Availability), the 1GE uplink ports on
both supervisors are shut down even though the redundant links are not used:
Router(config)# mls qos supervisor 10g-only
The following ports will be shut to enable 10g-only mode:
Gi6/1 Gi6/2 Gi6/3 Gi5/1 Gi5/2 Gi5/3

mls qos (interface configuration) Displays information about the traffic on an interface.

QOS-476
mls qos trust
mls qos trust

To configure the multilayer switching (MLS) port trust state and to classify traffic by examining the class
of service (CoS) or differentiated services code point (DSCP) value, use the mls qos trust command in
interface configuration mode. To return a port to its untrusted state, use the no form of this command.
mls qos trust [cos | dscp | ip-precedence]
no mls qos trust
Syntax Description cos (Optional) Classifies incoming packets that have packet CoS values. The CoS
bits in incoming frames are trusted. The internal DSCP value is derived from the
CoS bits. The port default CoS value should be used for untagged packets.
dscp (Optional) Classifies incoming packets that have packet DSCP values (the most
significant 6 bits of the 8-bit service-type field). The ToS bits in the incoming
packets contain the DSCP value. For non-IP packets, the packet CoS value is 0.
If you do not enter a keyword, mls qos trust dscp is assumed.
ip-precedence (Optional) Specifies that the ToS bits in the incoming packets contain an IP
precedence value. The internal DSCP value is derived from the IP-precedence
bits.
Command Default The defaults for LAN interfaces and WAN interfaces on the Optical Service Modules (OSMs) are as
follows:
• If you enable global QoS, the port is not trusted.
• If no keyword is specified or the global QoS is disabled, the default is dscp.

series routers, Cisco 3600 series routers, and Cisco 3700 series routers.
12.2(17d)SXB This command was implemented on the Cisco 7600 series routers and
series routers.

QOS-477
mls qos trust
Usage Guidelines Packets the enter a quality of service (QoS) domain are classified at its edge. Because the packets are
classified at the edge, the switch port within the QoS domain can be configured to a trusted state. It is
not necessary to classify the packets at every switch within the domain. Use the mls qos trust command
to set the trusted state of an interface and to indicate which fields of the packet are used to classify traffic.
The following conditions apply to the mls qos trust command running on Cisco 7600 series routers:
• The cos keyword is not supported for pos or atm interface types.
• The trust state does not apply to FlexWAN modules.
• The trust state does not apply to 1q4t LAN ports except for Gigabit Ethernet ports.
• Incoming queue drop thresholds are not implemented when you enter the mls qos trust cos
command on 4-port Gigabit Ethernet WAN modules.
• The set qos-group command is used to set the trust state on Layer 2 WAN interfaces.
Note This command can be used only on Cisco 7600 Series Routers.
Examples The following example shows how to set the trusted state of an interface to IP precedence:
Router(config-if)# mls qos trust ip-precedence

mls qos cos Defines the default CoS value of a port or assigns the default CoS to all
incoming packets on the port.
mls qos map Defines the CoS-to-DSCP map or the DSCP-to-CoS map.
show mls qos interface Displays QoS information.

QOS-478
mls qos trust extend

To configure the trust mode of the phone, use the mls qos trust extend command in interface configuration
mode. To return to the default settings, use the no form of this command.
mls qos trust extend [cos value]
no mls qos trust extend
Syntax Description cos value (Optional) Specifies the class of service (CoS) value that is used to remark the
packets from the PC; valid values are from 0 to 7.
Command Default The default settings are as follows:

• Mode is untrusted.
• cos value is 0.

Usage Guidelines This command is not supported on WAN modules.

If you set the phone to trusted mode, all the packets from the PC are sent untouched directly through the
phone to the Cisco 7600 series router. If you set the phone to untrusted mode, all the traffic coming from
the PC are remarked with the configured CoS value before being sent to the Cisco 7600 series router.
Each time that you enter the mls qos trust extend command, the mode is changed. For example, if the
mode was previously set to trusted, if you enter the command, the mode changes to untrusted. Enter the
show queueing interface command to display the current trust mode.
Examples This example shows how to set the phone that is attached to the switch port in trust mode:
Router(config-if)# interface fastethernet5/1
Router(config-if)# mls qos trust extend
This example shows how to change the mode to untrusted and set the remark CoS value to 3:
Router(config-if)# mls qos trust extend cos 3

QOS-479
This example shows how to set the configuration to the default mode:
Router(config-if)# no mls qos trust extend

show queueing Displays queueing information.
interface

QOS-480
mls qos vlan-based
mls qos vlan-based

To enable per-VLAN quality of service (QoS) for a Layer 2 interface, use the mls qos vlan-based
command in interface configuration mode. To disable per-VLAN QoS for a Layer 2 interface, use the no
mls qos vlan-based
no mls qos vlan-based

Usage Guidelines This command is supported on switch-port and port-channel interfaces only.
In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is
driven by the policy map that is attached to the corresponding VLAN interface.
You can configure per-VLAN QoS only on Layer 2 interfaces.
Note Layer 3 interfaces are always in interface-based mode. Layer 3 VLAN interfaces are always in
VLAN-based mode.
Examples This example shows how to enable per-VLAN QoS for a Layer 2 interface:
Router(config-if)# mls qos vlan-based

QOS-481
mls qos vlan-based

mls qos bridged Enables the microflow policing for bridged traffic on Layer 3 LAN
interfaces.
mls qos cos Defines the default CoS value for an interface.
interface

QOS-482
mpls experimental
mpls experimental
To configure Multiprotocol Label Switching (MPLS) experimental (EXP) levels for a virtual circuit
(VC) class that can be assigned to a VC bundle and thus applied to all VC members of that bundle, use
the mpls experimental command in VC-class configuration mode. To remove the MPLS EXP levels
from the VC class, use the no form of this command.
To configure the MPLS EXP levels for a VC member of a bundle, use the mpls experimental command
in bundle-vc configuration mode. To remove the MPLS EXP levels from the VC, use the no form of this
command.
mpls experimental [other | range]
no mpls experimental
Syntax Description other (Optional) Specifies any MPLS EXP levels in the range from 0 to 7 that are
not explicitly configured. This is the default.
range (Optional) A single MPLS EXP level specified as a number from 0 to 7, or
a range of levels, specified as a hyphenated range.
Defaults Defaults to other, that is, any MPLS EXP levels in the range from 0 to 7 that are not explicitly
configured.

Bundle-vc configuration (for ATM VC bundle members)

12.0(26)S This command was implemented on the Cisco 10000 series router.
12.2(16)BC This command was implemented on the ESR-PRE2.
Usage Guidelines Assignment of MPLS EXP levels to VC bundle members allows you to create differentiated service
because you can distribute the MPLS EXP levels over the different VC bundle members. You can map
a single level or a range of levels to each discrete VC in the bundle, thereby enabling VCs in the bundle
to carry packets marked with different levels. Alternatively, you can configure a VC with the mpls
experimental other command to indicate that it can carry traffic marked with levels not specifically
configured for it. Only one VC in the bundle can be configured with the mpls experimental other
command to carry all levels not specified. This VC is considered the default one.
To use this command in VC-class configuration mode, enter the vc-class atm global configuration
command before you enter this command. This command has no effect if the VC class that contains the
command is attached to a standalone VC, that is, if the VC is not a bundle member.

QOS-483
mpls experimental
To use this command to configure an individual bundle member in bundle-VC configuration mode, first
enter the bundle command to enact bundle configuration mode for the bundle to which you want to add
or modify the VC member to be configured. Then use the pvc-bundle command to specify the VC to be
created or modified and enter bundle-VC configuration mode.
next highest MPLS EXP level):
• Bundle configuration in bundle mode (with the effect of assigned VC class configuration)
Note If you are using an ATM interface, you must configure all MPLS EXP levels (ranging from 0 to 7) for
the bundle. For this configuration, Cisco recommends configuring one member of the bundle with the
mpls experimental other command. The other keyword defaults to any MPLS EXP level in a range
from 0 to 7 that is not explicitly configured.
Examples The following example configures a class named control-class that includes an mpls experimental
command that, when applied to a bundle, configures all VC members of that bundle to carry MPLS EXP
level 7 traffic. Note that VC members of that bundle can be individually configured with the mpls
experimental command at the bundle-vc level, which would supervene.
vc-class atm control-class
mpls experimental 7
The following example configures permanent virtual circuit (PVC) 401, named control-class, to carry
traffic with MPLS EXP levels in the range of 4 to 2, overriding the level mapping set for the VC through
VC-class configuration:
pvc-bundle control-class 401
mpls experimental 4-2

bump Configures the bumping rules for a VC class that can be assigned to a VC
bundle.
bundle Creates a bundle or modifies an existing bundle, and enters bundle
configuration mode.
protect Configures a VC class with protected group or protected VC status for
application to a VC bundle member.
pvc-bundle Adds a VC to a bundle as a member and enters bundle-VC configuration
mode to configure that VC bundle member.
vbr-nrt Configures the VBR-nrt QoS and specifies the output peak cell rate, output
vc-class atm Creates a VC class for an ATM PVC, SVC, or ATM interface, and enters
VC-class configuration mode.

QOS-484
non-tcp
non-tcp
To enable non-Transmission-Control-Protocol (non-TCP) header compression within an IP Header
Compression (IPHC) profile, use the non-tcp command in IPHC-profile configuration mode. To disable
non-TCP header compression within an IPHC profile, use the no form of this command.
non-tcp
no non-tcp
Command Default Non-TCP header compression is enabled.


The non-tcp command is intended for use as part of an IPHC profile. An IPHC profile is used to enable
and configure header compression on a network. For more information about using IPHC profiles to
configure header compression, see the “Header Compression” module and the “Configuring Header
Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service Solutions Configuration
Guide, Release 12.4T.
Examples The following example shows how to configure an IPHC profile called profile2. In this example,
non-TCP header compression is configured.
Router> enable


QOS-485
non-tcp contexts
non-tcp contexts
To set the number of contexts available for non-Transmission-Control-Protocol (TCP) header
compression, use the non-tcp contexts command in IPHC-profile configuration mode. To remove the
number of previously configured contexts, use the no form of this command.
non-tcp contexts {absolute number-of-connections | kbps-per-context kbps}
no non-tcp contexts
Syntax Description absolute Indicates that the maximum number of compressed non-TCP contexts will
be based on a fixed (absolute) number.
number-of-connections Number of non-TCP connections. Range is from 1 to 1000.
kbps-per-context Indicates that the maximum number of compressed non-TCP contexts will
be based on available bandwidth.
kbps Number of kbps to allow for each context. Range is from 1 to 100.
Command Default The non-tcp contexts command calculates the number of contexts on the basis of bandwidth and
allocates 4 kbps per context.

Usage Guidelines Use the non-tcp contexts command to set the number of contexts available for non-TCP header
compression. A context is the state that the compressor uses to compress a header and that the
decompressor uses to decompress a header. The context is the uncompressed version of the last header
sent and includes information used to compress and decompress the packet.

The non-tcp contexts command is intended for use as part of an IPHC profile. An IPHC profile is used
Setting the Number of Contexts as an Absolute Number

The non-tcp contexts command allows you to set the number of contexts as an absolute number. To set
the number of contexts as an absolute number, enter a number between 1 and 1000.

QOS-486
non-tcp contexts
Calculating the Number of Contexts on the Basis of Bandwidth

The non-tcp contexts command can calculate the number of contexts on the basis of the bandwidth
available on the network link to which the IPHC profile is applied.
To have the number of contexts calculated on the basis of the available bandwidth, enter the
kbps-per-context keyword followed by a value for the kbps argument. The command divides the
available bandwidth by the kbps specified. For example, if the bandwidth of the network link is
3000 kbps, and you enter 5 for the kbps argument, the command calculates 600 contexts.
Examples The following is an example of an IPHC profile called profile2. In this example, the number of non-TCP
contexts has been set to 75.
Router> enable
Router(config-iphcp)# non-tcp contexts absolute 75


QOS-487
oam-bundle
oam-bundle
To enable end-to-end F5 Operation, Administration, and Maintenance (OAM) loopback cell generation
and OAM management for all virtual circuit (VC) members of a bundle or a VC class that can be applied
to a VC bundle, use the oam-bundle command in SVC-bundle configuration mode or VC-class
configuration mode. To remove OAM management from the bundle or class configuration, use the no
To enable end-to-end F5 OAM loopback cell generation and OAM management for all VC members of
a bundle, use the oam-bundle command in bundle configuration mode. To remove OAM management
from the bundle, use the no form of this command.
oam-bundle [manage] [frequency]
no oam-bundle [manage] [frequency]
Syntax Description manage (Optional) Enables OAM management. If this keyword is omitted, loopback
cells are sent, but the bundle is not managed.
frequency (Optional) Number of seconds between transmitted OAM loopback cells.
Values range from 0 to 600 seconds. The default value for the frequency
argument is 10 seconds.
Command Default End-to-end F5 OAM loopback cell generation and OAM management are disabled, but if OAM cells are
received, they are looped back.
Command Modes SVC-bundle configuration (for an SVC bundle)

VC-class configuration (for a VC class)
Bundle configuration (for an ATM VC bundle)

12.0(26)S This command was introduced on the Cisco 10000 series router.
12.2(4)T This command was made available in SVC-bundle configuration mode.

QOS-488
oam-bundle
Usage Guidelines This command defines whether a VC bundle is OAM managed. If this command is configured for a
bundle, every VC member of the bundle is OAM managed. If OAM management is enabled, further
control of OAM management is configured using the oam retry command.
This command has no effect if the VC class that contains the command is attached to a standalone VC;
that is, if the VC is not a bundle member. In this case, the attributes are ignored by the VC.
To use this command in VC-class configuration mode, first enter the vc-class atm global configuration
command.
To use this command in bundle configuration mode, first enter the bundle subinterface configuration
command to create the bundle or to specify an existing bundle.
VCs in a VC bundle are subject to the following configuration inheritance rules (listed in order of
• Bundle configuration in bundle mode (with the effect of assigned VC-class configuration)
Examples The following example enables OAM management for a bundle called “bundle 1”:
bundle bundle1
oam-bundle manage

broadcast Configures broadcast packet duplication and transmission for an ATM VC
class, PVC, SVC, or VC bundle.
bundle.
specified VC class.
encapsulation Sets the encapsulation method used by the interface.
inarp Configures the Inverse ARP time period for an ATM PVC, VC class, or VC
bundle.
oam retry Configures parameters related to OAM management for an ATM PVC, SVC,
VC class, or VC bundle.
protocol (ATM) Configures a static map for an ATM PVC, SVC, VC class, or VC bundle, and
enables Inverse ARP or Inverse ARP broadcasts on an ATM PVC by
configuring Inverse ARP either directly on the PVC, on the VC bundle, or in
a VC class (applies to IP and IPX protocols only).
vc-class atm Creates a virtual circuit (VC) class for an ATM permanent virtual circuit
(PVC), switched virtual circuit (SVC), or ATM interface.

QOS-489
platform vfi dot1q-transparency

To enable 802.1Q transparency mode, use the platform vfi dot1q-transparency command in global
configuration mode. To disable 802.1Q transparency, use the no form of this command.
no platform vfi dot1q-transparency
Command Default 802.1Q transparency mode is disabled.

12.2(18)SXF2 This command was introduced on the Supervisor Engine 720.
Usage Guidelines This command is supported on Optical Services Modules (OSMs) only.
802.1Q transparency allows a service provider to modify the Multiprotcol Label Switching Experimental
bits (MPLS EXP) bits for core-based QoS policies while leaving any Virtual Private LAN Service
(VPLS) customer 802.1p bits unchanged.
With releases before Cisco IOS Release 12.2(18)SXF1, application of a service policy to a VLAN
interface that matches all and sets the MPLS EXP bits had an effect on both the Interior Gateway
Protocol (IGP) label and the VC label. Because the 802.1p bits were rewritten on the egress Provider
Edge (PE) based on the received Virtual Circuit (VC) MPLS EXP bits, the VPLS customer’s 802.1p bits
were changed.
The Dot1q Transparency for EoMPLS feature causes the VLAN-applied policy to affect only the IGP
label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the
802.1p bits are still rewritten based on the received VC EXP bits; however, because the EXP bits now
match the ingress 802.1p bits, a VPLS customer’s 802.1p bits do not change.
Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI)
EoMPLS VCs configured on the Cisco 7600 series routers.
To ensure interoperability, apply the Dot1q Transparency for EoMPLS feature to all participating PE
routers.
Examples This example shows how to enable 802.1Q transparency:


QOS-490
This example shows how to disable 802.1Q transparency:

no platform vfi dot1q-transparency

show cwan vfi Displays 802.1Q transparency mode.
dot1q-transparency

QOS-491
police
police
To configure traffic policing, use the police command in policy-map class configuration mode or
policy-map class police configuration mode. To remove traffic policing from the configuration, use the
police bps [burst-normal] [burst-max] conform-action action exceed-action action

[violate-action action]
no police bps [burst-normal] [burst-max] conform-action action exceed-action action

Syntax Description bps Average rate, in bits per second. Valid values are 8000 to 200000000.
burst-normal (Optional) Normal burst size in bytes. Valid values are 1000 to 51200000.
Default normal burst size is 1500.
burst-max (Optional) Maximum burst size, in bytes. Valid values are 1000 to 51200000.
Default varies by platform.
conform-action Specifies action to take on packets that conform to the rate limit.
exceed-action Specifies action to take on packets that exceed the rate limit.
violate-action (Optional) Specifies action to take on packets that violate the normal and
maximum burst sizes.

QOS-492
police
action Action to take on packets. Specify one of the following keywords:

• drop—Drops the packet.
• set-clp-transmit value—Sets the ATM Cell Loss Priority (CLP) bit
from 0 to 1 on the ATM cell and transmits the packet with the ATM CLP
bit set to 1.
• set-cos-inner-transmit value—Sets the inner class of service field as a
policing action for a bridged frame on the Enhanced FlexWAN module
when using bridging features on SPAs with the Cisco 7600 SIP-200 and
Cisco 7600 SIP-400 on the Cisco 7600 series router.
• set-cos-transmit value—Sets the COS packet value and sends it.
• set-discard-class-transmit—Sets the discard class attribute of a packet
and transmits the packet with the new discard class setting.
• set-dscp-transmit value—Sets the IP differentiated services code point
(DSCP) value and transmits the packet with the new IP DSCP value.
• set-dscp-tunnel-transmit value—Sets the DSCP value (0 to 63) in the
tunnel header of a Layer 2 Tunnel Protocol Version 3 (L2TPv3) or
Generic Routing Encapsulation (GRE) tunneled packet for tunnel
marking and transmits the packet with the new value.
• set-frde-transmit value—Sets the Frame Relay Discard Eligibility
(DE) bit from 0 to 1 on the Frame Relay frame and transmits the packet
with the DE bit set to 1.
• set-mpls-experimental-imposition-transmit value—Sets the
Multiprotocol Label Switching (MPLS) experimental (EXP) bits (0 to 7)
in the imposed label headers and transmits the packet with the new
MPLS EXP bit value.
• set-mpls-experimental-topmost-transmit value—Sets the MPLS EXP
field value in the topmost MPLS label header at the input and/or output
interfaces.
• set-prec-transmit value—Sets the IP precedence and transmits the
packet with the new IP precedence value.
• set-prec-tunnel-transmit value—Sets the precedence value (0 to 7) in
the tunnel header of an L2TPv3 or GRE tunneled packet for tunnel
• set-qos-transmit value—Sets the qos-group value and transmits the
packet with the new qos-group value.
• transmit—Transmits the packet. The packet is not altered.
Command Default Traffic policing is not configured.
Command Modes Policy-map class configuration (config-pmap-c) when specifying a single action to be applied to a
marked packet
Policy-map class police configuration (config-pmap-c-police) when specifying multiple actions to be
applied to a marked packet

QOS-493
police

12.0(5)XE This police command was introduced.
12.1(1)E This command was integrated in Cisco IOS Release 12.1(1)E.
12.1(5)T This command was integrated in Cisco IOS Release 12.1(5)T. The
violate-action keyword was added.
12.2(2)T The following modifications were made to the command:
• The set-clp-transmit keyword for the action argument was added.
• The set-frde-transmit keyword for the action argument was added.
Note However, the set-frde-transmit keyword is not supported for AToM
traffic in this release. Also, the set-frde-transmit keyword is
supported only when Frame Relay is implemented on a physical
interface without encapsulation.
• The set-mpls-experimental-transmit keyword for the action argument

was added.
12.2(8)T The command was modified for the Policer Enhancement—Multiple Actions
feature. This command can now accommodate multiple actions for packets
marked as conforming to, exceeding, or violating a specific rate.
12.2(13)T In the action argument, the set-mpls-experimental-transmit keyword was
renamed to set-mpls-experimental-imposition-transmit.
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB, and the
set-dscp-tunnel-transmit and set-prec-tunnel-transmit keywords for the
action argument were added. These keywords are intended for marking
Layer 2 Tunnel Protocol Version 3 (L2TPv3) tunneled packets.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA. The
set-cos-inner-transmit keyword for the action argument was added when
using multipoint bridging (MPB) features on the Enhanced FlexWAN
module and when using MPB on SPAs with the Cisco 7600 SIP-200 and
12.2(31)SB2 Support for the set-frde-transmit action argument was added on the
12.4(15)T2 This command was modified to include support for marking Generic Routing
Encapsulation (GRE) tunneled packets.
Note For this release, marking GRE-tunneled packets is supported only on
platforms equipped with a Cisco MGX Route Processor Module
(RPM-XF).
12.2(33)SB This command was modified to include support for marking GRE-tunneled
packets, and support for the Cisco 7300 series router was added.

QOS-494
police
Usage Guidelines Use the police command to mark a packet with different quality of service (QoS) values based on
conformance to the service-level agreement.
Traffic policing will not be executed for traffic that passes through an interface.
Specifying Multiple Actions

The police command allows you to specify multiple policing actions. When specifying multiple policing
actions when configuring the police command, note the following points:
• You can specify a maximum of four actions at one time.
• You cannot specify contradictory actions such as conform-action transmit and conform-action
drop.
Using the Police Command with the Traffic Policing Feature

The police command can be used with the Traffic Policing feature. The Traffic Policing feature works
with a token bucket algorithm. Two types of token bucket algorithms are in Cisco IOS Release 12.1(5)T:
a single-token bucket algorithm and a two-token bucket algorithm. A single-token bucket system is used
when the violate-action option is not specified, and a two-token bucket system is used when the
violate-action option is specified.
The token bucket algorithm for the police command that was introduced in Cisco IOS
Release 12.0(5)XE is different from the token bucket algorithm for the police command that was
introduced in Cisco IOS Release 12.1(5)T. For information on the token bucket algorithm introduced in
Release 12.0(5)XE, see the Traffic Policing document for Release 12.0(5)XE. This document is available
on the New Features for 12.0(5)XE documentation index (under Modular QoS CLI-related feature
modules) at www.cisco.com.
The following are explanations of how the token bucket algorithms introduced in Cisco IOS
Release 12.1(5)T work.
Token Bucket Algorithm with One Token Bucket

The one-token bucket algorithm is used when the violate-action option is not specified in the police
command CLI.
The conform bucket is initially set to the full size (the full size is the number of bytes specified as the
normal burst size).
When a packet of a given size (for example, “B” bytes) arrives at specific time (time “T”), the following
actions occur:
• Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the
current time is T, the bucket is updated with (T - T1) worth of bits based on the token arrival rate.
The token arrival rate is calculated as follows:
(time between packets (which is equal to T - T1) * policer rate)/8 bytes
• If the number of bytes in the conform bucket B is greater than or equal to the packet size, the packet
conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed
from the conform bucket and the conform action is completed for the packet.
• If the number of bytes in the conform bucket B (minus the packet size to be limited) is fewer than
0, the exceed action is taken.

QOS-495
police
Token Bucket Algorithm with Two Token Buckets

The two-token bucket algorithm is used when the violate-action option is specified in the police
command.
The conform bucket is initially full (the full size is the number of bytes specified as the normal burst
size).
The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the
maximum burst size).
The tokens for both the conform and exceed token buckets are updated based on the token arrival rate,
or committed information rate (CIR).
When a packet of given size (for example, “B” bytes) arrives at specific time (time “T”) the following
actions occur:
• Tokens are updated in the conform bucket. If the previous arrival of the packet was at T1 and the
current arrival of the packet is at T, the bucket is updated with T -T1 worth of bits based on the token
arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform
bucket, the overflow tokens are placed in the exceed bucket.
The token arrival rate is calculated as follows:
(time between packets (which is equal to T-T1) * policer rate)/8 bytes
• If the number of bytes in the conform bucket B is greater than or equal to 0, the packet conforms
and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the
conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.
• If the number of bytes in the conform bucket B is less than 0, the excess token bucket is checked for
bytes by the packet. If the number of bytes in the exceed bucket B is greater than or equal to 0, the
exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed
from the conform bucket.
• If the number bytes in the exceed bucket B is fewer than 0, the packet violates the rate and the violate
action is taken. The action is complete for the packet.
Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router
The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to
support marking of the inner CoS value as a policing action when using MPB features on the Enhanced
FlexWAN module and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600
SIP-400 on the Cisco 7600 series router.
This command is not supported on the Cisco 7600 SIP-600.
For more information about QoS and the forms of police commands supported by the SIPs on the
Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.
Examples Token Bucket Algorithm with One Token Bucket: Example

The following example shows how to define a traffic class (using the class-map command) and associate
the match criteria from the traffic class with the traffic policing configuration, which is configured in the
service policy (using the policy-map command). The service-policy command is then used to attach this
service policy to the interface.
In this particular example, traffic policing is configured with the average rate at 8000 bits per second and
the normal burst size at 1000 bytes for all packets leaving Fast Ethernet interface 0/0:
Router(config)# class-map access-match

QOS-496
police
Router(config)# policy-map police-setting

Router(config-pmap)# class access-match
Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop
Router(config)# interface fastethernet 0/0
Router(config-if)# service-policy output police-setting
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the token bucket ((0.25 * 8000)/8),
leaving 800 bytes in the token bucket. If the next packet is 900 bytes, the packet exceeds and the exceed
action (drop) is taken. No bytes are taken from the token bucket.
Token Bucket Algorithm with Two Token Buckets: Example

In this example, traffic policing is configured with the average rate at 8000 bits per second, the normal
burst size at 1000 bytes, and the excess burst size at 1000 bytes for all packets leaving Fast Ethernet
interface 0/0.
Router(config)# class-map access-match
Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action
set-qos-transmit 1 violate-action drop
Router(config-if)# service-policy output police-setting
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet, and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the conform token bucket
((0.25 * 8000)/8), leaving 800 bytes in the conform token bucket. If the next packet is 900 bytes, the
packet does not conform because only 800 bytes are available in the conform token bucket.
The exceed token bucket, which starts full at 1000 bytes (as specified by the excess burst size), is then
checked for available bytes. Because enough bytes are available in the exceed token bucket, the exceed
action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving
100 bytes in the exceed token bucket).
If the next packet arrives 0.40 seconds later, 400 bytes are added to the token buckets ((.40 * 8000)/8).
Therefore, the conform token bucket now has 1000 bytes (the maximum number of tokens available in
the conform bucket) and 200 bytes overflow the conform token bucket (because only 200 bytes were
needed to fill the conform token bucket to capacity). These overflow bytes are placed in the exceed token
bucket, giving the exceed token bucket 300 bytes.
If the arriving packet is 1000 bytes, the packet conforms because enough bytes are available in the
conform token bucket. The conform action (transmit) is taken by the packet, and 1000 bytes are removed
from the conform token bucket (leaving 0 bytes).

QOS-497
police
If the next packet arrives 0.20 seconds later, 200 bytes are added to the token bucket ((.20 * 8000)/8).
Therefore, the conform bucket now has 200 bytes. If the arriving packet is 400 bytes, the packet does not
conform because only 200 bytes are available in the conform bucket. Similarly, the packet does not
exceed because only 300 bytes are available in the exceed bucket. Therefore, the packet violates and the
violate action (drop) is taken.
Conforming to the MPLS EXP Value: Example

The following example shows that if packets conform to the rate limit, the MPLS EXP field is set to 5.
If packets exceed the rate limit, the MPLS EXP field is set to 3.
Router(config)# policy-map input-IP-dscp
Router(config-pmap)# class dscp24
Router(config-pmap-c)# police 8000 1500 1000 conform-action
set-mpls-experimental-imposition-transmit 5 exceed-action
set-mpls-experimental-imposition-transmit 3
Router(config-pmap-c)# violate-action drop
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example
The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN)
100 into a class named “vlan-inner-100” and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to an average rate of 500 kbps, with a normal burst of 1000 bytes
and a maximum burst of 1500 bytes, and sets the inner CoS value to 3. Since setting of the inner CoS
value is supported only with bridging features, the configuration also shows the service policy being
applied as an output policy for an ATM SPA interface permanent virtual circuit (PVC) that bridges traffic
into VLAN 100 using the bridge-domain command.
Router(config)# class-map match-all vlan-inner-100
Router(config)# policy-map vlan-inner-100
Router(config-pmap)# class vlan-inner-100
Router(config-pmap-c)# police 500000 1000 1500 conform-action set-cos-inner-transmit 3
Router(config)# interface atm3/0/0
Router(config-if)# pvc 100/100
Router(config-if-atm-vc)# bridge-domain 100 dot1q
Router(config-if-atm-vc)# service-policy output vlan-inner-100
Router(config-if-atm-vc)# end

bridge-domain Enables RFC 1483 ATM bridging or RFC 1490 Frame Relay bridging to map
a bridged VLAN to an ATM PVC or Frame Relay data-link connection
identifier (DLCI).
service-policy Specifies the name of the service policy to be attached to the interface.
show policy-map Displays the configuration of all classes for a specified service policy map or
all classes for all existing policy maps.

QOS-498
police (EtherSwitch)
To define a policer for classified traffic, use the police command in policy-map class configuration
mode. To remove an existing policer, use the no form of this command.
police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action {drop
| dscp dscp-value}]
no police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action

{drop | dscp dscp-value}]
Syntax Description bps | cir bps Average traffic rate or committed information rate (CIR) in bits per
second (bps).
For 10/100 ports, the range is 1000000 to 100000000, and the granularity
is 1 Mbps.
For Gigabit-capable Ethernet ports, the range is 8000000 to 1016000000,
and the granularity is 8 Mbps.
burst-byte | bc burst-byte (Optional) Normal burst size or burst count in bytes.
conform-action transmit Sends packets that conform to the rate limit.
exceed-action drop (Optional) When the specified rate is exceeded, specifies that the switch
drops the packet.
exceed-action dscp (Optional) When the specified rate is exceeded, specifies that the switch
dscp-value changes the differentiated services code point (DSCP) of the packet to the
specified dscp-value and then sends the packet.
Command Default No policers are defined.

series routers.

QOS-499
Usage Guidelines You can configure up to six policers on ingress Fast Ethernet ports.
You can configure up to 60 policers on ingress Gigabit-capable Ethernet ports.
Policers cannot be configured on egress Fast Ethernet and Gigabit-capable Ethernet ports.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Use the show policy-map command to verify your settings.
Examples The following example shows how to configure a policer that sets the DSCP value to 46 if traffic does
not exceed a 1-Mbps average rate with a burst size of 65536 bytes and drops packets if traffic exceeds
these conditions:
Router(config-pmap-c)# set ip dscp 46
Router(config-pmap-c)# police 1000000 65536 conform-action transmit exceed-action drop

policy-map Creates or modifies a policy map that can be attached to multiple
interfaces and enters policy-map configuration mode.
show policy-map Displays QoS policy maps.

QOS-500
police (percent)
police (percent)
To configure traffic policing on the basis of a percentage of bandwidth available on an interface, use the
police command in QoS policy-map class configuration mode. To remove traffic policing from the
configuration, use the no form of this command.
Supported Platforms Except the Cisco 10000 Series Router
police cir percent percentage [burst-in-msec] [bc conform-burst-in-msec ms]

[be peak-burst-in-msec ms] [pir percent percentage] [conform-action action [exceed-action
action [violate-action action]]]
no police cir percent percentage [burst-in-msec] [bc conform-burst-in-msec ms]

[be peak-burst-in-msec ms] [pir percent percentage] [conform-action action [exceed-action
police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be
peak-burst-in-msec ms] [conform-action action] [exceed-action action]
no police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be
peak-burst-in-msec ms] [conform-action action] [exceed-action action]
Syntax Description cir Committed information rate. Indicates that the CIR will be used for policing
traffic.
percent Specifies that a percentage of bandwidth will be used for calculating the
CIR.
percentage Specifies the bandwidth percentage. Valid range is a number from 1 to 100.
burst-in-msec (Optional) Burst in milliseconds. Valid range is a number from 1 to 2000.
bc (Optional) Conform burst (bc) size used by the first token bucket for policing
traffic.
conform-burst-in-msec (Optional) Specifies the bc value in milliseconds. Valid range is a number
from 1 to 2000.
ms (Optional) Indicates that the burst value is specified in milliseconds.
be (Optional) Peak burst (be) size used by the second token bucket for policing
traffic.
peak-burst-in-msec (Optional) Specifies the be size in milliseconds. Valid range is a number
from 1 to 2000.
pir (Optional) Peak information rate. Indicates that the PIR will be used for
policing traffic.
percent (Optional) Specifies that a percentage of bandwidth will be used for
calculating the PIR.
conform-action (Optional) Action to take on packets whose rate is less than the conform
burst. You must specify a value for peak-burst-in-msec before you specify
the conform-action.

QOS-501
police (percent)
exceed-action (Optional) Action to take on packets whose rate is within the conform and
conform plus exceed burst.
violate-action (Optional) Action to take on packets whose rate exceeds the conform plus
exceed burst. You must specify the exceed-action before you specify the
violate-action.
action (Optional) Action to take on packets. Specify one of the following keywords:
All Supported Platforms

• set-clp-transmit—Sets the ATM Cell Loss Priority (CLP) bit from 0
to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1.
• set-dscp-transmit new-dscp—Sets the IP differentiated services code
point (DSCP) value and sends the packet with the new IP DSCP value
setting.
• set-frde-transmit—Sets the Frame Relay discard eligible (DE) bit from
0 to 1 on the Frame Relay frame and sends the packet with the DE bit set
to 1.
• set-prec-transmit new-prec—Sets the IP precedence and sends the
packet with the new IP precedence value setting.
• transmit—Sends the packet with no alteration.

• policed-dscp-transmit—(Exceed and violate action only). Changes the
DSCP value per the policed DSCP map and sends the packet.
policing action for a bridged frame on the Enhanced FlexWAN module,
and when using bridging features on SPAs with the Cisco 7600 SIP-200
and Cisco 7600 SIP-400 on the Cisco 7600 series router.
• set-cos-transmit value—Sets the packet cost of service (CoS) value and
sends the packet.
• set-mpls-exposition-transmit—Sets the Multiprotocol Label
Switching (MPLS) experimental bits from 0 to 7 and sends the packet
with the new MPLS experimental bit value setting.
• set-mpls-topmost-transmit—Sets the MPLS experimental bits on the
topmost label and sends the packet.

QOS-502
police (percent)
action (continued) Cisco 10000 Series Routers

• set-clp-transmit value—Sets the ATM Cell Loss Priority (CLP) bit
from 0 to 1 on the ATM cell and transmits the packet with the ATM CLP
bit set to 1.
• set-cos-transmit value—Sets the packet COS value and sends it.
• set-discard-class-transmit—Sets the discard class attribute of a packet
and transmits the packet with the new discard class setting.
• set-dscp-transmit value—Sets the IP differentiated services code point
(DSCP) value and transmits the packet with the new IP DSCP value
setting.
• set-frde-transmit value—Sets the Frame Relay Discard Eligibility
(DE) bit from 0 to 1 on the Frame Relay frame and transmits the packet
with the DE bit set to 1.
• set-mpls-experimental-imposition-transmit value—Sets the
Multiprotocol Label Switching (MPLS) experimental (EXP) bits (0 to 7)
in the imposed label headers and transmits the packet with the new
MPLS EXP bit value setting.
• set-mpls-experimental-topmost-transmit value—Sets the MPLS EXP
field value in the topmost MPLS label header at the input and/or output
interfaces.
• set-prec-transmit value—Sets the IP precedence and transmits the
• set-qos-transmit value—Sets the quality of service (QoS) group value
and transmits the packet with the new QoS group value setting. Valid
• transmit—Transmits the packet. The packet is not altered.
Command Default All Supported Platforms

The default bc and be values are 4 ms.

The default action for conform-action is transmit.
The default action for exceed-action and violate-action is drop.
Command Modes QoS policy-map class configuration

QOS-503
police (percent)

12.0(25)SX The Percent-based Policing feature was introduced on the Cisco 10000 series
router.
12.2(13)T This command was modified for the Percentage-Based Policing and Shaping
feature.
12.0(28)S The command was integrated into Cisco IOS Release 12.0(28)S.
12.2(18)SXE The command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(28)SB The command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA The set-cos-inner-transmit keyword for the action argument was added
when using multipoint bridging (MPB) features on the Enhanced FlexWAN
module, and when using MPB on SPAs with the Cisco 7600 SIP-200 and
12.2(31)SB2 Support was added on the PRE3 for the set-frde-transmit action argument
for the Cisco 10000 series router.
Usage Guidelines This command calculates the cir and pir on the basis of a percentage of the maximum amount of
bandwidth available on the interface. When a policy map is attached to the interface, the equivalent cir
and pir values in bits per second (bps) are calculated on the basis of the interface bandwidth and the
percent value entered with this command. The show policy-map interface command can then be used
to verify the bps rate calculated.
The calculated cir and pir bps rates must be in the range of 8000 and 2000000000 bps. If the rates are
outside this range, the associated policy map cannot be attached to the interface. If the interface
bandwidth changes (for example, more is added), the bps values of the cir and the pir are recalculated
on the basis of the revised amount of bandwidth. If the cir and pir percentages are changed after the
policy map is attached to the interface, the bps values of the cir and pir are recalculated.
Conform Burst and Peak Burst Sizes in Milliseconds

This command also allows you to specify the values for the conform burst size and the peak burst size
in milliseconds. If you want bandwidth to be calculated as a percentage, the conform burst size and the
peak burst size must be specified in milliseconds (ms).
Hierarchical Policy Maps

Policy maps can be configured in two-level (nested) hierarchies; a top (or “parent”) level and a secondary
(or “child”) level. The police (percent) command can be configured for use in either a parent or child
policy map.
Bandwidth and Hierarchical Policy Maps

The police (percent) command uses the maximum rate of bandwidth available as the reference point for
calculating the bandwidth percentage. When the police (percent) command is configured in a child
policy map, the police (percent) command uses the bandwidth amount specified in the next higher-level
policy (in this case, the parent policy map). If the parent policy map does not specify the maximum
bandwidth rate available, the police (percent) command uses the maximum bandwidth rate available on

QOS-504
police (percent)
the next higher level (in this case, the physical interface, the highest point in the hierarchy) as the
reference point. The police (percent) command always looks to the next higher level for the bandwidth
reference point. The following sample configuration illustrates this point:
Policymap parent_policy
class parent
service-policy child_policy
Policymap child_policy
class normal_type
police cir percent 30
In this sample configuration, there are two hierarchical policies: one called parent_policy and one called
child_policy. In the policy map called child_policy, the police command has been configured in the class
called normal_type. In this class, the percentage specified by for the police (percent) command is
30 percent. The command will use 512 kbps, the peak rate, as the bandwidth reference point for class
parent in the parent_policy. The police (percent) command will use 512 kbps as the basis for calculating
the cir rate (512 kbps * 30 percent).
interface serial 4/0
service-policy output parent_policy
Policymap parent_policy
class parent
bandwidth 512
In the above example, there is one policy map called parent_policy. In this policy map, a peak rate has
not been specified. The bandwidth command has been used, but this command does not represent the
maximum rate of bandwidth available. Therefore, the police (percent) command will look to the next
higher level (in this case serial interface 4/0) to get the bandwidth reference point. Assuming the
bandwidth of serial interface 4/0 is 1.5 Mbps, the police (percent) command will use 1.5 Mbps as the
basis for calculating the cir rate (1500000 * 30 percent).
How Bandwidth Is Calculated

The police (percent) command is often used in conjunction with the bandwidth and priority commands.
The bandwidth and priority commands can be used to calculate the total amount of bandwidth available
on an entity (for example, a physical interface). When the bandwidth and priority commands calculate
the total amount of bandwidth available on an entity, the following guidelines are invoked:
• If the entity is a physical interface, the total bandwidth is the bandwidth on the physical interface.
• If the entity is a shaped ATM permanent virtual circuit (PVC), the total bandwidth is calculated as
follows:
– For a variable bit rate (VBR) virtual circuit (VC), the sustained cell rate (SCR) is used in the
calculation.
– For an available bit rate (ABR) VC, the minimum cell rate (MCR) is used in the calculation.
For more information on bandwidth allocation, refer to the “Congestion Management Overview” chapter
in the Cisco IOS Quality of Service Solutions Configuration Guide.
FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600

QOS-505
police (percent)

Cisco 7600 series router, refer to the Cisco 7600 Series SIP, SSC, and SPA Software Configuration
Guide.
Examples The following example shows how to configure traffic policing using a CIR and a PIR on the basis of a
percentage of bandwidth. In this example, a CIR of 20 percent and a PIR of 40 percent have been
specified. Additionally, an optional bc value and be value (300 ms and 400 ms, respectively) have been
specified.
Router> enable
Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40
Router(config-pmap-c-police)# exit
After the policy map and class maps are configured, the policy map is attached to an interface as shown
in the following example:
Router> enable
Router(config-if)# service-policy input policy1
Router(config-if)# exit
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router
100 into a class named vlan-inner-100 and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to a CIR of 20 percent and a PIR of 40 percent, with a conform
burst (bc) of 300 ms, and peak burst (be) of 400 ms, and sets the inner CoS value to 3. Because setting
of the inner CoS value is only supported with bridging features, the configuration also shows the service
policy being applied as an output policy for an ATM shared port adapter (SPA) interface permanent
virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command.
Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40
conform-action set-cos-inner-transmit 3

The following example shows how to configure the police (percent) command for a priority service. In
the example, the priority class named Voice is configured in the policy map named New-Traffic. The
router allocates 25 percent of the committed rate to Voice traffic and allows committed bursts of 4 ms

QOS-506
police (percent)
and excess bursts of 1 ms. The router transmits Voice traffic that conforms to the committed rate, sets
the QoS transmit value to 4 for Voice traffic that exceeds the burst sizes, and drops Voice traffic that
violates the committed rate.
Router(config)# policy-map New-Traffic
Router(config-pmap)# class Voice
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 25 4 ms 1 ms conform-action transmit exceed-action
set-qos-transmit 4 violate-action drop

(policy-map class) policy map.
bridge-domain Enables RFC 1483 ATM bridging or RFC 1490 Frame Relay bridging to
map a bridged VLAN to an ATM PVC or Frame Relay DLCI.
priority Gives priority to a traffic class in a policy map.
shape (percent) Specifies average or peak rate traffic shaping on the basis of a percentage of
bandwidth available on an interface.

QOS-507
police (policy map)
police (policy map)

To create a per-interface policer and configure the policy-map class to use it, use the police command in
policy-map class configuration mode. To delete the per-interface policer from the policy-map class, use
The police command can be used three ways in a new policy map: police, police aggregate, and police
flow. These commands are discussed below.
police
The police command syntax is described in the Cisco IOS Quality of Service Solutions Command
Reference.
police aggregate
police aggregate name
no police aggregate name
Creating a policy map
policy-map name
no policy-map name
police flow
police flow bps [burst-normal [conform-action action] | conform-action action]
police flow mask {dest-only | full-flow | src-only} bps [burst-normal | conform-action action]
no police flow bps [burst-normal | conform-action action]
no police flow mask {dest-only | full-flow | src-only} bps [burst-normal | conform-action action]
Syntax Description aggregate name Specifies a previously defined aggregate policer name and configures the
policy-map class to use the specified aggregate policer.
policy-map name Creates the named Quality of Service (QoS) policy map.
flow Specifies a microflow policer that will police each flow.
bps Average rate, in bits per second. Valid values are from 8000 to
10000000000.
burst-normal (Optional) Committed information rate (CIR) token-bucket size, in bytes.
Valid range is from 1000 to 31250000.
conform-action action (Optional) Action to take on packets that conform to the rate limit. See the
“Usage Guidelines” section for valid values.
mask Specifies the flow mask to be used for policing.
dest-only Specifies the destination-only flow mask.
full-flow Specifies the full-flow mask.
src-only Specifies the source-only flow mask.

QOS-508
police (policy map)

• conform-action is transmit.
• exceed-action is drop.

12.2(14)SX This command was introduced on the Supervisor Engine 720.
12.2(17d)SXB3 This command was changed to lower the police bps minimum from 32000 to 8000
on FlexWAN interfaces only.
12.2(18)SXD This command was changed as follows:
• Added set-mpls-exp-topmost-transmit to the valid values for
conform-action.
• Changed the set-mpls-exp-transmit keyword to
set-mpls-exp-imposition-transmit.
12.2(18)SXF This command was changed to increase the CIR maximum to 10,000,000,000 bits
per second.
Usage Guidelines The valid values for the bps argument are from 8000 to 10000000000. The exception is that in
Release 12.2(17d)SXB3, valid values for the FlexWAN interfaces only are from 8000 to 4000000000
bps.
Use the mls qos aggregate-policer policer-name command to create a named aggregate policer.
You can create two types of aggregate policers: named and per-interface. Both types can be attached to
more than one port as follows:
• You create named aggregate policers using the mls qos aggregate-policer command. If you attach
a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress
ports to which it is attached.
• You define per-interface aggregate policers in a policy-map class using the police command. If you
attach a per-interface aggregate policer to multiple ingress ports, it polices the matched traffic on
each ingress port separately.
The burst-normal argument sets the CIR token bucket size.
Use the no police aggregate aggregate-name command to clear the use of the named aggregate policer.
You can enter the police flow command to define a microflow policer (you cannot apply microflow
policing to ARP traffic).
You can enter the police command to define per-interface aggregate policers.
If the traffic is both aggregate and microflow policed, the aggregate and the microflow policers must both
be in the same policy-map class and each must use the same conform-action and exceed-action
keyword.

QOS-509
police (policy map)
Additional Values
The valid values for the action argument are:
• drop—Drops packets that do not exceed the bps rate.
• set-clp-transmit—Sets and sends the ATM cell loss priority (CLP).
• set-dscp-transmit {dscp-bit-pattern | dscp-value | default | ef}—Marks the matched traffic with a
new DSCP value.
– dscp-bit-pattern—Specifies a DSCP bit pattern. Valid values are listed in Table 25.
– dscp-value—Specifies a DSCP value. Valid values are from 0 to 63.
– default—Matches packets with default DSCP value (000000).
– ef—Matches packets with the EF DSCP value (101110).
Table 25 Valid dscp-bit-pattern Values
Keyword Definition
af11 Matches packets with AF11 DSCP (001010).
cs1 Matches packets with CS1 (precedence 1) DSCP (001000).
• set-frde-transmit—Sets and sends the Frame Relay discard eligible (FR DE). Valid value is
exceed-action.
• set-mpls-exp-imposition-transmit new-mpls-exp—Rewrites the MPLS experimental bits on
imposed label entries and transmits the bits. The new-mpls-exp argument specifies the value used to
set the MPLS EXP bits that are defined by the policy map. Valid values for new-mpls-exp are from
0 to 7.

QOS-510
police (policy map)
• set-mpls-exp-topmost-transmit—Sets experimental (exp) bits on the topmost label and sends the
packet. Valid range is 0 to 7.
• set-prec-transmit new-precedence [exceed-action]—Marks the matched traffic with a new
IP-precedence value and transmits it. Valid values for new-precedence are from 0 to 7. Optionally,
you may also enter exceed-action.
• set-qos-transmit—Rewrites qos-group and sends the packet.
• transmit—Transmits the packets that do not exceed the bps rate. The optional keyword for transmit
is exceed-action action.
• exceed-action action and violate-action action—Two additional actions, exceed-action and
violate-action, appear as subcommands under police (policy map). The former specifies the action
to be taken when the bps rate has been exceeded. The latter specifies action to be taken when the
bps rate is greater than the burst-max rate. Both have the following valid values:
– drop—Drops packets that do not exceed the bps rate.
– policed-dscp-transmit—Causes all the out-of-profile traffic to be marked down as specified in
the markdown map.
– transmit—Transmits the packets that do not exceed the bps rate. The optional keyword for
transmit is exceed-action action.
Examples This example shows how to specify a previously defined aggregate-policer name and configures the
policy-map class to use the specified aggregate policer:
Router(config-pmap-c)# police aggregate agg1
This example shows how to create a policy map named police-setting that uses the class map
access-match, which is configured to trust received IP-precedence values and is configured with a
maximum-capacity aggregate policer and a microflow policer:
Router(config-pmap-c)# trust ip-precedence
Router(config-pmap-c)# police 1000000000 200000 conform-action set-prec-transmit 6
exceed-action policed-dscp-transmit
Router(config-pmap-c)# police flow 10000000 10000 conform-action set-prec-transmit 6
exceed-action policed-dscp-transmit

class-map Accesses the QoS class map configuration mode to configure QoS class
maps.
mls qos Defines a named aggregate policer for use in policy maps.
aggregate-policer
police Configures traffic policing in the policy-map class configuration mode or
policy-map class police configuration mode.
show class-map Displays class-map information.

QOS-511
police (policy map)
Command Description
show policy-map Displays information about the policy map.
0\

QOS-512
police (two rates)
police (two rates)

To configure traffic policing using two rates, the committed information rate (CIR) and the peak
information rate (PIR), use the police command in policy-map class configuration mode. To remove
two-rate traffic policing from the configuration, use the no form of this command.
police cir cir [bc conform-burst] [pir pir] [be peak-burst] [conform-action action [exceed-action
no police cir
Syntax Description cir Committed information rate (CIR) at which the first token bucket is updated.
cir Specifies the CIR value in bits per second. The value is a number from 8000
to 200000000.
bc (Optional) Conform burst (bc) size used by the first token bucket for policing.
conform-burst (Optional) Specifies the bc value in bytes. The value is a number from 1000
to 51200000.
pir (Optional) Peak information rate (PIR) at which the second token bucket is
updated.
pir (Optional) Specifies the PIR value in bits per second. The value is a number
from 8000 to 200000000.
be (Optional) Peak burst (be) size used by the second token bucket for policing.
peak-burst (Optional) Specifies the peak burst (be) size in bytes. The size varies
according to the interface and platform in use.
conform-action (Optional) Action to take on packets that conform to the CIR and PIR.
exceed-action (Optional) Action to take on packets that conform to the PIR but not the CIR.

QOS-513
police (two rates)
violate-action (Optional) Action to take on packets exceed the PIR.

action (Optional) Action to take on packets. Specify one of the following keywords:
• set-clp-transmit—Sets the ATM Cell Loss Priority (CLP) bit from 0
to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1.
• set-dscp-transmit new-dscp—Sets the IP differentiated services code
point (DSCP) value and sends the packet with the new IP DSCP value
setting.
• set-dscp-tunnel-transmit value—Sets the DSCP value (0 to 63) in the
tunnel header of a Layer 2 Tunnel Protocol Version 3 (L2TPv3) or
Generic Routing Encapsulation (GRE) tunneled packet for tunnel
• set-frde-transmit—Sets the Frame Relay discard eligible (DE) bit from
0 to 1 on the Frame Relay frame and sends the packet with the DE bit set
to 1.
• set-mpls-exp-transmit—Sets the Multiprotocol Label Switching
(MPLS) experimental bits from 0 to 7 and sends the packet with the new
MPLS experimental bit value setting.
• set-prec-transmit new-prec—Sets the IP precedence and sends the
• set-prec-tunnel-transmit value—Sets the precedence value (0 to 7) in
the tunnel header of an L2TPv3 or GRE tunneled packet for tunnel
• set-qos-transmit new-qos—Sets the quality of service (QoS) group
value and sends the packet with the new QoS group value setting.
Command Default Traffic policing using two rates is disabled.

12.1(5)T This command was integrated into Cisco IOS Release 12.1(5)T. The violate-action
keyword was added.

QOS-514
police (two rates)
12.2(2)T The following keywords for the action argument were added:
• set-clp-transmit
• set-frde-transmit
• set-mpls-exp-transmit
12.2(4)T This command expanded for the Two-Rate Policing feature. The cir and pir
keywords were added to accommodate two-rate traffic policing.
set-dscp-tunnel-transmit and set-prec-tunnel-transmit keywords for the action
argument were added. These keywords are intended for marking Layer 2 Tunnel
Protocol Version 3 (L2TPv3) tunneled packets.
12.2(33)SRA The set-cos-inner-transmit keyword for the action argument was added when
using multipoint bridging (MPB) features on the Enhanced FlexWAN module, and
when using MPB on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on
the Cisco 7600 series router.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support in a
specific 12.2SX release of this train depends on your feature set, platform, and
platform hardware.
12.2(33)SRC This command was modified to support the Cisco 7600 series router equipped with
a Cisco Multilayer Switch Feature Card 3 (MSFC3).
12.4(15)T2 This command was modified to include support for marking Generic Routing
Encapsulation (GRE) tunneled packets.
platforms equipped with a Cisco MGX Route Processor Module (RPM-XF).
12.2(33)SB This command was modified to include support for marking GRE-tunneled packets,
and support for the Cisco 7300 series router was added.
12.4(20)T Support was added for hierarchical queueing framework (HQF) using the Modular
Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
Usage Guidelines Configuring Priority with an Explicit Policing Rate

When you configure a priority class with an explicit policing rate, traffic is limited to the policer rate
regardless of congestion conditions. In other words, even if bandwith is available, the priority traffic
cannot exceed the rate specified with the explicit policer.
Token Buckets
Two-rate traffic policing uses two token buckets—Tc and Tp—for policing traffic at two independent
rates. Note the following points about the two token buckets:
• The Tc token bucket is updated at the CIR value each time a packet arrives at the two-rate policer.
The Tc token bucket can contain up to the confirm burst (Bc) value.
• The Tp token bucket is updated at the PIR value each time a packet arrives at the two-rate policer.
The Tp token bucket can contain up to the peak burst (Be) value.

QOS-515
police (two rates)
Updating Token Buckets

The following scenario illustrates how the token buckets are updated:
A packet of B bytes arrives at time t. The last packet arrived at time t1. The CIR and the PIR token
buckets at time t are represented by Tc(t) and Tp(t), respectively. Using these values and in this scenario,
the token buckets are updated as follows:
Tc(t) = min(CIR * (t-t1) + Tc(t1), Bc)
Tp(t) = min(PIR * (t-t1) + Tp(t1), Be)
Marking Traffic
The two-rate policer marks packets as either conforming, exceeding, or violating a specified rate. The
following points (using a packet of B bytes) illustrate how a packet is marked:
• If B > Tp(t), the packet is marked as violating the specified rate.
• If B > Tc(t), the packet is marked as exceeding the specified rate, and the Tp(t) token bucket is
updated as Tp(t) = Tp(t) – B.
Otherwise, the packet is marked as conforming to the specified rate, and both token buckets—Tc(t) and
Tp(t)—are updated as follows:
Tp(t) = Tp(t) – B
Tc(t) = Tc(t) – B
For example, if the CIR is 100 kbps, the PIR is 200 kbps, and a data stream with a rate of 250 kbps arrives
at the two-rate policer, the packet would be marked as follows:
• 100 kbps would be marked as conforming to the rate.
• 100 kbps would be marked as exceeding the rate.
• 50 kbps would be marked as violating the rate.
Marking Packets and Assigning Actions Flowchart

The flowchart in Figure 4 illustrates how the two-rate policer marks packets and assigns a corresponding
action (that is, violate, exceed, or conform) to the packet.

QOS-516
police (two rates)
Figure 4 Marking Packets and Assigning Actions with the Two-Rate Policer
PIR CIR
Be Bc
No No
B > Tp B > Tc
Packet of size B
Yes Yes
Violate Exceed Conform
60515
Action Action Action
FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600
Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.
Examples Setting Priority with an Explicit Policing Rate

In the following example, priority traffic is limited to a committed rate of 1000 kbps regardless of
congestion conditions in the network:
Router(config)# policy-map p1
Router(config-pmap-c)# police cir 1000000 conform-action transmit exceed-action drop
Two-Rate Policing
In the following example, two-rate traffic policing is configured on a class to limit traffic to an average
committed rate of 500 kbps and a peak rate of 1 Mbps:
Router(config)# class-map police
Router(config-pmap)# class police
Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop

QOS-517
police (two rates)
Policy Map policy1

Class police
police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked
as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent.
All traffic marked as exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.
In the following example, 1.25 Mbps of traffic is sent (“offered”) to a policer class:
Serial3/0
Service-policy output: policy1
Class-map: police (match all)

148803 packets, 36605538 bytes
30 second offered rate 1249000 bps, drop rate 249000 bps
Match: access-group 101
police:
cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
conformed 59538 packets, 14646348 bytes; action: transmit
exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2
violated 29731 packets, 7313826 bytes; action: drop
conformed 499000 bps, exceed 500000 bps violate 249000 bps
Class-map: class-default (match-any)

30 seconds offered rate 0 bps, drop rate 0 bps
Match: any
The two-rate policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and
250 kbps of traffic as violating the specified rate. Packets marked as conforming to the rate will be sent
as is, and packets marked as exceeding the rate will be marked with IP Precedence 2 and then sent.
Packets marked as violating the rate are dropped.
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example
100 into a class named “vlan-inner-100,” and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps
and sets the inner CoS value to 3. Since setting of the inner CoS value is only supported with bridging
features, the configuration also shows the service policy being applied as an output policy for an ATM
SPA interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the
bridge-domain command.
set-cos-inner-transmit 3

QOS-518
police (two rates)

Router(config-if-atm-vc)# end

a bridged VLAN to an ATM PVC or Frame Relay DLCI.
service-policy Attaches a policy map to an input interface or an output interface to be used
as the service policy for that interface.
on the interface.

QOS-519
police rate (control-plane)

To configure traffic policing for traffic that is destined for the control plane, use the police rate command
in QoS policy-map class configuration mode. To remove traffic policing from the configuration, use the
police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps]
[peak-burst peak-burst-in-packets packets] [conform-action action]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst
peak-burst-in-packets packets] [conform-action action]
Syntax for Packets per Seconds (pps)
[peak-burst peak-burst-in-packets packets]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [pack-burst
peak-burst-in-packets packets]
Syntax for Bytes per Seconds (bps)
police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst
peak-burst-in-bytes bytes]
no police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst
peak-burst-in-bytes bytes]
Syntax for Percent
police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst ms ms]
no police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst
ms ms]
Syntax for Cisco 10000 Series Router
[peak-burst peak-burst-in-packets packets] [conform-action action [exceed-action action]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst
peak-burst-in-packets packets] [conform-action action] [exceed-action action] [violate-action
action]

QOS-520
Syntax Description units Specifies the police rate. If the police rate is specified in pps, the valid
range of values is:
• Cisco 10000 series router—Valid range is 1 to 500000
• Other platforms—Valid range is 1 to 2000000
If the police rate is specified in bps, the valid range of values is 8000 to
10000000000.
pps Specifies that packets per seconds (pps) will be used to determine the
rate at which traffic is policed.
burst burst-in-packets (Optional) Specifies the burst rate, in packets, will be used for policing
packets traffic. Valid range of values are:
peak-rate peak-rate-in-pps (Optional) Specifies the peak information rate (PIR) will be used for
pps policing traffic and calculating the PIR. Valid range of values are:
peak-burst (Optional) Specifies the peak burst value, in packets, will be used for
peak-burst-in-packets policing traffic. Valid range of values are:
packets
bps (Optional) Specifies that bits per second (bps) will be used to determine
the rate at which traffic is policed.
burst burst-in-bytes bytes (Optional) Specifies the burst rate, in bytes, will be used for policing
traffic. Valid range is from 1000 to 512000000.
peak-rate peak-rate-in-bps (Optional) Specifies the peak burst value, in bytes, for the peak rate.
bps Valid range is from 1000 to 512000000.
peak-burst (Optional) Specifies the peak burst value, in bytes, will be used for
peak-burst-in-bytes bytes policing traffic. Valid range is from 1000 to 512000000.
percent A percentage of interface bandwidth will be used to determine the rate at
which traffic is policed.
percentage Specifies the bandwidth percentage. Valid range is from 1 to 100.
burst ms ms (Optional) Specifies the burst rate, in milliseconds, will be used for
policing traffic. Valid range is from 1 to 2000.
peak-rate percent (Optional) Specifies a percentage of interface bandwidth will be used to
percentage determine the PIR. Valid range is from 1 to 100.
peak-burst ms ms (Optional) Specifies the peak burst rate, in milliseconds, will be used for
policing traffic. Valid range is from 1 to 2000.
conform-action action (Optional) Specifies the action to take on packets that conform to the
police rate limit. See the “Usage Guidelines” section for the actions you
can specify.

QOS-521
exceed-action action (Optional) Specifies the action to take on packets that exceed the rate
limit. See the “Usage Guidelines” section for the actions you can specify.
violate-action action (Optional) Specifies the action to take on packets that continuously
exceed the police rate limit. See the “Usage Guidelines” section for the
actions you can specify.

12.2(18)SXD1 Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines Use the police rate command to limit traffic that is destined for the control plane on the basis of packets
per second (pps), bytes per seconds (bps), or a percentage of interface bandwidth.
If the police rate command is issued, but the a rate is not specified, traffic that is destined for the control
plane will be policed on the basis of bps.
Table 26 lists the actions you can specify for the action argument.
Table 26 action Argument Values
Action Description
drop Drops the packet. This is the default action for traffic that
exceeds or violates the committed police rate.
set-clp-transmit value Sets the ATM Cell Loss Priority (CLP) bit on the ATM cell.
Valid values are 0 or 1.
set-discard-class-transmit value Sets the discard class attribute of a packet and transmits the
packet with the new discard class setting. Valid values are
from 0 to 7.
set-dscp-transmit value Sets the IP differentiated services code point (DSCP) value
and transmits the packet with the new IP DSCP value setting.
Valid values are from 0 to 63.
set-dscp-tunnel-transmit value Rewrites the tunnel packet DSCP and transmits the packet
with the new tunnel DSCP value. Valid values are from 0 to
63.

QOS-522
Table 26 action Argument Values (continued)
Action Description
set-frde-transmit value Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1
on the Frame Relay frame and transmits the packet with the
DE bit set to 1.
set-mpls-exp-imposition-transmit Sets the Multiprotocol Label Switching (MPLS)
value experimental (EXP) bits in the imposed label headers and
transmits the packet with the new MPLS EXP bit value
setting. Valid values are from 0 to 7.
set-mpls-exp-transmit value Sets the MPLS EXP field value in the MPLS label header at
the input interface, output interface, or both. Valid values are
from 0 to 7.
set-prec-transmit value Sets the IP precedence and transmits the packet with the new
IP precedence value. Valid values are from 0 to 7.
set-prec-tunnel-transmit value Sets the tunnel packet IP precedence and transmits the packet
with the new IP precedence value. Valid values are from 0 to
7.
set-qos-transmit value Sets the QoS group and transmits the packet with the new
QoS group value. Valid values are from 0 to 63.
transmit Transmits the packet. The packet is not altered.
Examples The following example shows how to configure the action to take on packets that conform to the police
rate limit:
Router(config)# class-map match-any pps-1
Router(config)# policy-map copp-pps
Router(config-pmap)# class pps-1
Router(config-pmap)# police rate 10000 pps burst 100 packets peak-rate 10100 pps
peak-burst 150 packets conform-action transmit
Router(config-cp)# service-policy input copp-pps


QOS-523
police rate pdp
police rate pdp

To configure Packet Data Protocol (PDP) traffic policing using the police rate, use the police rate pdp
command in policy-map class configuration mode or policy-map class police configuration mode. To
remove PDP traffic policing from the configuration, use the no form of this command.
police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action
exceed-action action [violate-action action]
no police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action
exceed-action action [violate-action action]
Syntax Description burst bytes (Optional) Committed burst size, in bytes. The size varies according to the
interface and platform in use. Valid rage is 1000 to 512000000. Default
is 1500.
peak-rate pdp (Optional) Specifies that the peak rate of sessions be considered when PDP
traffic is policed.
peak-burst bytes (Optional) Peak burst size, in bytes. The size varies according to the interface
and platform in use. Valid range is 1000 to 512000000. Default is 2500.
conform-action Action to take on packets when the rate is less than the conform burst.
exceed-action Action to take on packets when the rate exceeds the conform burst.
violate-action (Optional) Action to take on packets when the rate violates the conform burst.
action Action to take on packets. Specify one of the following keywords:
• set-dscp-transmit new-dscp-value—Sets the IP differentiated services
code point (DSCP) value and sends the packet with the new IP DSCP
value.
• set-prec-transmit new-prec-value—Sets the IP precedence and sends
the packet with the new IP precedence value.
Command Default PDP traffic policing is disabled.

Policy-map class police configuration

12.3(8)XU This command was introduced.
12.3(11)YJ This command was integrated into Cisco IOS Release 12.3(11)YJ.
12.3(14)YQ This command was integrated into Cisco IOS Release 12.3(14)YQ.

QOS-524
police rate pdp
Usage Guidelines The police rate pdp command is included with the Flow-Based QoS for GGSN feature available with
The Flow-Based QoS for GGSN feature is designed specifically for the Gateway General Packet Radio
Service (GPRS) Support Node (GGSN).
Per-PDP Policing
The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).
Per-PDP policing is a gateway GPRS support node traffic conditioner (3G TS 23.107) function that can
be used to limit the maximum rate of traffic received on the Gi interface for a particular PDP context.
The policing function enforces the call admission control (CAC)-negotiated data rates for a PDP context.
The GGSN can be configured to either drop nonconforming traffic or mark nonconforming traffic for
preferential dropping if congestion should occur.
The policing parameters used depend on the PDP context, such as the following:
• For GTPv1 PDPs with R99 quality of service (QoS) profiles, the maximum bit rate (MBR) and
guaranteed bit rate (GBR) parameters from the CAC-negotiated QoS profile are used. For nonreal
time traffic, only the MBR parameter is used.
• For GTPv1 PDPs with R98 QoS profiles and GTPv0 PDPs, the peak throughput parameter from the
CAC-negotiated QoS policy is used.
Before configuring per-PDP policing, note the following points:
• Universal Mobile Telecommunications System (UMTS) QoS mapping must be enabled on the
GGSN.
• Cisco Express Forwarding (CEF) must be enabled on the Gi interface.
• Per-PDP policing is supported for downlink traffic at the Gi interface only.
• The initial packets of a PDP context are not policed.
• Hierarchical policing is not supported.
• If flow-based policing is configured in a policy map that is attached to an Access Point Network
(APN), the show policy-map apn command displays the total number of packets received before
policing and does not display the policing counters.
Note To clear policing counters displayed by the show policy-map apn command, use the clear
gprs access-point statistics access-point-index command.
• A service policy that has been applied to an APN cannot be modified. To modify a service policy,
remove the service policy from the APN, modify it, and then reapply the service policy.
• Multiple class maps, each with match flow pdp configured and a different differentiated services
code point (DSCP) value specified, are supported in a policy map only if the DSCP is trusted (the
gprs umts-qos dscp unmodified global configuration command has not been configured on the
GGSN).
For More Information

For more information about the GGSN, along with the instructions for configuring the Flow-Based QoS
for GGSN feature, see the Cisco GGSN Release 6.0 Configuration Guide, Cisco IOS Release 12.4(2)XB.

QOS-525
police rate pdp
Note To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called
“Configuring Per-PDP Policing.”
For more information about the show policy-map apn command, the gprs umts-qos dscp unmodified
command, the clear gprs access-point statistics command, and other GGSN-specific commands, see
theCisco GGSN Release 6.0 Command Reference, Cisco IOS Release 12.4(2)XB.
Examples The following is an example of a per-PDP policing policy map applied to an APN:
class-map match-all class-pdp
match flow pdp
!
! Configures a policy map and attaches this class map to it.
policy-map policy-gprs
class class-pdp
police rate pdp
conform-action set-dscp-transmit 15
exceed-action set-dscp-transmit 15
violate-action drop
! Attaches the policy map to the APN.
gprs access-point-list gprs

access-point 1
access-point-name static
service-policy input policy-gprs

clear gprs access-point Clears statistics counters for a specific access point or for all access points
statistics on the GGSN.
gprs umts-qos dscp Specifies that the subscriber datagram be forwarded through the GTP path
unmodified without modifying its DSCP.
match flow pdp Specifies PDP flows as the match criterion in a class map.
show policy-map apn Displays statistical and configuration information for all input and output
policies attached to an APN.

QOS-526
policy-map
policy-map
To create or modify a policy map that can be attached to one or more interfaces to specify a service
policy, use the policy-map command in global configuration mode. To delete a policy map, use the no
form of this command. The policy-map command enters policy-map configuration mode in which you
can configure or modify the class policies for that policy map.
Supported Platforms Other Than Cisco 10000 Series Routers
policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}]

policy-map-name
no policy-map [type {stack | access-control | port-filter | queue-threshold | logging log-policy}]

policy-map-name
policy-map [type {control | service}] policy-map-name
no policy-map [type {control | service}] policy-map-name
Syntax Description type stack (Optional) Determines the exact pattern to look for in the protocol stack
of interest.
type access-control (Optional) Enables the policy map for the flexible packet matching
feature.
type port-filter (Optional) Enables the policy map for the port-filter feature.
type queue-threshold (Optional) Enables the policy map for the queue-threshold feature.
type logging (Optional) Enables the policy map for the control-plane packet logging
feature.
log-policy Type of log policy for control-plane logging.
policy-map-name Name of the policy map. The name can be a maximum of 40
type control (Optional) Creates a control policy map.
type service (Optional) Creates a service policy map.
Command Default The policy map is not configured.

12.4(4)T The type access-control keywords were added to support flexible packet
matching. The type port-filter and type queue-threshold keywords were
added to support control-plane protection.

QOS-527
policy-map
12.4(6)T The type logging keywords were added to support control-plane packet
logging.
12.2(31)SB The type control and type service keywords were added to support the
12.2(18)ZY The following modifications were made to the policy-map command:
• The type access-control keywords were integrated into Cisco IOS
Release 12.2(18)ZY on the Catalyst 6500 series switch that is equipped
with the Supervisor 32/programmable intelligent services accelerator
(PISA) engine.
• The command was modified to enhance Network-Based Application
Recognition (NBAR) functionality on the Catalyst 6500 series switch
that is equipped with the Supervisor 32/PISA engine.
Usage Guidelines Use the policy-map command to specify the name of the policy map to be created, added to, or modified
before you configure policies for classes whose match criteria are defined in a class map. The
policy-map command enters policy-map configuration mode in which you can configure or modify the
class policies for that policy map.
You can configure class policies in a policy map only if the classes have match criteria defined for them.
You use the class-map and match commands to configure the match criteria for a class. Because you
can configure a maximum of 64 class maps, no policy map can contain more than 64 class policies.
A single policy map can be attached to multiple interfaces concurrently. When you attempt to attach a
policy map to an interface, the attempt is denied if the available bandwidth on the interface cannot
accommodate the total bandwidth requested by class policies comprising the policy map. In this case, if
the policy map is already attached to other interfaces, it is removed from them.
Whenever you modify class policy in an attached policy map, class-based weighted fair queueing
(CBWFQ) is notified and the new classes are installed as part of the policy map in the CBWFQ system.
Class Queues (Cisco 10000 Series Routers Only)

The PRE2 allows you to configure 31 class queues in a policy map.
In a policy map, the PRE3 allows you to configure one priority level 1 queue, plus one priority level 2
queue, plus 12 class queues, plus one default queue.
Control Policies (Cisco 10000 Series Routers Only)

Control policies define the actions that your system will take in response to specified events and
conditions.
A control policy is made of one or more control policy rules. A control policy rule is an association of
a control class and one or more actions. The control class defines the conditions that must be met before
the actions will be executed.

QOS-528
policy-map
There are three steps involved in defining a control policy:

1. Create one or more control class maps, by using the class-map type control command.
2. Create a control policy map, using the policy-map type control command.
A control policy map contains one or more control policy rules. A control policy rule associates a
control class map with one or more actions. Actions are numbered and executed sequentially.
3. Apply the control policy map to a context, using the service-policy type control command.
Service Policies (Cisco 10000 Series Routers Only)

Service policy maps and service profiles contain a collection of traffic policies and other functionality.
Traffic policies determine which functionality will be applied to which session traffic. A service policy
map or service profile may also contain a network-forwarding policy, which is a specific type of traffic
policy that determines how session data packets will be forwarded to the network.
Policy Map Restrictions (Catalyst 6500 Series Switches Only)

restrictions for using policy maps and match commands:
• You cannot modify an existing policy map if the policy map is attached to an interface. To modify
the policy map, remove the policy map from the interface by using the no form of the service-policy
command.
• Policy maps contain traffic classes. Traffic classes contain one or more match commands that can
be used to match packets (and organize them into groups) on the basis of a protocol type or
application. You can create as many traffic classes as needed. However, the following restrictions
apply:
– A single traffic class can be configured to match a maximum of 8 protocols or applications.
– Multiple traffic classes can be configured to match a cumulative maximum of 95 protocols or
applications.
Examples The following example creates a policy map called policy1 and configures two class policies included
in that policy map. The class policy called class1 specifies policy for traffic that matches access control
list (ACL) 136. The second class is the default class to which packets that do not satisfy configured
match criteria are directed.
! The following commands create class-map class1 and define its match criteria:
class-map class1
! The following commands create the policy map, which is defined to contain policy
! specification for class1 and the default class:
policy-map policy1
class class1
bandwidth 2000
queue-limit 40
class class-default
fair-queue 16
queue-limit 20

QOS-529
policy-map
The following example creates a policy map called policy9 and configures three class policies to belong
to that map. Of these classes, two specify policy for classes with class maps that specify match criteria
based on either a numbered ACL or an interface name, and one specifies policy for the default class
called class-default to which packets that do not satisfy configured match criteria are directed.
policy-map policy9
class acl136
bandwidth 2000
queue-limit 40
class ethernet101
bandwidth 3000
class class-default
fair-queue 10
queue-limit 20
Examples for Cisco 10000 Series Routers Only

The following example shows the configuration of a control policy map named rule4. Control policy map
rule4 contains one policy rule, which is the association of the control class named class3 with the action
to authorize subscribers using the network access server (NAS) port ID. The service-policy type control
command is used to apply the control policy map globally.
class-map type control match-all class3
match access-type pppoe
match domain cisco.com
available nas-port-id
!
policy-map type control rule4
class type control class3
authorize nas-port-id
!
service-policy type control rule4
The following example shows the configuration of a service policy map named redirect-profile:
policy-map type service redirect-profile
class type traffic CLASS-ALL
redirect to group redirect-sg

QOS-530
policy-map copp-peruser
To create a policy map that defines a Control Plane Policing and Protection (CoPP) per-user policy, use
the policy-map copp-peruser command in global configuration mode. To disable, use the no form of
the command.
no policy-map copp-peruser
Command Default No policy map is configured.

Usage Guidelines Use this command to create a CoPP per-user policy map when configuring CoPP.
Examples The following example creates a CoPP per-user policy map:

Router(config)# policy-map copp-peruser
Router(config-pmap-c)# class dhcp-peruser

class-map arp-peruser Creates a class map to be used for matching ARP per-user packets.
match subscriber Matches subscriber access traffic to a policy map.
access

QOS-531
precedence
precedence
To configure precedence levels for a virtual circuit (VC) class that can be assigned to a VC bundle and
thus applied to all VC members of that bundle, use the precedence command in vc-class configuration
mode. To remove the precedence levels from the VC class, use the no form of this command.
To configure the precedence levels for a VC or permanent virtual circuit (PVC) member of a bundle, use
the precedence command in bundle-vc configuration mode for ATM VC bundle members, or in switched
virtual circuit (SVC)-bundle-member configuration mode for an ATM SVC. To remove the precedence
levels from the VC or PVC, use the no form of this command.
precedence [other | range]
no precedence
Syntax Description other (Optional) Any precedence levels in the range from 0 to 7 that are not
explicitly configured.
range (Optional) A single precedence level specified either as a number from 0 to
7 or a range of precedence levels, specified as a hyphenated range.
Command Default Defaults to other—that is, any precedence levels in the range from 0 to 7 that are not explicitly
configured.

Bundle-vc configuration (for ATM VC bundle members)
SVC-bundle-member configuration (for an ATM SVC)

command was extended to configure precedence levels for a VC member of
a bundle.
12.2(4)T This command was made available in SVC-bundle-member configuration
mode.
12.0(23)S This command was made available in vc-class and bundle-vc configuration
modes on the 8-port OC-3 STM-1 ATM line card for Cisco 12000 series
Internet routers.

QOS-532
precedence
Usage Guidelines Assignment of precedence levels to VC or PVC bundle members allows you to create differentiated
service because you can distribute the IP precedence levels over the various VC/PVC bundle members.
You can map a single precedence level or a range of levels to each discrete VC/PVC in the bundle,
thereby enabling VCs/PVCs in the bundle to carry packets marked with different precedence levels.
Alternatively, you can use the precedence other command to indicate that a VC/PVC can carry traffic
marked with precedence levels not specifically configured for other VCs/PVCs. Only one VC/PVC in
the bundle can be configured using the precedence other command. This VC/PVC is considered the
default one.
To use this command in vc-class configuration mode, first enter the vc-class atm command in global
configuration mode. The precedence command has no effect if the VC class that contains the command
is attached to a standalone VC; that is, if the VC is not a bundle member.
To use the precedence command to configure an individual bundle member in bundle-VC configuration
mode, first enter the bundle command to enact bundle configuration mode for the bundle to which you
want to add or modify the VC member to be configured. Then use the pvc-bundle command to specify
the VC to be created or modified and enter bundle-VC configuration mode.
• Bundle configuration in bundle mode (with effect of assigned vc-class configuration)
Examples The following example configures a class called “control-class” that includes a precedence command
that, when applied to a bundle, configures all VC members of that bundle to carry IP precedence level 7
traffic. Note, however, that VC members of that bundle can be individually configured with the
precedence command at the bundle-vc level, which would supervene.
vc-class atm control-class
precedence 7
The following example configures PVC 401 (with the name of “control-class”) to carry traffic with IP
precedence levels in the range of 4–2, overriding the precedence level mapping set for the VC through
vc-class configuration:
pvc-bundle control-class 401
precedence 4-2

bundle.
bundle Creates a bundle or modifies an existing bundle to enter bundle configuration
mode.
dscp (frame-relay Specifies the DSCP value or values for a specific Frame Relay PVC bundle
vc-bundle-member) member.
mpls experimental Configures the MPLS experimental bit values for a VC class that can be
mapped to a VC bundle and thus applied to all VC members of that bundle.

QOS-533
precedence
Command Description
pvc Creates or assigns a name to an ATM PVC, specifies the encapsulation type
on an ATM PVC, and enters interface-ATM-VC configuration mode.
bundle member.
vc-class atm Configures a VC class for an ATM VC or interface.

QOS-534
precedence (WRED group)

To configure a Weighted Random Early Detection (WRED) or VIP-distributed WRED (DWRED) group
for a particular IP Precedence, use the precedence command in random-detect-group configuration
mode. To return the values for each IP Precedence for the group to the default values, use the no form
of this command.
precedence precedence min-threshold max-threshold mark-probability-denominator
no precedence precedence min-threshold max-threshold mark-probability-denominator
Syntax Description precedence IP Precedence number. Values range from 0 to 7.

min-threshold Minimum threshold in number of packets. Value range from 1 to
4096. When the average queue length reaches this number,
WRED or DWRED begins to drop packets with the specified IP
Precedence.
max-threshold Maximum threshold in number of packets. The value range is
min-threshold to 4096. When the average queue length exceeds
this number, WRED or DWRED drops all packets with the
specified IP Precedence.
mark-probability-denominator Denominator for the fraction of packets dropped when the
average queue depth is max-threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when
the average queue is at the max-threshold. The value is 1 to
65536. The default is 10; 1 out of every 10 packets is dropped at
the max-threshold.
Command Default For all IP Precedences, the mark-probability-denominator argument is 10, and the max-threshold
argument is based on the output buffering capacity and the transmission speed for the interface.
The default min-threshold argument depends on the IP Precedence. The min-threshold argument for IP
Precedence 0 corresponds to half of the max-threshold argument. The values for the remaining IP
Precedences fall between half the max-threshold argument and the max-threshold argument at evenly
spaced intervals. See Table 27 in the “Usage Guidelines” section for a list of the default minimum value
for each IP Precedence.


QOS-535
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP).
If used, this command is issued after the random-detect-group command.
When you configure the random-detect group command on an interface, packets are given preferential
treatment based on the IP Precedence of the packet. Use the precedence command to adjust the
treatment for different IP Precedences.
If you want WRED or DWRED to ignore the IP Precedence when determining which packets to drop,
enter this command with the same parameters for each IP Precedence. Remember to use reasonable
values for the minimum and maximum thresholds.
Note The default WRED or DWRED parameter values are based on the best available data. We recommend
that you do not change the parameters from their default values unless you have determined that your
applications would benefit from the changed values.
Table 27 lists the default minimum value for each IP Precedence.
Table 27 Default WRED Minimum Threshold Values
Minimum Threshold Value

IP Precedence (Fraction of Maximum Threshold Value)
0 8/16
1 9/16
2 10/16
3 11/16
4 12/16
5 13/16
6 14/16
7 15/16
Examples The following example specifies parameters for the WRED parameter group called sanjose for the
different IP Precedences:
precedence 0 32 256 100

QOS-536

exponential-weighting-constant Configures the exponential weight factor for the average queue
size calculation for a WRED parameter group.
random-detect (per VC) Enables per-VC WRED or per-VC DWRED.
Precedence.

QOS-537
preempt-priority
preempt-priority
To specify the Resource Reservation Protocol (RSVP) quality of service (QoS) priorities to be inserted
into PATH and RESV messages if they were not signaled from an upstream or downstream neighbor or
local client application, use the preempt-priority command in local policy configuration mode. To
delete the priorities, use the no form of this command.
preempt-priority [traffic-eng x] setup-priority [hold-priority]
no preempt-priority [traffic-eng x] setup-priority [hold-priority]
Syntax Description traffic-eng x (Optional) Indicates the upper limit of the priority for Traffic Engineering
(TE) reservations. The range of x values is 0 to 7 in which the smaller the
number, the higher the reservation’s priority. For non-TE reservations, the
range of x values is 0 to 65535 in which the higher the number, the higher
the reservation’s priority.
setup-priority Indicates the priority of a reservation when it is initially installed. Values
range from 0 to 7 where 0 is considered the highest priority. For TE
reservations, the default value is 7; for non-TE reservations, the default is 0.
hold-priority (Optional) Indicates the priority of a reservation after it has been installed.
If omitted, this argument defaults to the setup-priority. Values range from 0
to 7 where 0 is considered the highest priority. For TE reservations, the
default value is 7; for non-TE reservations, the default is 0.
Command Default No RSVP QoS priorities are specified until you configure them.
Command Modes Local policy configuration

Usage Guidelines Use the preempt-priority command to specify the maximum setup or hold priority that RSVP QoS or
MPLS/ TE sessions can signal. A PATHERROR, RESVERROR, or local application error is returned if
these limits are exceeded.
If an incoming message has a preemption priority that requests a priority higher than the policy allows,
the message is rejected. Use the tunnel mpls traffic-eng priority command to configure preemption
priority for TE tunnels.
A single policy can contain a preempt-priority traffic-eng and a preempt-priority command, which
may be useful if the policy is bound to an access control list (ACL) that identifies a subnet containing a
mix of TE and non-TE endpoints or midpoints.
When selecting reservations for preemption, RSVP preempts lower-priority reservations before those
with higher priority. If there are multiple nonTE reservations with the same preemption priority, RSVP
selects the oldest reservations first.

QOS-538
preempt-priority
Examples The following example has a setup priority of 0 and a hold priority of 5:
Router(config-rsvp-local-policy)# preempt-priority 0 5

ip rsvp policy preempt Enables RSVP to take bandwidth from lower-priority reservations and give
it to new, higher-priority reservations.
tunnel mpls traffic-eng Configures the setup and reservation priorities for an MPLS TE tunnel.
priority

QOS-539
priority
priority
To give priority to a class of traffic belonging to a policy map, use the priority command in policy-map
class configuration mode. To remove a previously specified priority for a class, use the no form of this
command.
priority {bandwidth-kbps | percent percentage} [burst]
no priority {bandwidth-kbps | percent percentage} [burst]
Syntax Description bandwidth-kbps Guaranteed allowed bandwidth, in kbps, for the priority traffic.
The amount of guaranteed bandwidth varies according to the
interface and platform in use. Beyond the guaranteed bandwidth,
the priority traffic will be dropped in the event of congestion to
ensure that the nonpriority traffic is not starved.
percent Specifies that the amount of guaranteed bandwidth will be
specified by the percent of available bandwidth.
percentage Used in conjunction with the percent keyword, specifies the
percentage of the total available bandwidth to be set aside for the
priority class. The percentage can be a number from 1 to 100.
burst (Optional) Specifies the burst size in bytes. The burst size
configures the network to accommodate temporary bursts of
traffic. The default burst value, which is computed as
200 milliseconds of traffic at the configured bandwidth rate, is
used when the burst argument is not specified. The range of the
burst is from 32 to 2000000 bytes.

12.0(5)XE5 This command was introduced for the Versatile Interface Processor
(VIP) as part of the Distributed Low Latency Queueing (Low Latency
Queueing for the VIP) feature.
12.0(9)S This command was introduced for the VIP as part of the Distributed
Low Latency Queueing (Low Latency Queueing for the VIP) feature.
12.1(2)E The burst argument was added.
12.1(3)T The burst argument was integrated in Release 12.1(3)T.
12.1(5)T This command was introduced for the VIP as part of the Distributed
Low Latency Queueing (Low Latency Queueing for the VIP) feature.
12.2(2)T The percent keyword and the percentage argument were added.

