Professional Documents
Culture Documents
Command Reference
July 2008
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are
trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems,
Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing,
FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo,
LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels,
ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the
WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0807R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco IOS quality of service (QoS) commands are used to configure quality of service, a measure of
performance for a transmission system that reflects its transmission quality and service availability.
access-list rate-limit
To configure an access list for use with committed access rate (CAR) policies, use the access-list
rate-limit command in global configuration mode. To remove the access list from the configuration, use
the no form of this command.
Usage Guidelines Use this command to classify packets by the specified IP precedence, MAC address, or MPLS
experimental field values for a particular CAR access list. You can then apply CAR policies, using the
rate-limit command, to individual rate-limit access lists. When packets in an access list are classified in
this manner, the packets with different IP precedences, MAC addresses, or MPLS experimental field
values are treated differently by the CAR process.
You can specify only one command for each rate-limit access list. If you enter this command multiple
times using the same access list number, the new command overwrites the previous command.
Use the mask keyword to assign multiple IP precedences or MPLS experimental field values to the same
rate-limit list. To ascertain the mask value, perform the following steps.
1. Decide which precedences you want to assign to this rate-limit access list.
2. Convert the precedences or MPLS experimental field values into 8-bit numbers with each bit
corresponding to one value. For example, an MPLS experimental field value of 0 corresponds to
00000001; 1 corresponds to 00000010; 6 corresponds to 01000000; and 7 corresponds to 10000000.
3. Add the 8-bit numbers for the selected MPLS experimental field values. For example, the mask for
MPLS experimental field values 1 and 6 is 01000010.
4. The access-list rate-limit command expects hexadecimal format. Convert the binary mask into the
corresponding hexadecimal number. For example, 01000010 becomes 42 and is used in the
command. Any packets that have an MPLS experimental field value of 1 or 6 will match this access
list.
A mask of FF matches any precedence, and 00 does not match any precedence.
Examples In the following example, MPLS experimental fields with the value of 7 are assigned to the rate-limit
access list 200:
Router(config)# access-list rate-limit 200 7
You can then use the rate-limit access list in a rate-limit command so that the rate limit is applied only
to packets matching the rate-limit access list.
Router(config)# interface atm4/0.1 mpls
Router(config-if)# rate-limit input access-group rate-limit 200 8000 8000 8000
conform-action set-mpls-exp-transmit 4 exceed-action set-mpls-exp-transmit 0
atm-address (qos)
To specify the QoS parameters associated with a particular ATM address, use the atm-address command
in LANE QoS database configuration mode. To revert to the default value, use the no form of this
command.
Examples The following example shows how to enter the required QoS parameters using PCR and MCR values on
a specific ATM address. This command is entered from LANE QoS database configuration mode.
Router(lane-qos)# atm-address 47.0091810000000061705B0C01.00E0B0951A40.0A ubr+ pcr 500000
mcr 100000
Syntax Description trust (Optional) Indicates that the differentiated services code point (DSCP)
markings of a packet are trust (that is, relied on) for classification of the
voice, video, and data traffic.
If the optional trust keyword is not specified, the voice, video, and data
traffic is classified using network-based application recognition (NBAR),
and the packets are marked with the appropriate DSCP value.
Usage Guidelines The auto discovery qos command initiates the Auto-Discovery (data collection) phase of the AutoQoS
for the Enterprise feature. This command invokes NBAR protocol discovery to collect data and analyze
the traffic at the egress direction of the interface.
The no auto discovery qos command terminates the Auto-Discovery phase and removes any data
collection reports generated.
The trust keyword is used for the trusted model based on the specified DSCP marking. For more
information, see the “Trusted Boundary” section of the AutoQoS for the Enterprise feature module,
Cisco IOS Release 12.3(7)T.
Examples The following is a sample configuration showing the Auto-Discovery (data collection) phase of the
AutoQoS for the Enterprise feature enabled on a serial2/1/1 subinterface.
Router> enable
Router# configure terminal
Router(config)# interface serial2/1.1
auto qos
To install the quality-of-service (QoS) class maps and policy maps created by the AutoQoS for the
Enterprise feature, use the auto qos command in interface configuration mode. To remove the QoS
policies, use the no form of this command.
auto qos
no auto qos
Usage Guidelines The class maps and policy maps are created from the templates that are automatically generated by the
AutoQoS for the Enterprise feature. These templates (and the resulting class maps and policy maps) are
generated on the basis of the data collected during the Auto-Discovery phase of the AutoQoS for the
Enterprise feature. For more information about the Auto-Discovery phase, see the “Configuration
Phases” section of the AutoQoS for the Enterprise feature module, Cisco IOS Release 12.3(7)T.