QOS-540
priority
Usage Guidelines This command configures low latency queueing (LLQ), providing strict priority queueing (PQ) for
class-based weighted fair queueing (CBWFQ). Strict PQ allows delay-sensitive data such as voice to be
dequeued and sent before packets in other queues are dequeued.
The priority command allows you to set up classes based on a variety of criteria (not just User Datagram
Ports (UDP) ports) and assign priority to them, and is available for use on serial interfaces and ATM
permanent virtual circuits (PVCs). A similar command, the ip rtp priority command, allows you to
stipulate priority flows based only on UDP port numbers and is not available for ATM PVCs.
When the device is not congested, the priority class traffic is allowed to exceed its allocated bandwidth.
When the device is congested, the priority class traffic above the allocated bandwidth is discarded.
The bandwidth and priority commands cannot be used in the same class, within the same policy map.
These commands can be used together in the same policy map, however.
Within a policy map, you can give one or more classes priority status. When multiple classes within a
single policy map are configured as priority classes, all traffic from these classes is queued to the same,
single, priority queue.
When the policy map containing class policy configurations is attached to the interface to stipulate the
service policy for that interface, available bandwidth is assessed. If a policy map cannot be attached to
a particular interface because of insufficient interface bandwidth, the policy is removed from all
interfaces to which it was successfully attached.
For more information on bandwidth allocation, refer to the chapter “Congestion Management Overview”
Examples The following example configures PQ with a guaranteed bandwidth of 50 kbps and a one-time allowable
burst size of 60 bytes for the policy map called policy1:
Router(config-pmap-c)# priority 50 60
In the following example, 10 percent of the available bandwidth is reserved for the class called voice on
interfaces to which the policy map called policy1 has been attached:
Router(config-pmap-c)# priority percent 10

QOS-541
priority

bandwidth Specifies or modifies the bandwidth allocated for a class belonging
to a policy map.
ip rtp priority Reserves a strict priority queue for a set of RTP packet flows
belonging to a range of UDP destination ports.
ip rtp reserve Reserves a special queue for a set of RTP packet flows belonging to
a range of UDP destination ports.
max-reserved-bandwidth Changes the percent of interface bandwidth allocated for CBWFQ,
LLQ, and IP RTP Priority.
show interfaces fair-queue Displays information and statistics about WFQ for a VIP-based
interface.
map or all classes for all existing policy maps.
service policies either on the specified interface or subinterface or on
interface or VC.

QOS-542
priority level
priority level
To configure multiple priority queues, use the priority level command in policy-map class configuration
mode. To remove a previously specified priority level for a class, use the no form of this command.
priority level level
no priority level level
Syntax Description level Defines multiple levels of a strict priority service model. When
you enable a traffic class with a specific level of priority service,
the implication is a single priority queue associated with all
traffic enabled with the specified level of priority service.
level A range of priority levels. Valid values are from 1 (high priority)
to 4 (low priority). Default: 1
Defaults The priority level has a default level of 1.

12.2(31)SB2 This command was introduced to provide multiple levels of strict
priority queuing and implemented on the Cisco 10000 series router
for the PRE3.
Usage Guidelines The bandwidth and priority level commands cannot be used in the same class, within the same policy
map. These commands can be used in the same policy map, however.
The shape and priority level commands cannot be used in the same class, within the same policy map.
These commands can be used in the same policy map, however,
Within a policy map, you can give one or more classes priority status. The router associates a single
priority queue with all of the traffic enabled with the same priority level and services the high level
priority queues until empty before servicing the next level priority queues and non-priority queues.
You cannot specify the same priority level for two different classes in the same policy map.
You cannot specify the priority command and the priority level command for two different classes in
the same policy map. For example, you cannot specify the priority bandwidth-kbps or priority percent
percentage command and the priority level command for different classes.
When the priority level command is configured with a specific level of priority service, the queue-limit
and random-detect commands can be used if only a single class at that level of priority is configured.
You cannot configure the default queue as a priority queue at any priority level.

QOS-543
priority level
Cisco 10000 Series Router Usage Guidelines

The Cisco 10000 series router supports two levels of priority service: level 1 (high) and level 2 (low). If
you do not specify a priority level, the router uses the default level of 1. Level 1 specifies that low latency
behavior must be given to the traffic class. The high-level queues are serviced until empty before the next
level queues and non-priority queues.
Examples The following example shows how to configure multi-level priority queues. In the example, the traffic
class named Customer1 is given high priority (level 1) and the class named Customer2 is given level 2
priority. To prevent Customer2 traffic from becoming starved of bandwidth, Customer1 traffic is policed
at 30 percent of the available bandwidth.
Router> enable
Router# config terminal
Router(config)# policy-map Business

to a policy map.
priority Assigns priority to a class of traffic.
service policies either on the specified interface or subinterface or on
a specific PVC on the interface. Displays statistical information for
all priority levels configured.

QOS-544
priority-group
priority-group
To assign the specified priority list to an interface, use the priority-group command in interface
configuration mode. To remove the specified priority group assignment, use the no form of this
command.
priority-group list-number
no priority-group list-number
Syntax Description list-number Priority list number assigned to the interface. Any number from 1 to 16.

Usage Guidelines Only one list can be assigned per interface. Priority output queueing provides a mechanism to prioritize
packets sent on an interface.
Use the show queueing and show interfaces commands to display the current status of the output
queues.
Examples The following example causes packets for transmission on serial interface 0 to be classified by priority
list 1:
interface serial 0
priority-group 1
The following example shows how to establish queueing priorities based on the address of the serial link
on a serial tunnel (STUN) connection. Note that you must use the priority-group interface configuration
command to assign a priority group to an output interface.
stun peer-name 172.16.0.0
stun protocol-group 1 sdlc
!
interface serial 0
! Disable the ip address for interface serial 0:
no ip address
! Enable the interface for STUN:

QOS-545
priority-group
encapsulation stun
!
stun group 2
stun route address 10 tcp 172.16.0.1 local-ack priority
!
! Assign priority group 1 to the input side of interface serial 0:
priority-group 1
! Assign a low priority to priority list 1 on serial link identified
! by group 2 and address A7:
priority-list 1 stun low address 2 A7

locaddr-priority-list Maps LUs to queueing priorities as one of the steps to establishing
queueing priorities based on LU addresses.
priority-list default Assigns a priority queue for those packets that do not match any other
rule in the priority list.
interface.
priority-list protocol Establishes queueing priorities based on the protocol type.
priority-list protocol ip Establishes BSTUN or STUN queueing priorities based on the TCP port.
tcp
priority-list protocol stun Establishes STUN queueing priorities based on the address of the serial
address link.
priority-list queue-limit Specifies the maximum number of packets that can be waiting in each of
the priority queues.
server.
or VC.

QOS-546
priority-list default
To assign a priority queue for those packets that do not match any other rule in the priority list, use the
priority-list default command in global configuration mode. To return to the default or assign normal
as the default, use the no form of this command.
priority-list list-number default {high | medium | normal | low}
no priority-list list-number default
Syntax Description list-number Any number from 1 to 16 that identifies the priority list.
high | medium | normal | low Priority queue level. The normal queue is used if you use the no
Command Default This command is not enabled by default.

12.2(33)SRA This command was integrated into Cisco IOS Release
12.2(33)SRA.
Usage Guidelines When you use multiple rules, remember that the system reads the priority settings in order of appearance.
When classifying a packet, the system searches the list of rules specified by priority-list commands for
a matching protocol or interface type. When a match is found, the system assigns the packet to the
appropriate queue. The system searches the list in the order specified, and the first matching rule
terminates the search.
Examples The following example sets the priority queue for those packets that do not match any other rule in the
priority list to a low priority:
priority-list 1 default low

interface.

QOS-547
Command Description
priority-list queue-limit Specifies the maximum number of packets that can be waiting in each
of the priority queues.
interface or VC.

QOS-548
priority-list interface
To establish queueing priorities on packets entering from a given interface, use the priority-list
interface command in global configuration mode. To remove an entry from the list, use the no form of
this command with the appropriate arguments.
priority-list list-number interface interface-type interface-number {high | medium | normal | low}
no priority-list list-number interface interface-type interface-number {high | medium | normal |

low}
interface-type The type of the interface.
interface-number The number of the interface.
high | medium | normal | low Priority queue level.
Command Default No queueing priorities are established by default.

12.2(33)SRA This command was integrated into Cisco IOS Release
12.2(33)SRA.
Usage Guidelines When you use multiple rules, remember that the system reads the priority settings in order of appearance.
When classifying a packet, the system searches the list of rules specified by priority-list commands for
a matching protocol or interface type. When a match is found, the system assigns the packet to the
appropriate queue. The system searches the list in the order specified, and the first matching rule
Examples The following example assigns a list entering on serial interface 0 to a medium priority queue level:
priority-list 3 interface serial 0 medium
Note This command defines a rule that determines how packets are attached to an interface. Once the rule is
defined, the packet is actually attached to the interface using the priority-group command.

QOS-549

or VC.

QOS-550
priority-list protocol
To establish queueing priorities based upon the protocol type, use the priority-list protocol command
in global configuration mode. To remove a priority list entry assigned by protocol type, use the no form
of this command with the appropriate arguments.
priority-list list-number protocol protocol-name {high | medium | normal | low} queue-keyword

keyword-value
no priority-list list-number protocol [protocol-name {high | medium | normal | low}

queue-keyword keyword-value]
protocol-name Protocol type: aarp, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, compressedtcp, cmns, decnet, decnet_node,
decnet_router-l1, decnet_router-l2, dlsw, ip, ipx, pad, rsrb,
stun and x25.
high | medium | normal | low Priority queue level.
queue-keyword keyword-value Possible keywords are fragments, gt, list, lt, tcp, and udp. For
more information about keywords and values, see Table 28 in the
“Usage Guidelines” section.
Command Default No queueing priorities are established.

of protocol types. These protocols were removed because Apollo Domain,
Banyan VINES, and Xerox Network Systems (XNS) were removed in
Release 12.2(13)T.
Usage Guidelines When you use multiple rules for a single protocol, remember that the system reads the priority settings
in order of appearance. When classifying a packet, the system searches the list of rules specified by
priority-list commands for a matching protocol type. When a match is found, the system assigns the
packet to the appropriate queue. The system searches the list in the order specified, and the first matching
rule terminates the search.

QOS-551
The decnet_router-l1 keyword refers to the multicast address for all level 1 routers, which are intra-area
routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are interarea routers.
The dlsw, rsrb, and stun keywords refer only to direct encapsulation.
Use Table 28, Table 29, and Table 30 to configure the queueing priorities for your system.
Table 28 Protocol Priority Queue Keywords and Values
Option Description
fragments Assigns the priority level defined to fragmented IP packets (for use with IP
only). More specifically, this command matches IP packets whose fragment
offset field is nonzero. The initial fragment of a fragmented IP packet has a
fragment offset of zero, so such packets are not matched by this command.
Note Packets with a nonzero fragment offset do not contain TCP or User
Datagram Protocol (UDP) headers, so other instances of this
command that use the tcp or udp keyword will always fail to match
such packets.
gt byte-count Specifies a greater-than count. The priority level assigned goes into effect
when a packet size exceeds the value entered for the byte-count argument.
Note The size of the packet must also include additional bytes because of
MAC encapsulation on the outgoing interface.
list list-number Assigns traffic priorities according to a specified list when used with
AppleTalk, bridging, IP, IPX, VINES, or XNS. The list-number argument is
the access list number as specified by the access-list global configuration
command for the specified protocol-name. For example, if the protocol is
AppleTalk, list-number should be a valid AppleTalk access list number.
lt byte-count Specifies a less-than count. The priority level assigned goes into effect when
a packet size is less than the value entered for the byte-count argument.
Note The size of the packet must also include additional bytes because of
MAC encapsulation on the outgoing interface.
tcp port Assigns the priority level defined to TCP segments originating from or
destined to a specified port (for use with IP only). Table 29 lists common
TCP services and their port numbers.
udp port Assigns the priority level defined to UDP packets originating from or
destined to a specified port (for use with IP only). Table 30 lists common
UDP services and their port numbers.
Table 29 Common TCP Services and Their Port Numbers
Service Port
FTP data 20
FTP 21
Simple Mail Transfer Protocol (SMTP) 25
Telnet 23

QOS-552
Note To display a complete list of TCP services and their port numbers, enter a help string, such as the
following example:
Router(config)# priority list 4 protocol ip medium tcp ?
Table 30 Common UDP Services and Their Port Numbers
Service Port
Domain Name System (DNS) 53
Network File System (NFS) 2049
remote-procedure call (RPC) 111
SNMP 161
TFTP 69
Note To display a complete list of UDP services and their port numbers, enter a help string, such as the
following example:
Router(config)# priority list 4 protocol ip medium udp ?
Note Table 29 and Table 30 include some of the more common TCP and UDP port numbers. However, you
can specify any port number to be prioritized; you are not limited to those listed.
For some protocols, such as TFTP and FTP, only the initial request uses port 69. Subsequent packets use
a randomly chosen port number. For these types of protocols, the use of port numbers fails to be an
effective method to manage queued traffic.
Examples The following example assigns 1 as the arbitrary priority list number, specifies DECnet as the protocol
type, and assigns a high-priority level to the DECnet packets sent on this interface:
priority-list 1 protocol decnet high
The following example assigns a medium-priority level to every DECnet packet with a size greater than
200 bytes:
priority-list 2 protocol decnet medium gt 200
The following example assigns a medium-priority level to every DECnet packet with a size less than 200
bytes:
priority-list 4 protocol decnet medium lt 200
The following example assigns a high-priority level to traffic that matches IP access list 10:
priority-list 1 protocol ip high list 10
The following example assigns a medium-priority level to Telnet packets:

priority-list 4 protocol ip medium tcp 23

QOS-553
The following example assigns a medium-priority level to UDP DNS packets:

priority-list 4 protocol ip medium udp 53
The following example assigns a high-priority level to traffic that matches Ethernet type code access list
201:
priority-list 1 protocol bridge high list 201
The following example assigns a high-priority level to data-link switching plus (DLSw+) traffic with
TCP encapsulation:
priority-list 1 protocol ip high tcp 2065
The following example assigns a high-priority level to DLSw+ traffic with direct encapsulation:
priority-list 1 protocol dlsw high
Note This command define a rule that determines how packets are attached to an interface. Once the rule is
defined, the packet is actually attached to the interface using the priority-group command.

priority-list interface Establishes queueing priorities on packets entering from a given interface.
or VC.

QOS-554
priority-list queue-limit
To specify the maximum number of packets that can be waiting in each of the priority queues, use the
priority-list queue-limit command in global configuration mode. To select the normal queue, use the
priority-list list-number queue-limit [high-limit [medium-limit [normal-limit [low-limit]]]]
no priority-list list-number queue-limit
high-limit (Optional) Priority queue maximum length. A value of 0 for any of the four
medium-limit arguments means that the queue can be of unlimited size for that particular queue.
normal-limit For default values for these arguments, see Table 31.
low-limit
Command Default None.

See Table 31 in the “Usage Guidelines” section of this command for a list of the default queue limit
arguments.

Usage Guidelines If a priority queue overflows, excess packets are discarded and messages can be sent, if appropriate, for
the protocol.
The default queue limit arguments are listed in Table 31.
Table 31 Default Priority Queue Packet Limits
Priority Queue Argument Packet Limits

high-limit 20
medium-limit 40
normal-limit 60
low-limit 80

QOS-555
Note If priority queueing is enabled and there is an active ISDN (Integrated Services Digital Network) call in
the queue, changing the configuration of the priority-list queue-limit command drops the call from the
queue. For more information about priority queueing, refer to the Cisco IOS Quality of Service Solutions
Examples The following example sets the maximum packets in the priority queue to 10:
priority-list 2 queue-limit 10 40 60 80

priority-list interface Establishes queueing priorities on packets entering from a given interface.
VC.

QOS-556
priority-queue cos-map
To map CoS values to the receive and transmit strict-priority queues in interface configuration command
mode, use the priority-queue cos-map command. To return to the default mapping, use the no form of
this command.
priority-queue cos-map queue-id cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]
no priority-queue cos-map
Syntax Description queue-id Queue number; the valid value is 1.

cos1 CoS value; valid values are from 0 to 7.
. . . cos8 (Optional) CoS values; valid values are from 0 to 7.
Command Default The default mapping is queue 1 is mapped to CoS 5 for the following receive and transmit strict-priority
queues:
• 1p1q4t receive queues
• 1p2q2t transmit queues

Usage Guidelines When mapping CoS values to the strict-priority queues, note the following information:
• The queue number is always 1.
• You can enter up to 8 CoS values to map to the queue.
Examples This example shows how to map CoS value 7 to the strict-priority queues on Gigabit Ethernet port 1/1:

QOS-557
Router(config-if)# priority-queue cos-map 1 7

Router(config-if)#

interfaces

QOS-558
priority-queue queue-limit
To set the priority-queue size on an interface, use the priority-queue queue-limit command in interface
configuration mode. To return to the default priority-queue size, use the no form of this command.
priority-queue queue-limit percent
no priority-queue queue-limit percent
Syntax Description percent Priority-queue size in percent; valid values are from 1 to 100.
Command Default When global quality of service (QoS) is enabled, the priority-queue size is 15. When global QoS is
disabled, the priority-queue size is 0.

Usage Guidelines This command is supported on the following modules:

• WS-X6501-10GE—1p2q1t1
• WS-X6148A-GE—1p3q8t2
• WS-X6148-45—1p3q8t
• WS-X6148-FE-SFP—1p3q8t
• WS-X6748-SFP—1p3q8t
• WS-X6724-SFP—1p7q8t 3
• WS-X6704-10GE—1p7q4t4
• WS-SUP32-10GB-3B—1p7q4t
• WS-SUP32-GB-3B—1p3q8t
• WS-X6708-10GE—1p7q4t
Examples The following example shows how to set the priority-queue size on an interface:
priority-queue queue-limit 15
1. 1p2q1t—One strict-priority queue, two standard queues with one WRED drop threshold and one
non-configurable (100%) tail-drop threshold per queue.
2. 1p3q8t—One strict-priority queue, three standard queues with eight WRED drop thresholds per queue.
3. 1p7q8t—One strict-priority queue, seven standard queues with eight WRED drop thresholds per queue.
4. 1p7q4t—One strict-priority queue, seven standard queues with four WRED drop thresholds per queue.

QOS-559

show queueing interface Displays queueing information.

QOS-560
pvc-bundle
pvc-bundle
To add a virtual circuit (VC) to a bundle as a member of the bundle and enter bundle-vc configuration
mode in order to configure that VC bundle member, use the pvc-bundle command in bundle
configuration mode. To remove the VC from the bundle, use the no form of this command.
pvc-bundle pvc-name [vpi/] [vci]
no pvc-bundle pvc-name [vpi/] [vci]
Syntax Description pvc-name The name of the permanent virtual circuit (PVC) bundle.
vpi/ (Optional) ATM network virtual path identifier (VPI) for this PVC. The
absence of the / and a vpi value defaults the vpi value to 0.
On the Cisco 7200 and 7500 series routers, the value range is from 0 to 255;
on the Cisco 4500 and 4700 routers, the value range is from 0 to 1 less than
the quotient of 8192 divided by the value set by the atm vc-per-vp
command.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
vci (Optional) ATM network virtual channel identifier (VCI) for this PVC. The
value range is from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, lower values 0 to 31 are reserved
for specific traffic (F4 Operation, Administration, and Maintenance (OAM),
switched virtual circuit (SVC) signaling Integrated Local Management
Interface (ILMI), and so on) and should not be used.
The VCI is a 16-bit field in the header of the ATM cell. The VCI value is
unique only on a single link, not throughout the ATM network, because it
has local significance only.
cannot be 0.
Command Default None
Command Modes Bundle configuration

12.0(26)S This command was implemented on the Cisco 10000 series router.

QOS-561
pvc-bundle
Usage Guidelines Each bundle can contain multiple VCs having different quality of service (QoS) attributes. This
command associates a VC with a bundle, making it a member of that bundle. Before you can add a VC
to a bundle, the bundle must exist. Use the bundle command to create a bundle. You can also use this
command to configure a VC that already belongs to a bundle. You enter the command in the same way,
giving the name of the VC bundle member.
The pvc-bundle command enters bundle-vc configuration mode, in which you can specify VC-specific
and VC class attributes for the VC.
Examples The following example specifies an existing bundle called bundle1 and enters bundle configuration
mode. Then it adds two VCs to the bundle. For each added VC, bundle-vc mode is entered and a VC
class is attached to the VC to configure it.
bundle bundle1
pvc-bundle bundle1-control 207
class control-class
pvc-bundle bundle1-premium 206
class premium-class
The following example configures the PVC called bundle1-control, an existing member of the bundle
called bundle1, to use class-based weighted fair queueing (CBWFQ). The example configuration
attaches the policy map called policy1 to the PVC. Once the policy map is attached, the classes
comprising policy1 determine the service policy for the PVC bundle1-control.
bundle bundle1
pvc-bundle bundle1-control 207
class control-class

atm vc-per-vp Sets the maximum number of VCIs to support per VPI.
bundle.
specified VC class.
precedence Configures precedence levels for a VC member of a bundle, or for a VC
class that can be assigned to a VC bundle.
pvc Creates or assigns a name to an ATM PVC, specifies the encapsulation
type on an ATM PVC, and enters interface-ATM-VC configuration mode.

QOS-562
pvc-bundle
Command Description
bundle member.

QOS-563
qos pre-classify
qos pre-classify
To enable quality of service (QoS) preclassification, use the qos pre-classify command in interface
configuration mode. To disable the QoS preclassification feature, use the no form of this command.
qos pre-classify
no qos pre-classify
Command Default QoS preclassification is disabled.

12.2(2)T This command was implemented on the Cisco 2600 and Cisco 3600
series routers.
Usage Guidelines This command is restricted to tunnel interfaces, virtual templates, and crypto maps. The qos pre-classify
command is unavailable on all other interface types.
You can enable the qos pre-classify command for IP packets only.
Note QoS preclassification is not supported for all fragmented packets. If a packet is fragmented, each
fragment might receive different preclassifications.
Examples The following example enables the QoS for Virtual Private Networks (VPNs) feature on tunnel interfaces
and virtual templates:
Router(config-if)# qos pre-classify

QOS-564
qos pre-classify

show interfaces Displays statistics for the interfaces configured on a router or access
server.
interface or VC.

QOS-565
queue-limit
queue-limit
To specify or modify the maximum number of packets or bytes that a queue can hold for a class policy
configured in a policy map during a specified interval in milliseconds (ms), use the queue-limit
command in policy-map class configuration mode. To remove the queue limit from a class policy, use
queue-limit {number-of-packets [packets] | number-of-bytes bytes | number-of-milliseconds

milliseconds}
no queue-limit
Syntax Description number-of-packets Number in the range from 1 to 64 specifying the maximum amount of
packets that the queue for this class can accumulate.
Note For ESR-PRE1, number-of-packets is a number from 32 to 16384;
the number must be a power of 2. If the number you specify is not
a power of 2, the router converts the number to the nearest power of
2 value.
For Cisco IOS Release 12.2(16)BX, number-of-packets is a number
from 32 to 16384. The number does not need to be a power of 2.
For Cisco IOS Release 12.3(7)XI and later releases, if the interface
speed is less than 500 MB, number-of-packets is a number from 8
to 4096; the number must be a power of 2. If the interface speed is
greater than 500 MB, number-of-packets is a number from 128 to
64000 and must be a power of 2. If it is not, the router converts the
number to the nearest power of 2 value.
number-of-bytes Amount of data in bytes that a queue can accumulate. Values are 1 to 4096.
number-of-milliseconds Length of time in milliseconds (ms) that a queue can accumulate packets.
Values are 1 to 4096.
packets, bytes, Unit of measure.
milliseconds
Note If you are using the number-of-packets argument, the packets
keyword is optional.
Command Default The default behavior of the queue-limit command for class queues with and without weighted random
early detection (WRED) is as follows:
• Class queues with WRED—The router uses the default queue limit of two times the largest WRED
maximum threshold value, rounded to the nearest power of 2.
Note For Cisco IOS Release 12.2(16)BX, the router does not round the value to the nearest power of 2.
• Priority queues and class queues without WRED—The router has buffers for up to 50 ms of 256-byte
packets at line rate, but not fewer than 32 packets.

QOS-566
queue-limit

12.0(5)XE This command was integrated into Cisco IOS Release 12.0(5)XE. Support
for VIP-enabled Cisco 7500 series routers was added.
12.1(5)T This command was implemented on the VIP-enabled Cisco 7500 series
routers.
12.2(16)BX This command was introduced on the ESR-PRE2.
12.3(7)XI This command was integrated into Cisco IOS Release 12.3(7)XI.
12.4(20)T The following argument/keyword combinations were added:
• number-of-packets [packets]
• number-of-bytes bytes
• number-of-milliseconds milliseconds
Usage Guidelines WFQ

Weighted fair queueing (WFQ) creates a queue for every class for which a class map is defined. Packets
satisfying the match criterion for a class accumulate in the queue reserved for the class until they are
sent, which occurs when the queue is serviced by the fair queueing process. When the maximum packet
threshold you defined for the class is reached, enqueueing of any further packets to the class queue
causes tail drop or, if Weighted Random Early Detection (WRED) is configured for the class policy,
packet drop to take effect.
Overriding Queue Limits Set by the bandwidth Command

Use the bandwidth command with the modular quality of service command-line interface (MQC) to
specify the bandwidth for a particular class. When used with MQC, the bandwidth command has a
default queue limit for the class. This queue limit can be modified using the queue-limit command,
thereby overriding the default set by the bandwidth command.
Note Using the queue-limit command to modify the default queue limit is especially important for
higher-speed interfaces, in order to meet the minimum bandwidth guarantees required by the interface.
Examples The following example configures a policy map called policy11 to contain policy for a class called
acl203. Policy for this class is set so that the queue reserved for it has a maximum packet limit of 40.
Router(config-pmap)# class acl203

QOS-567
queue-limit

bandwidth Specifies the maximum aggregate bandwidth for H.323 traffic and verify the
available bandwidth of the destination gatekeeper.
class class-default Specifies the default traffic class whose bandwidth is to be configured or
modified.

QOS-568
queue-list default
queue-list default
To assign a priority queue for those packets that do not match any other rule in the queue list, use the
queue-list default command in global configuration mode. To restore the default value, use the no form
of this command.
queue-list list-number default queue-number
no queue-list list-number default queue-number
Syntax Description list-number Number of the queue list. Any number from 1 to 16 that identifies the queue
list.
queue-number Number of the queue. Any number from 1 to 16.

The default number of the queue list is queue number 1.

Usage Guidelines When you use multiple rules, remember that the system reads the queue-list commands in order of
appearance. When classifying a packet, the system searches the list of rules specified by queue-list
commands for a matching protocol or interface type. When a match is found, the system assigns the
packet to the appropriate queue. The system searches the list in the order specified, and the first matching
rule terminates the search.
Queue number 0 is a system queue. It is emptied before any of the other queues are processed. The
system enqueues high-priority packets, such as keepalives, to this queue.
Use the show interfaces command to display the current status of the output queues.
Examples In the following example, the default queue for list 10 is set to queue number 2:
queue-list 10 default 2

QOS-569
queue-list default

queue-list protocol Establishes queueing priority based on the protocol type.
interface or VC.

QOS-570
queue-list interface
To establish queueing priorities on packets entering on an interface, use the queue-list interface
command in global configuration mode. To remove an entry from the list, use the no form of this
command.
queue-list list-number interface interface-type interface-number queue-number
no queue-list list-number interface interface-type interface-number queue-number
list.
interface-type Type of the interface.
interface-number Number of the interface.

Usage Guidelines When you use multiple rules, remember that the system reads the queue-list commands in order of
appearance. When classifying a packet, the system searches the list of rules specified by queue-list
commands for a matching protocol or interface type. When a match is found, the system assigns the
packet to the appropriate queue. The list is searched in the order specified, and the first matching rule
Examples In the following example, queue list 4 establishes queueing priorities for packets entering on interface
tunnel 3. The queue number assigned is 10.
queue-list 4 interface tunnel 3 10

QOS-571

interface or VC.

QOS-572
queue-list lowest-custom
To set the lowest number for a queue to be treated as a custom queue, use the queue-list lowest-custom
command in global configuration mode. To restore the default value, use the no form of this command.
queue-list list-number lowest-custom queue-number
no queue-list list-number lowest-custom queue-number
list.
Command Default The default number of the lowest custom queue is 1.

Usage Guidelines All queues from queue 0 to the queue prior to the one specified in the queue-list lowest-custom
command use the priority queue. (Queue 0 has the highest priority.)
All queues from the one specified in the queue-list lowest-custom command to queue 16 use a
round-robin scheduler.
Use the show queueing custom command to display the current custom queue configuration.
Examples In the following example, the lowest custom value is set to 2 for queue list 4:
queue-list 4 lowest-custom 2


QOS-573
Command Description
interface or VC.

QOS-574
queue-list protocol
queue-list protocol
To establish queueing priority based upon the protocol type, use the queue-list protocol command in
global configuration mode. To remove an entry from the list, use the no form of this command.
queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value
no queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value
Syntax Description list-number Number of the queue list. Any number from 1 to 16.
protocol-name Protocol type: aarp, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, cmns, compressedtcp, decnet, decnet_node,
decnet_routerl1, decnet_routerl2, dlsw, ip, ipx, pad, rsrb, stun
and x25.
queue-keyword keyword-value Possible keywords are fragments, gt, list, lt, tcp, and udp. See the
priority-list protocol command for more information about this
keyword.

of protocol types. These protocols were removed because Apollo Domain,
Banyan VINES, and Xerox Network Systems (XNS) were removed in
Release 12.2(13)T.
Usage Guidelines When you use multiple rules for a single protocol, remember that the system reads the queue-list
commands in order of appearance. When classifying a packet, the system searches the list of rules
specified by queue-list commands for a matching protocol. When a match is found, the system assigns
the packet to the appropriate queue. The system searches the list in the order specified, and the first
matching rule terminates the search.
The decnet_router-l1 keyword refers to the multicast address for all level 1 routers, which are intra-area
routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are interarea routers.
The dlsw, rsrb, and stun keywords refer only to direct encapsulation.

QOS-575
queue-list protocol
Use the tables listed in the priority-list protocol command documention to configure the queueing
priorities for your system.
Examples The following example assigns 1 as the custom queue list, specifies DECnet as the protocol type, and
assigns 3 as a queue number to the packets sent on this interface:
queue-list 1 protocol decnet 3
The following example assigns DECnet packets with a size greater than 200 bytes to queue number 2:
queue-list 2 protocol decnet 2 gt 200
The following example assigns DECnet packets with a size less than 200 bytes to queue number 2:
queue-list 4 protocol decnet 2 lt 200
The following example assigns traffic that matches IP access list 10 to queue number 1:
queue-list 1 protocol ip 1 list 10
The following example assigns Telnet packets to queue number 2:

queue-list 4 protocol ip 2 tcp 23
The following example assigns User Datagram Protocol (UDP) Domain Name Service packets to queue
number 2:
queue-list 4 protocol ip 2 udp 53
The following example assigns traffic that matches Ethernet type code access list 201 to queue number 1:
queue-list 1 protocol bridge 1 list 201

interface or VC.

QOS-576
queue-list queue byte-count

To specify how many bytes the system allows to be delivered from a given queue during a particular
cycle, use the queue-list queue byte-count command in global configuration mode. To return the byte
count to the default value, use the no form of this command.
queue-list list-number queue queue-number byte-count byte-count-number
no queue-list list-number queue queue-number byte-count byte-count-number
byte-count-number The average number of bytes the system allows to be delivered from a given
queue during a particular cycle.
Command Default This command is disabled by default. The default byte count is 1500 bytes.

Examples In the following example, queue list 9 establishes the byte count as 1400 for queue number 10:
queue-list 9 queue 10 byte-count 1400


QOS-577
Command Description
interface or VC.

QOS-578
queue-list queue limit
queue-list queue limit

To designate the queue length limit for a queue, use the queue-list queue limit command in global
configuration mode. To return the queue length to the default value, use the no form of this command.
queue-list list-number queue queue-number limit limit-number
no queue-list list-number queue queue-number limit limit-number
limit-number Maximum number of packets that can be enqueued at any time. The range is
from 0 to 32767 queue entries. A value of 0 means that the queue can be of
unlimited size.
Command Default The default queue length limit is 20 entries.

Examples In the following example, the queue length of queue 10 is increased to 40:
queue-list 5 queue 10 limit 40

interface or VC.

QOS-579
random-detect
random-detect
To enable Weighted Random Early Detection (WRED) or distributed WRED (DWRED) on an interface,
use the random-detect command in interface configuration mode. To configure WRED for a class in a
policy map, use the random-detect command in policy-map class configuration mode. To disable
WRED or DWRED, use the no form of this command.
random-detect [dscp-based | prec-based]
no random-detect
Syntax Description dscp-based (Optional) Specifies that WRED is to use the differentiated services code
point (DSCP) value when it calculates the drop probability for a packet.
prec-based (Optional) Specifies that WRED is to use the IP Precedence value when it
calculates the drop probability for a packet.
Command Default WRED and DWRED are disabled by default.
Command Modes Interface configuration when used on an interface (config-if)

Policy-map class configuration when used in a policy map (config-pmap-c)

12.1(5)T This command was integrated into Cisco IOS Release 12.1(5)T. Arguments
were added to support Differentiated Services (DiffServ) and Assured
Forwarding (AF) Per Hop Behavior (PHB).
12.1(5a)E This command was integrated into Cisco IOS Release 12.1(5a)E in policy
map class configuration mode only.
This command was implemented on Versatile Interface Processor
(VIP)-enabled Cisco 7500 series routers and Catalyst 6000 family switches
with a FlexWAN module.
12.0(15)S This command was integrated into Cisco IOS Release 12.0(15)S in
policy-map class configuration mode only.

QOS-580
random-detect
Usage Guidelines Keywords

If you choose not to use either the dscp-based or the prec-based keywords, WRED uses the IP
Precedence value (the default method) to calculate the drop probability for the packet.
Availability
The random-detect command is not available at the interface level for Cisco IOS Releases 12.1E or
12.0S. The random-detect command is available in policy-map class configuration mode only for Cisco
IOS Releases 12.1E, 12.0S, and later.
WRED Functionality
WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
of the Route Switch Processor (RSP). WRED and DWRED are most useful with protocols like Transport
Control Protocol (TCP) that respond to dropped packets by decreasing the transmission rate.
The router automatically determines parameters to use in the WRED calculations. To change these
parameters, use the random-detect precedence command.
Platform Support for DWRED

The DWRED feature is supported only on Cisco 7000 series routers with an RSP7000 card and
Cisco 7500 series routers with a VIP2-40 or greater interface processor. A VIP2-50 interface processor
is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater than
DS3. A VIP2-50 interface processor is required for OC-3 rates.
To use DWRED, distributed Cisco Express Forwarding (dCEF) switching must first be enabled on the
interface. For more information on dCEF, refer to the Cisco IOS Switching Services Configuration Guide
and the Cisco IOS Switching Services Command Reference.
WRED in a Policy Map

You can configure WRED as part of the policy map for a standard class or the default class. The WRED
random-detect command and the weighted fair queueing (WFQ) queue-limit command are mutually
exclusive. If you configure WRED, its packet drop capability is used to manage the queue when packets
exceeding the configured maximum count are enqueued. If you configure the WFQ queue-limit
command, tail drop is used.
To configure a policy map and create class policies, use the policy-map and class (policy-map)
commands. When creating a class within a policy map, you can use the random-detect command with
either of the following commands:
• bandwidth (policy-map class)
• fair-queue (class-default)—for the default class only
Note If you use WRED packet drop instead of tail drop for one or more classes in a policy map, you
must ensure that WRED is not configured on the interface to which you attach that policy map.
Note DWRED is not supported for classes in a policy map.
Two Methods for Calculating the Drop Probability of a Packet

This command includes two optional keywords, dscp-based and prec-based, that determine the method
WRED uses to calculate the drop probability of a packet.

QOS-581
random-detect
Note the following points when deciding which method to instruct WRED to use:
• With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type
of service (ToS) byte) to calculate the drop probability.
• With the prec-based keyword, WRED will use the IP Precedence value to calculate the drop
probability.
• The dscp-based and prec-based keywords are mutually exclusive.
• If neither argument is specified, WRED uses the IP Precedence value to calculate the drop
probability (the default method).
Examples The following example configures WRED on the High-Speed Serial Interface (HSSI) 0/0/0 interface:
interface Hssi0/0/0
random-detect
The following example configures the policy map called policy1 to contain policy specification for the
class called class1. During times of congestion, WRED packet drop is used instead of tail drop.
! The following commands create the class map called class1:
class-map class1
match input-interface fastethernet0/1
! The following commands define policy1 to contain policy specification for class1:
policy-map policy1
class class1
bandwidth 1000
random-detect
The following example enables WRED to use the DSCP value 8. The minimum threshold for the DSCP
value 8 is 24 and the maximum threshold is 40. This configuration was performed at the interface level.
Router(config-if)# random-detect dscp-based
Router(config-if)# random-detect dscp 8 24 40
The following example enables WRED to use the DSCP value 8 for class c1. The minimum threshold
for DSCP value 8 is 24 and the maximum threshold is 40. The last line attaches the service policy to the
output interface or virtual circuit (VC) p1.
Router(config-if)# class-map c1
Router(config-if)# policy-map p1
Router(config-pmap-c)# random-detect dscp-based
Router(config-pmap-c)# random-detect dscp 8 24 40
Router(config-if)# service-policy output p1

random-detect dscp Changes the minimum and maximum packet thresholds for the
DSCP value.
random-detect Configures the WRED and DWRED exponential weight factor
exponential-weighting-constant for the average queue size calculation.

QOS-582
random-detect
Command Description
random-detect flow Enables flow-based WRED.
Precedence.
show interfaces Displays statistics for all interfaces configured on the router or
access server.
show tech-support rsvp Generates a report of all RSVP-related information.

QOS-583
random-detect (per VC)

To enable per-virtual circuit (VC) Weighted Random Early Detection (WRED) or per-VC
VIP-distributed WRED (DWRED), use the random-detect command in VC submode mode. To disable
per-VC WRED and per-VC DWRED, use the no form of this command.
random-detect [attach group-name]
no random-detect [attach group-name]
Syntax Description attach group-name (Optional) Name of the WRED or DWRED group.
Command Default WRED and DWRED are disabled by default.
Command Modes VC submode

of the Route Switch Processor (RSP). WRED and DWRED are most useful with protocols like TCP that
respond to dropped packets by decreasing the transmission rate.
WRED and DWRED are configurable at the interface and per-VC levels. The VC-level WRED or
DWRED configuration will override the interface-level configuration if WRED or DWRED is also
configured at the interface level.
Use this command to configure a single ATM VC or a VC that is a member of a bundle.
Note the following points when using the random-detect (per VC) command:
• If you use this command without the optional attach keyword, default WRED or DWRED
parameters (such as minimum and maximum thresholds) are used.
• If you use this command with the optional attach keyword, the parameters defined by the specified
WRED or DWRED parameter group are used. (WRED or DWRED parameter groups are defined
through the random-detect-group command.) If the specified WRED or DWRED group does not
exist, the VC is configured with default WRED or DWRED parameters.

QOS-584
When this command is used to configure an interface-level WRED or DWRED group to include per-VC
WRED or DWRED as a drop policy, the configured WRED or DWRED group parameters are inherited
under the following conditions:
• All existing VCs—including Resource Reservation Protocol (RSVP) switched virtual circuits
(SVCs) that are not specifically configured with a VC-level WRED or DWRED group—will inherit
the interface-level WRED or DWRED group parameters.
• Except for the VC used for signalling and the Interim Local Management Interface (ILMI) VC, any
VCs created after the configuration of an interface-level DWRED group will inherit the parameters.
When an interface-level WRED or DWRED group configuration is removed, per-VC WRED or DWRED
parameters are removed from any VC that inherited them from the configured interface-level WRED or
DWRED group.
When an interface-level WRED or DWRED group configuration is modified, per-VC WRED or
DWRED parameters are modified accordingly if the WRED or DWRED parameters were inherited from
the configured interface-level WRED or DWRED group configuration.
This command is only supported on interfaces that are capable of VC-level queueing. The only currently
supported interface is the Enhanced ATM port adapter (PA-A3).
The DWRED feature is only supported on Cisco 7000 series routers with an RSP7000 card and
interface. For more information on dCEF, refer to the Cisco IOS Switching Services Configuration Guide
and the Cisco IOS Switching Services Command Reference.
Examples The following example configures per-VC WRED for the permanent virtual circuit (PVC) called cisco.
Because the attach keyword was not used, WRED uses default parameters.
pvc cisco 46
random-detect
The following example creates a DWRED group called Rome and then applies the parameter group to
an ATM PVC:
! The following commands create the DWRED parameter group Rome:
random-detect-group Rome
precedence rsvp 46 50 10
exit
exit
! The following commands create a PVC on an ATM interface and then apply the
! DWRED group Rome to that PVC:
interface ATM2/0.23 point-to-point
ip address 10.9.23.10 255.255.255.0
no ip mroute-cache

QOS-585
pvc vc1 201/201

random-detect attach Rome
vbr-nrt 2000 1000 200
The following show queueing command displays the current settings for each of the IP Precedences
following configuration of per-VC DWRED:
Router# show queueing random-detect interface atm2/0.23 vc 201/201
random-detect group Rome:
exponential weight 9
class min-threshold max-threshold mark-probability
----------------------------------------------------------
0 30 50 1/10
1 32 50 1/10
2 34 50 1/10
3 36 50 1/10
4 38 50 1/10
5 40 50 1/10
6 42 50 1/10
7 44 50 1/10
rsvp 46 50 1/10

class (policy-map) Specifies the name of the class whose policy you want to create
or change, and the default class (commonly known as the
Precedence.
show interfaces Displays the statistical information specific to a serial interface.
interface or VC.

QOS-586
random-detect aggregate
To enable aggregate Weighted Random Early Detection (WRED), use the random-detect aggregate
command in policy-map class configuration mode. To disable aggregate WRED, use the no form of this
command.
random-detect [precedence-based | dscp-based] aggregate [minimum-thresh min-thresh

maximum-thresh max-thresh mark-probability mark-prob]
no random-detect [precedence-based | dscp-based] aggregate
Syntax Description precedence-based (Optional) Enables aggregate WRED based on IP precedence values. This is
the default.
dscp-based (Optional) Enables aggregate WRED based on differentiated services code
point (DSCP) values.
minimum-thresh (Optional) Default minimum threshold (in number of packets) to be used for
min-thresh all subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from 1 to 12288.
maximum-thresh (Optional) Default maximum threshold (in number of packets) to be used for
max-thresh all subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from the minimum threshold argument to 12288.
mark-probability (Optional) Default denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. This value is used for all
subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from 1 to 255.
Command Default If no precedence-based or dscp-based keyword is specified in the command, the default is
precedence-based.
If optional parameters for a default aggregate class are not defined, all subclass values that are not
explicitly configured will use plain (non-weighted) RED drop behavior. This is different from standard
random-detect configuration where the default is to always use WRED behavior.

12.2(31)SB2 This command was integrated into Cisco IOS Release 12.2(31)SB2 on the
Cisco 10000 series router for the PRE3.

QOS-587
Usage Guidelines For ATM interfaces, the Aggregate WRED feature requires that the ATM SPA cards are installed in a
Cisco 7600 SIP-200 carrier card or a Cisco 7600 SIP-400 carrier card.
To configure WRED on an ATM interface, you must use the random-detect aggregate commands; the
standard random-detect commands are no longer supported on ATM interfaces.
The precedence-based and dscp-based keywords are mutually exclusive. If you do not specify either
keyword, precedence-based is the default.
Defining WRED profile parameter values for the default aggregate class is optional. If defined, WRED
profile parameters applied to the default aggregate class will be used for all subclasses that have not been
explicitly configured. If all possible IP precedence or DSCP values are defined as subclasses, a default
specification is unnecessary. If the optional parameters for a default aggregate class are not defined and
packets with an unconfigured IP precedence or DSCP value arrive at the interface, plain (non-weighted)
RED drop behavior will be used.
Use this command with a random-detect precedence (aggregate) or random-detect dscp (aggregate)
command within a policy map configuration to configure aggregate Weighted Random Early Detection
(WRED) parameters for specific IP precedence or DSCP value(s).
After the policy map is defined, the policy map must be attached at the VC level.
Use the show policy-map interface command to display the statistics for aggregated subclasses.
Examples The following example shows a precedence-based aggregate WRED configuration for an ATM interface.
Note that first a policy map named prec-aggr-wred is defined for the default class, then precedence-based
Aggregate WRED is enabled with the random-detect aggregate command, then subclasses and WRED
parameter values are assigned in a series of random-detect precedence (aggregate) commands, and,
finally, the policy map is attached at the ATM VC level using the interface and service-policy
commands.
Router(config)# policy-map prec-aggr-wred
Router(config-pmap-c)# random-detect aggregate
Router(config-pmap-c)# random-detect precedence values 0 1 2 3 minimum thresh 10
maximum-thresh 100 mark-prob 10
Router(config-pmap-c)# random-detect precedence values 4 5 minimum-thresh 40
Router(config-pmap-c)# random-detect precedence values 6 minimum-thresh 60 maximum-thresh
600 mark-prob 10
700 mark-prob 10
Router(config-pmap-c)# interface ATM4/1/0.10 point-to-point
Router(config-subif)# ip address 10.0.0.2 255.255.255.0
Router(config-subif)# pvc 10/110
Router(config-subif)# service-policy output prec-aggr-wred
The following example shows a DSCP-based aggregate WRED configuration for an ATM interface. Note
that first a policy map named dscp-aggr-wred is defined for the default class, then dscp-based Aggregate
WRED is enabled with the random-detect dscp-based aggregate command, then subclasses and
WRED parameter values are assigned in a series of random-detect dscp (aggregate) commands, and,
commands.
Router(config)# policy-map dscp-aggr-wred
Router(config-pmap-c)# random-detect dscp-based aggregate minimum-thresh 1 maximum-thresh
10 mark-prob 10

QOS-588
Router(config-pmap-c)# random-detect dscp values 0 1 2 3 4 5 6 7 minimum-thresh 10

Router(config-pmap-c)# random-detect dscp values 8 9 10 11 minimum-thresh 10
Router(config)# interface ATM4/1/0.11 point-to-point
Router(config-subif)# service-policy output dscp-aggr-wred

class (policy-map) Specifies the name of the class whose policy you want to create
or change, and the default class (commonly known as the
interface Configures an interface type and enters interface configuration
mode.
policy-map Creates a policy map that can be attached to one or more
random-detect precedence Configures aggregate WRED parameters for specific IP
(aggregate) precedence values.
random-detect dscp (aggregate) Configures aggregate WRED parameters for specific DSCP
values.
interface or VC, to be used as the service policy for that interface
or VC.
show policy-map interface Displays the configuration of all classes configured for all service
policies on the specified interface or displays the classes for the
service policy for a specific PVC on the interface.

QOS-589
random-detect atm-clp-based
To enable weighted random early detection (WRED) on the basis of the ATM cell loss priority (CLP) of
a packet, use the random-detect atm-clp-based command in policy-map class configuration mode. To
disable WRED, use the no form of this command.
random-detect atm-clp-based clp-value
no random-detect atm-clp-based
random-detect atm-clp-based min-thresh-value max-thresh-value

mark-probability-denominator-value
no random-detect atm-clp-based
Syntax Description clp-value CLP value. Valid values are 0 or 1.

min-thresh-value Minimum threshold in number of packets. Valid values are 1 to 4096.
max-thresh-value Maximum threshold in number of packets. Valid values are 1 to 4096.
max-probability-denominator- Denominator for the fraction of packets dropped when the average
value queue depth is at the maximum threshold. Valid values are 1 to 65535.
Command Default When WRED is configured, the default minimum and maximum thresholds are determined on the basis
of output buffering capacity and the transmission speed for the interface.
The default maximum probability denominator is 10.
On the Cisco 10000 series router, the default is disabled.

12.2(33)SB This command was introduced on the PRE3 and PRE4 for the Cisco 10000
series router.
Usage Guidelines You cannot use the random-detect atm-clp-based command with the random-detect cos-based
command in the same HQF configuration. You must use the no random-detect cos-based command to
disable it before you configure the random-detect atm-clp-based command.

QOS-590
Examples In the following example, WRED is configured on the basis of the ATM CLP. In this configuration, the
random-detect atm-clp-based command has been configured and an ATM CLP of 1 has been specified.
Router> enable
Router(config)# policy-map policymap1
Router(config-pmap-c)# random-detect atm-clp-based 1

random-detect clp Specifies the ATM CLP value of a packet, the minimum and maximum
thresholds, and the maximum probability denominator used for enabling
WRED.
random-detect cos Specifies the CoS value of a packet, the minimum and maximum thresholds,
and the maximum probability denominator used for enabling WRED.
random-detect Enables WRED on the basis of the CoS value of a packet.
cos-based
on the interface.

QOS-591
random-detect cos-based
To enable weighted random early detection (WRED) on the basis of the class of service (CoS) value of
a packet, use the random-detect cos-based command in policy-map class configuration mode. To
disable WRED, use the no form of this command.
random-detect cos-based cos-value
no random-detect cos-based
Syntax Description cos-value Specific IEEE 802.1Q CoS values from 0 to 7.
Command Default When WRED is configured, the default minimum and maximum thresholds are determined on the basis
of output buffering capacity and the transmission speed for the interface.
The default maximum probability denominator is 10.

Usage Guidelines You cannot use the random-detect cos-based command with the random-detect atm-clp-based
command in the same HQF configuration. You must use the no random-detect atm-clp-based
command to disable it before you configure the random-detect cos-based command.
Examples In the following example, WRED is configured on the basis of the CoS value. In this configuration, the
random-detect cos-based command has been configured and a CoS value of 2 has been specified.
Router> enable
Router(config)# policy-map policymap1
Router(config-pmap-c)# random-detect cos-based 2

QOS-592

random-detect Enables WRED on the basis of the ATM CLP of a packet.
atm-clp-based
random-detect clp Specifies the ATM CLP value of a packet, the minimum and maximum
thresholds, and the maximum probability denominator used for enabling
WRED.
random-detect cos Specifies the CoS value of a packet, the minimum and maximum thresholds,
and the maximum probability denominator used for enabling WRED.
on the interface.

QOS-593
random-detect discard-class
To configure the weighted random early detection (WRED) parameters for a discard-class value for a
class policy in a policy map, use the random-detect discard-class command in QoS policy-map class
configuration mode. To disable the discard-class values, use the no form of this command.
random-detect discard-class value min-threshold max-threshold max-probability-denominator
no random-detect discard-class value min-threshold max-threshold max-probability-denominator
Syntax Description value Discard class. This is a number that identifies the drop eligibility of a
packet. Valid values are 0 to 7.
min-threshold Specifies the minimum number of packets allowed in the queue. When
the average queue length reaches the minimum threshold, WRED
randomly drops some packets with the specified DSCP, IP precedence,
or discard-class value. Valid minimum threshold values are 1 to
16384.
max-threshold Specifies the maximum number of packets allowed in the queue.
When the average queue length exceeds the maximum threshold,
WRED drops all packets with the specified DSCP, IP precedence, or
discard-class value. Valid maximum threshold values are 1 to 16384.
max-probability-denominator Denominator for the fraction of packets dropped when the average
queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the
average queue is at the maximum threshold. Valid values are 1 to
65535.
Command Default For all precedence levels, the max-probability-denominator default is 10 packets; 1 out of every 10
packets is dropped at the maximum threshold.

Usage Guidelines When you configure the random-detect discard-class command on an interface, packets are given
preferential treatment based on the discard class of the packet. Use the random-detect discard-class
command to adjust the discard class for different discard-class values.

QOS-594

You must first enable the drop mode using the random-detect discard-class-based command. You can
then set the drop probability profile using the random-detect discard-class command.
Table 32 lists the default drop thresholds for WRED based on differentiated services code point (DSCP),
IP precedence, and discard class. The drop probability indicates that the router drops one packet for
every 10 packets.
Table 32 WRED Default Drop Thresholds
DSCP, Precedence, and Minimum Threshold Maximum Threshold

Discard-Class Values (Times the Queue Size) (Times the Queue Size) Drop Probability
All DSCPs 1/4 1/2 1/10
0 1/4 1/2 1/10
1 9/32 1/2 1/10
2 5/16 1/2 1/10
3 11/32 1/2 1/10
4 3/8 1/2 1/10
5 13/32 1/2 1/10
6 7/16 1/2 1/10
7 15/32 1/2 1/10
Examples The following example shows how to configure discard class 2 to randomly drop packets when the
average queue reaches the minimum threshold of 100 packets and 1 in 10 packets are dropped when the
average queue is at the maximum threshold of 200 packets:
policy-map set-MPLS-PHB
class IP-AF11
bandwidth percent 40
random-detect discard-class-based
random-detect-discard-class 2 100 200 10

The following example shows how to enable discard-class-based WRED. In this example, the
configuration of the class map named Silver indicates to classify traffic based on discard class 3 and 5.
Traffic that matches discard class 3 or 5 is assigned to the class named Silver in the policy map named
Premium. The Silver configuration includes WRED packet dropping based on discard class 5 with a
minimum threshold of 500, maximum threshold of 1500, and a mark-probability-denominator of 200.
The QoS policy is applied to PVC 1/81 on point-to-point ATM subinterface 2/0/0.2 in the outbound
direction.
Router(config)# class-map Silver
Router(config-cmap)# match discard-class 3 5
Router(config)# policy-map Premium
Router(config-pmap)# class Silver
Router(config-pmap-c)# random-detect discard-class-based
Router(config-pmap-c)# random-detect discard-class 5 500 1500 200
Router(config)# interface atm 2/0/0

QOS-595
Router(config-if)# atm pxf queuing

Router(config-if)# interface atm 2/0/0.2 point-to-point
Router(config-subif-atm-vc)# ubr 10000
Router(config-subif-atm-vc)# service-policy output Premium

match discard-class Matches packets of a certain discard-class.
discard-class-based
precedence.

QOS-596
To base weighted random early detection (WRED) on the discard class value of a packet, use the
random-detect discard-class-based command in policy-map class configuration mode. To disable this
feature, use the no form of this command.
no random-detect discard-class-based
Defaults The defaults are router-dependent.

Usage Guidelines Enter this command so that WRED is based on the discard class instead of on the IP precedence field.
Examples The following example shows that random detect is based on the discard class value of a packet:
policy-map name
class-name
bandwidth percent 40

match discard-class Matches packets of a certain discard class.

QOS-597
random-detect dscp
random-detect dscp
To change the minimum and maximum packet thresholds for the differentiated services code point
(DSCP) value, use the random-detect dscp command in interface or QoS policy-map class
configuration mode. To return the minimum and maximum packet thresholds to the default for the DSCP
random-detect dscp dscp-value min-threshold max-threshold [max-probability-denominator]
no random-detect dscp dscp-value min-threshold max-threshold [max-probability-denominator]
Syntax Description dscp-value The DSCP value. The DSCP value can be a number from 0 to 63, or
it can be one of the following keywords: af11, af12, af13, af21,
af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4,
cs5, cs7, ef, or rsvp.
the minimum threshold, Weighted Random Early Detection
(WRED) or distributed WRED (dWRED) randomly drops some
packets with the specified DSCP value.
argument is from the value of the min-threshold argument to 4096.
WRED or dWRED drops all packets with the specified DSCP value.
max-probability-denominator (Optional) Denominator for the fraction of packets dropped when
the average queue depth is at the maximum threshold. For example,
if the denominator is 512, 1 out of every 512 packets is dropped
when the average queue is at the maximum threshold. The value
range is from 1 to 65536. The default is 10; 1 out of every 10 packets
is dropped at the maximum threshold.
Command Default The default values for the random-detect dscp command are different on Versatile Interface Processor
(VIP)-enabled Cisco 7500 series routers and Catalyst 6000 family switches with a FlexWAN module
(dWRED). All other platforms running WRED have another set of default values. For more information
about random-detect dscp defaults, see the “Usage Guidelines” section.

Policy-map class configuration

12.1(5a)E This command was integrated into Cisco IOS Release 12.1(5a)E in
The command was introduced for VIP-enabled Cisco 7500 series routers and
Catalyst 6000 family switches with a FlexWAN module.

QOS-598
random-detect dscp
12.0(15)S This command was integrated into Cisco IOS Release 12.0(15)S in
Usage Guidelines Use the random-detect dscp command in conjunction with the random-detect command in interface
configuration mode.
Additionally, the random-detect dscp command is available only if you specified the dscp-based
argument when using the random-detect command in interface configuration mode.
Note The random-detect dscp command is not available at the interface level for Cisco IOS Release 12.1E
or Release 12.0S. The random-detect dscp command is available only in policy-map class
configuration mode in Cisco IOS Release 12.1E.
Defaults for VIP-Enabled Cisco 7500 Series Routers and Catalyst 6000 Family Switches with a FlexWAN Module
For all IP precedence values, the default mark-probability-denominator is 10, and the max-threshold
value is based on the output buffering capacity and the transmission speed of the interface.
The default min-threshold value depends on the IP precedence value. The min-threshold value for IP
precedence 0 corresponds to half of the max-threshold value. The values for the remaining IP precedence
values fall between half the max-threshold and the max-threshold at even intervals.
Unless the maximum and minimum threshold values for the DSCP values are configured by the user, all
DSCP values have the same minimum threshold and maximum threshold values as the value specified
for precedence 0.
Specifying the DSCP Value

The random-detect dscp command allows you to specify the DSCP value per traffic class. The DSCP
value can be a number from 0 to 63, or it can be one of the following keywords: af11, af12, af13, af21,
af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs7, ef, or rsvp.
On a particular traffic class, eight DSCP values can be configured per traffic class. Overall, 29 values
can be configured on a traffic class: 8 precedence values, 12 AF code points, 1 EF code point, and 8
user-defined DSCP values.
Assured Forwarding Code Points

The AF code points provide a means for a domain to offer four different levels (four different AF
classes). Forwarding assurances for IP packets received from other (such as customer) domains. Each
one of the four AF classes is allocated a certain amount of forwarding services (buffer space and
bandwidth).

QOS-599
random-detect dscp
Within each AF class, IP packets are marked with one of three possible drop precedence values (binary
2{010}, 4{100}, or 6{110}), which exist as the three lowest bits in the DSCP header. In congested
network environments, the drop precedence value of the packet determines the importance of the packet
within the AF class. Packets with higher drop precedence values are discarded before packets with lower
drop precedence values.
The upper three bits of the DSCP value determine the AF class; the lower three values determine the
drop probability.
Expedited Forwarding Code Points

The EF code point is usually used to mark high-priority, time-sensitive data. The EF code point marking
is equal to the highest precedence value; therefore, the EF code point is always equal to precedence value
7.
Class Selector Values

The Class Selector (CS) values are equal to IP precedence values (for instance, cs1 is the same as IP
precedence 1).
Default Values
Table 33 lists the default WRED minimum threshold value for each IP precedence value on the
distributed platforms.
Table 33 Default WRED Minimum Threshold Values for the Distributed Platforms
Minimum Threshold
Class Value (Fraction of
IP Selector Maximum Threshold
(Precedence) (CS) Value Value) Important Notes About the Value
0 cs0 8/16 All DSCP values that are not configured by the
user will have the same threshold values as IP
precedence 0.
1 cs1 9/16 —
2 cs2 10/16 —
3 cs3 11/16 —
4 cs4 12/16 —
5 cs5 13/16 —
6 cs6 14/16 —
7 cs7 15/16 The EF code point will always be equal to IP
precedence 7.
Defaults for Non-VIP-Enabled Cisco 7500 Series Routers and Catalyst 6000 Family Switches with a
FlexWAN Module
All platforms except the VIP-enabled Cisco 7500 series router and the Catalyst 6000 have the default
values shown in Table 34.
If WRED is using the DSCP value to calculate the drop probability of a packet, all 64 entries of the DSCP
table are initialized with the default settings shown in Table 34.

QOS-600
random-detect dscp
Table 34 random-detect dscp Default Settings

0(0) 20 40 1/10
1 22 40 1/10
2 24 40 1/10
3 26 40 1/10
4 28 40 1/10
5 30 40 1/10
6 32 40 1/10
7 34 40 1/10
8(1) 22 40 1/10
9 22 40 1/10
10 24 40 1/10
11 26 40 1/10
12 28 40 1/10
13 30 40 1/10
14 32 40 1/10
15 34 40 1/10
16(2) 24 40 1/10
17 22 40 1/10
18 24 40 1/10
19 26 40 1/10
20 28 40 1/10
21 30 40 1/10
22 32 40 1/10
23 34 40 1/10
24(3) 26 40 1/10
25 22 40 1/10
26 24 40 1/10
27 26 40 1/10
28 28 40 1/10
29 30 40 1/10
30 32 40 1/10
31 34 40 1/10
32(4) 28 40 1/10
33 22 40 1/10
34 24 40 1/10

QOS-601
random-detect dscp
Table 34 random-detect dscp Default Settings (continued)

35 26 40 1/10
36 28 40 1/10
37 30 40 1/10
38 32 40 1/10
39 34 40 1/10
40(5) 30 40 1/10
41 22 40 1/10
42 24 40 1/10
43 26 40 1/10
44 28 40 1/10
45 30 40 1/10
46 36 40 1/10
47 34 40 1/10
48(6) 32 40 1/10
49 22 40 1/10
50 24 40 1/10
51 26 40 1/10
52 28 40 1/10
53 30 40 1/10
54 32 40 1/10
55 34 40 1/10
56(7) 34 40 1/10
57 22 40 1/10
58 24 40 1/10
59 26 40 1/10
60 28 40 1/10
61 30 40 1/10
62 32 40 1/10
63 34 40 1/10
rsvp 36 40 1/10
Examples The following example enables WRED to use the DSCP value 8. The minimum threshold for the DSCP
value 8 is 20, the maximum threshold is 40, and the mark probability is 1/10.
random-detect dscp 8 20 40 10

QOS-602
random-detect dscp

random-detect Enables WRED or dWRED.

QOS-603
random-detect dscp (aggregate)

To configure aggregate Weighted Random Early Detection (WRED) parameters for specific
differentiated services code point (DSCP) value, use the random-detect dscp values (aggregate)
command in QoS policy-map class configuration mode. To disable configuration of aggregate WRED
DSCP values, use the no form of this command.
random-detect dscp sub-class-val1 sub-class-val2 sub-class-val3 sub-class-val4 min-thresh

max-thresh mark-prob
no random-detect dscp sub-class-val1 sub-class-val2 sub-class-val3 sub-class-val4 min-thresh

max-thresh mark-prob
random-detect dscp values sub-class-val1 [...[sub-class-val8]] minimum-thresh

min-thresh-value maximum-thresh max-thresh-value mark-prob mark-prob-value
no random-detect dscp values sub-class-val1 [...[sub-class-val8]] minimum-thresh

min-thresh-value maximum-thresh max-thresh-value mark-prob mark-prob-value
Syntax Description sub-class-val1 DSCP value(s) to which the following WRED profile parameter
specifications are to apply. A maximum of eight subclasses (DSCP values)
sub-class-val2
can be specified per command-line interface (CLI) entry. See the “Usage
sub-class-val3 Guidelines” for a list of valid DSCP values.
sub-class-val4
min-thresh The minimum number of packets allowed in the queue. When the average
queue length reaches the minimum threshold, WRED randomly drops some
packets with the specified DSCP value. Valid minimum threshold values are
1 to 16384.
max-thresh The maximum number of packets allowed in the queue. When the average
queue length exceeds the maximum threshold, WRED drops all packets
with the specified DSCP value. Valid maximum threshold values are 1 to
16384.
mark-prob The denominator for the fraction of packets dropped when the average
queue depth is at the maximum threshold. For example, if the denominator
is 512, 1 out of every 512 packets is dropped when the average queue is at
the maximum threshold. Valid values are 1 to 65535.
values sub-class-val1 DSCP value(s) to which the following WRED profile parameter
[...[subclass-val8]] specifications are to apply. A maximum of 8 subclasses (DSCP values) can
be specified per CLI entry. The DSCP value can be a number from 0 to 63,
or it can be one of the following keywords: ef, af11, af12, af13, af21, af22,
af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
minimum-thresh Specifies the minimum number of packets allowed in the queue. When the
min-thresh average queue length reaches the minimum threshold, WRED randomly
drops some packets with the specified DSCP value. Valid minimum
threshold values are 1 to 16384.

QOS-604
maximum-thresh Specifies the maximum number of packets allowed in the queue. When the
max-thresh average queue length exceeds the maximum threshold, WRED drops all
packets with the specified DSCP value. Valid maximum threshold values
are 1 to 16384.
mark-probability Specifies the denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the average
queue is at the maximum threshold. Valid values are 1 to 65535.
Command Default For all precedence levels, the mark-prob default value is 10 packets.

standard random-detect commands are no longer supported on ATM interfaces.
Use this command with a random-detect aggregate command within a policy map configuration.
Repeat this command for each set of DSCP values that share WRED parameters.
After the policy map is defined, the policy map must be attached at the virtual circuit (VC) level.
The set of subclass (DSCP precedence) values defined on a random-detect dscp (aggregate) CLI will
be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be
aggregated.

For the PRE2, the random-detect command specifies the default profile for the queue. For the PRE3,
the aggregate random-detect command is used instead to configure aggregate parameters for WRED.
The PRE3 accepts the PRE2 random-detect command as a hidden command.
On the PRE2, accounting for the default profile is per precedence. On the PRE3, accounting and
configuration for the default profile is per class map.
On the PRE2, the default threshold is per precedence for a DSCP or precedence value without an explicit
threshold configuration. On the PRE3, the default threshold is to have no WRED configured.

QOS-605
On the PRE2, the drop counter for each precedence belonging to the default profile only has a drop count
that matches the specific precedence value. Because the PRE2 has a default threshold for the default
profile, the CBQOSMIB displays default threshold values. On the PRE3, the drop counter for each
precedence belonging to the default profile has the aggregate counter of the default profile and not the
individual counter for a specific precedence. The default profile on the PRE3 does not display any
default threshold values in the CBQOSMIB if you do not configure any threshold values for the default
profile.
DSCP Values
You must enter one or more differentiated service code point (DSCP) values. The command may include
any combination of the following:
• numbers (0 to 63) representing differentiated services code point values
• af numbers (for example, af11) identifying specific AF DSCPs
• cs numbers (for example, cs1) identifying specific CS DSCPs
• default—Matches packets with the default DSCP.
• ef—Matches packets with EF DSCP.
For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the IP DSCP
values must be a successful match criterion, not all of the specified DSCP values), enter the match dscp
0 1 2 3 4 5 6 7 command.
Examples The following example shows how to create a class map named map1 and associate it with the policy
map named map2. The configuration enables WRED to drop map1 packets based on DSCP 8 with a
minimum threshold of 24 and a maximum threshold of 40. The map2 policy map is attached to the
outbound ATM interface 1/0/0.
Router(config-if)# class-map map1
Router(config)# policy-map map2
Router(config-pmap)# class map1
Router(config-pmap-c)# random-detect dscp 8 24 40
Router(config-if)# service-policy output map2
The following example shows a DSCP-based aggregate WRED configuration for an ATM interface. Note
that first a policy map named dscp-aggr-wred is defined for the default class, then dscp-based aggregate
WRED is enabled with the random-detect dscp-based aggregate command, then subclasses and
WRED parameter values are assigned in a series of random-detect dscp (aggregate) commands, and,
commands.
10 mark-prob 10
!
! Define an aggregate subclass for packets with DSCP values of 0-7 and assign the WRED
! profile parameter values for this subclass

QOS-606
Router(config-pmap-c)# random-detect dscp 0 1 2 3 4 5 6 7 minimum-thresh 10 maximum-thresh

20 mark-prob 10
Router(config-pmap-c)# random-detect dscp 8 9 10 11 minimum-thresh 10 maximum-thresh 40
mark-prob 10

The following example shows how to create a class map named Gold and associate it with the policy map
named Business. The configuration enables WRED to drop Gold packets based on DSCP 8 with a
minimum threshold of 24 and a maximum threshold of 40. The Business policy map is attached to the
outbound ATM interface 1/0/0.
Router(config-if)# class-map Gold
Router(config)# policy-map Business
Router(config-pmap)# class Gold
Router(config-pmap-c)# random-detect dscp values 8 minimum-thresh 24 maximum-thresh 40
Router(config-if)# service-policy output Business

change, and the default class (commonly known as the class-default
class) before you configure its policy.
interface Configures an interface type and enters interface configuration mode.
policy-map Creates a policy map that can be attached to one or more interfaces to
specify a service policy.
random-detect aggregate Enables aggregate WRED and optionally specifies default WRED
parameter values for a default aggregate class. This default class will
be used for all subclasses that have not been explicitly configured.
interface or VC, to be used as the service policy for that interface or
VC.

QOS-607
random-detect ecn
random-detect ecn
To enable explicit congestion notification (ECN), use the random-detect ecn command in policy-map
class configuration mode. To disable ECN, use the no form of this command.
random-detect ecn
no random-detect ecn
Command Default By default, ECN is disabled.

Usage Guidelines If ECN is enabled, ECN can be used whether Weighted Random Early Detection (WRED) is based on
the IP precedence value or the differentiated services code point (DSCP) value.
Examples The following example enables ECN in a policy map called “pol1”:
Router(config)# policy-map pol1
Router(config-pmap)# bandwidth per 70
Router(config-pmap-c)# random-detect
Router(config-pmap-c)# random-detect ecn


QOS-608
random-detect exponential-weighting-constant
To configure the Weighted Random Early Detection (WRED) and distributed WRED (DWRED)
exponential weight factor for the average queue size calculation for the queue, use the random-detect
exponential-weighting-constant command in interface configuration mode. To configure the
exponential weight factor for the average queue size calculation for the queue reserved for a class, use
the random-detect exponential-weighting-constant command in policy-map class configuration
mode. To return the value to the default, use the no form of this command.
random-detect exponential-weighting-constant exponent
no random-detect exponential-weighting-constant
Syntax Description exponent Exponent from 1 to 16 used in the average queue size calculation.
Command Default The default exponential weight factor is 9.
Command Modes Interface configuration when used on an interface

Policy-map class configuration when used to specify class policy in a policy map, or when used in the

12.0(5)T This command was made available as a QoS policy-map class configuration
command.
12.0(5)XE This command was integrated into Cisco IOS Release 12.0(5)XE and
implemented on Versatile Interface Processor (VIP) enabled Cisco 7500
series routers.
12.1(5)T This command was integrated into Cisco IOS Release 12.1(5)T and
implemented on VIP-enabled Cisco 7500 series routers.
congestion exists. DWRED is similar to WRED but uses the VIP instead of the Route Switch Processor
(RSP). WRED and DWRED are most useful with protocols like TCP that respond to dropped packets by
decreasing the transmission rate.

QOS-609
Use this command to change the exponent used in the average queue size calculation for the WRED and
DWRED services. You can also use this command to configure the exponential weight factor for the
average queue size calculation for the queue reserved for a class.
The DWRED feature is not supported for class policy.

The DWRED feature is supported only on Cisco 7000 series routers with an RSP7000 card and
interface. For more information on dCEF, refer to the Cisco IOS IP Switching Configuration Guide and
the Cisco IOS IP Switching Command Reference.
Examples The following example configures WRED on an interface with a weight factor of 10:
interface Hssi0/0/0
ip address 10.200.14.250 255.255.255.252
random-detect
The following example configures the policy map called policy1 to contain policy specification for the
class called class1. During times of congestion, WRED packet drop is used instead of tail drop. The
weight factor used for the average queue size calculation for the queue for class1 is 12.
! The following commands create the class map called class1:
class-map class1
match input-interface FE0/1
! The following commands define policy1 to contain policy specification for class1:
policy-map policy1
class class1
bandwidth 1000
random-detect
The following example configures policy for a traffic class named int10 to configure the exponential
weight factor as 12. This is the weight factor used for the average queue size calculation for the queue
for traffic class int10. WRED packet drop is used for congestion avoidance for traffic class int10, not tail
drop.
policy-map policy12
class int10
bandwidth 2000

QOS-610

precedence Configures precedence levels for a VC or PVC class that can be
assigned to a VC or PVC bundle and thus applied to all of the
members of that bundle.
precedence (WRED group) Configures a WRED group for a particular IP Precedence.
DSCP value.
Precedence.
interface or VC.

QOS-611
random-detect flow
random-detect flow
To enable flow-based Weighted Random Early Detection (WRED), use the random-detect flow
command in interface configuration mode. To disable flow-based WRED, use the no form of this
command.
random-detect flow
no random-detect flow
Command Default Flow-based WRED is disabled by default.

Usage Guidelines You must use this command to enable flow-based WRED before you can use the random-detect flow
average-depth-factor and random-detect flow count commands to further configure the parameters of
flow-based WRED.
Before you can enable flow-based WRED, you must enable and configure WRED. For complete
information, refer to the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples The following example enables flow-based WRED on serial interface 1:

interface Serial1
random-detect
random-detect flow

DSCP value.

QOS-612
random-detect flow
Command Description
random-detect flow Sets the multiplier to be used in determining the average depth
average-depth-factor factor for a flow when flow-based WRED is enabled.
random-detect flow count Sets the flow count for flow-based WRED.
Precedence.
interface or VC.

QOS-613
random-detect flow average-depth-factor

To set the multiplier to be used in determining the average depth factor for a flow when flow-based
Weighted Random Early Detection (WRED) is enabled, use the random-detect flow
average-depth-factor command in interface configuration mode. To remove the current flow average
depth factor value, use the no form of this command.
random-detect flow average-depth-factor scaling-factor
no random-detect flow average-depth-factor scaling-factor
Syntax Description scaling-factor The scaling factor can be a number from 1 to 16.
Command Default The default average depth factor is 4.

Usage Guidelines Use this command to specify the scaling factor that flow-based WRED should use in scaling the number
of buffers available per flow and in determining the number of packets allowed in the output queue for
each active flow. This scaling factor is common to all flows. The outcome of the scaled number of buffers
becomes the per-flow limit.
If this command is not used and flow-based WRED is enabled, the average depth scaling factor defaults
to 4.
A flow is considered nonadaptive—that is, it takes up too much of the resources—when the average flow
depth times the specified multiplier (scaling factor) is less than the depth for the flow, for example:
average-flow-depth * (scaling factor) < flow-depth
Before you use this command, you must use the random-detect flow command to enable flow-based
WRED for the interface. To configure flow-based WRED, you may also use the random-detect flow
count command.

QOS-614
Examples The following example enables flow-based WRED on serial interface 1 and sets the scaling factor for
the average flow depth to 8:
interface Serial1
random-detect
random-detect flow
random-detect flow average-depth-factor 8

DSCP value.
Precedence.
interface or VC.

QOS-615
random-detect flow count

To set the flow count for flow-based Weighted Random Early Detection (WRED), use the
random-detect flow count command in interface configuration mode. To remove the current flow count
random-detect flow count number
no random-detect flow count number
Syntax Description number Specifies a value from 16 to 215 (32768).
Command Default 256

Usage Guidelines Before you use this command, you must use the random-detect flow command to enable flow-based
WRED for the interface.
Examples The following example enables flow-based WRED on serial interface 1 and sets the flow threshold
constant to 16:
interface Serial1
random-detect
random-detect flow
random-detect flow count 16

DSCP value.

QOS-616
Command Description
Precedence.
interface or VC.

QOS-617
random-detect prec-based
Note Effective with Cisco IOS Release 12.4(20)T, the random-detect prec-based command is replaced by
the random-detect precedence-based command. See the random-detect precedence-based command
for more information.
To base weighted random early detection (WRED) on the precedence value of a packet, use the
random-detect prec-based command in policy-map class configuration mode. To disable this feature,
no random-detect prec-based
Command Default WRED is disabled by default.

12.4(20)T This command was replaced by the random-detect precedence-based
command within a policy map.
Usage Guidelines With the random-detect prec-based command, WRED is based on the IP precedence value of the
packet.
Use the random-detect prec-based command before configuring the random-detect precedence
command.
Beginning with Cisco IOS Release 12.4(20)T, use the random-detect precedence command when you
configure a policy map.

QOS-618
Examples The following example shows that random detect is based on the precedence value of a packet:
Router> enable
Router(config-pmap-c)# random-detect precedence-based
Router(config-pmap-c)# random-detect precedence 2 500 ms 1000 ms

random-detect Configures the WRED and DWRED parameters for a particular IP
precedence precedence; configures WRED parameters for a particular IP precedence
for a class policy in a policy map.

QOS-619
random-detect precedence
To configure Weighted Random Early Detection (WRED) and distributed WRED (DWRED) parameters
for a particular IP Precedence, use the random-detect precedence command in interface configuration
mode. To configure WRED parameters for a particular IP Precedence for a class policy in a policy map,
use the random-detect precedence command in policy-map class configuration mode. To return the
values to the default for the precedence, use the no form of this command.
random-detect precedence {precedence | rsvp} min-threshold max-threshold

max-probability-denominator
no random-detect precedence
Syntax Description precedence IP Precedence number. The value range is from 0 to 7. For Cisco 7000
series routers with an RSP7000 interface processor and Cisco 7500
series routers with a VIP2-40 interface processor (VIP2-50 interface
processor strongly recommended), the precedence value range is from
0 to 7 only; see Table 35 in the “Usage Guidelines” section.
rsvp Indicates Resource Reservation Protocol (RSVP) traffic.
the minimum threshold, WRED randomly drops some packets with
the specified IP Precedence.
argument is from the value of the min-threshold argument to 4096.
WRED drops all packets with the specified IP Precedence.
max-probability-denominator Denominator for the fraction of packets dropped when the average
queue depth is at the minimum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the
average queue is at the minimum threshold. The value range is from 1
to 65536. The default is 10; 1 out of every 10 packets is dropped at the
minimum threshold.
Command Default For all precedences, the max-probability-denominator default is 10, and the max-threshold is based on
the output buffering capacity and the transmission speed for the interface.
The default min-threshold depends on the precedence. The min-threshold for IP Precedence 0
corresponds to half of the max-threshold. The values for the remaining precedences fall between half the
max-threshold and the max-threshold at evenly spaced intervals. See Table 35 in the “Usage Guidelines”
section of this command for a list of the default minimum threshold values for each IP Precedence.
Command Modes Interface configuration when used on an interface (config-if)

Policy-map class configuration when used to specify class policy in a policy map (config-pmap-c)

QOS-620

Note This command replaces the random-detect prec-based command in
policy-map configuration.
of the Route Switch Processor (RSP).
When you configure the random-detect command on an interface, packets are given preferential
treatment based on the IP Precedence of the packet. Use the random-detect precedence command to
adjust the treatment for different precedences.
If you want WRED or DWRED to ignore the precedence when determining which packets to drop, enter
this command with the same parameters for each precedence. Remember to use reasonable values for
the minimum and maximum thresholds.
Note that if you use the random-detect precedence command to adjust the treatment for different
precedences within class policy, you must ensure that WRED is not configured for the interface to which
you attach that service policy.
Table 35 lists the default minimum threshold value for each IP Precedence.
Table 35 Default WRED and DWRED Minimum Threshold Values
Minimum Threshold Value

(Fraction of Maximum Threshold Value)
IP Precedence WRED DWRED
0 9/18 8/16
1 10/18 9/16
2 11/18 10/16
3 12/18 11/16
4 13/18 12/16
5 14/18 13/16
6 15/18 14/16
7 16/18 15/16
RSVP 17/18 —

QOS-621
The DWRED feature is supported only on Cisco 7000 series routers with an RSP7000 card
and Cisco 7500 series routers with a VIP2-40 or greater interface processor. A VIP2-50 interface
processor is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater
than DS3. A VIP2-50 interface processor is required for OC-3 rates.
interface. For more information on dCEF, refer to the Cisco IOS IP Switching Configuration Guide and
the Cisco IOS IP Switching Command Reference.
Note The DWRED feature is not supported in a class policy.
Examples The following example enables WRED on the interface and specifies parameters for the different IP
Precedences:
interface Hssi0/0/0
ip address 10.200.14.250 255.255.255.252
random-detect
random-detect precedence rsvp 230 256 100
The following example configures policy for a class called acl10 included in a policy map called
policy10. Class acl101 has these characteristics: a minimum of 2000 kbps of bandwidth are expected to
be delivered to this class in the event of congestion and a weight factor of 10 is used to calculate the
average queue size. For congestion avoidance, WRED packet drop is used, not tail drop. IP Precedence
is reset for levels 0 through 4.
policy-map policy10
class acl10
bandwidth 2000
random-detect

QOS-622

DSCP value.
interface or VC.

QOS-623
random-detect precedence (aggregate)

To configure aggregate Weighted Random Early Detection (WRED) parameters for specific IP
precedence value(s), use the random-detect precedence (aggregate) command in policy-map class
configuration mode. To disable configuration of aggregate WRED precedence values, use the no form
of this command.
random-detect precedence sub-class-val1 [sub-class-val2 sub-class-val3 sub-class-val4]

min-thresh max-thresh mark-prob
no random-detect precedence sub-class-val1 [sub-class-val2 sub-class-val3 sub-class-val4]
random-detect precedence sub-class-val1 [...[sub-class-val8]] minimum-thresh min-thresh

maximum-thresh max-thresh mark-probability mark-prob
no random-detect precedence sub-class-val1 [...[sub-class-val8]]
Syntax Description sub-class-val1 IP precedence value to which the following WRED profile parameter
sub-class-val2 specifications are to apply. Up to four subclasses (IP precedence values) can
sub-class-val3 be specified per command line interface (CLI) entry. The value range is from
sub-class-val4 0 to 7.
min-thresh Minimum threshold (in number of packets) for the subclass(es). Valid values
are from 1 to 12288.
max-thresh Specifies the maximum threshold (in number of packets) for the
subclass(es). Valid values are from the minimum threshold argument to
12288.
mark-prob Specifies the denominator for the fraction of packets dropped when the
average queue depth is at the maximum threshold for the subclass(es). Valid
sub-class-val1 IP precedence value(s) to which the following WRED profile parameter
[...[subclass-val8]] specifications are to apply. A maximum of 8 subclasses (IP precedence
values) can be specified per CLI entry. The value range is from 0 to 7.
minimum-thresh Specifies the minimum number of packets allowed in the queue. When the
min-thresh average queue length reaches the minimum threshold, WRED randomly
drops some packets with the specified IP precedence value. Valid minimum
threshold values are 1 to 16384.
maximum-thresh Specifies the maximum number of packets allowed in the queue. When the
max-thresh average queue length exceeds the maximum threshold, WRED drops all
packets with the specified IP precedence value. Valid maximum threshold
values are 1 to 16384.
mark-probability Specifies the denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the average
queue is at the maximum threshold. Valid values are 1 to 65535.

QOS-624
Command Default Cisco 10000 Series Router

For all precedence levels, the mark-prob default is 10 packets.

implemented on the Cisco 10000 series router for the PRE3.
standard random-detect commands are no longer supported on ATM interfaces
Use this command with a random-detect aggregate command within a policy map configuration.
Repeat this command for each set of IP precedence values that share WRED parameters.
After the policy map is defined, the policy map must be attached at the VC level.
The set of subclass (IP precedence) values defined on a random-detect precedence (aggregate) CLI will
be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be
aggregated.

Table 36 lists the default drop thresholds for WRED based on DSCP, IP precedence, and discard-class.
The drop probability indicates that the router drops one packet for every 10 packets.
Table 36 WRED Default Drop Thresholds
DSCP, Precedence, and Minimum Threshold Maximum Threshold

Discard-Class Values (times the queue size) (times the queue size) Drop Probability
All DSCPs 1/4 1/2 1/10
0 1/4 1/2 1/10
1 9/32 1/2 1/10
2 5/16 1/2 1/10
3 11/32 1/2 1/10
4 3/8 1/2 1/10
5 13/32 1/2 1/10
6 7/16 1/2 1/10
7 15/32 1/2 1/10

QOS-625
For the PRE2, the random-detect command specifies the default profile for the queue. For the PRE3,
the aggregate random-detect command is used instead to configure aggregate parameters for WRED.
The PRE3 accepts the PRE2 random-detect command as a hidden CLI.
On the PRE2, accounting for the default profile is per precedence. On the PRE3, accounting and
configuration for the default profile is per class map.
On the PRE2, the default threshold is per precedence for a DSCP or precedence value without an explicit
threshold configuration. On the PRE3, the default threshold is to have no WRED configured.
On the PRE2, the drop counter for each precedence belonging to the default profile only has a drop count
that matches the specific precedence value. Because the PRE2 has a default threshold for the default
profile, the CBQOSMIB displays default threshold values. On the PRE3, the drop counter for each
precedence belonging to the default profile has the aggregate counter of the default profile and not the
individual counter for a specific precedence. The default profile on the PRE3 does not display any
default threshold values in the CBQOSMIB if you do not configure any threshold values for the default
profile.
Examples Cisco 10000 Series Router

The following example shows how to enable IP precedence-based WRED on the Cisco 10000 series
router. In this example, the configuration of the class map named Class1 indicates to classify traffic
based on IP precedence 3, 4, and 5. Traffic that matches IP precedence 3, 4, or 5 is assigned to the class
named Class1 in the policy map named Policy1. WRED-based packet dropping is configured for Class1
and is based on IP precedence 3 with a minimum threshold of 500, maximum threshold of 1500, and a
mark-probability-denominator of 200. The QoS policy is applied to PVC 1/32 on the point-to-point ATM
subinterface 1/0/0.1.
Router(config)# class-map Class1
Router(config-cmap)# match ip precedence 3 4 5
Router(config)# policy-map Policy1
Router(config-pmap)# class Class1
Router(config-pmap-c)# random-detect prec-based
Router(config-pmap-c)# random-detect precedence 3 500 1500 200
Router(config-if)# atm pxf queuing
Router(config-if)# interface atm 1/0/0.1 point-to-point
Router(config-subif-atm-vc)# ubr 10000
Router(config-subif-atm-vc)# service-policy output policy1

interface Configures an interface type and enters interface configuration mode.
policy-map Creates a policy map that can be attached to one or more interfaces to
specify a service policy.

QOS-626
Command Description
random-detect aggregate Enables aggregate WRED and optionally specifies default WRED
parameter values for a default aggregate class. This default class will
be used for all subclasses that have not been explicitly configured.
interface or VC, to be used as the service policy for that interface or
VC.
policies on the specified interface or displays the classes for the service
policy for a specific PVC on the interface.

QOS-627
random-detect-group
random-detect-group
To define the Weighted Random Early Detection (WRED) or distributed WRED (DWRED) parameter
group, use the random-detect group command in global configuration mode. To delete the WRED or
DWRED parameter group, use the no form of this command.
random-detect-group group-name [dscp-based | prec-based]
no random-detect-group group-name [dscp-based | prec-based]
Syntax Description group-name Name for the WRED or DWRED parameter group.
dscp-based (Optional) Specifies that WRED is to use the differentiated services code
point (DSCP) value when it calculates the drop probability for a packet.
prec-based (Optional) Specifies that WRED is to use the IP Precedence value when it
calculates the drop probability for a packet.
Command Default No WRED or DWRED parameter group exists.

If you choose not to use either the dscp-based or the prec-based keywords, WRED uses the IP
Precedence value (the default method) to calculate drop probability for the packet.

12.1(5)T This command was integrated into Cisco IOS Release 12.1(5)T. Keywords
dscp-based and prec-based were added to support Differentiated Services
(DiffServ) and Assured Forwarding (AF) Per Hop Behavior (PHB).
there is congestion. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP). WRED and DWRED are most useful when the traffic uses protocols
such as TCP that respond to dropped packets by decreasing the transmission rate.
The router automatically determines parameters to use in the WRED calculations. If you want to change
these parameters for a group, use the exponential-weighting-constant or precedence command.
Two Methods for Calculating the Drop Probability of a Packet

This command includes two optional arguments, dscp-based and prec-based, that determine the method
WRED uses to calculate the drop probability of a packet.

QOS-628
random-detect-group
Note the following points when deciding which method to instruct WRED to use:
• With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type
of service (ToS) byte) to calculate the drop probability.
• With the prec-based keyword, WRED will use the IP Precedence value to calculate the drop
probability.
• The dscp-based and prec-based keywords are mutually exclusive.
• If neither argument is specified, WRED uses the IP Precedence value to calculate the drop
probability (the default method).
Examples The following example defines the WRED parameter group called sanjose:
The following example enables WRED to use the DSCP value 9. The minimum threshold for the DSCP
value 9 is 20 and the maximum threshold is 50. This configuration can be attached to other virtual
circuits (VCs) as required.
Router(config)# random-detect-group sanjose dscp-based
Router(cfg-red-grp)# dscp 9 20 50
Router(config-subif-vc)# random-detect attach sanjose

dscp Changes the minimum and maximum packet thresholds for the
DSCP value.

QOS-629
rate-limit
rate-limit
To configure committed access rate (CAR) and distributed committed access rate (DCAR) policies, use
the rate-limit command in interface configuration mode. To remove the rate limit from the
configuration, use the no form of this command.
rate-limit {input | output} {bps | access-group acl-index | [rate-limit] rate-limit-acl-index] |

dscp dscp-value | qos-group qos-group-number} burst-normal burst-max conform-action
conform-action exceed-action exceed-action
no rate-limit {input | output} {bps | access-group acl-index | [rate-limit] rate-limit-acl-index] |

dscp dscp-value | qos-group qos-group-number} burst-normal burst-max conform-action
conform-action exceed-action exceed-action
Syntax Description input Applies this CAR traffic policy to packets received on this input interface.
output Applies this CAR traffic policy to packets sent on this output interface.
bps Average rate, in bits per second (bps). The value must be in increments of
8 kbps. The value is a number from 8000 to 2000000000.
access-group (Optional) Applies this CAR traffic policy to the specified access list.
acl-index (Optional) Access list number. Values are numbers from 1 to 2699.
rate-limit (Optional) The access list is a rate-limit access list.
rate-limit-acl-index (Optional) Rate-limit access list number. Values are numbers from 0 to 99.
dscp (Optional) Allows the rate limit to be applied to any packet matching a
specified differentiated services code point (DSCP).
dscp-value (Optional) The DSCP number. Values are numbers from 0 to 63.
qos-group (Optional) Allows the rate limit to be applied to any packet matching a
specified qos-group number. Values are numbers from 0 to 99.
qos-group-number (Optional) The qos-group number. Values are numbers from 0 to 99.
burst-normal Normal burst size, in bytes. The minimum value is bps divided by 2000. The
value is a number from 1000 to 512000,000.
burst-max Excess burst size, in bytes. The value is a number from 2000 to 1024000000.

QOS-630
rate-limit
conform-action Action to take on packets that conform to the specified rate limit. Specify one
conform-action of the following keywords:
• continue—Evaluate the next rate-limit command.
• drop—Drop the packet.
• set-dscp-continue—Set the differentiated services codepoint (DSCP)
(0 to 63) and evaluate the next rate-limit command.
• set-dscp-transmit—Transmit the DSCP and transmit the packet.
• set-mpls-exp-imposition-continue—Set the Multiprotocol Label
Switching (MPLS) experimental bits (0 to 7) during imposition and
evaluate the next rate-limit command.
• set-mpls-exp-imposition-transmit—Set the MPLS experimental bits
(0 to 7) during imposition and transmit the packet.
• set-prec-continue—Set the IP precedence (0 to 7) and evaluate the next
rate-limit command.
• set-prec-transmit—Set the IP precedence (0 to 7) and transmit the
packet.
• set-qos-continue—Set the quality of service (QoS) group ID (1 to 99)
and evaluate the next rate-limit command.
• set-qos-transmit—Set the QoS group ID (1 to 99) and transmit the
packet.
• transmit—Transmit the packet.
exceed-action Action to take on packets that exceed the specified rate limit. Specify one of
exceed-action the following keywords:
• continue—Evaluate the next rate-limit command.
• drop—Drop the packet.
• set-dscp-continue—Set the DSCP (0 to 63) and evaluate the next
rate-limit command.
• set-dscp-transmit—Transmit the DSCP and transmit the packet.
• set-mpls-exp-imposition-continue—Set the MPLS experimental bits
(0 to 7) during imposition and evaluate the next rate-limit command.
• set-mpls-exp-imposition-transmit—Set the MPLS experimental bits
(0 to 7) during imposition and transmit the packet.
• set-prec-continue—Set the IP precedence (0 to 7) and evaluate the next
rate-limit command.
• set-prec-transmit—Set the IP precedence (0 to 7) and transmit the
packet.
• set-qos-continue—Set the QoS group ID (1 to 99) and evaluate the next
rate-limit command.
• set-qos-transmit—Set the QoS group ID (1 to 99) and transmit the
packet.
• transmit—Transmit the packet.

QOS-631
rate-limit
Command Default CAR and DCAR are disabled.

12.1(5)T The conform and exceed keywords for the MPLS experimental field
were added.
12.2(4)T This command was implemented on the Cisco MGX 8850 switch and
the MGX 8950 switch with a Cisco MGX RPM-PR card.
Usage Guidelines Use this command to configure your CAR policy on an interface. To specify multiple policies, enter this
command once for each policy.
CAR and DCAR can be configured on an interface or subinterface.
Policing Traffic with CAR

CAR embodies a rate-limiting feature for policing traffic. When policing traffic with CAR, Cisco
recommends the following values for the normal and extended burst parameters:
normal burst (in bytes) = configured rate (in bits per second) * (1 byte)/(8 bits) * 1.5 seconds
17.000.000 * (1 byte)/(8 bits) * 1.5 seconds = 3.187.500 bytes
extended burst = 2 * normal burst
2 * 3.187.500 = 6.375.000 bytes
With the listed choices for parameters, extensive test results have shown CAR to achieve the configured
rate. If the burst values are too low, then the achieved rate is often much lower than the configured rate.
For more information about using CAR to police traffic, see the “Policing with CAR” section of the
“Policing and Shaping Overview” in the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples In the following example, the recommended burst parameters for CAR are used:
Router(config-if)# rate-limit input access-group 1 17000000 3187500 6375000 conform-action
transmit exceed-action drop
In the following example, the rate is limited by the application in question:

QOS-632
rate-limit
• All World Wide Web traffic is transmitted. However, the MPLS experimental field for web traffic
that conforms to the first rate policy is set to 5. For nonconforming traffic, the IP precedence is set
to 0 (best effort). See the following commands in the example:
rate-limit input rate-limit access-group 101 20000000 24000 32000 conform-action
set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
access-list 101 permit tcp any any eq www
• FTP traffic is transmitted with an MPLS experimental field value of 5 if it conforms to the second
rate policy. If the FTP traffic exceeds the rate policy, it is dropped. See the following commands in
the example:
rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop
access-list 102 permit tcp any any eq ftp
• Any remaining traffic is limited to 8 Mbps, with a normal burst size of 1,500,000 bytes and an excess
burst size of 3,000,000 bytes. Traffic that conforms is sent with an MPLS experimental field of 5.
Traffic that does not conform is dropped. See the following command in the example:
rate-limit input 8000000 1500000 3000000 conform-action set-mpls-exp-transmit 5
exceed-action drop
Notice that two access lists are created to classify the web and FTP traffic so that they can be handled
separately by the CAR feature.
Router(config)# interface Hssi0/0/0
Router(config-if)# description 45Mbps to R2
Router(config-if)# rate-limit input rate-limit access-group 101 20000000 3750000 7500000
conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
Router(config-if)# rate-limit input access-group 102 10000000 1875000 3750000
conform-action set-mpls-exp-transmit 5 exceed-action drop
Router(config-if)# rate-limit input 8000000 1500000 3000000 conform-action
set-mpls-exp-transmit 5 exceed-action drop
!
Router(config-if)# access-list 101 permit tcp any any eq www
Router(config-if)# access-list 102 permit tcp any any eq ftp
In the following example, the MPLS experimental field is set, and the packet is transmitted:
Router(config)# interface FastEthernet1/1/0
Router(config-if)# rate-limit input 8000 1500 3000 access-group conform-action
set mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 5
In the following example, any packet with a DSCP of 1 can apply the rate limit:
Router(config-if)# rate-limit output dscp 1 8000 1500 3000 conform-action transmit
exceed-action drop

access-list rate-limit Configures an access list for use with CAR policies.
show access-lists rate-limit Displays information about rate-limit access lists.
show interfaces rate-limit Displays information about CAR for a specified interface.

QOS-633
rcv-queue bandwidth
rcv-queue bandwidth
To define the bandwidths for ingress (receive) WRR queues through scheduling weights in interface
configuration command mode, use the rcv-queue bandwidth command. To return to the default
settings, use the no form of this command.
rcv-queue bandwidth weight-1 ... weight-n
no rcv-queue bandwidth
Syntax Description weight-1 ... weight-n WRR weights; valid values are from 0 to 255.

• QoS enabled—4:255
• QoS disabled—255:1

12.2(17a)SX This command was introduced on the Supervisor Engine 720.
Engine 2.
This command is supported on 2q8t and 8q8t ports only.
You can configure up to seven queue weights.
Examples This example shows how to allocate a three-to-one bandwidth ratio:

Router(config-if)# rcv-queue bandwidth 3 1
Router(config-if)#

rcv-queue queue-limit Sets the size ratio between the strict-priority and standard receive queues.
interface

QOS-634
rcv-queue cos-map
rcv-queue cos-map
To map the class of service (CoS) values to the standard receive-queue drop thresholds, use the
rcv-queue cos-map command in interface configuration mode. To remove the mapping, use the no form
of this command.
rcv-queue cos-map queue-id threshold-id cos-1 ... cos-n
no rcv-queue cos-map queue-id threshold-id
Syntax Description queue-id Queue ID; the valid value is 1.

threshold-id Threshold ID; valid values are from 1 to 4.
cos-1 ... cos-n CoS values; valid values are from 0 to 7.
Command Default The defaults are listed in Table 37.
Table 37 CoS-to-Standard Receive Queue Map Defaults
queue threshold cos-map queue threshold cos-map

With QoS Disabled With QoS Enabled
1 1 0,1, 2,3,4,5,6,7 1 1 0,1
1 2 1 2 2,3
1 3 1 3 4
1 4 1 4 6,7
2 1 5 2 1 5

Usage Guidelines The cos-n value is defined by the module and port type. When you enter the cos-n value, note that the
higher values indicate higher priorities.
Use this command on trusted ports only.

QOS-635
rcv-queue cos-map
Examples This example shows how to map the CoS values 0 and 1 to threshold 1 in the standard receive queue:
Router (config-if)# rcv-queue cos-map 1 1 0 1
cos-map configured on: Gi1/1 Gi1/2

interface

QOS-636
rcv-queue queue-limit
To set the size ratio between the strict-priority and standard receive queues, use the rcv-queue
queue-limit command in interface configuration mode. To return to the default settings, use the no form
of this command.
rcv-queue queue-limit q-limit-1 q-limit-2
no rcv-queue queue-limit
Syntax Description q-limit-1 Standard queue weight; valid values are from 1 and 100 percent.
q-limit-2 Strict-priority queue weight; see the “Usage Guidelines” section for valid
values.

• 80 percent is for low priority.
• 20 percent is for strict priority.

Usage Guidelines Valid strict-priority weight values are from 1 to 100 percent, except on 1p1q8t ingress LAN ports, where
valid values for the strict-priority queue are from 3 to 100 percent.
The rcv-queue queue-limit command configures ports on a per-ASIC basis.
Estimate the mix of strict-priority-to-standard traffic on your network (for example, 80-percent standard
traffic and 20-percent strict-priority traffic) and use the estimated percentages as queue weights.
Examples This example shows how to set the receive-queue size ratio for Gigabit Ethernet interface 1/2:
Router(config-if)# rcv-queue queue-limit 75 15

QOS-637

show queueuing Displays queueing information.
interface

QOS-638
rcv-queue random-detect
To specify the minimum and maximum threshold for the specified receive queues, use the rcv-queue
random-detect command in interface configuration mode. To return to the default settings, use the no
rcv-queue random-detect {max-threshold | min-threshold} queue-id threshold-percent-1 ...

threshold-percent-n
no rcv-queue random-detect {max-threshold | min-threshold} queue-id
Syntax Description max-threshold Specifies the maximum threshold.

min-threshold Specifies the minimum threshold.
queue-id Queue ID; the valid value is 1.
threshold-percent-1 Threshold weights; valid values are from 1 to 100 percent.
threshold-percent-n

• min-threshold—80 percent
• max-threshold—20 percent

Usage Guidelines This command is supported on 1p1q8t and 8q8t ports only.
The 1p1q8t interface indicates one strict queue and one standard queue with eight thresholds. The 8q8t
interface indicates eight standard queues with eight thresholds. The threshold in the strict-priority queue
is not configurable.
Each threshold has a low- and a high-threshold value. The threshold values are a percentage of the
receive-queue capacity.
For additional information on configuring receive-queue thresholds, refer to the QoS chapter in the
Cisco 7600 Series Router Cisco IOS Software Configuration Guide.

QOS-639
Examples This example shows how to configure the low-priority receive-queue thresholds:
Router (config-if)# rcv-queue random-detect max-threshold 1 60 100

interface

QOS-640
rcv-queue threshold
rcv-queue threshold
To configure the drop-threshold percentages for the standard receive queues on 1p1q4t and 1p1q0t
interfaces, use the rcv-queue threshold command in interface configuration mode. To return the
thresholds to the default settings, use the no form of this command.
rcv-queue threshold queue-id threshold-percent-1 ... threshold-percent-n
no rcv-queue threshold
Syntax Description queue-id Queue ID; the valid value is 1.

threshold- percent-1 ... Threshold ID; valid values are from 1 to 100 percent.
threshold- percent-n
Command Default The defaults for the 1p1q4t and 1p1q0t configurations are as follows:
• Quality of service (QoS) assigns all traffic with class of service (CoS) 5 to the strict-priority queue.
• QoS assigns all other traffic to the standard queue.
The default for the 1q4t configuration is that QoS assigns all traffic to the standard queue.
If you enable QoS, the following default thresholds apply:
• 1p1q4t interfaces have this default drop-threshold configuration:
– Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue.
– Using standard receive-queue drop threshold 1, the Cisco 7600 series router drops incoming
frames with CoS 0 or 1 when the receive-queue buffer is 50 percent or more full.
frames with CoS 2 or 3 when the receive-queue buffer is 60 percent or more full.
frames with CoS 4 when the receive-queue buffer is 80 percent or more full.
frames with CoS 6 or 7 when the receive-queue buffer is 100 percent full.
– Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the Cisco 7600 series
router drops incoming frames only when the strict-priority receive-queue buffer is 100 percent
full.
• 1p1q0t interfaces have this default drop-threshold configuration:
– Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue. The Cisco 7600 series
router drops incoming frames when the receive-queue buffer is 100 percent full.
– Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the Cisco 7600 series
router drops incoming frames only when the strict-priority receive-queue buffer is 100 percent
full.
Note The 100-percent threshold may be actually changed by the module to 98 percent to allow Bridge Protocol
Data Unite (BPDU) traffic to proceed. The BPDU threshold is factory set at 100 percent.

QOS-641
rcv-queue threshold

Usage Guidelines The queue-id value is always 1.

A value of 10 indicates a threshold when the buffer is 10 percent full.
Always set threshold 4 to 100 percent.
Receive thresholds take effect only on ports whose trust state is trust cos.
Configure the 1q4t receive-queue tail-drop threshold percentages with the wrr-queue threshold
command.
Examples This example shows how to configure the receive-queue drop thresholds for Gigabit Ethernet
interface 1/1:
Router(config-if)# rcv-queue threshold 1 60 75 85 100

interface
wrr-queue threshold Configures the drop-threshold percentages for the standard receive and
transmit queues on 1q4t and 2q2t interfaces.

QOS-642
recoverable-loss
recoverable-loss
To enable Enhanced Compressed Real-Time Transport Protocol (ECRTP), use the recoverable-loss
command in IPHC-profile configuration mode. To disable ECRTP, use the no form of this command.
recoverable-loss {dynamic | packet-drops}
no recoverable-loss {dynamic | packet-drops}
Syntax Description dynamic Indicates that the dynamic recoverable loss calculation is used.
packet-drops Maximum number of consecutive packet drops. Range is from 1 to 8.
Command Default ECRTP is disabled.

12.4(11)T Support was added for Frame Relay encapsulation.
Usage Guidelines The recoverable-loss command is part of the ECRTP feature.
ECRPT Functionality
ECRTP reduces corruption by managing the way the compressor updates the context information at the
decompressor. The compressor sends updated context information periodically to keep the compressor
and decompressor synchronized. By repeating the updates, the probability of context corruption because
of packet loss is minimized.
The synchronization of context information between the compressor and the decompressor can be
performed dynamically (by specifying the dynamic keyword) or whenever a specific number of packets
are dropped (by using the packet-drops argument).
The number of packet drops represents the quality of the link between the hosts. The lower the number
of packet drops, the higher the quality of the link between the hosts.
The packet drops value is maintained independently for each context and does not have to be the same
for all contexts.
Note If you specify the number of packet drops with the packet-drops argument, the recoverable-loss
command automatically enables ECRTP.

QOS-643
recoverable-loss

The recoverable-loss command is intended for use as part of an IP Header Compression (IPHC) profile.
An IPHC profile is used to enable and configure header compression on a network. For more information
Examples The following example shows how to configure an IPHC profile called profile2. In this example, ECRTP
is enabled with a maximum number of five consecutive packet drops.
Router> enable
Router(config-iphcp)# recoverable-loss 5


QOS-644
refresh max-period
refresh max-period
To set the number of packets sent between full-header refresh occurrences, use the refresh max-period
command in IPHC-profile configuration mode. To use the default number of packets, use the no form of
this command.
refresh max-period {number-of-packets | infinite}
no refresh max-period
Syntax Description number-of-packets Number of packets sent between full-header refresh occurrences. Range is
from 0 to 65535. Default is 256.
infinite Indicates no limitation on the number of packets sent between full-header
refresh occurrences.
Command Default The number of packets sent between full-header refresh occurrences is 256.

Usage Guidelines Use the refresh max-period command to set the number of non-TCP packets sent between full-header
refresh occurrences. The refresh max-period command also allows you to specify no limitation on the
number of packets sent between full-header refresh occurrences. To specify no limitation on the number
of packets sent, use the infinite keyword.
Prerequisite
Before you use the refresh max-period command, you must enable non-TCP header compression by
using the non-tcp command.

The refresh max-period command is intended for use as part of an IPHC profile. An IPHC profile is
used to enable and configure header compression on your network. For more information about using
IPHC profiles to configure header compression, see the “Header Compression” module and the
“Configuring Header Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service

QOS-645
refresh max-period
Examples The following is an example of an IPHC profile called profile2. In this example, the number of packets
sent before a full-header refresh occurrence is 700 packets.
Router> enable
Router(config-iphcp)# refresh max-period 700


QOS-646
refresh max-time
refresh max-time
To set the amount of time to wait before a full-header refresh occurrence, use the refresh max-time
command in IPHC-profile configuration mode. To use the default time, use the no form of this command.
refresh max-time {seconds | infinite}
no refresh max-time
Syntax Description seconds Length of time, in seconds, to wait before a full-header refresh occurrence.
Range is from 0 to 65535. Default is 5.
infinite Indicates no limitation on the time between full-header refreshes.
Command Default The amount of time to wait before a full-header refresh occurrence is set to 5 seconds.

Usage Guidelines Use the refresh max-time command to set the maximum amount of time to wait before a full-header
refresh occurs. The refresh max-time command also allows you to indicate no limitation on the time
between full-header refresh occurrences. To specify no limitation on the time between full-header
refresh occurrences, use the infinite keyword.
Prerequisite
Before you use the refresh max-time command, you must enable non-TCP header compression by using
the non-tcp command.

The refresh max-time command is intended for use as part of an IPHC profile. An IPHC profile is used

QOS-647
refresh max-time
Examples The following is an example of an IPHC profile called profile2. In this example, the maximum amount
of time to wait before a full-header refresh occurs is 500 seconds.
Router> enable
Router(config-iphcp)# refresh max-time 500


QOS-648
refresh rtp
refresh rtp
To enable a context refresh occurrence for Real-Time Transport Protocol (RTP) header compression, use
the refresh rtp command in IPHC-profile configuration mode. To disable a context refresh occurrence
for RTP header compression, use the no form of this command.
refresh rtp
no refresh rtp
Command Default Context refresh occurrences for RTP header compression are disabled.

Usage Guidelines Use the refresh rtp command to enable a context refresh occurrence for RTP header compression. A
context is the state that the compressor uses to compress a header and that the decompressor uses to
decompress a header. The context is the uncompressed version of the last header sent and includes
information used to compress and decompress the packet.
Prerequisite
Before you use the refresh rtp command, you must enable RTP header compression by using the rtp
command.

The refresh rtp command is intended for use as part of an IP header compression (IPHC) profile. An
IPHC profile is used to enable and configure header compression on your network. For more information
Examples The following is an example of an IPHC profile called profile2. In this example, the refresh rtp
command is used to enable a context refresh occurrence for RTP header compression.
Router> enable
Router(config-iphcp)# rtp
Router(config-iphcp)# refresh rtp

QOS-649
refresh rtp

rtp Enables RTP header compression within an IPHC profile.

QOS-650
rtp
rtp
To enable Real-Time Transport Protocol (RTP) header compression within an IP Header Compression
(IPHC) profile, use the rtp command in IPHC-profile configuration mode. To disable RTP header
compression within an IPHC profile, use the no form of this command.
rtp
no rtp
Command Default RTP header compression is enabled.

Usage Guidelines The rtp command enables RTP header compression and automatically enables non-TCP header
compression (the equivalent of using the non-tcp command).

The rtp command is intended for use as part of an IP Header Compression (IPHC) profile. An IPHC
profile is used to enable and configure header compression on a network. For more information about
using IPHC profiles to configure header compression, see the “Header Compression” module and the
“Configuring Header Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service
Examples The following example shows how to configure an IPHC profile called profile2. In this example, RTP
header compression is configured.
Router> enable
Router(config-iphcp)# rtp


QOS-651
send qdm message
send qdm message

To send a text message to all Quality Device Manager (QDM) clients, use the send qdm message
command in EXEC mode.
send qdm [client client-id] message message-text
Syntax Description client (Optional) Specifies a QDM client to receive the message.
client-id (Optional) Specifies the QDM identification of the client that will receive
the text message.
message Specifies that a message will be sent.
message-text The actual text of the message.
Command Default No text messages are sent.
Command Modes EXEC

Usage Guidelines Use the send qdm command to send a message to a specific QDM client. For example, entering the send
qdm client 9 message hello command will send the message “hello” to client ID 9.
Use the send qdm message message-text command to send a message to all QDM clients. For example,
entering the send qdm message hello command sends the message “hello” to all open QDM clients.
Examples The following example sends the text message “how are you?” to client ID 12:
send qdm client 12 message how are you?
The following example sends the text message “how is everybody?” to all QDM clients connected to the
router:
send qdm message how is everybody?

QOS-652
send qdm message

show qdm status Displays the status of connected QDM clients.

QOS-653
service-policy
service-policy
To attach a policy map to an input interface, a virtual circuit (VC), an output interface, or to a VC that
will be used as the service policy for the interface or VC, use the service-policy command in the
appropriate configuration mode. To remove a service policy from an input or output interface or from an
input or output VC, use the no form of this command.
service-policy [type access-control] {input | output} policy-map-name
no service-policy [type access-control] {input | output} policy-map-name
service-policy {input | output} policy-map-name
no service-policy {input | output} policy-map-name
service-policy [history | {input | output} policy-map-name | type control control-policy-name]
no service-policy [history | {input | output} policy-map-name | type control control-policy-name]
Syntax Description type access-control Determines the exact pattern to look for in the protocol stack of interest.
input Attaches the specified policy map to the input interface or input VC.
output Attaches the specified policy map to the output interface or output VC.
policy-map-name The name of a service policy map (created using the policy-map command)
to be attached. The name can be a maximum of 40 alphanumeric characters.
history Maintains a history of QoS metrics.
type control Creates a Class–Based Policy Language (CPL) control policy map that is
control-policy-name applied to a context.
Command Default No service policy is specified.

A control policy is not applied to a context.
No policy map is attached.

VC submode (for a standalone VC)
Bundle-VC configuration (for ATM VC bundle members)
PVC range subinterface configuration (for a range of ATM PVCs)
PVC-in-range configuration (for an individual PVC within a PVC range)
Map-class configuration (for Frame Relay VCs)

QOS-654
service-policy

12.0(17)SL This command was implemented on the Cisco 10000 series routers.
12.1(2)T This command was modified to enable low latency queueing (LLQ) on
Frame Relay VCs.
12.2(14)SX Support for this command was implemented on Cisco 7600 series routers.
This command was changed to support output policy maps.
12.2(15)BX This command was implemented on the ESR–PRE2.
12.4(2)T This command was made available in the PVC range subinterface
configuration mode and in the PVC-in-range configuration mode to extend
policy map functionality on an ATM VC to the ATM VC range.
12.4(4)T The type stack and the type access-control keywords were added to support
flexible packet matching (FPM).
12.3(7)XI2 This command was modified to support PVC range configuration mode and
PVC-in-range configuration mode for ATM VCs on the Cisco 10000 series
router and the Cisco 7200 series router.
12.2(18)ZY The type stack and the type access-control keywords were integrated into
Cisco IOS Release 12.2(18)ZY on the Catalyst 6500 series of switches
equipped with the Programmable Intelligent Services Accelerator (PISA).
Usage Guidelines You can attach a single policy map to one or more interfaces or to one or more VCs to specify the service
policy for those interfaces or VCs.
Currently a service policy specifies class-based weighted fair queueing (CBWFQ). The class policies
that comprise the policy map are then applied to packets that satisfy the class map match criteria for the
class.
To successfully attach a policy map to an interface or ATM VC, the aggregate of the configured
minimum bandwidths of the classes that make up the policy map must be less than or equal to 75 percent
of the interface bandwidth or the bandwidth allocated to the VC.
To enable Low Latency Queuing (LLQ) for Frame Relay (priority queueing [PQ]/CBWFQ), you must
first enable Frame Relay Traffic Shaping (FRTS) on the interface using the frame-relay traffic-shaping
command in interface configuration mode. You then attach an output service policy to the Frame Relay
VC using the service-policy command in map-class configuration mode.

QOS-655
service-policy
For a policy map to be successfully attached to an interface or ATM VC, the aggregate of the configured
minimum bandwidths of the classes that make up the policy map must be less than or equal to 75 percent
of the interface bandwidth or the bandwidth allocated to the VC. For a Frame Relay VC, the total amount
of bandwidth allocated must not exceed the minimum committed information rate (CIR) configured for
the VC less any bandwidth reserved by the frame-relay voice bandwidth or frame-relay ip rtp
priority map-class commands. If not configured, the minimum CIR defaults to half of the CIR.
Configuring CBWFQ on a physical interface is only possible if the interface is in the default queueing
mode. Serial interfaces at E1 (2.048 Mbps) and below use WFQ by default. Other interfaces use FIFO
by default. Enabling CBWFQ on a physical interface overrides the default interface queueing method.
Enabling CBWFQ on an ATM permanent virtual circuit (PVC) does not override the default queueing
method.
When you attach a service policy with CBWFQ enabled to an interface, commands related to fancy
queueing such as those pertaining to fair queueing, custom queueing, priority queueing, and Weighted
Random Early Detection (WRED) are available using the modular quality of service command line
interface (MQC). However, you cannot configure these features directly on the interface until you
remove the policy map from the interface.
You can modify a policy map attached to an interface or VC, changing the bandwidth of any of the
classes that comprise the map. Bandwidth changes that you make to an attached policy map are effective
only if the aggregate of the bandwidth amounts for all classes comprising the policy map, including the
modified class bandwidth, is less than or equal to 75 percent of the interface bandwidth or the VC
bandwidth. If the new aggregate bandwidth amount exceeds 75 percent of the interface bandwidth or VC
bandwidth, the policy map is not modified.
After you apply the service-policy command to set a class of service (CoS) bit to an Ethernet interface,
the policy is set in motion as long as there is a subinterface that is performing 8021.Q or Inter-Switch
Link (ISL) trunking. Upon reload, however, the service policy is removed from the configuration due to
the following error message:
Process ‘set’ action associated with class-map voip failed: Set cos supported only with
IEEE 802.1Q/ISL interfaces.
Cisco 10000 Series Router Usage Guidelines

The Cisco 10000 series router does not support applying class-based weighted fair queuing (CBWFQ)
policies to unspecified bit rate (UBR) VCs.
To successfully attach a policy map to an interface or a VC, the aggregate of the configured minimum
bandwidths of the classes comprising the policy map must be less than or equal to 99 percent of the
interface bandwidth or the bandwidth allocated to the VC. If you attempt to attach a policy map to an
interface when the sum of the bandwidth assigned to classes is greater than 99 percent of the available
bandwidth, the router logs a warning message and does not allocate the requested bandwidth to all of the
classes. If the policy map is already attached to other interfaces, it is removed from them.
The total bandwidth is the speed (rate) of the ATM layer of the physical interface. The router converts
the minimum bandwidth that you specify to the nearest multiple of 1/255 (ESR-PRE1) or 1/65535
(ESR-PRE2) of the interface speed. When you request a value that is not a multiple of 1/255 or 1/65535,
the router chooses the nearest multiple.
The bandwidth percentage is based on the interface bandwidth. In a hierarchical policy, the bandwidth
percentage is based on the nearest parent shape rate.
By default, a minimum bandwidth guaranteed queue has buffers for up to 50 milliseconds of 256-byte
packets at line rate, but not less than 32 packets.

QOS-656
service-policy
For Cisco IOS Release 12.0(22)S and later releases, to enable LLQ for Frame Relay (priority queueing
(PQ)/CBWFQ) on the Cisco 10000 series router, first create a policy map and then assign priority to a
defined traffic class using the priority command. For example, the following sample configuration
shows how to configure a priority queue with a guaranteed bandwidth of 8000 kbps. In the example, the
Business class in the policy map named Gold is configured as the priority queue. The Gold policy also
includes the Non-Business class with a minimum bandwidth guarantee of 48 kbps. The Gold policy is
attached to serial interface 2/0/0 in the outbound direction.
class-map Business
match ip precedence 3
policy-map Gold
class Business
priority
police 8000
class Non-Business
bandwidth 48
interface serial 2/0/0
frame-relay encapsulation
service-policy output Gold
On the PRE2, you can use the service-policy command to attach a QoS policy to an ATM subinterface
or to a PVC. However, on the PRE3, you can attach a QoS policy only to a PVC.

The output keyword is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Do not attach a service policy to a port that is a member of an EtherChannel.
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs
and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on
these OSMs. OSMs are not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 32.
PFC QoS supports the optional output keyword only on VLAN interfaces. You can attach both an input
policy map and an output-policy map to a VLAN interface.
Cisco 10000 Series Routers Control Policy Maps

A control policy map must be activated by applying it to a context. A control policy map can be applied
to one or more of the following types of contexts:
1. Global
2. Interface
3. Subinterface
4. Virtual template
5. VC class
6. PVC
In general, control policy maps that are applied to more specific contexts take precedence over policy
maps applied to more general contexts. In the list, the context types are numbered in order of precedence.
For example, a control policy map that is applied to a permanent virtual circuit (PVC) takes precedence
over a control policy map that is applied to an interface.
Control policies apply to all sessions hosted on the context. Only one control policy map can be applied
to a given context.

QOS-657
service-policy
Examples The following example shows how to attach a policy map to a Fast Ethernet interface:
Router(config-if)# service-policy input pmap1
The following example shows how to attach the service policy map called policy9 to data-link
connection identifier (DLCI) 100 on output serial interface 1 and enables LLQ for Frame Relay:
Router(config)# interface Serial1/0.1 point-to-point
Router(config-if)# class fragment
!
Router(config-if)# map-class frame-relay fragment
The following example shows how to attach the service policy map called policy9 to input serial
interface 1:
Router(config)# interface Serial1
The following example attaches the service policy map called policy9 to the input PVC called cisco:
Router(config)# pvc cisco 0/34
Router(config)# service-policy input policy9
Router(config)# vbr-nt 5000 3000 500
Router(config)# precedence 4-7
The following example shows how to attach the policy called policy9 to output serial interface 1 to
specify the service policy for the interface and enable CBWFQ on it:
Router(config)# interface serial1
The following example attaches the service policy map called policy9 to the output PVC called cisco:
Router(config)# pvc cisco 0/5
Router(config)# service-policy output policy9
Router(config)# vbr-nt 4000 2000 500
Router(config)# precedence 2-3
Cisco 10000 Series Router Examples

The following example shows how to attach the service policy named user_policy to data link connection
identifier (DLCI) 100 on serial subinterface 1/0/0.1 for outbound packets.
interface serial 1/0/0.1 point-to-point
service-policy output user_policy
Note You must be running Cisco IOS Release 12.0(22)S or later releases to attach a policy to a DLCI in this
way. If you are running a release prior to Cisco IOS Release 12.0(22)S, attach the service policy as
described in the previous configuration examples using the Frame Relay legacy commands.
The following example shows how to attach a QoS service policy named bronze to PVC 0/101 on the
ATM subinterface 3/0/0.1 for inbound traffic.
interface atm 3/0/0
atm pxf queuing
interface atm 3/0/0.1
pvc 0/101
service-policy input bronze

QOS-658
service-policy
The following example shows how to attach a service policy named myQoS to the physical Gigabit
Ethernet interface 1/0/0 for inbound traffic. VLAN 4, configured on the GigabitEthernet
subinterface 1/0/0.3, inherits the service policy of the physical Gigabit Ethernet interface 1/0/0.
interface GigabitEthernet 1/0/0
service-policy input myQoS
interface GigabitEthernet 1/0/0.3
encapsulation dot1q 4
The following example shows how to attach the service policy map called voice to ATM VC 2/0/0 within
a PVC range of a total of 3 PVCs and enable PVC range configuration mode where a point-to-point
subinterface is created for each PVC in the range. Each PVC created as part of the range has the voice
service policy attached to it.
configure terminal
interface atm 2/0/0
range pvc 1/50 1/52
service-policy input voice
The following example shows how to attach the service policy map called voice to ATM VC 2/0/0 within
a PVC range, where every VC created as part of the range has the voice service policy attached to it. The
exception is PVC 1/51, which is configured as an individual PVC within the range and has a different
service policy called data attached to it in PVC-in-range configuration mode.
configure terminal
interface atm 2/0/0
range pvc 1/50 1/52
service-policy input voice
pvc-in-range 1/51
service-policy input data

class-map Accesses the QoS class map configuration mode to configure QoS class
maps.
frame-relay ip rtp priority Reserves a strict priority queue on a Frame Relay PVC for a set of RTP
packet flows belonging to a range of UDP destination ports,
frame-relay Enables both traffic shaping and per-virtual-circuit queueing for all
traffic-shaping PVCs and SVCs on a Frame Relay interface.
frame-relay voice Specifies the amount of bandwidth to be reserved for voice traffic on a
bandwidth specific DLCI.
policies on the specified interface or displays the classes for the service

QOS-659
service-policy (class-map)
To attach a policy map to a class, use the service-policy command in class-map configuration mode. To
remove a service policy from a class, use the no form of this command.
service-policy policy-map
no service-policy
Syntax Description policy-map The name of a service policy map (created using the policy-map command)
to be attached. The name can be a maximum of 40 alphanumeric characters.

Usage Guidelines You can attach a single policy map to one or more classes to specify the service policy for those classes.
This command is only available for the output interface, which is assumed.
Examples In the following example, three policy maps are defined—cust1-classes, cust2-classes, and cust-policy.
The policy maps cust1-classes and cust2-classes have three classes defined—gold, silver, and bronze.
For cust1-classes, gold is configured to use 50 percent of the bandwidth. Silver is configured to use
20 percent of the bandwidth, and bronze is configured to use 15 percent of the bandwidth.
For cust2-classes, gold is configured to use 30 percent of the bandwidth. Silver is configured to use
15 percent of the bandwidth, and bronze is configured to use 10 percent of the bandwidth.
The policy map cust-policy specifies average rate shaping of 384 kbps and assigns the service policy
called cust1-classes to the policy map called cust1-classes. The policy map called cust-policy specifies
peak rate shaping of 512 kbps and assigns the service policy called cust2-classes to the policy map called
cust2-classes.
To configure classes for cust1-classes, use the following commands:
Router(config)# policy-map cust1-classes
Router(config-pmap)# class gold

QOS-660
Router(config-pmap)# class silver

Router(config-pmap)# class bronze
To configure classes for cust2, use the following commands:

Router(config)# policy-map cust2-classes
Router(config-pmap)# class gold
Router(config-pmap)# class silver
Router(config-pmap)# class bronze
To define the customer policy with cust1-classes and cust2-classes and QoS features, use the following
commands:
Router(config)# policy-map cust-policy
Router(config-pmap)# class cust1
Router(config-pmap-c)# shape average 38400
Router(config-pmap-c)# service-policy cust1-classes
Router(config-pmap)# class cust2
Router(config-pmap-c)# shape peak 51200
Router(config-pmap-c)# service-policy cust2-classes
Router(config-pmap-c)# interface Serial 3/2
Router(config-if)# service out cust-policy


QOS-661
service-policy (control-plane)
To attach a policy map to a control plane for aggregate or distributed control plane services, use the
service-policy command in control-plane configuration mode. To remove a service policy from a control
plane, use the no form of this command.
service-policy {input | output} policy-map-name
no service-policy {input | output} policy-map-name
Syntax Description input Applies the specified service policy to packets that are entering the control
plane.
output Applies the specified service policy to packets that are exiting the control
plane, and enables the router to silently discard packets.
policy-map-name Name of a service policy map (created using the policy-map command) to
be attached. The name can be a maximum of 40 alphanumeric characters.
Command Modes Control-plane configuration

12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T, and support
for the output keyword was added.
12.2(25)S Support for the output keyword was integrated into Cisco IOS
Release 12.2(25)S.
Usage Guidelines After entering the control-plane command, use the service-policy command to configure a quality of
service (QoS) policy. This policy is attached to the control plane interface for aggregate or distributed
control plane services, and controls the number or rate of packets that are going to the process level.

QOS-662
When you configure output policing on control-plane traffic, using the service-policy output
policy-map-name command, a router is automatically enabled to silently discard packets. Output
policing is supported as follows:
• Supported only in:
– Cisco IOS Release 12.2(25)S and later Cisco IOS 12.2S releases.
– Cisco IOS Release 12.3(4)T and later Cisco IOS 12.3T releases.
– Cisco IOS Release 12.2(18)SXD1 and later Cisco IOS 12.2SX releases.
• Not supported for attaching a QoS policy for distributed control-plane services.
• Not supported on the Cisco 6500 router, Cisco 7500 series, and Cisco 10720 Internet router.
The service-policy output command configures output policing, which is performed in silent mode to
silently discard packets exiting from the control plane according to the attached QoS policy. Silent mode
allows a router that is running Cisco IOS software to operate without sending any system messages. If a
packet that is exiting from the control plane is discarded for output policing, you do not receive an error
message.
Silent mode allows a router that is running Cisco IOS software to operate without sending any system
messages. If a packet that is destined for the router is discarded for any reason, users will not receive an
error message. Some events that will not generate error messages are as follows:
• Traffic that is being transmitted to a port to which the router is not listening
• A connection to a legitimate address and port that is rejected because of a malformed request
Examples The following example shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
packets to be policed at the specified rate:
! Rate limit all other Telnet traffic.
! Define class-map “telnet-class.”
Router(config)# policy-map control-plane-policy
! Define aggregate control plane service for the active Route Processor.
Router(config-cp)# service-policy input control-plane-policy
The next example shows how to configure trusted networks with source addresses 10.0.0.0 and 10.0.0.2
to receive Internet Control Message Protocol (ICMP) port-unreachable responses without constraint,
while allowing all remaining ICMP port-unreachable to be dropped:
! Allow 10.0.0.0 trusted network traffic.
Router(config)# access-list 141 deny icmp host 10.0.0.0 255.255.255.224 any
port-unreachable
! Allow 10.0.0.2 trusted network traffic.

QOS-663
Router(config)# access-list 141 deny icmp host 10.0.0.2 255.255.255.224 any

port-unreachable
! Rate limit all other ICMP traffic.
Router(config)# access-list 141 permit icmp any any port-unreachable
Router(config)# class-map icmp-class
Router(config)# policy-map control-plane-out-policy
! Drop all traffic that matches the class "icmp-class."
Router(config-pmap)# class icmp-class
! Define aggregate control plane service for the active route processor.
Router(config-cp)# service-policy output control-plane-out-policy

control-plane Enters control-plane configuration mode to apply a QoS policy to police
traffic destined for the control plane.
show policy-map Displays the configuration of a class or all classes for the policy map
control-plane attached to the control plane.

QOS-664
service-policy (policy-map class)

To use a service policy as a QoS policy within a policy map (called a hierarchical service policy), use
the service-policy command in policy-map class configuration mode. To disable a particular service
policy as a QoS policy within a policy map, use the no form of this command.
service-policy policy-map-name
no service-policy policy-map-name
Syntax Description policy-map-name Specifies the name of the predefined policy map to be used as a QoS
policy. The name can be a maximum of 40 alphanumeric characters.
Command Default No service policies are used.

Usage Guidelines This command is used to create hierarchical service policies in policy-map class configuration mode.
This command is different from the service-policy [input | output] policy-map-name command used in
interface configuration mode. The purpose of the service-policy [input | output] policy-map-name is to
attach service policies to interfaces.
The child policy is the previously defined service policy that is being associated with the new service
policy through the use of the service-policy command. The new service policy using the preexisting
service policy is the parent policy.
This command has the following restrictions:
• The set command is not supported on the child policy.
• The priority command can be used in either the parent or the child policy, but not both policies
simultaneously.
• The shape command can be used in either the parent or the child policy, but not both polices
simultaneously on a subinterface.

QOS-665
• The fair-queue command cannot be defined in the parent policy.

• If the bandwidth command is used in the child policy, the bandwidth command must also be used
in the parent policy. The one exception is for policies using the default class.
Examples The following example creates a hierarchical service policy in the service policy called parent:
Router(config)# policy-map child
Router(config)# policy-map parent
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child
FRF.11 and FRF.12 configurations on a Versatile Interface Processor (VIP)-enabled Cisco 7500 series
router often require a hierarchical service policy for configuration. A hierarchical service policy for
FRF.11 and FRF.12 requires the following elements:
1. A traffic class that uses the Voice over Frame Relay (VoFR) protocol as the only match criterion.
2. A traffic policy that insures low latency queueing (LLQ), which is achieved using the priority
command, for all VoFR protocol traffic
3. A traffic policy that defines the shaping parameters and includes the elements listed in element 2.
Element 3 can only be fulfilled through the use of a hierarchical service policy, which is configured
using the service-policy command.
In the following example, element 1 is configured in the traffic class called frf, element 2 is configured
in the traffic policy called llq, and element 3 is configured in the traffic policy called llq-shape.
Router(config)# class-map frf
Router(config-cmap)# match protocol vofr
Router(config)# policy-map llq
Router(config-pmap)# class frf
Router(config)# policy-map llq-shape
Router(config-pmap-c)# shape average 1000 128000
Router(config-pmap-c)# service-policy llq
The final step in using a hierarchical service policy for FRF.11 and FRF.12 is using the service policy in
map-class configuration mode. In the following example, the traffic policy called llq-shape is attached
to the map class called frag:
Router(config)# map-class frame-relay frag
Router(config-map-class)# frame-relay fragment 40
Router(config-map-class)# service-policy llq-shape

QOS-666

fair-queue Specifies the number of queues to be reserved for use by a
traffic class.
policy-map Specifies the name of the service policy to configure.
priority Gives priority to a class of traffic belonging to a policy
map.
service-policy Specifies the name of the service policy to be attached to
the interface.
shape Specifies average or peak rate traffic shaping.
show policy-map Displays the configuration of all classes for a specified
service policy map or all classes for all existing policy
maps.
show policy-map interface Displays the configuration of all classes configured for all
service policies on the specified interface or displays the
classes for the service policy for a specific PVC on the
interface.

QOS-667
set atm-clp
set atm-clp
To set the cell loss priority (CLP) bit when a policy map is configured, use the set atm-clp command in
policy-map class configuration mode. To remove a specific CLP bit setting, use the no form of this
command.
set atm-clp
no set atm-clp
Command Default The CLP bit is automatically set to 0 when Cisco routers convert IP packets into ATM cells for
transmission through Multiprotocol Label Switching (MPLS)-aware ATM networks.

12.2(4)T This command was implemented on the Cisco MGX 8850 switch and the
MGX 8950 switch with a Cisco MGX RPM-PR card.
Usage Guidelines To disable this command, remove the service policy from the interface.
The set atm-clp command works only on platforms that support one of the following adapters: the
Enhanced ATM Port Adapter (PA-A3), the ATM Inverse Multiplexer over ATM Port Adapter with eight
T1 ports (PA-A3-8T1IMA), or the ATM Inverse Multiplexer over ATM Port Adapter with eight E1 ports
(PA-A3-8E1IMA). For more information, refer to the documentation for your specific router.
A policy map containing the set atm-clp command can be attached as an output policy only. The
set atm-clp command does not support packets that originate from the router.
Examples The following example illustrates setting the CLP bit using the set atm-clp command in the policy map:
Router(config)# class-map ip-precedence
Router(config-cmap)# match ip precedence 0 1

QOS-668
set atm-clp
Router(config)# policy-map atm-clp-set

Router(config-pmap)# class ip-precedence
Router(config-pmap-c)# set atm-clp
Router(config)# interface atm 1/0/0.1

show atm pvc Displays all ATM PVCs and traffic information.
show policy-map Displays information about the policy map for an interface.

QOS-669
set cos
set cos
To set the Layer 2 class of service (CoS) value of an outgoing packet, use the set cos command in
policy-map class configuration mode. To remove a specific CoS value setting, use the no form of this
command.
set cos {cos-value | from-field [table table-map-name]}
no set cos {cos-value | from-field [table table-map-name]}
set cos cos-value
Syntax Description cos-value Specific IEEE 802.1Q CoS value from 0 to 7.

from-field Specific packet-marking category to be used to set the CoS value of the
packet. If you are using a table map for mapping and converting
packet-marking values, this establishes the “map from” packet-marking
category. Packet-marking category keywords are as follows:
• precedence
• dscp
table (Optional) Indicates that the values set in a specified table map will be used
to set the CoS value.
table-map-name (Optional) Name of the table map used to specify the CoS value. The table
map name can be a maximum of 64 alphanumeric characters.
Command Default No CoS value is set for the outgoing packet.

12.2(13)T This command was modified for Enhanced Packet Marking to allow a
mapping table (table map)to be used to convert and propagate
packet-marking values.
12.0(16)BX This command was implemented on the Cisco 10000 series router for the
ESR-PRE2.

QOS-670
set cos
Usage Guidelines CoS packet marking is supported only in the Cisco Express Forwarding switching path.
The set cos command should be used by a router if a user wants to mark a packet that is being sent to a
switch. Switches can leverage Layer 2 header information, including a CoS value marking.
The set cos command can be used only in service policies that are attached in the output direction of an
interface. Packets entering an interface cannot be set with a CoS value.
The match cos and set cos commands can be used together to allow routers and switches to interoperate
and provide quality of service (QoS) based on the CoS markings.
Layer 2 to Layer 3 mapping can be configured by matching on the CoS value because switches already
can match and set CoS values. If a packet that needs to be marked to differentiate user-defined QoS
services is leaving a router and entering a switch, the router should set the CoS value of the packet
because the switch can process the Layer 2 header.
Using This Command with the Enhanced Packet Marking Feature

You can use this command as part of the Enhanced Packet Marking feature to specify the “from-field”
packet-marking category to be used for mapping and setting the CoS value. The “from-field”
packet-marking categories are as follows:
• Precedence
• Differentiated services code point (DSCP)
If you specify a “from-field” category but do not specify the table keyword and the applicable
table-map-name argument, the default action will be to copy the value associated with the “from-field”
category as the CoS value. For instance, if you configure the set cos precedence command, the
precedence value will be copied and used as the CoS value.
You can do the same for the DSCP marking category. That is, you can configure the set cos dscp
command, and the DSCP value will be copied and used as the CoS value.
Note If you configure the set cos dscp command, only the first three bits (the class selector bits) of the DSCP
field are used.
Examples In the following example, the policy map called “cos-set” is created to assign different CoS values for
different types of traffic. This example assumes that the class maps called “voice” and “video-data” have
already been created.
Router(config)# policy-map cos-set
Router(config-pmap-c)# set cos 1
Router(config-pmap)# class video-data
Router(config-pmap-c)# set cos 2

QOS-671
set cos
Enhanced Packet Marking Example

In the following example, the policy map called “policy-cos” is created to use the values defined in a
table map called “table-map1”. The table map called “table-map1” was created earlier with the
table-map (value mapping) command. For more information about the table-map (value mapping)
command, see the table-map (value mapping) command page.
In this example, the setting of the CoS value is based on the precedence value defined in “table-map1”:
Router(config)# policy-map policy-cos
Router(config-pmap-c)# set cos precedence table table-map1
Note The set cos command is applied when you create a service policy in QoS policy-map configuration mode
and attach the service policy to an interface or ATM virtual circuit (VC). For information on attaching a
service policy, refer to the “Modular Quality of Service Command-Line Interface Overview” chapter of

match cos Matches a packet on the basis of Layer 2 CoS marking.
set dscp Marks a packet by setting the Layer 3 DSCP value in the ToS byte.
set precedence Sets the precedence value in the packet header.
map.

QOS-672
set cos cos-inner (policy-map configuration)

To set the 802.1Q prioritization bits in the trunk VLAN tag of a QinQ-translated outgoing packet with
the priority value from the inner customer-edge VLAN tag, use the set cos cos-inner command in
policy-map class configuration mode. To return to the default settings, use the no form of this command.
set cos cos-inner
no set cos cos-inner
Command Default P bits are copied from the outer provider-edge VLAN tag.

12.2(18)SXD Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines This command is supported on the Gigabit Ethernet WAN interfaces on Cisco 7600 series routers that
are configured with an Optical Service Module (OSM)-2+4GE-WAN+ OSM module only.
OSMs are not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 32.
The 802.1P prioritization bits are used in the VLAN tag for QoS processing.
When the router copies the double-tagged QinQ packets to the destination interface, by default it uses
the P bits from the outer (provider) VLAN tag. To preserve the P bits that are in the inner (customer)
VLAN tag, use the set cos cos-inner command.
For the set cos cos-inner command to be effective, you must configure the appropriate interface or
subinterface as a trusted interface using the mls qos trust command. Otherwise, the interface or
subinterface defaults to being untrusted, where the Layer 2 interface zeroes out the P bits of the incoming
packets before the set cos cos-inner command can copy them to the outer VLAN tag.
The set cos cos-inner command is supported only for the subinterfaces that are configured with an inner
(customer) VLAN. The set cos cos-inner command is not supported for the subinterfaces that use the
out-range keyword on the bridge-domain (subinterface configuration) command or that are not
configured with any form of the bridge-domain (subinterface configuration) command.
This behavior remains when you configure the set cos cos-inner command on a policy that is applied to
a main interface. The set cos cos-inner command affects the subinterfaces that are configured with a
specific inner VLAN but it does not affect the subinterfaces that are not configured with any VLAN or
that are configured with the out-range keyword.

QOS-673
Examples This example shows how to configure a policy map for voice traffic that uses the P bits from the inner
VLAN tag:
Router(config-cmap)# set cos cos-inner
This example shows how to configure the default policy map class to reset to its default value:
Router(config-cmap)# no set cos cos-inner
This example shows the system message that appears when you attempt to apply a policy to a
subinterface that is configured with the bridge-domain (subinterface configuration) command:
Router(config-if)# bridge-vlan 32 dot1q-tunnel out-range
Router(config-if)# service-policy output cos1
%bridge-vlan 32 does not have any inner-vlan configured. 'set cos cos-inner' is not
supported

bridge-domain Binds a PVC to the specified vlan-id.
(subinterface
configuration)
class map Accesses the QoS class map configuration mode to configure QoS class
maps.
mode dot1q-in-dot1q Enables a Gigabit Ethernet WAN interface to act as a gateway for QinQ
access-gateway VLAN translation.
map.
set in dscp (policy-map Marks a packet by setting the IP DSCP in the ToS byte.
configuration)
set ip precedence Sets the precedence value in the IP header.
(policy-map
configuration)
show cwan qinq Displays the inner, outer, and trunk VLANs that are used in QinQ
translation.
show cwan qinq Displays the provider-edge VLAN IDs that are used on a Gigabit Ethernet
bridge-domain WAN interface for QinQ translation or shows the customer-edge VLANs
that are used for a specific provider-edge VLAN.
show cwan qinq Displays interface statistics for IEEE 802.1Q-in-802.1Q (QinQ) translation
interface on one or all Gigabit Ethernet WAN interfaces and port-channel interfaces.

QOS-674
set cos-inner
set cos-inner
To mark the inner class of service field in a bridged frame, use the set cos-inner command in policy-map
class configuration mode. To remove marking of the inner CoS field, use the no form of this command.
set cos-inner cos-value
no set cos-inner cos-value
Syntax Description cos-value IEEE 802.1q CoS value from 0–7.
Defaults No default behavior or values.

Usage Guidelines This command was introduced in Cisco IOS Release 12.2(33)SRA to support marking of the inner CoS
value when using multipoint bridging (MPB) features on the Enhanced FlexWAN module, and when
using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on the Cisco 7600
series router.
On the Cisco 7600 SIP-200, this command is not supported with the set cos command on the same
interface.
For more information about QoS and the forms of marking commands supported by the SIPs on the
Cisco 7600 series router, refer to the Cisco 7600 Series SIP, SSC, and SPA Software Configuration
Guide.
Examples The following example shows configuration of a QoS class that filters all traffic matching on VLAN 100
into a class named “vlan-inner-100.” The configuration shows the definition of a policy-map (also named
“vlan-inner-100”) that marks the inner CoS with a value of 3 for traffic in the vlan-inner-100 class. Since
marking of the inner CoS value is only supported with bridging features, the configuration also shows
the service policy being applied as an output policy to a serial SPA interface that bridges traffic into
VLAN 100 using the bridge-domain command:
Router(config-pmap)# class vlan-inner-100
Router(config-pmap-c)# set cos-inner 3

QOS-675
set cos-inner

Router(config-if)# no ip address
Router(config_if)# encapsulation ppp
Router(config-if)# bridge-domain 100 dot1q
Router(config-if)# service-policy output vlan-inner-100
Router(config-if)# shutdown
Router(config-if)# no shutdown

a bridged virtual LAN (VLAN) to an ATM permanent virtual circuit (PVC)
or Frame Relay data-link connection identifier (DLCI).
service-policy Attaches a policy map to an input interface or virtual circuit (VC) or an
output interface or VC, to be used as the service policy for that interface or
VC.

QOS-676
set cos-inner cos
set cos-inner cos

To copy the outer COS to the inner COS for double-tagged packets, use the set cos-inner cos command
in policy-map class configuration mode. To remove the outer COS copied to the inner COS for
double-tagged packets, use the no form of this command.
set cos-inner cos cos-value
no set cos-inner cos cos-value
Syntax Description cos-value IEEE 802.1q CoS value from 0–7.
Defaults No default behavior or values.

Usage Guidelines This command was introduced in Cisco IOS Release 12.2(33)SRB and is limited to policies that are
applied to the EVC service instances.
For classification, the reference to the outer and inner tags is made to the frames as seen on the wire -
that is, for ingress frames, tags prior to the "rewrite", while the for egress, it is after the "rewrite" of the
tags, if any.
For marking, the reference to the outer COS at the ingress is to the DBUS-COS and reference to the inner
is to the COS in the first tag on the frame; while, at the egress, the reference to outer and inner COS is
to the ones in the frame.
Examples The following example matches on outer COS 3 and 4 and copies the outer COS to the inner COS.
Router(config)# class-map cos3_4
Router(config-cmap)# match cos 3 4
Router(config)# policy-map mark-it-in
Router(config-pmap)# class cos3_4
Router(config-pmap-c)# set cos-inner cos

a bridged virtual LAN (VLAN) to an ATM permanent virtual circuit (PVC)
or Frame Relay data-link connection identifier (DLCI).

QOS-677
set cos-inner cos
Command Description
service-policy Attaches a policy map to an input interface or virtual circuit (VC) or an
output interface or VC, to be used as the service policy for that interface or
VC.

QOS-678
set discard-class
set discard-class
To mark a packet with a discard-class value, use the set discard-class command in QoS policy-map
configuration mode. To prevent the discard-class value of a packet from being altered, use the no form
of this command.
set discard-class value
no set discard-class value
Syntax Description value Specifies per-hop behavior (PHB) for dropping traffic. The value sets the
priority of a type of traffic. Valid values are numbers from 0 to 7.
Command Default If you do not enter this command, the packet has a discard-class value of 0.
Command Modes QoS policy-map configuration

12.3(7)XI This command was implemented on the Cisco 10000 series router for the
ESR-PRE2.
Usage Guidelines The discard class value indicates the discard portion of the PHB. Use the set discard-class command
only in DiffServ Tunneling Pipe mode. The discard class value is required when the input PHB marking
will be used to classify packets on the output interface.
You can also use this command to specify the type of traffic that will be dropped when there is
congestion.

This command is supported only on the ESR-PRE2.
Examples The following example shows that traffic will be set to the discard-class value of 2:
set discard-class 2

QOS-679
set discard-class

match discard-class Matches packets of a certain discard class.
discard-class-based

QOS-680
set dscp
set dscp
To mark a packet by setting the differentiated services code point (DSCP) value in the type of service
(ToS) byte, use the set dscp command in policy-map class configuration mode. To remove a previously
set DSCP value, use the no form of this command.
set [ip] dscp {dscp-value | from-field [table table-map-name]}
no set [ip] dscp {dscp-value | from-field [table table-map-name]
match is on both IPv4 and IPv6 packets.
dscp-value A number from 0 to 63 that sets the DSCP value. The following reserved
keywords can be specified instead of numeric values:
• EF (expedited forwarding)
• AF11 (assured forwarding class AF11)
from-field Specific packet-marking category to be used to set the DSCP value of the
packet. If you are using a table map for mapping and converting
• cos
• qos-group
table (Optional) Used in conjunction with the from-field argument. Indicates that
the values set in a specified table map will be used to set the DSCP value.
table-map-name (Optional) Used in conjunction with the table keyword. Name of the table
map used to specify the DSCP value. The name can be a maximum of 64

12.2(13)T This command was introduced. It replaces the set ip dscp command.
12.0(28)S Support for this command in IPv6 was added on the in Cisco IOS
Release 12.0(28)S

QOS-681
set dscp
Usage Guidelines Once the DSCP bit is set, other quality of service (QoS) features can then operate on the bit settings.
DSCP and Precedence Values Are Mutually Exclusive

The set dscp command cannot be used with the set precedence command to mark the same packet. The
two values, DSCP and precedence, are mutually exclusive. A packet can have one value or the other, but
not both.
Precedence Value and Queueing

The network gives priority (or some type of expedited handling) to marked traffic. Typically, you set the
precedence value at the edge of the network (or administrative domain); data then is queued according
to the precedence. Weighted fair queueing (WFQ) can speed up handling for high-precedence traffic at
congestion points. Weighted Random Early Detection (WRED) ensures that high-precedence traffic has
lower loss rates than other traffic during times of congestion.
Use of the “from-field” Packet-marking Category

If you are using this command as part of the Enhanced Packet Marking feature, you can use this
command to specify the “from-field” packet-marking category to be used for mapping and setting the
DSCP value. The “from-field” packet-marking categories are as follows:
• Class of service (CoS)
• QoS group
category as the DSCP value. For instance, if you configure the set dscp cos command, the CoS value
will be copied and used as the DSCP value.
Note The CoS field is a three-bit field, and the DSCP field is a six-bit field. If you configure the set dscp cos
command, only the three bits of the CoS field will be used.
If you configure the set dscp qos-group command, the QoS group value will be copied and used as the
DSCP value.
The valid value range for the DSCP is a number from 0 to 63. The valid value range for the QoS group
is a number from 0 to 99. Therefore, when configuring the set dscp qos-group command, note the
following points:
• If a QoS group value falls within both value ranges (for example, 44), the packet-marking value will
be copied and the packets will be marked.
• If QoS group value exceeds the DSCP range (for example, 77), the packet-marking value will not
be copied and the packet will not be marked. No action is taken.
Set DSCP Values in IPv6 Environments

When this command is used in IPv6 environments, the default match occurs on both IP and IPv6 packets.
However, the actual packets set by this function are only those which meet the match criteria of the
class-map containing this function.
Set DSCP Values for IPv6 Packets Only

To set DSCP values for IPv6 values only, the match protocol ipv6 command must also be used. Without
that command, the precedence match defaults to match both IPv4 and IPv6 packets.

QOS-682
set dscp
Set DSCP Values for IPv4 Packets Only

To set DSCP values for IPv4 packets only, use the ip keyword. Without the ip keyword, the match occurs
on both IPv4 and IPv6 packets.
Examples Packet-marking Values and Table Map

In the following example, the policy map called “policy1” is created to use the packet-marking values
defined in a table map called “table-map1”. The table map was created earlier with the table-map (value
mapping) command. For more information about the table-map (value mapping) command, see the
table-map (value mapping) command page.
In this example, the DSCP value will be set according to the CoS value defined in the table map called
“table-map1”.
Router(config-pmap-c)# set dscp cos table table-map1
The set dscp command is applied when you create a service policy in QoS policy-map configuration
mode. This service policy is not yet attached to an interface. For information on attaching a service
policy to an interface, refer to the “Modular Quality of Service Command-Line Interface” section of the
Cisco IOS Quality of Service Solutions Configuration Guide.

protocol.
set precedence Sets the precedence value in the packet header.
map.
show table-map Displays the configuration of a specified table map or all table maps.
table-map (value Creates and configures a mapping table for mapping and converting one
mapping) packet-marking value to another.

QOS-683
set fr-de
set fr-de
To change the discard eligible (DE) bit setting in the address field of a Frame Relay frame to 1 for all
traffic leaving an interface, use the set fr-de command in policy-map class command. To remove the DE
bit setting, use the no form of this command.
set fr-de
no set fr-de
Defaults The DE bit is usually set to 0. This command changes the DE bit setting to 1.
Command Modes Policy-map class

12.2(31)SB2 This command was integrated in Cisco IOS Release 12.2(31)SB2,
and introduced on the PRE3 for the Cisco 10000 series router.
Usage Guidelines To disable this command in a traffic policy, use the no set fr-de command in policy-map class
configuration mode of the traffic policy.
If the DE bit is already set to 1, no changes are made to the frame.
Examples The following example shows how to set the DE bit using the set fr-de command in the traffic policy.
The router sets the DE bit of outbound packets belonging to the ip-precedence class.
Router(config)# class-map ip-precedence
Router(config-cmap)# match ip precedence 0 1
Router(config)# policy-map set-de
Router(config-pmap)# class ip-precedence
Router(config-pmap-c)# set fr-de
Router(config)# interface serial 1/0/0
Router(config-if)# no ip address
Router(config-if)# interface serial 1/0/0.1
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# service-policy output set-de

QOS-684
set fr-de


QOS-685
set ip dscp
set ip dscp
The set ip dscp command is replaced by the set dscp command. See the set dscp command for more
information.

QOS-686
set ip dscp (policy-map configuration)

To mark a packet by setting the IP differentiated services code point (DSCP) value in the type of service
(ToS) byte, use the set ip dscp command in policy-map configuration mode. To remove a previously set
IP DSCP value, use the no form of this command.
set ip dscp ip-dscp-value
no set ip dscp ip-dscp-value
Syntax Description ip-dscp-value IP DSCP value; valid values are from 0 to 63. See the “Usage Guidelines”

Usage Guidelines You can enter reserved keywords EF (expedited forwarding), AF11 (assured forwarding class AF11),
and AF12 (assured forwarding class AF12) instead of numeric values for ip-dscp-value.
After the IP DSCP bit is set, other quality of service (QoS) features can operate on the bit settings.
You cannot mark a packet by the IP precedence using the set ip precedence (policy-map configuration)
command and then mark the same packet with an IP DSCP value using the set ip dscp command.
The network gives priority (or some type of expedited handling) to marked traffic. Typically, you set IP
precedence at the edge of the network (or administrative domain); data is queued based on the
precedence. Weighted Fair Queueing (WFQ) can speed up handling for high-precedence traffic at
congestion points. Weighted Random Early Detection (WRED) ensures that high-precedence traffic has
lower loss rates than other traffic during traffic congestion.
The set ip precedence (policy-map configuration) command is applied when you create a service policy
in QoS policy-map configuration mode. This service policy is not attached to an interface or to an ATM
virtual circuit. See the service-policy command for information on attaching a service policy to an
interface.

QOS-687
When configuring policy-map class actions, note the following:

• For hardware-switched traffic, Policy Feature Card (PFC) QoS does not support the bandwidth,
priority, queue-limit, or random-detect policy-map class commands. You can configure these
commands because they can be used for software-switched traffic.
• PFC QoS does not support the set mpls or set qos-group policy-map class commands.
• PFC QoS supports the set ip dscp and set ip precedence policy-map class commands (see the
“Configuring Policy Map Class Marking” section in the Cisco 7600 Series Router Cisco IOS
Software Configuration Guide).
• You cannot do all three of the following in a policy-map class:
– Mark traffic with the set ip dscp or set ip precedence (policy-map configuration) commands
– Configure the trust state
– Configure policing
In a policy-map class, you can either mark traffic with the set ip dscp or set ip precedence
(policy-map configuration) commands or do one or both of the following:
– Configure the trust state
– Configure policing
Examples This example shows how to set the IP DSCP ToS byte to 8 in the policy map called policy1:
Router(config-cmap)# class class1
Router(config-cmap)# set ip dscp 8
All packets that satisfy the match criteria of class1 are marked with the IP DSCP value of 8. How packets
that are marked with the IP DSCP value of 8 are treated is determined by the network configuration.
This example shows that after you configure the settings that are shown for voice packets at the edge of
the network, all intermediate routers are then configured to provide low-latency treatment to the voice
packets:
Router(config)# class-map voice
Router(config-cmap)# match ip dscp ef
Router(config)# policy qos-policy
Router(config-cmap)# class voice
Router(config-cmap)# priority 24

map.

QOS-688
set ip dscp tunnel
set ip dscp tunnel

To set the differentiated services code point (DSCP) value in the tunnel header of a Layer 2 Tunnel
Protocol Version 3 (L2TPv3) or Generic Routing Encapsulation (GRE) tunneled packet for tunnel
marking, use the set ip dscp tunnel command in policy-map class configuration mode. To disable this
functionality, use the no form of this command.
set ip dscp tunnel dscp-value
no set ip dscp tunnel dscp-value
Syntax Description dscp-value Number from 0 to 63 that identifies the tunnel header value. The following
reserved keywords can be specified instead of numeric values:
• EF (expedited forwarding)
Command Default The DSCP value is not set.

12.2(33)SRC This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.4(15)T2 This command was integrated into Cisco IOS Release 12.4(15)T2, and
support for marking GRE-tunneled packets was included.
(RPM-XF).
12.2(33)SB Support for marking GRE-tunneled packets was included, and support for
the Cisco 7300 series router was added.
Usage Guidelines It is possible to configure L2TPv3 (or GRE) tunnel marking and the ip tos command at the same time.
However, Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) (L2TPv3 or GRE)
tunnel marking has higher priority over ip tos commands, meaning that tunnel marking always rewrites
the IP header of the tunnel packet and overwrites the values set by ip tos commands. The order of
enforcement is as follows when these commands are used simultaneously:
1. set ip dscp tunnel or set ip precedence tunnel (L2TPv3 or GRE tunnel marking)
2. ip tos reflect
3. ip tos tos-value

QOS-689
set ip dscp tunnel
This is the designed behavior. We recommend that you configure only L2TPv3 (or GRE) tunnel marking
and reconfigure any peers configured with the ip tos command to use L2TPv3 (or GRE) tunnel marking.
Note For Cisco IOS Release 12.4(15)T2, marking GRE-tunneled packets is supported only on platforms
equipped with a Cisco RPM-XF.
Examples The following example shows the set ip dscp tunnel command used in a tunnel marking configuration.
In this example, a class map called “class-cl” has been configured to match traffic on the basis of the
Frame Relay discard eligible (DE) bit setting. Also, a policy map called “policy1” has been created
within which the set ip dscp tunnel command has been configured.
Router> enable
Router(config)# class-map class-c1
Router(config-cmap)# match fr-de
Router(config-pmap)# class tunnel
Router(config-pmap-c)# set ip dscp tunnel 5
Note The policy map must still be attached to an interface or ATM PVC using the service-policy command.
For more information about attaching a policy map to an interface or ATM PVC, see the “Applying QoS
Features Using the MQC” module of the Cisco IOS Quality of Service Solutions Configuration Guide.

ip tos Specifies the ToS level for IP traffic.
set ip precedence Sets the precedence value in the header of an L2TPv3 or GRE tunneled
tunnel packet.

QOS-690
set ip precedence (policy-map configuration)

To set the precedence value in the IP header, use the set ip precedence command in policy-map
configuration mode. To leave the precedence value at the current setting, use the no form of this
command.
set ip precedence ip-precedence-value
no set ip precedence
Syntax Description ip-precedence-value Precedence-bit value in the IP header; valid values are from 0 to 7. See
Table 38 for a list of value definitions.
Command Default This command is disabled by default.

Usage Guidelines Table 38 lists the value definitions for precedence values in the IP header. They are listed from least to
most important.
Table 38 Value Definitions for IP Precedence
Values Definitions
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet
7 network
After the IP precedence bits are set, other quality of service (QoS) features, such as Weighted Fair
Queueing (WFQ) and Weighted Random Early Detection (WRED), operate on the bit settings.

QOS-691
The network priorities (or some type of expedited handling) mark traffic through the application of WFQ
or WRED at points downstream in the network. Typically, you set IP precedence at the edge of the
network (or administrative domain); data is queued based on the precedence. WFQ can speed up
handling for certain precedence traffic at congestion points. WRED can ensure that certain precedence
traffic has lower loss rates than other traffic during traffic congestion.
The set ip precedence command is applied when you create a service policy in policy-map configuration
mode. This service policy is not attached to an interface or to an ATM virtual circuit. See the
service-policy command for information on attaching a service policy to an interface.
Examples This example shows how to set the IP precedence to 5 for packets that satisfy the match criteria of the
class map called class1:
Router(config-pmap-c)# set ip precedence 5
All packets that satisfy the match criteria of class1 are marked with the IP precedence value of 5. How
packets that are marked with the IP-precedence value of 5 are treated is determined by the network
configuration.

map.

QOS-692
set ip precedence (policy-map)
set ip precedence (policy-map)

The set ip precedence (policy-map) command is replaced by the set precedence command. See the set
precedence command for more information.

QOS-693
set ip precedence (route-map)

To set the precedence value (and an optional IP number or IP name) in the IP header, use the set ip
precedence command in route-map configuration mode. To leave the precedence value unchanged, use
set ip precedence [number | name]
no set ip precedence
Syntax Description number | name (Optional) A number or name that sets the precedence bits in the IP header.
The values for the number argument and the corresponding name argument
are listed in Table 39 from least to most important.
Command Modes Route-map configuration

Usage Guidelines Table 39 lists the values for the number argument and the corresponding name argument for precedence
values in the IP header. They are listed from least to most important.
Table 39 Number and Name Values for IP Precedence
Number Name
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet
7 network

QOS-694
You can set the precedence using either a number or the corresponding name. Once the IP Precedence
bits are set, other QoS services such as weighted fair queueing (WFQ) and Weighted Random Early
Detection (WRED) then operate on the bit settings.
The network gives priority (or some type of expedited handling) to marked traffic through the application
of WFQ or WRED at points downstream in the network. Typically, you set IP Precedence at the edge of
the network (or administrative domain); data then is queued based on the precedence. WFQ can speed
up handling for certain precedence traffic at congestion points. WRED can ensure that certain
precedence traffic has lower loss rates than other traffic during times of congestion.
The mapping from arguments such as routine and priority to a precedence value is useful only in some
instances. That is, the use of the precedence bit is evolving. You can define the meaning of a precedence
value by enabling other features that use the value. In the case of the high-end Internet QoS available
from Cisco, IP Precedences can be used to establish classes of service that do not necessarily correspond
numerically to better or worse handling in the network.
Use the route-map (IP) global configuration command with the match and set route-map configuration
commands to define the conditions for redistributing routes from one routing protocol into another, or
for policy routing. Each route-map command has an associated list of match and set commands. The
match commands specify the match criteria—the conditions under which redistribution or policy
routing is allowed for the current route-map command. The set commands specify the set actions—the
particular redistribution or policy routing actions to perform if the criteria enforced by the match
commands are met. The no route-map command deletes the route map.
The set route-map configuration commands specify the redistribution set actions to be performed when
all of the match criteria of a route map are met.
Examples The following example sets the IP Precedence to 5 (critical) for packets that pass the route map match:
interface serial 0
ip policy route-map texas
route-map texas
match length 68 128
set ip precedence 5

ip policy route-map Identifies a route map to use for policy routing on an interface.
random-detect dscp Changes the minimum and maximum packet thresholds for the DSCP
value.
send qdm message Configures CAR and DCAR policies.
route-map (IP) Defines the conditions for redistributing routes from one routing protocol
into another, or enables policy routing.
traffic-shape adaptive Configures a Frame Relay subinterface to estimate the available
bandwidth when BECN signals are received.
traffic-shape fecn-adapt Replies to messages with the FECN bit (which are set with TEST
RESPONSE messages with the BECN bit set).
traffic-shape group Enables traffic shaping based on a specific access list for outbound traffic
on an interface.
traffic-shape rate Enables traffic shaping for outbound traffic on an interface.

QOS-695
set ip precedence tunnel

To set the precedence value in the header of a Layer 2 Tunnel Protocol Version 3 (L2TPv3) or Generic
Routing Encapsulation (GRE) tunneled packet for tunnel marking, use the set ip precedence tunnel
command in policy-map class configuration mode. To disable this functionality, use the no form of this
command.
set ip precedence tunnel precedence-value
no set ip precedence tunnel precedence-value
Syntax Description precedence-value Number from 0 to 7 that identifies the precedence value of the tunnel header.
Command Default The precedence value is not set.

12.4(15)T2 This command was integrated into Cisco IOS Release 12.4(15)T2, and
support for marking GRE-tunneled packets was included.
(RPM-XF).
12.2(33)SB Support for marking GRE-tunneled packets was included, and support for
the Cisco 7300 series router was added.
Usage Guidelines It is possible to configure L2TPv3 (or GRE) tunnel marking and the ip tos command at the same time.
However, Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) (L2TPv3 or GRE)
tunnel marking has higher priority over ip tos commands, meaning that tunnel marking always rewrites
the IP header of the tunnel packet and overwrites the values set by ip tos commands. The order of
enforcement is as follows when these commands are used simultaneously:
1. set ip dscp tunnel or set ip precedence tunnel (L2TPv3 or GRE tunnel marking)
2. ip tos reflect
3. ip tos tos-value
This is the designed behavior. We recommend that you configure only L2TPv3 (or GRE) tunnel marking
and reconfigure any peers configured with the ip tos command to use L2TPv3 (or GRE) tunnel marking.

QOS-696
Note For Cisco IOS Release 12.4(15)T2, marking GRE-tunneled packets is supported only on platforms
equipped with a Cisco RPM-XF.
Examples The following example shows the set ip precedence tunnel command used in a tunnel marking
configuration. In this example, a class map called “MATCH_FRDE” has been configured to match traffic
on the basis of the Frame Relay discard eligible (DE) bit setting. Also, a policy map called “policy1” has
been created within which the set ip precedence tunnel command has been configured.
Router> enable
Router(config)# class-map MATCH_FRDE
Router(config-cmap)# match fr-de
Router(config-pmap)# class tunnel
Router(config-pmap-c)# set ip precedence tunnel 7
Note The policy map must still be attached to an interface or ATM PVC using the service-policy command.
For more information about attaching a policy map to an interface or ATM PVC, see the “Applying QoS
Features Using the MQC” module of the Cisco IOS Quality of Service Solutions Configuration Guide.

ip tos Specifies the ToS level for IP traffic in the TN3270 server.
set ip dscp tunnel Sets the DSCP value in the header of an L2TPv3 tunneled packet.

QOS-697
set ip tos (route-map)

To set the type of service (ToS) bits in the header of an IP packet, use the set ip tos command in
route-map configuration mode. To leave the ToS bits unchanged, use the no form of this command.
set ip tos [tos-bit-value | max-reliability | max-throughput | min-delay | min-monetary-cost |

normal]
no set ip tos
Syntax Description tos-bit-value (Optional) A value (number) from 0 to 15 that sets the ToS bits in the IP
header. See Table 40 for more information.
max-reliability (Optional) Sets the maximum reliability ToS bits to 2.
max-throughput (Optional) Sets the maximum throughput ToS bits to 4.
min-delay (Optional) Sets the minimum delay ToS bits to 8.
min-monetary-cost (Optional) Sets the minimum monetary cost ToS bits to 1.
normal (Optional) Sets the normal ToS bits to 0.
Command Modes Route-map configuration

12.4T This command was integrated into Cisco IOS Release 12.4T.
Usage Guidelines This command allows you to set four bits in the ToS byte header. Table 40 shows the format of the four
bits in binary form.
Table 40 ToS Bits and Description
T3 T2 T1 T0 Description
0 0 0 0 0 normal forwarding
0 0 0 1 1 minimum monetary cost
0 0 1 0 2 maximum reliability

QOS-698
Table 40 ToS Bits and Description (continued)
0 1 0 0 4 maximum throughput
1 0 0 0 8 minimum delay
The T3 bit sets the delay. Setting T3 to 0 equals normal delay, and setting it to 1 equals low delay.
The T2 bit sets the throughput. Setting this bit to 0 equals normal throughput, and setting it to 1 equals
maximum throughput. Similarly, the T1 and T0 bits set reliability and cost, respectively. Therefore, as
an example, if you want to set a packet with the following requirements:
minimum delay T3 = 1
normal throughput T2 = 0
normal reliability T1 = 0
minimum monetary cost T0 = 1
You would set the ToS to 9, which is 1001 in binary format.
Use the route-map (IP) global configuration command with the match and set (route-map)
configuration commands to define the conditions for redistributing routes from one routing protocol into
another, or for policy routing. Each route-map command has an associated list of match and set
commands. The match commands specify the match criteria—the conditions under which redistribution
or policy routing is allowed for the current route-map command. The set commands specify the set
actions—the particular redistribution or policy routing actions to perform if the criteria enforced by the
match commands are met. The no route-map command deletes the route map.
The set (route-map) commands specify the redistribution set actions to be performed when all of the
match criteria of a route map are met.
Examples The following example sets the IP ToS bits to 8 (minimum delay as shown in Table 40) for packets that
pass the route-map match:
interface serial 0
ip policy route-map texas
!
route-map texas
match length 68 128
set ip tos 8
!

ip policy route-map Identifies a route map to use for policy routing on an interface.
route-map (IP) Defines the conditions for redistributing routes from one routing protocol
into another, or enables policy routing.

QOS-699
set precedence
set precedence
To set the precedence value in the packet header, use the set precedence command in policy-map class
configuration mode. To remove the precedence value, use the no form of this command.
Supported Platforms Other Than Cisco 10000 Series Routers
set precedence {precedence-value | from-field [table table-map-name]}
no set precedence {precedence-value | from-field [table table-map-name]}
set precedence precedence-value
no set precedence precedence-value
Syntax Description precedence-value A number from 0 to 7 that sets the precedence bit in the packet header.
from-field Specific packet-marking category to be used to set the precedence value of
the packet. If you are using a table map for mapping and converting
packet-marking values, this argument value establishes the “map from”
packet-marking category. Packet-marking category keywords are as follows:
• cos
• qos-group
table (Optional) Indicates that the values set in a specified table map will be used
to set the precedence value.
table-map-name (Optional) Name of the table map used to specify a precedence value based
on the class of service (CoS) value. The name can be a maximum of 64

12.2(13)T This command was introduced. This command replaces the set ip
precedence command.
12.0(28)S Support for this command in IPv6 was added in Cisco IOS Release
12.0(28)S on the Cisco 12000 series Internet routers.

QOS-700
set precedence
Usage Guidelines Command Compatibility

If a router is loaded with an image from this version (that is, Cisco IOS Release 12.2(13)T) that
contained an old configuration, the set ip precedence command is still recognized. However, the set
precedence command will be used in place of the set ip precedence command.
The set precedence command cannot be used with the set dscp command to mark the same packet. The
two values, DSCP and precedence, are mutually exclusive. A packet can be one value or the other, but
not both.
Bit Settings
Once the precedence bits are set, other quality of service (QoS) features such as weighted fair queueing
(WFQ) and Weighted Random Early Detection (WRED) then operate on the bit settings.
Precedence Value
The network gives priority (or some type of expedited handling) to marked traffic through the application
of WFQ or WRED at points downstream in the network. Typically, you set the precedence value at the
edge of the network (or administrative domain); data then is queued according to the specified
precedence. WFQ can speed up handling for certain precedence traffic at congestion points. WRED can
ensure that certain precedence traffic has lower loss rates than other traffic during times of congestion.
The set precedence command cannot be used with the set dscp command to mark the same packet. The
two values, differentiated services code point (DSCP) and precedence, are mutually exclusive. A packet
can have one value or the other, but not both.

precedence value. The “from-field” packet-marking categories are as follows:
• CoS
• QoS group
category as the precedence value. For instance, if you configure the set precedence cos command, the
CoS value will be copied and used as the precedence value.
You can do the same for the QoS group-marking category. That is, you can configure the set precedence
qos-group command, and the QoS group value will be copied and used as the precedence value.
The valid value range for the precedence value is a number from 0 to 7. The valid value range for the
QoS group is a number from 0 to 99. Therefore, when configuring the set precedence qos-group
command, note the following points:
• If a QoS group value falls within both value ranges (for example, 6), the packet-marking value will
be copied and the packets will be marked.
• If QoS group value exceeds the precedence range (for example, 10), the packet-marking value will
not be copied, and the packet will not be marked. No action is taken.
Precedence Values in IPv6 Environments

When this command is used in IPv6 environments it can set the value in both IPv4 and IPv6 packets.
However, the actual packets set by this function are only those that meet the match criteria of the
class-map containing this function.

QOS-701
set precedence
Setting Precedence Values for IPv6 Packets Only

To set the precedence values for IPv6 packets only, the match protocol ipv6 command must also be used
in the class-map that classified packets for this action. Without the match protocol ipv6 command, the
class-map may classify both IPv6 and IPv4 packets, (depending on other match criteria) and the set
precedence command will act upon both types of packets.
Setting Precedence Values for IPv4 Packets Only

To set the precedence values for IPv4 packets only, use a command involving the ip keyword like the
match ip precedence or match ip dscp command or include the match protocol ip command along
with the others in the class map. Without the additional ip keyword, the class-map may match both IPv6
and IPv4 packets (depending on the other match criteria) and the set precedence or set dscp command
may act upon both types of packets.
Examples In the following example, the policy map named policy-cos is created to use the values defined in a table
map named table-map1. The table map named table-map1 was created earlier with the table-map (value
mapping) command. For more information about the table-map (value mapping) command, see the
table-map (value mapping) command page.
In this example, the precedence value will be set according to the CoS value defined in table-map1.
Router(config)# policy-map policy-cos
Router(config-pmap-c)# set precedence cos table table-map1
The set precedence command is applied when you create a service policy in QoS policy-map
configuration mode. This service policy is not yet attached to an interface or to an ATM virtual circuit.
For information on attaching a service policy to an interface, refer to the “Modular Quality of Service
Command-Line Interface Overview” chapter of the Cisco IOS Quality of Service Solutions

match dscp Identifies a specific IP DSCP value as a match criterion.
protocol.
set dscp Marks a packet by setting the Layer 3 DSCP value in the ToS byte.
set qos-group Sets a group ID that can be used later to classify packets.
show policy-map Displays the configuration for all classes configured for all service
interface policies on the specified interface or displays the classes for the service

QOS-702
set precedence
Command Description

QOS-703
set qos-group
set qos-group
To set a quality of service (QoS) group identifier (ID) that can be used later to classify packets, use the
set qos-group command in policy-map class configuration mode. To remove the group ID, use the no
set qos-group {group-id | from-field [table table-map-name]}
no set qos-group {group-id | from-field [table table-map-name]}
set qos-group group-id
no set qos-group group-id
Syntax Description group-id Group ID number in the range from 0 to 99.

from-field Specific packet-marking category to be used to set the QoS group value of
the packet. If you are using a table map for mapping and converting
• cos—Specifies that the QoS group value is set from the packet’s
original 802.1P class of service (CoS) field.
• precedence—Specifies that the QoS group value is set from the
packet’s original IP precedence field.
• dscp—Specifies that the QoS group value is set from the packet’s
original Differentiated Services Code Point (DSCP) field.
• mpls exp topmost—Specifies that the QoS group value is set from the
packet’s original topmost MPLS EXP field.
table table-map-name (Optional) Used in conjunction with the from-field argument. Indicates that
the values set in a table map specified by table-map-name will be used to
set the QoS group value.
Command Default No group ID is specified.


QOS-704
set qos-group
12.2(13)T This command can now be used with the random-detect
discard-class-based command, and this command was modified for the
Enhanced Packet Marking feature. A mapping table (table map) can now be
used to convert and propagate packet-marking values.
12.2(18)SXE This command was integrated into Cisco IOS 12.2(18)SXE, and the cos
keyword was added.
Usage Guidelines The set qos-group command allows you to associate a group ID with a packet. The group ID can be used
later to classify packets into QoS groups based as prefix, autonomous system, and community string.
A QoS group and discard class are required when the input per-hop behavior (PHB) marking will be used
for classifying packets on the output interface.

precedence value.
category as the precedence value. For instance, if you enter set qos-group precedence, the precedence
value will be copied and used as the QoS group value.
A packet is marked with a QoS group value only while it is being processed within the router. The QoS
group value is not included in the packet’s header when the packet is transmitted over the output
interface. However, the QoS group value can be used to set the value of a Layer 2 or Layer 3 field that
is included as part of the packet’s headers (such as the MPLS EXP, CoS, and DSCP fields).
Note The set qos-group cos and set qos-group precedence commands are equivalent to the mls qos trust cos
and mls qos trust prec commands.
Tip The set qos-group command cannot be applied until you create a service policy in policy-map
configuration mode and then attach the service policy to an interface or ATM virtual circuit (VC). For
information on attaching a service policy, refer to the “Modular Quality of Service Command-Line
Interface Overview” chapter of the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples The following example shows how to set the QoS group to 1 for all packets that match the class map
called class 1. These packets are then rate limited on the basis of the QoS group ID.
Router(config-pmap-c)# set qos-group 1

QOS-705
set qos-group
The following example shows how to set the QoS group value based on the packet’s original 802.1P CoS
value:
Router(config)# policy map policy1
Router(config-pmap-c)# set qos-group cos
Enhanced Packet Marking Example

The following example shows how to set the QoS group value based on the values defined in a table map
called table-map1. This table map is configured in a policy map called policy1. Policy map policy1
converts and propagates the QoS value according to the values defined in table-map1.
In this example, the QoS group value will be set according to the precedence value defined in
table-map1.
Router(config)# policy map policy1
Router(config-pmap-c)# set qos-group precedence table table-map1

match input vlan Configures a class map to match incoming packets that have a specific
VLAN ID.
mls qos trust Sets the trusted state of an interface to determine which incoming QoS field

QOS-706
shape
shape
To specify average or peak rate traffic shaping, use the shape command in class-map configuration
mode. To remove traffic shaping, use the no form of this command.
shape {average | peak} cir [bc] [be]
no shape {average | peak} cir [bc] [be]
Syntax Description average Specifies average rate shaping.

peak Specifies peak rate shaping.
cir Specifies the committed information rate (CIR), in bits per second (bps).
bc (Optional) Specifies the Committed Burst size, in bits.
be (Optional) Specifies the Excess Burst size, in bits.
Command Default Average or peak rate traffic shaping is not specified.

Usage Guidelines Traffic shaping limits the rate of transmission of data. In addition to using a specifically configured
transmission rate, you can use Generic Traffic Shaping (GTS) to specify a derived transmission rate
based on the level of congestion.
You can specify two types of traffic shaping; average rate shaping and peak rate shaping. Average rate
shaping limits the transmission rate to the CIR. Using the CIR ensures that the average amount of traffic
being sent conforms to the rate expected by the network.
Peak rate shaping configures the router to send more traffic than the CIR. To determine the peak rate,
the router uses the following formula:
peak rate = CIR(1 + Be / Bc)
where:
• Be is the Excess Burst size.
• Bc is the Committed Burst size.
Peak rate shaping allows the router to burst higher than average rate shaping. However, using peak rate
shaping, the traffic sent above the CIR (the delta) could be dropped if the network becomes congested.

QOS-707
shape
If your network has additional bandwidth available (over the provisioned CIR) and the application or
class can tolerate occasional packet loss, that extra bandwidth can be exploited through the use of peak
rate shaping. However, there may be occasional packet drops when network congestion occurs. If the
traffic being sent to the network must strictly conform to the configured network provisioned CIR, then
you should use average traffic shaping.
Examples The following example sets the uses average rate shaping to ensure a bandwidth of 256 kbps:
The following example uses peak rate shaping to ensure a bandwidth of 300 kbps but allow throughput
up to 512 kbps if enough bandwidth is available on the interface:
bandwidth 300
shape peak 512000

policy map.
and the default class (commonly known as the class-default class) before
you configure its policy.
shape max-buffers Specifies the maximum number of buffers allowed on shaping queues.

QOS-708
shape (percent)
shape (percent)
To specify average or peak rate traffic shaping on the basis of a percentage of bandwidth available on an
interface, use the shape command in policy-map class configuration mode. To remove traffic shaping,
shape {average | peak} percent percentage [sustained-burst-in-msec ms] [be excess-burst-in-msec

ms] [bc committed-burst-in-msec ms]
no shape {average | peak} percent percentage [sustained-burst-in-msec ms] [be

excess-burst-in-msec ms] [bc committed-burst-in-msec ms]
Syntax Description average Specifies average rate traffic shaping.

peak Specifies peak rate traffic shaping.
percent Specifies that a percent of bandwidth will be used for either the average
rate traffic shaping or peak rate traffic shaping.
percentage Specifies the bandwidth percentage. Valid range is a number from 1
to 100.
sustained-burst-in-msec (Optional) Sustained burst size used by the first token bucket for policing
traffic. Valid range is a number from 4 to 200.
ms (Optional) Indicates that the burst value is specified in milliseconds (ms).
be (Optional) Excess burst (be) size used by the second token bucket for
policing traffic.
excess-burst-in-msec (Optional) Specifies the be size in milliseconds. Valid range is a number
from 0 to 200.
bc (Optional) Committed burst (bc) size used by the first token bucket for
policing traffic.
committed-burst-in-msec (Optional) Specifies the bc value in milliseconds. Valid range is a number
from 1 to 2000.
Command Default The default bc and be is 4 ms.

12.2(13)T This command was modified for the Percentage-Based Policing and
Shaping feature.
12.0(28)S The command was integrated into Cisco IOS Release 12.0(28)S.
12.2(18)SXE The command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(28)SB The command was integrated into Cisco IOS Release 12.2(28)SB.

QOS-709
shape (percent)
Usage Guidelines Committed Information Rate

This command calculates the committed information rate (CIR) on the basis of a percentage of the
available bandwidth on the interface. Once a policy map is attached to the interface, the equivalent CIR
value in bits per second (bps) is calculated on the basis of the interface bandwidth and the percent value
entered with this command. The show policy-map interface command can then be used to verify the
CIR bps value calculated.
The calculated CIR bps rate must be in the range of 8000 and 154,400,000 bps. If the rate is less than
8000 bps, the associated policy map cannot be attached to the interface. If the interface bandwidth
changes (for example, more is added), the CIR bps values are recalculated on the basis of the revised
amount of bandwidth. If the CIR percentage is changed after the policy map is attached to the interface,
the bps value of the CIR is recalculated.
Conform Burst and Peak Burst Sizes in Milliseconds

This command also allows you to specify the values for the conform burst size and the peak burst size
in milliseconds. If you want bandwidth to be calculated as a percentage, the conform burst size and the
peak burst size must be specified in milliseconds (ms).
The traffic shape converge rate depends on the traffic pattern and the time slice (Tc) parameter, which is
directly affected by the bc that you configured. The Tc and the average rate configured are used to
calculate bits per interval sustained. Therefore, to ensure that the shape rate is enforced, use a bc that
results in a Tc greater than 10 ms.
Hierarchical Policy Maps

The shape (percent) command, when used in “child” (hierarchical) policy maps, is not supported on the
Cisco 7500, the Cisco 7200, or lower series routers. Therefore, the shape (percent) command cannot be
configured for use in hierarchical policy maps on these routers.
How Bandwidth Is Calculated

The shape (percent) command is often used in conjunction with the bandwidth and priority commands.
The bandwidth and priority commands can be used to calculate the total amount of bandwidth available
on an entity (for example, a physical interface). When the bandwidth and priority commands calculate
the total amount of bandwidth available on an entity, the following guidelines are invoked:
• If the entity is a physical interface, the total bandwidth is the bandwidth on the physical interface.
• If the entity is a shaped ATM permanent virtual circuit (PVC), the total bandwidth is calculated as
follows:
– For a variable bit rate (VBR) virtual circuit (VC), the sustained cell rate (SCR) is used in the
calculation.
– For an available bit rate (ABR) VC, the minimum cell rate (MCR) is used in the calculation.
For more information on bandwidth allocation, see the “Congestion Management Overview” chapter in
Examples The following example configures traffic shaping using an average shaping rate on the basis of a
percentage of bandwidth. In this example, 25 percent of the bandwidth has been specified. Additionally,
an optional be value and bc value (100 ms and 400 ms, respectively) have been specified.
Router> enable

QOS-710
shape (percent)
Router(config-pmap)# class-map class1

Router(config-pmap-c)# shape average percent 25 20 ms be 100 ms bc 400 ms
After the policy map and class maps are configured, the policy map is attached to interface as shown in
the following example.
Router> enable

policy map.
class (policy-map) Specifies the name of the class whose policy you want to create or change
police (percent) Configures traffic policing on the basis of a percentage of bandwidth
available on an interface.
shape max-buffers Specifies the maximum number of buffers allowed on shaping queues.

QOS-711
shape (policy-map class)

To shape traffic to the indicated bit rate according to the algorithm specified, or to enable ATM overhead
accounting, use the shape command in policy-map class configuration mode. To remove shaping and
leave the traffic unshaped, use the no form of this command.
shape [average | peak] mean-rate [burst-size] [excess-burst-size]
no shape [average | peak]
Cisco 7300 Series Router and Cisco 7600 Series Router
shape [average | peak] mean-rate [burst-size] [excess-burst-size] account {qinq | dot1q} aal5
{subscriber-encapsulation | {user-defined offset}}
no shape [average | peak] mean-rate [burst-size] [excess-burst-size] account {qinq | dot1q} aal5
{subscriber-encapsulation | {user-defined offset}}
shape [average | peak] mean-rate [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation]
no shape [average | peak] mean-rate [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation]
shape [average] mean-rate [unit] [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation
no shape [average] mean-rate [unit] [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation
shape [average] mean-rate [burst-size] [excess-burst-size] account {{{qinq | dot1q} {aal5 | aal3}
{subscriber-encapsulation}} | {user-defined offset [atm]}}
no shape [average] mean-rate [burst-size] [excess-burst-size] account {{{qinq | dot1q} {aal5 |

aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
Syntax Description average (Optional) Committed Burst (Bc) is the maximum number of bits sent
out in each interval.
peak (Optional) Bc + Excess Burst (Be) is the maximum number of bits
sent out in each interval.

QOS-712
mean-rate (Optional) Also called committed information rate (CIR). Indicates

the bit rate used to shape the traffic, in bits per second. When this
command is used with backward explicit congestion notification
(BECN) approximation, the bit rate is the upper bound of the range
of bit rates that will be permitted.
unit Specifies the unit of the specified bit rate (for example, kbps).
burst-size (Optional) The number of bits in a measurement interval (Bc).
excess-burst-size (Optional) The acceptable number of bits permitted to go over the Be.
aal3 Specifies the ATM Adaptation Layer 5 that supports both
connectionless and connection-oriented links. You must specify
either aal3 or aal5.
Note For the Cisco 7300 and Cisco 7600 series routers, the aa13
keyword is not supported.
user-defined Specifies that the router is to use an offset size when calculating ATM
overhead.
offset Specifies the offset size when calculating ATM overhead. Valid
values are from –63 to 63 bytes.
Note For the Cisco 7300 and Cisco 7600 series routers, valid
values are from –48 to +48 bytes.
Note The router configures the offset size if you do not specify the
user-defined offset option.
atm Applies ATM cell tax in the ATM overhead calculation.
Note For the Cisco 7300 and Cisco 7600 series routers, the atm
keyword is not supported.
Note Configuring both the offset and atm options adjusts the
packet size to the offset size and then adds ATM cell tax.
Command Default When the excess burst size (Be) is not configured, the default Be value is equal to the committed burst
size (Bc). For more information about burst size defaults, see the “Usage Guidelines” section.
Traffic shaping overhead accounting for ATM is disabled.

12.0(17)SL This command was integrated into Cisco IOS Release 12.0(17)SL
and implemented on the PRE1 for the Cisco 10000 series router.
12.2(16)BX This command was integrated into Cisco IOS Release 12.2(16)BX
and implemented on the PRE2 for the Cisco 10000 series router.

QOS-713
12.2(31)SB2 This command was enhanced for ATM overhead accounting and
12.2(31)SB6 This command was enhanced to specify an offset size when
calculating ATM overhead and implemented on the Cisco 10000
series router for the PRE3.
Usage Guidelines The measurement interval is the committed burst size (Bc) divided by committed information rate (CIR).
Bc cannot be set to 0. If the measurement interval is too large (greater than 128 milliseconds), the system
subdivides it into smaller intervals.
If you do not specify the committed burst size (Bc) and the excess burst size (Be), the algorithm decides
the default values for the shape entity. The algorithm uses a 4 milliseconds measurement interval, so Bc
is CIR * (4 / 1000).
Burst sizes larger than the default committed burst size (Bc) need to be explicitly specified. The larger
the Bc, the longer the measurement interval. A long measurement interval may affect voice traffic
latency, if applicable.
When the excess burst size (Be) is not configured, the default value is equal to the committed burst size
(Bc).
Traffic Shaping on the Cisco 10000 Series Performance Routing Engine

The Cisco 10000 series router does not support the peak keyword.
On the PRE2, you specify a shape rate and a unit for the rate. Valid values for the rate are from 1 to
2488320000 and units are bps, kbps, mbps, gbps. The default unit is kbps. For example:
shape 128000 bps
On the PRE3, you only need to specify a shape rate. Because the unit is always bps on the PRE3, the unit
argument is not available. Valid values for the shape rate are from 1000 to 2488320000.
shape 1000
The PRE3 accepts the PRE2 shape command as a hidden command. However, the PRE3 rejects the
PRE2 shape command if the specified rate is outside the valid PRE3 shape rate range (1000 to
2488320000).
Traffic Shaping Overhead Accounting for ATM (Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco
10000 Series Router)
When configuring ATM overhead accounting on the Cisco 7300 series router, the Cisco 7600 series
router, or the Cisco 10000 series router, you must specify the BRAS-DSLAM, DSLAM-CPE, and
subscriber line encapsulation types. The router supports the following subscriber line encapsulation
types:
• snap-rbe

QOS-714
• mux-rbe
• snap-dot1q-rbe
• mux-dot1q-rbe
• snap-pppoa
• mux-pppoa
• snap-1483routed
• mux-1483routed
For hierarchical policies, configure ATM overhead accounting in the following ways:
• Enabled on parent—If you enable ATM overhead accounting on a parent policy, you are not required
to enable accounting on the child policy.
• Enabled on child and parent—If you enable ATM overhead accounting on a child policy, then you
must enable ATM overhead accounting on the parent policy.
The encapsulation types must match for the child and parent policies.
The user-defined offset values must match for the child and parent policies.
Examples The following example configures a shape entity with a CIR of 1 Mbps and attaches the policy map
called dts-interface-all-action to interface pos1/0/0:
policy-map dts-interface-all-action
class class-interface-all
interface pos1/0/0
service-policy output dts-interface-all-action
Traffic Shaping Overhead Accounting for ATM

When a parent policy has ATM overhead accounting enabled for shaping, you are not required to enable
accounting at the child level using the police command. In the following configuration example, ATM
overhead accounting is enabled for bandwidth on the gaming and class-default class of the child policy
map named subscriber_classes and on the class-default class of the parent policy map named
subscriber_line. The voip and video classes do not have ATM overhead accounting explicitly enabled.
These priority classes have ATM overhead accounting implicitly enabled because the parent policy has
ATM overhead accounting enabled. Notice that the features in the parent and child policies use the same
encapsulation type.
policy-map subscriber_classes
class voip
priority level 1
police 8000
class video
priority level 2
police 20
class gaming
bandwidth remaining percent 80 account aal5 snap-rbe-dot1q
class class-default
bandwidth remaining percent 20 account aal5 snap-rbe-dot1q
policy-map subscriber_line
class class-default
bandwidth remaining ratio 10 account aal5 snap-rbe-dot1q
shape average 512 account aal5 snap-rbe-dot1q
service policy subscriber_classes

QOS-715
In the following example, the router will use 20 overhead bytes and ATM cell tax in calculating ATM
overhead. The child and parent policies contain the required matching offset values. The parent policy
is attached to virtual template 1.
policy-map child
class class1
bandwidth 500 account user-defined 20 atm
class class2
shape average 30000 account user-defined 20 atm

to a policy map, and enables ATM overhead accounting.
shape adaptive Configures a Frame Relay interface or a point-to-point subinterface
to estimate the available bandwidth by BECN integration while
traffic shaping is enabled.
shape fecn-adapt Configures a Frame Relay PVC to reflect received FECN bits as
BECN bits in Q.922 TEST RESPONSE messages.
map or all classes for all existing policy maps. If configured, the
command output includes information about ATM overhead
accounting.
show running-config Displays the current configuration of the router. If configured, the
accounting.

QOS-716
shape adaptive
shape adaptive
To configure a Frame Relay interface or a point-to-point subinterface to estimate the available bandwidth
by backward explicit congestion notification (BECN) integration while traffic shaping is enabled, use
the shape adaptive command in policy-map class configuration mode. To leave the available bandwidth
unestimated, use the no form of this command.
shape adaptive mean-rate-lower-bound
no shape adaptive
Syntax Description mean-rate-lower-bound Specifies the lower bound of the range of permitted bit rates.
Command Default Bandwidth is not estimated.

12.2(13)T This command was implemented on the Cisco 1700 series,
Cisco 2500 series, Cisco 2600 series, Cisco 3620 router, Cisco 3631
router, Cisco 3640 router, Cisco 3660 router, Cisco 3725 router,
Cisco 3745 router, Cisco 7200 series, Cisco 7400 series routers.
Usage Guidelines If traffic shaping is not enabled, this command has no effect.
When continuous BECN messages are received, the shape entity immediately decreases its maximum
shape rate by one-fourth for each BECN message received until it reaches the lower bound committed
information rate (CIR). If, after several intervals, the interface has not received another BECN and traffic
is waiting in the shape queue, the shape entity increases the shape rate back to the maximum rate by 1/16
for each interval. A shape entity configured with the shape adaptive mean-rate-lower-bound command
will always be shaped between the mean rate upper bound and the mean rate lower bound.

QOS-717
shape adaptive
Examples The following example configures a shape entity with CIR of 128 kbps and sets the lower bound CIR to
64 kbps when BECNs are received:
policy-map dts-p2p-all-action
class class-p2p-all
shape adaptive 64000

QOS-718
shape fecn-adapt
shape fecn-adapt
To configure a Frame Relay interface to reflect received forward explicit congestion notification (FECN)
bits as backward explicit congestion notification (BECN) bits in Q.922 TEST RESPONSE messages, use
the shape fecn-adapt command in policy-map class configuration mode. To configure the Frame Relay
interface to not reflect FECN as BECN, use the no form of this command.
shape fecn-adapt
no shape fecn-adapt
Command Default No default behavior or values.

12.2(13)T This command was implemented on the Cisco 1700 series,
Cisco 2500 series, Cisco 2600 series, Cisco 3620 router, Cisco 3631
router, Cisco 3640 router, Cisco 3660 router, Cisco 3725 router,
Cisco 3745 router, Cisco 7200 series, Cisco 7400 series routers.
Usage Guidelines When the downstream Frame Relay switch is congested, a Frame Relay interface or point-to-point
interface receives a Frame Relay message with the FECN bit on. This message may be an indication that
no traffic is waiting to carry a BECN to the far end (voice/multimedia traffic is one-way). When the
shape fecn-adapt command is configured, a small buffer is allocated and a Frame Relay TEST
RESPONSE is built on behalf of the Frame Relay switch. The Frame Relay TEST RESPONSE is
equipped with the triggering data-link connection identifier (DLCI) of the triggering mechanism. It also
sets the BECN bit and sends it out to the wire.

QOS-719
shape fecn-adapt
Examples The following example configures a shape entity with a committed information rate (CIR) of 1 Mbps
and adapts the Frame Relay message with FECN to BECN:
policy-map dts-p2p-all-action
class class-p2p-all
shape fecn-adapt

shape adaptive Configures a Frame Relay interface or a point-to-point subinterface
to estimate the available bandwidth by BECN integration while
traffic shaping is enabled.
shape (percent) Configures an interface to shape traffic to an indicated bit rate.

QOS-720
shape max-buffers
shape max-buffers
To specify the number of buffers allowed on shaping queues, use the shape max-buffers command in
class-map configuration mode. To set the number of buffers to its default value, use the no form of this
command.
shape max-buffers number-of-buffers
no shape max-buffers
Syntax Description number-of-buffers Specifies the number of buffers. The minimum number of buffers is 1; the
maximum number of buffers is 4096.
Command Default 1000 buffers are preset.

12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T, but
without support for hierarchical queueing framework (HQF). See the
“Usage Guidelines” for additional information.
Usage Guidelines You can specify the maximum number of buffers allowed on shaping queues for each class configured
to use Generic Traffic Shaping (GTS).
You configure this command under a class in a policy map. However, the shape max-buffers command
is not supported for HQF in Cisco IOS Release 12.4(20)T. Use the queue-limit command, which
provides similar functionality.
Examples The following example configures shaping and sets the maximum buffer limit to 100:
shape max-buffers 100

QOS-721
shape max-buffers

policy map.
policy-map Creates or modifies a policy map that can be attached to one or more interfaces
to specify a service policy.
queue-limit Specifies or modifies the maximum number of packets a queue can hold for a
class policy configured in a policy map.
service-policy Attaches a policy map to an input interface or VC, or an output interface or VC,
to be used as the service policy for that interface or VC.

QOS-722
show access-lists rate-limit

To display information about rate-limit access lists, use the show access-lists rate-limit command in
EXEC mode.
show access-lists rate-limit [acl-index]
Syntax Description acl-index (Optional) Rate-limit access list number from 1 to 299.
Command Modes EXEC

Examples The following is sample output from the show access-lists rate-limit command:
Router# show access-lists rate-limit
Rate-limit access list 1

0
1
2
3
4
5
mask FF
mask 0F
mask F0
1001.0110.1111
00E0.34B8.D840
1111.1111.1111

QOS-723
The following is sample output from the show access-lists rate-limit command when specific rate-limit
access lists are specified:
Router# show access-lists rate-limit 1

0

mask FF

00E0.34B8.D840
Table 41 describes the significant fields shown in the displays.
Table 41 show access-lists rate-limit Field Descriptions
Field Description
Rate-limit access list Rate-limit access list number. A number from 1 to 99 represents a
precedence-based access list. A number from 100 to 199 indicates a
MAC address-based access list.
0 IP Precedence for packets in this rate-limit access list.
mask FF IP Precedence mask for packets in this rate-limit access list.
1001.0110.1111 MAC address for packets in this rate-limit access list.

show access-lists Displays the contents of current IP and rate-limit access lists.

QOS-724
show atm bundle
show atm bundle

To display the bundle attributes assigned to each bundle virtual circuit (VC) member and the current
working status of the VC members, use the show atm bundle command in privileged EXEC mode.
show atm bundle bundle-name
Syntax Description bundle-name The name of the bundle whose member information is displayed. This is the
bundle name specified by the bundle command when the bundle was
created.

Examples The following is sample output from the show atm bundle command (* indicates that this VC is the VC
for all precedence levels not explicitly configured):
Router# show atm bundle
new-york on atm1/0.1 Status: UP
Config. Active Bumping PG/ Peak Avg/Min Burst

Name VPI/VCI Preced. Preced. Predec./ PV kbps kbps Cells Status
Accept
ny-control 0/207 7 7 4 /Yes pv 10000 5000 32 UP

ny-premium 0/206 6-5 6-5 7 /No pg 20000 10000 32 UP
ny-priority 0/204 4-2 4-2 1 /Yes pg 10000 3000 UP
ny-basic* 0/201 1-0 1-0 - /Yes pg 10000 UP
los-angeles on atm1/0.1 - Status: UP
Config. Active Bumping pg/ Peak Avg/Min Burst

Name VPI/VCI Preced. Preced. Predec./ pv kbps kbps Cells Status
Accept
la-high 0/407 7-5 7-5 4 /Yes pv 20000 5000 32 UP

la-med 0/404 4-2 4-2 1 /Yes pg 10000 3000 UP
la-low* 0/401 1-0 1-0 - /Yes pg 10000 UP
san-francisco on atm1/0.1 Status: UP
Config. Active Bumping PG/ Peak Avg/Min Burst

Name VPI/VCI Preced. Preced. Predec./ PV kbps kbps Cells Status

QOS-725
show atm bundle
Accept
sf-control 0/307 7 7 4 /Yes pv 10000 5000 32 UP

sf-premium 0/306 6-5 6-5 7 /No pg 20000 10000 32 UP
sf-priority 0/304 4-2 4-2 1 /Yes pg 10000 3000 UP
sf-basic* 0/301 1-0 1-0 - /Yes pg 10000 UP

show atm bundle Displays statistics on the specified bundle.
statistics
show atm map Displays the list of all configured ATM static maps to remote hosts on an
ATM network.

QOS-726
show atm bundle statistics

To display statistics or detailed statistics on the specified bundle, use the show atm bundle statistics
show atm bundle bundle-name statistics [detail]
Syntax Description bundle-name Specifies the name of the bundle whose member information is displayed.
This is the bundle name specified by the bundle command when the bundle
was created.
detail (Optional) Displays detailed statistics.

Examples The following is sample output from the show atm bundle statistics command:
Router# show atm bundle san-jose statistics
Bundle Name: Bundle State: UP

AAL5-NLPID
OAM frequency : 0 second(s), OAM retry frequency: 1 second(s)
OAM up retry count: 3, OAM down retry count: 5
BUNDLE is not managed.
InARP frequency: 15 minute(s)
InPkts: 3, OutPkts: 3, Inbytes: 1836, Outbytes: 1836
InPRoc: 3, OutPRoc: 0, Broadcasts: 3
InFast: 0, OutFast: 0, InAS: 0, OutAS: 0
Router# show atm bundle san-jose statistics detail
Bundle Name: Bundle State: UP

AAL5-NLPID
OAM frequency: 0 second(s), OAM retry frequency: 1 second(s)
BUNDLE is not managed.
InPkts: 3, OutPkts: 3, InBytes; 1836, OutBytes: 1836
InFast: 0, OutFast: 0, InAS: 0, OutAS: 0
ATM1/0.52: VCD: 6, VPI: 0 VCI: 218, Connection Name: sj-basic

UBR, PeakRate: 155000
AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0xE00

QOS-727

OAM Loopbavk status: OAM Disabled
OMA VC state: Not Managed
ILMI VC state: Not Managed
InPRoc: 3, OutPRoc: 0,Broadcasts: 3
InFast: 0, OutFast: 0, InAS: 0, OututAS: 0
OAM cells received: 0
F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0
F4 InEndloop: 0, F4 OutSegloop:0, F4 InAIS: 0, F4 InRDI: 0
OAM cells sent: 0
F5 OutEndloop: 0. F5 OutSegloop: 0, f5 Out RDI:0
F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OUtRDI: 0
OAM cell drops: 0
Status; UP
ATM1/0.52: VCD: 4, VPI: 0 VCI: 216, Connection Name: sj-premium

UBR, PeakRate: 155000
AAL5-LLC/SNAP, etype: 0x0, Flags: 0xC20, VCmode: 0xE000
OAM Loopback status: OAM Disabled
OAM VC state: Not Managed
ILMI VC state: Not Managed
InFast: 0, OutFast: 0, InAS: 0
OAM cells received: 0
F5 InEndloop: 0, F4 InSegloop: 0, F4InAIS; 0, F4 InRDI: 0
F4 OutEndloop: 0, F4 OutSegloop: F4 OutRDI: 0
OAM cell drops: 0
Status: UP

show atm bundle Displays the bundle attributes assigned to each bundle VC member and the
current working status of the VC members.
show atm map Displays the list of all configured ATM static maps to remote hosts on an
ATM network.

QOS-728
show atm bundle svc
show atm bundle svc

To display the bundle attributes assigned to each bundle virtual circuit (VC) member and the current
working status of the VC members, use the show atm bundle svc command in privileged EXEC mode.
show atm bundle svc [bundle-name]
Syntax Description bundle-name (Optional) Name of the switched virtual circuit (SVC) bundle to be
displayed, as identified by the bundle svc command.
Command Default If no bundle name is specified, all SVC bundles configured on the system are displayed.

Examples The following example provides output for the show atm bundle svc command. The bundle named
“finance” is configured on ATM interface 1/0.1 with eight members. All of the members are up except
bundle member zero. Bundle member zero is the default member, which if initiated once will always be
on and used as the default for all traffic.
Router# show atm bundle svc finance
finance on ATM1/0.1:UP
Config Current Peak Avg/Min Burst

VC Name VPI/VCI Preced. Preced. Kbps kbps Cells Sts
seven 0/37 7 7 10000 5000 32 UP

six 0/36 6 6 6000 UP
five 0/40 5 5 5000 UP
four 0/41 4 4 4000 UP
three 0/42 3 3 3000 UP
two 0/43 2 2 2000 UP
one 0/44 1 1 1000 UP
zero* 0

QOS-729
show atm bundle svc
Table 42 describes the significant fields in the display.
Table 42 show atm bundle svc Field Descriptions
Field Description
finance on ATM1/0.1: UP Name of SVC bundle, interface type and number,
status of bundle.
VC Name Name of SVC bundle.
VPI/VCI Virtual path identifier / virtual channel identifier.
Config. Preced. Configured precedence.
Current Preced. Current precedence.
Peak Kbps Peak kbps for the SVC.
Avg/Min kbps Average or minimum kbps for the SVC.
Sts Status of the bundle member.
* Indicates the default bundle member.

bundle svc Creates or modifies an SVC bundle.

QOS-730
show atm bundle svc statistics

To display the statistics of a switched virtual circuit (SVC) bundle, use the show atm bundle svc
statistics command in privileged EXEC mode.
show atm bundle svc bundle-name statistics
Syntax Description bundle-name Name of the SVC bundle as identified by the bundle svc command.

Examples The following example provides output for the show atm bundle svc statistics command using a bundle
named “city”:
Router# show atm bundle svc city statistics
Bundle Name:Bundle State:INITIALIZING

AAL5-NLPID
OAM frequency:0 second(s), OAM retry frequency:10 second(s)
OAM up retry count:4, OAM down retry count:3
BUNDLE is managed by.
InARP frequency:15 minutes(s)
InPkts:0, OutPkts:0, InBytes:0, OutBytes:0
InPRoc:0, OutPRoc:0, Broadcasts:0
InFast:0, OutFast:0, InAS:0, OutAS:0
InPktDrops:0, OutPktDrops:0
CrcErrors:0, SarTimeOuts:0, OverSizedSDUs:0,
LengthViolation:0, CPIErrors:0
Table 43 describes the significant fields in the display.
Table 43 show atm bundle svc statistics Field Descriptions
Field Description
Bundle Name: Name of the bundle.
Bundle State: State of the bundle.
BUNDLE is managed Bundle management.
by.
InARP frequency: Number of minutes between Inverse ARP messages, or “DISABLED” if
Inverse ARP is not in use on this VC.
InPkts: Total number of packets received on this virtual circuit (VC), including all
fast-switched and process-switched packets.

QOS-731
Table 43 show atm bundle svc statistics Field Descriptions (continued)
Field Description
OutPkts: Total number of packets sent on this VC, including all fast-switched and
process-switched packets.
InBytes: Total number of bytes received on this VC, including all fast-switched and
OutBytes: Total number of bytes sent on this VC, including all fast-switched and
InPRoc: Number of incoming packets being process switched.
OutPRoc: Number of outgoing packets being process switched.
Broadcasts: Number of process-switched broadcast packets.
InFast: Number of incoming packets being fast switched.
OutFast: Number of outgoing packets being fast switched.
InAS Number of autonomous-switched or silicon-switched input packets received.
OutAS Number of autonomous-switched or silicon-switched input packets sent.
InPktDrops: Number of incoming packets dropped.
OutPktDrops: Number of outgoing packets dropped.
CrcErrors: Number of cyclic redundancy check (CRC) errors.
SarTimeOuts: Number of packets that timed out before segmentation and reassembly
occurred.
LengthViolation: Number of packets too long or too short.

bundle svc Creates or modifies an SVC bundle.

QOS-732
show auto discovery qos

To display the data collected during the Auto-Discovery (data collection) phase of the AutoQoS for the
Enterprise feature, use the show auto discovery qos command in privileged EXEC mode.
show auto discovery qos [interface [type number]]
Syntax Description interface (Optional) Indicates that the configurations for a specific interface type will
be displayed.
type number (Optional) Specifies the interface type and number.
Command Default Displays the configurations created for all interface types.

12.3(11)T Command output was modified to include suggested policy map
information.
Usage Guidelines The suggested policy output (shown in the example below) lets you preview class maps and policy maps
before you issue the auto qos command on an interface. You can then continue with the Auto-Discovery
phase until more data is gathered or you can cut and paste the existing data and edit it as desired.
Examples The following is sample output from the show auto discovery qos command. This example displays the
data collected during the Auto-Discovery (data collection) phase using DSCP classification in trusted
mode and includes suggested policy map information.
Router# show auto discovery qos
Serial2/1.1
AutoQoS Discovery enabled for trusted DSCP
Discovery up time: 2 hours, 42 minutes
AutoQoS Class information:
Class Voice:
Recommended Minimum Bandwidth: 118 Kbps/1% (PeakRate)
Detected DSCPs and data:
DSCP value AverageRate PeakRate Total
(kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
46/ef 106/1 118/1 129510064
Class Interactive Video:
Recommended Minimum Bandwidth: 25 Kbps/<1% (AverageRate)

QOS-733
----------- ----------- -------- ------------

34/af41 25/<1 28/<1 31084292
Class Signaling:
----------- ----------- -------- ------------
24/cs3 50/<1 56/<1 61838040
Class Streaming Video:
----------- ----------- -------- ------------
32/cs4 79/<1 88/<1 96451788
Class Transactional:
Recommended Minimum Bandwidth: 105 Kbps/1% (AverageRate)
----------- ----------- -------- ------------
18/af21 105/1 117/1 127798678
Class Bulk:
Recommended Minimum Bandwidth: 132 Kbps/1% (AverageRate)
----------- ----------- -------- ------------
10/af11 132/1 147/1 160953984
Class Scavenger:
Recommended Minimum Bandwidth: 24 Kbps (AverageRate)/0% (fixed)
----------- ----------- -------- ------------
8/cs1 24/<1 27/<1 30141238
Class Management:
----------- ----------- -------- ------------
16/cs2 34/<1 38/<1 41419740
Class Routing:
----------- ----------- -------- ------------
48/cs6 7/<1 7/<1 8634024
Class Best Effort:
Current Bandwidth Estimation: 820 Kbps/8% (AverageRate)
----------- ----------- -------- ------------
0/default 820/8 915/9 997576380
Suggested AutoQoS Policy based on a discovery uptime of 2 hours, 42 minutes:
!
class-map match-any AutoQoS-Voice-Trust
match ip dscp ef

QOS-734
!
class-map match-any AutoQoS-Inter-Video-Trust
match ip dscp af41
!
class-map match-any AutoQoS-Signaling-Trust
match ip dscp cs3
!
class-map match-any AutoQoS-Stream-Video-Trust
match ip dscp cs4
!
class-map match-any AutoQoS-Transactional-Trust
match ip dscp af21
match ip dscp af22
match ip dscp af23
!
class-map match-any AutoQoS-Bulk-Trust
match ip dscp af11
match ip dscp af12
match ip dscp af13
!
class-map match-any AutoQoS-Scavenger-Trust
match ip dscp cs1
!
class-map match-any AutoQoS-Management-Trust
match ip dscp cs2
!
class-map match-any AutoQoS-Routing-Trust
match ip dscp cs6
!
policy-map AutoQoS-Policy-S2/1.1Trust
class AutoQoS-Voice-Trust
priority percent 1
class AutoQoS-Inter-Video-Trust
bandwidth remaining percent 1
class AutoQoS-Signaling-Trust
class AutoQoS-Stream-Video-Trust
class AutoQoS-Transactional-Trust
random-detect dscp-based
class AutoQoS-Bulk-Trust
random-detect dscp-based
class AutoQoS-Scavenger-Trust
class AutoQoS-Management-Trust
class AutoQoS-Routing-Trust
class class-default
fair-queue

QOS-735
Table 44 describes the significant fields shown in the display.
Table 44 show auto discovery qos Field Descriptions
Field Description
Serial2/1.1 The interface or subinterface on which data is being
collected.
AutoQoS Discovery enabled for trusted Indicates that the data collection phase of AutoQoS has
DSCP been enabled.
Discovery up time Indicates the period of time in which data was collected.
AutoQoS Class information Displays information for each AutoQoS class.
Class Voice Information for the named class, along with data
pertaining to the detected applications. This data
includes DSCP value, average rate (in kilobits per second
(kbps)), peak rate (kbps), and total packets (bytes).
Suggested AutoQoS Policy based on a Policy-map and class-map statistics based on a specified
discovery uptime of hours and minutes discovery time.

Enterprise feature.
auto discovery qos Begins discovering and collecting data for configuring the AutoQoS for the
Enterprise feature.

QOS-736
show auto qos
show auto qos

To display the interface configurations, policy maps, and class maps created by AutoQoS on a specific
interface or all interfaces, use the show auto qos command in privileged EXEC mode.
show auto qos [interface [type slot/port]]
Syntax Description interface (Optional) Displays the configurations created by the AutoQoS - VoIP
feature on all the interfaces or PVCs on which the AutoQoS - VoIP feature
is enabled.
When the interface keyword is configured but an interface type is not
specified, the show auto qos interface command displays the configurations
created by the AutoQoS - VoIP feature on all the interfaces or Permanent
Virtual Circuits (PVCs) on which the AutoQoS - VoIP feature is enabled.
type (Optional) Specifies an interface type; valid values are atm, ethernet,
fastethernet, ge-wan, gigabitethernet, pos, and tengigabitethernet.
slot/port Module and port number.
Command Default Configurations created for all interface types are displayed.

12.2(15)T This command was introduced as part of the AutoQoS—VoIP feature.
12.3(7)T This command was modified for the AutoQoS for the Enterprise feature. The
command displays the classes, class maps, and policy maps created on the
basis of the data collected during the Auto-Discovery phase of the AutoQoS
for the Enterprise feature.
Usage Guidelines The show auto qos interface command can be used with Frame Relay data-link connection identifiers
(DLCIs) and ATM permanent virtual circuits (PVCs).
When the AutoQoS—VoIP or the AutoQos for the Enterprise features are enabled, configurations are
generated for each interface or PVC. These configurations are then used to create the interface
configurations, policy maps, class maps, and access control lists (ACLs) for use on the network. The
show auto qos command can be used to verify the contents of the interface configurations, policy maps,
class maps, and ACLs.

QOS-737
show auto qos
Catalyst 6500 Series Switches

AutoQoS is supported on the following modules:
• WS-X6548-RJ45
• WS-X6548-RJ21
• WS-X6148-GE_TX
• WS-X6548-GE-TX-CR
• WS-X6148-RJ45V
• WS-X6148-RJ21V
• WS-X6348-RJ45
• WS-X6348-RJ21
• WS-X6248-TEL
Examples show auto qos interface Command: Configured for the AutoQoS—VoIP Feature
When the interface keyword is configured along with the corresponding type slot/port argument, the
show auto qos interface type slot/port command displays the configurations created by the
AutoQoS—VoIP feature on the specified interface.
In the following example, the serial subinterface 6/1.1 has been specified:
Router# show auto qos interface serial6/1.1
S6/1.1: DLCI 100 -

!
interface Serial6/1
!
interface Serial6/1.1 point-to-point
class AutoQoS-VoIP-FR-Serial6/1-100
!
map-class frame-relay AutoQoS-VoIP-FR-Serial6/1-100
frame-relay bc 5120
frame-relay be 0
service-policy output AutoQoS-Policy-UnTrust
When the interface keyword is configured but an interface type is not specified, the show auto qos
interface command displays the configurations created by the AutoQoS—VoIP feature on all the
interfaces or PVCs on which the AutoQoS—VoIP feature is enabled.
Router# show auto qos interface
Serial6/1.1: DLCI 100 -

!
interface Serial6/1
!

QOS-738
show auto qos
!
frame-relay bc 5120
frame-relay be 0
ATM2/0.1: PVC 1/100 -

!
interface ATM2/0.1 point-to-point
pvc 1/100
tx-ring-limit 3
encapsulation aal5mux ppp Virtual-Template200
!
interface Virtual-Template200
bandwidth 512
ip address 10.10.107.1 255.255.255.0
ppp multilink
ppp multilink fragment-delay 10
ppp multilink interleave
The following example displays all of the configurations created by the AutoQoS—VoIP feature:
Router# show auto qos

!
interface Serial6/1
!
!
frame-relay bc 5120
frame-relay be 0
Table 45 show auto qos Field Descriptions (AutoQoS—VoIP Feature Configured)
Field Description
class AutoQoS-VoIP-FR-Serial6/1-100 Name of the class created by the AutoQoS—VoIP
feature. In this instance, the name of the class is
AutoQoS-VoIP-FR-Serial6/1-100.
service-policy output Indicates that the policy map called
AutoQoS-Policy-UnTrust “AutoQoS-Policy-UnTrust” has been attached to an
interface in the outbound direction of the interface.

QOS-739
show auto qos
show auto qos interface Command: Configured for the AutoQoS for the Enterprise Feature
The following is sample output from the show auto qos command. This example displays the classes,
class maps, and policy maps created on the basis of the data collected during the Auto-Discovery phase
of the AutoQoS for the Enterprise feature.
Router# show auto qos
!
policy-map AutoQoS-Policy-Se2/1.1
class AutoQoS-Voice-Se2/1.1
priority percent 70
set dscp ef
class AutoQoS-Inter-Video-Se2/1.1
set dscp af41
class AutoQoS-Stream-Video-Se2/1.1
set dscp cs4
class AutoQoS-Transactional-Se2/1.1
set dscp af21
class AutoQoS-Scavenger-Se2/1.1
set dscp cs1
class class-default
fair-queue
!
policy-map AutoQoS-Policy-Se2/1.1-Parent
class class-default
service-policy AutoQoS-Policy-Se2/1.1
!
class-map match-any AutoQoS-Stream-Video-Se2/1.1
match protocol cuseeme
!
class-map match-any AutoQoS-Transactional-Se2/1.1
match protocol sqlnet
!
class-map match-any AutoQoS-Voice-Se2/1.1
match protocol rtp audio
!
class-map match-any AutoQoS-Inter-Video-Se2/1.1
match protocol rtp video
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner
AutoQoS
!
class AutoQoS-FR-Serial2/1-58
!
map-class frame-relay AutoQoS-FR-Serial2/1-58
frame-relay bc 10240
frame-relay be 0
service-policy output AutoQoS-Policy-Se2/1.1-Parent

QOS-740
show auto qos
Table 46 show auto qos Field Descriptions (AutoQoS for the Enterprise Feature Configured)
Field Description
policy-map AutoQoS-Policy-Se2/1.1 Name of the policy map created by the AutoQoS feature.
In this instance the name of the policy map is
AutoQoS-Policy-Se2/1.1.
class AutoQoS-Voice-Se2/1.1 Name of class created by the AutoQoS feature. In this
instance, the name of the class is
priority percent 70
AutoQoS-Voice-Se2/1.1. Following the class name, the
set dscp ef
specific QoS features configured for the class are
displayed.
class-map match-any Name of the class map and the packet matching criteria
AutoQoS-Stream-Video-Se2/1.1 specified.
match protocol cuseeme

auto discovery qos Begins discovering and collecting data for configuring the AutoQoS for the
Enterprise feature.
Enterprise feature.
auto qos voip Configures the AutoQoS—VoIP feature on an interface.
show auto discovery Displays the data collected during the Auto-Discovery phase of the AutoQoS
qos for the Enterprise feature.

QOS-741
show class-map
show class-map
To display all class maps and their matching criteria, use the show class-map command in user or
Cisco 3660, 3845, 6500, 7400, and 7500 Series Routers
show class-map [type {stack | access-control}] [class-map-name]
show class-map [class-map-name]
Syntax Description type stack (Optional) Displays class maps configured to determine the correct protocol
stack in which to examine via flexible packet matching (FPM).
type access-control (Optional) Displays class maps configured to determine the exact pattern to
look for in the protocol stack of interest.
class-map-name (Optional) Name of the class map. The class map name can be a maximum
of 40 alphanumeric characters.
Command Default Shows all class maps.
Command Modes User or privileged EXEC

12.2(13)T This command was modified to display the Frame Relay data-link
connection identifier (DLCI) number as a criterion for matching traffic
inside a class map.
In addition, this command was modified to display Layer 3 packet length as
a criterion for matching traffic inside a class map.
12.2(14)SX Support for this command was introduced on the Cisco 7600 series routers.
12.4(4)T The type, stack, and access-control keywords were added to support FPM.
Usage Guidelines You can use the show class-map command to display all class maps and their matching criteria. If you
enter the optional class-map-name argument, the specified class map and its matching criteria will be
displayed.

QOS-742
show class-map
Examples In the following example, three class maps are defined. Packets that match access list 103 belong to
class c3, IP packets belong to class c2, and packets that come through input Ethernet interface 1/0 belong
to class c1. The output from the show class-map command shows the three defined class maps.
Router# show class-map
Class Map c3
Match access-group 103
Class Map c2
Match protocol ip
Class Map c1
Match input-interface Ethernet1/0
In the following example, a class map called “c1” has been defined, and the Frame Relay DLCI number
of 500 has been specified as a match criterion:
class map match-all c1

match fr-dlci 500
The following example shows how to display class-map information for all class maps:
Class Map match-any class-default (id 0)

Match any
Class Map match-any class-simple (id 2)
Match any
Class Map match-all ipp5 (id 1)
Match ip precedence 5
Class Map match-all agg-2 (id 3)
The following example shows how to display class-map information for a specific class map:
Router# show class-map ipp5
Class Map match-all ipp5 (id 1)

Match ip precedence 5
Table 47 show class-map Field Descriptions1
Field Description
Class Map Class of traffic being displayed. Output is displayed for each configured
class map in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
Match Match criteria specified for the class map. Criteria include the Frame
Relay DLCI number, Layer 3 packet length, IP precedence, IP
differentiated services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental value, access groups, and quality of
service (QoS) groups.
1. A number in parentheses may appear next to the class-map name and match criteria information. The number is for Cisco
internal use only and can be disregarded.

QOS-743
show class-map

match fr-dlci Specifies the Frame Relay DLCI number as a match criterion in a class map.
match packet length Specifies and uses the length of the Layer 3 packet in the IP header as a
(class-map) match criterion in a class map.
on the interface.

QOS-744
show control-plane cef-exception counters

To display the control-plane packet counters for the control-plane cef-exception subinterface, use the
show control-plane cef-exception counters command in privileged EXEC mode.

Usage Guidelines The show control-plane cef-exception counters command displays the following packet counts for
features configured on the control-plane cef-exception subinterface:
• Total number of packets that were processed by the cef-exception subinterface
• Total of packets that were dropped
• Total number of errors
Examples The following is sample output from the show control-plane cef-exception counters command:
Router# show control-plane cef-exception counters
Control plane cef-exception path counters:
Feature Packets Processed/Dropped/Errors

Control Plane Policing 63456/9273/0
Table 48 show control-plane cef-exception counters Field Descriptions
Field Description
Feature Name of the configured feature on this subinterface.
Packets Processed Total number of packets that were processed by the feature.
Dropped Total number of packets that were dropped by the feature.
Errors Total number of errors detected by the feature.

QOS-745

clear control-plane Clears packet counters for control-plane interfaces and subinterfaces.
modify attributes or parameters that are associated with the control-plane of
the device.
counters interface.
features
host features

QOS-746
show control-plane cef-exception features

To display the control-plane features for control-plane cef-exception subinterface, use the show
control-plane cef-exception features command in privileged EXEC mode.
Syntax Descriptions This command has no arguments or keywords.

Usage Guidelines The show control-plane cef-exception features command displays the following aggregate feature
configurations for the control-plane cef-exception subinterface:
• Number of features configured for the control-plane cef-exception subinterface.
• Name of the feature
• Date and time the feature was activated
Examples The following is sample output from the show control-plane cef-exception features command:
Router# show control-plane cef-exception features
Total 1 features configure

Control plane cef-exception path features:
Control Plane Policing activated Nov 09 2005 12:40
Table 49 show control-plane cef-exception features Field Descriptions
Field Description
Total features configured Number of features configured.
Feature Name Name of the configured features.
Activated Date and time the feature was activated.

QOS-747

the device.
show control-plane Displays the control-plane packet counters for the control-plane
counters interface.
features
host features

QOS-748
show control-plane counters

To display the control-plane counters for all control-plane interfaces, use the show control-plane
counters command in privileged EXEC mode.

Usage Guidelines The show control-plane counters command displays the following aggregate packet counts for all
control-plane interfaces and subinterface:
• Total number of packets that were processed by control-plane aggregate host, transit, and
cef-exception subinterfaces
• Total number of packets that were dropped
Examples The following is sample output from the show control-plane counters command:
Router# show control-plane counters
Feature Path Packets Processed/Dropped/Errors

aggregate 43271/6759/0
host 24536/4238/0
transit 11972/2476/0
cef-exception path 6345/0/0
Table 50 show control-plane counters Field Descriptions
Field Description
Feature Name of the interface or subinterface displayed.
Packets Processed Total number of packets that were processed by the subinterface.
Dropped Total number of packets that were dropped.
Errors Total number of errors detected.

QOS-749

the device.
features
host features
transit features

QOS-750
show control-plane features

To display the configured control-plane features, use the show control-plane features command in
Syntax Description This command has no arguments or keywords

Usage Guidelines The show control-plane features command displays control-plane features enabled on the
control-plane aggregate sub-interfaces. Information includes the following:
• Number of features configured for the control plane
Examples The following is sample output from the show control-plane features command:
Router# show control-plane features
Total 1 features configured

Control plane host path features:
TCP/UDP Portfilter activated Nov 09 2005 12:40
Table 51 show control-plane features Field Descriptions
Field Description
Total features configured Number of features configured.
activated Date and time the feature was activated.

QOS-751

the device.
counters interface.
host features
transit features

QOS-752
show control-plane host counters

To display the control-plane packet counters for the control-plane host subinterface, use the show
control-plane host counters command in privileged EXEC mode.

Usage Guidelines The show control-plane host counters command displays the following packet counts for the
control-plane host subinterface:
• Total number of packets that were processed by features configured on the host subinterface
Examples The following is sample output from the show control-plane host counters command:
Router# show control-plane host counters
Control plane host path counters:

TCP/UDP portfilter 46/46/0
Table 52 show control-plane host counters Field Descriptions
Field Description
Feature Name of the feature configured on the host subinterface.
Packets Processed Total number of packets that were processed by the feature.

QOS-753

the device.
counters interface.
features
host features
show control-plane Displays the configured features for the control plane transit subinterface.
transit features

QOS-754
show control-plane host features

To display the configured control-plane features for the control-plane host sub-interface, use the show
control-plane host features command in privileged EXEC mode.

Usage Guidelines The show control-plane host features command displays the features configured for the control-plane
host subinterface. Information includes the following:
Examples The following is sample output from the show control-plane host features command:
Router# show control-plane host features
Control plane host path features:
TCP/UDP Portfilter activated Nov 09 2005 12:40
Table 53 show control-plane host features Field Descriptions
Field Description
activated Date and time the feature was activated.

QOS-755

the device.
counters interface.
features
transit features

QOS-756
show control-plane host open-ports

To display a list of open TCP/UDP ports that are registered with the port-filter database, use the show
control-plane host open-ports command in privileged EXEC mode.

Usage Guidelines The show control-plane host open-ports command displays a list of open TCP/UDP ports that are
registered with the port-filter database.
Examples The following is sample output from the show control-plane host open-ports command.
Router# show control-plane host open-ports
Active internet connections (servers and established)

Port Local Address Foreign Address Service State
tcp *:23 *:0 Telnet LISTEN
tcp *:53 *:0 DNS Server LISTEN
tcp *:80 *:0 HTTP CORE LISTEN
tcp *:1720 *:0 H.225 LISTEN
tcp *:5060 *:0 SIP LISTEN
tcp *:23 192.0.2.18:58714 Telnet ESTABLISHED
udp *:53 *:0 DNS Server LISTEN
udp *:67 *:0 DHCPD Receive LISTEN
udp *:52824 *:0 IP SNMP LISTEN
udp *:5060 *:0 SIP LISTEN
udp *:2517 *:0 CCH323_CT LISTEN
Table 54 show control-plane host open-ports Field Descriptions
Field Description
Port Port type, either TCP or UDP.
Local Address Local IP address and port number. An asterisk (*) indicates that the
service is listening on all configured network interfaces.

QOS-757
Table 54 show control-plane host open-ports Field Descriptions (continued)
Field Description
Foreign Address Remote IP address and port number. An asterisk (*) indicates that the
service is listening on all configured network interfaces.
Service Name of the configured Cisco IOS service listening on the port.
State Listen or Established.

the device.
counters interface.
features
show control-plane Displays the control plane packet counters for the control-plane host
host features
show control-plane Displays the control plane packet counters for the control-plane transit
transit features

QOS-758
show control-plane transit counters

To display the control-plane packet counters for the control-plane transit sub-interface, use the show
control-plane transit counters command in privileged EXEC mode.

Usage Guidelines The show control-plane transit counters command displays the following packet counts for the
control-plane transit subinterface:
• Total number of packets that were processed by the transit subinterface
Examples The following is sample output from the show control-plane transit counters command.
Router# show control-plane transit counters
Control plane transit path counters:

Control Plane Policing63456/2391/0
Table 55 show control-plane transit counters Field Descriptions
Field Description
Feature Name of the feature configured on the transit sub-interface.
Packets Processed Total number of packets that were processed by the configured feature.

QOS-759

the device.
counters interface.
features
host features
transit features

QOS-760
show control-plane transit features

To display the configured control-plane features for the control-plane transit subinterface, use the show
control-plane transit features command in privileged EXEC mode.

Usage Guidelines The show control-plane transit features command displays the control-plane features configured for
the control-plane transit subinterface. Information includes the following:
Examples The following is sample output from the show control-plane transit features command:
Router# show control-plane transit features
Control plane transit path features:
Control Plane Policing activated Nov 09 2005 12:40
Table 56 show control-plane transit features Field Descriptions
Field Description
Total Features Configured Number of features configured.
Activated Date and time the feature was activated.

QOS-761

the device.
counters interface.
features
host features
show control plane Displays a list of open ports that are registered with the port-filter database.
host open-ports

QOS-762
show cops servers
show cops servers

To display the IP address and connection status of the policy servers for which the router is configured,
use the show cops servers command in EXEC mode.
show cops servers
Command Modes EXEC

Usage Guidelines You can also use the show cops server command to display information about the Common Open Policy
Service (COPS) client on the router.
Examples In the following example, information is displayed about the current policy server and client. When
Client Type appears followed by an integer, 1 stands for Resource Reservation Protocol (RSVP) and 2
stands for Differentiated Services Provisioning. (0 indicates keepalive.)
Router# show cops servers
COPS SERVER: Address: 10.0.0.1. Port: 3288. State: 0. Keepalive: 120 sec
Number of clients: 1. Number of sessions: 1.
COPS CLIENT: Client type: 1. State: 0.

show ip rsvp policy Displays policy server address(es), ACL IDs, and current state of the
cops router-server connection.

QOS-763
show crypto eng qos
show crypto eng qos

To monitor and maintain low latency queueing (LLQ) for IPSec encryption engines, use the show crypto
eng qos command in privileged EXEC mode.
show crypto eng qos

12.2(13)T This command was introduced in Cisco IOS Release 12.2(13)T.
12.2(33)SRA This command was integrated into Cisco IOS release 12.(33)SRA.
Usage Guidelines Use the show crypto eng qos command to determine if QoS is enabled on LLQ for IPSec encryption
engines.
Examples The following example shows how to determine if LLQ for IPSec encryption engines is enabled:
Router# show crypto eng qos
crypto engine name: Multi-ISA Using VAM2

crypto engine type: hardware
slot: 5
queuing: enabled
visible bandwidth: 30000 kbps
llq size: 0
default queue size/max: 0/64
interface table size: 32
FastEthernet0/0 (3), iftype 1, ctable size 16, input filter:ip

precedence 5
class voice (1/3), match ip precedence 5
bandwidth 500 kbps, max token 100000
IN match pkt/byte 0/0, police drop 0
OUT match pkt/byte 0/0, police drop 0
class default, match pkt/byte 0/0, qdrop 0

crypto engine bandwidth:total 30000 kbps, allocated 500 kbps
The field descriptions in the above display are self-explanatory.

QOS-764
show frame-relay ip rtp header-compression

To display Frame Relay Real-Time Transport Protocol (RTP) header compression statistics, use the
show frame-relay ip rtp header-compression command in user EXEC or privileged EXEC mode.
show frame-relay ip rtp header-compression [interface type number] [dlci]
Syntax Description interface type number (Optional) Specifies an interface for which information will be displayed.
A space between the interface type and number is optional.
dlci (Optional) Specifies a data-link connection identifier (DLCI) for which
information will be displayed. The range is from 16 to 1022.
Command Default RTP header compression statistics are displayed for all DLCIs on interfaces that have RTP header
compression configured.

Privileged EXEC

12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T. The
output for this command was modified to display RTP header compression
statistics for Frame Relay permanent virtual circuit (PVC) bundles.
12.2(27)SBC This command was integrated into Cisco IOS Release 12.2(27)SBC, and
the dlci argument was added.
12.4(9)T The dlci argument was added.
12.4(11)T The output for this command was modified to display Enhanced
Compressed Real-Time Transport Protocol (ECRTP) header compression
Support in a specific 12.2SX release of this train depends on your feature
set, platform, and platform hardware.
Examples The following is sample output from the show frame-relay ip rtp header-compression command:
Router# show frame-relay ip rtp header-compression
DLCI 21 Link/Destination info: ip 10.1.4.1

Interface Serial3/0 DLCI 21 (compression on, Cisco)
Rcvd: 0 total, 0 compressed, 0 errors, 0 status msgs
0 dropped, 0 buffer copies, 0 buffer failures

QOS-765
Sent: 0 total, 0 compressed, 0 status msgs, 0 not predicted

0 bytes saved, 0 bytes sent
Connect: 256 rx slots, 256 tx slots,
0 misses, 0 collisions, 0 negative cache hits, 256 free contexts



The following is sample output from the show frame-relay ip rtp header-compression command when
ECRTP is enabled:
Router# show frame-relay ip rtp header-compression

Interface Serial4/1 DLCI 16 (compression on, IETF, ECRTP)
In the following example, the show frame-relay ip rtp header-compression command displays
information about DLCI 21:
Router# show frame-relay ip rtp header-compression 21



QOS-766

information for all DLCIs on serial interface 3/1:
Router# show frame-relay ip rtp header-compression interface serial3/1



information only for DLCI 21 on serial interface 3/1:
Router# show frame-relay ip rtp header-compression interface serial3/1 21

The following sample output from the show frame-relay ip rtp header-compression command shows
statistics for a PVC bundle called MP-3-static:
Router# show frame-relay ip rtp header-compression interface Serial1/4
vc-bundle MP-3-static Link/Destination info:ip 10.1.1.1

Interface Serial1/4:
Rcvd: 14 total, 13 compressed, 0 errors
Sent: 15 total, 14 compressed,
4.98 efficiency improvement factor

QOS-767
Connect:256 rx slots, 256 tx slots,

1 long searches, 1 misses 0 collisions, 0 negative cache hits
93% hit ratio, five minute miss rate 0 misses/sec, 0 max
Table 57 show frame-relay ip rtp header-compression Field Descriptions
Field Description
Interface Type and number of the interface and type of header compression.
Rcvd: Table of details concerning received packets.
total Number of packets received on the interface.
compressed Number of packets with compressed headers.
errors Number of errors.
dropped Number of dropped packets.
buffer copies Number of buffers that were copied.
buffer failures Number of failures in allocating buffers.
Sent: Table of details concerning sent packets.
total Total number of packets sent.
compressed Number of packets sent with compressed headers.
bytes saved Total savings in bytes because of compression.
bytes sent Total bytes sent after compression.
efficiency improvement factor Compression efficiency.
Connect: Table of details about the connections.
rx slots Total number of receive slots.
tx slots Total number of transmit slots.
long searches Searches that needed more than one lookup.
misses Number of new states that were created.
hit ratio Number of times that existing states were revised.
five minute miss rate Average miss rate.
max Maximum miss rate.

frame-relay ip rtp Specifies the maximum number of RTP header
compression-connections compression connections on a Frame Relay interface.
frame-relay ip rtp header-compression Enables RTP header compression for all Frame Relay maps
on a physical interface.
frame-relay map ip compress Enables both RTP and TCP header compression on a link.
frame-relay map ip nocompress Disables both RTP and TCP header compression on a link.
header-compression
show ip rpf events Displays RTP header compression statistics.

QOS-768
show frame-relay ip tcp header-compression

To display Frame Relay Transmission Control Protocol (TCP)/IP header compression statistics, use the
show frame-relay ip tcp header-compression command in user EXEC or privileged EXEC mode.
show frame-relay ip tcp header-compression [interface type number] [dlci]
Syntax Description interface type number (Optional) Specifies an interface for which information will be displayed.
A space is optional between the type and number.
dlci (Optional) Specifies a data-link connection identifier (DLCI) for which
information will be displayed. Range is from 16 to 1022.

Privileged EXEC

12.2(13)T This command was integrated into Cisco IOS Release 12.2(13)T. The
command was modified to support display of RTP header compression
12.2(27)SBC This command was integrated into Cisco IOS Release 12.2(27)SBC, and the
dlci argument was added.
12.4(9)T The dlci argument was added.
Examples The following is sample output from the show frame-relay ip tcp header-compression command:
Router# show frame-relay ip tcp header-compression

Interface Serial0:
Sent: 0 total, 0 compressed
Connect: 16 rx slots, 16 tx slots, 0 long searches, 0 misses, 0% hit ratio
Five minute miss rate 0 misses/sec, 0 max misses/sec

QOS-769
The following sample output from the show frame-relay ip tcp header-compression command shows
statistics for a PVC bundle called “MP-3-static”:
Router# show frame-relay ip tcp header-compression interface Serial1/4
vc-bundle MP-3-static Link/Destination info:ip 10.1.1.1

Interface Serial1/4:
Sent: 15 total, 14 compressed,
Connect:256 rx slots, 256 tx slots,
1 long searches, 1 misses 0 collisions, 0 negative cache hits
In the following example, the show frame-relay ip tcp header-compression command displays
information about DLCI 21:
Router# show frame-relay ip tcp header-compression 21

Interface POS2/0 DLCI 21 (compression on, VJ)

Interface Serial3/0 DLCI 21 (compression on, VJ)
The following is sample output from the show frame-relay ip tcp header-compression command for a
specific DLCI on a specific interface:
Router# show frame-relay ip tcp header-compression pos2/0 21

Interface POS2/0 DLCI 21 (compression on, VJ)
Table 58 describes the fields shown in the display.
Table 58 show frame-relay ip tcp header-compression Field Descriptions
Field Description
Rcvd: Table of details concerning received packets.
total Sum of compressed and uncompressed packets
received.

QOS-770
Table 58 show frame-relay ip tcp header-compression Field Descriptions (continued)
Field Description
compressed Number of compressed packets received.
errors Number of errors caused by errors in the header fields
(version, total length, or IP checksum).
dropped Number of packets discarded. Seen only after line
errors.
buffer failures Number of times that a new buffer was needed but was
not obtained.
Sent: Table of details concerning sent packets.
total Sum of compressed and uncompressed packets sent.
compressed Number of compressed packets sent.
bytes saved Number of bytes reduced because of the compression.
bytes sent Actual number of bytes transmitted.
Connect: Table of details about the connections.
rx slots, tx slots Number of states allowed over one TCP connection. A
state is recognized by a source address, a destination
address, and an IP header length.
long searches Number of times that the connection ID in the
incoming packet was not the same as the previous one
that was processed.
misses Number of times that a matching entry was not found
within the connection table and a new entry had to be
entered.
hit ratio Percentage of times that a matching entry was found
in the compression tables and the header was
compressed.
Five minute miss rate Miss rate computed over the most recent 5 minutes
and the maximum per-second miss rate during that
period.

QOS-771
show interfaces fair-queue

To display information and statistics about weighted fair queueing (WFQ) for a Versatile Interface
Processor (VIP)-based interface, use the show interfaces fair-queue command in EXEC mode.
show interfaces [type number] fair-queue
Syntax Description type (Optional) The type of the interface.

number (Optional) The number of the interface.
Command Modes EXEC

Examples The following is sample output from the show interfaces fair-queue command for VIP-distributed
WFQ (DWFQ):
Router# show interfaces fair-queue
Hssi0/0/0 queue size 0

packets output 1417079, drops 2
WFQ: aggregate queue limit 54, individual queue limit 27
max available buffers 54
Class 0: weight 10 limit 27 qsize 0 packets output 1150 drops 0

Table 59 ddescribes the significant fields shown in the display.
Table 59 show interfaces fair-queue Field Descriptions
Field Description
queue size Current output queue size for this interface.
packets output Number of packets sent out this interface or number of packets in
this class sent out the interface.
drops Number of packets dropped or number of packets in this class
dropped.
aggregate queue limit Aggregate limit, in number of packets.
individual queue limit Individual limit, in number of packets.

QOS-772
Table 59 show interfaces fair-queue Field Descriptions (continued)
Field Description
max available buffers Available buffer space allocated to aggregate queue limit, in number
of packets.
Class QoS group or type of service (ToS) class.
weight Percent of bandwidth allocated to this class during periods of
congestion.
limit Queue limit for this class in number of packets.
qsize Current size of the queue for this class.

server.

QOS-773
show interfaces random-detect

To display information about Weighted Random Early Detection (WRED) for a Versatile Interface
Processor (VIP)-based interface, use the show interfaces random-detect command in EXEC mode.
show interfaces [type number] random-detect

Command Modes EXEC

Examples The following is sample output from the show interfaces random-detect command for VIP-distributed
WRED (DWRED):
Router# show interfaces random-detect
FastEthernet1/0/0 queue size 0

packets output 29692, drops 0
WRED: queue average 0
weight 1/512
Precedence 0: 109 min threshold, 218 max threshold, 1/10 mark weight
1 packets output, drops: 0 random, 0 threshold
(no traffic)
(no traffic)
(no traffic)
(no traffic)
(no traffic)

QOS-774
Table 60 show interfaces random-detect Field Descriptions
Field Description
queue size Current output queue size for this interface.
packets output Number of packets sent out this interface.
drops Number of packets dropped.
queue average Average queue length.
weight Weighting factor used to determine the average queue size.
Precedence WRED parameters for this precedence.
min threshold Minimum threshold for this precedence.
max threshold Maximum length of the queue. When the average queue is this long,
any additional packets will be dropped.
mark weight Probability of a packet being dropped if the average queue is at the
maximum threshold.
packets output Number of packets with this precedence that have been sent.
random Number of packets dropped randomly through the WRED process.
threshold Number of packets dropped automatically because the average queue
was at the maximum threshold length.
(no traffic) No packets with this precedence.

server.

QOS-775
show interfaces rate-limit

To display information about committed access rate (CAR) for an interface, use the show interfaces
rate-limit command in EXEC mode.
show interfaces [type number] rate-limit

Command Modes EXEC

Examples The following is sample output from the show interfaces rate-limit command:
Router# show interfaces fddi2/1/0 rate-limit
Fddi2/1/0
Input
matches: access-group rate-limit 100
params: 800000000 bps, 64000 limit, 80000 extended limit
conformed 0 packets, 0 bytes; action: set-prec-continue 1
exceeded 0 packets, 0 bytes; action: set-prec-continue 0
last packet: 4737508ms ago, current burst: 0 bytes
last cleared 01:05:47 ago, conformed 0 bps, exceeded 0 bps
matches: access-group 101
conformed 0 packets, 0 bytes; action: set-prec-transmit 5
matches: all traffic
conformed 0 packets, 0 bytes; action: set-prec-transmit 5
Output
matches: all traffic
exceeded 0 packets, 0 bytes; action: drop

QOS-776
Table 61 show interfaces rate-limit Field Descriptions
Field Description
Input These rate limits apply to packets received by the interface.
matches Packets that match this rate limit.
params Parameters for this rate limit, as configured by the rate-limit command.
bps Average rate, in bits per second.
limit Normal burst size, in bytes.
extended limit Excess burst size, in bytes.
conformed Number of packets that have conformed to the rate limit.
action Conform action.
exceeded Number of packets that have exceeded the rate limit.
action Exceed action.
last packet Time since the last packet, in milliseconds.
current burst Instantaneous burst size at the current time.
last cleared Time since the burst counter was set back to zero by the clear counters
command.
conformed Rate of conforming traffic.
exceeded Rate of exceeding traffic.
Output These rate limits apply to packets sent by the interface.

clear counters Clears the interface counters.
show access-lists Displays the contents of current IP and rate-limit access lists.
server.

QOS-777
show ip nbar pdlm
show ip nbar pdlm

To display the Packet Description Language Module (PDLM) in use by network-based application
recognition (NBAR), use the show ip nbar pdlm command in privileged EXEC mode.
show ip nbar pdlm

12.1(13)E This command was implemented on Catalyst 6000 family switches without
FlexWAN modules.
Usage Guidelines This command is used to display a list of all the PDLMs that have been loaded into NBAR using the
ip nbar pdlm command.
Examples In this example of the show ip nbar pdlm command, the citrix.pdlm PDLM has been loaded from Flash
memory:
Router# show ip nbar pdlm
The following PDLMs have been loaded:

flash://citrix.pdlm

ip nbar pdlm Extends or enhances the list of protocols recognized by NBAR through a
Cisco-provided PDLM.

QOS-778
show ip nbar port-map
show ip nbar port-map

To display the current protocol-to-port mappings in use by network-based application recognition
(NBAR), use the show ip nbar port-map command in privileged EXEC mode.
show ip nbar port-map [protocol-name]
Syntax Description protocol-name (Optional) Limits the command display to the specified protocol.

12.1(13)E This command was implemented on Catalyst 6000 family switches without FlexWAN
modules.
Usage Guidelines The show ip nbar port-map command displays port assignments for NBAR protocols.
This command is used to display the current protocol-to-port mappings in use by NBAR. When the
ip nbar port-map command has been used, the show ip nbar port-map command displays the ports
assigned by the user to the protocol. If no ip nbar port-map command has been used, the show ip nbar
port-map command displays the default ports. The protocol-name argument can also be used to limit
the display to a specific protocol.
Examples The following is sample output from the show ip nbar port-map command:
Router# show ip nbar port-map
port-map bgp udp 179

port-map bgp tcp 179
port-map cuseeme udp 7648 7649
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map dhcp tcp 67 68

ip nbar-port-map Configures NBAR to search for a protocol or protocol name using a port
number other than the well-known port.

QOS-779
show ip nbar protocol-discovery

To display the statistics gathered by the Network-Based Application Recognition (NBAR) Protocol
Discovery feature, use the show ip nbar protocol-discovery command in privileged EXEC mode.
show ip nbar protocol-discovery [interface type number] [stats {byte-count | bit-rate

| packet-count | max-bit-rate}] [protocol protocol-name] [top-n number]
Syntax Description interface (Optional) Specifies that Protocol Discovery statistics for the interface
are to be displayed.
type Type of interface or subinterface whose policy configuration is to be
displayed.
number Port, connector, VLAN, or interface card number.
stats (Optional) Specifies that the byte count, byte rate, or packet count is to
be displayed.
byte-count (Optional) Specifies that the byte count is to be displayed.
max-bit-rate (Optional) Specifies that the maximum bit rate is to be displayed.
packet-count (Optional) Specifies that the packet count is to be displayed.
protocol (Optional) Specifies that statistics for a specific protocol are to be
displayed.
protocol-name (Optional) User-specified protocol name for which the statistics are to
be displayed.
top-n (Optional) Specifies that a top-n is to be displayed. A top-n is the
number of most active NBAR-supported protocols, where n is the
number of protocols to be displayed. For instance, if top-n 3 is entered,
the three most active NBAR-supported protocols will be displayed.
number (Optional) Specifies the number of most active NBAR-supported
protocols to be displayed.
Command Default Statistics for all interfaces on which the NBAR Protocol Discovery feature is enabled are displayed.

12.3(7)T The command output was modified to include Max Bit Rate.

QOS-780
12.2(18)ZYA This command was integrated into Cisco IOS Release 12.2(18)ZYA.
This command was modified to include information about VLANs (as
applicable) and to provide support for both Layer 2 and Layer 3
Etherchannels (Catalyst switches only).
Usage Guidelines Use the show ip nbar protocol-discovery command to display statistics gathered by the NBAR
Protocol Discovery feature. This command, by default, displays statistics for all interfaces on which
protocol discovery is currently enabled. The default output of this command includes, in the following
order, input bit rate (in bits per second), input byte count, input packet count, and protocol name.
Protocol discovery can be used to monitor both input and output traffic and may be applied with or
without a service policy enabled. NBAR protocol discovery gathers statistics for packets switched to
output interfaces. These statistics are not necessarily for packets that exited the router on the output
interfaces, because packets may have been dropped after switching for various reasons, including
policing at the output interface, access lists, or queue drops.
Layer 2/3 Etherchannel Support

With Cisco IOS Release 12.2(18)ZYA, intended for use on the Cisco 6500 series switch that is equipped
with a Supervisor 32/programmable intelligent services accelerator (PISA), the show ip nbar
protocol-discovery command is supported on both Layer 2 and Layer 3 Etherchannels.
Examples The following example displays output from the show ip nbar protocol-discovery command for the five
most active protocols on an Ethernet interface:
Router# show ip nbar protocol-discovery top-n 5
Ethernet2/0
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
30sec Bit Rate (bps) 30sec Bit Rate (bps)
30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
--------------------------- ------------------------ ------------------------
rtp 3272685 3272685
242050604 242050604
768000 768000
2002000 2002000
gnutella 513574 513574
118779716 118779716
383000 383000
987000 987000
ftp 482183 482183
37606237 37606237
121000 121000
312000 312000
http 144709 144709
32351383 32351383
105000 105000
269000 269000

QOS-781
netbios 96606 96606

10627650 10627650
36000 36000
88000 88000
unknown 1724428 1724428
534038683 534038683
2754000 2754000
4405000 4405000
Total 6298724 6298724
989303872 989303872
4213000 4213000
8177000 8177000
Table 62 show ip nbar protocol-discovery Field Descriptions
Field Description
Interface Type and number of an interface.
Input Incoming traffic on an interface.
Output Outgoing traffic on an interface.
Protocol The protocols being used. Unknown is the sum of all the
protocols that NBAR could not classify for some reason.
Packet Count Number of packets coming in and going out the interface.
Byte Count Number of bytes coming in and going out the interface.
30sec Bit Rate Average value of the bit rate in bits per second (bps) since
protocol discovery was enabled, per protocol, over the last
30 seconds.
30sec Max Bit Rate Highest value of the bit rate in bits per second (bps) since
protocol discovery was enabled, per protocol, over the last
30 seconds.
Total Total input and output traffic.

ip nbar protocol-discovery Configures NBAR to discover traffic for all protocols known to
NBAR on a particular interface.

QOS-782
show ip nbar version

To display information about the version of the network-based application recognition (NBAR) software
in your Cisco IOS release or the version of an NBAR Packet Description Language Module (PDLM) on
your Cisco IOS router, use the show ip nbar version command in privileged EXEC mode.
show ip nbar version [PDLM-name]
Syntax Description PDLM-name (Optional) Specifies the name of a specific PDLM whose information
will be displayed.

Usage Guidelines The show ip nbar version command treats all protocols that were added to NBAR after the initial NBAR
release as PDLMs, including protocols that were added into the Cisco IOS software without a user
having to download a PDLM from Cisco.com. PDLMs downloaded from Cisco.com and incorporated
into NBAR by the user also appear when the show ip nbar version command is entered.
When using NBAR, various elements within NBAR are assigned versioning numbers. These versioning
numbers become significant when you want to download a PDLM. PDLMs, which are also versioned,
can be downloaded only to NBAR on a particular Cisco IOS release if the PDLM versioning numbers
are compatible with the NBAR version numbers in the Cisco IOS software.
The following NBAR-related version information is available:
• NBAR Software Version—Version of NBAR software running on the current version of Cisco IOS
software.
• Resident Module Version—Version of the NBAR-supported PDLM protocol.
The following version number is kept by the PDLM:
• NBAR Software Version—Minimum version of the NBAR software that is required to load this
PDLM.
The show ip nbar version command provides version information for PDLMs already loaded onto the
Cisco IOS software.
Examples The following is sample output from the show ip nbar version command:
Router# show ip nbar version
NBAR software version: 3

QOS-783
1 base Mv: 2
2 ftp Mv: 2
3 http Mv: 7, Nv: 3; slot1:http_vers.pdlm
4 static-port Mv: 6
5 tftp Mv: 1
6 exchange Mv: 1
7 vdolive Mv: 1
8 sqlnet Mv: 1
9 rcmd Mv: 1
10 netshow Mv: 1
11 sunrpc Mv: 2
12 streamwork Mv: 1
13 citrix Mv: 5
14 fasttrack Mv: 2
15 gnutella Mv: 1
16 kazaa Mv: 6, Nv: 3; slot1:kazaa2_vers.pdlm
17 custom-protocols Mv: 1
18 rtsp Mv: 1
19 rtp Mv: 2
20 mgcp Mv: 1
21 skinny Mv: 1
22 h323 Mv: 1
23 sip Mv: 1
24 rtcp Mv: 1
Table 63 show ip nbar version Command Field Descriptions
Field Description
NBAR Software Version NBAR software version running in the current Cisco IOS
software. In this particular example, version 3 is the NBAR
software running on the current version of the Cisco IOS
software.
Mv Resident Module Version. The Resident Module Version is the
version of the NBAR-supported PDLM protocol and, therefore,
varies by protocol. The Resident Module Version of TFTP, for
example, is 1.
Nv Minimum version of the NBAR software that is required to load
a nonnative PDLM. This number is available only for nonnative
PDLMs that were loaded onto the router such as the Kazaa
PDLM (protocol 17); in that case, the Nv version is 3.
For the same network setup, the following example shows the output if a specific protocol with a PDLM
is specified in the show ip nbar version CLI:
Router# show ip nbar version http
http Mv: 7, Nv: 3; slot1:http_vers.pdlm

QOS-784

ip nbar pdlm Downloads a PDLM onto a router to add support for additional
protocols in NBAR.

QOS-785
show ip rsvp
show ip rsvp
To display specific information for Resource Reservation Protocol (RSVP) categories, use the show ip
rsvp command in user EXEC or privileged EXEC mode.
show ip rsvp [atm-peak-rate-limit | counters | host | installed | interface | listeners | neighbor |

policy | precedence | request | reservation | sbm | sender | signalling | tos]
Syntax Description atm-peak-rate-limit (Optional) Specifies RSVP peak rate limit.

counters (Optional) Specifies RSVP statistics.
host (Optional) Specifies RSVP endpoint senders and receivers.
installed (Optional) Specifies RSVP installed reservations.
interface (Optional) Specifies RSVP interface information.
listeners (Optional) Specifies RSVP listeners.
neighbor (Optional) Specifies RSVP neighbor information.
policy (Optional) Specifies RSVP policy information.
precedence (Optional) Specifies RSVP precedence settings.
request (Optional) Specifies RSVP reservations from upstream.
reservation (Optional) Specifies RSVP reservation requests from downstream.
sbm (Optional) Specifies RSVP subnet bandwidth manager (SBM) information.
sender (Optional) Specifies RSVP path state information.
signalling (Optional) Specifies RSVP signaling information.
tos (Optional) Specifies RSVP type of service (TOS) settings.
Command Modes User EXEC (>)

Privileged EXEC (#)

12.2(13)T The listeners and policy keywords were added, and this command was
modified to display RSVP global settings when no keywords or arguments
are entered.
12.2(33)SRB The command output was modified to display fast local repair (FLR)
information.
12.2(33)SRC The command output was modified to display the following:
• RSVP quality of service (QoS) and Multiprotocol Label Switching
(MPLS) Traffic Engineering (TE) information.
• RSVP aggregation information.

QOS-786
show ip rsvp
Examples The following is sample output from the show ip rsvp command:
RSVP: enabled (on 1 interface(s))
RSVP QoS signalling enabled
MPLS/TE signalling enabled
Signalling:
Refresh interval (msec): 30000
Refresh misses: 4
Rate Limiting: enabled

Burst: 8
Limit: 37
Maxsize: 2000
Period (msec): 20
Max rate (msgs/sec): 400
Refresh Reduction: disabled

ACK delay (msec): 250
Initial retransmit delay (msec): 1000
Local epoch: 0xCE969B
Message IDs: in use 0, total allocated 0, total freed 0
Neighbors: 0
Raw IP encap: 0 UDP encap: 0 Raw IP, UDP encap: 0
RFC 3175 Aggregation: Enabled

Level: 1
Default QoS service: Controlled-Load
Router ID: 10.22.22.22
Number of signaled aggregate reservations: 0

Number of signaled E2E reservation: 0
Number of configured map commands: 0
Number of configured reservation commands: 0
Hello:
RSVP Hello for Fast-Reroute/Reroute: Disabled
Statistics: Disabled
BFD for Fast-Reroute/Reroute: Disabled
RSVP Hello for Graceful Restart: Disabled
Graceful Restart: Disabled

Refresh interval: 10000 msecs
Refresh misses: 4
DSCP: 0x30
Advertised restart time: 5 msecs
Advertised recovery time: 0 msecs
Maximum wait for recovery: 3600000 msecs
Fast-Reroute:
PSBs w/ Local protection desired
Yes: 0
No: 0
Fast Local Repair: enabled

Max repair rate (paths/sec): 400
Max processed (paths/run): 1000
Local policy:
COPS:

QOS-787
show ip rsvp
Generic policy settings:

Default policy: Accept all
Preemption: Disabled
Table 64 show ip rsvp Field Descriptions
Field Description
RSVP The state of RSVP, QoS, and MPLS/TE signaling; values are
enabled (activated) or disabled (deactivated).
Note This field is disabled only if an internal error occurred
when registering with RIB.
Signalling The RSVP signaling parameters in effect are as follows:
• Refresh interval—Time, in milliseconds (ms), between
sending refreshes for each RSVP state.
• Refresh misses—Number of successive refresh messages
that can be missed before RSVP considers the state expired
and tears it down.
Rate Limiting: enabled or disabled The RSVP rate-limiting parameters in effect are as follows:
• Burst—Maximum number of RSVP messages allowed to be
sent to a neighboring router during an interval.
• Limit—Maximum number of RSVP messages to send per
queue interval.
• Maxsize—Maximum size of the message queue, in bytes.
• Period—Length of an interval (timeframe), in milliseconds
(msec).
• Max rate—Maximum number of messages allowed to be
sent per second.
Refresh Reduction: enabled or The RSVP refresh-reduction parameters in effect are as follows:
disabled
• ACK delay (msec)—How long, in milliseconds, before the
receiving router sends an acknowledgment (ACK).
• Initial retransmit delay (msec)—How long, in milliseconds,
before the router retransmits a message.
• Local epoch—The RSVP message identifier (ID); randomly
generated each time a node reboots or the RSVP process
restarts.
• Message IDs—The number of message IDs in use, the total
number allocated, and the total number available (freed).
Neighbors The total number of neighbors and the types of encapsulation in
use including RSVP and User Datagram Protocol (UDP).
RFC 3175 Aggregation The state of aggregation as defined in RFC 3175, Aggregation of
RSVP for IPv4 and IPv6 Reservations; values are the following:
• Enabled—Active.
• Disabled—Inactive.

QOS-788
show ip rsvp
Table 64 show ip rsvp Field Descriptions (continued)
Field Description
Level Aggregation level of the reservations; common values are the
following:
• 0 = End-to-end (E2E) reservations.
• 1 = Aggregated reservations.
Note Level x reservations can be aggregated to form
reservations at level x+1.
Default QoS Service Type of quality of service (QoS) configured; values are the
following:
• Controlled-Load—Allows applications to reserve
bandwidth to meet their requirements. For example, RSVP
with Weighted Random Early Detection (WRED) provides
this kind of service.
• Guaranteed-Rate—Allows applications to have low delay
and high throughput even during times of congestion. For
example, weighted fair queueing (WFQ) with RSVP
provides this kind of service.
Number of signaled aggregate Cumulative number of signaled aggregate reservations.
reservations
Number of signaled E2E Cumulative number of signaled E2E reservations.
reservations
Number of configured map Cumulative number of configured map commands.
commands
Number of configured reservation Cumulative number of configured reservation commands.
commands
Hello Subsequent fields describe the processes for which hello is
enabled or disabled. Choices are Fast Reroute, reroute (hello for
state timer), bidirectional forwarding detection (BFD), and
Graceful Restart for a node with restart capability.
Statistics Status of hello statistics. Valid values are as follows:
• Enabled—Statistics are configured. Hello packets are
time-stamped when they arrive in the hello input queue for
the purpose of recording the time it takes until they are
processed.
• Disabled—Hello statistics are not configured.
• Shutdown—Hello statistics are configured, but not
operational. The input queue is too long (that is, more than
10,000 packets are queued).

QOS-789
show ip rsvp
Table 64 show ip rsvp Field Descriptions (continued)
Field Description
Graceful Restart: enabled or The RSVP Graceful Restart parameters in effect are as follows:
disabled
• Refresh interval—Frequency, in milliseconds (msecs), with
which a node sends a hello message to its neighbor.
• Refresh misses—Number of missed hello messages that
trigger a neighbor-down event upon which stateful
switchover (SSO) procedures are started.
• DSCP—Differentiated services code point (DSCP) value in
the IP header of a hello message.
• Advertised restart time—Time, in milliseconds (msecs),
required for the sender to restart the RSVP-traffic
engineering (TE) component and exchange hello messages
after a failure.
• Advertised recovery time—Time, in milliseconds (msecs),
within which a recovering node wants its neighbor router to
resynchronize the RSVP or Multiprotocol Label Switching
(MPLS) forwarding state after SSO. A zero value indicates
that the RSVP or MPLS forwarding state is not preserved
after SSO.
• Maximum wait for recovery—Maximum amount of time, in
milliseconds (msecs), that a router waits for a neighbor to
recover.
Fast-Reroute The Fast Reroute parameters in effect are as follows:
• PSBs w/ Local protection desired—Yes means that path
state blocks (PSBs) are rerouted when a tunnel goes down
and packet flow is not interrupted; No means that PSBs are
not rerouted.
Fast Local Repair: enabled or The Fast Local Repair parameters in effect are as follows:
disabled
• Max repair rate (paths/sec)—Maximum repair rate, in paths
per second.
• Max processed (paths/run)—Maximum notification
elements processed, in paths per run.
Local policy The local policy currently configured.
COPS The Common Open Policy Service (COPS) currently in effect.
Generic policy settings Policy settings that are not specific to COPS or the local policy.
• Default policy: Accept all means that all RSVP messages are
accepted and forwarded. Reject all means all RSVP
• Preemption: Disabled means that RSVP is not prioritizing
reservations and allocating bandwidth accordingly. Enabled
means that RSVP is prioritizing reservations and allocating
more bandwidth to those with the highest priority.

QOS-790
show ip rsvp

debug ip rsvp Displays debug messages for RSVP categories.

QOS-791
show ip rsvp aggregation ip

To display Resource Reservation Protocol (RSVP) summary aggregation information, use the show ip
rsvp aggregation ip command in user EXEC or privileged EXEC mode.
show ip rsvp aggregation ip [endpoints | interface [if-name] | map [dscp value] | reservation
[dscp value [aggregator ip-address]]
Syntax Description endpoints (Optional) Specifies the aggregator and deaggregator nodes for the
aggregation region.
interface if-name (Optional) Specifies the interface name.
map (Optional) Displays the map configuration rules.
dscp value (Optional) Specifies the differentiated services code point (DSCP) for the
map keyword. Values can be the following:
reservation (Optional) Displays the reservation configuration.
reservation keyword. Values can be the following:
aggregator ip-address (Optional) Specifies the IP address of the aggregator.
Command Default If you enter the show ip rsvp aggregation ip command without an optional keyword, the command
displays summary information for all aggregate reservations.

Privileged EXEC (#)


QOS-792
Usage Guidelines Use the show ip rsvp aggregation ip command to display summary information for aggregation,
including the number of aggregate, map, and reservation configurations.
Examples show ip rsvp aggregation ip command Example

The following is sample output from the show ip rsvp aggregation ip command:
Router# show ip rsvp aggregation ip

Level: 1
Default QoS service: Controlled-Load
Number of signaled aggregate reservations: 2

Number of signaled E2E reservations: 8
Number of configured map commands: 4
Number of configured reservation commands: 1
Table 65 show ip rsvp aggregation ip Field Descriptions
Field Description
RFC 3175 Aggregation The state of aggregation as defined in RFC 3175, Aggregation of
RSVP for IPv4 and IPv6 Reservations; values are the following:
Level Aggregation level of the reservations; common values are the
following:
• 0 = End-to-end (E2E) reservations.
• 1 = Aggregated reservations.
Note Level x reservations can be aggregated to form
reservations at the next higher level; for example, level
x+1.
Default QoS service Type of quality of service (QoS) configured; values are the
following:
• Controlled-Load—Allows applications to reserve
bandwidth to meet their requirements. For example, RSVP
with Weighted Random Early Detection (WRED) provides
this kind of service.
• Guaranteed-Rate—Allows applications to have low delay
and high throughput even during times of congestion. For
example, Weighted Fair Queueing (WFQ) with RSVP
provides this kind of service.
Number of signaled aggregate Cumulative number of signaled aggregate reservations.
reservations
Number of signaled E2E Cumulative number of signaled E2E reservations.
reservations

QOS-793
Table 65 show ip rsvp aggregation ip Field Descriptions (continued)
Field Description
Number of configured map Cumulative number of configured map commands.
commands
Number of configured reservation Cumulative number of configured reservation commands.
commands
show ip rsvp aggregation ip interface Examples

The following is sample output from the show ip rsvp aggregation ip interface command:
Router# show ip rsvp aggregation ip interface
Interface Name Role

-------------------- --------
Ethernet0/0 interior
Serial2/0 exterior
Serial3/0 exterior
Table 66 show ip rsvp aggregation ip interface Field Descriptions
Field Description
Interface Name Name and number of the interface.
Role Configuration of a router’s interfaces; values are interior and
exterior.
The following is sample output from the show ip rsvp aggregation ip interface command with a
specified interface:
Router# show ip rsvp aggregation ip interface Ethernet0/0
Interface Name Role

-------------------- --------
Ethernet0/0 interior


QOS-794
show ip rsvp aggregation ip endpoints

To display Resource Reservation Protocol (RSVP) information about aggregator and deaggregator
routers, use the show ip rsvp aggregation ip endpoints command in user EXEC or privileged EXEC
mode.
show ip rsvp aggregation ip endpoints [role {aggregator | deaggregator}] [ip-address]

[dscp value] [detail]
Syntax Description role (Optional) Specifies a router’s position in the aggregation region.
aggregator (Optional) Specifies the router at the beginning of the aggregation region.
deaggregator (Optional) Specifies the router at the end of the aggregation region.
ip-address (Optional) IP address of the aggregator or the deaggregator.
aggregator and deaggregator routers. Values can be the following:
detail (Optional) Displays additional information about the aggregators and
deaggregators.
Command Default If you enter the show ip rsvp aggregation ip endpoints command without an optional keyword, the
command displays information for all aggregate reservations.

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp aggregation ip endpoints command to display any of the following output at
aggregator and deaggregator routers:
• All aggregate reservations.
• All aggregate reservations for which a node is the aggregator.
• All aggregate reservations for which a node is the deaggregator.
• All aggregate reservations for which the remote node is identified with an IP address.
• All aggregate reservations for a given DSCP.

QOS-795
• Any combination of the preceding options; for example, all aggregates with a given DSCP for which
a node is an aggregator and the remote node as specified in the IP address.
• Any of the preceding options with detailed information.
Examples The following is sample output from the show ip rsvp aggregation ip endpoints detail command:
Router# show ip rsvp aggregation ip endpoints detail
Role DSCP Aggregator Deaggregator State Rate Used QBM PoolID

----- ---- --------------- --------------- ------ ------- ------- ----------
Agg 46 10.3.3.3 10.4.4.4 ESTABL 100K 100K 0x00000003
Aggregate Reservation for the following E2E Flows (PSBs):
To From Pro DPort Sport Prev Hop I/F BPS
10.4.4.4 10.1.1.1 UDP 1 1 10.23.20.3 Et1/0 100K
Aggregate Reservation for the following E2E Flows (RSBs):

To From Pro DPort Sport Next Hop I/F Fi Serv BPS
10.4.4.4 10.1.1.1 UDP 1 1 10.4.4.4 Se2/0 FF RATE 100K
Aggregate Reservation for the following E2E Flows (Reqs):

10.4.4.4 10.1.1.1 UDP 1 1 10.23.20.3 Et1/0 FF RATE 100K
Table 67 show ip rsvp aggregation ip endpoints detail Field Descriptions
Field Description
Role The router’s function; values are aggregator or deaggregator.
DSCP DSCP value.
Aggregator IP address of the aggregator.
Deaggregator IP address of the deaggregator.

QOS-796
Table 67 show ip rsvp aggregation ip endpoints detail Field Descriptions (continued)
Field Description
State Status of the reservation. Each aggregate reservation can be in
one of the following states:
• PATH_WAIT—Valid at the deaggregator only. The
aggregate reservation at the deaggregator enters this state
after the deaggregator has sent a PATHERROR message
requesting a new aggregate needed.
• RESV_WAIT—Valid at the aggregator only. The aggregate
reservation at the aggregator enters this state after the
aggregator has sent a PATH message for the aggregate
reservation.
• RESVCONF_WAIT—Valid at the deaggregator only. The
aggregate reservation at the deaggregator enters this state
after the deaggregator has sent a RESV message for the
aggregate reservation.
• ESTABLISHED—Valid at both the aggregator and the
deaggregator. The aggregator enters this state after a
RESVCONF message has been sent. The deaggregator
enters this state after it receives a RESVCONF message for
the aggregate reservation.
• SHUT_DELAY—Valid at both the aggregator and the
deaggregator. The aggregator and the deaggregator enter this
state after the last end-to-end (E2E) reservation has been
removed.
Rate Allocated bandwidth in bits per second (BPS).
Used Amount of bandwidth used in bits per second (BPS).
QBM Pool ID The quality of service (QoS) bandwidth manager (QBM) ID for
the reservation.
Aggregate Reservation for the Information for the reservation:
following E2E Flows
PSB—path state block. Contains data used for forwarding PATH
messages downstream;
RSB—reservation state block. Contains data for the incoming
RESV message.
Reqs—requests. Contain data required to forward a RESV
message upstream to the node that sent the PATH message.
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. Code indicates IP protocol such as TCP or User
Datagram Protocol (UDP).
DPort Destination port number.
Sport Source port number.
Prev Hop or Next Hop IP address of the previous or next hop.
I/F Interface of the previous or next hop.

QOS-797
Table 67 show ip rsvp aggregation ip endpoints detail Field Descriptions (continued)
Field Description
Fi Filter (Wildcard Filter, Shared-Explicit, or Fixed-Filter).
Serv Service (RATE or LOAD).
BPS Bandwidth used by the aggregate reservation in bits per second
(BPS).


QOS-798
show ip rsvp atm-peak-rate-limit

To display the current peak rate limit set for an interface or for all interfaces, if any, use the show ip rsvp
atm-peak-rate-limit command in EXEC mode.
show ip rsvp atm-peak-rate-limit [interface-type interface-number]
Syntax Description interface-type (Optional) Interface type and interface number.

interface-number
Command Modes EXEC

Usage Guidelines The show ip rsvp atm-peak-rate-limit command displays the configured peak rate using the following
notations for brevity:
• Kilobytes is shown as K bytes; for example, 1200 kilobytes is displayed as 1200K bytes.
• 1000 kilobytes is displayed as 1M bytes.
If no interface name is specified, configured peak rates for all Resource Reservation Protocol
(RSVP)-enabled interfaces are displayed.
Examples The following example depicts results of the show ip rsvp atm-peak-rate-limit command, presuming
that the ATM subinterface 2/0/0.1 was configured with a reservation peak rate limit of 100 KB using the
ip rsvp atm-peak-rate-limit command.
The following is sample output from the show ip rsvp atm-peak-rate-limit command using the
interface-type interface-number arguments:
Router# show ip rsvp atm-peak-rate-limit atm2/0/0.1
RSVP: Peak rate limit for ATM2/0/0.1 is 100K bytes
The following samples show output from the show ip rsvp atm-peak-rate-limit command when no
interface name is given:
Router# show ip rsvp atm-peak-rate-limit
Interface name Peak rate limit

Ethernet0/1/1 not set
ATM2/0/0 not set
ATM2/0/0.1 100K

QOS-799
Router# show ip rsvp atm-peak-rate-limit
Interface name Peak rate limit

Ethernet0/1 not set
ATM2/1/0 1M
ATM2/1/0.10 not set
ATM2/1/0.11 not set
ATM2/1/0.12 not set

ip rsvp Sets a limit on the peak cell rate of reservations for all newly created RSVP
atm-peak-rate-limit SVCs established on the current interface or any of its subinterfaces.

QOS-800
show ip rsvp authentication

To display the security associations that Resource Reservation Protocol (RSVP) has established with other
RSVP neighbors, use the show ip rsvp authentication command in user EXEC or privileged EXEC
mode.
show ip rsvp authentication [detail] [from {ip-address | hostname}] [to {ip-address | hostname}]
Syntax Description detail (Optional) Displays additional information about RSVP security
associations.
from (Optional) Specifies the starting point of the security associations.
to (Optional) Specifies the ending point of the security associations.
ip-address (Optional) Information about a neighbor with a specified IP address.
hostname (Optional) Information about a particular host.

Privileged EXEC (#)

12.0(29)S The optional from and to keywords were added.
Usage Guidelines Use the show ip rsvp authentication command to display the security associations that RSVP has
established with other RSVP neighbors. You can display all security associations or specify an IP address
or hostname of a particular RSVP neighbor, which restricts the size of the display.
The difference between the ip-address and hostname arguments is whether you specify the neighbor by
its IP address or by its name.
Examples The following is sample output from the show ip rsvp authentication command:
Router# show ip rsvp authentication
Codes: S - static, D - dynamic, N - neighbor, I -interface, C - chain

From To I/F Mode Key-Source Key-ID Code
192.168.102.1 192.168.104.3 Et2/2 Send RSVPKey 1 DNC
192.168.104.1 192.168.104.3 Et2/2 Send RSVPKey 1 DNC
192.168.104.1 192.168.104.3 AT1/0.1 Send RSVPKey 1 DNC
192.168.106.2 192.168.104.1 AT1/0.1 Receive RSVPKey 1 DNC
192.168.106.2 192.168.106.1 AT1/0.1 Receive RSVPKey 1 DNC

QOS-801
Table 68 show ip rsvp authentication Field Descriptions
Field Description
Codes Keys can be either static (manually configured) or dynamic (created from a per-ACL
key or obtained from a key management server such as Kerberos). Cisco IOS software
does not currently support dynamic keys from key management servers. If the field
contains the string per-neighbor, it means the security association is using a
per-neighbor key; if the field contains the string per-interface, it means the security
association is using a per-interface key. If the field contains the string chain, it means
the key for the security association comes from the key chain specified in the Key
Source.
From Starting point of the security association.
To Ending point of the security association.
I/F Name and number of the interface over which the security association is being maintained.
Mode Separate associations maintained for sending and receiving RSVP messages for a
specific RSVP neighbor. Possible values are Send or Receive.
Key-Source Indicates where the key was configured.
Key-ID A string which, along with the IP address, uniquely identifies a security association.
The key ID is automatically generated in Cisco IOS software by using the per-interface
ip rsvp authentication key command, but it is configured in Cisco IOS software when
using key chains for per-neighbor or per-interface RSVP keys. The key ID may be
configurable on other RSVP platforms. A key ID is provided in every RSVP
authenticated message initiated by a sender and is stored by every RSVP receiver.
Note Key Expired in this field means that all possible keys used for this neighbor
have expired.
Code Indicates the type of key ID used.
The following is sample output from the show ip rsvp authentication detail command:
Router# show ip rsvp authentication detail
From: 192.168.102.1
To: 192.168.104.3
Neighbor: 192.168.102.2
Interface: Ethernet2/2
Mode: Send
Key ID: 1
Key ACL: R2 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 01000411
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:17:08
Challenge: Supported
Window size: 1
Last seq # sent: 14167519095569779135
From: 192.168.104.1
To: 192.168.104.3
Neighbor: 192.168.102.2

QOS-802
Interface: Ethernet2/2
Mode: Send
Key ID: 1
Handle: 0400040F
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:22:06
Window size: 1
Last seq # sent: 14167520384059965440
From: 192.168.104.1
To: 192.168.104.3
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Handle: 02000404
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:16:37
Window size: 1
Last seq # sent: 14167518979605659648
From: 192.168.106.1
To: 192.168.104.3
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Handle: 01000408
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:11:37
Window size: 1
Last seq # sent: 14167517691115473376
From: 192.168.106.1
To: 192.168.106.2
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Handle: 8D00040E
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:29
Window size: 1
Last seq # sent: 14167808344437293057

QOS-803
From: 192.168.106.2
To: 192.168.104.1
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Receive
Key ID: 1
Handle: CD00040A
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:33
Challenge: Not configured
Window size: 1
Last seq # rcvd: 14167808280012783626
From: 192.168.106.2
To: 192.168.106.1
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Receive
Key ID: 1
Handle: C0000412
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:33
Challenge: Not configured
Window size: 1
Last seq # rcvd: 14167808280012783619
Table 69 show ip rsvp authentication detail Field Descriptions
Field Description
From Starting point of the security association.
To Ending point of the security association.
Neighbor IP address of the RSVP neighbor with which the security association is being maintained.
Interface Name and number of the interface over which the security association is being maintained.
Mode Separate associations maintained for sending and receiving RSVP messages for a
specific RSVP neighbor. Possible values are Send or Receive.
Key ID A string which, along with the IP address, uniquely identifies a security association.
The key ID is automatically generated in Cisco IOS software by using the per-interface
ip rsvp authentication key command, but it is configured in Cisco IOS software when
using key chains for per-neighbor or per-interface RSVP keys. The key ID may be
configurable on other RSVP platforms. A key ID is provided in every RSVP
authenticated message initiated by a sender and is stored by every RSVP receiver.
Note Key Expired in this field means that all possible keys used for this neighbor
have expired.

QOS-804
Table 69 show ip rsvp authentication detail Field Descriptions (continued)
Field Description
Key ACL For key types that say dynamic and chain, this field indicates which ACL matched that
neighbor, and therefore, which key chain to use. Possible values include:
• populated = ACL has entries in it.
• removed = ACL has been removed from the configuration.
Key Source Indicates where the key was configured and whether it is enabled or disabled. For key
chains, this indicates the name of the key chain; the Key ID field indicates which key
in the chain is currently being used. For per-interface keys, this field contains the name
of the interface that was configured with the key.
Key Type Static (manually configured) or dynamic (created from a per-ACL key or obtained from
a key management server such as Kerberos).
Note Cisco IOS software does not currently support dynamic keys from key
management servers.
Handle Internal database ID assigned to the security association by RSVP for bookkeeping
purposes.
Hash Type Type of secure hash algorithm being used with that neighbor.
Lifetime Maximum amount of time (in hours, minutes, and seconds) that can elapse before a
security association is expired.
Note This is not how long a key is valid; to obtain duration times for keys, use the
show key chain command.
Expires Amount of time remaining (in days, hours, minutes, and seconds) before the security
association expires.
Note This is not when the current key expires; to obtain expiration times for keys, use
the show key chain command.
Challenge For receive-type security associations, possible values are Not Configured,
Completed, In Progress, and Failed. For send-type security associations, the value is
Supported. Cisco IOS software can always respond to challenges; however, there may
be non-Cisco neighbors that do not implement challenges.
Window Indicates the size of the window for receive-type security associations and the
size maximum number of authenticated RSVP messages that can be received out-of-order
before a replay attack is to be suspected.
Last seq # Displayed only for send-type security associations. It indicates the sequence number
sent used to send the last authenticated message to the RSVP neighbor. Use this information
to troubleshoot certain types of authentication problems.
Last valid Displayed only for receive-type security associations. It indicates the authentication
seq # rcvd sequence number of the last valid RSVP message received from the neighbor. By
default, it shows only one sequence number. However, if you use the ip rsvp
authentication window-size command to increase the authentication window size to n,
then the last n valid received sequence numbers are displayed. Use this information to
troubleshoot certain types of authentication problems.

QOS-805

clear ip rsvp Eliminates RSVP security associations before their lifetimes expire.
authentication

QOS-806
show ip rsvp counters

To display the number of Resource Reservation Protocol (RSVP) messages that were sent and received
on each interface, use the show ip rsvp counters command in user EXEC or privileged EXEC mode.
show ip rsvp counters [authentication] [interface type number | summary | neighbor]
Syntax Description authentication (Optional) Displays a list of RSVP authentication counters.

interface type number (Optional) Displays the number of RSVP messages sent and received for the
specified interface name.
summary (Optional) Displays the cumulative number of RSVP messages sent and
received by the router over all interfaces.
neighbor (Optional) Displays the number of RSVP messages sent and received by the
specified neighbor.
Command Default If you enter the show ip rsvp counters command without an optional keyword, the command displays
the number of RSVP messages that were sent and received for each interface on which RSVP is
configured.

Privileged EXEC (#)

12.2(13)T The neighbor keyword was added, and the command was integrated into
12.2(15)T The command output was modified to show the errors counter incrementing
whenever an RSVP message is received on an interface with RSVP
authentication enabled, but the authentication checks failed on that
message.
12.0(29)S The authentication keyword was added, and the command output was
modified to include hello and message queues information.

QOS-807
Examples The following example shows the values for the number of RSVP messages of each type that were sent
and received by the router over all interfaces, including the hello and message queues information:
Router# show ip rsvp counters summary
All Interfaces Recv Xmit Recv Xmit

Path 110 15 Resv 50 28
PathError 0 0 ResvError 0 0
PathTear 0 0 ResvTear 0 0
ResvConf 0 0 RTearConf 0 0
Ack 0 0 Srefresh 0 0
Hello 5555 5554 IntegrityChalle 0 0
IntegrityRespon 0 0 DSBM_WILLING 0 0
I_AM_DSBM 0 0
Unknown 0 0 Errors 0 0
Recv Msg Queues Current Max

RSVP 0 2
Hello (per-I/F) 0 1
Awaiting Authentication 0 0
Table 70 show ip rsvp counters summary Field Descriptions
Field Description
All Interfaces Types of messages displayed for all interfaces.
Note Hello is a summary of graceful restart, reroute (hello
state timer), and Fast Reroute messages.
Recv Number of messages received on the specified interface or on all
interfaces.
Xmit Number of messages transmitted from the specified interface or
from all interfaces.
Recv Msg Queues Queues for received messages for RSVP, hello per interface, and
awaiting authentication.
• Current—Number of messages queued.
• Max—Maximum number of messages ever queued.

clear ip rsvp counters Clears (sets to zero) all IP RSVP counters that are being maintained.

QOS-808
how ip rsvp counters state teardown

To display counters for Resource Reservation Protocol (RSVP) events that caused a state to be torn
down, use the show ip rsvp counters state teardown command in user EXEC or privileged EXEC
mode.
show ip rsvp counters state teardown

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp counters state teardown command when a label-switched path (LSP) is down. If
graceful restart triggered the state teardown, the numbers in the Path, Resv-In, and Resv-Out columns in
the “Examples” section are greater than 0.
Examples The following is sample output from the show ip rsvp counters state teardown command:
Router# show ip rsvp counters state teardown
States
Reason for Teardown State torn down
Path Resv-In Resv-Out
PathTear arrival 0 0 0
ResvTear arrival 0 0 0
Local application requested tear 0 0 0
Output or Input I/F went down 0 0 0
Missed refreshes 0 0 0
Preemption 0 0 0
Backup tunnel failed for FRR Active LSP 0 0 0
Reroutabilty changed for FRR Active LSP 0 0 0
Hello RR Client (HST) requested tear 0 0 0
Graceful Restart (GR) requested tear 0 0 0
Downstream neighbor SSO-restarting 0 0 0
Resource unavailable 0 0 0
Policy rejection 0 0 0
Policy server sync failed 0 0 0
Traffic control error 0 0 0
Error in received message 0 0 0
Non RSVP HOP upstream, TE LSP 0 0 0
Other 0 0 0

QOS-809
Table 71 show ip rsvp counters state teardown Field Descriptions
Field Description
States RSVP state, including path state block (PSB) and reservation state
block (RSB) information.
Reason for Teardown Event triggering the teardown.

clear ip rsvp counters Clears (sets to zero) the IP RSVP counters that are being maintained.

QOS-810
show ip rsvp fast bw-protect

To display information about whether backup bandwidth protection is enabled and the status of backup
tunnels that may be used to provide that protection, use the show ip rsvp fast bw-protect command in
user EXEC or privileged EXEC mode.
Command Default The backup bandwidth protection and backup tunnel status information is not displayed.

Privileged EXEC (#)

Examples The following is sample output from the show ip rsvp fast bw-protect command:
Router# show ip rsvp fast bw-protect
Primary Protect BW Backup

Tunnel I/F BPS:Type Tunnel:Label State BW-P Type
-------------- ------- -------- ---------- ----- ---- ----
PRAB-72-5_t500 PO2/0 500K:S Tu501:19 Ready ON Nhop
PRAB-72-5_t601 PO2/0 103K:S Tu501:20 Ready OFF Nhop
Table 72 show ip rsvp fast bw-protect Field Descriptions
Field Description
Primary Tunnel Identification of the tunnel being protected.
Protect I/F Interface name.

QOS-811
Table 72 show ip rsvp fast bw-protect Field Descriptions (continued)
Field Description
BW BPS:Type Bandwidth, in bits per second, and type of bandwidth. Possible values
are:
• S—Subpool
• G—Global pool
Backup Tunnel:Label Identification of the backup tunnel.
State Status of backup tunnel. Valid values are:
• Ready—Data is passing through the primary tunnel, but the
backup tunnel is ready to take over if the primary tunnel goes
down.
• Active—The primary tunnel is down, so the backup tunnel is used
for traffic.
• None—There is no backup tunnel.
BW-P Status of backup bandwidth protection. Possible values are ON and
OFF.
Type Type of backup tunnel. Possible values are:
• Nhop—Next hop
• NNHOP—Next-next hop

tunnel mpls traffic-eng fast-reroute bw-protect Enables an MPLS TE tunnel to use an
established backup tunnel in the event of a
link or node failure.

QOS-812
show ip rsvp fast detail

To display specific information for Resource Reservation Protocol (RSVP) categories, use the show ip
rsvp fast detail command in user EXEC or privileged EXEC mode.
Command Default Specific information for RSVP categories is not displayed.

Privileged EXEC (#)

12.0(29)S Bandwidth Prot desired was added in the Flag field of the command output.
Examples The following is sample output from the show ip rsvp fast detail command:
Router# show ip rsvp fast detail
PATH:
Tun Dest: 10.0.0.7 Tun ID: 500 Ext Tun ID: 10.0.0.5
Tun Sender: 10.0.0.5 LSP ID: 8
Path refreshes:
sent: to NHOP 10.5.6.6 on POS2/0
Session Attr:
Setup Prio: 7, Holding Prio: 7
Flags: Local Prot desired, Label Recording, SE Style, Bandwidth Prot desired
Session Name: PRAB-72-5_t500
ERO: (incoming)
10.0.0.5 (Strict IPv4 Prefix, 8 bytes, /32)
ERO: (outgoing)
Traffic params - Rate: 500K bits/sec, Max. burst: 1K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 4294967295 bytes
Fast-Reroute Backup info:
Inbound FRR: Not active
Outbound FRR: Ready -- backup tunnel selected
Backup Tunnel: Tu501 (label 19)
Bkup Sender Template:

QOS-813

Bkup FilerSpec:
Tun Sender: 555.5.6.5, LSP ID: 8
Path ID handle: 04000405.
Incoming policy: Accepted. Policy source(s): MPLS/TE
Status: Proxied
Output on POS2/0. Policy status: Forwarding. Handle: 02000406
Table 73 show ip rsvp fast detail Field Descriptions
Field Description
Tun Dest IP address of the receiver.
Tun ID Tunnel identification number.
Ext Tun ID Extended tunnel identification number.
Tun Sender IP address of the sender.
LSP ID Label-switched path identification number.
Setup Prio Setup priority.
Holding Prio Holding priority.
Flags Backup bandwidth protection has been configured for the
label-switched path (LSP).
Session Name Name of the session.
ERO (incoming) EXPLICIT_ROUTE object of incoming path messages.
ERO (outgoing) EXPLICIT_ROUTE object of outgoing path messages.
Traffic params Rate Average rate, in bits per second.
Max. burst Maximum burst size, in bytes.
Min Policed Unit Minimum policed units, in bytes.
Max Pkt Size Maximum packet size, in bytes.
Inbound FRR Status of inbound Fast Reroute (FRR) backup tunnel. If this node is
downstream from a rerouted LSP (for example, at a merge point for
this LSP), the state is Active.
Outbound FRR Status of outbound FRR backup tunnel. If this node is a point of local
repair (PLR) for an LSP, there are three possible states:
• Active—This LSP is actively using its backup tunnel, presumably
because there has been a downstream failure.
• No Backup—This LSP does not have local (Fast Reroute)
protection. No backup tunnel has been selected for it to use in case
of a failure.
• Ready—This LSP is ready to use a backup tunnel in case of a
downstream link or node failure. A backup tunnel has been
selected for it to use.

QOS-814
Table 73 show ip rsvp fast detail Field Descriptions (continued)
Field Description
Backup Tunnel If the Outbound FRR state is Ready or Active, this field indicates the
following:
• Which backup tunnel has been selected for this LSP to use in case
of a failure.
• The inbound label that will be prepended to the LSP’s data packets
for acceptance at the backup tunnel tail (the merge point).
Bkup Sender Template If the Outbound FRR state is Ready or Active, SENDER_TEMPLATE
and FILTERSPEC objects are shown. These objects will be used in
RSVP messages sent by the backup tunnel if or when the LSP starts
actively using the backup tunnel. They differ from the original
(prefailure) objects only in that the node (the PLR) substitutes its own
IP address for that of the original sender. For example, path and
pathTear messages will contain the new SENDER_TEMPLATE. Resv
and resvTear messages will contain the new FILTERSPEC object. If
this LSP begins actively using the backup tunnel, the display changes.
Bkup FilerSpec If the Outbound FRR state is Ready or Active, SENDER_TEMPLATE
and FILTERSPEC objects are shown. These objects will be used in
RSVP messages sent by the backup tunnel if or when the LSP starts
actively using the backup tunnel. They differ from the original
(prefailure) objects only in that the node (the PLR) substitutes its own
IP address for that of the original sender. For example, path and
pathTear messages will contain the new SENDER_TEMPLATE. Resv
and resvTear messages will contain the new FILTERSPEC object. If
this LSP begins actively using the backup tunnel, the display changes.
Path ID handle Protection Switch Byte (PSB) identifier.
Incoming policy Policy decision of the LSP. If RSVP policy was not granted for the
incoming path message for the tunnel, the LSP does not come up.
Accepted is displayed.
Policy source(s) For FRR LSPs, this value always is MPLS/TE for the policy source.
Status For FRR LSPs, valid values are as follows:
• Proxied—Headend routers.
• Proxied Terminated—Tailend routers.
For midpoint routers, the field always is blank.

mpls traffic-eng fast-reroute backup-prot-preemption Changes the backup protection
preemption algorithm to minimize the
amount of bandwidth that is wasted.

QOS-815
show ip rsvp fast-reroute

To display information about fast-reroutable primary tunnels and their corresponding backup tunnels
that provide protection, use the show ip rsvp fast-reroute command in user EXEC or privileged EXEC
mode.
Command Default Information about fast-reroutable primary tunnels and their corresponding backup tunnels is not
displayed.

Privileged EXEC (#)

Examples The following example displays information about fast reroutable primary tunnels and their
corresponding backup tunnels that provide protection:
Router# show ip rsvp fast-reroute
Primary Protect BW Backup

Tunnel I/F BPS:Type Tunnel:Label State Level Type
------ ------- -------- ------------- ------ ----- ---
GSR1---R2---_t65336 PO1/0 0:G Tu1002:0 Ready any-unl Nhop
GSR1---R2---_t65338 PO4/0 0:G Tu1004:0 Ready any-unl Nhop
Table 74 show ip rsvp fast-reroute Field Descriptions
Field Description
Primary Tunnel Hostname and tunnel ID.
Protect I/F Interface that is being protected.
BW BPS:Type Bandwidth bits per second and pool from which bandwidth
comes. Valid values are G, global pool; S, subpool.
Backup Tunnel:Label Backup tunnel ID and label.

QOS-816
Table 74 show ip rsvp fast-reroute Field Descriptions (continued)
Field Description
State Status of protection. Valid values are Ready and Active.
Level Level of bandwidth. Valid values are any and unl (unlimited).
Type Type of backup tunnel: Nhop (next hop) or NNhop
(next-next hop).

mpls traffic-eng auto-tunnel primary config Enables IP processing without an explicit
address.
mpls traffic-eng auto-tunnel primary config mpls ip Enables LDP on primary autotunnels.
mpls traffic-eng auto-tunnel primary onehop Automatically creates primary tunnels to all
next-hops.
mpls traffic-eng auto-tunnel primary timers Configures how many seconds after a failure
primary autotunnels are removed.
mpls traffic-eng auto-tunnel primary tunnel-num Configures the range of tunnel interface
numbers for primary autotunnels.

QOS-817
show ip rsvp hello
show ip rsvp hello

To display hello status and statistics for Fast Reroute, reroute (hello state timer), and graceful restart, use
the show ip rsvp hello command in user EXEC or privileged EXEC mode.
show ip rsvp hello

Privileged EXEC (#)

12.0(29)S The command output was modified to include graceful restart, reroute
(hello state timer), and Fast Reroute information.
12.2(33)SRA The command output was modified to show whether graceful restart is
configured and full mode was added.
12.2(33)SRC The command output was modified to include Bidirectional Forwarding
Detection (BFD) protocol information.
Examples The following is sample output from the show ip rsvp hello command:
Router# show ip rsvp hello
Hello:
RSVP Hello for Fast-Reroute/Reroute: Enabled
Statistics: Disabled
BFD for Fast-Reroute/Reroute: Enabled
RSVP Hello for Graceful Restart: Disabled
Table 75 describes the significant fields shown in the display. The fields describe the processes for which
hello is enabled or disabled.

QOS-818
show ip rsvp hello
Table 75 show ip rsvp hello Field Descriptions
Field Description
RSVP Hello for Status of Fast-Reroute/Reroute:
Fast-Reroute/Reroute
• Enabled—Fast reroute and reroute (hello for state timer) are
activated (enabled).
• Disabled—Fast reroute and reroute (hello for state timer) are not
activated (disabled).
Statistics Status of hello statistics:
• Enabled—Statistics are configured. Hello packets are
time-stamped when they arrive in the hello input queue for the
purpose of recording the time required until they are processed.
• Disabled—Hello statistics are not configured.
• Shutdown—Hello statistics are configured but not operational.
The input queue is too long (that is, more than 10,000 packets are
queued).
BFD for Status of BFD for Fast-Reroute/Reroute:
Fast-Reroute/Reroute
• Enabled—BFD is configured.
• Disabled—BFD is not configured.
Graceful Restart Restart capability:
• Enabled—Restart capability is activated for a router (full mode) or
its neighbor (help-neighbor).
• Disabled—Restart capability is not activated.

ip rsvp signalling hello (configuration) Enables hello globally on the router.
ip rsvp signalling hello statistics Enables hello statistics on the router.
input queue.

QOS-819
show ip rsvp hello client lsp detail

To display detailed information about Resource Reservation Protocol (RSVP) traffic engineering (TE)
client hellos for label-switched paths (LSPs), use the show ip rsvp hello client lsp detail command in
user EXEC or privileged EXEC mode.

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp hello client lsp detail command to display information about the LSPs, including
IP addresses and their types.
Examples The following is sample output from the show ip rsvp hello client lsp detail command:
Router# show ip rsvp hello client lsp detail
Hello Client LSPs (all lsp tree)

Lsp flags: 0x32
Lsp GR DN nbr: 192.168.1.1
Lsp RR DN nbr: 10.0.0.3 HST
Table 76 show ip rsvp hello client lsp detail Field Descriptions
Field Description
Hello Client LSPs Current clients include graceful restart (GR), reroute (RR) (hello
state timer), and fast reroute (FRR).
Tun Dest IP address of the destination tunnel.
Tun ID Identification number of the tunnel.

QOS-820
Table 76 show ip rsvp hello client lsp detail Field Descriptions (continued)
Field Description
Ext Tun ID Extended identification number of the tunnel. Usually, this is the
same as the source address.
Tun Sender IP address of the tunnel sender.
LSP ID Identification number of the LSP.
Lsp flags LSP database information.
Lsp GR DN nbr IP address of the LSP graceful restart downstream neighbor.
Lsp RR DN nbr IP address LSP reroute downstream neighbor; HST—hello state
timer.

show ip rsvp hello Displays hello status and statistics for fast reroute, reroute (hello state
timer), and graceful restart.

QOS-821
show ip rsvp hello client lsp summary

To display summary information about Resource Reservation Protocol (RSVP) traffic engineering (TE)
client hellos for label-switched paths (LSPs), use the show ip rsvp hello client lsp summary command
in user EXEC or privileged EXEC mode.

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp hello client lsp summary command to display information about the LSPs,
including IP addresses and identification numbers.
Examples The following is sample output from the show ip rsvp hello client lsp summary command:
Router# show ip rsvp hello client lsp summary
Local Remote tun_id lsp_id FLAGS

10.1.1.1 172.16.1.1 14 31 0x32
Table 77 show ip rsvp hello client lsp summary Field Descriptions
Field Description
Local IP address of the tunnel sender.
Remote IP address of the tunnel destination.
tun_id Identification number of the tunnel.
lsp_id Identification number of the LSP.
FLAGS Database information.

QOS-822


QOS-823
show ip rsvp hello client neighbor detail

To display detailed information about Resource Reservation Protocol (RSVP) traffic engineering (TE)
client hellos for neighbors, use the show ip rsvp hello client neighbor detail command in user EXEC
or privileged EXEC mode.

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp hello client neighbor detail command to display information about the hello
neighbors, including their state and type.
Examples The following is sample output from the show ip rsvp hello client neighbor detail command:
Router# show ip rsvp hello client neighbor detail
Hello Client Neighbors
Remote addr 10.0.0.1, Local addr 10.0.0.3

Nbr State: Normal Type: Reroute
Nbr Hello State: Up
LSPs protecting: 1
I/F: Et1/3
Remote addr 172.16.1.1, Local addr 192.168.1.1

Nbr State: Normal Type: Graceful Restart
Nbr Hello State: Lost
LSPs protecting: 1
Table 78 describes the significant fields shown in the display. The fields provide information that
uniquely identifies the neighbors. Clients can include graceful restart, reroute (hello state timer), and fast
reroute.

QOS-824
Table 78 show ip rsvp hello client neighbor detail Field Descriptions
Field Description
Remote addr IP address of the remote neighbor. For graceful restart, this is the
neighbor router’s ID; for fast reroute and hello state timer (reroute),
this is one of the neighbor’s interface addresses.
Local addr IP address of the local neighbor. For graceful restart, this is the
neighbor router’s ID; for fast reroute and hello state timer (reroute),
this is one of the neighbor’s interface addresses.
Nbr State State of the neighbor; values can be the following:
• Normal = neighbor is functioning normally.
• Restarting = neighbor is restarting.
• Recover Nodal = neighbor is recovering from node failure.
• HST_GR_LOST = HST (hello state timer for reroute) is lost;
waiting to see if graceful restart (GR) is also lost.
• WAIT PathTear = PathTear message is delayed to allow traffic
in the pipeline to be transmitted.
Type Type of client; graceful restart, Reroute (hello state timer), or Fast
Reroute.
Nbr Hello State State of hellos for the neighbor. Values are as follows:
• Up—Node is communicating with its neighbor.
• Lost—Communication has been lost.
• Init—Communication is being established.
LSPs protecting Number of LSPs being protected.
I/F Interface name and number associated with the hello instance.


QOS-825
show ip rsvp hello client neighbor summary

To display summary information about Resource Reservation Protocol (RSVP) traffic engineering (TE)
client hellos for neighbors, use the show ip rsvp hello client neighbor summary command in user
EXEC or privileged EXEC mode.

Privileged EXEC (#)

Usage Guidelines Use the show ip rsvp hello client neighbor summary command to display information about the
neighbors, including state, type, and hello instance status.
Examples The following is sample output from the show ip rsvp hello client neighbor summary command:
Router# show ip rsvp hello client neighbor summary
LocalRemoteTypeNBR_STATEHI_STATELSPs
10.0.0.110.0.0.3RRNormalUp1
172.16.1.1192.168.1.1GRNormalLost1
Table 79 show ip rsvp hello client neighbor summary Field Descriptions
Field Description
Local IP address of the tunnel sender.
Remote IP address of the tunnel destination.
Type Type of client; graceful restart (GR), reroute (RR (hello state
timer)), or fast reroute (FRR).

QOS-826
Table 79 show ip rsvp hello client neighbor summary Field Descriptions (continued)
Field Description
NBR_STATE State of the neighbor; values can be the following:
• Normal—Neighbor is functioning normally.
• Restarting—Neighbor is restarting.
• Recover Nodal—Neighbor is recovering from node failure.
• HST_GR_LOST—HST (hello state timer for reroute) is lost;
waiting to see if graceful restart (GR) is also lost.
• WAIT PathTear—PathTear message is delayed to allow traffic
in the pipeline to be transmitted.
HI_STATE State of hello instances for the neighbor. Values are as follows:
LSPs Number of LSPs going to or coming from the neighbor.


QOS-827
show ip rsvp hello graceful-restart

To display information about Resource Reservation Protocol (RSVP) traffic engineering (TE) graceful
restart hellos, use the show ip rsvp hello graceful-restart command in user EXEC or privileged EXEC
mode.

Privileged EXEC (#)

12.2(33)SRA The command output was modified to show whether graceful restart is
configured and full mode was added.
Usage Guidelines Use the show ip rsvp hello graceful-restart command to display the status of graceful restart and
related statistics.
Examples The following is sample output from the show ip rsvp hello graceful-restart command:
Router# show ip rsvp hello graceful-restart
Graceful Restart: Enabled (full mode)

Refresh interval: 10000 msecs
Refresh misses: 4
DSCP: 0x30
Advertised restart time: 30000 msecs
Advertised recovery time: 120000 msecs
Maximum wait for recovery: 3600000 msecs

QOS-828
Table 80 show ip rsvp hello graceful-restart Field Descriptions
Field Description
• Enabled—Restart capability is activated for a router (full mode)
or its neighbor (help-neighbor).
Refresh interval Frequency in milliseconds (ms) with which a node sends a hello
message to its neighbor.
Refresh misses Number of missed hello messages that trigger a neighbor down
event upon which stateful switchover (SSO) procedures are started.
DSCP The differentiated services code point (DSCP) value in the IP
header of the hello messages.
Advertised restart time The time, in ms, that is required for the sender to restart the
RSVP-TE component and exchange hello messages after a failure.
Advertised recovery time The time, in ms, within which a recovering node wants its neighbor
router to resynchronize the RSVP or Multiprotocol Label Switching
(MPLS) forwarding state after SSO.
Note A zero value indicates that the RSVP or MPLS forwarding
state is not preserved after SSO.
Maximum wait for recovery The maximum amount of time, in ms, that the router waits for a
neighbor to recover.

clear ip rsvp Clears (sets to zero) the RSVP-TE HA counters that are being maintained
high-availability by an RP.
counters
ip rsvp signalling hello Enables RSVP-TE graceful restart support capability on an RP.
graceful-restart mode
ip rsvp signalling hello Enables RSVP-TE graceful restart support capability on a neighboring
graceful-restart router.
neighbor

QOS-829
show ip rsvp hello instance detail

To display detailed information about a hello instance, use the show ip rsvp hello instance detail
command in user EXEC or privileged EXEC mode.
show ip rsvp hello instance detail [filter destination ip-address]
Syntax Description filter destination ip-address (Optional) IP address of the neighbor node.

Privileged EXEC (#)

12.0(29)S The command output was modified to include graceful restart, hello state
timer (reroute), and fast reroute information.
Usage Guidelines Use the show ip rsvp hello instance detail command to display information about the processes
(clients) currently configured.
Examples The following is sample output from the show ip rsvp hello instance detail command:
Router# show ip rsvp hello instance detail

Type: Active (sending requests)
I/F: Serial2/0
State: Up (for 2d19h2d19h)
Clients: ReRoute
LSPs protecting: 1
Missed acks: 4, IP DSCP: 0x30
Refresh Interval (msec)
Configured: 6000
Statistics: (from 40722 samples)
Min: 6000
Max: 6064
Average: 6000
Waverage: 6000 (Weight = 0.8)
Current: 6000
Last sent Src_instance: 0xE617C847
Last recv nbr's Src_instance: 0xFEC28E95
Counters:

QOS-830
Num times: 0
Reasons:
Missed acks: 0
I/F went down: 0
Sent: 55854
Suppressed: 521

Type: Passive (responding to requests)
I/F: Serial2/1
Last sent Src_instance: 0xF7A80A52
Last recv nbr's Src_instance: 0xD2F1B7F7
Counters:
Sent: 199442
Table 81 show ip rsvp hello instance detail Field Descriptions
Field Description
Neighbor IP address of the adjacent node.
Source IP address of the node that is sending the hello message.
Type Values are Active (node is sending a request) and Passive (node
is responding to a request).
I/F Interface from which hellos are sent for this instance. Any means
that the hellos can be sent out any interface.
State Status of communication. Values are as follows:
Clients Clients that created this hello instance; they include graceful
restart, ReRoute (hello state timer), and Fast Reroute.
LSPs protecting Number of LSPs that are being protected by this hello instance.
Missed acks Number of times that communication was lost due to missed
acknowledgments (ACKs).
IP DSCP IP differentiated services code point (DSCP) value used in the
hello IP header.
Refresh Interval (msec) The frequency (in milliseconds) with which a node generates a
hello message containing a Hello Request object for each
neighbor whose status is being tracked.
Configured Configured refresh interval.
Statistics Refresh interval statistics from a specified number of samples
(packets).
Min Minimum refresh interval.

QOS-831
Table 81 show ip rsvp hello instance detail Field Descriptions (continued)
Field Description
Max Maximum refresh interval.
Average Average refresh interval.
Waverage Weighted average refresh interval.
Current Current refresh interval.
Last sent Src_instance The last source instance sent to a neighbor.
Last recv nbr’s Src_instance The last source instance field value received from a neighbor.
(0 means none received.)
Counters Incremental information relating to communication with a
neighbor.
Num times Total number of times that communication with a neighbor was
lost.
Reasons Subsequent fields designate why communication with a neighbor
was lost.
Missed acks Number of times that communication was lost due to missed
ACKs.
Bad Src_Inst received Number of times that communication was lost due to bad source
instance fields.
Bad Dst_Inst received Number of times that communication was lost due to bad
destination instance fields.
I/F went down Number of times that the interface became unoperational.
Neighbor disabled Hello Number of times that a neighbor disabled hello messages.
Msgs Received Number of messages that were received.
Sent Number of messages that were sent.
Suppressed Number of messages that were suppressed due to optimization.

show ip rsvp hello Displays hello status and statistics for Fast reroute, reroute
(hello state timer), and graceful restart.
show ip rsvp hello instance summary Displays summary information about a hello instance.

QOS-832

12.0(29)S The command output was modified to include graceful restart, reroute
(hello state timer), and fast reroute information.
Examples The following is sample output from the show ip rsvp hello instance summary command:
Router# show ip rsvp hello instance summary
Active Instances:
Client Neighbor I/F State LostCnt LSPs Interval
RR 10.0.0.3 Se2/0 Up 0 1 6000
GR 10.1.1.1 Any Up 13 1 10000
GR 10.1.1.5 Any Lost 0 1 10000
GR 10.2.2.1 Any Init 1 0 5000
Passive Instances:
Neighbor I/F
10.0.0.1 Se2/1
Active = Actively tracking neighbor state on behalf of clients:

RR = ReRoute, FRR = Fast ReRoute, or GR = Graceful Restart
Passive = Responding to hello requests from neighbor
Table 82 show ip rsvp hello instance summary Field Descriptions
Field Description
Active Instances Active nodes that are sending hello requests.
Client Clients on behalf of which hellos are sent; they include GR (graceful
restart), RR (reroute = hello state timer), and FRR (Fast Reroute).
Neighbor IP address of the adjacent node. For graceful restart, this is the neighbor
router’s ID; for Fast Reroute and hello state timer (reroute), this is one
of the neighbor’s interface addresses.
I/F Interface from which hellos are sent for this instance. Any means that
the hellos can be sent out any interface.
State Status of communication. Values are as follows:
LostCnt Number of times that communication was lost with the neighbor.
LSPs Number of label-switched paths (LSPs) protected by this hello instance.
Interval Hello refresh interval in milliseconds.

QOS-833
Table 82 show ip rsvp hello instance summary Field Descriptions (continued)
Field Description
Passive Instances Passive nodes that are responding to hello requests.
Neighbor IP address of adjacent node. For graceful restart, this is the neighbor
router’s ID; for Fast Reroute and hello state timer (reroute), this is one
of the neighbor’s interface addresses.
I/F Interface from which hellos are sent for this instance. Any means that
the hellos can be sent out any interface.

show ip rsvp hello Displays hello status and statistics for fast reroute,
reroute (hello state timer), and graceful restart.
show ip rsvp hello instance detail Displays detailed information about a hello instance.

QOS-834
show ip rsvp hello statistics

To display how long hello packets have been in the hello input queue, use the show ip rsvp hello
statistics command in user EXEC or privileged EXEC mode.
Command Default Information about how long hello packets have been in the hello input queue is not displayed.

Privileged EXEC (#)

Usage Guidelines You can use this command to determine if the hello refresh interval is too small. If the interval is too
small, communication may falsely be declared as lost.
Examples The following is sample output from the show ip rsvp hello statistics command:
Status: Enabled
Wait times (msec)
Current:0
Average:0
Max:4

QOS-835
Table 83 show ip rsvp hello statistics Field Descriptions
Field Description
Status Indicator of whether Hello has been enabled globally on the router.
Current Amount of time, in milliseconds, that the current hello packet has been in
the Hello input queue.
Average Average amount of time, in milliseconds, that hello packets are in the Hello
input queue.
Max Maximum amount of time, in milliseconds, that hello packets have been in
the Hello input queue.
Current length Current amount of time, in milliseconds, that hello packets have been in the
Hello input queue.
Number of samples taken Number of packets for which these statistics were compiled.

clear ip rsvp hello instance statistics Clears hello statistics for an instance.
clear ip rsvp hello statistics Clears hello statistics globally.
ip rsvp signalling hello refresh interval Configures the hello request interval.

QOS-836
show ip rsvp high-availability counters

To display all Resource Reservation Protocol (RSVP) traffic engineering (TE) high availability (HA)
counters that are being maintained by a Route Processor (RP), use the show ip rsvp high-availability
counters command in user EXEC or privileged EXEC mode.

Privileged EXEC

12.2(33)SRB Support for In-Service Software Upgrade (ISSU) was added.
Usage Guidelines Use the show ip rsvp high-availability counters command to display the HA counters, which include
state, ISSU, checkpoint messages, resource failures, and errors.
The command output differs depending on whether the RP is active or standby. (See the “Examples”
section for more information.)
Use the clear ip rsvp high-availability counters command to clear all counters.
Examples The following is sample output from the show ip rsvp high-availability counters command on the
active RP:
Router# show ip rsvp high-availability counters
State: Active
Bulk sync
initiated: 3
Send timer
started: 1
Checkpoint Messages (Items) Sent

Succeeded: 3 (6)
Acks accepted:3 (6)
Acks ignored: (0)
Nacks: 0 (0)
Failed: 0 (0)
Buffer alloc: 3
Buffer freed: 3

QOS-837
ISSU:
Checkpoint Messages Transformed:
On Send:
Succeeded: 3
Failed: 0
Transformations: 0
On Recv:
Succeeded: 0
Failed: 0
Transformations: 0
Negotiation:
Started: 3
Finished: 3
Failed to Start: 0
Messages:
Sent:
Send succeeded: 21
Send failed: 0
Buffer allocated: 21
Buffer freed: 0
Buffer alloc failed: 0
Received:
Succeeded: 15
Failed: 0
Buffer freed: 15
Init:
Succeeded: 1
Failed: 0
Session Registration:
Succeeded: 2
Failed: 0
Session Unregistration:
Succeeded: 2
Failed: 0
Errors:
None
Table 84 show ip rsvp high-availability counters—Active RP Field Descriptions
Field Description
State The RP state:
• Active—Active RP.
Bulk sync The number of requests made by the standby RP to the active
RP to resend all write database entries:
• Initiated—The number of bulk sync operations initiated
by the standby RP since reboot.
Send timer The write database timer.
Checkpoint Messages (Items) Sent The details of the bundle messages or items sent since
booting.

QOS-838
Table 84 show ip rsvp high-availability counters—Active RP Field Descriptions (continued)
Field Description
Succeeded The number of bundle messages or items sent from the active
RP to the standby RP since booting. Values are the following:
• Acks accepted—The number of bundle messages or
items sent from the active RP to the standby RP.
• Acks ignored—The number of bundle messages or items
sent by the active RP, but rejected by the standby RP.
• Nacks—The number of bundle messages or items given
to the checkpointing facility (CF) on the active RP for
transmitting to the standby RP, but failed to transmit.
Failed The number of bundle messages or items the active RP
attempted to send the standby RP when the send timer
updated, but received an error back from CF.
Buffer alloc Storage space allocated.
Buffer freed Storage space available.
ISSU In-Service Software Upgrade (ISSU) counters.
Checkpoint Messages Transformed The details of the bundle messages or items transformed
(upgraded or downgraded for compatibility) since booting so
that the active RP and the standby RP can interoperate.
On Send The number of messages sent by the active RP that
succeeded, failed, or were transformations.
On Recv The number of messages received by the active RP that
succeeded, failed, or were transformations.
Negotiation The number of times that the active RP and the standby RP
have negotiated their interoperability parameters.
Started The number of negotiations started.
Finished The number of negotiations finished.
Failed to Start The number of negotiations that failed to start.
Messages The number of negotiation messages sent and received. These
messages can be succeeded or failed.
• Send succeeded—Number of messages sent
successfully.
• Send failed—Number of messages sent unsuccessfully.
• Buffer allocated—Storage space allowed.
• Buffer freed—Storage space available.
• Buffer alloc failed—No storage space available.
Init The number of times the RSVP ISSU client has successfully
and unsuccefully (failed) initialized.
Session Registration The number of session registrations, succeeded and failed,
performed by the active RP whenever the standby RP reboots.

QOS-839
Table 84 show ip rsvp high-availability counters—Active RP Field Descriptions (continued)
Field Description
Session Unregistration The number of session unregistrations, succeeded and failed,
before the standby RP resets.
Errors The details of errors or caveats.
The following is sample output from the show ip rsvp high-availability counters command on the
standby RP:
Router# show ip rsvp high-availability counters
State: Standby
Checkpoint Messages (Items) Received

Valid: 1 (2)
Invalid: 0 (0)
Buffer freed: 1
ISSU:
Checkpoint Messages Transformed:
On Send:
Succeeded: 0
Failed: 0
Transformations: 0
On Recv:
Succeeded: 1
Failed: 0
Transformations: 0
Negotiation:
Started: 1
Finished: 1
Failed to Start: 0
Messages:
Sent:
Send succeeded: 5
Send failed: 0
Buffer allocated: 5
Buffer freed: 0
Buffer alloc failed: 0
Received:
Succeeded: 7
Failed: 0
Buffer freed: 7
Init:
Succeeded: 1
Failed: 0
Session Registration:
Succeeded: 0
Failed: 0
Session Unregistration:
Succeeded: 0
Failed: 0
Errors:
None

QOS-840
Table 85 show ip rsvp high-availability counters—Standby RP Field Descriptions
Field Description
State The RP state:
• Standby—Standby (backup) RP.
Checkpoint Messages (Items) Received The details of the messages or items received by the standby
RP. Values are the following:
• Valid—The number of valid messages or items received
by the standby RP.
• Invalid—The number of invalid messages or items
received by the standby RP.
• Buffer freed—Amount of storage space available.
ISSU ISSU counters.
Note For descriptions of the ISSU fields, see Table 84.
Errors The details of errors or caveats.

clear ip rsvp Clears (sets to zero) the RSVP-TE HA counters that are being maintained by
high-availability an RP.
counters
show ip rsvp Displays the contents of the RSVP-TE HA read and write databases used in
high-availability TE SSO.
database
show ip rsvp Displays summary information for an RSVP-TE HA RP.
high-availability
summary

QOS-841
show ip rsvp high-availability database

To display the contents of the Resource Reservation Protocol (RSVP) high availability (HA) read and
write databases used in traffic engineering (TE), use the show ip rsvp high-availability database
show ip rsvp high-availability database {hello | link-management {interfaces | system} | lsp

[filter destination ip-address | filter lsp-id lsp-id | filter source ip-address | filter tunnel-id
tunnel-id] | lsp-head [filter number] | summary}
Syntax Description hello Displays information about the hello entries in the read and write databases.
link-management Displays information about the link-management entries in the read and
write databases.
interfaces Displays information about the link-management interfaces in the read and
write databases.
system Displays information about the link-management system in the read and
write databases.
lsp Displays information about the label switched path (LSP) entries in the read
and write databases.
filter destination (Optional) Displays filtered information on the IP address of the destination
ip-address (tunnel tail).
filter lsp-id lsp-id (Optional) Displays filtered information on a specific LSP ID designated by
a number from 0 to 65535.
filter source ip-address (Optional) Displays filtered information on the IP address of the source
(tunnel head).
filter tunnel-id (Optional) Displays filtered information on a specific tunnel ID designated
tunnel-id by a number from 0 to 65535.
lsp-head Displays information about the LSP-headend entries in the read and write
databases.
filter number (Optional) Displays filtered information on a specific LSP-head router
designated by a number from 0 to 65535.
summary Displays cumulative information about the entries in the read and write
databases.

Privileged EXEC (#)

12.2(33)SRB The command output was modified to display the result of a loose hop
expansion performed on the router.

QOS-842
12.2(33)SRC This command was integrated into Cisco IOS Release 12.2(33)SRC. The
command output was modified to include path protection information if you
specify the lsp-head keyword.
Usage Guidelines Use the show ip rsvp high-availability database command to display information about the entries in
the read and write databases.
Use the show ip rsvp high-availability database lsp command to display loose hop information. A
loose hop expansion can be performed on a router when the router processes the explicit router object
(ERO) for an incoming path message. After the router removes all local IP addresses from the incoming
ERO, it finds the next hop. If the ERO specifies that the next hop is loose instead of strict, the router
consults the TE topology database and routing to determine the next hop and output interface to forward
the path message. The result of the calculation is a list of hops; that list is placed in the outgoing ERO
and checkpointed with the LSP data as the loose hop information.
Use the show ip rsvp high-availability database lsp-head command on a headend router only. On other
routers, this command gives no information.
Examples Hello Example on Active RP

The following is sample output from the show ip rsvp high-availability database hello command on
an active Route Processor (RP):
Router# show ip rsvp high-availability database hello
HELLO WRITE DB
Header:
State: Checkpointed Action: Add
Seq #: 1 Flags: 0x0
Data:
Last sent Src_instance: 0xDE435865
HELLO READ DB
Table 86 show ip rsvp high-availability database hello—Active RP Field Descriptions
Field Description
HELLO WRITE DB Storage area for active RP hello data consisting of
checkpointed RSVP-TE information that is sent to the
standby RP when it becomes the active RP and needs to
recover LSPs. This field is blank on a standby RP.
Header Header information.

QOS-843
Table 86 show ip rsvp high-availability database hello—Active RP Field Descriptions (continued)
Field Description
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
acknowledgment (ack) of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and negative acknowledgments (nacks) to
messages sent.
Flags Attribute used to identify or track data.
Data Information.
Last sent Src_instance Last source instance identifier sent.
HELLO READ DB Storage area for standby RP hello data. This field is blank on
an active RP except when it is in recovery mode.
Hello Example on Standby RP

The following is sample output from the show ip rsvp high-availability database hello command on a
standby RP:
Router# show ip rsvp high-availability database hello
HELLO WRITE DB
HELLO READ DB
Header:
Seq #: 1 Flags: 0x0
Data:
Last sent Src_instance: 0xDE435865
These fields are the same as those for the active RP described in Table 86 except they are now in the read
database for the standby RP.
Link-Management Interfaces Example on an Active RP

The following is sample output from the show ip rsvp high-availability database link-management
interfaces command on an active RP:
Router# show ip rsvp high-availability database link-management interfaces

QOS-844
TE LINK WRITE DB
Flooding Protocol: ospf IGP Area ID: 0 Link ID: 0 (GigabitEthernet3/2)
Header:
Seq #: 4 Flags: 0x0
Data:
Ifnumber: 5 Link Valid Flags: 0x193B
Link Subnet Type: Broadcast
Local Intfc ID: 0 Neighbor Intf ID: 0
Link IP Address: 172.16.3.1
Neighbor IGP System ID: 172.16.3.2 Neighbor IP Address: 10.0.0.0
IGP Metric: 1 TE Metric: 1
Physical Bandwidth: 1000000 kbits/sec
Res. Global BW: 3000 kbits/sec
Res. Sub BW: 0 kbits/sec
Upstream::
Global Pool Sub Pool
----------- ----------
Reservable Bandwidth[0]: 0 0 kbits/sec
Downstream::
Global Pool Sub Pool
----------- ----------
Affinity Bits: 0x0
Protection Type: Capability 0, Working Priority 0
Number of TLVs: 0
Table 87 show ip rsvp high-availability database link-management interfaces—Active RP Field

Descriptions
Field Description
TE LINK WRITE DB Storage area for active TE RP link data. This field is blank on
a standby RP.
Flooding Protocol Protocol that is flooding information for this area. ospf =
Open Shortest Path First.
IGP Area ID Interior Gateway Protocol (IGP) identifier for the area being
flooded.
Link ID Link identifier and interface for the area being flooded.

QOS-845

Descriptions (continued)
Field Description
acknowledged.
ack of the delete operation.
message acks and nacks to messages sent.
Data Information.
Ifnumber Interface number.
Link Valid Flags Attributes used to identify or track links.
Link Subnet Type Subnet type of the link. Values are as follows:
• Broadcast—Data for multiple recipients.
• Nonbroadcast Multiaccess—A network in which data is
transmitted directly from one computer to another over a
virtual circuit or across a switching fabric.
• Point-to-Multipoint—Unidirectional connection in
which a single source end system (known as a root node)
connects to multiple destination end systems (known as
leaves).
• Point-to-Point—Unidirectional or bidirectional
connection between two end systems.
• Unknown subnet type—Subnet type not identified.
Local Intfc ID Local interface identifier.
Neighbor Intf ID Neighbor’s interface identifier.
Link IP Address IP address of the link.
Neighbor IGP System ID Neighbor system identifier configured using IGP.
Neighbor IP Address Neighbor’s IP address.
IGP Metric Metric value for the TE link configured using IGP.

QOS-846

Descriptions (continued)
Field Description
TE Metric Metric value for the TE link configured using Multiprotocol
Label Switching (MPLS) TE.
Physical Bandwidth Link bandwidth capacity (in kilobits per second).
Res. Global BW Amount of reservable global pool bandwidth (in kilobits per
second) on this link.
Res. Sub BW Amount of reservable subpool bandwidth (in kilobits per
second) on this link.
Upstream Header for the following section of bandwidth values.
Global Pool Global pool bandwidth (in kilobits per second) on this link.
Sub Pool Subpool bandwidth (in kilobits per second) on this link.
Reservable Bandwidth [1] Amount of bandwidth (in kilobits per second) available for
reservations in the global TE topology and subpools.
Downstream Header for the following section of bandwidth values.
Affinity Bits Link attributes required in tunnels.
Protection Type LSPs protected by fast reroute (FRR). Capability = LSPs
capable of using FRR. Working Priority = LSPs actually
using FRR.
Number of TLVs Number of type, length, values (TLVs).
The fields for a standby RP are the same as those described in Table 87 except they are now in the TE
link read database instead of the TE link write database that is used by an active RP.
Link-Management System Example on an Active RP

The following is sample output from the show ip rsvp high-availability database link-management
system command on an active RP:
Router# show ip rsvp high-availability database link-management system
TE SYSTEM WRITE DB
Flooding Protocol: OSPF IGP Area ID: 0
Header:
State: Checkpointed Action: Modify
Seq #: 4 Flags: 0x0
Data:
LM Flood Data::
LSA Valid flags: 0x0 Node LSA flag: 0x0
IGP System ID: 172.16.3.1 MPLS TE Router ID: 10.0.0.3
Flooded links: 1 TLV length: 0 (bytes)
Fragment id: 0
TE SYSTEM READ DB

QOS-847
Table 88 show ip rsvp high-availability database link-management system—Active RP Field

Descriptions
Field Description
TE SYSTEM WRITE DB Storage area for active TE RP system data. This field is blank
on a standby RP.
Flooding Protocol Protocol that is flooding information for this area. OSPF =
Open Shortest Path First.
IGP Area ID IGP identifier for the area being flooded.
acknowledged.
Data Information.
LM Flood Data Link management (LM) flood data.
LSA Valid flags Link-state advertisement (LSA) attributes.
Node LSA flag LSA attributes used by a router.
IGP System ID Identification (IP address) that IGP flooding uses in this area
to identify this node.
MPLS TE Router ID MPLS TE router identifier (IP address).
Flooded links Number of flooded links.
TLV length TLV length in bytes.
Fragment id Fragment identifier for this link.
TE SYSTEM READ DB Storage area for standby TE RP system data. This field is
blank on a standby RP.
The fields for a standby RP are the same as those described in Table 88 except they are now in the TE
system read database instead of the TE system write database that is used by an active RP.

QOS-848
LSP Example on an Active RP

The following is sample output from the show ip rsvp high-availability database lsp command on an
active RP:
Router# show ip rsvp high-availability database lsp
LSP WRITE DB
Tun ID: 10 LSP ID: 8
Dest: 10.0.0.9
Sender: 10.0.0.3 Ext. Tun ID: 10.0.0.3
Header:
Seq #: 3 Flags: 0x0
Data:
InLabel: -
Out I/F: Gi3/2
Next-Hop: 172.16.3.1
OutLabel: 17
Loose hop info:

10.0.0.2 10.10.2.2 10.10.2.3 10.1.1.1
LSP READ DB
Table 89 show ip rsvp high-availability database lsp—Active RP Field Descriptions
Field Description
LSP WRITE DB Storage area for active RP LSP data. This field is blank on a
standby RP.
Tun ID Tunnel identifier.
LSP ID LSP identifier.
Dest Tunnel destination IP address.
Sender Tunnel sender IP address.
Ext. Tun ID Extended tunnel identifier; usually set to 0 or the sender’s IP
address.
acknowledged.

QOS-849
Table 89 show ip rsvp high-availability database lsp—Active RP Field Descriptions (continued)
Field Description
Data Information.
InLabel Incoming label identifier.
Out I/F Outgoing interface.
Next-Hop Next hop IP address.
OutLabel Outgoing label identifier.
Loose hop info Lists the loose hop expansions performed on the router, or
specifies None.
LSP READ DB Storage area for standby RP LSP data. This field is blank on
an active RP.
The fields for a standby RP are the same as those described in Table 89 except they are now in the LSP
read database instead of the LSP write database that is used by an active RP.
LSP-Head Example on an Active RP

The following is sample output from the show ip rsvp high-availability database lsp-head command
on an active RP:
Router# show ip rsvp high-availability database lsp-head
LSP_HEAD WRITE DB
Tun ID: 10
Header:
Seq #: 3 Flags: 0x0
Data:
lsp_id: 8, bandwidth: 100, thead_flags: 0x1, popt: 1
feature_flags: path protection active
output_if_num: 5, output_nhop: 172.16.3.2
RRR path setup info
Destination: 10.0.0.9, Id: 10.0.0.9 Router Node (ospf) flag:0x0
IGP: ospf, IGP area: 0, Number of hops: 5, metric: 2
Hop 0: 172.16.3.1, Id: 172.16.3.1 Router Node (ospf), flag:0x0
LSP_HEAD READ DB

QOS-850
Table 90 show ip rsvp high-availability database lsp-head—Active RP Field Descriptions
Field Description
LSP_HEAD WRITE DB Storage area for active RP LSP-head data. This field is blank
on a standby RP.
Tun ID Tunnel identifier.
acknowledged.
Data Information.
lsp_id LSP identifier.
bandwidth Bandwidth on the LSP (in kilobits per second).
thead_flags Tunnel head attribute used to identify or track data.
popt Parsing option number.
feature_flags Indicates whether the LSP being used to forward traffic is the
secondary LSP using the path protection path-option. Valid
values are as follows:
• none
• path protection active
output_if_num Output interface number.
output_nhop Output next hop IP address.
RRR path setup info Routing with Resource Reservation (RRR) path information.
Destination Destination IP address.

QOS-851
Table 90 show ip rsvp high-availability database lsp-head—Active RP Field Descriptions
Field Description
Id IP address and protocol of the routing node. Values are the
following:
• isis = Intermediate System-to-Intermediate System
• ospf = Open Shortest Path First
flag Attribute used to track data.
IGP Interior Gateway Protocol. ospf = Open Shortest Path First.
IGP area IGP area identifier.
Number of hops Number of connections or routers.
metric Routing cost.
Hop Hop’s number and IP address.
Id IP address and protocol of the routing node. Values are the
following:
• isis = Intermediate System-to-Intermediate System
• ospf = Open Shortest Path First
flag Attribute used to track data.
LSP_HEAD READ DB Storage area for standby RP LSP-head data. This field is
blank on an active RP.
The fields for a standby RP are the same as those described in Table 90 except they are now in the
LSP_head read database instead of the LSP_head write database that is used by an active RP.
Summary Example on an Active RP

The following is sample output from the show ip rsvp high-availability database summary command
on an active RP:
Router# show ip rsvp high-availability database summary
Write DB:
Send-Pending: 0
Ack-Pending : 0
Checkpointed: 10
Total : 10
Read DB:
Total : 0
Table 91 show ip rsvp high-availability database summary—Active RP Field Descriptions
Field Description
Write DB Storage area for active RP summary data. This field is blank
on a standby RP.
Send-Pending Entries are waiting to be sent.

QOS-852
Table 91 show ip rsvp high-availability database summary—Active RP Field Descriptions
Field Description
Ack-Pending Entries have been sent, but are waiting to be acknowledged.
Checkpointed Entries have been sent and acknowledged.
Total Total number of entries in the write database.
Total Total number of entries in the read database.
Summary Example on a Standby RP

The following is sample output from the show ip rsvp high-availability database summary command
on a standby RP:
Router# show ip rsvp high-availability database summary
Write DB:
Send-Pending: 0
Ack-Pending : 0
Checkpointed: 0
Total : 0
Read DB:
Total : 10
Table 92 show ip rsvp high-availability database summary—Standby RP Field Descriptions
Field Description
Write DB Storage area for active RP summary data.
Send-Pending Entries are waiting to be sent.
Ack-Pending Entries have been sent, but are waiting to be acknowledged.
Checkpointed Entries have been sent and acknowledged.
Total Total number of entries in the write DB.
Total Total number of entries in the read DB.

show ip rsvp high-availability counters Displays all RSVP HA counters that are being
maintained by an RP.
show ip rsvp high-availability summary Displays summary information for an RSVP HA RP.

QOS-853
show ip rsvp high-availability summary

To display summary information for a Resource Reservation Protocol (RSVP) traffic engineering (TE)
high availability (HA) Route Processor (RP), use the show ip rsvp high-availability summary

Privileged EXEC

Usage Guidelines Use the show ip rsvp high-availability summary command to display information about the HA
parameters currently configured on an RP.
The command output differs depending on whether the RP is active or standby.
Examples The following is sample output from the show ip rsvp high-availability summary command on an
active RP:
Router# show ip rsvp high-availability summary
State:
Graceful-Restart: Enabled, mode: full
HA state: Active
Checkpointing: Allowed
Messages:
Send timer: not running (Interval: 1000 msec)
Items sent per Interval: 200
CF buffer size used: 2000
Note On a standby RP, only the first three lines of the output are displayed. On an active RP, all lines are
displayed.

QOS-854
Table 93 show ip rsvp high-availability summary Field Descriptions
Field Description
State Status of graceful restart and HA.
• Enabled—Restart capability is activated for a router (full
mode) or its neighbor (help-neighbor).
HA state The RP state, which is the following:
• Active—Active RP.
• Standby—Standby (backup) RP.
• Recovering—The active RP is in recovery period.
Checkpointing The function that copies state information (write database
entries) from the active RP to the standby RP. Values are the
following:
• Allowed—Functioning normally.
• Not Allowed—Checkpointing is not allowed. Reasons
may be that the RP is not present or not ready.
Messages The checkpointed messages that the active RP sends to the
standby RP during a specified interval.
Send timer The write database timer. Values are the following:
• running—Entries are in the write database in the
send-pending state and checkpointing is allowed.
• not running—Checkpointing is not allowed or the write
database is empty.
Note Entries in the write database can be in the following
states:
• Send-Pending—The entry has not been sent to the

standby RP yet.
• Ack-Pending—The entry was sent to the standby RP, but
no acknowledgment was received from the standby RP
yet.
• Checkpointed—The checkpointing facility (CF)
message has been acknowledged by the standby RP,
which notifies the active RP.
Interval Time, in milliseconds (ms), when the active RP sends
messages to the standby RP.

QOS-855
Table 93 show ip rsvp high-availability summary Field Descriptions (continued)
Field Description
Items sent per Interval The number of database entries (data that has been taken
from the write database and packed into bundle message for
transmitting to the standby RP), which the active RP sends to
the standby RP each time the write database timer activates.
CF buffer size used Amount of storage space, in bytes, used by the checkpointing
facility.
In some cases, the checkpointing field displays Not Allowed. Here is an excerpt from sample output:
Checkpointing: Not Allowed
Peer RP Present : No
RF Comm. Up : No
Flow Control On : No
CF Comm. Up : No
RF Ready to Recv: No
Note If checkpointing is allowed, the attributes displayed in the sample output do not appear. Refer to the
show ip rsvp high-availability summary command output on an active RP for more details.
Table 94 show ip rsvp high-availability summary—Checkpointing Field Descriptions
Field Description
Peer RP Present : No The active RP cannot communicate with any peer RP.
Note This can happen if the standby RP is removed, or if it
is temporarily unavailable, such as during a restart.
RF Comm. Up : No The redundant facility (RF) on the active RP is unable to
communicate with the RF on the standby RP.
Flow Control On : No The active RP cannot send Internet Protocol communications
(IPC) messages (using checkpointing) to the standby RP
because flow control is off.
CF Comm. Up : No The TE CF client on the active RP is unable to communicate
with the TE CF client on the standby RP.
RF Ready to Recv : No The RF on the standby RP is not ready to receive checkpoint
messages.
The following is sample output from the show ip rsvp high-availability summary command after a
stateful switchover (SSO) has occurred.
Router# show ip rsvp high-availability summary
State:
Graceful-Restart: Enabled
HA state: active
Checkpointing: Allowed

QOS-856
Recovery Time (msec)

Advertised: 120000 msec
Last recorded: 75012 msec
Messages:
Send timer: not running (Interval:1000)
Items sent per Interval: 200
Table 95 describes the significant fields shown in the display

.
Table 95 show ip rsvp high-availability summary—After an SSO Field Descriptions
Field Description
Advertised The advertised recovery time, in milliseconds.
Last recorded The last recorded recovery time, in milliseconds.

clear ip rsvp Clears (sets to zero) the RSVP-TE HA counters that are being maintained by
high-availability an RP.
counters
show ip rsvp Displays the RSVP-TE HA counters that are being maintained by an RP.
high-availability
counters
show ip rsvp Displays the contents of the RSVP-TE HA read and write databases used in
high-availability TE SSO.
database

QOS-857
show ip rsvp host
show ip rsvp host

To display specific information for a Resource Reservation Protocol (RSVP) host, use the show ip rsvp
host command in user EXEC or privileged EXEC mode.
show ip rsvp host {senders | receivers} [group-name | group-address]
Syntax Description senders RSVP-related sender information currently in the database.

receivers RSVP-related receiver information currently in the database.
group-name (Optional) Hostname of the source or destination.
group-address (Optional) IP address of the source or destination.

Privileged EXEC

12.4(6)T The command output was modified to display RSVP identity information
when configured.
Usage Guidelines Use the show ip rsvp host command to display static RSVP senders and receivers. If a router has any
local host receivers or senders that have RSVP identities configured, the application IDs that they use
are also displayed.
Examples In the following example from the show ip rsvp host senders command, no RSVP identities are
configured for the local sender:
Router# show ip rsvp host senders

192.168.104.3 192.168.104.1 UDP 1 1 10K
Mode(s): Host CLI
Table 96 show ip rsvp host senders (No RSVP Identities Configured) Field Descriptions
Field Description
Pro Protocol code. IP protocol such as TCP or UDP.

QOS-858
show ip rsvp host
Table 96 show ip rsvp host senders (No RSVP Identities Configured) Field Descriptions
Field Description
DPort Destination port number. Code 1 indicates IP protocol such as
TCP or UDP.
Sport Source port number. Code 1 indicates IP protocol such as TCP
or UDP.
Prev Hop IP address of the previous hop. Blank means no previous hop.
I/F Interface of the previous hop.
BPS Reservation rate, in bits per second (bps).
Mode(s) Any of the following strings:
• Host—The router is acting as the host system or RSVP
endpoint for this reservation.
• LSP-Tunnel—The reservation is for a Traffic Engineering
(TE) tunnel.
• MIB—The reservation was created via an SNMP SET
directive from a remote management station.
• CLI—The reservation was created via a local RSVP CLI
command.
• Host CLI—A combination of the host and CLI strings
meaning that the static sender being displayed was created
by the ip rsvp sender-host CLI command.
In the following example from the show ip rsvp host senders command, an RSVP identity is configured
for the local sender and more information displays:
Router# show ip rsvp host senders

192.168.104.3 192.168.104.1 UDP 1 1 10K
Mode(s): Host CLI
Identity: voice100
Locator: GUID=www.cisco.com,APP=voice,VER=100.0
ID Type: Application
Table 97 show ip rsvp host senders (RSVP Identity Configured) Field Descriptions
Field Description
Pro Protocol code. IP protocol such as TCP or UDP.
DPort Destination port number. Code 1 indicates IP protocol such as
TCP or UDP.
Sport Source port number. Code 1 indicates IP protocol such as TCP
or UDP.
Prev Hop IP address of the previous hop. Blank means no previous hop.

QOS-859
show ip rsvp host
Table 97 show ip rsvp host senders (RSVP Identity Configured) Field Descriptions (continued)
Field Description
BPS Reservation rate in bits per second (bps).
Mode(s) Any of the following strings:
• Host—The router is acting as the host system or RSVP
endpoint for this reservation.
• LSP-Tunnel—The reservation is for a Traffic Engineering
(TE) tunnel.
• MIB—The reservation was created via an SNMP SET
directive from a remote management station.
• CLI—The reservation was created via a local RSVP CLI
command.
• Host CLI—A combination of the host and CLI strings
meaning that the static sender being displayed was created
by the ip rsvp sender-host CLI command.
Identity The alias string for the RSVP application ID.
Locator The application ID that is being signaled in the RSVP PATH
message for this statically-configured sender.
ID Type Types of identities. RSVP defines two types: application IDs
(Application) and user IDs (User). Cisco IOS software
currently supports Application only.

ip rsvp sender-host Enables a router to simulate a host generating an RSVP PATH message.

QOS-860
show ip rsvp installed

To display Resource Reservation Protocol (RSVP)-related installed filters and corresponding bandwidth
information, use the show ip rsvp installed command in user EXEC or privileged EXEC mode.
show ip rsvp installed [interface-type interface-number] [detail]
Syntax Description interface-type (Optional) Type of the interface.

interface-number (Optional) Number of the interface.
detail (Optional) Displays additional information about interfaces and their
reservations.

Privileged EXEC (#)

12.2(15)T The command output was modified to display the resources required for a
traffic control state block (TCSB) after compression has been taken into
account.
12.2(33)SRC The command output was modified to display RSVP aggregation
information.
Usage Guidelines The show ip rsvp installed command displays information about interfaces and their reservations. Enter
the optional detail keyword for additional information, including the reservation’s traffic parameters,
downstream hop, compression, and resources used by RSVP to ensure quality of service (QoS) for this
reservation.
Examples show ip rsvp installed Example

The following is sample output from the show ip rsvp installed command:
Router# show ip rsvp installed
RSVP: Ethernet1: has no installed reservations

RSVP: Serial0:
kbps To From Protocol DPort Sport Weight Conversation
0 192.168.0.0 172.16.2.28 UDP 20 30 128 270
150 192.168.0.1 172.16.2.1 UDP 20 30 128 268
100 192.168.0.1 172.16.1.1 UDP 20 30 128 267
200 192.168.0.1 172.16.1.25 UDP 20 30 256 265

QOS-861
200 192.168.0.2 172.16.1.25 UDP 20 30 128 271

0 192.168.0.2 172.16.2.28 UDP 20 30 128 269
150 192.168.0.2 172.16.2.1 UDP 20 30 128 266
350 192.168.0.3 172.16.0.0 UDP 20 30 128 26
Table 98 show ip rsvp installed Field Descriptions
Field Description
kbps Reserved rate in kilobits per second.
To IP address of the source device.
From IP address of the destination device.
Protocol Protocol code. Code indicates IP protocol such as TCP or User Datagram
Protocol (UDP).
Weight Weight used in Weighted Fair Queueing (WFQ).
Conversation WFQ conversation number.
Note If WFQ is not configured on the interface, weight and conversation
will be zero.
RSVP Compression Method Prediction Examples

The following sample output from the show ip rsvp installed detail command shows the compression
parameters, including the compression method, the compression context ID, and the bytes saved per
packet, on serial interface 3/0 in effect:
RSVP:Ethernet2/1 has no installed reservations
RSVP:Serial3/0 has the following installed reservations

RSVP Reservation. Destination is 10.1.1.2. Source is 10.1.1.1,
Compression:(method rtp, context ID = 1, 37.98 bytes-saved/pkt avg)
Admitted flowspec:
Reserved bandwidth:65600 bits/sec, Maximum burst:328 bytes, Peak rate:80K bits/sec
Admitted flowspec (as required if compression were not applied):
Reserved bandwidth:80K bits/sec, Maximum burst:400 bytes, Peak rate:80K bits/sec
WFQ on FR PVC dlci 101 on Se3/0: PRIORITY queue 24. Weight:0, BW 66 kbps
Conversation supports 1 reservations [0x1000405]
Data given reserved service:3963 packets (642085 bytes)
Long-term average bitrate (bits/sec):64901 reserved, 0 best-effort
Policy:INSTALL. Policy source(s):Default

QOS-862
The following sample output from the show ip rsvp installed detail command shows that compression
is not predicted on the serial3/0 interface because no compression context IDs are available:
RSVP:Ethernet2/1 has no installed reservations
RSVP:Serial3/0 has the following installed reservations

Compression:(rtp compression not predicted:no contexts available)
Admitted flowspec:
Reserved bandwidth:80K bits/sec, Maximum burst:400 bytes, Peak rate:80K bits/sec
WFQ on FR PVC dlci 101 on Se3/0: PRIORITY queue 24. Weight:0, BW 80 kbps
Data given reserved service:11306 packets (2261200 bytes)
Long-term average bitrate (bits/sec):79951 reserved, 0 best-effort
Policy:INSTALL. Policy source(s):Default
Note When no compression context IDs are available, use the ip rtp compression-connections number
command to increase the pool of compression context IDs.
RSVP Aggregation Example

The following is sample output from the show ip rsvp installed command when RSVP aggregation is
configured:
Router# show ip rsvp installed
RSVP: Ethernet0/0 has no installed reservations

RSVP: Serial1/0
BPS To From Protoc DPort Sport
300K 192.168.50.1 192.168.40.1 0 46 0
RSVP: RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)
BPS To From Protoc DPort Sport
80K 192.168.5.1 192.168.2.1 TCP 222 222
80K 192.168.6.1 192.168.2.1 TCP 223 223
Table 99 show ip rsvp installed Field Descriptions
Field Description
RSVP Reservation information for a specified interface.
BPS Reserved rate in bits per second (BPS).
To IP address of the source device.
From IP address of the destination device.
Protoc Protocol code.
• Code indicates IP protocol such as TCP or User Datagram Protocol
(UDP) for end-to-end (E2E) reservations.
• Code is 0 for aggregate reservations.

QOS-863
Table 99 show ip rsvp installed Field Descriptions (continued)
Field Description
• Number indicates protocol destination port for E2E reservations.
• Number indicates differentiated services code point (DSCP) for
aggregate reservations.
• Number indicates protocol source port for E2E reservations.
• Number is 0 for aggregate reservations.
RSVP Individual E2E reservations mapped onto an aggregate. Information
includes the following:
• IP address of the aggregate source.
• IP address of the aggregate destination.
• Differentiated services code point (DSCP) value.
Detailed RSVP Aggregation Example

The following is sample output from the show ip rsvp installed detail command when RSVP
aggregation is configured and one E2E reservation that is mapped across an aggregate reservation as seen
at the aggregator exists:
RSVP: Ethernet0/0 has no installed reservations

RSVP: Serial1/0 has the following installed reservations

Protocol is 0 , Destination port is 46, Source port is 0
Traffic Control ID handle: 35000403
Created: 20:27:14 EST Thu Nov 29 2007
Admitted flowspec:
Reserved bandwidth: 300K bits/sec, Maximum burst: 300K bytes, Peak rate: 300K bits/sec
Min Policed Unit: 20 bytes, Max Pkt Size: 0 bytes
Resource provider for this flow: None
Data given reserved service: 0 packets (0 bytes)
Data given best-effort service: 0 packets (0 bytes)
Long-term average bitrate (bits/sec): 0 reserved, 0 best-effort
Policy: INSTALL. Policy source(s): Default

QOS-864
RSVP: RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46) has the following installed

reservations

Protocol is TCP, Destination port is 222, Source port is 222
Traffic Control ID handle: 0500040B
Admitted flowspec:
Reserved bandwidth: 80K bits/sec, Maximum burst: 5K bytes, Peak rate: 80K bits/sec
QBM
Conversation supports 1 reservations [0x600040A]
Data given reserved service: 0 packets (0 bytes)
Data given best-effort service: 0 packets (0 bytes)
Long-term average bitrate (bits/sec): 0 reserved, 0 best-effort
Policy: INSTALL. Policy source(s):

QOS-865
Table 100 show ip rsvp installed detailed Field Descriptions
Field Description
RSVP Reservation information for a specified interface.
RSVP Reservation Reservation information for the serial 1/0 interface that includes the
following:
• Destination IP address.
– Deaggregator for aggregate reservations.
• Source IP address.
– Aggregator for aggregate reservations.
• Protocol used.
– 0 for aggregate reservations.
– TCP/UDP or protocol for E2E reservations.
• Destination port.
– Differentiated services code (DSCP) for aggregate reservations.
– Protocol port number for E2E reservations.
• Source port.
– 0 for aggregate reservations.
– Protocol port number for E2E reservations.
• Traffic control identifier assigned by RSVP for bookkeeping
purposes.
• Creation date.
• Flowspec information that includes bandwidth, maximum burst, peak
rate, policed unit size, and maximum packet size.
• Resource provider information.
– None for aggregate reservations.
– QoS bandwidth manager (BM) for E2E reservations.
• Type of service provided—reserved and best effort (always 0 packets
in an RSVP/DiffServ node).
• Length of time traffic is classified.
– Bitrate (always 0 on an RSVP/DiffServ node)
• Policies.
RSVP Aggregate information that includes the following:
• IP address of the aggregate source.
• IP address of the aggregate destination.
• DSCP.
Note The remaining fields describe the aggregate’s E2E reservations
with values explained in preceding fields.

QOS-866

ip rtp Specifies the total number of RTP header compression connections that
compression-connections can exist on an interface.
show ip rsvp interface Displays RSVP-related information.
show queueing interface Displays interface queueing statistics for dataplane information.

QOS-867
show ip rsvp interface

To displayinformation related to Resource Reservation Protocol (RSVP), use the show ip rsvp interface
show ip rsvp interface [detail] [interface-type interface-number]
Syntax Description detail (Optional) Displays additional information about interfaces.

interface-type (Optional) Type of the interface.
interface-number (Optional) Number of the interface.

Privileged EXEC (#)

12.2(2)T The optional detail keyword was added.
12.2(4)T This command was implemented on the Cisco 7500 series and the ATM
permanent virtual circuit (PVC) interface.
12.0(22)S The command output was modified to display hello message information.
12.2(13)T The following modifications were made to this command:
• Rate-limiting and refresh-reduction information was added to the output
display.
• RSVP global settings display when no keywords or arguments are
entered.
12.2(15)T The following modifications were made to this command:
• The effects of compression on admission control and the RSVP
bandwidth limit counter were added to the display.
• Cryptographic authentication parameters were added to the display.
12.2(18)SFX2 This command was integrated into Cisco IOS Release 12.2(18)SFX2.
information.
information.
12.4(20)T The command output was modified to display the RSVP source address
configured on a specified interface.

QOS-868
Usage Guidelines Use the show ip rsvp interface command to display information about interfaces on which RSVP is
enabled, including the current allocation budget and maximum available bandwidth. Enter the optional
detail keyword for additional information, including bandwidth and signaling parameters and blockade
state.
Use the show ip rsvp interface detail command to display information about the RSVP parameters
associated with an interface. These parameters include the following:
• Total RSVP bandwidth.
• RSVP bandwidth allocated to existing flows.
• Maximum RSVP bandwidth that can be allocated to a single flow.
• The type of admission control supported (header compression methods).
• The compression methods supported by RSVP compression prediction.
• RSVP aggregation.
• The RSVP source address.
Examples This section provides sample output from typical show ip rsvp interface commands. Depending upon
the interface or platform in use and the options enabled, the output you see may vary slightly from the
ones shown below.
• RSVP Interface Information Example, page 869
• RSVP Detailed Information Example, page 870
• RSVP Compression Method Prediction Example, page 872
• RSVP Cryptographic Authentication Example, page 873
• RSVP FLR Example, page 875
• RSVP Aggregation Example, page 876
• RSVP Source Address Example, page 878
RSVP Interface Information Example

The following sample output from the show ip rsvp interface command shows information for each
interface on which RSVP is enabled:
Router# show ip rsvp interface
interface allocated i/f max flow max sub max

PO0/0 0 200M 200M 0
PO1/0 0 50M 50M 0
PO1/1 0 50M 50M 0
PO1/2 0 50M 50M 0
PO1/3 0 50M 50M 0
Lo0 0 200M 200M 0
Table 101 show ip rsvp interface Field Descriptions
Field Description
interface Interface name.
allocated Current allocation budget.

QOS-869
Table 101 show ip rsvp interface Field Descriptions (continued)
Field Description
i/f max Maximum allocatable bandwidth.
flow max Largest single flow allocatable on this interface.
sub max Largest subpool value allowed on this interface.
RSVP Detailed Information Example

The following sample output from the show ip rsvp interface detail command shows detailed RSVP
information for each interface on which RSVP is enabled:
Router# show ip rsvp interface detail
PO0/0:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):200M bits/sec
Max. allowed (per flow):200M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
PO1/0:
Bandwidth:
Signalling:
Refresh interval:30
PO1/1:
Bandwidth:
Signalling:
Refresh interval:30

QOS-870
PO1/2:
Bandwidth:
Max. allowed (per flow):50M bits/secMax. allowed for LSP tunnels using sub-pools:0
bits/sec
Signalling:
Refresh interval:30
PO1/3:
Bandwidth:
Signalling:
Refresh interval:30
Lo0:
Bandwidth:
Signalling:
Refresh interval:30

QOS-871
Table 102 describes the significant fields shown in the detailed display for PO interface 0/0. The fields
for the other interfaces are similar.
Table 102 show ip rsvp interface detail Field Descriptions—Detailed RSVP Information Example
Field Description
PO0/0 Interface name.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per
second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in
bits per second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed
per flow, in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for label switched path (LSP) tunnels, in bits per
second.
• Set aside by policy (total)—The amount of bandwidth set aside by the
local policy, in bits per second.
Signalling The RSVP signalling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point
(DSCP) used in RSVP messages.
• Number of refresh intervals to enforce blockade state—How long, in
milliseconds, before the blockade takes effect.
• Number of missed refresh messages—How many refresh messages
until the router state expires.
• Refresh interval—How long, in milliseconds, until a refresh message
is sent.
RSVP Compression Method Prediction Example

The following sample output from the show ip rsvp interface detail command shows the RSVP
compression method prediction configuration for each interface on which RSVP is configured:
Et2/1:
Bandwidth:
Admission Control:
Header Compression methods supported:
rtp (36 bytes-saved), udp (20 bytes-saved)
Neighbors:
Using IP encap:0. Using UDP encap:0
Signalling:
Refresh reduction:disabled
Authentication:disabled

QOS-872
Se3/0:
Bandwidth:
Admission Control:
Header Compression methods supported:
rtp (36 bytes-saved), udp (20 bytes-saved)
Neighbors:
Using IP encap:1. Using UDP encap:0
Signalling:
Refresh reduction:disabled
Authentication:disabled
Table 103 describes the significant fields shown in the display for Ethernet interface 2/1. The fields for
serial interface 3/0 are similar.
Table 103 show ip rsvp interface detail Field Descriptions—RSVP Compression Method Prediction
Example
Field Description
Et2/1 Interface name and number.
• Curr allocated—Amount of bandwidth currently allocated, in bits per
second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in
bits per second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed
per flow, in bits per second.
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the
local policy, in bits per second.
Admission Control The type of admission control in effect is as follows:
• Header Compression methods supported:
– Real-Time Transport Protocol (RTP) or User Data Protocol
(UDP) compression schemes and the number of bytes saved per
packet.
Neighbors The number of neighbors using IP and UDP encapsulation.
Signalling The type of signaling in effect; Refresh reduction is either enabled (active)
or disabled (inactive).
Authentication Authentication is either enabled (active) or disabled (inactive).
RSVP Cryptographic Authentication Example

The following sample output from the show ip rsvp interface detail command displays detailed
information, including the cryptographic authentication parameters, for all RSVP-configured interfaces
on the router:

QOS-873
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: 11223344
Type: sha-1
Window size: 2
Challenge: enabled
Table 104 show ip rsvp interface detail Field Descriptions—Cryptographic Authentication

Example
Field Description
• Curr allocated—Amount of bandwidth currently allocated, in bits per second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in bits per
second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed per flow,
in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the local
policy, in bits per second.
Neighbors The number of neighbors using IP and UDP encapsulation.
Signalling The type of signaling in effect; Refresh reduction is either enabled (active) or
disabled (inactive).
Authentication Authentication is either enabled (active) or disabled (inactive). The parameters
are as follows:
• Key—The key (string) for the RSVP authentication algorithm displayed in
clear text (for example, 11223344) or <encrypted>.
• Type—The algorithm to generate cryptographic signatures in RSVP messages;
possible values are md5 and sha-1.
• Window size—Maximum number of RSVP authenticated messages that can be
received out of order.
• Challenge—The challenge-response handshake performed with any new RSVP
neighbors that are discovered on a network; possible values are enabled (active)

QOS-874
RSVP FLR Example

The following sample output from the show ip rsvp interface detail command displays detailed
information for the Ethernet 1/0 interface on which FLR is enabled:
Router# show ip rsvp interface detail ethernet1/0
Et1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 9K bits/sec
Max. allowed for LSP tunnels using sub-pools (pool 1): 0 bits/sec
Set aside by policy (total): 0 bits/sec
Traffic Control:
RSVP Data Packet Classification is ON via CEF callbacks
Signalling:
DSCP value used in RSVP msgs: 0x30
Number of refresh intervals to enforce blockade state: 4
FLR Wait Time (IPv4 flows):
Repair is delayed by 500 msec.
Authentication: disabled
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
Hello Extension:
State: Disabled
Table 105 show ip rsvp interface detail Field Descriptions—FLR Example
Field Description
RSVP Enabled means active; disabled means inactive.
Interface State Up means that the interface is configured; down means that the interface is not
configured.
second.
in bits per second.
Traffic Control RSVP Data Packet Classification is ON via CEF callbacks means that RSVP is
not processing every packet; therefore, excess overhead is avoided and network
performance is improved.

QOS-875
Table 105 show ip rsvp interface detail Field Descriptions—FLR Example (continued)
Field Description
Signalling The signaling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point (DSCP)
value used in RSVP messages.
FLR Wait Time Repair is delayed by 500 msec represents the amount of time, in milliseconds,
(IPv4 flows) before the FLR procedure begins on the specified interface.
are as follows:
• Key chain—The key (string) for the RSVP authentication algorithm displayed
in clear text (for example, 11223344) or <encrypted>.
Hello Extension Enables RSVP nodes to detect when a neighboring node is not reachable. The
state is either enabled (active) or disabled (inactive).

The following sample output from the show ip rsvp interface detail command displays the aggregation
parameters for each interface on which RSVP is configured:
Se1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 300K bits/sec
Traffic Control:
RSVP Data Packet Classification is OFF
RSVP resource provider is: none
Signalling:
DSCP value used in RSVP msgs: 0x3F
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
FRR Extension:
Backup Path: Not Configured
BFD Extension:

QOS-876
State: Disabled
Interval: Not Configured
RSVP Hello Extension:
State: Disabled
Role: interior
Table 106 show ip rsvp interface detail Field Descriptions—RSVP Aggregation Example
Field Description
Se1/0 Interface name and number.
configured.
second.
in bits per second.
Traffic Control RSVP Data Packet Classification Is OFF—Disabling data packet classification
instructs RSVP not to process every packet, but to perform admission control
only.
RSVP Resource Provider is None—Setting the resource provider to none
instructs RSVP to not associate any resources, such as weighted fair queueing
(WFQ) queues or bandwidth, with a reservation.
These settings are necessary because RSVP aggregation uses RSVP Scalability
Enhancements for control plane aggregation only. Traffic control is performed by
Class-Based Weighted Fair Queuing (CBWFQ).
value used in RSVP messages IP headers.

QOS-877
Table 106 show ip rsvp interface detail Field Descriptions—RSVP Aggregation Example (continued)
Field Description
are as follows:
FRR Extension Fast Reroute backup path is configured or not configured.
BFD Extension Bidirectional Forwarding Detection; values are the following:
• State—Enabled (active) or disabled (inactive).
• Interval—Configured with a value or Not Configured.
RSVP Hello Enables RSVP nodes to detect when a neighboring node is not reachable. The
Extension state is either enabled (active) or disabled (inactive).
RFC 3175 The state of aggregation as defined in RFC 3175, Aggregation of RSVP for IPv4
Aggregation and IPv6 Reservations; values are the following:
Role
• Interior—Interface is facing an aggregation region.
• Exterior—Interface is facing a classic RSVP region.
RSVP Source Address Example

The following sample output from the show ip rsvp interface detail ethernet1/0 command displays the
source address configured for that interface:
Router# show ip rsvp interface detail ethernet1/0
Et1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Traffic Control:
RSVP Data Packet Classification is ON via CEF callbacks
Signalling:
Ip address used in RSVP objects: 10.1.3.13 <----------source address for Ethernet 0/1

QOS-878
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
Hello Extension:
State: Disabled
Table 107 show ip rsvp interface detail Field Descriptions—RSVP Source Address Example
Field Description
configured.
second.
in bits per second.
Traffic Control RSVP Data Packet Classification is ON via CEF callbacks means that RSVP is
not processing every packet; therefore, excess overhead is avoided and network
performance is improved.
value used in IP headers of RSVP messages.
• Ip address used in RSVP objects—The RSVP source address for the specified
interface.

QOS-879
Table 107 show ip rsvp interface detail Field Descriptions—RSVP Source Address Example
(continued)
Field Description
are as follows:
Hello Extension Enables RSVP nodes to detect when a neighboring node is not reachable. The
state is either enabled (active) or disabled (inactive).

information.

QOS-880
show ip rsvp interface detail

To display the interface configuration for hello, use the show ip rsvp interface detail command in user
show ip rsvp interface detail [interface]
Syntax Description interface (Optional) Name of the Interface for which you want to show the hello
configuration.
Command Default The interface configuration for hello is not displayed.

Privileged EXEC (#)

Examples The following is sample output from the show ip rsvp interface detail command:
Router# show ip rsvp interface detail GigabitEthernet 9/47
Gi9/47:
RSVP: Enabled
Interface State: Up
Bandwidth:
Max. allowed (total): 0 bits/sec
Max. allowed (per flow): 0 bits/sec
Signalling:
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
FRR Extension:
Backup Path: Configured (or "Not Configured")
BFD Extension:

QOS-881
State: Disabled
Interval: Not Configured
RSVP Hello Extension:
State: Disabled
Refresh Interval: FRR: 200 , Reroute: 2000
Missed Acks: FRR: 4 , Reroute: 4
DSCP in HELLOs: FRR: 0x30 , Reroute: 0x30
Table 108 show ip rsvp interface detail Field Descriptions
Field Description
RSVP Status of the Resource Reservation Protocol
(RSVP) protocol (Enabled or Disabled).
Interface State Status of the interface (Up or Down).
Curr allocated Amount of bandwidth (in bits per second [bps])
currently allocated.
Max. allowed (total) Total maximum amount of bandwidth (in bps)
allowed.
Max. allowed (per flow) Maximum amount of bandwidth (in bps) allowed
per flow.
Max. allowed for LSP tunnels using sub-pools Maximum amount of bandwidth permitted for
label-switched path (LSP) tunnels that obtain
their bandwidth from subpools.
DSCP value used in RSVP msgs The differentiated services code point (DSCP)
value that is in RSVP messages.
BFD Extension State State (Enabled or Disabled) of Bidirectional
Forwarding Detection (BFD) extension.
RSVP Hello Extension State State (Enabled or Disabled) of hello extension.
Missed Acks Number of sequential acknowledgments that the
node did not receive.
DSCP in HELLOs The DSCP value that is in hello messages.

Reroute protection.
ip rsvp signalling hello dscp Sets the DSCP value that is in the IP header of the hello
message sent out from an interface.
ip rsvp signalling hello refresh interval Configures the hello request interval.

QOS-882
show ip rsvp listeners

To display the Resource Reservation Protocol (RSVP) listeners for a specified port or protocol, use the
show ip rsvp listeners command in EXEC mode.
show ip rsvp listeners [dst | any] [udp | tcp | any | protocol] [dst-port | any]
Syntax Description dst | any (Optional) A particular destination or any destination for an RSVP
message.
udp | tcp | any | protocol (Optional) User Datagram Protocol (UDP), TCP, or any protocol to
be used on the receiving interface and the UDP or TCP source port
number.
Note If you select protocol, the range is 0 to 255 and the protocol
is IP.
dst-port | any (Optional) A particular destination port from 0 to 65535 or any
destination for an RSVP message.
Defaults If you enter show ip rsvp listeners command without a keyword or an argument, the command displays
all the listeners that were sent and received for each interface on which RSVP is configured.
Command Modes EXEC

Usage Guidelines Use the show ip rsvp listeners command to display the number of listeners that were sent and received
for each interface on which RSVP is configured.
Examples The following command shows the current listeners:

Router# show ip rsvp listeners
To Protocol DPort Description Action

10.0.2.1 any any RSVP Proxy reply
Table 109 show ip rsvp listeners Command Field Descriptions
Field Description
To IP address of the receiving interface.
Protocol Protocol used.

QOS-883
Table 109 show ip rsvp listeners Command Field Descriptions (continued)
Field Description
DPort Destination port on the receiving router.
Description Cisco IOS component that requested RSVP to do the listening; for example, RSVP
proxy and label-switched path (LSP) tunnel signaling.
Action Action taken when a flow arrives at its destination. The choices include:
• Announce—The arrival of the flow is announced.
• Reply—After the flow arrives at its destination, the sender receives a reply.

ip rsvp listener Configures an RSVP router to listen for Path messages.

QOS-884
show ip rsvp neighbor

To display current Resource Reservation Protocol (RSVP) neighbors, use the show ip rsvp neighbor
show ip rsvp neighbor [detail]
Syntax Description detail (Optional) Displays additional information about RSVP neighbors.

Privileged EXEC

12.2(13)T The interface-type interface-number arguments were deleted. The detail
keyword was added to the command, and rate-limiting and refresh-reduction
information was added to the output.
Usage Guidelines Use the show ip rsvp neighbor command to show the IP addresses for the current RSVP neighbors.
Enter the detail keyword to display rate-limiting and refresh-reduction parameters for the RSVP
neighbors.
Examples The following command shows the current RSVP neighbors:

Router# show ip rsvp neighbor
10.0.0.1 RSVP
10.0.0.2 RSVP
Table 110 show ip rsvp neighbor Command Field Descriptions
Field Description
10.0.0.1 IP address of neighboring router.
RSVP Type of encapsulation being used.

QOS-885
The following command shows the rate-limiting and refresh-reduction parameters for the current RSVP
neighbors:
Router# show ip rsvp neighbor detail
Neighbor:10.0.0.1
Encapsulation:RSVP
Rate-Limiting:
Dropped messages:0
Refresh Reduction:
Remote epoch:0x1BFEA5
Out of order messages:0
Retransmitted messages:0
Highest rcvd message id:1059
Last rcvd message:00:00:04
Neighbor:10.0.0.2
Encapsulation:RSVP
Rate-Limiting:
Dropped messages:0
Refresh Reduction:
Remote epoch:0xB26B1
Out of order messages:0
Retransmitted messages:0
Highest rcvd message id:945
Last rcvd message:00:00:05
Table 111 show ip rsvp neighbor detail Command Field Descriptions
Field Description
Neighbor IP address of the neighboring router.
Encapsulation Type of encapsulation being used.
Note Unknown displays if an RSVP message has been sent to an IP address,
but no RSVP message has been received from that IP address. This is
not an error condition; it simply means that the router does not yet
know what RSVP encapsulation (IP or User Data Protocol (UDP)) is
preferred and should be used to send RSVP messages.
Rate-Limiting The rate-limiting parameters in effect are as follows:
• Dropped messages = number of messages dropped by the neighbor.
Refresh Reduction The refresh-reduction parameters in effect are as follows:
• Remote epoch = the RSVP message number space identifier (ID);
randomly generated whenever the node reboots or the RSVP process
restarts.
• Out of order messages = messages that were dropped because they are out
of sequential order.
• Retransmitted messages = number of messages retransmitted to the
neighbor.
• Highest rcvd message id = highest message ID number sent by the
neighbor.
• Last rcvd message= time delta in hours, minutes, and seconds when last
message was received by the neighbor.

QOS-886


QOS-887
show ip rsvp policy
show ip rsvp policy

To display the policies currently configured, use the show ip rsvp policy command in EXEC mode.
show ip rsvp policy [cops | local [acl]]
Syntax Description cops | local (Optional) Displays either the configured Common Open Policy Service
(COPS) servers or the local policies.
acl (Optional) Displays the access control lists (ACLs) whose sessions are
governed by COPS servers or the local policies.
Command Modes EXEC

12.1(1)T This command was introduced as show ip rsvp policy cops.
12.2(13)T This command was modified to include the local keyword. This command
replaces the show ip rsvp policy cops command.
Usage Guidelines Use the show ip rsvp policy command to display current local policies, configured COPS servers,
default policies, and the preemption parameter (disabled or enabled).
Examples The following is sample output from the show ip rsvp policy command:
Router# show ip rsvp policy
Local policy:
A=Accept F=Forward
Path:-- Resv:-- PathErr:-- ResvErr:-- ACL:104

Path:-- Resv:-- PathErr:-- ResvErr:-- ACL:None [Default policy]
COPS:


QOS-888
show ip rsvp policy
Table 112 show ip rsvp policy Command Field Descriptions
Field Description
Local policy The local policy currently configured.
A = Accept the message.
F = Forward the message.
Blank (--) means messages of the specified type are neither
accepted or forwarded.
COPS The COPS servers currently in effect.
Generic policy settings Policy settings that are not specific to COPS or the local policy.
Default policy: Accept all means all RSVP messages are
accepted and forwarded. Reject all means all RSVP messages are
rejected.
Preemption: Disabled means that RSVP should not implement
any preemption decisions required by a particular local or remote
policy. Enabled means that RSVP should implement any
preemption decisions required by a particular local or remote
policy.

ip rsvp signalling Creates a local procedure that determines the use of RSVP resources in
initial-retransmit-delay a network.

QOS-889
show ip rsvp policy cops
show ip rsvp policy cops

The show ip rsvp policy cops command is replaced by the show ip rsvp policy command. See the show
ip rsvp policy command for more information.

QOS-890
show ip rsvp policy identity

To display selected Resource Reservation Protocol (RSVP) identities in a router configuration, use the
show ip rsvp policy identity command in user EXEC or privileged EXEC mode.
show ip rsvp policy identity [regular-expression]
Syntax Description regular-expression (Optional) String of text that allows pattern matching on the alias strings of
the RSVP identities to be displayed.
Command Default All configured RSVP identities are displayed.

Privileged EXEC

Usage Guidelines Use the show ip rsvp policy identity command with the optional regular-expression argument to
perform pattern matching on the alias strings of the RSVP identities to be displayed. Use this filtering
capability to search for a small subset of RSVP identities in a configuration with a large number of
identities.
Omit the regular-expression argument to display all the configured identities.
Examples In the following example from the show ip rsvp policy identity command, all the configured identities
are displayed:
Router# show ip rsvp policy identity
Alias: voice1
Type: Application ID
Alias: voice10
Alias: voice100
Alias: voice1000

QOS-891
Table 113 show ip rsvp policy identity Field Descriptions
Field Description
Alias Name of the alias string. The string can have as many as 64 printable characters
(in the range 0x20 to 0x7E).
The string has no maximum length and must contain printable characters (in
the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the string itself, you must
type the CTRL/V key sequence before entering the embedded “ ” or ?
characters. The alias is never transmitted to other routers.
Type Types of identities. RSVP defines two types: application IDs and user IDs.
Cisco IOS software currently supports application IDs only.
Locator Information used by a router to find the correct policy to apply to RSVP
messages that contain application IDs.
In the following example from the show ip rsvp policy identity command, all the identities whose
aliases contain voice100 display:
Router# show ip rsvp policy identity voice100
Alias: voice100
Alias: voice1000
In the following example from the show ip rsvp policy identity command, all the identities whose
aliases contain an exact match on voice100 are displayed:
Router# show ip rsvp policy identity ^voice100$
Alias: voice100

ip rsvp listener Configures an RSVP router to listen for PATH messages.
ip rsvp policy identity Defines RSVP application IDs.

QOS-892
show ip rsvp policy local

To display the local policies that are currently configured, use the show ip rsvp policy local command
in user EXEC or privileged EXEC mode.
show ip rsvp policy local [detail] [interface type number] [acl acl | dscp-ip value | default |
identity alias | origin-as as]
Syntax Description detail (Optional) Displays additional information about the configured local
policies including preempt-priority and local-override.
interface type number (Optional) Specifies an interface.
acl acl (Optional) Specifies an access control list (ACL). Values are 1 to 199.
dscp-ip value (Optional) Specifies a differentiated services code point (DSCP) for
aggregate reservations. Values can be the following:
default (Optional) Displays information about the default policy.
identity alias (Optional) Specifies an application identity (ID) alias.
origin-as as (Optional) Specifies an autonomous system. Values are 1 to 65535.

Privileged EXEC (#)

12.0(29)S The origin-as as keyword and argument combination was added, and the
acl argument became optional.
12.4(6)T The identity alias and the interface type number keyword and argument
combinations were added, and the output was modified to include
application ID information.
12.2(33)SRC The dscp-ip value keyword and argument combination was added, and the
output was modified to include RSVP aggregation information.

QOS-893
Usage Guidelines Use the show ip rsvp policy local command to display information about the selected local policies that
are currently configured. You can use the default keyword and/or the interface type number keyword
and argument combination with one or more of the match criteria.
If you omit the acl acl, the origin-as as, the identity alias, or the dscp-ip value keyword and argument
combinations, all local policies currently configured appear.
If you use the ACL, the autonomous system, the application-ID, or the DSCP options as match criteria,
you can specify only one. However, that parameter can be any ACL, autonomous system, application ID,
or DSCP of any local policy that you have created. If you have multiple local policies with a common
match criteria, using that parameter displays all local policies that meet the match criteria. On the other
hand, if you have created local policies each with multiple ACLs, autonomous systems, application IDs,
or DSCPs as the match criteria, you cannot use that parameter to show only a specific policy. You must
omit the match criteria and show all the local policies.
Examples Application IDs Local Policy Example

The following sample output from the show ip rsvp policy local command displays global and
per-interface local policies based on RSVP identities (application IDs) that have been configured:
Router# show ip rsvp policy local
A=Accept F=Forward
Global:
Path:AF Resv:AF PathErr:AF ResvErr:AF ACL(s):101
Path:AF Resv:AF PathErr:AF ResvErr:AF AS(es):3
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:voice
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:video
Serial2/0/0:
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:voice
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:video
Serial2/0/1:
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:conference
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:iptv
Path:-- Resv:-- PathErr:-- ResvErr:-- Default

Table 114 show ip rsvp policy local Field Descriptions
Field Description
A=Accept State of RSVP messages.
F=Forward • Accept—Messages being accepted.
• Forward—Messages being forwarded.
Global Location of the local policy. Global—Local policy configured
for the entire router.

QOS-894
Table 114 show ip rsvp policy local Field Descriptions (continued)
Field Description
Path, Resv, PathErr, ResvErr, Types of RSVP messages being accepted and forwarded and the
ACL(s), AS(es), ID, Default match criteria for the local policies configured. Blank (--)
means that messages of the specified type are neither accepted
nor forwarded.
Interface Location of the local policy. Serial2/0/0—Local policy
configured for a specific interface on the router.
Path, Resv, PathErr, ResvErr, Types of RSVP messages being accepted and forwarded and the
ACL(s), AS(es), ID types of local policies configured. Blank (--) means that
messages of the specified type are neither accepted nor
forwarded.
Generic policy settings Policy settings that are not specific to any local or remote
policy.
• Default policy: Accept all means that all RSVP messages
are accepted and forwarded. Reject all means that all RSVP
• Preemption: Disabled means that RSVP should not
implement any preemption decisions required by a
particular local or remote policy. Enabled means that RSVP
should implement any preemption decisions required by a
particular local or remote policy.
DSCP-IP Local Policy Example

The following sample output from the show ip rsvp policy local command displays a global local policy
based on a DSCP EF that has been configured:
Router# show ip rsvp policy local dscp-ip ef
A=Accept F=Forward
Global:
Path:AF Resv:AF PathErr:AF ResvErr:AF DSCP(s): ef

Preemption: Enabled
See Table 115 for a description of the preceding fields.
show ip rsvp policy local detail Example

The following sample output from the show ip rsvp policy local detail command shows the location of
the local policy (such as whether the policy is configured globally or for a specific interface, and the
settings for preemption scope and maximum bandwidth. Preemption priorities and sender and receiver
limits also appear even if they are set to their defaults.
Router# show ip rsvp policy local detail
Global:
Policy for ID: voice
Preemption Scope: Unrestricted.

Local Override: Disabled.

QOS-895
Fast ReRoute: Accept.

Handle: 02000409.
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes
Setup Priority Hold Priority

TE: N/A N/A
Non-TE: N/A N/A
Current Limit
Senders: 0 40
Receivers: 0 N/A
Conversations: 0 N/A
Group bandwidth (bps): 0 200K
Per-flow b/w (bps): N/A 10M
Policy for ID: video

Handle: 0200040A.
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes

TE: 2 2
Non-TE: 5 4
Current Limit
Senders: 2 10
Receivers: 2 10
Conversations: 2 10
Group bandwidth (bps): 100K 200K
Ethernet2/1:
Policy for ID: voice

Handle: 0200040B.
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes

TE: 2 2
Non-TE: 5 4

QOS-896
Current Limit
Senders: 2 10
Receivers: 2 10
Conversations: 2 10
Group bandwidth (bps): 100K 200K

Table 115 show ip rsvp policy local detail Field Descriptions
Field Description
Global Location of the local policy. Global—Local policy configured
for the entire router.
Policy for ID A global local policy defined for an application ID alias named
voice.
Preemption Scope Describes which classes of RSVP quality of service (QoS)
reservations can be preempted by other classes of RSVP QoS
reservations on the same interface.
Unrestricted means that a reservation using an application ID
such as voice can preempt any other class of reservation on the
same interface as that reservation, even other nonvoice
reservations.
Local Override Overrides any remote policy by enforcing the local policy in
effect.
• Disabled—Not active.
Fast ReRoute State of Fast ReRoute for Multiprotocol Label Switching
(MPLS)/Traffic Engineering (TE) label switched paths (LSPs).
• Accept—Messages being accepted.
• Do not accept—Messages requesting Fast Reroute service
are not being accepted.
Handle Internal database ID assigned to the security association by RSVP
for bookkeeping purposes.
Accept, Forward State of RSVP messages.
Path, Resv, PathError, ResvError Types of RSVP messages being accepted and forwarded.
• Yes—Messages are being accepted and forwarded.
• No—Messages are not being accepted or forwarded.
Setup Priority, Hold Priority Preemption priorities. Setup Priority indicates the priority of a
reservation when it is initially installed. Hold Priority indicates
the priority of a reservation after it has been installed.
N/A means preemption priorities are not configured.

QOS-897
Table 115 show ip rsvp policy local detail Field Descriptions (continued)
Field Description
TE The preemption priority of TE reservations. Values for Setup
Priority and Hold Priority range from 0 to 7 where 0 is
considered the highest priority.
Non-TE The preemption priority of non-TE reservations. Values for
Setup Priority and Hold Priority range from 0 to 65535 where
65535 is considered the highest priority.
Current, Limit The present number and the highest number of these parameters
allowed.
Senders The number of current PATH states accepted and/or approved
by this policy.
Receivers The number of current RESV states accepted by this policy.
Conversations The number of active bandwidth requests approved by the local
policy.
Group bandwidth (bps) Amount of bandwidth configured for a class of reservations in
bits per second (bps).
Per-flow b/w (bps) Amount of bandwidth configured for each reservation in bits
per second (bps).
Ethernet2/1 Local policy configured for a specific interface on the router.
Generic policy settings Policy settings that are not specific to the local policy.
• Default policy: Accept all means that all RSVP messages
are accepted and forwarded. Reject all means that all RSVP
• Preemption: Disabled means that RSVP should not
implement any preemption decisions required by a
particular local or remote policy. Enabled means that RSVP
should implement any preemption decisions required by a
particular local or remote policy.


QOS-898
w ip rsvp request
w ip rsvp request
To display Resource Reservation Protocol (RSVP)-related request information currently in the database,
use the show ip rsvp request command in user EXEC or privileged EXEC mode.
show ip rsvp request [detail] [filter [destination ip-address | hostname] [dst-port port-number]
[source ip-address | hostname] [src-port port-number]]
Syntax Description detail (Optional) Specifies additional receiver information.

filter (Optional) Specifies a subset of the receivers to display.
destination ip-address (Optional) Specifies the destination IP address of the receiver.
hostname (Optional) Hostname of the receiver.
dst-port port-number (Optional) Specifies the destination port number. Valid destination port
numbers can be in the range of 0 to 65535.
source ip-address (Optional) Specifies the source IP address of the receiver.
src-port port-number (Optional) Specifies the source port number. Valid source port numbers can
be in the range of 0 to 65535.

Privileged EXEC (#)

12.2 This command was integrated into Cisco IOS Release 12.2. The detail
keyword was added to display additional request information.
12.0(22)S This command was integrated into Cisco IOS Release 12.0(22)S. This
command was enhanced to show Fast Reroute information when a link-state
packet (LSP) is actively using a backup tunnel that terminates at this node
(that is, when a node is the merge point [MP].) The command is supported
on the Cisco 10000 series Edge Services Router (ESR).
information.
Usage Guidelines Use the show ip rsvp request command to display the RSVP reservations currently being requested
upstream for a specified interface or all interfaces. The received reservations may differ from requests
because of aggregated or refused reservations. If desired, information for only a single tunnel or a subset
of tunnels can be displayed.

QOS-899
w ip rsvp request
Limiting the Display

When hundreds or thousands of tunnels exist and you are interested in only a few, you can display the
output for only a single tunnel or a subset of tunnels. To request a limited display, enter the show ip rsvp
request command with the appropriate keyword (called an output filter): destination, dst-port, source,
and src-port. You can enter any or all of the output filters, and you can enter them whether or not you
specify the detail keyword.
Examples RSVP Aggregation Example 1

The following is sample output from the show ip rsvp request command when RSVP aggregation is
configured:
Router# show ip rsvp request

192.168.5.1 192.168.2.1 TCP 222 222 192.168.40.1 Se1/0 FF RATE 80K
192.168.50.1 192.168.40.1 0 46 0 10.10.10.4 Se1/0 FF LOAD 300K
Table 116 show ip rsvp request Field Descriptions
Field Description
To IP address of the end-to-end (E2E) receiver or deaggregator.
From IP address of the E2E sender or aggregator.
Pro Protocol code.
• TCP indicates Transmission Control Protocol.
• Code 0 indicates an aggregate reservation.
• DSCP for aggregate reservations.
• 0 for aggregate reservations.
Next Hop IP address of the next hop.
• Aggregator for E2E reservations mapped onto aggregates.
• Next hop RSVP node for aggregate or E2E reservations onto an
interface.
I/F Interface of the next hop.
Fi Filter (Wildcard Filter, Shared Explicit, or Fixed Filter).
Serv Service (value can be rate or load).
BPS The rate, in bits per second, in the RSVP reservation request for a
reservation.
Note In the example, the top one is the E2E reservation signaled at 80 bps
and the corresponding aggregate request at 300 bps.

QOS-900
w ip rsvp request
RSVP Aggregation Example 2

The following is sample output from the show ip rsvp request detail command when RSVP aggregation
is configured:
Router# show ip rsvp request detail

Prev Hop: 192.168.40.1 on Serial1/0
Reservation Style is Fixed-Filter, QoS Service is Guaranteed-Rate
Average Bitrate is 80K bits/sec, Maximum Burst is 5K bytes
Request ID handle: 0100040E.
Policy: Forwarding. Policy source(s): Default
Priorities - preempt: 0, defend: 0
PSB Handle List [1 elements]: [0x19000407]
RSB Handle List [1 elements]: [0x17000409]
3175 Aggregation: RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)

Prev Hop: 10.10.10.4 on Serial1/0
Reservation Style is Fixed-Filter, QoS Service is Controlled-Load
Request ID handle: 0100040B.
PSB Handle List [1 elements]: [0x9000408]
RSB Handle List [1 elements]: [0x100040A]
Table 117 show ip rsvp request detail Field Descriptions
Field Description
RSVP Reservation Destination—Receiver’s IP address of the E2E RESV message.
Source—Sender’s IP address of the E2E RESV message.
Protocol Protocol—IP protocol used; TCP—Transmission Control Protocol.
Destination port Receiver’s port number.
Source port Sender’s port number.
Previous Hop IP address of the previous hop on the specified interface.
Note This is the aggregator’s IP address in the case of an E2E reservation
mapped onto an aggregate as seen at the deaggregator.
Reservation Style Multi-reservations sharing of bandwidth; values include Fixed-Filter,
Shared-Explicit, and Wildcard-Filter.
QoS Service Type of quality of service (QoS) configured; values include
Guaranteed-Rate and Controlled-Load.
Average Bitrate Average rate requested, in bits per second, for the data.
Maximum Burst Largest amount of data allowed in kilobytes.

QOS-901
w ip rsvp request
Table 117 show ip rsvp request detail Field Descriptions (continued)
Field Description
Request ID handle Internal database ID assigned to the request by RSVP for bookkeeping
purposes.
Policy Policy status: Forwarding—RSVP RESV messages are being accepted and
forwarded.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Priorities RSVP preemption and hold priorities of the reservation; default is 0.
PSB Handle List Path state block (PSB) internal database identifier assigned by RSVP for
bookkeeping purposes.
RSB Handle List Reservation state block (RSB) internal database identifier assigned by
RSVP for bookkeeping purposes.
3175 Aggregation RSVP aggregation as defined in RFC 3175, Aggregation of RSVP for IPv4
and IPv6 Reservations.
Note This E2E reservation is mapped onto an RSVP aggregate reservation
with an aggregator (source) IP address of 192.168.40.1, a
destination (deaggregator) IP address of 192.168.50.1, and a DSCP
value of expedited forwarding (EF).
MP Example
The following is sample output from the show ip rsvp request detail command when the command is
entered on the midpoint (MP) before and after a failure.
Figure 5 illustrates the network topology for the RSVP configuration example.
Figure 5 Network Topology for the RSVP Configuration Example
Tunnel 2
Next-next hop
(NNHOP)
backup tunnel
POS1/1 10.0.0.0 10.0.0.1 POS0/1

LO0:10.2.2.0 PLR Merge point LO0:10.2.2.1
POS0/0 POS1/0 POS1/2 POS1/0 POS1/1 POS0/0
10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 10.1.1.6
Head Midpoint Midpoint Tail
155590
= Primary tunnel before failure

= Section of primary tunnel after failure

QOS-902
w ip rsvp request
Example 1: The command is entered on the MP before a failure.

RSVP Reservation. Tun Dest: 10.2.2.1 Tun Sender: 10.2.2.0,

Next Hop is 10.1.1.5 on POS0/1
Label is 0
Reservation Style is Shared-Explicit, QoS Service is Controlled-Load
Average Bitrate is 0G bits/sec, Maximum Burst is 1K bytes
RRO:
Empty
Example 2: The command is entered on the MP after a failure.


Label is 0
RRO:
Empty
FRR is in progress (we are Merge Point)

Label is 0
RRO:
Empty
FRR is in progress (we are Merge Point)
Notice that after the failure, there are two entries for the rerouted LSP.
The first entry continues to show the prefailure information (that is, RESV messages are being sent to
10.1.1.5 on POS0/1). This state is for the RESV being sent upstream before the failure, in response to
path messages sent before the failure. This state may time out quickly, or it may continue to be refreshed
for a few minutes if, for example, an upstream node is unaware of the failure.
The second entry shows the post-failure information (that is, RESV messages are being sent to 10.0.0.0
on POS0/1). This state is for the RESV messages being sent upstream after the failure (to the point of
local repair [PLR]), and will remain and be refreshed as long as the LSP is rerouted.
In example 2, the MP is also the tail of the LSP. There is no record route object (RRO) information
because there are no nodes downstream.

show ip rsvp reservation Displays RSVP PATH-related receiver information currently in
the database.
show ip rsvp sender Displays RSVP RESV-related receiver information currently in
the database.

QOS-903
show ip rsvp reservation

To display Resource Reservation Protocol (RSVP)-related receiver information currently in the
database, use the show ip rsvp reservation command in user EXEC or privileged EXEC mode.
show ip rsvp reservation [ip-address | hostname] [detail]
show ip rsvp reservation [detail] [filter [destination ip-address | hostname]

[dst-port port-number] [source ip-address | hostname] [src-port port-number]]
Syntax Description ip-address (Optional) Destination IP address.

detail (Optional) Specifies additional receiver information.
filter (Optional) Specifies a subset of the receivers to display.
destination ip-address (Optional) Specifies the destination IP address of the receiver.
dst-port port-number (Optional) Specifies the destination port number. The destination port
number range is from 0 to 65535.
source ip-address (Optional) Specifies the source IP address of the receiver.
src-port port-number (Optional) Specifies the source port number. The source port number range
is from 0 to 65535.

Privileged EXEC (#)

12.2 This command was integrated into Cisco IOS Release 12.2. The detail
keyword was added to display additional reservation information.
12.0(22)S This command was integrated into Cisco IOS Release 12.0(22)S. The
command displays Fast Reroute information when a link-state packet (LSP)
is actively using a backup tunnel at this node (that is, when a node is the
Point of Local Repair [PLR]). If desired, information for only a single tunnel
or a subset of tunnels can be displayed. The command is supported on the
Cisco 10000 series Edge Services Router (ESR).
12.4(4)T This command was integrated into Cisco IOS Release 12.4(4)T, and its
output was modified to display application ID information.

QOS-904
12.2(33)SRC The command output was modified to display tunnel-based admission
control (TBAC) and RSVP aggregation information.
Usage Guidelines Use the show ip rsvp reservation command to display the current receiver (RESV) information in the
database for a specified interface or all interfaces. This information includes reservations aggregated and
forwarded from other RSVP routers.

When hundreds or thousands of tunnels exist and you are interested in only a few, you can display the
output for only a single tunnel or a subset of tunnels. To request a limited display, enter the show ip rsvp
reservation command with the appropriate keyword (called an output filter): destination, dst-port,
source, and src-port. You can enter any or all of the output filters, and you can enter them whether or
not you specify the detail keyword.
Examples show ip rsvp reservation Example

The following is sample output from the show ip rsvp reservation command:
Router# show ip rsvp reservation
To From Pro DPort Sport Next Hop I/F Fi Serv

172.16.1.49 172.16.4.53 1 0 0 172.16.1.49 Se1 FF LOAD
Table 118 show ip rsvp reservation Field Descriptions
Field Descriptions
Pro Protocol code. UDP = User Data Protocol.
I/F Interface of the next hop.
Fi Filter (Wildcard Filter, Shared-Explicit, or Fixed-Filter).
Serv Service (value can be RATE or LOAD).
Application ID Example
The following is sample output from the show ip rsvp reservation detail command with application ID
information:
Router# show ip rsvp reservation detail


QOS-905
Next Hop is 192.168.106.2, Interface is ATM1/0.1

Resv ID handle: 0A00040B.
Created: 12:18:32 UTC Sat Dec 4 2004
Status:
Application ID: 'GUID=www.cisco.com, VER=1.1.1.2, APP=voice, SAPP=h323'
'/usr/local/bin/CallManager'
Table 119 show ip rsvp reservation detail—Application ID Field Descriptions
Field Descriptions
RSVP Reservation Destination—Receiver’s IP address of the RESV message.
Source—Sender’s IP address of the RESV message.
Protocol Protocol—IP protocol used; UDP—User Data Protocol.
Interface Interface type of the next hop.
Reservation Style Multireservations sharing of bandwidth; values include Fixed-Filter,
QoS Service Type of qulaity of service (QoS) configured; values include
Guaranteed-Rate and Controlled Load.
Resv ID handle Internal database ID assigned to the RESV message by RSVP for bookkeeping
purposes.
Created Time and date when the reservation was created.
Average Bitrate Average rate, in bits per second, for the data.
Min Policed Unit Size of the smallest packet generated by the application in bytes, including
the application data and all protocol headers at or above the IP level.
Max Pkt Size Largest packet allowed in bytes.
Status Status of the local policy; values are Proxied and Proxy-terminated.
Note A blank status field means you issued the command on a midpoint
for that reservation.
forwarded.

QOS-906
Table 119 show ip rsvp reservation detail—Application ID Field Descriptions (continued)
Field Descriptions
Priorities Preemption priorities in effect.
• preempt: the startup priority; values are 0 to 7 for traffic engineering
(TE) reservations with 0 being the highest. Values are 0 to 65535 for
non-TE reservations with 0 being the lowest.
• defend: the hold priority; values are the same as preempt.
Application ID A quotable string that identifies the sender application and can be used to
match on local policies. The string includes the policy locator in the X.500
Distinguished Name format and the application or filename of the sender
application.
TBAC Example
The following is sample output from the show ip rsvp reservation detail command when TBAC is
configured:

Next Hop: 10.4.0.1 on Tunnel1, out of band
Resv ID handle: 0100040D.
Created: 11:59:53 IST Tue Mar 20 2007
Status:
Table 120 show ip rsvp reservation detail—TBAC Field Descriptions
Field Descriptions
Protocol Protocol—IP protocol used; UDP—User Data Protocol.
Next Hop IP address of the next hop on tunnel interface with out-of-band signaling.
QoS Service Type of QoS configured; values include Guaranteed-Rate and Controlled
Load.
purposes.
Average Bitrate Average rate, in bits per second, for the data.

QOS-907
Table 120 show ip rsvp reservation detail—TBAC Field Descriptions (continued)
Field Descriptions
Status Status of the local policy; values are Proxied and Proxy-terminated.
forwarded.

The following is sample output from the show ip rsvp reservation detail command when RSVP
aggregation is configured:

Next Hop: 192.168.50.1 on Serial1/0
Resv ID handle: 0600040A.
DiffServ Integration: DSCPs: 46
Status:
3175 Aggregation: RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)

Next Hop: 10.30.1.1 on Serial1/0
Reservation Style is Fixed-Filter, QoS Service is Controlled-Load
Resv ID handle: 03000408.
Status:

QOS-908
Table 121 show ip rsvp reservation detail—RSVP Aggregation Field Descriptions
Field Descriptions
• Deaggregator for aggregate reservations.
• Aggregator for aggregate reservations.
Protocol Protocol—IP protocol used; TCP—Transmission Control Protocol.
Next Hop IP address of the next hop on a specified interface.
• Deaggregator IP address for E2E reservations mapped onto an
aggregate as seen at the aggregator.
• None for aggregate reservations as seen at the deaggregator.
QoS Service Type of QoS Service configured; values include Guaranteed-Rate and
Controlled Load.
purposes.
Average Bitrate Average rate requested, in bits per second, for the data.
• Always 0 or 20 on a node configured for RSVP aggregation.
• Always 0 on a node configured for RSVP aggregation.
Status Status of the local policy; policy source and preemption values.
Note Preemption values are shown only if RSVP preemption is enabled on

the router.
forwarded.

QOS-909
Table 121 show ip rsvp reservation detail—RSVP Aggregation Field Descriptions (continued)
Field Descriptions
Policy source(s) Type of local policy in effect; values include default, local, and
Multiprotocol Label Switching (MPLS)/Traffic Engineering (TE).
3175 Aggregation: Aggregated reservation on which this E2E reservation is mapped with
agg_info source (aggregator) and destination (deaggregator) endpoints, IP addresses,
and aggregate reservation DSCP.
PLR Examples
The following is sample output from the show ip rsvp reservation detail command when the command
is entered on the PLR before and after a failure.
Tunnel 2
NNHOP
backup tunnel
POS1/1 10.0.0.2 10.0.0.1 POS0/1

LO0:10.2.2.0 PLP MP LO0:10.2.2.1
10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 10.1.1.6
59568
Example 1: The command is entered on the PLR before a failure.


Label is 18
RRO:
10.1.1.5/32, Flags:0x0 (No Local Protection)
Label record: Flags 0x1, ctype 1, incoming label 18
Example 2: The command is entered on the PLR after a failure.


FRR is in progress: (we are PLR)

QOS-910
Bkup Next Hop is 10.0.0.1 on POS1/1

Label is 0
Orig Next Hop was 10.1.1.4 on POS1/2
Label was 18
RRO:
Notice the following (see italicized text) in Examples 1 and 2:

• At the PLR, you see “Fast Reroute (FRR) is in progress (we are PLR)” when an LSP has been
rerouted (that is, it is actively using a backup tunnel).
• RESV messages arrive on a different interface and from a different next hop after a failure. The
prefailure display shows the original NHOP and arriving interface; the post-failure display shows
both the original and the new (Bkup) NHOP and arriving interface. The label is also shown.
• The Record Route Object (RRO) in arriving RESV messages changes after the failure, given that the
RESV messages will avoid the failure (that is, it will traverse different links or hops).

clear ip rsvp hello instance counters Clears (refreshes) the values for Hello instance counters.
ip rsvp reservation Enables a router to simulate RSVP RESV message
reception from the sender.
show ip rsvp sender Displays RSVP RESV-related receiver information
currently in the database.

QOS-911
show ip rsvp sbm
show ip rsvp sbm

To display information about a Subnetwork Bandwidth Manager (SBM) configured for a specific
Resource Reservation Protocol (RSVP)-enabled interface or for all RSVP-enabled interfaces on the
router, use the show ip rsvp sbm command in EXEC mode.
show ip rsvp sbm [detail] [interface-type interface-number]
Syntax Description detail (Optional) Detailed SBM configuration information, including values for
the NonResvSendLimit object.
interface-type (Optional) Interface name and interface type for which you want to display
interface-number SBM configuration information.
Command Modes EXEC

12.1(1)T The detail keyword was added.
Usage Guidelines To obtain SBM configuration information about a specific interface configured to use RSVP, specify the
interface name with the show ip rsvp sbm command. To obtain information about all interfaces enabled
for RSVP on the router, use the show ip rsvp sbm command without specifying an interface name.
To view the values for the NonResvSendLimit object, use the detail keyword.
Examples The following example displays information for the RSVP-enabled Ethernet interfaces 1 and 2 on
router1:
Router# show ip rsvp sbm
Interface DSBM Addr DSBM Priority DSBM Candidate My Priority

Et1 10.0.0.0 70 yes 70
Et2 10.2.2.150 100 yes 100
The following example displays information about the RSVP-enabled Ethernet interface e2 on router1:
Router# show ip rsvp sbm e2
Interface DSBM Addr DSBM Priority DSBM candidate My Priority

e2 10.2.2.150 100 yes 100

QOS-912
show ip rsvp sbm
Table 122 show ip rsvp sbm Field Descriptions
Field Description
Interface Name of the Designated Subnetwork Bandwidth Manager (DSBM)
candidate interface on the router.
DSBM Addr IP address of the DSBM.
DSBM Priority Priority of the DSBM.
DSBM Candidate Yes if the ip rsvp dsbm candidate command was issued for this
SBM to configure it as a DSBM candidate. No if it was not so
configured.
My Priority Priority configured for this interface.
The following example displays information about the RSVP-enabled Ethernet interface 2 on router1.
In the left column, the local SBM configuration is shown; in the right column, the corresponding
information for the current DSBM is shown. In this example, the information is the same because the
DSBM won election.
Router# show ip rsvp sbm detail
Interface:Ethernet2
Local Configuration Current DSBM
IP Address:10.2.2.150 IP Address:10.2.2.150
DSBM candidate:yes I Am DSBM:yes
Priority:100 Priority:100
Non Resv Send Limit Non Resv Send Limit
Rate:500 Kbytes/sec Rate:500 Kbytes/sec
Burst:1000 Kbytes Burst:1000 Kbytes
Peak:500 Kbytes/sec Peak:500 Kbytes/sec
Min Unit:unlimited Min Unit:unlimited
Max Unit:unlimited Max Unit:unlimited
Table 123 show ip rsvp sbm detail Field Descriptions
Field Description
Local Configuration The local DSBM candidate configuration.
Current DSBM The current DSBM configuration.
Interface Name of the DSBM candidate interface on the router.
IP Address IP address of the local DSBM candidate or the current DSBM.
DSBM candidate Yes if the ip rsvp dsbm candidate command was issued for this
SBM to configure it as a DSBM candidate. No if it was not so
configured.
I am DSBM Yes if the local candidate is the DSBM. No if the local candidate is
not the DSBM.
Priority Priority configured for the local DSBM candidate or the current
SBM.
Rate The average rate, in kbps, for the DSBM candidate.

QOS-913
show ip rsvp sbm
Table 123 show ip rsvp sbm detail Field Descriptions (continued)
Field Description
Burst The maximum burst size, in KB, for the DSBM candidate.
Peak The peak rate, in kbps, for the DSBM candidate.
Min Unit The minimum policed unit, in bytes, for the DSBM candidate.
Max Unit The maximum packet size, in bytes, for the DSBM candidate.

debug ip rsvp Displays information about SBM message processing, the DSBM
election process, and standard RSVP enabled message processing
information.
debug ip rsvp detail Displays detailed information about RSVP and SBM.
debug ip rsvp detail sbm Displays detailed information about SBM messages only, and
SBM and DSBM state transitions.
ip rsvp dsbm candidate Configures an interface as a DSBM candidate.
ip rsvp dsbm Configures the NonResvSendLimit object parameters.
non-resv-send-limit

QOS-914
show ip rsvp sender
show ip rsvp sender

To display Resource Reservation Protocol (RSVP) PATH-related sender information currently in the
database, use the show ip rsvp sender command in user EXEC or privileged EXEC mode.
show ip rsvp sender [ip-address | hostname] [detail]
show ip rsvp sender [detail] [filter [destination ip-address | hostname]

[dst-port port-number] [source ip-address | hostname] [src-port port-number]]
Syntax Description ip-address (Optional) Destination IP address.

hostname (Optional) Hostname of the sender.
detail (Optional) Specifies additional sender information.
filter (Optional) Specifies a subset of the senders to display.
destination ip-address (Optional) Specifies the destination IP address of the sender.
dst-port port-number (Optional) Specifies the destination port number. The range is from 0 to
65535.
source ip-address (Optional) Specifies the source IP address of the sender.
src-port port-number (Optional) Specifies the source port number. The range is from 0 to 65535.

Privileged EXEC (#)

12.0(22)S The command output was modified to display Fast Reroute information, and
support was introduced for the Cisco 10000 series Edge Services Router
(ESR).
12.4(4)T The command output was modified to display application ID information.
information.
12.2(33)SRC The command output was modified to display tunnel-based admission
control (TBAC) and RSVP aggregation information.

QOS-915
show ip rsvp sender
Usage Guidelines Use the show ip rsvp sender command to display the RSVP sender (PATH) information currently in the
database for a specified interface or for all interfaces.
The show ip rsvp sender command is very useful for determining the state of RSVP signaling both
before and after a label-switched packet (LSP) has been fast rerouted. The show ip rsvp sender
command is especially useful when used at the point of local repair (PLR) or at the merge point (MP).

When hundreds or thousands of tunnels exist and you are interested in only a few, you can display output
for only a single tunnel or a subset of tunnels. To request a limited display, enter the show ip rsvp sender
command with the appropriate keyword (called an output filter): destination, dst-port, source, and
src-port. You can enter any or all of the output filters, and you can enter them whether or not you specify
the detail keyword.
Fast Local Repair (FLR) Statistics

Use the show ip rsvp sender detail command to display FLR statistics before, during, and after an FLR
procedure. This command shows when a path state block (PSB) was repaired and can be used to
determine when the cleanup began after the FLR procedure has finished. However, this command does
not display old PLR or MP segments.
Examples show ip rsvp sender Example

The following is sample output from the show ip rsvp sender command:
Router# show ip rsvp sender

172.16.1.49 172.16.4.53 1 0 0 172.16.3.53 Et1 80K
172.16.2.51 172.16.5.54 1 0 0 172.16.3.54 Et1 80K
192.168.50.1 192.168.40.1 0 46 0 none none 17179868160
Table 124 show ip rsvp sender Field Descriptions
Field Description
Pro Protocol code.
• Code 1 indicates an IP protocol such as TCP or UDP.
• Code 0 indicates an aggregate reservation.
• The DSCP for an aggregate reservation.
• 0 for an aggregate reservation.
Prev Hop IP address of the previous hop.
• None if the node is an aggregator for this reservation.

QOS-916
show ip rsvp sender
Table 124 show ip rsvp sender Field Descriptions (continued)
Field Description
• None if the node is an aggregator for this reservation.
BPS As specified in the sender_tspec characteristics of the sender data
flow—specified bit rate, in bits per second.
• Always 17179868160 for an aggregate reservation.
Application ID Example
The following is sample output from the show ip rsvp sender detail command with application IDs
configured:
Router# show ip rsvp sender detail
PATH Session address: 192.168.104.3, port: 4444. Protocol: UDP

Sender address: 192.168.104.1, port: 4444
Inbound from: 192.168.104.1 on interface:
Incoming policy: Accepted. Policy source(s): Default
Application ID: 'GUID=www.cisco.com, VER=10.1.1.2, APP=voice, SAPP=h323'
'/usr/local/bin/CallManager'
Status: Proxied
Output on ATM1/0.1. Policy status: Forwarding. Handle: 04000409
Policy source(s): Default
Table 125 show ip rsvp sender detail Field Descriptions
Field Descriptions
PATH Session address Destination IP address of the PATH message.
• port—Number of the destination port.
• Protocol—IP protocol used.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Inbound from IP address of the sender and the interface name.
Note A blank interface field means that the PATH message originated at
the router on which the show command is being executed (the
headend router). A specified interface means that the PATH message
originated at an upstream router.

QOS-917
show ip rsvp sender
Table 125 show ip rsvp sender detail Field Descriptions (continued)
Field Descriptions
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Priorities Preemption priorities in effect:
• preempt—The startup priority; values are 0 to 7 for traffic engineering
(TE) reservations with 0 being the highest. Values are 0 to 65535 for
non-TE reservations with 0 being the lowest.
• defend—The hold priority; values are the same as for preempt.
Application ID A quotable string that identifies the sender application and can be used to
match on local policies. The string includes the policy locator in the X.500
Distinguished Name format and the application or filename of the sender
application.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Output on interface Policy status (on the outbound interface):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
Before FLR Example

The following is sample output from the show ip rsvp sender detail command before FLR has occurred:
PATH:

QOS-918
show ip rsvp sender
Destination 192.168.101.21, Protocol_Id 17, Don't Police , DstPort 1

Path refreshes:
arriving: from PHOP 172.16.31.34 on Et0/0 every 30000 msecs
Status:
Output on Ethernet1/0. Policy status: Forwarding. Handle: 02000400
Path FLR: Never repaired
Table 126 show ip rsvp sender detail Field Descriptions—Before FLR
Field Descriptions
PATH PATH message information:
• Protocol ID number.
• Policing.
• Destination port number.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
• Max Pkt Size—Largest packet allowed, in bytes.
purposes.
forwarded.

QOS-919
show ip rsvp sender
Table 126 show ip rsvp sender detail Field Descriptions—Before FLR (continued)
Field Descriptions
• Proxied—Head.
Note A blank field means none of the above.
Path FLR Never repaired—Indicates that the node has never been a point of local
repair (PLR) and, therefore, has never repaired the PSB.
At the PLR During FLR Example
Note A node that initiates an FLR procedure is the point of local repair or PLR.
The following is sample output from the show ip rsvp sender detail command at the PLR during an
FLR procedure:
PATH:
Path refreshes:
Status:
Path FLR: PSB is currently being repaired...try later
PLR - Old Segments: 1
Output on Ethernet1/0, nhop 172.16.36.34
Time before expiry: 2 refreshes
Policy status: Forwarding. Handle: 02000400

QOS-920
show ip rsvp sender
Table 127 show ip rsvp sender detail Field Descriptions—at the PLR During FLR
Field Descriptions
PATH PATH message information including the following:
• Policing.
purposes.
forwarded.
• Proxied—Head.

QOS-921
show ip rsvp sender
Table 127 show ip rsvp sender detail Field Descriptions—at the PLR During FLR (continued)
Field Descriptions
Path FLR PSB is currently being repaired. FLR is in process.
PLR - Old Segments The number of old segments or interfaces after the PLR initiated the FLR
procedure. For each old segment, the following information displays:
• Output on interface—Outbound interface after the FLR and the
next-hop IP address.
• Time before expiry—Number of PATH messages sent on a new segment
before the old route (segment) expires.
• Policy status (on the outbound interface):
– Forwarding—Inbound PATH messages are being forwarded.
– Not Forwarding—Outbound PATH messages are being rejected.
– Handle—Internal database ID assigned to the PATH message by
RSVP for bookkeeping purposes.
Policy source(s)—Type of local policy in effect; values include Default,
Local, and MPLS/TE.
At the MP During an FLR Example
Note The node where the old and new paths (also called segments or interfaces) meet is the merge point (MP).
The following is sample output from the show ip rsvp sender detail command at the MP during an FLR
procedure:
PATH:
Path refreshes:
Status: Proxy-terminated
MP - Old Segments: 1
Input on Serial2/0, phop 172.16.36.35
Time before expiry: 9 refreshes

QOS-922
show ip rsvp sender
Table 128 show ip rsvp sender detail Field Descriptions—at the MP During FLR
Field Descriptions
• Policing.
purposes.
forwarded.
• Proxied—Head.

QOS-923
show ip rsvp sender
Table 128 show ip rsvp sender detail Field Descriptions—at the MP During FLR (continued)
Field Descriptions
Path FLR Never repaired—Indicates that the node has never been a PLR and,
therefore, has never repaired the PSB.
MP - Old Segments The number of old segments or interfaces on the MP before the PLR
initiated the FLR procedure. For each old segment, the following
information displays:
• Input on interface—Inbound interface and the previous-hop IP address.
• Time before expiry—Number of PATH messages to be received on other
segments before this segment expires.
At the PLR After an FLR Example

The following is sample output from the show ip rsvp sender detail command at the PLR after an FLR
procedure:
PATH:
Path refreshes:
Status:
Output on Serial3/0. Policy status: Forwarding. Handle: 3B000406
Path FLR: Started 12:56:16 EST Thu Nov 16 2006, PSB repaired 532(ms) after.
Resv/Perr: Received 992(ms) after.
Table 129 show ip rsvp sender detail Field Descriptions—at the PLR After FLR
Field Descriptions
PATH PATH message information including the following:
• Policing.
Path refreshes Refresh information including the following:

QOS-924
show ip rsvp sender
Table 129 show ip rsvp sender detail Field Descriptions—at the PLR After FLR (continued)
Field Descriptions
Path ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
forwarded.
• Proxied—Head.
Path FLR FLR statistics that show when RSVP received the notification from RIB and
how long thereafter the PATH message was sent. This delay can result when
the interface on which the PATH message was sent had a wait time
configured or when other PSBs were processed before this one or a
combination of both. The statistics also show when an associated RESV or
PATHERROR message was received.
Note This delay tells you the time when QoS was not honored for the
specified flow.
TBAC Example
The following is sample output from the show ip rsvp sender detail command when TBAC is
configured:
PATH:

QOS-925
show ip rsvp sender

Path refreshes:
arriving: from PHOP 10.1.1.1 on Et0/0 every 30000 msecs. Timeout in 189 sec
Status:
Output on Tunnel1, out of band. Policy status: Forwarding. Handle: 0800040E
Table 130 show ip rsvp sender detail Field Descriptions—with TBAC
Field Descriptions
• Policing.
Note A blank field means no refreshes have occurred.
purposes.
forwarded.

QOS-926
show ip rsvp sender
Table 130 show ip rsvp sender detail Field Descriptions—with TBAC (continued)
Field Descriptions
• Proxied—Head.
Output on tunnel Policy status (on the outbound tunnel with out-of-band signaling):

The following is sample output from the show ip rsvp sender detail command when RSVP aggregation
is configured:
PATH:
Path refreshes:
Path ID handle: 0F000406.
Status:
3175 Aggregation: agg_info : AggResv 10.10.10.34->10.10.10.2_46
Output on Serial2/0. Policy status: Forwarding. Handle: 09000405
PATH:
Deaggregator 10.10.10.2, DSCP 46, Don't Police
Aggregator address: 10.10.10.34
Path refreshes:
Traffic params - Rate: 17179868160 bits/sec, Max. burst: 536870784 bytes
Path ID handle: 1500040A.
Status: Proxy-terminated

QOS-927
show ip rsvp sender
Table 131 show ip rsvp sender detail Field Descriptions—with RSVP Aggregation
Field Descriptions
PATH PATH message information for E2e reservations:
• Policing.
– Always Don’t Police.
Note A blank field means no refreshes have occurred.
– Always MAX rate possible for aggregate reservations.
– Always MAX burst possible for aggregate reservations.
purposes.
forwarded.
• Proxied—Head.

QOS-928
show ip rsvp sender
Table 131 show ip rsvp sender detail Field Descriptions—with RSVP Aggregation (continued)
Field Descriptions
3175 Aggregation: IP address of the aggregated reservation on which this E2E reservation is
agg_info mapped with specified source (aggregator) and destination (deaggregator)
endpoints and DSCP.
PATH PATH message information for aggregate reservations:
• Deaggregator IP address.
• Differentiated Services Code Point (DSCP) value.
• Policing.
– Always Don’t Police.
• Aggregator IP address.
Note Remaining parameters are defined in the preceding fields.
PLR and MP Examples

The following is sample output from the show ip rsvp sender detail command under these
circumstances:
• The command is entered at the point of local repair (PLR) before a failure (Example 1).
• The command is entered at the PLR after a failure (Example 2).
• The command is entered at the merge point (MP) before a failure (Example 3).
• The command is entered at the MP after a failure (Example 4).
• The command output shows all senders (Example 5).
• The command output shows only senders who have a specific destination (Example 6).
• Show more detail about a sender who has a specific destination (Example 7).

QOS-929
show ip rsvp sender
Tunnel 2
NNHOP
backup tunnel
POS1/1 10.0.0.2 10.0.0.1 POS0/1

LO0:10.2.2.0 PLP MP LO0:10.2.2.1
10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 10.1.1.6
59568
Example 1: The command is entered at the PLR before a failure.

The following is sample output from the show ip rsvp sender detail command when it is entered at the
PLR before a failure:
PATH:
Path refreshes arriving on POS1/0 from PHOP 10.1.1.1
Path refreshes being sent to NHOP 10.1.1.4 on POS1/1
Session Attr::
Flags: Local Prot desired, Label Recording, SE Style
Session Name:tagsw4500-23_t1
ERO:
Traffic params - Rate: 0G bits/sec, Max. burst: 1K bytes
Outbound FRR: Ready -- backup tunnel selected
Bkup FilerSpec:
Tun Sender: 10.0.0.0, LSP ID 126

QOS-930
show ip rsvp sender
Note The Flags field is important for Fast Reroute. For information about flags that must be set, see the Flags
field description in Table 132.
Table 132 show ip rsvp sender detail Field Descriptions—on PLR Before Failure
Field Description
The first five fields provide information that uniquely identifies the LSP.
The first three fields identify the LSP’s session (that is, the contents of the SESSION object in
arriving PATH messages).
Tun Dest IP address of the destination of the tunnel.
Tun ID Tunnel identification number.
Ext Tun ID Extended tunnel identification number.
The next two fields identify the LSP’s sender (SENDER_TEMPLATE object of arriving PATH
messages).
Tun Sender Tunnel sender.
LSP ID LSP identification number.
The remaining fields indented under PATH provide additional information about this LSP.
Session Attr—Session attributes. Refers to information included in the SESSION_ATTRIBUTE
object of arriving PATH messages, such as the Setup and Holding Priorities, Flags, and the Session
Name.
Setup Prio Setup priority.
Holding Prio Holding priority.
Flags An LSP must have the “Local protection desired” flag of the
SESSION_ATTRIBUTE object set for the LSP to use a backup
tunnel (that is, in order to receive local protection). If this flag
is not set, you have not enabled Fast Reroute for this tunnel at
its headend (by entering the tunnel mpls traffic-eng
fast-reroute command). Next-next hop (NNHOP) backup
tunnels rely on label recording, so LSPs should have the “label
recording desired” flag set too. This flag is set if the tunnel was
configured for Fast Reroute.
ERO—Refers to the EXPLICIT_ROUTE Object (ERO) of the PATH messages. This field displays the
contents of the ERO at this node. As a PATH message travels from the sender (headend) to the receiver
(tailend), each node removes its own IP address from the ERO. The displayed value reflects the
remainder of hops between this node and the tail.
Fast-Reroute Backup info—Information that is relevant to Fast Reroute for this LSP.
Inbound FRR If this node is downstream from a rerouted LSP (for example,
at a merge point for this LSP), the state is Active.

QOS-931
show ip rsvp sender
Table 132 show ip rsvp sender detail Field Descriptions—on PLR Before Failure (continued)
Field Description
Outbound FRR If this node is a PLR for an LSP, there are three possible states:
• Active—This LSP is actively using its backup tunnel,
presumably because there has been a downstream failure.
• No Backup—This LSP does not have local (Fast Reroute)
protection. No backup tunnel has been selected for it to use
in case of a failure.
• Ready—This LSP is ready to use a backup tunnel in case
of a downstream link or node failure. A backup tunnel has
been selected for it to use.
Backup Tunnel If the Outbound FRR state is Ready or Active, this field
indicates the following:
• Which backup tunnel has been selected for this LSP to use
in case of a failure.
• The inbound label that will be prepended to the LSP’s data
packets for acceptance at the backup tunnel tail (the merge
point).
Bkup Sender Template If the Outbound FRR state is Ready or Active,
SENDER_TEMPLATE and FILTERSPEC objects are shown.
These objects will be used in RSVP messages sent by the
backup tunnel if the LSP starts actively using the backup
tunnel. They differ from the original (prefailure) objects only in
that the node (the PLR) substitutes its own IP address for that
of the original sender. For example, PATH and PATHTEAR
messages will contain the new SENDER_TEMPLATE. RESV
and RESVTEAR messages will contain the new FILTERSPEC
object. If this LSP begins actively using the backup tunnel, the
display changes.
Bkup FilerSpec If the Outbound FRR state is Ready or Active,
SENDER_TEMPLATE and FILTERSPEC objects are shown.
These objects will be used in RSVP messages sent by the
backup tunnel if the LSP starts actively using the backup
tunnel. They differ from the original (prefailure) objects only in
that the node (the PLR) substitutes its own IP address for that
of the original sender. For example, PATH and PATHTEAR
messages will contain the new SENDER_TEMPLATE. RESV
and RESVTEAR messages will contain the new FILTERSPEC
object. If this LSP begins actively using the backup tunnel, the
display changes as shown in Example 2.
Example 2: The command is entered at the PLR after a failure.

If the LSP begins actively using the backup tunnel and the command is entered at the PLR after a failure,
the display changes as shown below.
PATH:

QOS-932
show ip rsvp sender

Path refreshes being sent to NHOP 10.2.2.1 on Tunnel2
Session Attr::
ERO:
Outbound FRR: Active -- using backup tunnel
Bkup FilerSpec:
Tun Sender: 10.0.0.0, LSP ID 126
Orig Output I/F: Et2
Orig Output ERO:
Once an LSP is actively using a backup tunnel, the following changes occur:
• PATH refreshes are no longer sent to the original NHOP out the original interface. They are sent
through the backup tunnel to the node that is the tail of the backup tunnel (NHOP or NNHOP).
• The ERO is modified so that it will be acceptable upon arrival at the NHOP or NNHOP.
• The display shows both the original ERO and the new one that is now being used.
• The display shows the original output interface (that is, the interface from which PATH messages
were sent for this LSP before the failure).
Example 3: The command is entered at the MP before a failure.

If the same show ip rsvp sender command is entered at the merge point (the backup tunnel tail), the
display changes from before to after the failure. The following is sample output before a failure:
PATH:
Session Attr::
Outbound FRR: No backup tunnel selected
Example 4: The command is entered at the MP after a failure.

After a failure, the following changes occur:
• The interface and previous hop (PHOP) from which PATH messages are received will change.
• The inbound FRR becomes Active.

QOS-933
show ip rsvp sender
• The original PHOP and the original input interface are displayed as shown below.
The following is sample output after a failure:
PATH:
Path refreshes arriving on POS0/1 from PHOP 10.0.0.0 on Loopback0
Session Attr::
Inbound FRR: Active
Orig Input I/F: POS0/0
Orig PHOP: 10.1.1.5
Now using Bkup Filterspec w/ sender: 10.0.0.0 LSP ID: 126
Notice the following changes:

• After a failure, PATH refreshes arrive on a different interface and from a different PHOP.
• The original PHOP and input interface are shown under Fast-Reroute Backup information, along
with the FILTERSPEC object that will now be used when sending messages (such as RESV and
RESVTEAR).
Example 5: The command output shows all senders.

In the following example, information about all senders is displayed.
Router# show ip rsvp sender
To From Pro DPort Sport Prev Hop I/F BPS Bytes

10.2.2.1 10.2.2.0 1 1 59 10.1.1.1 Et1 0G 1K
10.2.2.1 172.31.255.255 1 2 9 0G 1K
10.2.2.1 10.2.2.0 1 3 12 10.1.1.1 Et1 0G 1K
10.2.2.1 172.31.255.255 1 3 20 0G 1K
172.16.0.0 172.31.255.255 1 0 23 0G 1K
172.16.0.0 172.31.255.255 1 1 22 0G 1K
172.16.0.0 172.31.255.255 1 1000 22 0G 1K
Table 133 show ip rsvp sender Field Descriptions
Field Description
Pro Protocol code. Code 1 indicates Internet Control Message Protocol
(ICMP).
Prev Hop IP address of the previous hop.

QOS-934
show ip rsvp sender
Table 133 show ip rsvp sender Field Descriptions (continued)
Field Description
BPS Reservation rate, in bits per second, that the application is advertising it
might achieve.
Bytes Bytes of burst size that the application is advertising it might achieve.
Example 6: The command output shows only senders having a specific destination.
To show only information about senders having a specific destination, specify the destination filter as
shown below. In this example, the destination is 172.16.0.0.
Router# show ip rsvp sender filter destination 172.16.0.0
To From Pro DPort Sport Prev Hop I/F BPS Bytes

172.16.0.0 172.31.255 1 0 23 0G 1K
172.16.0.0 172.31.255 1 1 22 0G 1K
172.16.0.0 172.31.255 1 1000 22 0G 1K
Example 7: Show more detail about a sender having a specific destination.

To show more detail about the sender whose destination port is 1000 (as shown in Example 6), specify
the command with the destination port filter:
Router# show ip rsvp sender filter detail dst-port 1000
PATH:
Tun Dest 172.16.0.0 Tun ID 1000 Ext Tun ID 172.31.255.255
Tun Sender: 172.31.255.255, LSP ID: 22
Path refreshes being sent to NHOP 10.1.1.4 on Ethernet2
Session Attr::
Flags: SE Style
ERO:

ip rsvp sender Enables a router to simulate RSVP PATH message
reception from the sender.
show ip rsvp reservation Displays RSVP PATH-related receiver information
currently in the database.

QOS-935
show ip rsvp signalling

To display Resource Reservation Protocol (RSVP) signaling information that optionally includes
rate-limiting and refresh-reduction parameters for RSVP messages, use the show ip rsvp signalling
show ip rsvp signalling [rate-limit | refresh reduction]
Syntax Description rate-limit (Optional) Rate-limiting parameters for signalling messages.

refresh reduction (Optional) Refresh-reduction parameters and settings.
Command Modes EXEC

Usage Guidelines Use the show ip rsvp signalling command with either the rate-limit or the refresh reduction keyword
to display rate-limiting parameters or refresh-reduction parameters, respectively.
Examples The following command shows rate-limiting parameters:

Router# show ip rsvp signalling rate-limit
Rate Limiting:enabled
Max msgs per interval:4
Interval length (msec):20
Max queue size:500
Max msgs per second:200
Max msgs allowed to be sent:37
Table 134 show ip rsvp signalling rate-limit Command Field Descriptions
Field Description
Rate Limiting: enabled (active) The RSVP rate-limiting parameters in effect including the following:
or disabled (not active)
• Max msgs per interval = number of messages allowed to be sent
per interval (timeframe).
• Interval length (msecs) = interval (timeframe) length in
milliseconds.
• Max queue size = maximum size of the message queue in bytes.
• Max msgs per second = maximum number of messages allowed
to be sent per second.

QOS-936
The following command shows refresh-reduction parameters:

Router# show ip rsvp signalling refresh reduction
Refresh Reduction:enabled
ACK delay (msec):250
Initial retransmit delay (msec):1000
Local epoch:0x74D040
Message IDs:in use 600, total allocated 3732, total freed 3132
Table 135 show ip rsvp signalling refresh reduction Command Field Descriptions
Field Description
Refresh Reduction: enabled The RSVP refresh-reduction parameters in effect including the
(active) or disabled (not active) following:
• ACK delay (msec) = how long in milliseconds before the
receiving router sends an acknowledgment (ACK).
• Initial retransmit delay (msec) = how long in milliseconds before
the sending router retransmits a message.
• Local epoch = the RSVP process identifier that defines a local
router for refresh reduction and reliable messaging; randomly
generated each time a node reboots or the RSVP process restarts.
• Message IDs = the number of message identifiers (IDs) in use, the
total number allocated, and the total number available (freed).

clear ip rsvp signalling Clears the counters recording dropped messages.
rate-limit
clear ip rsvp signalling Clears the counters recording retransmissions and out-of-order messages.
refresh reduction
debug ip rsvp Displays debug messages for RSVP rate-limiting events.
rate-limit
refresh reduction

QOS-937
show ip rsvp signalling blockade

To display the Resource Reservation Protocol (RSVP) sessions that are currently blockaded, use the
show ip rsvp signalling blockade command in EXEC mode.
show ip rsvp signalling blockade [detail] [name | address]
Syntax Description detail (Optional) Additional blockade information.

name (Optional) Name of the router being blockaded.
address (Optional) IP address of the destination of a reservation.
Defaults If you enter the show ip rsvp signalling blockade command without a keyword or an argument, the
command displays all the blockaded sessions on the router.
Command Modes EXEC

Usage Guidelines Use the show ip rsvp signalling blockade command to display the RSVP sessions that are currently
blockaded.
An RSVP sender becomes blockaded when the corresponding receiver sends a Resv message that fails
admission control on a router that has RSVP configured. A ResvError message with an admission control
error is sent in reply to the Resv message, causing all routers downstream of the failure to mark the
associated sender as blockaded. As a result, those routers do not include that contribution to subsequent
Resv refreshes for that session until the blockade state times out.
Blockading solves a denial-of-service problem on shared reservations where one receiver can request so
much bandwidth as to cause an admission control failure for all the receivers sharing that reservation,
even though the other receivers are making requests that are within the limit.
Examples The following example shows all the sessions currently blockaded:
Router# show ip rsvp signalling blockade
To From Pro DPort Sport Time Left Rate

192.168.101.2 192.168.101.1 UDP 1000 1000 27 5K
192.168.101.2 192.168.101.1 UDP 1001 1001 79 5K
192.168.101.2 192.168.101.1 UDP 1002 1002 17 5K
225.1.1.1 192.168.104.1 UDP 2222 2222 48 5K

QOS-938
Table 136 show ip rsvp signalling blockade Command Field Descriptions
Field Description
Pro Protocol used.
Time Left Amount of time, in seconds, before the blockade expires.
Rate The average rate, in bits per second, for the data.
The following example shows more detail about the sessions currently blockaded:
Router# show ip rsvp signalling blockade detail
Session address: 192.168.101.2, port: 1000. Protocol: UDP

Admission control error location: 192.168.101.1
Flowspec that caused blockade:
Average bitrate: 5K bits/second
Maximum burst: 5K bytes
Peak bitrate: 5K bits/second
Minimum policed unit: 0 bytes
Maximum packet size: 0 bytes
Requested bitrate: 5K bits/second
Slack: 0 milliseconds
Blockade ends in: 99 seconds




QOS-939

Table 137 show ip rsvp signalling blockade detail Command Field Descriptions
Field Description
Session address Destination IP address of the reservation affected by the blockade.
port Destination port number of the reservation affected by the blockade.
Protocol Protocol used by the reservation affected by the blockade; choices include User
Datagram Protocol (UDP) and TCP.
Sender address Source IP address of the reservation affected by the blockade.
port Source port number of the reservation affected by the blockade.
Admission control IP address of the router where the admission control error occurred.
error location
Flowspec that Parameters for the flowspec that caused the blockade.
caused blockade
Average bitrate The average rate, in bits per second, for the flowspec.
Maximum burst The maximum burst size, in bytes, for the flowspec.
Peak bitrate The peak rate, in bps, for the flowspec.
Minimum policed The minimum policed unit, in bytes, for the flowspec.
unit
Maximum packet The maximum packet size, in bytes, for the flowspec.
size
Requested bitrate The requested rate, in bits per second, for the flowspec.
Slack Time, in milliseconds, allocated to a router for scheduling delivery of packets.
Blockade ends in Time, in seconds, until the blockade expires.

QOS-940
show ip rsvp signalling fast-local-repair

To display fast-local-repair (FLR)-specific information maintained by Resource Reservation Protocol
(RSVP), use the show ip rsvp signalling fast-local-repair command in user EXEC or privileged EXEC
mode.
show ip rsvp signalling fast-local-repair [statistics [detail]]
Syntax Description statistics (Optional) Displays information about FLR procedures.

detail (Optional) Displays additional information about FLR procedures.
Command Default Information for the FLR and RSVP message pacing displays.

Privileged EXEC

Usage Guidelines Use the show ip rsvp signalling fast-local-repair command to display the FLR and RSVP message
pacing rates that are configured.
Use the show ip rsvp signalling fast-local-repair statistics command to display the FLR procedures
and related information including the following:
• The process number
• The state
• The start time
• The number of path state blocks (PSBs) repaired
• The repair rate
• The routing information base (RIB) notification process time
• The repair time of the last PSB
Use the show ip rsvp signalling fast-local-repair statistics detail command to display detailed
information about FLR procedures including the following:
• The time of the routing notification
• The elapsed time for processing all notifications in the queue
• The rate and pacing unit (the refresh spacing in ms) used
• The number of PSBs repaired
• The number of times RSVP has suspended

QOS-941
For each run, the following information appears:

• The time that the run started relative to the start of the procedure
• The time that RSVP suspended again
• The number of notifications processed in this run
For each neighbor, the following information appears:
• The delay of the first PATH message sent to this neighbor
• The delay of the last PATH message sent to this neighbor
Examples show ip rsvp signalling fast-local-repair Example

The following example displays information about the FLR rate:
Router# show ip rsvp signalling fast-local-repair

Table 138 show ip rsvp signalling fast-local-repair Field Descriptions
Field Description
Fast Local Repair FLR state. Values are the following:
• Enabled—FLR is configured.
• Disabled—FLR is not configured.
Max repair rate (paths/sec) Maximum repair rate, in paths per second.
Max processed (paths/run) Maximum notification elements processed, in paths per run.
show ip rsvp signalling fast-local-repair statistics Example

The following example displays information about FLR procedures:
Router# show ip rsvp signalling fast-local-repair statistics

FLR Statistics:
FLR State Start #PSB Repair RIB Proc Last

Proc. Time Repair Rate Time PSB
1 DONE 15:16:32 MET Wed Oct 25 2006 2496 1000 91(ms) 3111(ms)

QOS-942
Table 139 show ip rsvp signalling fast-local-repair statistics Field Descriptions
Field Description
FLR Statistics FLR-related information.
FLR Proc. FLR procedure number. The last 32 procedures are listed
from the most recent to the oldest; they are numbered from 1
to 32.
State Current state of the FLR procedure. Values are the following:
• DONE—The FLR procedure is complete.
• IN PROGRESS—The FLR procedure is incomplete.
Start Time Time when RSVP received the routing notification.
#PSB Repair Number of PSBs repaired.
Repair Rate Repair rate used, in paths per second.
RIB Proc Time Time that RSVP spent to process all RIB notifications and
schedule the path refreshes, in microseconds (us),
milliseconds (msec or ms), or seconds (sec).
Note The value is converted to fit the column width;
however, seconds are rarely used because RSVP RIB
notification processing is very fast.
Last PSB Elapsed time, in microseconds (us), milliseconds (msec or
ms), or seconds (sec), between the start of an FLR procedure
and when RSVP sent the last PATH message.
Note The value is converted to fit the column width;
however, seconds are rarely used because RSVP RIB
notification processing is very fast.
show ip rsvp signalling fast-local-repair statistics detail Example

The following example displays detailed information about FLR procedures:
Router# show ip rsvp signalling fast-local-repair statistics detail

FLR Statistics:
FLR 1: DONE
Start Time: 15:16:32 MET Wed Oct 25 2006
Number of PSBs repaired: 2496
Used Repair Rate (msgs/sec): 1000

QOS-943
RIB notification processing time: 91(ms)

Time of last PSB refresh: 3111(ms)
Time of last Resv received: 4355(ms)
Time of last Perr received: 0(us)
Suspend count: 2
Run Number Started Duration
ID of ntf. (time from Start)
2 498 81(ms) 10(ms)
1 998 49(ms) 21(ms)
0 1000 0(us) 22(ms)
FLR Pacing Unit: 1 msec
Affected neighbors:
Nbr Address Relative Delay Values (msec)
10.1.0.70 [500 ,..., 2995 ]
Table 140 show ip rsvp signalling fast-local-repair statistics detail Field Descriptions
Field Description
FLR Statistics FLR-related information.
FLR # FLR procedure number and current state. The last 32
procedures are listed from the most recent to the oldest; they
are numbered from 1 to 32. Values for the state are the
following:
• DONE—The FLR procedure is complete.
• IN PROGRESS—The FLR procedure is incomplete.
Start Time Time when RSVP received the routing notification.
Number of PSBs repaired Total PSBs repaired.
Used Repair Rate (msgs/sec) Repair rate used, in messages per second.
RIB notification processing time Time, in milliseconds (ms), that RSVP spent to process all
RIB notifications.
Time of last PSB refresh Elapsed time, in milliseconds (ms), between the start of an
FLR procedure and when RSVP sent the last PATH refresh
message.
Time of last Resv received Elapsed time, in milliseconds (ms), between the start of an
FLR procedure and when RSVP received the last RESV
message.
Time of last Perr received Elapsed time, in microseconds (us), between the start of an
FLR procedure and when RSVP received the last
PATHERROR message.

QOS-944
Table 140 show ip rsvp signalling fast-local-repair statistics detail Field Descriptions (continued)
Field Description
Suspend count Number of times that RSVP has suspended during a specific
procedure.
Note If this value is non-zero, details for each run are
shown.
Run ID Identifier (number) for each time that RSVP has run.
Number of ntf. Number of notifications (PSBs) processed in a run.
Started (time from Start) Time, in milliseconds (ms), that the run began relative to the
start of the FLR procedure.
Duration Length of time, in milliseconds (ms), for the run.
FLR Pacing Unit Frequency, in milliseconds (msec), for RSVP message
pacing; that is, how often a PATH message is sent. The value
is rounded down.
Affected neighbors Neighbors involved in the FLR procedure.
Nbr Address IP address for each neighbor involved in a procedure.
Relative Delay Values Times, in milliseconds (msec), when the PSB refreshes were
sent.
Note In the sample display, there is a 1-msec pacing unit;
therefore, PSBs to 10.1.0.70 have been sent with
delays of 1 msec from 500, 501, 502, 503, ... 2995. If
a 5-msec pacing unit were used, the delays would be
500, 505, 510,... 2990, 2995.

notifications
ip rsvp signalling Configures the delay used to start an FLR procedure.
fast-local-repair wait

QOS-945
show ip rsvp signalling rate-limit

To display the Resource Reservation Protocol (RSVP) rate-limiting parameters, use the show ip rsvp
signalling rate-limit command in user EXEC or privileged EXEC mode.

Privileged EXEC

12.0(29)S The command output was modified to show the revised rate-limiting
parameters.
Examples The following command shows the rate-limiting parameters:

Router# show ip rsvp signalling rate-limit
Rate Limiting:
Max msgs per interval: 4
Interval length (msec): 20
Max queue size: 500
Max msgs per second: 200
Table 141 show ip rsvp signalling rate-limit Field Descriptions
Field Description
Rate Limiting The RSVP rate-limiting parameters are enabled or disabled. They include the
following:
• Burst = number of messages sent each period from the queue.
• Limit = maximum number of messages sent each period from the queue.
• Max size = maximum size of the message queue in bytes.
• Period (msec) = interval (time frame) length in milliseconds.
• Max rate (msgs/sec) = maximum number of messages allowed to be sent per
second.

QOS-946

clear ip rsvp signalling Clears (sets to zero) the number of messages that were dropped because of
rate-limit a full queue.
debug ip rsvp Displays debug messages for RSVP rate-limiting events.
rate-limit

QOS-947
show ip rsvp signalling refresh reduction

To display the Resource Reservation Protocol (RSVP) refresh-reduction parameters, use the show ip
rsvp signalling refresh reduction command in EXEC mode.
Command Modes EXEC

Examples The following command shows the refresh-reduction parameters:

Router# show ip rsvp signalling refresh reduction
Refresh Reduction:
ACK delay (msec): 250
Initial retransmit delay (msec): 1000
Local epoch: 0xF2F6BC
Message IDs: in use 1, total allocated 4, total freed 3
Table 142 show ip rsvp signalling refresh reduction Command Field Descriptions
Field Description
Refresh Reduction The RSVP refresh-reduction parameters in effect including the
following:
• ACK delay (msec) = how long in milliseconds before the receiving
router sends an acknowledgment (ACK).
• Initial retransmit delay (msec) = how long in milliseconds before the
sending router retransmits a message.
• Local epoch = the RSVP message number space ID (identifier);
randomly generated each time a node reboots or the RSVP process
restarts.
• Message IDs = the number of message IDs in use, the total number
allocated, and the total number available (freed).

QOS-948

clear ip rsvp signalling Clears (sets to zero) the counters recording retransmissions and
refresh reduction out-of-order messages.
refresh reduction

QOS-949
show ip rtp header-compression

To display Real-Time Transport Protocol (RTP) statistics, use the show ip rtp header-compression
show ip rtp header-compression [interface-type interface-number] [detail]
Syntax Description interface-type (Optional) The interface type and number.

interface-number
detail (Optional) Displays details of each connection.

12.1(5)T The command output was modified to include information related to the
Distributed Compressed Real-Time Transport Protocol (dCRTP) feature.
12.3(11)T The command output was modified to include information related to the
Enhanced Compressed Real-Time Transport Protocol (ECRTP) feature.
Usage Guidelines The detail keyword is not available with the show ip rtp header-compression command on a Route
Switch Processor (RSP). However, the detail keyword is available with the show ip rtp
header-compression command on a Versatile Interface Processor (VIP). Enter the show ip rtp
header-compression interface-type interface-number detail command on a VIP to retrieve detailed
information regarding RTP header compression on a specific interface.
Examples The following example displays statistics from ECRTP on an interface:

Router# show ip rtp header-compression
RTP/UDP/IP header compression statistics:

Interface Serial2/0 (compression on, IETF, ECRTP)

QOS-950

Table 143 show ip rtp header-compression Field Descriptions
Field Description
Interface Type and number of interface.
Rcvd Received statistics described in subsequent fields.
total Number of packets received on the interface.
compressed Number of packets received with compressed headers.
errors Number of errors.
status msgs Number of resynchronization messages received from the
peer.
dropped Number of packets dropped.
buffer copies Number of buffers that were copied.
buffer failures Number of failures in allocating buffers.
Sent Sent statistics described in subsequent fields.
total Number of packets sent on the interface.
compressed Number of packets sent with compressed headers.
status msgs Number of resynchronization messages sent from the peer.
not predicted Number of packets taking a non-optimal path through the
compressor.
bytes saved Total savings in bytes due to compression.
efficiency improvement factor Compression efficiency.
Connect Connect statistics described in subsequent fields.
misses Total number of misses.
collisions Total number of collisions.
negative cache hits Total number of negative cache hits.
free contexts Number of available context resources.
hit ratio Percentage of received packets that have an associated
context.
five minute miss rate Number of new flows found per second averaged over the last
five minutes.
max Highest average rate of new flows reported.

QOS-951

ip rtp Specifies the total number of RTP header compression connections
compression-connections supported on the interface.
ip rtp header-compression Enables RTP header compression.

QOS-952
show ip tcp header-compression

To display Transmission Control Protocol (TCP)/IP header compression statistics, use the show ip tcp
header-compression command in user EXEC or privileged EXEC mode.
show ip tcp header-compression [interface-type interface-number] [detail]
Syntax Description interface-type (Optional) The interface type and number.

interface-number
detail (Optional) Displays details of each connection. This keyword is available
only in privileged EXEC mode.

Privileged EXEC (#)

12.4 This command was integrated into Cisco Release 12.4 and its command
output was modified to include additional compression statistics.
Examples The following is sample output from the show ip tcp header-compression command:
Router# show ip tcp header-compression
TCP/IP header compression statistics:

Interface Serial2/0 (compression on, IETF)

QOS-953
Table 144 describes significant fields shown in the display.
Table 144 show ip tcp header-compression Field Descriptions
Field Description
Interface Serial2/0 Interface type and number on which compression is enabled.
(compression on, IETF)
Rcvd: Received statistics described in subsequent fields.
total Total number of TCP packets received on the interface.
compressed Total number of TCP packets compressed.
errors Number of packets received with errors.
status msgs Number of resynchronization messages received from the peer.
dropped Number of packets dropped due to invalid compression.
buffer copies Number of packets that needed to be copied into bigger buffers for
decompression.
buffer failures Number of packets dropped due to a lack of buffers.
Sent: Sent statistics described in subsequent fields.
total Total number of TCP packets sent on the interface.
compressed Total number of TCP packets compressed.
status msgs Number of resynchronization messages sent from the peer.
not predicted Number of packets taking a non-optimal path through the
compressor.
bytes saved Total savings in bytes due to compression.
efficiency improvement Improvement in line efficiency because of TCP header
factor compression.
Connect: Connection statistics described in subsequent fields.
misses Indicates the number of times a match could not be made. If your
output shows a large miss rate, then the number of allowable
simultaneous compression connections may be too low.
collisions Total number of collisions.
negative cache hits Total number of negative cache hits.
Note This field is not relevant for TCP header compression; it
is used for Real-Time Transport Protocol (RTP) header
compression.
free contexts Total number of free contexts.
Note Free contexts (also known as connections) are an
indication of the number of resources that are available,
but not currently in use, for TCP header compression.
hit ratio Percentage of times the software found a match and was able to
compress the header.

QOS-954
Table 144 show ip tcp header-compression Field Descriptions (continued)
Field Description
Five minute miss rate in Calculates the miss rate over the previous five minutes for a
misses/sec longer-term (and more accurate) look at miss rate trends.
max Maximum value of the previous field.

ip tcp Specifies the total number of TCP header compression connections that
compression-connections can exist on an interface

QOS-955
show iphc-profile
show iphc-profile
To display configuration information for one or more IP Header Compression (IPHC) profiles, use the
show iphc-profile command in privileged EXEC mode.
show iphc-profile [profile-name]
Syntax Description profile-name (Optional) Name of an IPHC profile to display.
Command Default If you do not specify an IPHC profile name, all IPHC profiles are displayed.

Usage Guidelines Information Included in Display

The display includes information such as the profile type, the type of header compression enabled, the
number of contexts, the refresh period (for Real-Time Transport [RTP] header compression), whether
feedback messages are disabled, and the interfaces to which the IPHC profile is attached.
For More Information About IPHC Profiles

An IPHC profile is used to enable and configure header compression on your network. For more
information about using IPHC profiles to configure header compression, see the “Header Compression”
module and the “Configuring Header Compression Using IPHC Profiles” module of the
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.
Examples The following is sample output from the show iphc-profile command. In the output, information about
two IPHC profiles, profile21 and profile20, is displayed.
Router# show iphc-profile
IPHC Profile "profile21"

Type: VJ
Compressing: TCP
Contexts : TCP fixed at 150
Controlled interfaces: (1)
Se3/1
IPHC Profile "profile20"
Type: IETF
Compressing: TCP NON-TCP (RTP)
Contexts : TCP 1 for each 0 kbits NON-TCP 1 for each 0 kbits
Refresh : NON-TCP and RTP every 5 seconds or 256 packets
Controlled interfaces: (1)
Se3/0

QOS-956
show iphc-profile
Table 145 show iphc-profile Field Descriptions
Field Description
IPHC Profile IPHC profile name.
Type IPHC profile type, either VJ (for van-jacobson) or IETF.
Compressing Type of header compression used, such as TCP, non-TCP, or
RTP.
Contexts Number of contexts and setting used to calculate the context
number.
Controlled interfaces Interfaces to which the IPHC profile is attached.


QOS-957
show lane qos database

To display the contents of a specific LAN Emulation (LANE) quality of service (QoS) database, use the
show lane qos database command in privileged EXEC mode.
show lane qos database name
Syntax Description name Specifies the QoS over LANE database to display.

Examples This example shows how to display the contents of a QoS over LANE database for a Catalyst 5000
family ATM Module:
ATM# show lane qos database user1
QOS: user1
configured cos values: 5-7, usage: 1
dst nsap: 47.0091810000000061705B0C01.00E0B0951A40.0A
pcr: 500000, mcr: 100000
This example shows how to display the contents of a QoS over LANE database for a Cisco 4500, 7200,
or 7500 series router:
Router# show lane qos database user2
QOS: user2
configured cos values: 5-7, usage: 1
dst nsap: 47.0091810000000061705B0C01.00E0B0951A40.0A
pcr: 500000, mcr: 100000

atm-address Specifies the QoS parameters associated with a particular ATM address.

QOS-958
Command Description
lane qos database Begins the process of building a QoS over LANE database.

QOS-959
show mls qos
show mls qos

To display Multilayer Switching (MLS) quality of service (QoS) information, use the show mls qos
show mls qos [{arp | ipv6 | ip | ipx | last | mac | maps [map-type]} [interface interface-number |
slot slot | null interface-number | port-channel number | vlan vlan-id]]
Syntax Description arp (Optional) Displays Address Resolution Protocol (ARP) information.
ipv6 (Optional) Displays IPv6 information.
ip | ipx (Optional) Displays information about the Multilayer Switching (MLS) IP or
Internetwork Packet Exchange (IPX) status.
last (Optional) Displays information about the last packet-policing.
mac (Optional) Displays information about the MAC address-based QoS status.
maps (Optional) Displays information about the QoS mapping.
map-type (Optional) Map type; see the “Usage Guidelines” section for valid values.
interface (Optional) Interface type; possible valid values are ethernet, fastethernet,
gigabitethernet, tengigabitethernet, ge-wan, pos, and atm.
interface-number (Optional) Module and port number; see the “Usage Guidelines” section for valid
values.
slot slot (Optional) Specifies the slot number; displays the global and per-interface QoS
enabled and disabled settings and the global QoS counters.
null (Optional) Specifies the null interface; the valid value is 0.
interface-number
port-channel (Optional) Specifies the channel interface; valid values are a maximum of
number 64 values ranging from 1 to 282.

12.2(17a)SX This command was changed to add the map-type argument.
12.2(18)SXE This command was changed to add the arp and ipv6 keywords on the Supervisor
Engine 720 only.

QOS-960
show mls qos
Usage Guidelines The ge-wan, pos, and atm keywords are not supported on Cisco 7600 series routers that are configured
The port-channel number values from 257 to 282 are supported on the Content Switching Module
(CSM) and the Firewall Services Module (FWSM) only.
Valid values for map-types are defined as follows:
• cos-dscp—Specifies the ingress class of service (CoS)-to-differentiated services code point (DSCP)
mapping to display; valid values are from 0 to 7.
• dscp-cos—Displays the egress DSCP-to-CoS mapping.
• dscp-exp—Displays the DSCP-to-EXP mapping on the Multiprotocol Label Switching (MPLS)
domain ingress and egress; this keyword is not supported.
• exp-dscp—Displays the EXP-to-DSCP mapping on the MPLS domain ingress and egress; this keyword
is not supported.
• ip-prec-dscp value—Specifies the ingress IP precedence-to-DSCP mapping to display; valid values
are from 0 to 7.
• policed-dscp—Displays the policed DSCP values to marked-down DSCP values mapping.
The dscp-exp and exp-dscp options are supported on Cisco 7600 series routers that are configured with
a Supervisor Engine 720 only.
Examples This example shows how to display information about the last logged packet:
Router# show mls qos last
QoS engine last packet information:

Packet was transmitted
Output TOS/DSCP: 0xC0/48[unchanged] Output COS: 0[unchanged]
Aggregate policer index: 0(none)
Microflow policer index: 0(none)
Router#
This example shows how to display the QoS-map settings:

Router# show mls qos maps
Policed-dscp map:
0 1 2 3 4 5 6 7 8 9
----------------------------------
00: 00 01 02 03 04 05 06 07 08 09
10: 10 11 12 13 14 15 16 17 18 19
20: 20 21 22 23 24 25 26 27 28 29
30: 30 31 32 33 34 35 36 37 38 39
40: 40 41 42 43 44 45 46 47 48 49
50: 50 51 52 53 54 55 56 57 58 59
60: 60 61 62 63
Dscp-cos map:
0 1 2 3 4 5 6 7 8 9
----------------------------------

QOS-961
show mls qos
00: 00 00 00 00 00 00 00 00 01 01
10: 01 01 01 01 01 01 02 02 02 02
20: 02 02 02 02 03 03 03 03 03 03
30: 03 03 04 04 04 04 04 04 04 04
40: 05 05 05 05 05 05 05 05 06 06
50: 06 06 06 06 06 06 07 07 07 07
60: 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
----------------------------------
dscp: 0 8 16 24 32 40 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
----------------------------------
dscp: 0 8 16 24 32 40 48 56
Router#
This example shows how to verify the configuration of DSCP-mutation mapping:

Router# show mls qos maps | begin DSCP mutation
DSCP mutation map mutmap1: (dscp= d1d2)

d1 : d2 0 1 2 3 4 5 6 7 8 9
-------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 08 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
<...Output Truncated...>
Router#
Note In the DSCP-mutation map displays, the marked-down DSCP values are shown in the body of the matrix.
The first digit of the original DSCP value is in the column labeled d1, and the second digit is in the top
row. In the example, DSCP 30 maps to DSCP 08.
This example shows how to display IPv6 information:

Router# show mls qos ipv6
QoS Summary [IPv6]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP

Agg Trust Fl AgForward-By AgPoliced-By
Id Id
------------------------------------------------------------------------------
All 7 - Default 0 0* No 0 189115356 0

Router#
Supervisor Engine 720 Examples
This example shows the output from Cisco 7600 series routers that are configured with a Supervisor
Engine 720.

QOS-962
show mls qos
This example shows how to display QoS information:

Router# show mls qos
QoS is enabled globally

Microflow policing is enabled globally
QoS ip packet dscp rewrite enabled globally
QoS is disabled on the following interfaces:

Fa6/3 Fa6/4
QoS DSCP-mutation map is enabled on the following interfaces:

Fa6/5
Vlan or Portchannel(Multi-Earl) policies supported: Yes
Egress policies supported: Yes
----- Module [5] -----

QoS global counters:
Total packets: 164
IP shortcut packets: 0
Packets dropped by policing: 0
IP packets with TOS changed by policing: 0
IP packets with COS changed by policing: 0
Non-IP packets with COS changed by policing: 0
MPLS packets with EXP changed by policing: 0
Router#
Supervisor Engine 2 Examples
This example shows the output from Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
This example shows the output if you do not enter any keywords:
Router# show mls qos
QoS is enabled globally

Microflow QoS is enabled globally
QoS global counters:

Total packets: 217500
IP shortcut packets: 344
Packets dropped by policing: 344
IP packets with TOS changed by policing 18323
IP packets with COS changed by policing 1602
Non-IP packets with COS changed by policing 0
Router#

mls qos (global configuration mode) Enables the QoS functionality globally.
mls qos (interface configuration mode) Enables the QoS functionality on an interface.

QOS-963
show mls qos aggregate policer

To display information about the aggregate policer for multilayer switching (MLS) quality of service
(QoS), use the show mls qos aggregate policer command in EXEC mode.
show mls qos aggregate policer [aggregate-name]
Syntax Description aggregate-name (Optional) Name of the aggregate policer.
Command Modes EXEC

Usage Guidelines Aggregate policing works independently on each Distributed Forwarding Card (DFC)-equipped
switching module and independently on the Policy Feature Card 2 (PFC2), which supports any
non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from
different DFC-equipped switching modules. You can display aggregate-policing statistics for each
DFC-equipped switching module, the PFC2, and any non-DFC-equipped switching modules that are
supported by the PFC2.
Examples This example shows how to display information about the aggregate policer for MLS QoS:
Router# show mls qos aggregate-policer
ag1 (undefined)
AgId=0 [ pol1 pol2 ]
ag2 64000 64000 conform-action set-dscp-transmit 56 exceed-action drop
AgId=0 [ pol3 ]
ag3 32000 32000 conform-action set-dscp-transmit 34 exceed-action drop
In the output, the following applies:

• The AgId parameter displays the hardware-policer ID and is nonzero if assigned.
• The policy maps using the policer, if any, are listed in the square brackets ([]).
• If there are no policies using the policer, no AgId line is displayed.
• If the policer is referred to in policy maps, but has not been defined, [undefined] is displayed.

QOS-964

mls qos Defines a named aggregate policer for use in policy maps.
aggregate-policer

QOS-965
show mls qos free-agram

To display the number of free aggregate RAM indexes on the switch processor and the Distributed
Forwarding Cards (DFCs), use the show mls qos free-agram command in EXEC mode.
Command Modes EXEC

12.2(18)SXD Support for this command was introduced on the Supervisor Engine 720
and the Supervisor Engine 2.
Examples This example shows how to display the number of free aggregate RAM indexes on the switch processor
and the DFCs:
Router# show mls qos free-agram
Total Number of Available AG RAM indices : 1023
Module [1]
Free AGIDs : 1023
Module [6]
Free AGIDs : 1023

QOS-966
show mls qos mpls
show mls qos mpls

To display an interface summary for Multiprotocol Label Switching (MPLS) quality of service (QoS) classes
in policy maps, use the show mls qos mpls command in user EXEC or privileged EXEC mode.
show mls qos mpls [interface-type interface-number | module slot]
Syntax Description interface-type (Optional) Interface type; valid values are the following:
interface-number
• fastethernet
• gigabitethernet
• tengigabitethernet.
(Optional) Module and port number; see the “Usage Guidelines” section
for valid values.
module slot (Optional) Specifies the module slot number.

Privileged EXEC

12.2(17a)SX This command was introduced on the Supervisor Engine 720.

Examples The following example shows an interface summary for MPLS QoS classes in policy maps:
Router# show mls qos mpls
QoS Summary [MPLS]: (* - shared aggregates, Mod - switch module)

Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By
Id Id
------------------------------------------------------------------------------------------
----------------------------
Fa3/38 5 In exp2 0 1 dscp 0 378900 0
Fa3/41 5 In exp4 0 3 dscp 0 0 0
All 5 - Default 0 0* No 0 1191011240 0

QOS-967
show mls qos mpls
Table 146 show mls qos mpls Field Descriptions
Field Description
QoS Summary [MPLS]: (* - shared Shows if there are any shared aggregate policers, indicated
aggregates, Mod - switch module) by *, and the type of module.
Int Mod Dir Class-map DSCP Agg Trust Provides the column headings for the following lines in the
Fl AgForward-By AgPoliced-By display. These include interface name and number, module
number, direction, class-map name, and DSCP value.
Fa3/38 5 In exp2 0 1 dscp 0 378900 0 Provides the following information:
• Fa3/38—Interface name and number.
• 5—Module number in the chassis.
• In—Direction of the policy applied (In = ingress).
• exp2—Class map configured in the policy.
• 0—Differentiated Services Code Point (DSCP) value.
• 1—Policer ID assigned to that class map.
• dscp—Trust value configured on the port. In this
example, the value is trusting on DSCP.
• 0—The flow ID if the flow policer is configured.
• 378900—The aggregate forwarded bytes, meaning the
forwarded traffic.
• 0—The aggregate policed bytes, meaning this traffic
has been subjected to policing.
All 5 - Default 0 0* No 0 1191011240 0 The total of the preceding lines including the aggregate
forwarded and aggregate policed bytes.

mls qos exp-mutation Attaches an egress-EXP mutation map to the interface.
mls qos map exp-dscp Defines the ingress EXP value to the internal DSCP map.
mls qos map Maps a packet’s EXP to a new EXP value.
exp-mutation

QOS-968
show mls qos protocol
show mls qos protocol

To display protocol pass-through information, use the show mls qos protocol command in EXEC mode.
show mls qos protocol [module number]
Syntax Description module number (Optional) Specifies the module number.
Command Modes EXEC

12.2(18)SXE Support for this command was introduced on the Supervisor Engine 2 but
does not support Address Resolution Protocol (ARP), Integrated
Intermediate System-to-Intermediate System (IS-IS), or Enhanced Interior
Gateway Routing Protocol (EIGRP).
Support for neighbor discovery protocol packets was added on the
Examples This example shows how to display protocol pass-through information:

Router# show mls qos protocol
RIP : Passthru mode

OSPF : Passthru mode
ND : Policing mode Cir = 32000 Burst = 1000
----- Module [5] -----
Routing protocol RIP is using AgId 0*
Routing protocol OSPF is using AgId 0*
Routing protocol ND is using AgId 1
----- Module [6] -----
Routing protocol RIP is using AgId 0*
Routing protocol OSPF is using AgId 0*

mls qos protocol Defines the routing-protocol packet policing.

QOS-969
show mls qos statistics-export info

To display information about the multilayer switching (MLS)-statistics data-export status and
configuration, use the show mls qos statistics-export info command in EXEC mode
Command Modes EXEC

Usage Guidelines Quality of service (QoS)-statistics data export is not supported on Optical Service Module (OSM)
interfaces.
Examples This example shows how to display information about the MLS-statistics data-export status and
configuration:
Router# show mls qos statistics-export info
QoS Statistics Data Export Status and Configuration information

---------------------------------------------------------------
Export Status : enabled
Export Interval : 250 seconds
Export Delimiter : @
Export Destination : 172.20.52.3, UDP port 514 Facility local6, Severity debug
QoS Statistics Data Export is enabled on following ports:

---------------------------------------------------------
FastEthernet5/24
QoS Statistics Data export is enabled on following shared aggregate policers:

-----------------------------------------------------------------------------
aggr1M
QoS Statistics Data Export is enabled on following class-maps:

---------------------------------------------------------------
class3

QOS-970

mls qos statistics-export Enables QoS-statistics data export globally.
(global configuration)
mls qos statistics-export Enables per-port QoS-statistics data export.
(interface configuration)
mls qos statistics-export Enables QoS-statistics data export on the named aggregate policer.
aggregate-policer
mls qos statistics-export Enables QoS-statistics data export for a class map.
class-map
mls qos statistics-export Sets the QoS-statistics data-export field delimiter.
delimiter
mls qos statistics-export Configures the QoS-statistics data-export destination host and UDP
destination port number.
mls qos statistics-export Specifies how often a port and/or aggregate-policer QoS-statistics data
interval is read and exported.

QOS-971
show platform qos policy-map

To display the type and number of policy maps that are configured on the router, use the show platform
qos policy-map command in privileged EXEC mode.

12.2(18)SXE This command was introduced for Cisco Catalyst 6500 series switches and
Usage Guidelines On Cisco Catalyst 6500 series switches and Cisco 7600 series routers, you cannot attach a quality of
service (QoS) policy map with match input vlan to an interface if you have already attached a QoS
policy map to a VLAN interface (a logical interface that has been created with the interface vlan
command). If you attempt to use both types of service policies, you must remove both types of service
policies before you can add the policy maps.
The show platform qos policy-map command shows whether the router is currently configured for
interface vlan and match input vlan service policies. It also shows the number of policy maps for each
type.
Examples The following example shows a router that has service policies configured only on VLAN interfaces:
Router# show platform qos policy-map
service policy configured on int vlan: TRUE

# of int vlan service policy instances: 3
match input vlan service policy configured: FALSE
# of match input vlan service policy instances: 0
The following example shows a router that has service policies configured on VLAN interfaces and that
has a service policy configured with match input vlan. In this configuration, you must remove all
service policies from their interfaces, and then configure only one type or another.
Router# show platform qos policy-map
service policy configured on int vlan: TRUE

# of int vlan service policy instances: 1
match input vlan service policy configured: TRUE
# of match input vlan service policy instances: 1

QOS-972
Table 147 describes each field shown in the show platform qos policy-map command:
Table 147 show platform qos policy-map Field Descriptions
Field Description
service policy Indicates whether any QoS policy maps are configured on VLAN interfaces.
configured on int vlan
# of int vlan service Number of QoS policy maps that are configured on VLAN interfaces.
policy instances
match input vlan service Indicates whether any QoS policy maps that use the match input vlan
policy configured command are configured on interfaces.
# of match input vlan Number of QoS policy maps using the match input vlan command that are
service policy instances configured on interfaces.

match input vlan Configures a class map to match incoming packets that have a specific
virtual local area network (VLAN) ID.
mls qos trust Sets the trusted state of an interface, to determine which incoming QoS field
policy-map router.

QOS-973
show policy-map
show policy-map
To display the configuration of all classes for a specified service policy map or of all classes for all
existing policy maps, use the show policy-map command in user EXEC or privileged EXEC mode.
show policy-map [policy-map]
Syntax Description policy-map (Optional) Name of the service policy map whose complete configuration is
to be displayed. The name can be a maximum of 40 characters.
Command Default All existing policy map configurations are displayed.

Privileged EXEC (#)

12.0(5)XE This command was incorporated into Cisco IOS Release 12.0(5)XE.
12.0(7)S This command was incorporated into Cisco IOS Release 12.0(7)S.
12.1(1)E This command was incorporated into Cisco IOS Release 12.1(1)E.
12.2(4)T This command was modified for two-rate traffic policing to display burst
parameters and associated actions.
feature and the Weighted Random Early Detection (WRED)—Explicit
Congestion Notification (ECN) feature.
12.2(13)T The following modifications were made:
• The output was modified for the Percentage-Based Policing and Shaping
feature.
• This command was modified as part of the Modular QoS CLI (MQC)
Unconditional Packet Discard feature. Traffic classes can now be
configured to discard packets belonging to a specified class.
• This command was modified for the Enhanced Packet Marking feature.
A mapping table (table map) can now be used to convert and propagate
12.2(15)T This command was modified to support display of Frame Relay
voice-adaptive traffic-shaping information.
12.0(28)S The output of this command was modified for the QoS: Percentage-Based
Policing feature to display the committed (conform) burst (bc) and excess
(peak) burst (be) sizes in milliseconds (ms).

QOS-974
show policy-map
command was modified to display information about Layer 2 Tunnel
Protocol Version 3 (L2TPv3) tunnel marking.
12.2(31)SB2 This command was enhanced to display bandwidth-remaining ratios
configured on traffic classes and ATM overhead accounting, and was
12.4(15)T2 This command was modified to display information about Generic Routing
Encapsulation (GRE) tunnel marking.
Note For this release, GRE-tunnel marking is supported on the
Cisco MGX Route Processor Module (RPM-XF) platform only.
12.2(33)SB This command was modified to display information about GRE-tunnel
marking, and support for the Cisco 7300 series router was added. This
command’s output was modified on the Cisco 10000 series router for the
PRE3 and PRE4.
Cisco IOS XE 2.1 This command was integrated into Cisco IOS XE Release 2.1 and was
Usage Guidelines The show policy-map command displays the configuration of a policy map created using the
policy-map command. You can use the show policy-map command to display all class configurations
comprising any existing service policy map, whether or not that policy map has been attached to an
interface. The command displays:
• ECN marking information only if ECN is enabled on the interface.
• Bandwidth-remaining ratio configuration and statistical information, if configured and used to
determine the amount of unused (excess) bandwidth to allocate to a class queue during periods of
congestion.

In Cisco IOS Release 12.2(33)SB, the output of the show policy-map command is slightly different from
previous releases when the policy is an hierarchical policy.
For example, in Cisco IOS Release 12.2(33)SB output similar to the following displays when you
specify a hierarchical policy in the show policy-map command:
Router# show policy-map Bronze
policy-map bronze
class class-default
In Cisco IOS Release 12.2(31)SB, output similar to the following displays when you specify a
hierarchical policy in the show policy-map command:
Router# show policy-map Gold
policy-map Gold

QOS-975
show policy-map
Class class-default
Average Rate Traffic Shaping
cir 34386000 (bps)
service-policy Child2
In Cisco IOS Release 12.2(33)SB, the output from the show policy-map command displays police
actions on separate lines as shown in the following sample output:
Router# show policy-map Premium
Policy Map Premium

Class P1
priority
police percent 50 25 ms 0 ms
conform-action transmit
exceed-action transmit
violate-action drop
In Cisco IOS Release 12.2(31)SB, the output from the show policy-map command displays police
actions on one line as shown in the following sample output:
Router# show policy-map Premium
Policy Map Premium

Class P2
priority
police percent 50 25 ms 0 ms conform-action transmit exceed-action transmit violate-
action drop
Examples This section provides sample output from typical show policy-map commands. Depending upon the
interface or platform in use and the options enabled (for example, Weighted Fair Queueing [WFQ]), the
output you see may vary slightly from the ones shown below.
• Weighted Fair Queueing: Example, page 977
• Frame Relay Voice-Adaptive Traffic-Shaping: Example, page 978
• Traffic Policing: Example, page 979
• Two-Rate Traffic Policing: Example, page 979
• Multiple Traffic Policing Actions: Example, page 980
• Explicit Congestion Notification: Example, page 981
• Modular QoS CLI (MQC) Unconditional Packet Discard: Example, page 982
• Percentage-Based Policing and Shaping: Example, page 982
• Enhanced Packet Marking: Example, page 984
• Bandwidth-Remaining Ratio: Example, page 984
• ATM Overhead Accounting: Example, page 985
• Tunnel Marking: Example, page 985
• HQF: Example 1, page 986
• HQF: Example 2, page 986

QOS-976
show policy-map
Weighted Fair Queueing: Example

The following example displays the contents of the service policy map called po1. In this example, WFQ
is enabled.
Router# show policy-map po1
Policy Map po1

Class class1
Bandwidth 937 (kbps) Max thresh 64 (packets)
Class class2
Class class3
Class class4
Class class5
Class class6
Class class7
Class class8
The following example displays the contents of all policy maps on the router. Again, WFQ is enabled.
Router# show policy-map
Policy Map poH1

Class class1
Class class2
Class class3
Class class4
Class class5
Class class6
Class class7
Class class8
Policy Map policy2
Class class1
Class class2
Class class3
Class class4
Class class5
Class class6

QOS-977
show policy-map
Table 148 show policy-map Field Descriptions—Configured for WFQ
Field Description
Policy Map Policy map name.
Class Class name.
Bandwidth Amount of bandwidth in kbps allocated to class.
Max thresh Maximum threshold in number of packets.
Frame Relay Voice-Adaptive Traffic-Shaping: Example

The following sample output for the show-policy map command indicates that Frame Relay
voice-adaptive traffic-shaping is configured in the class-default class in the policy map
“MQC-SHAPE-LLQ1” and that the deactivation timer is set to 30 seconds.
Policy Map VSD1

Class VOICE1
Strict Priority
Class SIGNALS1
Class DATA1
Policy Map MQC-SHAPE-LLQ1

Class class-default
Traffic Shaping
CIR 63000 (bps) Max. Buffers Limit 1000 (Packets)
Adapt to 8000 (bps)
Voice Adapt Deactivation Timer 30 Sec
service-policy VSD1

Table 149 show policy-map Field Descriptions—Configured for Frame Relay Voice-Adaptive
Traffic-Shaping
Field Description
Strict Priority Indicates the queueing priority assigned to the traffic in this class.
Burst Specifies the traffic burst size in bytes.
Traffic Shaping Indicates that Traffic Shaping is enabled.
Average Rate Traffic Shaping Indicates the type of Traffic Shaping enabled. Choices are Peak
Rate Traffic Shaping or Average Rate Traffic Shaping.
CIR Committed Information Rate (CIR) in bps.
Max. Buffers Limit Maximum memory buffer size in packets.

QOS-978
show policy-map
Table 149 show policy-map Field Descriptions—Configured for Frame Relay Voice-Adaptive
Traffic-Shaping (continued)
Field Description
Adapt to Traffic rate when shaping is active.
Voice Adapt Deactivation Timer Indicates that Frame Relay voice-adaptive traffic-shaping is
configured, and that the deactivation timer is set to 30 seconds.
service-policy Name of the service policy configured in the policy map
“MQC-SHAPE-LLQ1”.
Traffic Policing: Example

The following is sample output from the show policy-map command. This sample output displays the
contents of a policy map called “policy1.” In policy 1, traffic policing on the basis of a committed
information rate (CIR) of 20 percent has been configured, and the bc and be have been specified in
milliseconds. As part of the traffic policing configuration, optional conform, exceed, and violate actions
have been specified.
Policy Map policy1

Class class1
police cir percent 20 bc 300 ms pir percent 40 be 400 ms
exceed-action drop
violate-action drop
Table 150 show policy-map Field Descriptions—Configured for Traffic Policing
Field Description
Policy Map Name of policy map displayed.
Class Name of the class configured in the policy map displayed.
police Indicates that traffic policing on the basis of specified percentage of
bandwidth has been enabled. The committed burst (Bc) and excess burst
(Be) sizes have been specified in milliseconds (ms), and optional conform,
exceed, and violate actions have been specified.
Two-Rate Traffic Policing: Example

The following is sample output from the show policy-map command when two-rate traffic policing has
been configured. As shown below, two-rate traffic policing has been configured for a class called
“police.” In turn, the class called police has been configured in a policy map called “policy1.” Two-rate
traffic policing has been configured to limit traffic to an average committed rate of 500 kbps and a peak
rate of 1 Mbps.
Router(config)# class-map police
Router(config-pmap)# class police
Router(config-pmap-c)# interface serial3/0

QOS-979
show policy-map

The following sample output shows the contents of the policy map called “policy1”:
Policy Map policy1

Class police
police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked
as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent.
All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.
Table 151 show policy-map Field Descriptions—Configured for Two-Rate Traffic Policing
Field Description
police Indicates that the police command has been configured to enable traffic
policing. Also, displays the specified CIR, conform burst size (bc), peak
information rate (PIR), and peak burst (BE) size used for marking packets.
conform-action Displays the action to be taken on packets conforming to a specified rate.
exceed-action Displays the action to be taken on packets exceeding a specified rate.
violate-action Displays the action to be taken on packets violating a specified rate.
Multiple Traffic Policing Actions: Example

The following is sample output from the show policy-map command when the Policer
Enhancement—Multiple Actions feature has been configured. The following sample output from the
show policy-map command displays the configuration for a service policy called “police.” In this
service policy, traffic policing has been configured to allow multiple actions for packets marked as
conforming to, exceeding, or violating the CIR or the PIR shown in the example.
Router# show policy-map police
Policy Map police

Class class-default
police cir 1000000 bc 31250 pir 2000000 be 31250
exceed-action set-prec-transmit 4
exceed-action set-frde-transmit
violate-action set-prec-transmit 2
violate-action set-frde-transmit
Packets conforming to the specified CIR (1000000 bps) are marked as conforming packets. These are
transmitted unaltered.
Packets exceeding the specified CIR (but not the specified PIR, 2000000 bps) are marked as exceeding
packets. For these packets, the IP Precedence level is set to 4, the discard eligibility (DE) bit is set to 1,
and the packet is transmitted.
Packets exceeding the specified PIR are marked as violating packets. For these packets, the IP
Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted.

QOS-980
show policy-map
Note Actions are specified by using the action argument of the police command. For more information about
the available actions, see the police command reference page.
Table 152 show policy-map Field Descriptions—Configured for Multiple Traffic Policing Actions
Field Description
police Indicates that the police command has been configured to enable
traffic policing. Also, displays the specified CIR, BC, PIR, and BE
used for marking packets.
conform-action Displays the one or more actions to be taken on packets conforming
to a specified rate.
exceed-action Displays the one or more actions to be taken on packets exceeding
a specified rate.
violate-action Displays the one or more actions to be taken on packets violating a
specified rate.
Explicit Congestion Notification: Example

The following is sample output from the show policy-map command when the WRED—Explicit
Congestion Notification (ECN) feature has been configured. The words “explicit congestion
notification” (along with the ECN marking information) included in the output indicate that ECN has
been enabled.
Policy Map pol1

Class class-default
Bandwidth 70 (%)
exponential weight 9
explicit congestion notification
class min-threshold max-threshold mark-probability
----------------------------------------------------------
----------------------------------------------------------
0 - - 1/10
1 - - 1/10
2 - - 1/10
3 - - 1/10
4 - - 1/10
5 - - 1/10
6 - - 1/10
7 - - 1/10
rsvp - - 1/10

QOS-981
show policy-map
Table 153 show policy-map Field Descriptions—Configured for ECN
Field Description
explicit congestion notification Indication that Explicit Congestion Notification is enabled.
class IP precedence value.
min-threshold Minimum threshold. Minimum WRED threshold in number of
packets.
max-threshold Maximum threshold. Maximum WRED threshold in number of
packets.
mark-probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.
Modular QoS CLI (MQC) Unconditional Packet Discard: Example

The following example displays the contents of the policy map called “policy1.” All the packets
belonging to the class called “c1” are discarded.
Policy Map policy1

Class c1
drop
Table 154 show policy-map Field Descriptions—Configured for MQC Unconditional Packet
Discard
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
drop Indicates that the packet discarding action for all the packets belonging to
the specified class has been configured.
Percentage-Based Policing and Shaping: Example

The following example displays the contents of two service policy maps—one called “policy1” and one
called “policy2.” In policy1, traffic policing based on a CIR of 50 percent has been configured. In
policy 2, traffic shaping based on an average rate of 35 percent has been configured.
Policy Map policy1

class class1
police cir percent 50
Policy Map policy2

class class2
shape average percent 35

QOS-982
show policy-map
The following example displays the contents of the service policy map called “po1”:
Router# show policy-map po1
Policy Map po1

Class class1
Class class2
Class class3
Class class4
The following example displays the contents of all policy maps on the router:
Policy Map poH1

Class class1
Class class2
Class class3
Class class4
Policy Map policy2
Class class1
Class class2
Class class3
Class class4
Table 155 show policy-map Field Descriptions—Configured for Percentage-Based Policing and
Shaping
Field Description
Policy Map Name of policy map displayed.
Weighted Fair Queueing Indicates that weighted fair queueing (WFQ) has been enabled.
Class Name of class configured in policy map displayed.
Bandwidth Bandwidth, in kbps, configured for this class.
Max threshold Maximum threshold. Maximum WRED threshold in number of packets.

QOS-983
show policy-map
Enhanced Packet Marking: Example

The following sample output from the show policy-map command displays the configuration for policy
maps called “policy1” and “policy2”.
In “policy1”, a table map called “table-map-cos1” has been configured to determine the precedence
based on the class of service (CoS) value. Policy map “policy 1” converts and propagates the packet
markings defined in the table map called “table-map-cos1”.
The following sample output from the show policy-map command displays the configuration for service
polices called “policy1” and “policy2”. In “policy1”, a table map called “table-map1” has been
configured to determine the precedence according to the CoS value. In “policy2”, a table map called
“table-map2” has been configured to determine the CoS value according to the precedence value.
Policy Map policy1

Class class-default
set precedence cos table table-map1
Policy Map policy2

Class class-default
set cos precedence table table-map2
Table 156 show policy-map Field Descriptions—Configured for Enhanced Packet Marking
Field Description
set precedence cos table Name of the set command used to set the specified value.
table-map1 For instance, set precedence cos table-map1 indicates that a table
or map called “table-map1” has been configured to set the precedence
value on the basis of the values defined in the table map.
set cos precedence table
table-map2 Alternately, set cos table table-map2 indicates that a table map
called “table-map2” has been configured to set the CoS value on the
basis of the values defined in the table map.
Bandwidth-Remaining Ratio: Example

The following sample output for the show policy-map command indicates that the class-default class of
the policy map named vlan10_policy has a bandwidth-remaining ratio of 10. When congestion occurs,
the scheduler allocates class-default traffic 10 times the unused bandwidth allocated in relation to other
subinterfaces.
Router# show policy-map vlan10_policy
Policy Map vlan10_policy

Class class-default
cir 1000000 (bps)

QOS-984
show policy-map
Table 157 show policy-map Field Descriptions—Configured for Bandwidth-Remaining Ratio
Field Description
Average Rate Traffic Shaping Indicates that Average Rate Traffic Shaping is configured.
cir Committed information rate (CIR) used to shape traffic.
bandwidth remaining ratio Indicates the ratio used to allocate excess bandwidth.
ATM Overhead Accounting: Example

The following sample output for the show policy-map command indicates that ATM overhead
accounting is enabled for the class-default class. The BRAS-DSLAM encapsulation is dot1q and the
subscriber encapsulation is snap-rbe for the AAL5 service.
Policy Map unit-test
Class class-default
cir 10% account dot1q aal5 snap-rbe
Table 158 show policy-map Field Descriptions—Configured for ATM Overhead Accounting
Field Description
Average Rate Committed burst (Bc) is the maximum number of bits sent out in each
interval.
cir 10% Committed information rate (CIR) is 10 percent of the available interface
bandwidth.
dot1q BRAS-DSLAM encapsulation is 802.1Q VLAN.
aal5 DSLAM-CPE encapsulation type is based on the ATM Adaptation
Layer 5 service. AAL5 supports connection-oriented variable bit rate
(VBR) services.
snap-rbe Subscriber encapsulation type.
Tunnel Marking: Example

In this sample output of the show policy-map command, the character string “ip precedence tunnel 4”
indicates that tunnel marking (either L2TPv3 or GRE) has been configured to set the IP precedence value
to 4 in the header of a tunneled packet.
Note As of Cisco IOS Release 12.4(15)T2, GRE-tunnel marking is supported on the RPM-XF platform only.
Policy Map TUNNEL_MARKING

Class MATCH_FRDE
set ip precedence tunnel 4

QOS-985
show policy-map
Table 159 show policy-map Field Descriptions—Configured for Tunnel Marking
Field Description
set ip precedence tunnel Indicates that tunnel marking has been configured.
HQF: Example 1
The following sample output from the show policy-map command displays the configuration for a
policy map called “test1”:
Router# show policy-map test1
Policy Map test1

Class class-default
cir 1536000 (bps)
service-policy test2
Table 160 show policy-map Field Descriptions—Configured for HQF
Field Description
cir Committed information rate (CIR) in bps.
service-policy Name of the service policy configured in policy map “test1”.
HQF: Example 2
The following sample output from the show policy-map command displays the configuration for a
policy map called “test2”:
Router# show policy-map test2
Policy Map test2

Class RT
priority 20 (%)
Class BH
bandwidth 40 (%)
queue-limit 128 packets
Class BL
bandwidth 35 (%)
packet-based wred, exponential weight 9
dscp min-threshold max-threshold mark-probablity

----------------------------------------------------------
af21 (18) 100 400 1/10
default (0) - - 1/10

QOS-986
show policy-map
Table 161 show policy-map Field Descriptions—Configured for HQF
Field Description
priority Indicates the queueing priority percentage assigned to traffic in this
class.
bandwidth Indicates the bandwidth percentage allocated to traffic in this class.
queue-limit Indicates the queue limit in packets for this traffic class.
packet-based wred, exponential Indicates that random detect is being applied and the units used are
weight packets. Exponential weight is a factor for calculating the average
queue size used with WRED.
dscp Differentiated services code point (DSCP). Values can be the
following:
min-threshold Minimum threshold. Minimum WRED threshold in number of
packets.
max-threshold Maximum threshold. Maximum WRED threshold in number of
packets.
mark-probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.

to a policy map, and enables ATM overhead accounting.
bandwidth remaining ratio Specifies a bandwidth-remaining ratio for class queues and
subinterface-level queues to determine the amount of unused
(excess) bandwidth to allocate to the queue during congestion.
class (policy map) Specifies the name of the class whose policy you want to create or
class–map Creates a class map to be used for matching packets to a specified
class.
drop Configures a traffic class to discard packets belonging to a specific
class.
police (two rates) Configures traffic policing using two rates, the CIR and the PIR.

QOS-987
show policy-map
Command Description
random-detect ecn Enables ECN.
shape Shapes traffic to the indicated bit rate according to the algorithm
specified, and enables ATM overhead accounting.
show policy-map class Displays the configuration for the specified class of the specified
policy map.
show policy-map interface Displays the packet statistics of all classes that are configured for
all service policies either on the specified interface or subinterface
or on a specific PVC on the interface.
show running-config Displays the current configuration of the router. If configured, the
accounting.
show table-map Displays the configuration of a specified table map or of all table
maps.
table-map (value mapping) Creates and configures a mapping table for mapping and converting
one packet-marking value to another.

QOS-988
show policy-map class
show policy-map class

To display the configuration for the specified class of the specified policy map, use the show policy-map
class command in EXEC mode.
show policy-map policy-map class class-name
Syntax Description policy-map The name of a policy map that contains the class configuration to be
displayed.
class-name The name of the class whose configuration is to be displayed.
Command Modes EXEC

Usage Guidelines You can use the show policy-map class command to display any single class configuration for any
service policy map, whether or not the specified service policy map has been attached to an interface.
Examples The following example displays configurations for the class called class7 that belongs to the policy map
called po1:
Router# show policy-map po1 class class7
Class class7
Bandwidth 937 (kbps) Max Thresh 64 (packets)


QOS-989
show policy-map control-plane

To display the configuration and statistics for a traffic class or all traffic classes in the policy maps
attached to the control plane for aggregate or distributed control plane services, use the show
policy-map control-plane command in privileged EXEC mode.
Cisco 3660, 3800, 7200, 7400, and 7500 Series Routers
show policy-map control-plane [type policy-type] [all | slot slot-number] [host | transit |
cef-exception] [input [class class-name] | output [class class-name]]
show policy-map control-plane [all] [input [class class-name] | output [class class-name]]
Syntax Description type policy-type (Optional) Specifies policy-map type for which you want statistics (for
example, port-filter or queue-threshold).
all (Optional) Displays all QoS control plane policies used in aggregate and
distributed control plane (CP) services.
slot slot-number (Optional) Displays information about the quality of service (QoS) policy
used to perform distributed CP services on the specified line card.
host (Optional) Displays policy-map and class-map statistics for the host
subinterface.
transit (Optional) Displays policy-map and class-map statistics for the transit
subinterface.
cef-exception (Optional) Displays policy-map and class-map statistics for the
Cef-exception subinterface.
input (Optional) Displays statistics for the attached input policy.
output (Optional) Displays statistics for the attached output policy.
Note The output keyword is supported only in Cisco IOS
Release 12.3(4)T and later Cisco IOS 12.3T releases.
class class-name (Optional) Name of the class whose configuration and statistics are to be
displayed.
Command Default Information displays for all classes of the policy map of the control plane.

12.3(4)T This command was integrated into Cisco IOS Release 12.3(4)T, and support
for the output keyword was added.

QOS-990
12.0(30)S The slot slot-number parameter was added to support distributed CP
services.
12.4(4)T Support was added for the type policy-type keyword and argument
combination and for the host, transit, and cef-exception keywords.
Usage Guidelines The show policy-map control-plane command displays information for aggregate and distributed
control-plane policing services that manage the number or rate of control-plane (CP) packets sent to the
process level of the route processor.
Information for distributed control-plane service is displayed for a specified line card. Distributed CP
services are performed on a line card’s distributed switch engine and manage CP traffic sent from all
interfaces on the line card to the route processor, where aggregate CP services (for CP packets received
from all line cards on the router) are performed.
Examples The following example shows that the policy map TEST is associated with the control plane. This policy
map polices traffic that matches the class map TEST, while allowing all other traffic (that matches the
class map called “class-default”) to go through as is.
Router# show policy-map control-plane
Control Plane
Service-policy input:TEST
Class-map:TEST (match-all)
Match:access-group 101
police:
8000 bps, 1500 limit, 1500 extended limit
conformed 15 packets, 6210 bytes; action:transmit
exceeded 5 packets, 5070 bytes; action:drop
violated 0 packets, 0 bytes; action:drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Match:any
Table 162 show policy-map control-plane Field Descriptions
Field Description
Fields Associated with Classes or Service Policies
Service-policy input Name of the input service policy that is applied to the control
plane. (This field will also show the output service policy, if
configured.)

QOS-991
Table 162 show policy-map control-plane Field Descriptions (continued)
Field Description
Class-map Class of traffic being displayed. Traffic is displayed for each
configured class. The choice for implementing class matches
(for example, match-all or match-any) can also appear next to
the traffic class.
offered rate Rate, in kbps, at which packets are coming into the class.
drop rate Rate, in kbps, at which packets are dropped from the class.
The drop rate is calculated by subtracting the number of
successfully transmitted packets from the offered rate.
Match Match criteria for the specified class of traffic.
For more information about the variety of match criteria
options available, see the “Configuring the Modular Quality
of Service Command-Line Interface” chapter in the
Fields Associated with Traffic Policing
police Indicates that the police command has been configured to
enable traffic policing.
conformed Displays the action to be taken on packets that conform to a
specified rate. Displays the number of packets and bytes on
which the action was taken.
exceeded Displays the action to be taken on packets that exceed a
violated Displays the action to be taken on packets that violate a

control-plane Enters control-plane configuration mode to apply a QoS policy to police
traffic destined for the control plane.
service-policy Attaches a policy map to the control plane for aggregate or distributed
(control-plane) control-plane services.

QOS-992
show policy-map interface

To display the statistics and the configurations of the input and output policies that are attached to an
interface, use the show policy-map interface command in the appropriate EXEC mode.
Cisco 3660, 3845, 6500, 7200, 7400, 7500, and ASR 1000 Series Routers
show policy-map interface [type access-control] type number [vc [vpi/] vci] [dlci dlci]
[input | output]
ATM Shared Port Adapters
show policy-map interface slot/subslot/port[.subinterface]
show policy-map interface [interface-type interface-number | null interface-number |

vlan vlan-id] [input | output]
Syntax Description type access-control (Optional) Displays class maps configured to determine the exact pattern to
look for in the protocol stack of interest.
type Type of interface or subinterface whose policy configuration is to be
displayed.
number Port, connector, or interface card number.
vc (Optional) For ATM interfaces only, shows the policy configuration for a
specified PVC.
vpi/ (Optional) ATM network virtual path identifier (VPI) for this permanent
virtual circuit (PVC). On the Cisco 7200 and 7500 series routers, this value
ranges from 0 to 255.
cannot be 0.
The absence of both the forward slash (/) and a vpi value defaults the vpi
value to 0. If this value is omitted, information for all virtual circuits (VCs)
on the specified ATM interface or subinterface is displayed.
vci (Optional) ATM network virtual channel identifier (VCI) for this PVC. This
value ranges from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, the lower values 0 to 31 are
reserved for specific traffic (F4 Operation, Administration, and
Maintenance [OAM], switched virtual circuit [SVC] signaling, Integrated
Local Management Interface [ILMI], and so on) and should not be used.
cannot be 0.
dlci (Optional) Indicates a specific PVC for which policy configuration will be
displayed.

QOS-993
dlci (Optional) A specific data-link connection identifier (DLCI) number used

on the interface. Policy configuration for the corresponding PVC will be
displayed when a DLCI is specified.
input (Optional) Indicates that the statistics for the attached input policy will be
displayed.
output (Optional) Indicates that the statistics for the attached output policy will be
displayed.
slot (ATM shared port adapter only) Chassis slot number. See the appropriate
hardware manual for slot information. For SIPs, see the platform-specific
SPA hardware installation guide or the corresponding “Identifying Slots and
Subslots for SIPs and SPAs” topic in the platform-specific SPA software
configuration guide.
/subslot (ATM shared port adapter only) Secondary slot number on an SPA interface
processor (SIP) where a SPA is installed. See the platform-specific SPA
hardware installation guide and the corresponding “Specifying the Interface
Address on an SPA” topic in the platform-specific SPA software
configuration guide for subslot information.
/port (ATM shared port adapter only) Port or interface number. See the
appropriate hardware manual for port information. For SPAs, see the
corresponding “Specifying the Interface Address” topics in the
platform-specific SPA software configuration guide.
.subinterface (ATM shared port adapter only—Optional) Subinterface number. The
number that precedes the period must match the number to which this
subinterface belongs. The range is 1 to 4,294,967,293.
interface-type (Optional) Interface type; possible valid values are ethernet, fastethernet,
gigabitethernet, tengigabitethernet, pos, atm, and ge-wan.
interface-number (Optional) Module and port number; see the “Usage Guidelines” section for
valid values.
null interface-number (Optional) Specifies the null interface; the valid value is 0.
Command Default This command displays the packet statistics of all classes that are configured for all service policies on
the specified interface or subinterface or on a specific permanent virtual circuit (PVC) on the interface.
The absence of both the forward slash (/) and a vpi value defaults the vpi value to 0. If this value is
omitted, information for all virtual circuits (VCs) on the specified ATM interface or subinterface is
displayed.
ATM Shared Port Adapter

When used with the ATM shared port adapter, this command has no default behavior or values.
ATM Shared Port Adapter

When used with the ATM shared port adapter, user EXEC (>) or privileged EXEC (#).

QOS-994

12.0(28)S This command was modified for the QoS: Percentage-Based Policing feature
to include milliseconds when calculating the committed (conform) burst (bc)
and excess (peak) burst (be) sizes.
12.1(2)T This command was modified to display information about the policy for all
Frame Relay PVCs on the interface or, if a DLCI is specified, the policy for
that specific PVC. This command was also modified to display the total
number of packets marked by the quality of service (QoS) set action.
12.1(3)T This command was modified to display per-class accounting statistics.
12.2(4)T This command was modified for two-rate traffic policing. It now can display
burst parameters and associated actions.
feature and the WRED—Explicit Congestion Notification (ECN) feature.
For the Policer Enhancement—Multiple Actions feature, the command was
modified to display the multiple actions configured for packets conforming
to, exceeding, or violating a specific rate.
For the WRED—Explicit Congestion Notification (ECN) feature, the
command displays ECN marking information.
12.2(13)T The following modifications were made:
• This command was modified for the Percentage-Based Policing and
Shaping feature.
• This command was modified for the Class-Based RTP and TCP Header
Compression feature.
• This command was modified as part of the Modular QoS CLI (MQC)
Unconditional Packet Discard feature. Traffic classes in policy maps can
now be configured to discard packets belonging to a specified class.
• This command was modified to display the Frame Relay DLCI number
as a criterion for matching traffic inside a class map.
• This command was modified to display Layer 3 packet length as a
criterion for matching traffic inside a class map.
• This command was modified for the Enhanced Packet Marking feature.
A mapping table (table map) can now be used to convert and propagate
12.2(15)T This command was modified to display Frame Relay voice-adaptive
traffic-shaping information.
12.3(14)T This command was modified to display bandwidth estimation parameters.

QOS-995
12.2(18)SXE This command was integrated into Cisco IOS Release 12.2(18)SXE. This
command was modified to display aggregate WRED statistics for the ATM
shared port adapter. Note that changes were made to the syntax, defaults, and
command modes. These changes are labelled “ATM Shared Port Adapter.”
12.4(4)T The type access-control keywords were added to support flexible packet
matching.
following modifications were made:
• This command was modified to display either legacy (undistributed
processing) QoS or hierarchical queueing framework (HQF) parameters
on Frame Relay interfaces or PVCs.
• This command was modified to display information about Layer 2
Tunnel Protocol Version 3 (L2TPv3) tunnel marking.
12.2(31)SB2 The following modifications were made:
• This command was enhanced to display statistical information for each
level of priority service configured and information about
bandwidth-remaining ratios, and this command was implemented on the
Cisco 10000 series router for the PRE3.
• This command was modified to display statistics for matching packets
on the basis of VLAN identification numbers. As of Cisco IOS
Release 12.2(31)SB2, matching packets on the basis of VLAN
identification numbers is supported on Cisco 10000 series routers only.
12.4(15)T2 This command was modified to display information about Generic Routing
Encapsulation (GRE) tunnel marking.
Note As of this release, GRE-tunnel marking is supported on the
Cisco MGX Route Processor Module (RPM-XF) platform only.
12.2(33)SB This command was modified to display information about GRE-tunnel
marking, and support for the Cisco 7300 series router was added.
Cisco IOS XE 2.1 This command was integrated into Cisco IOS XE Release 2.1 and was
Usage Guidelines Cisco 3660, 3845, 6500, 7200, 7400, 7500, and ASR 1000 Series Routers
The show policy-map interface command displays the packet statistics for classes on the specified
interface or the specified PVC only if a service policy has been attached to the interface or the PVC.
The counters displayed after the show policy-map interface command is entered are updated only if
congestion is present on the interface.
The show policy-map interface command displays policy information about Frame Relay PVCs only
if Frame Relay Traffic Shaping (FRTS) is enabled on the interface.
The show policy-map interface command displays ECN marking information only if ECN is enabled
on the interface.

QOS-996
To determine if shaping is active with HQF, check the queue depth field of the “(queue depth/total
drops/no-buffer drops)” line in the show policy-map interface command output.

The pos, atm, and ge-wan keywords are not supported on Cisco 7600 series routers that are configured
Cisco 7600 series routers that are configured with a Supervisor Engine 2 display packet counters, and
Cisco 7600 series routers that are configured with a Supervisor Engine 720 display byte counters.
The output does not display policed-counter information; 0 is displayed in its place (for example,
0 packets, 0 bytes). To display dropped and forwarded policed-counter information, enter the show mls
qos command.
For OSM WAN interfaces only, if you configure policing within a policy map, the hardware counters are
displayed and the class-default counters are not displayed. If you do not configure policing within a
policy map, the class-default counters are displayed.
HQF
When you configure HQF, the show policy-map interface command displays additional fields that
include the differentiated services code point (DSCP) value, WRED statistics in bytes, transmitted
packets by WRED, and a counter that displays packets output/bytes output in each class.
Examples This section provides sample output from typical show policy-map interface commands. Depending
upon the interface or platform in use and the options enabled, the output you see may vary slightly from
the ones shown below.
• Weighted Fair Queueing (WFQ) on Serial Interface: Example, page 998
• Traffic Shaping on Serial Interface: Example, page 999
• Precedence-Based Aggregate WRED on ATM Shared Port Adapter: Example, page 1002
• DSCP-Based Aggregate WRED on ATM Shared Port Adapter: Example, page 1003
• Frame Relay Voice-Adaptive Traffic-Shaping: Example, page 1005
• Two-Rate Traffic Policing: Example, page 1005
• Multiple Traffic Policing Actions: Example, page 1006
• Explicit Congestion Notification: Example, page 1007
• Class-Based RTP and TCP Header Compression: Example, page 1009
• Modular QoS CLI (MQC) Unconditional Packet Discard: Example, page 1011
• Percentage-Based Policing and Shaping: Example, page 1012
• Traffic Shaping: Example, page 1013
• Packet Classification Based on Layer 3 Packet Length: Example, page 1015
• Enhanced Packet Marking: Example, page 1016
• Traffic Policing: Example, page 1017

QOS-997
• Formula for Calculating the CIR: Example, page 1018

• Formula for Calculating the PIR: Example, page 1018
• Formula for Calculating the Committed Burst (bc): Example, page 1019
• Formula for Calculating the Excess Burst (be): Example, page 1019
• Bandwidth Estimation: Example, page 1020
• Shaping with HQF Enabled: Example, page 1020
• Packets Matched on the Basis of VLAN ID Number: Example, page 1021
• Cisco 7600 Series Routers: Example, page 1022
• Multiple Priority Queues on Serial Interface: Example, page 1023
• Bandwidth-Remaining Ratios: Example, page 1024
• Tunnel Marking: Example, page 1025
• Traffic Shaping Overhead Accounting for ATM: Example, page 1026
• HQF: Example, page 1027
Weighted Fair Queueing (WFQ) on Serial Interface: Example

The following sample output of the show policy-map interface command displays the statistics for the
serial 3/1 interface, to which a service policy called mypolicy (configured as shown below) is attached.
Weighted fair queueing (WFQ) has been enabled on this interface. See Table 163 for an explanation of
the significant fields that commonly appear in the command output.
policy-map mypolicy
class voice
priority 128
class gold
bandwidth 100
class silver
bandwidth 80
random-detect
Router# show policy-map interface serial3/1 output
Serial3/1
Service-policy output: mypolicy
Class-map: voice (match-all)

0 packets, 0 bytes
Match: ip precedence 5
Strict Priority
Output Queue: Conversation 264
(total drops/bytes drops) 0/0
Class-map: gold (match-all)

0 packets, 0 bytes

QOS-998
Class-map: silver (match-all)

0 packets, 0 bytes
Bandwidth 80 (kbps)
exponential weight: 9
mean queue depth: 0
class Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 0/0 0/0 0/0 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 0/0 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10

0 packets, 0 bytes
Match: any
Traffic Shaping on Serial Interface: Example

The following sample output from the show policy-map interface command displays the statistics for
the serial 3/2 interface, to which a service policy called p1 (configured as shown below) is attached.
Traffic shaping has been enabled on this interface. See Table 163 for an explanation of the significant
fields that commonly appear in the command output.
policy-map p1
class c1
Router# show policy-map interface serial3/2 output
Serial3/2
Service-policy output: p1
Class-map: c1 (match-all)
0 packets, 0 bytes
Traffic Shaping
Target Byte Sustain Excess Interval Increment Adapt
Rate Limit bits/int bits/int (ms) (bytes) Active
320000 2000 8000 8000 25 1000 -
Queue Packets Bytes Packets Bytes Shaping

Depth Delayed Delayed Active
0 0 0 0 0 no

QOS-999

0 packets, 0 bytes
Match: any
Table 163 describes significant fields commonly shown in the displays. The fields in the table are
grouped according to the relevant QoS feature.
Table 163 show policy-map interface Field Descriptions1
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
packets and bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Note In distributed architecture platforms (such as the Cisco 7500 series platform), the value of the
transfer rate, calculated as the difference between the offered rate and the drop rate counters,
can sporadically deviate from the average by up to 20 percent or more. This can occur while
no corresponding burst is registered by independent traffic analyser equipment.
Match Match criteria specified for the class of traffic. Choices include criteria
such as IP precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the variety of match
criteria that are available, see the “Classifying Network Traffic” module

QOS-1000
Table 163 show policy-map interface Field Descriptions1 (continued)
Field Description
Fields Associated with Queueing (if Enabled)
Output Queue The weighted fair queueing (WFQ) conversation to which this class of
traffic is allocated.
Bandwidth Bandwidth, in either kbps or percentage, configured for this class and the
burst size.
pkts matched/bytes Number of packets (also shown in bytes) matching this class that were
matched placed in the queue. This number reflects the total number of matching
packets queued at any time. Packets matching this class are queued only
when congestion exists. If packets match the class but are never queued
because the network was not congested, those packets are not included in
this total. However, if process switching is in use, the number of packets
is always incremented even if the network is not congested.
depth/total Number of packets discarded for this class. No-buffer indicates that no
drops/no-buffer drops memory buffer exists to service the packet.
Fields Associated with Weighted Random Early Detection (WRED) (if Enabled)
exponential weight Exponent used in the average queue size calculation for a WRED
parameter group.
mean queue depth Average queue depth based on the actual queue depth on the interface and
the exponential weighting constant. It is a fluctuating average. The
minimum and maximum thresholds are compared against this value to
determine drop decisions.
class IP precedence level.
Transmitted pkts/bytes Number of packets (also shown in bytes) passed through WRED and not
dropped by WRED.
Note If there is insufficient memory in the buffer to accommodate the
packet, the packet can be dropped after the packet passes through
WRED. Packets dropped because of insufficient memory in the
buffer (sometimes referred to as “no-buffer drops”) are not taken
into account by the WRED packet counter.
Random drop pkts/bytes Number of packets (also shown in bytes) randomly dropped when the
mean queue depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence level.
Tail drop pkts/bytes Number of packets dropped when the mean queue depth is greater than the
Minimum thresh Minimum threshold. Minimum WRED threshold in number of packets.
Maximum thresh Maximum threshold. Maximum WRED threshold in number of packets.
Mark prob Mark probability. Fraction of packets dropped when the average queue
depth is at the maximum threshold.

QOS-1001
Table 163 show policy-map interface Field Descriptions1 (continued)
Field Description
Fields Associated with Traffic Shaping (if Enabled)
Target Rate Rate used for shaping traffic.
Byte Limit Maximum number of bytes that can be transmitted per interval. Calculated
as follows:
((Bc+Be) /8) x 1
Sustain bits/int Committed burst (Bc) rate.
Excess bits/int Excess burst (Be) rate.
Interval (ms) Time interval value in milliseconds (ms).
Increment (bytes) Number of credits (in bytes) received in the token bucket of the traffic
shaper during each time interval.
Queue Depth Current queue depth of the traffic shaper.
Packets Total number of packets that have entered the traffic shaper system.
Bytes Total number of bytes that have entered the traffic shaper system.
Packets Delayed Total number of packets delayed in the queue of the traffic shaper before
being transmitted.
Bytes Delayed Total number of bytes delayed in the queue of the traffic shaper before
being transmitted.
Shaping Active Indicates whether the traffic shaper is active. For example, if a traffic
shaper is active, and the traffic being sent exceeds the traffic shaping rate,
a “yes” appears in this field.
1. A number in parentheses may appear next to the service-policy output name, class-map name, and match criteria
information. The number is for Cisco internal use only and can be disregarded.
Precedence-Based Aggregate WRED on ATM Shared Port Adapter: Example

ATM shared port adapter interface 4/1/0.10, to which a service policy called prec-aggr-wred (configured
as shown below) is attached. Because aggregate WRED has been enabled on this interface, the class
through Mark Prob statistics are aggregated by subclasses. See Table 164 for an explanation of the
significant fields that commonly appear in the command output.
Router(config)# policy-map prec-aggr-wred
Router(config-pmap-c)# random-detect aggregate
Router(config-pmap-c)# random-detect precedence values 0 1 2 3 minimum thresh 10
Router(config-pmap-c)# random-detect precedence values 4 5 minimum-thresh 40
600 mark-prob 10
700 mark-prob 10

QOS-1002

Router(config-if)# service-policy output prec-aggr-wred
Router# show policy-map interface atm4/1/0.10
ATM4/1/0.10: VC 10/110 -
Service-policy output: prec-aggr-wred

0 packets, 0 bytes
Match: any
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0
pkts/bytespkts/bytespkts/bytesthreshthreshprob
0 1 2 3 0/0 0/0 0/0 10 100 1/10

4 5 0/0 0/0 0/0 40 400 1/10
6 0/0 0/0 0/0 60 600 1/10
7 0/0 0/0 0/0 70 700 1/10
DSCP-Based Aggregate WRED on ATM Shared Port Adapter: Example

ATM shared port adapter interface 4/1/0.11, to which a service policy called dscp-aggr-wred (configured
as shown below) is attached. Because aggregate WRED has been enabled on this interface, the class
through Mark Prob statistics are aggregated by subclasses. See Table 164 for an explanation of the
significant fields that commonly appear in the command output.
10 mark-prob 10
Router(config-pmap-c)# random-detect dscp values 0 1 2 3 4 5 6 7 minimum-thresh 10
Router(config-pmap-c)# random-detect dscp values 8 9 10 11 minimum-thresh 10
Router# show policy-map interface atm4/1/0.11
ATM4/1/0.11: VC 11/101 -
Service-policy output: dscp-aggr-wred

0 packets, 0 bytes

QOS-1003
Match: any
Mean queue depth: 0
pkts/bytespkts/bytespkts/bytesthreshthreshprob
default 0/0 0/0 0/0 1 10 1/10
0 1 2 3
4 5 6 7 0/0 0/0 0/0 10 20 1/10
8 9 10 11 0/0 0/0 0/0 10 40 1/10
Table 164 describes the significant fields shown in the display when aggregate WRED is configured for
an ATM shared port adapter.
Table 164 show policy-map interface Field Descriptions—Configured for Aggregate WRED on ATM
Shared Port Adapter
Field Description
exponential weight Exponent used in the average queue size calculation for a Weighted
Random Early Detection (WRED) parameter group.
Note When Aggregate Weighted Random Early Detection (WRED) is enabled, the following
WRED statistics will be aggregated based on their subclass (either their IP precedence or
differentiated services code point (DSCP) value).
class IP precedence level or differentiated services code point (DSCP) value.
dropped by WRED.
maximum threshold value for the specified IP precedence level or DSCP
value.
maximum threshold value for the specified IP precedence level or DSCP
value.

QOS-1004
Frame Relay Voice-Adaptive Traffic-Shaping: Example

The following sample output shows that Frame Relay voice-adaptive traffic shaping is currently active
and has 29 seconds left on the deactivation timer. With traffic shaping active and the deactivation time
set, this means that the current sending rate on DLCI 201 is minCIR, but if no voice packets are detected
for 29 seconds, the sending rate will increase to CIR.
Router# show policy interface Serial3/1.1
Serial3/1.1:DLCI 201 -
Service-policy output:MQC-SHAPE-LLQ1
Match:any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
63000/63000 1890 7560 7560 120 945
Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active
BECN 0 1434 162991 26 2704 yes
Voice Adaptive Shaping active, time left 29 secs
Table 165 describes the significant fields shown in the display. Significant fields that are not described
in Table 165 are described in Table 163, “show policy-map interface Field Descriptions.”
Table 165 show policy-map interface Field Descriptions—Configured for Frame Relay Voice-Adaptive
Traffic Shaping
Field Description
Voice Adaptive Shaping Indicates whether Frame Relay voice-adaptive traffic shaping is active or
active/inactive inactive.
time left Number of seconds left on the Frame Relay voice-adaptive traffic shaping
deactivation timer.
Two-Rate Traffic Policing: Example

The following is sample output from the show policy-map interface command when two-rate traffic
policing has been configured. In the example below, 1.25 Mbps of traffic is sent (“offered”) to a policer
class.
Serial3/0
Class-map: police (match all)

police:
cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
violated 29731 packets, 7313826 bytes; action: drop
conformed 499000 bps, exceed 500000 bps violate 249000 bps

QOS-1005

30 seconds offered rate 0 bps, drop rate 0 bps
Match: any
The two-rate traffic policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding,
and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is,
and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as
violating the specified rate are dropped.
Table 166 show policy-map interface Field Descriptions—Configured for Two-Rate Traffic Policing
Field Description
police Indicates that the police command has been configured to enable traffic policing.
Also, displays the specified CIR, conform burst size, peak information rate (PIR),
and peak burst size used for marking packets.
conformed Displays the action to be taken on packets conforming to a specified rate. Displays
the number of packets and bytes on which the action was taken.
exceeded Displays the action to be taken on packets exceeding a specified rate. Displays the
number of packets and bytes on which the action was taken.
violated Displays the action to be taken on packets violating a specified rate. Displays the
number of packets and bytes on which the action was taken.
Multiple Traffic Policing Actions: Example

The following is sample output from the show policy-map command when the Policer
Enhancement—Multiple Actions feature has been configured. The sample output from the show
policy-map interface command displays the statistics for the serial 3/2 interface, to which a service
policy called “police” (configured as shown below) is attached.
policy-map police
class class-default
police cir 1000000 pir 2000000
exceed-action set-prec-transmit 4
exceed-action set-frde-transmit
violate-action set-prec-transmit 2
violate-action set-frde-transmit
Serial3/2: DLCI 100 -
Service-policy output: police

Match: any
police:
cir 1000000 bps, bc 31250 bytes, pir 2000000 bps, be 31250 bytes
conformed 59679 packets, 14680670 bytes; actions:
transmit
exceeded 59549 packets, 14649054 bytes; actions:
set-prec-transmit 4
set-frde-transmit

QOS-1006
violated 53758 packets, 13224468 bytes; actions:

set-prec-transmit 2
set-frde-transmit
The sample output from show policy-map interface command shows the following:
• 59679 packets were marked as conforming packets (that is, packets conforming to the CIR) and were
transmitted unaltered.
• 59549 packets were marked as exceeding packets (that is, packets exceeding the CIR but not
exceeding the PIR). Therefore, the IP Precedence value of these packets was changed to an IP
Precedence level of 4, the discard eligibility (DE) bit was set to 1, and the packets were transmitted
with these changes.
• 53758 packets were marked as violating packets (that is, exceeding the PIR). Therefore, the IP
Precedence value of these packets was changed to an IP Precedence level of 2, the DE bit was set
to 1, and the packets were transmitted with these changes.
Note Actions are specified by using the action argument of the police command. For more information about
the available actions, see the police command reference page.
Table 167 show policy-map interface Field Descriptions—Configured for Multiple Traffic Policing
Actions
Field Description
policing. Also, displays the specified CIR, conform burst size (BC), PIR,
and peak burst size (BE) used for marking packets.
conformed, packets, Displays the number of packets (also shown in bytes) marked as
bytes, actions conforming to a specified rate and the actions taken on the packet. If there
are multiple actions, each action is listed separately.
exceeded, packets, bytes, Displays the number of packets (also shown in bytes) marked as
actions exceeding a specified rate and the actions taken on the packet. If there are
multiple actions, each action is listed separately.
violated, packets, bytes, Displays the number of packets (also shown in bytes) marked as violating
actions a specified rate and the actions taken on the packet. If there are multiple
actions, each action is listed separately.
Explicit Congestion Notification: Example

The following is sample output from the show policy-map interface command when the WRED —
Explicit Congestion Notification (ECN) feature has been configured. The words “explicit congestion
notification” included in the output indicate that ECN has been enabled.
Router# show policy-map interface Serial4/1
Serial4/1
Service-policy output:policy_ecn
Class-map:prec1 (match-all)

QOS-1007
Match:ip precedence 1
Bandwidth 20 (%)
Bandwidth 100 (kbps)
exponential weight:9
explicit congestion notification
mean queue depth:0

pkts/bytes pkts/bytes pkts/bytes threshold threshold probability
0 0/0 0/0 0/0 20 40 1/10
1 545/68125 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 0/0 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
class ECN Mark
pkts/bytes
0 0/0
1 43/5375
2 0/0
3 0/0
4 0/0
5 0/0
6 0/0
7 0/0
rsvp 0/0
Table 168 show policy-map interface Field Descriptions—Configured for ECN
Field Description
explicit congestion Indication that Explicit Congestion Notification is enabled.
notification
the exponential weighting constant. It is a moving average. The minimum
and maximum thresholds are compared against this value to determine
drop decisions.
class IP precedence value.
dropped by WRED.
maximum threshold value for the specified IP precedence value.

QOS-1008
Table 168 show policy-map interface Field Descriptions—Configured for ECN (continued)
Field Description
maximum threshold value for the specified IP precedence value.
Minimum threshold Minimum WRED threshold in number of packets.
Maximum threshold Maximum WRED threshold in number of packets.
Mark probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.
ECN Mark pkts/bytes Number of packets (also shown in bytes) marked by ECN.
Class-Based RTP and TCP Header Compression: Example

The following sample output from the show policy-map interface command shows the RTP header
compression has been configured for a class called “prec2” in the policy map called “p1”.
The show policy-map interface command output displays the type of header compression configured
(RTP), the interface to which the policy map called “p1” is attached (Serial 4/1), the total number of
packets, the number of packets compressed, the number of packets saved, the number of packets sent,
and the rate at which the packets were compressed (in bits per second (bps)).
In this example, User Datagram Protocol (UDP)/RTP header compressions have been configured, and
the compression statistics are included at the end of the display.
Serial4/1
Service-policy output:p1
Match:any
compress:
header ip rtp
UDP/RTP Compression:
Sent:1000 total, 999 compressed,
rate 5000 bps
Table 169 show policy-map interface Field Descriptions—Configured for Class-Based RTP and TCP
Header Compression1
Field Description
packets, bytes Number of packets (also shown in bytes) identified as belonging to the

QOS-1009
Table 169 show policy-map interface Field Descriptions—Configured for Class-Based RTP and TCP
Header Compression1 (continued)
Field Description
UDP/RTP Compression Indicates that RTP header compression has been configured for the class.
Sent total Count of every packet sent, both compressed packets and full-header
packets.
Sent compressed Count of number of compressed packets sent.
bytes saved Total number of bytes saved (that is, bytes not needing to be sent).
bytes sent Total number of bytes sent for both compressed and full-header packets.
efficiency improvement The percentage of increased bandwidth efficiency as a result of header
factor compression. For example, with RTP streams, the efficiency improvement
factor can be as much as 2.9 (or 290 percent).
hit ratio Used mainly for troubleshooting purposes, this is the percentage of
packets found in the context database. In most instances, this percentage
should be high.
five minute miss rate The number of new traffic flows found in the last five minutes.
misses/sec The average number of new traffic flows found per second, and the highest
max rate of new traffic flows to date.
rate The actual traffic rate (in bits per second) after the packets are
compressed.
1. A number in parentheses may appear next to the service-policy output name and the class-map name. The number is for
Cisco internal use only and can be disregarded.

QOS-1010
Modular QoS CLI (MQC) Unconditional Packet Discard: Example

The following sample output from the show policy-map interface command displays the statistics for
the Serial2/0 interface, to which a policy map called “policy1” is attached. The discarding action has
been specified for all the packets belonging to a class called “c1.” In this example, 32000 bps of traffic
is sent (“offered”) to the class and all of them are dropped. Therefore, the drop rate shows 32000 bps.
Serial2/0
drop
Table 170 show policy-map interface Field Descriptions—Configured for MQC Unconditional Packet
Discard1
Field Description

QOS-1011
Table 170 show policy-map interface Field Descriptions—Configured for MQC Unconditional Packet
Discard1 (continued)
Field Description
Note In distributed architecture platforms (such as the Cisco 7500), the value of the tranfer rate,
calculated as the difference between the offered rate and the drop rate counters, can
sporadically diviate from the average by up to 20 percent or more. This can occur while no
corresponding burst is registered by independent traffic analyser equipment.
such as the Layer 3 packet length, IP precedence, IP DSCP value, MPLS
experimental value, access groups, and QoS groups. For more information
about the variety of match criteria that are available, see the “Classifying
Network Traffic” module in the Cisco IOS Quality of Service Solutions
drop Indicates that the packet discarding action for all the packets belonging to
the specified class has been configured.
Percentage-Based Policing and Shaping: Example

The following sample output from the show policy-map interface command shows traffic policing
configured using a CIR based on a bandwidth of 20 percent. The CIR and committed burst (Bc) in
milliseconds (ms) are included in the display.
Serial3/1
Service-policy output: mypolicy
Class-map: gold (match-any)

0 packets, 0 bytes
Match: any
police:
cir 20 % bc 10 ms
cir 2000000 bps, bc 2500 bytes
pir 40 % be 20 ms
pir 4000000 bps, be 10000 bytes
transmit
drop
drop

QOS-1012
Table 171 show policy-map interface Field Descriptions—Configured for Percentage-Based Policing
and Shaping1
Field Description
police Indicates that traffic policing based on a percentage of bandwidth has been
enabled. Also, displays the bandwidth percentage, the CIR, and the
committed burst (Bc) size in ms.
conformed, actions Displays the number of packets and bytes marked as conforming to the
specified rates, and the action to be taken on those packets.
exceeded, actions Displays the number of packets and bytes marked as exceeding the
specified rates, and the action to be taken on those packets.
Traffic Shaping: Example

The following sample output from the show policy-map interface command (shown below) displays the
statistics for the serial 3/2 interface. Traffic shaping has been enabled on this interface, and an average
rate of 20 percent of the bandwidth has been specified.
Serial3/2
Service-policy output: p1
0 packets, 0 bytes
Match: any

QOS-1013
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment Adapt
Rate Limit bits/int bits/int (ms) (bytes) Active
20 % 10 (ms) 20 (ms)
201500/201500 1952 7808 7808 38 976 -
Queue Packets Bytes Packets Bytes Shaping

Depth Delayed Delayed Active
0 0 0 0 0 no
and Shaping (with Traffic Shaping Enabled)1
Field Description
experimental value, access groups, and quality of service (QoS) groups.
For more information about the variety of match criteria that are available,
see the “Classifying Network Traffic” module in the Cisco IOS Quality of
Service Solutions Configuration Guide.
Traffic Shaping Indicates that traffic shaping based on a percentage of bandwidth has been
enabled.
Target/Average Rate Rate (percentage) used for shaping traffic and the number of packets
meeting that rate.

QOS-1014
and Shaping (with Traffic Shaping Enabled)1 (continued)
Field Description
as follows:
((Bc+Be) /8 ) x 1
Adapt Active Indicates whether adaptive shaping is enabled.
being transmitted.
being transmitted.
Packet Classification Based on Layer 3 Packet Length: Example

The following sample output from the show policy-map interface command displays the packet
statistics for the Ethernet4/1 interface, to which a service policy called “mypolicy” is attached. The
Layer 3 packet length has been specified as a match criterion for the traffic in the class called “class1”.
Router# show policy-map interface Ethernet4/1
Ethernet4/1
Service-policy input: mypolicy
Class-map: class1 (match-all)

Match: packet length min 100 max 300
QoS Set
qos-group 20
Packets marked 500

QOS-1015
Table 173 show policy-map interface Field Descriptions—Configured for Packet Classification Based
on Layer 3 Packet Length1
Field Description
Service-policy input Name of the input service policy applied to the specified interface or VC.
experimental value, access groups, and QoS groups.
QoS Set, qos-group, Indicates that class-based packet marking based on the QoS group has
Packets marked been configured. Includes the qos-group number and the number of
packets marked.
1. A number in parentheses may appear next to the service-policy input name, class-map name, and match criteria information.
The number is for Cisco internal use only and can be disregarded.
Enhanced Packet Marking: Example

The following sample output of the show policy-map interface command shows the service policies
attached to a FastEthernet subinterface. In this example, a service policy called “policy1” has been
attached. In “policy1”, a table map called “table-map1” has been configured. The values in “table-map1”
will be used to map the precedence values to the corresponding class of service (CoS) values.
Router# show policy-map interface
FastEthernet1/0.1
Service-policy input: policy1

QOS-1016

0 packets, 0 bytes
Match: any
QoS Set
precedence cos table table-map1
Packets marked 0
Table 174 show policy-map interface Field Descriptions—Configured for Enhanced Packet Marking1
Field Description
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
offered rate Rate, in kbps, of the packets coming into the class.
such as Precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental value, access
groups, and quality of service (QoS) group (set). For more information
QoS Set Indicates that QoS group (set) has been configured for the particular class.
precedence cos table Indicates that a table map (called “table-map1”) has been used to
table-map1 determine the precedence value. The precedence value will be set
according to the CoS value defined in the table map.
Packets marked Total number of packets marked for the particular class.
1. A number in parentheses may appear next to the service-policy input name and the class-map name. The number is for Cisco
Traffic Policing: Example

The following is sample output from the show policy-map interface command. This sample displays
the statistics for the serial 2/0 interface on which traffic policing has been enabled. The committed
(conform) burst (bc) and excess (peak) burst (be) are specified in milliseconds (ms).
Serial2/0
Service-policy output: policy1 (1050)
Class-map: class1 (match-all) (1051/1)

0 packets, 0 bytes
Match: ip precedence 0 (1052)
police:
cir 20 % bc 300 ms

QOS-1017
pir 40 % be 400 ms
transmit
drop
drop
Class-map: class-default (match-any) (1054/0)

0 packets, 0 bytes
Match: any (1055)
0 packets, 0 bytes
5 minute rate 0 bps
In this example, the CIR and PIR are displayed in bps, and both the committed burst (bc) and excess
burst (be) are displayed in bits.
The CIR, PIR bc, and be are calculated on the basis of the formulas described below.
Formula for Calculating the CIR: Example

When calculating the CIR, the following formula is used:
• CIR percentage specified (as shown in the output from the show policy-map command) *
bandwidth (BW) of the interface (as shown in the output from the show interfaces command) = total
bits per second
According to the output from the show interfaces command for the serial 2/0 interface, the interface has
a bandwidth (BW) of 2048 kbps.
Router# show interfaces serial2/0
Serial2/0 is administratively down, line protocol is down

Hardware is M4T
MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, rely 255/255, load 1/255
The following values are used for calculating the CIR:

20 % * 2048 kbps = 409600 bps
Formula for Calculating the PIR: Example

When calculating the PIR, the following formula is used:
• PIR percentage specified (as shown in the output from the show policy-map command) * bandwidth
(BW) of the interface (as shown in the output from the show interfaces command) = total bits per
second
According to the output from the show interfaces command for the serial 2/0 interface, the interface has
a bandwidth (BW) of 2048 kbps.
Router# show interfaces serial2/0
Serial2/0 is administratively down, line protocol is down

Hardware is M4T
MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, rely 255/255, load 1/255
The following values are used for calculating the PIR:

40 % * 2048 kbps = 819200 bps

QOS-1018
Note Discrepancies between this total and the total shown in the output from the show policy-map
interface command can be attributed to a rounding calculation or to differences associated with
the specific interface configuration.
Formula for Calculating the Committed Burst (bc): Example

When calculating the bc, the following formula is used:
• The bc in milliseconds (as shown in the show policy-map command) * the CIR in bits per seconds
= total number bytes
The following values are used for calculating the bc:
300 ms * 409600 bps = 15360 bytes
Formula for Calculating the Excess Burst (be): Example

When calculating the bc and the be, the following formula is used:
• The be in milliseconds (as shown in the show policy-map command) * the PIR in bits per seconds
= total number bytes
The following values are used for calculating the be:
400 ms * 819200 bps = 40960 bytes
Table 175 show policy-map interface Field Descriptions
Field Description
Class-map Class of traffic being displayed. Output is displayed for each configured class
in the policy. The choice for implementing class matches (for example,
match-all or match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as belonging to the class of
traffic being displayed.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate is
calculated by subtracting the number of successfully transmitted packets from
the offered rate.
Match Match criteria specified for the class of traffic. Choices include criteria such as
the Layer 3 packet length, IP precedence, IP differentiated services code point
(DSCP) value, Multiprotocol Label Switching (MPLS) experimental value,
access groups, and quality of service (QoS) groups. For more information
police Indicates that traffic policing has been enabled. Display includes the CIR, PIR
(in both a percentage of bandwidth and in bps) and the bc and be in bytes and
milliseconds. Also displays the optional conform, exceed, and violate actions,
if any, and the statistics associated with these optional actions.

QOS-1019
Bandwidth Estimation: Example

The following sample output from the show policy-map interface command displays statistics for the
Fast Ethernet 0/1 interface on which bandwidth estimates for quality of service (QoS) targets have been
generated.
The Bandwidth Estimation section indicates that bandwidth estimates for QoS targets have been defined.
These targets include the packet loss rate, the packet delay rate, and the timeframe in milliseconds.
Confidence refers to the drop-one-in value (as a percentage) of the targets. Corvil Bandwidth means the
bandwidth estimate in kilobits per second.
When no drop or delay targets are specified, “none specified, falling back to drop no more than one
packet in 500” appears in the output.
Router# show policy-map interface FastEthernet0/1
FastEthernet0/1
Service-policy output: my-policy
Class-map: icmp (match-all)

Bandwidth Estimation:
Quality-of-Service targets:
drop no more than one packet in 1000 (Packet loss < 0.10%)
delay no more than one packet in 100 by 40 (or more) milliseconds
(Confidence: 99.0000%)
Corvil Bandwidth: 1 kbits/sec

Match: any
Bandwidth Estimation:
Quality-of-Service targets:
<none specified, falling back to drop no more than one packet in 500
Corvil Bandwidth: 1 kbits/sec
Shaping with HQF Enabled: Example

The following sample output from the show policy-map interface command shows that shaping is
active (as seen in the queue depth field) with HQF enabled on the serial 4/3 interface. All traffic is
classified to the class-default queue.
Serial4/3
Service-policy output: shape

Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 64/354/0
(pkts output/bytes output) 1836/337280
shape (average) cir 128000, bc 1000, be 1000
target shape rate 128000
lower bound cir 0, adapt to fecn 0

QOS-1020
Service-policy : LLQ
queue stats for all priority classes:

0 packets, 0 bytes
Priority: 32 kbps, burst bytes 1500, b/w exceed drops: 0

Match: any

Packets Matched on the Basis of VLAN ID Number: Example
Note As of Cisco IOS Release 12.2(31)SB2, matching packets on the basis of VLAN ID numbers is supported
on the Catalyst 1000 platform only.
The following is a sample configuration in which packets are matched and classified on the basis of the
VLAN ID number. In this sample configuration, packets that match VLAN ID number 150 are placed in
a class called “class1.”
Class Map match-all class1 (id 3)

Match vlan 150
Class1 is then configured as part of the policy map called “policy1.” The policy map is attached to
Fast Ethernet subinterface 0/0.1.
The following sample output of the show policy-map interface command displays the packet statistics
for the policy maps attached to Fast Ethernet subinterface 0/0.1. It displays the statistics for policy1, in
which class1 has been configured.
FastEthernet0/0.1
! Policy-map name.
Service-policy input: policy1
! Class configured in the policy map.

Class-map: class1 (match-all)
0 packets, 0 bytes
! VLAN ID 150 is the match criterion for the class.

Match: vlan 150
police:
cir 8000000 bps, bc 512000000 bytes

QOS-1021

transmit
drop
conformed 0 bps, exceed 0 bps

Match: any
5 minute rate 0 bps
Table 176 show policy-map interface Field Descriptions—Packets Matched on the Basis of VLAN ID
Number1
Field Description
offered rate Rate, in kbps, of the packets coming into the class.
such as VLAN ID number, precedence, IP differentiated services code
point (DSCP) value, Multiprotocol Label Switching (MPLS)
experimental value, access groups, and quality of service (QoS) group
(set). For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the Cisco IOS
Quality of Service Solutions Configuration Guide.
1. A number in parentheses may appear next to the service-policy input name and the class-map name. The number is for Cisco
Cisco 7600 Series Routers: Example

The following example shows how to display the statistics and the configurations of all the input and
output policies that are attached to an interface on a Cisco 7600 series router:
FastEthernet5/36
service-policy input: max-pol-ipp5
class-map: ipp5 (match-all)
0 packets, 0 bytes
5 minute rate 0 bps
match: ip precedence 5
class ipp5
police 2000000000 2000000 conform-action set-prec-transmit 6 exceed-action p
policed-dscp-transmit

QOS-1022
The following example shows how to display the input-policy statistics and the configurations for a
specific interface on a Cisco 7600 series router:
Router# show policy-map interface fastethernet 5/36 input
FastEthernet5/36
service-policy input: max-pol-ipp5
class-map: ipp5 (match-all)
0 packets, 0 bytes
5 minute rate 0 bps
match: ip precedence 5
class ipp5
police 2000000000 2000000 conform-action set-prec-transmit 6 exceed-action p
policed-dscp-transmit
Table 177 show policy-map interface Field Descriptions—Cisco 7600 Series Routers
Field Description
service-policy input Name of the input service policy applied to the specified interface.
class-map Class of traffic being displayed. Output is displayed for each configured
minute rate Rate, in kbps, of the packets coming into the class.
match Match criteria specified for the class of traffic. Choices include criteria
such as VLAN ID number, precedence, IP differentiated services code
point (DSCP) value, Multiprotocol Label Switching (MPLS)
experimental value, access groups, and quality of service (QoS) group
(set). For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the Cisco IOS
Quality of Service Solutions Configuration Guide.
class Precedence value.
policing.
Multiple Priority Queues on Serial Interface: Example

The following sample output from the show policy-map interface command shows the types of
statistical information that displays when multiple priority queues are configured. Depending upon the
interface in use and the options enabled, the output that you see may vary slightly from the output shown
below.
Serial2/1/0
Service-policy output: P1
Queue statistics for all priority classes:
.
.
.
Class-map: Gold (match-all)
0 packets, 0 bytes/*Updated for each priority level configured.*/

QOS-1023
Priority: 0 kbps, burst bytes 1500, b/w exceed drops: 0
Priority Level 4:
0 packets, 0 bytes
Bandwidth-Remaining Ratios: Example

The following sample output from the show policy-map interface command indicates that
bandwidth-remaining ratios are configured for class queues. As shown in the example, the classes
precedence_0, precedence_1, and precedence_2 have bandwidth-remaining ratios of 20, 40, and 60,
respectively.
Router# show policy-map interface GigabitEthernet1/0/0.10
Service-policy output: vlan10_policy

0 packets, 0 bytes
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Queueing
Service-policy : child_policy
Class-map: precedence_0 (match-all)

0 packets, 0 bytes
Queueing

0 packets, 0 bytes
Queueing

0 packets, 0 bytes
Queueing

QOS-1024


0 packets, 0 bytes
Match: any
0 packets, 0 bytes

Table 178 show policy-map interface Field Descriptions—Configured for Bandwith-Remaining

Ratios
Field Description
Service-policy output Name of the output service policy applied to the specified interface.
bandwidth remaining Indicates the ratio used to allocate excess bandwidth.
ratio
Tunnel Marking: Example

In this sample output of the show policy-map interface command, the character string “ip dscp tunnel
3” indicates that L2TPv3 tunnel marking has been configured to set the DSCP value to 3 in the header
of a tunneled packet.
Serial0
Service-policy input: tunnel
Class-map: frde (match-all)

0 packets, 0 bytes
Match: fr-de
QoS Set
ip dscp tunnel 3
Packets marked 0

Match: any

QOS-1025
Table 179 show policy-map interface Field Descriptions—Configured for Tunnel Marking
Field Description
service-policy input Name of the input service policy applied to the specified interface.
match Match criteria specified for the class of traffic. In this example, the Frame
Relay Discard Eligible (DE) bit has been specified as the match criterion.
ip dscp tunnel Indicates that tunnel marking has been configured to set the DSCP in the
header of a tunneled packet to a value of 3.

The following output from the show policy-map interface command indicates that ATM overhead
accounting is enabled for shaping and disabled for bandwidth:
Service-policy output:unit-test

Match: any
overhead accounting: enabled
bandwidth 30% (463 kbps)
overhead accounting: disabled

(packets output/bytes output) 100/1000

QOS-1026
Table 180 show policy-map interface Field Descriptions—Configured for Traffic Shaping Overhead
Accounting for ATM
Field Description
service-policy output Name of the output service policy applied to the specified interface.
match Match criteria specified for the class of traffic. In this example, the Frame
Relay Discard Eligible (DE) bit has been specified as the match criterion.
target shape rate Indicates that traffic shaping is enabled at the specified rate.
overhead accounting Indicates whether overhead accounting is enabled or disabled for traffic
shaping.
bandwidth Indicates the percentage of bandwidth allocated for traffic queueing.
overhead accounting: Indicates whether overhead accounting is enabled or disabled for traffic
queueing.
HQF: Example
The following output from the show policy-map interface command displays the configuration for Fast
Ethernet interface 0/0:
Router# show policy-map interface f0/0
FastEthernet0/0
Service-policy output: test1

Match: any
Queueing
Service-policy : test2
queue stats for all priority classes:

QOS-1027

Class-map: RT (match-all)
0 packets, 0 bytes
Match: ip dscp ef (46)
Priority: 20% (307 kbps), burst bytes 7650, b/w exceed drops: 0
Class-map: BH (match-all)
0 packets, 0 bytes
Match: ip dscp af41 (34)
Queueing
Class-map: BL (match-all)
0 packets, 0 bytes
Match: ip dscp af21 (18)
Queueing
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af21 0/0 0/0 0/0 100 400 1/10

Match: any


QOS-1028
Table 181 show policy-map interface Field Descriptions—Configured for HQF
Field Description
FastEthernet Name of the interface.
service-policy output Name of the output service policy applied to the specified interface.
Match Match criteria specified for the class of traffic.
Note For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the
Queueing Indicates that queueing is enabled.
queue limit Maximum number of packets that a queue can hold for a class policy
configured in a policy map.
bandwidth Indicates the percentage of bandwidth allocated for traffic queueing.
dscp Differentiated services code point (DSCP). Values can be the following:

bandwidth remaining Specifies a bandwidth-remaining ratio for class queues and
ratio subinterface-level queues to determine the amount of unused (excess)
bandwidth to allocate to the queue during congestion.
compression header ip Configures RTP or TCP IP header compression for a specific class.
drop Configures a traffic class to discard packets belonging to a specific class.
match fr-dlci Specifies the Frame Relay DLCI number as a match criterion in a class
map.
match packet length Specifies the length of the Layer 3 packet in the IP header as a match
(class-map) criterion in a class map.

QOS-1029
Command Description
police (percent) Configures traffic policing on the basis of a percentage of bandwidth
available on an interface.
police (two rates) Configures traffic policing using two rates, the CIR and the PIR.
priority Specifies that low-latency behavior must be given to a traffic class and
configures multiple priority queues.
random-detect ecn Enables ECN.
shape (percent) Specifies average or peak rate traffic shaping on the basis of a percentage
of bandwidth available on an interface.
show class-map Display all class maps and their matching criteria.
show interfaces Displays statistics for all interfaces configured on a router or access server.
map.
show table-map Displays the configuration of a specified table map or of all table maps.

QOS-1030
show policy-map interface brief

To display information about only the active policy maps attached to an interface, use the show
policy-map interface brief command in privileged EXEC mode.
show policy-map interface [input | output] brief [policy-map-name] [vrf [vrf-id]] [timestamp]
Syntax Description input (Optional) Indicates that only the information about the active input policy
maps will be displayed.
output (Optional) Indicates that only the information about the active output policy
maps will be displayed.
brief Indicates that the name of all the active policy maps (both input and output
policy maps) and the interfaces to which the policy maps are attached will
be displayed. The active input policy maps will be displayed first, followed
by the output policy maps.
policy-map-name (Optional) Name of an active policy map to be displayed.
vrf (Optional) Indicates that the active policy maps for Virtual Private Network
(VPN) routing and forwarding (VRF) instances will be displayed.
vrf-id (Optional) A specific VRF identifier.
timestamp (Optional) Indicates that the date and time when the policy map was
attached will be displayed, along with the ID of the user who attached the
policy map.
Command Default If no optional keywords or arguments are specified, all policy maps (even those that are not active) are
displayed.

12.2(28)SB This command was introduced.
Usage Guidelines The show policy-map interface brief command displays the name of the active policy maps and the
interfaces to which those policy maps are attached. An active policy map is one that is attached to an
interface.
The optional keywords and arguments allow you to tailor the information displayed about VPNs, time
stamps, and user IDs.
If you do not specify any optional keywords or arguments, all policy maps (even those that are not active)
are displayed.

QOS-1031
VPN Information Reported

The show policy-map interface brief command can be used for VRF interfaces in applications that use
VPNs. To specify VRF interfaces, use the vrf keyword with the vrf-id argument.
Time-stamp and User ID Information Reported

If the optional timestamp keyword is used with the show policy-map interface brief command, the
time and date when a policy map was attached to an interface appear in the display. In addition to the
time and date information, the name (that is, the user ID) of the person who attached the policy map to
the interface will be displayed.
Note If the network software is reloaded (reinstalled), the time-stamp information (the time and date
information) obtained will not be retained for any of the policy maps attached to interfaces on
the network. Instead, the time and date information displayed will be the time and date when the
software was reloaded.
Method for Obtaining User Information

The user information included in the display is obtained from the information that you enter when you
log in to the router. For example, if you are using the SSH Secure Shell utility to log in to a router, you
would typically enter your username and password. However, it is not always possible to obtain the user
information. Instances where user information cannot be obtained include the following:
• Not all routers require user information when you log in. Therefore, you may not be prompted to
enter your username when you log in to a router.
• If you are connecting to a console port using the Telnet utility in a DOS environment, you do not
need to enter user information.
• The user information cannot be retrieved because of system constraints or other factors.
If the user information cannot be obtained, the words “by unknown” will be displayed.
Hierarchical Policy Map Information

For a hierarchical policy map structure, only the information about the parent policy maps is displayed.
Information about child policy maps is not displayed.
ATM PVCs
For ATM permanent virtual circuits (PVCs), policy maps do not remain associated with the interface if
the ATM PVC is not working properly (that is, the ATM PVC is “down”). Therefore, if an ATM PVC is
down, and a policy map is attached to an interface, the show policy-map interface brief command does
not include information about the policy maps in the command output.
Examples The information that is displayed by the show policy-map interface brief command varies according
to the optional keywords and arguments that you specify.
The following sections list the significant keyword and argument combinations used with the command
and describe the corresponding information displayed.
show policy-map interface brief Command Example

The show policy-map interface brief command displays all the attached policy maps (both input policy
maps and output policy maps) along with the information about the interfaces to which the policy maps
are attached. The input policy maps are displayed first, followed by the output policy maps.

QOS-1032
Service-policy input: policyname1

interface s2/0/1
interface s6/0/0
Service-policy output: policyname1interface s2/0/1 interface s6/0/0
show policy-map interface brief timestamp Command Example

The show policy-map interface brief timestamp command displays all the attached policy maps (both
input policy maps and output policy maps) along with the information about the interfaces to which the
policy maps are attached. The input policy maps are displayed first, followed by the output policy maps.
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
Service-policy input: parentpolicy1
Service-policy input: childpolicy1
interface s2/0/1 - applied 20:43:04 on 25/12/01 by user1
Service-policy output: policyname2

show policy-map interface brief policy-map-name Command Example

The show policy-map interface brief policy-map-name command displays the policy map attached as
either an input policy map or an output policy map, along with the information about the interface to
which the policy map is attached. Only the policy map specified by the policy-map-name argument is
displayed.
For example, the display for the show policy-map interface brief policyname1 command is as follows:
interface s2/0/1
interface s6/0/0

interface s1/0/2
interface s3/0/0
show policy-map interface brief policy-map-name timestamp Command Example

The show policy-map interface brief policy-map-name timestamp command displays the policy map
attached as either an input policy map or an output policy map, along with the information about the
interface to which it is attached. Only the policy map specified by the policy-map-name argument is
displayed.
For example, the display for the show policy-map interface brief policyname2 timestamp command
is as follows:


QOS-1033
show policy-map interface output brief Command Example

The show policy-map interface output brief command displays the attached output policy maps, along
with the information about the interfaces to which they are attached.
show policy-map interface output brief timestamp Command Example

The show policy-map interface output brief timestamp command displays the attached output policy
maps, along with the information about the interfaces to which they are attached.
show policy-map interface input brief Command Example

The show policy-map interface input brief command displays the attached input policy maps, along
with the information about the interfaces to which they are attached.
interface s2/0/2
interface s6/0/1
show policy-map interface input brief timestamp Command Example

The show policy-map interface input brief timestamp command displays the attached input policy
maps, along with the information about the interfaces to which they are attached.
show policy-map interface output brief policy-map-name Command Example

The show policy-map interface output brief policy-map-name command displays the attached output
policy map, along with the information about the interface to which it is attached. Only the policy map
specified by the policy-map-name argument is displayed.
For example, the display for the show policy-map interface output brief policyname1 command is as
follows:
interface s2/0/1
interface s6/0/0
show policy-map interface output brief policy-map-name timestamp Command Example

The show policy-map interface output brief policy-map-name timestamp command displays the
attached output policy map, along with the information about the interface to which it is attached. Only
the policy map specified by the policy-map-name argument is displayed.

QOS-1034
For example, the display for the show policy-map interface output brief policyname2 timestamp
command is as follows:
show policy-map interface input brief policy-map-name Command Example

The show policy-map interface input brief policy-map-name command displays the attached input
policy map, along with the information about the interface to which it is attached. Only the policy map
specified by the policy-map-name argument is displayed.
For example, the display for the show policy-map interface input brief policyname1 command is as
follows:
interface s2/0/1
interface s6/0/0
show policy-map interface input brief policy-map-name timestamp Command Example

The show policy-map interface input brief policy-map-name timestamp command displays the
attached input policy map, along with the information about the interface to which it is attached. Only
the policy map specified by the policy-map-name argument is displayed.
For example, the display for the show policy-map interface input brief policyname2 timestamp
show policy-map interface brief vrf Command Example

The show policy-map interface brief vrf command displays all the policy maps (both input policy maps
and output policy maps), along with information about the interfaces and the VRFs to which the policy
maps are attached.
VRFA interface s2/0/1
VRFB interface s6/0/0

VRFC interface s2/0/2
show policy-map interface brief vrf timestamp Command Example

The show policy-map interface brief vrf timestamp command displays all the policy maps (both input
policy maps and output policy maps), along with information about the interfaces and the VRFs to which
the policy maps are attached.

QOS-1035
VRFA interface s2/0/1 - applied 21:47:04 on 23/12/01 by user1
VRFB interface s6/0/0 - applied 21:47:04 on 23/12/01 by user1

VRFC interface s2/0/3 - applied 20:47:04 on 23/12/01 by user1
VRFD interface s6/0/2 - applied 20:49:04 on 21/12/01 by user1
In some network configurations, the policy map may be attached to the interface initially, and then at a
later time, the interface can be configured to act as a VRF interface. In this kind of network
configuration, the time-stamp information displays the time when the policy map was attached to the
interface. The display does not include the time when the interface was configured to act as a VRF
interface. Displaying only the time when the policy map is attached to the interface also applies to the
scenarios that are described in the following paragraph for other network configurations.
In other network configurations, a VRF may be attached to multiple interfaces as described in the
following scenarios:
• The policy map is also attached to both the interfaces and the VRFs. In this network configuration,
all the interfaces should be shown in the display for the VRF, under the policy map name, as follows:
VRF1 interface s2/0/1 - applied 21:47:37 on 23/12/01 by user1
interface atm0/0 - applied 11:37:57 on 21/11/01 by user1
• The policy map is not attached to all interfaces to which the specific VRF is attached. In this network
configuration, only the VRF interfaces that have that policy map configured are displayed.
show policy-map interface brief policy-map-name vrf timestamp Command Example

The show policy-map interface brief policy-map-name vrf timestamp command displays the policy
maps attached as either an input policy map or an output policy map, along with information about the
interface and VRF to which the policy map is attached. Only the policy map specified by the
policy-map-name argument is displayed.
For example, the display for the show policy-map interface brief policyname1 vrf timestamp

show policy-map interface brief policy-map-name vrf vrf-id timestamp Command Example
The show policy-map interface brief policy-map-name vrf vrf-id timestamp command displays all the
policy maps (both the input policy maps and the output policy maps), along with information about the
interface and VRF to which the policy maps are attached. Only the policy map and VRF specified by the
policy-map-name argument and the vrf-id argument are displayed.
For example, the display for show policy-map interface brief policyname1 vrf VRFA timestamp

QOS-1036


show policy-map interface output brief vrf Command Example

The show policy-map interface output brief vrf command displays the attached output policy maps,
along with information about the interface and VRF to which the policy maps are attached.
show policy-map interface output brief vrf timestamp Command Example

The show policy-map interface output brief vrf timestamp command displays the attached output
policy maps, along with information about the interface and VRF to which the policy maps are attached.
show policy-map interface input brief vrf Command Example

The show policy-map interface input brief vrf command displays the attached input policy maps,
along with information about the interface and VRF to which the policy maps are attached.

show policy-map interface input brief vrf timestamp Command Example

The show policy-map interface input brief vrf timestamp command displays the attached input policy
maps, along with information about the interface and VRF to which the policy maps are attached.

VRFD interface s6/0/2 - applied 20:49:04 on 21/12/01 by user1

QOS-1037
show policy-map interface input brief vrf vrf-id Command Example

The show policy-map interface input brief vrf vrf-id command displays the attached input policy
maps, along with information about the interface and VRF to which the policy maps are attached. Only
the policy maps attached to the VRF specified by the vrf-id argument are displayed.
For example, the display for the show policy-map interface input brief vrf VRFA command is as
follows:

show policy-map interface output brief vrf vrf-id Command Example

The show policy-map interface output brief vrf vrf-id command displays the attached output policy
maps, along with information about the interface and VRF to which the policy maps are attached. Only
the policy maps attached to the VRF specified by the vrf-id argument are displayed.
For example, the display for the show policy-map interface output brief vrf VRFB command is as
follows:

show policy-map interface input brief vrf vrf-id timestamp Command Example
The show policy-map interface input brief vrf vrf-id timestamp command displays the attached input
policy maps, along with information about the interface and VRF to which the policy maps are attached.
Only the policy maps attached to the VRF specified by the vrf-id argument are displayed.
For example, the display for the show policy-map interface input brief vrf VRFA timestamp

show policy-map interface output brief vrf vrf-id timestamp Command Example
The show policy-map interface output brief vrf vrf-id timestamp command displays the attached
output policy maps, along with information about the interface and VRF to which the policy maps are
attached. Only the policy maps attached to the VRF specified by the vrf-id argument are displayed.

QOS-1038
For example, the display for the show policy-map interface output brief vrf VRFB timestamp

Table 182 describes the significant fields shown in the various displays.
Table 182 show policy-map interface brief Field Descriptions
Field Description
Service-policy output: Output policy map name.
policyname2
Service-policy input: Input policy map name.
policyname2
interface s2/0/1 Interface to which the policy map is attached.
VRFA VRF to which the policy map is attached.
applied 21:47:04 on Time and date when the policy map was attached to the interface or VRF.
23/12/01
by user1 User ID of the person who attached the policy map to the interface or VRF.

on the interface.

QOS-1039
show policy-map interface service instance

To display the policy-map information for a given service instance under a port channel, use the show
policy-map interface service instance command in user EXEC or privileged EXEC mode.
show policy-map interface x service instance y
Syntax Description x The number of the interface or the port channel.

y The number of the service instance.

Privileged EXEC

12.2(33)SRC This command was introduced on the Cisco 7600 series routers.
Examples The following example shows the policy-map output for a hierarchical policy on a given service instance
1 under port channel 1:
Router# show policy-map interface port-channel 1 service instance 1
Port-channel1: EFP 1
Service-policy output: hqos-pc-brr

0 packets, 0 bytes
Match: any
Queueing
Service-policy : flat-pc-brr
Class-map: cos5 (match-all)

0 packets, 0 bytes
Match: cos 5
Queueing

0 packets, 0 bytes

QOS-1040
Match: any
Queueing
Table 183 show policy-map interface service instance Field Descriptions1
Field Description
packets and bytes Number of packets (also shown in bytes) identified as belonging to the
such as IP precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the variety of match
criteria that are available, see the “Classifying Network Traffic” module

QOS-1041
Table 183 show policy-map interface service instance Field Descriptions1 (continued)
Field Description
Fields Associated with Queueing (if Enabled)
Output Queue The weighted fair queueing (WFQ) conversation to which this class of
traffic is allocated.
Bandwidth Bandwidth, in either kbps or percentage, configured for this class and the
burst size.
pkts matched/bytes Number of packets (also shown in bytes) matching this class that were
matched placed in the queue. This number reflects the total number of matching
packets queued at any time. Packets matching this class are queued only
when congestion exists. If packets match the class but are never queued
because the network was not congested, those packets are not included in
this total. However, if process switching is in use, the number of packets
is always incremented even if the network is not congested.
depth/total Number of packets discarded for this class. No-buffer indicates that no
drops/no-buffer drops memory buffer exists to service the packet.
Fields Associated with Weighted Random Early Detection (WRED) (if Enabled)
exponential weight Exponent used in the average queue size calculation for a WRED
parameter group.
class IP precedence level.
dropped by WRED.

QOS-1042
Table 183 show policy-map interface service instance Field Descriptions1 (continued)
Field Description
Fields Associated with Traffic Shaping (if Enabled)
Target Rate Rate used for shaping traffic.
as follows:
((Bc+Be) /8) x 1
being transmitted.
being transmitted.


QOS-1043
show policy-map session

To display the quality of service (QoS) policy map in effect for the Subscriber Service Switch (SSS)
session, use the show policy-map session command in user EXEC or privileged EXEC mode.
show policy-map session [uid uid-number] [input class class-name | output class class-name]
Syntax Description uid (Optional) Defines a unique session ID.

uid-number (Optional) Unique session ID. Range is from 1 to 65535.
input (Optional) Displays the upstream traffic of the unique session.
output (Optional) Displays the downstream traffic of the unique session.
class (Optional) Identifies the class that is part of the QoS policy-map definition.
class-name (Optional) Class name that is part of the QoS policy-map definition.

Privileged EXEC (#)

12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB. This
command was also modified to include per-session traffic shaping and traffic
queueing statistics, if applicable.
12.2(33)SRC This command was integrated into Cisco IOS Release 12.2(33)SRC, and
support for the Cisco 7600 series router was added.
12.2(33)SB Support for the Cisco 7300 series router was added. This command was also
modified to include traffic shaping overhead accounting for ATM statistics,
if applicable.
Usage Guidelines Use the show policy-map session command with the uid keyword to verify the QoS policy map of a
unique session ID in the input and output streams in the SSS session.
Use the show policy-map session command with the optional class class-name keyword argument
combination to display statistics for a particular class. If you use the show policy-map session command
without the class class-name keyword argument combination, statistics for all the classes defined in the
QoS policy map display.
Examples This section contains sample output from the show policy-map session command.
Note The output of the show policy-map session command varies according to the QoS feature configured in
the policy map. For instance, if traffic shaping or traffic queueing is configured in the policy maps, the
statistics for those features will be included and the output will vary accordingly from what is shown in
this section. Additional self-explanatory fields may appear, but the output will be very similar.

QOS-1044
The following example from the show policy-map session command displays QoS policy-map statistics
for traffic in the downstream direction for the QoS policy maps configured:
Router# show policy-map session uid 401 output
SSS session identifier 401 -
Service-policy output: downstream-policy
Class-map: customer1234 (match-any)

Match: ip dscp cs1 cs2 cs3 cs4
5 minute rate 17000 bps
QoS Set
dscp af11
Packets marked 4464

Match: ip dscp cs5 cs6
police:
set-dscp-transmit af21
Match: ip dscp cs7
drop

Match: any

QOS-1045
Table 184 show policy-map session Field Descriptions — Traffic in the Downstream Direction
Field Description
SSS session identifier Unique session identifier.
Service-policy output Name of the output service policy applied to the
specified interface or virtual circuit (VC).
Class-map Class of traffic being displayed. Output is displayed for
each configured class in the policy. The choice for
implementing class matches (for example, match-all or
match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as
belonging to the class of traffic being displayed.
offered rate Rate, in bps, of packets coming in to the class.
Note If the packets are compressed over an outgoing
interface, the improved packet rate achieved by
packet compression is not reflected in the offered
rate. Also, if the packets are classified before
they enter a combination of tunnels (for example,
a generic routing encapsulation [GRE] tunnel
and an IP Security [IPsec] tunnel), the offered
rate does not include all the extra overhead
associated with tunnel encapsulation in general.
Depending on the configuration, the offered rate
may include no overhead, may include the
overhead for only one tunnel encapsulation, or
may include the overhead for all tunnel
encapsulations. In most of the GRE and IPsec
tunnel configurations, the offered rate includes
the overhead for GRE tunnel encapsulation only.
drop rate Rate, in bps, at which packets are dropped from the class.
Match Match criteria specified for the class of traffic. Choices
include criteria such as IP precedence, IP differentiated
services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the
variety of availablematch criteria options, see the
“Applying QoS Features Using the MQC” module of the
Cisco IOS Quality of Service Solutions Configuration
Guide.
QoS Set Indicates that packet marking is in place.
dscp Value used in packet marking.
Packets marked The number of packets marked.

QOS-1046
Table 184 show policy-map session Field Descriptions (continued)— Traffic in the Downstream
Field Description
police Indicates that the police command has been configured
to enable traffic policing. Also, displays the specified
committed information rate (CIR), conform burst (bc)
size, peak information rate (PIR), and peak burst (be)
size used for marking packets.
conformed Displays the action to be taken on packets that conform
to a specified rate. Displays the number of packets and
bytes on which the action was taken.
specified rate. Displays the number of packets and bytes
on which the action was taken.
The following example from the show policy-map session command displays QoS policy-map statistics
for traffic in the upstream direction for all the QoS policy maps configured:
Router# show policy-map session uid 401 input
Service-policy input: upstream-policy

Match: any
police:
transmit
drop
conformed 7000 bps, exceed 5000 bps

QOS-1047
Table 185 show policy-map session Field Descriptions — Traffic in the Upstream Direction
Field Description
SSS session identifier Unique session identifier.
Service-policy input Name of the input service policy applied to the specified
interface or VC.
Class-map Class of traffic being displayed. Output is displayed for
each configured class in the policy. The choice for
implementing class matches (for example, match-all or
match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as
belonging to the class of traffic being displayed.
offered rate Rate, in bps, of packets coming in to the class.
Note If the packets are compressed over an outgoing
interface, the improved packet rate achieved by
packet compression is not reflected in the offered
rate. Also, if the packets are classified before
they enter a combination of tunnels (for example,
a generic routing encapsulation [GRE] tunnel
and an IP Security [IPsec] tunnel), the offered
rate does not include all the extra overhead
associated with tunnel encapsulation in general.
Depending on the configuration, the offered rate
may include no overhead, may include the
overhead for only one tunnel encapsulation, or
may include the overhead for all tunnel
encapsulations. In most of the GRE and IPsec
tunnel configurations, the offered rate includes
the overhead for GRE tunnel encapsulation only.
drop rate Rate, in bps, at which packets are dropped from the class.
Match Match criteria specified for the class of traffic. Choices
include criteria such as IP precedence, IP differentiated
services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the
variety of available match criteria options, see the
“Applying QoS Features Using the MQC” module of the
Cisco IOS Quality of Service Solutions Configuration
Guide.
police Indicates that the police command has been configured
to enable traffic policing. Also, displays the specified
committed information rate (CIR), conform burst (bc)
size, peak information rate (PIR), and peak burst (be)
size used for marking packets.

QOS-1048
Table 185 show policy-map session Field Descriptions (continued)— Traffic in the Upstream
Field Description
conformed Displays the action to be taken on packets that conform
to a specified rate. Displays the number of packets and
bytes on which the action was taken.
Per-Session Shaping and Queueing Output: Example

The following is sample output of the show policy-map session command when per-session traffic
shaping and traffic queueing are enabled. With per-session traffic shaping and queueing configured,
traffic shaping and traffic queueing statistics are included in the output.
Note The QoS: Per-Session Shaping and Queueing on LNS feature does not support packet marking. That is,
this feature does not support the use of the set command to mark packets. Therefore, statistics related to
packet marking are not included in the output.
Service-policy output: parent

0 packets, 0 bytes
Match: any
0 packets, 0 bytes
Queueing
Service-policy : child
Class-map: prec0 (match-all)

0 packets, 0 bytes
Queueing
Class-map: prec2 (match-all)

0 packets, 0 bytes

QOS-1049
Queueing

0 packets, 0 bytes
Match: any
0 packets, 0 bytes

Table 186 describes the significant fields related to per-session traffic shaping and queueing shown in
the display.
.
Table 186 show policy-map session Field Descriptions—Per-Session Traffic Shaping and Queueing
Configured
Field Description
Queueing Indicates that traffic queueing is enabled.
queue limit Displays the queue limit, in packets.
queue depth Current queue depth of the traffic shaper.
shape (average) cir, bc, be Indicates that average rate traffic shaping is enabled.
Displays the committed information rate (CIR), the
committed burst (bc) rate, and the excess burst (be) rate
in bytes.
target shape rate Displays the traffic shaping rate, in bytes.

The following output from the show policy-map session command indicates that ATM overhead
accounting is enabled for shaping.
Service-policy output: ATM_OH_POLICY

0 packets, 0 bytes
Match: any
Queueing
Overhead Accounting Enabled

QOS-1050
Table 187 describes the significant fields displayed..

Table 187 show policy-map session Field Descriptions—Traffic Shaping Overhead Accounting for
ATM Configured
Field Description
target shape rate Displays the traffic shaping rate, in bytes.
Overhead Accounting Enabled Indicates that overhead accounting is enabled.

on the interface.
show sss session Displays SSS session status.

QOS-1051
show protocol phdf
show protocol phdf

To display protocol information from a specific protocol header description file (PHDF), use the show
protocol phdf command in privileged EXEC mode.
show protocol phdf protocol-name
Syntax Description protocol-name Loaded PHDF.

12.2(18)ZY This command integrated into Cisco IOS Release 12.2(18)ZY on the
Examples The following example shows how to define FPM traffic classes for slammer packets (UDP port 1434).
The match criteria defined within the class maps is for slammer packets with an IP length not to exceed
404 bytes, UDP port 1434, and pattern 0x4011010 at 224 bytes from start of IP header. This example
also shows how to define the service policy “fpm-policy” and apply it to the gigabitEthernet interface.
Show commands have been issued to verify the FPM configuration. (Note that PHDFs are not displayed
in show output because they are in XML format.)
Router(config)# load protocol disk2:ip.phdf
Router(config)# load protocol disk2:udp.phdf
Router(config)# class-map type stack match-all ip-udp

Router(config-cmap)# description “match UDP over IP packets”
Router(config-cmap)# match field ip protocol eq 0x11 next udp
Router(config)# class-map type access-control match-all slammer

Router(config-cmap)# description “match on slammer packets”
Router(config-cmap)# match field udp dest-port eq 0x59A
Router(config-cmap)# match field ip length eq 0x194
Router(config)# policy-map type access-control fpm-udp-policy

Router(config-pmap)# description “policy for UDP based attacks”
Router(config-pmap)# class slammer
Router(config)# policy-map type access-control fpm-policy

Router(config-pmap)# description “drop worms and malicious attacks”
Router(config-pmap)# class ip-udp
Router(config-pmap-c)# service-policy fpm-udp-policy
Router(config)# interface gigabitEthernet 0/1

Router(config-if)# service-policy type access-control input fpm-policy

QOS-1052
show protocol phdf
Router# show protocols phdf ip
Protocol ID: 1
Protocol name: IP
Description: Definition-for-the-IP-protocol
Original file name: disk2:ip.phdf
Header length: 20
Constraint(s):
Total number of fields: 12
Field id: 0, version, IP-version
Fixed offset. offset 0
Constant length. Length: 4
Field id: 1, ihl, IP-Header-Length
Field id: 2, tos, IP-Type-of-Service
Field id: 3, length, IP-Total-Length
Field id: 4, identification, IP-Identification
Field id: 5, flags, IP-Fragmentation-Flags
Field id: 6, fragment-offset, IP-Fragmentation-Offset
Field id: 7, ttl, Definition-for-the-IP-TTL
Field id: 8, protocol, IP-Protocol
Field id: 9, checksum, IP-Header-Checksum
Field id: 10, source-addr, IP-Source-Address
Field id: 11, dest-addr, IP-Destination-Address
Router# show protocols phdf udp
Protocol ID: 3
Protocol name: UDP
Description: UDP-Protocol
Original file name: disk2:udp.phdf
Header length: 8
Constraint(s):
Total number of fields: 4
Field id: 0, source-port, UDP-Source-Port
Field id: 1, dest-port, UDP-Destination-Port
Field id: 2, length, UDP-Length

QOS-1053
show protocol phdf
Field id: 3, checksum, UDP-Checksum



QOS-1054
show qbm client
show qbm client

To display quality of service (QoS) bandwidth manager (QBM) clients (applications) and their IDs, use
the show qbm client command in user EXEC or privileged EXEC mode.
show qbm client

Privileged EXEC (#)

Usage Guidelines Use the show qbm client command to confirm that a subset of Cisco IOS software has registered with
QBM.
A subset of Cisco IOS software becomes a client of QBM by calling a QBM registration application
programming interface (API) and receiving an ID. If the subset has not registered, then it is not a client.
Examples The following is sample output from the show qbm client command when RSVP aggregation is enabled:
Router# show qbm client
Client Name Client ID

RSVP BW Admit 1
RSVP rfc3175 AggResv 2
Table 188 show qbm client command Field Descriptions
Field Description
Client Name The name of the application.
• RSVP BW Admit—The RSVP QBM client used for
admitting bandwidth into QBM bandwidth pools.
• RSVP rfc3175 AggResv—RSVP aggregation as defined in
RFC 3175, Aggregation of RSVP for IPv4 and IPv6
Reservations.
– This client is used to create and maintain QBM
bandwidth pools for RSVP aggregate reservations.
Client ID The identifier of the application. One client ID exists per client.

QOS-1055
show qbm client

debug qbm Enables debugging output for QBM options.
show qbm pool Displays allocated QBM pools and associated objects.

QOS-1056
show qbm pool
show qbm pool

To display allocated quality of service (QoS) bandwidth manager (QBM) pools and identify the objects
with which they are associated, use the show qbm pool command in user EXEC or privileged EXEC
mode.
show qbm pool [id pool-id]
Syntax Description id pool-id (Optional) Displays the identifier for a specified bandwidth pool that is
performing admission control. The values must be between 0x0 and
0xffffffff; there is no default.
Command Default If you enter the show qbm pool command without the optional keyword/argument combination, the
command displays information for all configured QBM pools.

Privileged EXEC (#)

Usage Guidelines Use the show qbm pool command to display information for all configured QBM pools or for a specified
pool. If you enter a pool ID that does not exist, you receive an error message.
This command is useful for troubleshooting QBM operation.
Examples The following sample output is from the show qbm pool command when RSVP aggregation is enabled:
Router# show qbm pool
Total number of pools allocated: 1
Pool ID 0x00000009
Associated object: 'RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)'
Minimum: 300Kbps
Oper Status: OPERATIONAL
Oper Minimum: 300Kbps
Used Bandwidth: 80Kbps

QOS-1057
show qbm pool
Table 189 show qbm pool command Field Descriptions
Field Description
Total number of pools allocated The number of QBM pools configured.
Pool ID The QBM pool identifier.
Associated object The application (or client) associated with the QBM pool. This
string is provided by the client and as a result, the client chooses
the string, not QBM. For example, RSVP 3175 AggResv
192.168.40.1->192.168.50.1_ef(46) means the QBM pool is
associated with the RSVP aggregate reservation with source
endpoint (aggregator) having IP address 192.168.40.1,
destination endpoint (deaggregator) having IP address
192.168.50.1, and differentiated services code point (DSCP)
expedited forwarding (EF).
Minimum The pool’s minimum bandwidth guarantee. (Units may vary.)
Oper Status Status of the application. Values are the following:
• OPERATIONAL—Application is enabled.
• NON-OPERATIONAL—Application is disabled.
Oper Minimum Defines the minimum bandwidth guarantee that the pool is able
to enforce. This value may differ from the pool’s minimum
bandwidth guarantee because of operational conditions. For
example, if the pool is associated with an interface and the
interface is down, its Oper Status is NON-OPERATIONAL, then
the operational minimum is N/A.
Used Bandwidth The bandwidth reserved by applications/clients using this pool.
N/A displays instead of 0 when the pool’s Oper Status is
NON-OPERATIONAL.
The following sample output is from the show qbm pool command with a specified pool ID:
Router# show qbm pool id 0x000000006
Pool ID 0x00000009
Associated object: 'RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)'
Minimum: 300Kbps
Oper Status: OPERATIONAL
Oper Minimum: 300Kbps
Used Bandwidth: 80Kbps
See Table 189 for a description of the fields.

debug qbm Enables debugging output for QBM options.
show qbm client Displays registered QBM clients.

QOS-1058
show qdm status
show qdm status

To display the status of the active Quality of Service Device Manager (QDM) clients that are connected
to the router, use the show qdm status command in EXEC mode.
show qdm status
Command Modes EXEC

Usage Guidelines The show qdm status command can be used on the Cisco 7600 series router.
The output of the show qdm status command includes the following information:
• Number of connected clients
• Client IDs
• Version of the client software
• IP addresses of the connected clients
• Duration of the connection
Note QDM is not supported on Optical Service Module (OSM) interfaces.
Examples The following example illustrates the show qdm status output when two QDM clients are connected to
the router:
Router# show qdm status
Number of QDM Clients :2

QDM Client v1.0(0.13)-System_1 @ 172.16.0.0 (id:30)
connected since 09:22:36 UTC Wed Mar 15 2000
QDM Client v1.0(0.12)-System_2 @ 172.31.255.255 (id:29)
connected since 17:10:23 UTC Tue Mar 14 2000

QOS-1059
show qdm status

disconnect qdm Disconnects a QDM client.

QOS-1060
ueue
ueue
To display the contents of packets inside a queue for a particular interface or virtual circuit (VC), use the
show queue command in user EXEC or privileged EXEC mode.
show queue interface-name interface-number [queue-number] [vc [vpi/] vci]
Syntax Description interface-name The name of the interface.

interface-number The number of the interface.
queue-number (Optional) The number of the queue. The queue number is a number from 1
to 16.
vc (Optional) For ATM interfaces only, shows the fair queueing configuration
for a specified permanent virtual circuit (PVC). The name can be up to
16 characters long.
vpi/ (Optional) ATM network virtual path identifier (VPI) for this PVC. The
absence of the “/” and a vpi value defaults the vpi value to 0.
On the Cisco 7200 and Cisco 7500 series routers, this value ranges from 0
to 255.
cannot be 0.
If this value is omitted, information for all VCs on the specified ATM
interface or subinterface is displayed.
vci (Optional) ATM network virtual channel identifier (VCI) for this PVC. This
value ranges from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, lower values 0 to 31 are reserved
for specific traffic (F4 Operation, Administration, and Maintenance (OAM),
switched virtual circuit (SVC) signalling, Integrated Local Management
Interface (ILMI), and so on) and should not be used.
cannot be 0.

Privileged EXEC (#)


QOS-1061
ueue
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T, but without
support for hierarchical queueing framework (HQF). See the “Usage
Guidelines” for additional information.
Usage Guidelines This command displays the contents of packets inside a queue for a particular interface or VC.
This command does not support VIP-distributed Weighted Random Early Detection WRED (DWRED).
You can use the vc keyword and the show queue command arguments to display output for a PVC only
on Enhanced ATM port adapters (PA-A3) that support per-VC queueing.
This command does not support HQF. Use the show policy-map and the show policy-map interface
commands to gather HQF information and statistics.
Examples The following examples show sample output when the show queue command is entered and either
weighted fair queueing (WFQ), WRED, or flow-based WRED are configured.
WFQ Example
The following is sample output from the show queue command for PVC 33 on the atm2/0.33 ATM
subinterface. Two conversations are active on this interface. WFQ ensures that both data streams receive
equal bandwidth on the interface while they have messages in the pipeline.
Router# show queue atm2/0.33 vc 33
Interface ATM2/0.33 VC 0/33

Queueing strategy: weighted fair
Total output drops per VC: 18149
Output queue: 57/512/64/18149 (size/max total/threshold/drops)
Conversations 2/2/256 (active/max active/max total)
Reserved Conversations 3/3 (allocated/max allocated)
(depth/weight/discards/tail drops/interleaves) 29/4096/7908/0/0

Conversation 264, linktype: ip, length: 254
source: 10.1.1.1, destination: 10.0.2.20, id: 0x0000, ttl: 59,
TOS: 0 prot: 17, source port 1, destination port 1
(depth/weight/discards/tail drops/interleaves) 28/4096/10369/0/0

Table 190 show queue Field Descriptions for WFQ
Field Description
Queueing strategy Type of queueing active on this interface.
Total output drops per VC Total output packet drops.

QOS-1062
ueue
Table 190 show queue Field Descriptions for WFQ (continued)
Field Description
Output queue Output queue size, in packets. Max total defines the aggregate queue size
of all the WFQ flows. Threshold is the individual queue size of each
conversation. Drops are the dropped packets from all the conversations in
WFQ.
Conversations WFQ conversation number. A conversation becomes inactive or times out
when its queue is empty. Each traffic flow in WFQ is based on a queue
and represented by a conversation. Max active is the number of active
conversations that have occurred since the queueing feature was
configured. Max total is the number of conversations allowed
simultaneously.
Reserved Conversations Traffic flows not captured by WFQ, such as class-based weighted fair
queueing (CBWFQ) configured by the bandwidth command or a
Resource Reservation Protocol (RSVP) flow, have a separate queue that
is represented by a reserved conversation. Allocated is the current number
of reserved conversations. Max allocated is the maximum number of
allocated reserved conversations that have occurred.
depth Queue depth for the conversation, in packets.
weight Weight used in WFQ.
discards Number of packets dropped from the conversation’s queue.
tail drops Number of packets dropped from the conversation when the queue is at
capacity.
interleaves Number of packets interleaved.
linktype Protocol name.
length Packet length.
source Source IP address.
destination Destination IP address.
id Packet ID.
ttl Time to live count.
TOS IP type of service.
prot Layer 4 protocol number.
Flow-Based WRED Example

The following is sample output from the show queue command issued for serial interface 1 on which
flow-based WRED is configured. The output shows information for each packet in the queue; the data
identifies the packet by number, the flow-based queue to which the packet belongs, the protocol used,
and so forth.
Router# show queue Serial1
Output queue for Serial1 is 2/0
Packet 1, flow id:160, linktype:ip, length:118, flags:0x88

source:10.1.3.4, destination:10.1.2.2, id:0x0000, ttl:59,
TOS:32 prot:17, source port 1, destination port 515
data:0x0001 0x0203 0x0405 0x0607 0x0809 0x0A0B 0x0C0D

QOS-1063
ueue
0x0E0F 0x1011 0x1213 0x1415 0x1617 0x1819 0x1A1B
Packet 2, flow id:161, linktype:ip, length:118, flags:0x88

0x0E0F 0x1011 0x1213 0x1415 0x1617 0x1819 0x1A1B
Table 191 show queue Field Descriptions for Flow-Based WRED
Field Description
Packet Packet number.
flow id Flow-based WRED number.
linktype Protocol name.
length Packet length.
flags Internal version-specific flags.
id Packet ID.
prot Layer 4 protocol number.
data Packet data.
WRED Example
The following is sample output from the show queue command issued for serial interface 3 on which
WRED is configured. The output has been truncated to show only 2 of the 24 packets.
Router# show queue Serial3
Output queue for Serial3 is 24/0
Packet 1, linktype:ip, length:118, flags:0x88

0x0E0F 0x1011 0x1213 0x1415 0x1617 0x1819 0x1A1B
Packet 2, linktype:ip, length:118, flags:0x88

0x0E0F 0x1011 0x1213 0x1415 0x1617 0x1819 0x1A1B

atm vc-per-vp Sets the maximum number of VCIs to support per VPI.

QOS-1064
ueue
Command Description
(interface)
show frame-relay pvc Displays information and statistics about WFQ for a VIP-based interface.

QOS-1065
show queueing
show queueing
To list all or selected configured queueing strategies, use the show queueing command in user EXEC or
show queueing [custom | fair | priority | random-detect [interface atm-subinterface

[vc [[vpi/] vci]]]
Syntax Description custom (Optional) Status of the custom queueing list configuration.
fair (Optional) Status of the fair queueing configuration.
priority (Optional) Status of the priority queueing list configuration.
random-detect (Optional) Status of the Weighted Random Early Detection (WRED) and
distributed WRED (DWRED) configuration, including configuration of
flow-based WRED.
interface (Optional) Displays the WRED parameters of every virtual circuit (VC) with
atm-subinterface WRED enabled on the specified ATM subinterface.
vc (Optional) Displays the WRED parameters associated with a specific VC. If
desired, both the virtual path identifier (VPI) and virtual circuit identifier
(VCI) values, or just the VCI value, can be specified.
vpi/ (Optional) Specifies the VPI. If the vpi argument is omitted, 0 is used as the
VPI value for locating the permanent virtual circuit (PVC). If the vpi
argument is specified, the / separator is required.
vci (Optional) Specifies the VCI.
Command Default If no optional keyword is entered, this command shows the configuration of all interfaces.

Privileged EXEC (#)

12.0(4)T This command was integrated into Cisco IOS Release 12.0(4)T. The red
keyword was changed to random-detect.
12.1(2)T This command was modified to include information about the Frame Relay
PVC Interface Priority Queueing (FR PIPQ) feature.

QOS-1066
show queueing
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T, but without
support for hierarchical queueing framework (HQF). See the “Usage
Guidelines” for additional information.
Usage Guidelines This command does not support HQF. Use the show policy-map and the show policy-map interface
commands to gather HQF information and statistics.
Examples FR PIPQ Example

The following sample output shows that FR PIPQ (referred to as “DLCI priority queue”) is configured
on serial interface 0. The output also shows the size of the four data-link connection identifier (DLCI)
priority queues.
Router# show queueing
Current fair queue configuration:
Interface Discard Dynamic Reserved

threshold queue count queue count
Serial3/1 64 256 0
Serial3/3 64 256 0
Current DLCI priority queue configuration:
Interface High Medium Normal Low

limit limit limit limit
Serial0 20 40 60 80
Current priority queue configuration:
List Queue Args

1 low protocol ipx
1 normal protocol vines
1 normal protocol appletalk
1 normal protocol ip
1 normal protocol decnet
1 normal protocol decnet_node
1 normal protocol decnet_rout
1 normal protocol decnet_rout
1 medium protocol xns
1 high protocol clns
1 normal protocol bridge
1 normal protocol arp
Current custom queue configuration:
Current random-detect configuration:
Weighted Fair Queueing Example

The following is sample output from the show queueing command. There are two active conversations
in serial interface 0. Weighted fair queueing (WFQ) ensures that both of these IP data streams—both
using TCP—receive equal bandwidth on the interface while they have messages in the pipeline, even
though more FTP data is in the queue than remote-procedure call (RCP) data.
Router# show queueing

QOS-1067
show queueing
Current fair queue configuration:

Interface Discard Dynamic Reserved
threshold queue count queue count
Serial0 64 256 0
Serial1 64 256 0
Serial2 64 256 0
Serial3 64 256 0
Current priority queue configuration:

List Queue Args
1 high protocol cdp
2 medium interface Ethernet1

Serial5
Queueing strategy:random early detection (WRED)
Exp-weight-constant:9 (1/512)
Mean queue depth:40
Class Random Tail Minimum Maximum Mark

drop drop threshold threshold probability
0 1401 9066 20 40 1/10
1 0 0 22 40 1/10
2 0 0 24 40 1/10
3 0 0 26 40 1/10
4 0 0 28 40 1/10
5 0 0 31 40 1/10
6 0 0 33 40 1/10
7 0 0 35 40 1/10
rsvp 0 0 37 40 1/10
Custom Queueing Example

The following is sample output from the show queueing custom command:
Router# show queueing custom

List Queue Args
3 10 default
3 3 interface Tunnel3
3 3 protocol ip
3 3 byte-count 444 limit 3
Flow-Based WRED Example

The following is sample output from the show queueing random-detect command. The output shows
that the interface is configured for flow-based WRED to ensure fair packet drop among flows. The
random-detect flow average-depth-factor command was used to configure a scaling factor of 8 for this
interface. The scaling factor is used to scale the number of buffers available per flow and to determine
the number of packets allowed in the output queue of each active flow before the queue is susceptible to
packet drop. The maximum flow count for this interface was set to 16 by the random-detect flow count
command.
Router# show queueing random-detect

Serial1
Mean queue depth:29
Max flow count:16 Average depth factor:8

QOS-1068
show queueing
Flows (active/max active/max):39/40/16

0 31 0 20 40 1/10
1 33 0 22 40 1/10
2 18 0 24 40 1/10
3 14 0 26 40 1/10
4 10 0 28 40 1/10
5 0 0 31 40 1/10
6 0 0 33 40 1/10
7 0 0 35 40 1/10
rsvp 0 0 37 40 1/10
DWRED Example
The following is sample output from the show queueing random-detect command for DWRED:

Serial1
Mean queue depth:29
Max flow count:16 Average depth factor:8
Flows (active/max active/max):39/40/16

0 31 0 20 40 1/10
1 33 0 22 40 1/10
2 18 0 24 40 1/10
3 14 0 26 40 1/10
4 10 0 28 40 1/10
5 0 0 31 40 1/10
6 0 0 33 40 1/10
7 0 0 35 40 1/10
rsvp 0 0 37 40 1/10

FastEthernet2/0/0
Queueing strategy:fifo
Packet drop strategy:VIP-based random early detection (DWRED)
Mean queue depth:0
Queue size:0 Maximum available buffers:6308
Output packets:5 WRED drops:0 No buffer:0
Class Random Tail Minimum Maximum Mark Output

drop drop threshold threshold probability Packets
0 0 0 109 218 1/10 5
1 0 0 122 218 1/10 0
2 0 0 135 218 1/10 0
3 0 0 148 218 1/10 0
4 0 0 161 218 1/10 0
5 0 0 174 218 1/10 0
6 0 0 187 218 1/10 0
7 0 0 200 218 1/10 0

QOS-1069
show queueing
Table 192 show queueing Field Descriptions
Field Description
Discard threshold Number of messages allowed in each queue.
Dynamic queue count Number of dynamic queues used for best-effort conversations.
Reserved queue count Number of reservable queues used for reserved conversations.
High limit High DLCI priority queue size in maximum number of packets.
Medium limit Medium DLCI priority queue size, in maximum number of
packets.
Normal limit Normal DLCI priority queue size, in maximum number of
packets.
Low limit Low DLCI priority queue size, in maximum number of packets.
List Custom queueing—Number of the queue list.
Priority queueing—Number of the priority list.
Queue Custom queueing—Number of the queue.
Priority queueing—Priority queue level (high, medium, normal,
or low keyword).
Args Packet matching criteria for that queue.
Exp-weight-constant Exponential weight factor.
Mean queue depth Average queue depth. It is calculated based on the actual queue
depth on the interface and the exponential weighting constant. It
is a moving average. The minimum and maximum thresholds are
compared against this value to determine drop decisions.
Class IP Precedence value.
Random drop Number of packets randomly dropped when the mean queue
depth is between the minimum threshold value and the maximum
threshold value for the specified IP Precedence value.
Tail drop Number of packets dropped when the mean queue depth is greater
than the maximum threshold value for the specified IP Precedence
value.
Minimum threshold Minimum WRED threshold, in number of packets.
Maximum threshold Maximum WRED threshold, in number of packets.
Mark probability Fraction of packets dropped when the average queue depth is at
the maximum threshold.


QOS-1070
show queueing
Command Description
frame-relay interface-queue Enables the FR PIPQ feature.
priority
interface.
priority-list queue-limit Specifies the maximum number of packets that can be waiting in
each of the priority queues.
queue-list interface Establishes queueing priorities on packets entering on an
interface.
queue-list queue byte-count Specifies how many bytes the system allows to be delivered from
a given queue during a particular cycle.
random-detect flow Sets the multiplier to be used in determining the average depth
average-depth-factor factor for a flow when flow-based WRED is enabled.
interface or VC.

QOS-1071
show queueing interface

To display the queueing statistics of an interface, use the show queueing interface command in user
show queueing interface type number [vc [[vpi/] vci]]
show queueing interface {type number | null null-interface-number | vlan vlan-id}
Syntax Description type number Interface type and interface number.

For Cisco 7600 series routers, the valid interface types are ethernet,
fastethernet, gigabitethernet, tengigabitethernet, pos, atm, and ge-wan.
For Cisco 7600 series routers, interface number is the module and port
number. See the “Usage Guidelines” section for more information.
vc (Optional) Shows the weighted fair queueing (WFQ) and Weighted Random
Early Detection (WRED) parameters associated with a specific virtual
circuit (VC). If desired, both the virtual path identifier (VPI) and virtual
channel identifier (VCI) values, or just the VCI value, can be specified.
vpi/ (Optional) Specifies the VPI. If the vpi argument is omitted, 0 is used as the
VPI value for locating the permanent virtual circuit (PVC). If the vpi
argument is specified, the / separator is required.
vci (Optional) Specifies the VCI.
null Specifies the null interface number; the valid value is 0.
null-interface-number
vlan vlan-id Specifies the VLAN identification number; valid values are from 1 to 4094.

User EXEC


QOS-1072
Usage Guidelines Cisco 7600 Series Routers

The pos, atm, and ge-wan interface types are supported on Cisco 7600 series routers that are configured
with a Supervisor Engine 2 only.
The type number argument used with the interface keyword designates the module and port number.
Valid values depend on the specified interface type and the chassis and module that are used. For
installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for
the port number are from 1 to 48.
The show queueing interface command does not display the absolute values that are programmed in the
hardware. Use the show qm-sp port-data command to verify the values that are programmed in the
hardware.
Examples The following is sample output from the show queueing interface command. In this example, WRED
is the queueing strategy in use. The output varies according to queueing strategy in use.
Router# show queueing interface atm2/0
Interface ATM2/0 VC 201/201

Mean queue depth:49
Total output drops per VC:759

0 165 26 30 50 1/10
1 167 12 32 50 1/10
2 173 14 34 50 1/10
3 177 25 36 50 1/10
4 0 0 38 50 1/10
5 0 0 40 50 1/10
6 0 0 42 50 1/10
7 0 0 44 50 1/10
rsvp 0 0 46 50 1/10
Table 193 show queueing interface Field Descriptions
Field Description
Queueing strategy Name of the queueing strategy in use (for example, WRED).
Exp-weight-constant Exponential weight constant. Exponent used in the average
queue size calculation for a WRED parameter group.
Mean queue depth Average queue depth based on the actual queue depth on the
interface and the exponential weighting constant. It is a
fluctuating average. The minimum and maximum thresholds
are compared against this value to determine drop decisions.
Class IP precedence level.
Random drop Number of packets randomly dropped when the mean queue
depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence
level.

QOS-1073
Table 193 show queueing interface Field Descriptions (continued)
Field Description
Tail drop Number of packets dropped when the mean queue depth is
greater than the maximum threshold value for the specified IP
precedence level.
Minimum threshold Minimum WRED threshold in packets.
Maximum threshold Maximum WRED threshold in packets.
Mark probability Fraction of packets dropped when the average queue depth is
at the maximum threshold.
Related Commands custom-queue-list Assigns a custom queue list to an interface.

(interface)
show frame-relay pvc Displays information and statistics about WFQ for a VIP-based interface.
interface on the specified interface or displays the classes for the service policy for
show qm-sp port-data Displays information about the QoS manager switch processor.

QOS-1074
show table-map
show table-map
To display the configuration of a specified table map or all table maps, use the show table-map
show table-map table-map-name
Syntax Description table-map-name Name of table map used to map one packet-marking value to another. The
name can be a maximum of 64 alphanumeric characters.
Command Modes EXEC

Examples The sample output of the show table-map command shows the contents of a table map called “map 1”.
In “map1”, a “to–from” relationship has been established and a default value has been defined. The fields
for establishing the “to–from” mappings are further defined by the policy map in which the table map
will be configured. (Configuring a policy map is the next logical step after creating a table map.)
For instance, a precedence or differentiated services code point (DSCP) value of 0 could be mapped to
a class of service (CoS) value of 1, or vice versa, depending on the how the values are defined in the
table map. Any values not explicitly defined in a “to–from” relationship will be set to a default value.
The following sample output of the show table-map command displays the contents of a table map
called “map1”. In this table map, a packet-marking value of 0 is mapped to a packet-marking value of 1.
All other packet-marking values are mapped to the default value 3.
Router# show table-map map1
Table Map map1

from 0 to 1
default 3
Table 194 show table-map Field Descriptions
Field Description
Table Map The name of the table map being displayed.
from, to The values of the “to–from” relationship established by the table-map
(value mapping) command and further defined by the policy map in which
the table map will be configured.
default The default action to be used for any values not explicitly defined in a
“to–from” relationship by the table-map (value mapping) command. If a
default action is not specified in the table-map (value mapping) command,
the default action is “copy”.

QOS-1075
show table-map

map.

QOS-1076
show tech-support rsvp

To generate a report of all Resource Reservation Protocol (RSVP)-related information, use the
show tech-support rsvp command in privileged EXEC mode.

Usage Guidelines This command is not required for normal use of the operating system. This command is useful when you
contact technical support personnel with questions regarding RSVP. The show tech-support rsvp
command generates a series of reports that can be useful to technical support personnel attempting to
solve problems.
Any issues or caveats that apply to the show tech-support command also apply to this command. For
example, the enable password, if configured, is not displayed in the output of the show running-config
command.
Examples The show tech-support rsvp command is equivalent to issuing the following commands:
• show ip rsvp installed
• show ip rsvp interface
• show ip rsvp neighbor
• show ip rsvp policy cops
• show ip rsvp reservation
• show ip rsvp sender
• show running-config
• show version
For the specific examples, refer to the displays and descriptions for the individual commands for more
information.

QOS-1077
show traffic-shape
show traffic-shape
To display the current traffic-shaping configuration, use the show traffic-shape command in EXEC
mode.
show traffic-shape [interface-type interface-number]
Syntax Description interface-type (Optional) The type of the interface. If no interface is specified,
traffic-shaping details for all configured interfaces are shown.
interface-number (Optional) The number of the interface.
Command Modes EXEC

Usage Guidelines You must have first enabled traffic shaping using the traffic-shape rate, traffic-shape group, or
frame-relay traffic-shaping command to display traffic-shaping information.
Examples The following is sample output from the show traffic-shape command:
Router# show traffic-shape
Interface Fa0/0
Access Target Byte Sustain Excess Interval Increment Adapt
VC List Rate Limit bits/int bits/int (ms) (bytes) Active
- 1000000 6250 25000 25000 25 3125 -
Table 195 show traffic-shape Field Descriptions
Field Description
Interface Interface type and number.
VC Virtual circuit.
Note If you configure traffic shaping at a VC level instead of an
interface level, a number appears in this field.
Access List Number of the access list, if one is configured.
Target Rate Rate that traffic is shaped to, in bits per second.

QOS-1078
show traffic-shape
Table 195 show traffic-shape Field Descriptions (continued)
Field Description
Byte Limit Maximum number of bytes sent per internal interval.
Sustain bits/int Configured sustained bits per interval.
Excess bits/int Configured excess bits in the first interval.
Interval (ms) Interval (in milliseconds) being used internally, which may be smaller
than the committed burst divided by the committed information rate,
if the router determines that traffic flow will be more stable with a
smaller configured interval.
Increment (bytes) Number of bytes that will be sustained per internal interval.
Adapt Active Contains “BECN” if Frame Relay has backward explicit congestion
notification (BECN) adaptation configured.

frame-relay cir Specifies the incoming or outgoing committed information rate (CIR)
for a Frame Relay virtual circuit.
frame-relay traffic-rate Configures all the traffic-shaping characteristics of a virtual circuit
(VC) in a single command.
frame-relay traffic-shaping Enables both traffic shaping and per-VC queueing for all PVCs and
SVCs on a Frame Relay interface.
show traffic-shape queue Displays information about the elements queued by traffic shaping at
the interface level or the DLCI level.
show traffic-shape statisitcs Displays the current traffic-shaping statistics.
traffic-shape fecn-adap Replies to messages with the FECN bit (which are set with TEST
traffic-shape group Enables traffic shaping based on a specific access list for outbound
traffic on an interface.

QOS-1079
show traffic-shape queue

To display information about the elements queued by traffic shaping at the interface level or the data-link
connection identifier (DLCI) level, use the show traffic-shape queue command in privileged EXEC
mode.
show traffic-shape queue [interface-number [dlci dlci-number]]
Syntax Description interface-number (Optional) The number of the interface.

dlci (Optional) The specific DLCI for which you wish to display information
about queued elements.
dlci-number (Optional) The number of the DLCI.

12.0(3)XG This command was integrated into Cisco IOS Release 12.0(3)XG. The dlci
argument was added.
12.0(4)T This command was integrated into Cisco IOS Release 12.0(4)T. The dlci
argument was added.
12.0(5)T This command was modified to include information on the special voice
queue that is created using the queue keyword of the frame-relay voice
bandwidth command.
12.2(28)SB This command was modified to support hierarchical queueing framework
(HQF) on Frame Relay (FR) interfaces or permanent virtual circuits (PVCs).
Usage Guidelines When no parameters are specified with this command, the output displays information for all interfaces
and DLCIs containing queued elements. When a specific interface and DLCI are specified, information
is displayed about the queued elements for that DLCI only.
When you use this command with HQF, no output displays.

QOS-1080
Examples The following is sample output for the show traffic-shape queue command when weighted fair
queueing is configured on the map class associated with DLCI 16:
Router# show traffic-shape queue Serial1/1 dlci 16
Traffic queued in shaping queue on Serial1.1 dlci 16

Queueing Stats: 1/600/64/0 (size/max total/threshold/drops)
Conversations 0/16 (active/max total)
Reserved Conversations 0/2 (active/allocated)
(depth/weight/discards) 1/4096/0

The following is sample output for the show traffic-shape queue command when priority queueing is
configured on the map class associated with DLCI 16:

Queueing strategy: priority-group 4
Queueing Stats: low/1/80/0 (queue/size/max total/drops)
Packet 1, linktype: cdp, length: 334, flags: 0x10000008
The following is sample output for the show traffic-shape queue command when first-come, first-serve
queueing is configured on the map class associated with DLCI 16:

Queueing strategy: fcfs
Queueing Stats: 1/60/0 (size/max total/drops)
Packet 1, linktype: cdp, length: 334, flags: 0x10000008
The following is sample output for the show traffic-shape queue command displaying statistics for the
special queue for voice traffic that is created automatically when the frame-relay voice bandwidth
command is entered:
Voice queue attached to traffic shaping queue on Serial1 dlci 45

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Voice Queueing Stats: 0/100/0 (size/max/dropped)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Traffic queued in shaping queue on Serial1 dlci 45
Queueing Stats: 0/600/64/0 (size/max total/threshold/drops)
Conversations 0/16 (active/max total)
Reserved Conversations 0/2 (active/allocated)

QOS-1081
Table 196 show traffic-shape queue Field Descriptions
Field Description
Queueing strategy When Frame Relay Traffic Shaping (FRTS) is configured, the queueing type
can be weighted fair, custom-queue, priority-group, or fcfs
(first-come, first-serve), depending on what is configured on the Frame
Relay map class for this DLCI. The default is fcfs for FRTS. When generic
traffic shaping is configured, the only queueing type available is weighted
fair queueing (WFQ).
Queueing Stats Statistics for the configured queueing strategy, as follows:
• size—Current size of the queue.
• max total—Maximum number of packets of all types that can be queued
in all queues.
• threshold—For WFQ, the number of packets in the queue after which
new packets for high-bandwidth conversations will be dropped.
• drops—Number of packets discarded during this interval.
Conversations active Number of currently active conversations.
Conversations max total Maximum allowed number of concurrent conversations.
Reserved Conversations Number of currently active conversations reserved for voice.
active
Reserved Conversations Maximum configured number of conversations reserved.
allocated
depth Number of packets currently queued.
weight Number used to classify and prioritize the packet.
discards Number of packets discarded from queues.
Packet Number of queued packet.
linktype Protocol type of the queued packet. (cdp = Cisco Discovery Protocol)
length Number of bytes in the queued packet.
flags Number of flag characters in the queued packet.
id Packet ID.
TOS IP type of service.
prot Layer 4 protocol number. Refer to RFC 943 for a list of protocol numbers.
(17 = User Datagram Protocol (UDP))
source port Port number of source port.
destination port Port number of destination port.

QOS-1082

show frame-relay Displays Frame Relay fragmentation details.
fragment
show frame-relay vofr Displays details about FRF.11 subchannels being used on VoFR DLCIs.
show traffic-shape Displays the current traffic-shaping configuration.
show traffic-shape Displays the current traffic-shaping statistics.
statistics

QOS-1083
show traffic-shape statistics

To display the current traffic-shaping statistics, use the show traffic-shape statistics command in EXEC
mode.
show traffic-shape statistics [interface-type interface-number]
Syntax Description interface-type (Optional) The type of the interface. If no interface is specified,
traffic-shaping statistics for all configured interfaces are shown.
interface-number (Optional) The number of the interface.
Command Modes EXEC

Usage Guidelines You must have first enabled traffic shaping using the traffic-shape rate, traffic-shape group, or
frame-relay traffic-shaping command to display traffic-shaping information.
Examples The following is sample output from the show traffic-shape statistics command:
Router# show traffic-shape statistics
Access Queue Packets Bytes Packets Bytes Shaping

I/F List Depth Delayed Delayed Active
Et0 101 0 2 180 0 0 no
Et1 0 0 0 0 0 no
Table 197 show traffic-shape statistics Field Descriptions
Field Description
I/F Interface.
Access List Number of the access list.
Queue Depth Number of messages in the queue.
Packets Number of packets sent through the interface.
Bytes Number of bytes sent through the interface.

QOS-1084
Table 197 show traffic-shape statistics Field Descriptions (continued)
Field Description
Packets Delayed Number of packets sent through the interface that were delayed in the
traffic-shaping queue.
Bytes Delayed Number of bytes sent through the interface that were delayed in the
traffic-shaping queue.
Shaping Active Contains “yes” when timers indicate that traffic shaping is occurring and
“no” if traffic shaping is not occurring.

frame-relay Enables both traffic shaping and per-VC queueing for all PVCs and
traffic-shaping SVCs on a Frame Relay interface.
server.
show ip rsvp neighbor Displays RSVP-related interface information.

QOS-1085
svc-bundle
svc-bundle
To create or modify a member of a switched virtual circuit (SVC) bundle, use the svc-bundle command
in SVC-bundle configuration mode. To remove an SVC bundle member from the bundle, use the no form
of this command.
svc-bundle svc-handle
no svc-bundle svc-handle
Syntax Description svc-handle Unique name for the SVC in the router.
Command Default No SVCs are members of an SVC bundle.
Command Modes SVC-bundle configuration

Usage Guidelines Using this command will cause the system to enter SVC-bundle member configuration mode, in which
you can configure characteristics of the member such as precedence, variable bit rate (VBR) traffic
shaping, unspecified bit rate (UBR) traffic shaping, UBR+ traffic shaping, an idle timeout, and bumping
conditions.
Examples The following example creates a member of an SVC bundle named “five”:
svc-bundle five

QOS-1086
table-map (value mapping)

To create and configure a mapping table for mapping and converting one packet-marking value to
another, use the table-map (value mapping) command in global configuration mode. To disable the use
of this table map, use the no form of this command.
table-map table-map-name map from from-value to to-value [default default-value-or-action]
no table-map table-map-name map from from-value to to-value [default default-value-or-action]
Syntax Description table-map-name Name of table map to be created. The name can be a maximum of 64
map from Indicates that a “map from” value will be used.
from-value The “map from” value of the packet-marking category. The value range
varies according to the packet-marking category from which you want to
map and convert. For more information, see the “Usage Guidelines” section
below.
to Indicates that a “map to” value will be used.
to-value The “map to” value of the packet-marking category. The value range varies
according to the packet-marking category to which you want to map and
convert. For more information, see the “Usage Guidelines” section below.
default (Optional) Indicates that a default value or action will be used.
default-value-or-action (Optional) The default value or action to be used if a “to–from” relationship
has not been explicitly configured. Default actions are “ignore” and “copy”.
If neither action is specified, “copy” is used.
Defaults The default keyword and default-value-or-action argument sets the default value (or action) to be used
if a value if not explicitly designated.
If you configure a table map but you do not specify a default-value-or-action argument for the default
keyword, the default action is “copy”.

Usage Guidelines This command allows you to create a mapping table. The mapping table, a type of conversion chart, is
used for establishing a “to–from” relationship between packet-marking types or categories. For example,
a mapping table can be used to establish a “to–from” relationship between the following packet-marking
categories:
• Class of service (CoS)
• Precedence

QOS-1087
• Differentiated services code point (DSCP)

• Quality of service (QoS) group
• Multiprotocol Label Switching (MPLS) experimental (EXP) imposition
• MPLS EXP topmost
When configuring the table map, you must specify the packet-marking values to be used in the
conversion. The values you can enter vary by packet-marking category.
Table 198 lists the valid value ranges you can enter for each packet-marking category.
Table 198 Valid Value Ranges
Packet-Marking Category Value Ranges

CoS Specific IEEE 802.1Q number in the range from 0 to 7.
Precedence Number in the range from 0 to 7.
DSCP Number in the range from 0 to 63.
QoS Group Number in the range from 0 to 99.
MPLS EXP imposition Number in the range from 0 to 7.
MPLS EXP topmost Number in the range from 0 to 7.
Examples In the following example, the table-map (value mapping) command has been configured to create a table
map called “map1”. In “map1”, two “to–from” relationships have been established and a default value
has been defined. The fields for establishing the “to–from” mappings are further defined by the policy
map in which the table map will be configured. (Configuring a policy map is the next logical step after
creating a table map.)
For instance, a precedence or DSCP value of 0 could be mapped to a CoS value of 0, or vice versa,
depending on the how the table map is configured. Any values not explicitly defined in a “to–from”
relationship will be set to a default value.
Router(config)# table-map map1
Router(config-tablemap)# map from 0 to 0
Router(config-tablemap)# map from 2 to 1
Router(config-tablemap)# default 3
Router(config-tablemap)# end

map.

QOS-1088
tcp
tcp
To enable Transmission Control Protocol (TCP) header compression within an IP Header Compression
(IPHC) profile, use the tcp command in IPHC-profile configuration mode. To disable TCP header
compression, use the no form of this command.
tcp
no tcp
Command Default TCP header compression is enabled.


The tcp command is intended for use as part of an IPHC profile. An IPHC profile is used to enable and
configure header compression on your network. For more information about using IPHC profiles to
configure header compression, see the “Header Compression” module and the “Configuring Header
Compression Using IPHC Profiles” module of the Cisco IOS Quality of Service Solutions Configuration
Guide, Release 12.4T.
Examples The following is an example of an IPHC profile called profile1. In this example, TCP header
compression has been enabled.
Router> enable
Router(config-iphcp)# tcp


QOS-1089
tcp contexts
tcp contexts
To set the number of contexts available for Transmission Control Protocol (TCP) header compression,
use the tcp contexts command in IPHC-profile configuration mode. To remove the number of previously
configured contexts, use the no form of this command.
tcp contexts {absolute number-of-contexts | kbps-per-context kbps}
no tcp contexts
Syntax Description absolute Indicates that the maximum number of compressed TCP contexts will be
based on a fixed (absolute) number.
number-of-contexts Number of TCP contexts. Range is from 1 to 256.
kbps-per-context Indicates that the maximum number of compressed TCP contexts will be
based on available bandwidth.
kbps Number of kbps to allow for each context. Range is from 1 to 100.
Command Default The tcp contexts command calculates the number of contexts on the basis of bandwidth and allocates
4 kbps per context.

Usage Guidelines Use the tcp contexts command to set the number of contexts available for TCP header compression. A
context is the state that the compressor uses to compress a header and that the decompressor uses to
decompress a header. The context is the uncompressed version of the last header sent and includes
information used to compress and decompress the packet.

The tcp contexts command is intended for use as part of an IPHC profile. An IPHC profile is used to
enable and configure header compression on your network. For more information about using IPHC
Setting the Number of Contexts as an Absolute Number

The tcp contexts command allows you to set the number of contexts as an absolute number. To set the
number of contexts as an absolute number, enter a number between 1 and 256.

QOS-1090
tcp contexts
Calculating the Number of Contexts on the Basis of Bandwidth

The tcp contexts command can calculate the number of contexts on the basis of the bandwidth available
on the network link to which the IPHC profile is applied.
To have the number of contexts calculated on the basis of the available bandwidth, enter the
kbps-per-context keyword followed by a value for the kbps argument The command divides the
available bandwidth by the kbps specified. For example, if the bandwidth of the network link is
2000 kbps, and you enter 10 for the kbps argument, the command calculates 200 contexts.
Examples The following is an example of an IPHC profile called profile2. In this example, the number of TCP
contexts has been set to 75.
Router> enable
Router(config-iphcp)# tcp contexts absolute 75


QOS-1091
traffic-shape adaptive
To configure a Frame Relay subinterface to estimate the available bandwidth when backward explicit
congestion notification (BECN) signals are received, use the traffic-shape adaptive interface
configuration command in interface configuration mode. To disregard the BECN signals and not
estimate the available bandwidth, use the no form of this command.
traffic-shape adaptive bit-rate
no traffic-shape adaptive
Syntax Description bit-rate Lowest bit rate that traffic is shaped to, in bits per second. The default
bit rate value is 0.
Command Default Bandwidth is not estimated when BECN signals are received.

Usage Guidelines This command specifies the boundaries in which traffic will be shaped when BECN signals are received.
You must enable traffic shaping on the interface with the traffic-shape rate or traffic-shape group
command before you can use the traffic-shape adaptive command.
The bit rate specified for the traffic-shape rate command is the upper limit, and the bit rate specified
for the traffic-shape adaptive command is the lower limit to which traffic is shaped when BECN signals
are received on the interface. The rate actually shaped to will be between these two bit rates.
You should configure this command and the traffic-shape fecn-adapt command on both ends of the
connection to ensure adaptive traffic shaping over the connection, even when traffic is flowing primarily
in one direction. The traffic-shape fecn-adapt command configures the router to reflect forward
explicit congestion notification (FECN) signals as BECN signals.
Examples The following example configures traffic shaping on serial interface 0.1 with an upper limit of 128 kbps
and a lower limit of 64 kbps. This configuration allows the link to run from 64 to 128 kbps, depending
on the congestion level.
interface serial 0
encapsulation-frame-relay
interface serial 0.1

QOS-1092
traffic-shape rate 128000

traffic-shape adaptive 64000
traffic-shape fecn-adapt

show traffic-shape statistics Displays the current traffic-shaping statistics.

QOS-1093
To reply to messages with the forward explicit congestion notification (FECN) bit (which are sent with
TEST RESPONSE messages with the BECN bit set), use the traffic-shape fecn-adapt command in
interface configuration mode. To stop backward explicit congestion notification (BECN) signal
generation, use the no form of this command.
no traffic-shape fecn-adapt
Command Default Traffic shaping is disabled.

Usage Guidelines Enable traffic shaping on the interface with the traffic-shape rate or traffic-shape group command.
FECN is available only when traffic shaping is configured.
Use this command to reflect FECN bits as BECN bits. Reflecting FECN bits as BECN bits notifies the
sending DTE that it is transmitting at a rate too fast for the DTE to handle. Use the traffic-shape
adaptivetraffic-shape adaptive command to configure the router to adapt its transmission rate when it
receives BECN signals.
You should configure this command and the traffic-shape adaptive command on both ends of the
connection to ensure adaptive traffic shaping over the connection, even when traffic is flowing primarily
in one direction.
Examples The following example configures traffic shaping on serial interface 0.1 with an upper limit of 128 kbps
and a lower limit of 64 kbps. This configuration allows the link to run from 64 to 128 kbps, depending
on the congestion level. The router reflects FECN signals as BECN signals.
interface serial 0
encapsulation-frame-relay
interface serial 0.1
traffic-shape rate 128000

QOS-1094
traffic-shape adaptive 64000



QOS-1095
traffic-shape group
traffic-shape group
To enable traffic shaping based on a specific access list for outbound traffic on an interface, use the
traffic-shape group command in interface configuration mode. To disable traffic shaping on the
interface for the access list, use the no form of this command.
traffic-shape group access-list bit-rate [burst-size [excess-burst-size]]
no traffic-shape group access-list
Syntax Description access-list Number of the access list that controls the packets that traffic shaping is
applied to on the interface. Access list numbers can be numbers from
1 to 2699.
bit-rate Bit rate that traffic is shaped to, in bits per second. This is the access bit rate
that you contract with your service provider, or the service levels you intend
to maintain. Bit rates can be numbers in the range of 8000 to 100000000 bps.
burst-size (Optional) Sustained number of bits that can be sent per interval. On Frame
Relay interfaces, this is the Committed Burst size contracted with your
service provider. Valid entries are numbers in the range of 0 to 100000000.
excess-burst-size (Optional) Maximum number of bits that can exceed the burst size in the first
interval in a congestion event. On Frame Relay interfaces, this is the Excess
Burst size contracted with your service provider. Valid entries are numbers
in the range of 0 to 100000000. The default is equal to the burst-size
argument.

Usage Guidelines Generic traffic shaping is not supported on ISDN and dialup interfaces. It is also not supported on
nongeneric routing encapsulation tunnel interfaces. Traffic shaping is not supported with flow switching.
Traffic shaping uses queues to limit surges that can congest a network. Data is buffered and then sent
into the network in regulated amounts to ensure that traffic will fit within the promised traffic envelope
for the particular connection.

QOS-1096
traffic-shape group
The traffic-shape group command allows you to specify one or more previously defined access list to
shape traffic on the interface. You must specify one traffic-shape group command for each access list
on the interface.
The traffic-shape group command supports both standard and extended access lists.
Use traffic shaping if you have a network with differing access rates or if you are offering a subrate
service. You can configure the values according to your contract with your service provider or the service
levels you intend to maintain.
An interval is calculated as follows:
• If the burst-size is not equal to zero, the interval is the burst-size divided by the bit-rate.
• If the burst-size is zero, the interval is the excess-burst-size divided by the bit-rate.
Traffic shaping is supported on all media and encapsulation types on the router. To perform traffic
shaping on Frame Relay virtual circuits, you can also use the frame-relay traffic-shaping command.
For more information on Frame Relay Traffic Shaping, refer to the “Configuring Frame Relay” chapter
in the Cisco IOS Wide-Area Networking Configuration Guide.
If traffic shaping is performed on a Frame Relay network with the traffic-shape rate command, you can
also use the traffic-shape adaptive command to specify the minimum bit rate to which the traffic is
shaped.
Examples The following example enables traffic that matches access list 101 to be shaped to a certain rate and
traffic matching access list 102 to be shaped to another rate on the interface:
interface serial 1
traffic-shape group 101 128000 16000 8000
traffic-shape group 102 130000 10000 1000

access-list (IP Standard) Defines a standard IP access list.

QOS-1097
traffic-shape rate
traffic-shape rate
To enable traffic shaping for outbound traffic on an interface, use the traffic-shape rate command in
interface configuration mode. To disable traffic shaping on the interface, use the no form of this
command.
traffic-shape rate bit-rate [burst-size [excess-burst-size]] [buffer-limit]
no traffic-shape rate
Syntax Description bit-rate Bit rate that traffic is shaped to, in bits per second. This is the access bit rate
that you contract with your service provider, or the service levels you intend
to maintain. Bit rates can be in the range of 8000 to 100000000 bps.
burst-size (Optional) Sustained number of bits that can be sent per interval. On Frame
Relay interfaces, this is the Committed Burst size contracted with your
service provider. Valid entries are numbers in the range of 0 to 100000000.
excess-burst-size (Optional) Maximum number of bits that can exceed the burst size in the first
interval in a congestion event. On Frame Relay interfaces, this is the Excess
Burst size contracted with your service provider. Valid entries are numbers
in the range of 0 to 100000000. The default is equal to the burst-size
argument.
buffer-limit (Optional) Maximum buffer limit in bps. Valid entries are numbers in the
range of 0 to 4096.
Command Default Traffic shaping for outbound traffic is not enabled.

Usage Guidelines Generic traffic shaping is not supported on ISDN and dialup interfaces. Is is also not supported on
nongeneric routing encapsulation tunnel interfaces. Traffic shaping is not supported with flow switching.
Traffic shaping uses queues to limit surges that can congest a network. Data is buffered and then sent
into the network in regulated amounts to ensure that traffic will fit within the promised traffic envelope
for the particular connection.

QOS-1098
traffic-shape rate
Use traffic shaping if you have a network with differing access rates or if you are offering a subrate
service. You can configure the values according to your contract with your service provider or the service
levels you intend to maintain.
An interval is calculated as follows:
• If the burst-size is not equal to zero, the interval is the burst-size divided by the bit-rate.
• If the burst-size is zero, the interval is the excess-burst-size divided by the bit-rate.
Traffic shaping is supported on all media and encapsulation types on the router. To perform traffic
shaping on Frame Relay virtual circuits, you can also use the frame-relay traffic-shaping command.
For more information on Frame Relay Traffic Shaping, refer to the “Configuring Frame Relay” chapter
in the Cisco IOS Wide-Area Networking Configuration Guide.
If traffic shaping is performed on a Frame Relay network with the traffic-shape rate command, you can
also use the traffic-shape adaptive command to specify the minimum bit rate to which the traffic is
shaped.
Examples The following example enables traffic shaping on serial interface 0 using the bandwidth required by the
service provider:
interface serial 0
traffic-shape rate 128000 16000 8000


QOS-1099
tx-ring-limit
tx-ring-limit
To limit the number of packets that can be used on a transmission ring on the digital subscriber line
(DSL) WAN interface card (WIC) or interface, use the tx-ring-limit command in ATM VC configuration
mode. To not limit the number of packets that can be used on a transmission ring on a DSL WIC or
interface, use the no form of this command.
tx-ring-limit ring-limit
no tx-ring-limit ring-limit
Syntax Description ring-limit Specifies the maximum number of allowable packets that can be placed on
the transmission ring. Valid entries can be numbers from 1 to 32767. The
default value is 60. On Cisco 1700 series routers, possible values are
2 through 60. On Cisco 2600 and 3600 series routers, possible values are
3 through 60.
Command Default The default value of the ring-limit argument is 60.
Command Modes ATM VC configuration

12.0(9)S This command was incorporated into Cisco IOS Release 12.0(9)S.
12.2(2)XK Support was added for asymmetric digital subscriber line (ADSL),
and a transmission (tx) ring setting of 3 was added for latency-critical
traffic for ADSL on Cisco 2600 and Cisco 3600 routers.
12.2(4)XL Support was added for G.SHDSL.
12.2(8)YN Enhanced quality of service (QoS) features were added for
Cisco 1720, Cisco 1750, Cisco 1751, Cisco 1760,
Cisco 2610XM-2651XM, Cisco 3640, Cisco 3640A, and
Cisco 3660.
12.3(2)T Support was added for the following platforms: Cisco 1721,
Cisco 2610–2651, Cisco 2610XM–2651XM, Cisco 2691,
Cisco 3620, and Cisco 3660.
12.3(3a) Support was added for Packet over SONET (POS) interfaces on
Cisco 7200 Series routers.

QOS-1100
tx-ring-limit
Examples The following example configures the transmission ring limit to three packets on an ATM permanent
virtual circuit (PVC) subinterface:
Router(config)# interface atm1/0.1 point-to-point
Router(config-if-atm-vc)# tx-ring-limit 3

show atm vc Displays all ATM PVCs and traffic information.

QOS-1101
vc-hold-queue
vc-hold-queue
To configure the per-virtual circuit (VC) hold queue on an ATM adapter, use the vc-hold-queue
command in interface configuration mode. To return to the default value of the per-VC hold queue, use
vc-hold-queue number-of-packets
no vc-hold-queue number-of-packets
Syntax Description number-of-packets Specifies number of packets that can be configured for the per-VC hold
queue. Number of packets can be a minimum of 5 to a maximum of 1024.
Command Default The default value of the hold queue is set by the queueing mechanism in use.

Usage Guidelines This command can only be used on Cisco 7200 series routers and on Cisco 2600 and 3600 adapters that
support per-VC queueing.
This command is configurable at the VC level only.
Examples The following example sets the per-VC hold queue to 55:
interface atm2/0.1
pvc 1/101
vc-hold-queue 55

hold-queue Specifies the hold-queue limit of an interface.
server.
show queueing Displays the queueing statistics of an interface or VC.
interface

QOS-1102
vc-hold-queue

QOS-1103

Cisco IOS Quality of Service Solutions Command Reference

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco IOS Quality of Service Solutions Command Reference

Uploaded by

Copyright:

Available Formats

Cisco IOS Quality of Service Solutions