The no auto qos command removes any AutoQoS-generated class maps and policy maps installed on
the interface.
Examples The following is a sample configuration showing the AutoQoS for the Enterprise feature enabled on a
serial2/1/1 subinterface. In this configuration, the AutoQoS class maps and policy maps will be installed
on the serial2/1 interface.
Router> enable
Router# configure terminal
Router(config)# interface serial2/1
Router(config-if)# frame-relay interface-dlci 58
Router(config-if)# auto qos
Router(config-if)# end
Syntax Description trust (Optional) Indicates that the differentiated services code point (DSCP)
markings of a packet are trusted (relied on) for classification of the voice
traffic. If the optional trust keyword is not specified, the voice traffic is
classified using network-based application recognition (NBAR), and the
packets are marked with the appropriate DSCP value.
fr-atm (Optional) Enables the AutoQoS—VoIP feature for Frame-Relay-to-ATM
links. This option is available on the Frame Relay data-link connection
identifiers (DLCIs) for Frame-Relay-to-ATM interworking only.
Usage Guidelines To enable the AutoQoS—VoIP feature for Frame-Relay-to-ATM interworking, the fr-atm keyword must
be configured explicitly. However, the fr-atm keyword affects low-speed DLCIs only. It does not affect
high-speed DLCIs.
Note DLCIs with link speeds lower than or equal to 768 kbps are considered low-speed DLCIs; DLCIs with
link speeds higher than 768 kbps are considered high-speed DLCIs.
Depending on whether the trust keyword has been configured for this command, the AutoQoS—VoIP
feature automatically creates one of the following two policy maps:
• “AutoQoS-Policy-Trust” (created if the trust keyword is configured)
• “AutoQoS-Policy-UnTrust” (created if the trust keyword is not configured)
Both of these policy maps are designed to handle the Voice over IP (VoIP) traffic on an interface or a
permanent virtual circuit (PVC) and can be modified to suit the quality of service (QoS) requirements
of the network. To modify these policy maps, use the appropriate Cisco IOS command.
These policy maps should not be attached to an interface or PVC by using the service-policy command.
If the policy maps are attached in this manner, the AutoQoS—VoIP feature (that is, the policy maps, class
maps, and access control lists [ACLs]) will not be removed properly when the no auto qos voip
command is configured.
For low-speed Frame Relay DLCIs that are interconnected with ATM PVCs in the same network, the
fr-atm keyword must be explicitly configured in the auto qos voip command to configure the
AutoQoS—VoIP feature properly. That is, the command must be configured as auto qos voip fr-atm.
For low-speed Frame Relay DLCIs that are configured with Frame-Relay-to-ATM, Multilink PPP (MLP)
over Frame Relay (MLPoFR) is configured automatically. The subinterface must have an IP address.
When MLPoFR is configured, this IP address is removed and put on the MLP bundle. The
AutoQoS—VoIP feature must also be configured on the ATM side by using the auto qos voip command.
The auto qos voip command is not supported on subinterfaces.
The auto qos voip command is available for Frame Relay DLCIs.
Disabling AutoQoS—VoIP
The no auto qos voip command disables the AutoQoS—VoIP feature and removes the configurations
associated with the feature.
When the no auto qos voip command is used, the no forms of the individual commands originally
generated by the AutoQoS—VoIP feature are configured. With the use of individual no forms of the
commands, the system defaults are reinstated. The no forms of the commands will be applied just as if
the user had entered the commands individually. As the configuration reinstating the default setting is
applied, any messages resulting from the processing of the commands are displayed.
Note If you delete a subinterface or PVC (either ATM or Frame Relay PVCs) without configuring the
no auto qos voip command, the AutoQoS—VoIP feature will not be removed properly.
Examples The following example shows the AutoQoS—VoIP feature configured on serial point-to-point
subinterface 4/1.2. In this example, both the trust and fr-atm keywords are configured.
Router> enable
Router# configure terminal
Router(config)# interface serial4/1.2 point-to-point
Router(config-if)# bandwidth 100
Router(config-if)# ip address 192.168.0.0 255.255.255.0
Router(config-if)# frame-relay interface-dlci 102
Router(config-fr-dlci)# auto qos voip trust fr-atm
Router(config-fr-dlci)# end
Router(config-if# exit
Syntax Description cisco-phone Enables the quality of service (QoS) ingress macro for the Cisco IP Phone.
cisco-softphone Enables the QoS ingress macro for the Cisco IP SoftPhone.
trust Specifies AutoQoS for ports trusting differentiated services code point
(DSCP) and class of service (CoS) traffic markings.
Usage Guidelines The automation of QoS (AutoQoS) allows you to specify the type of QoS parameters desired on a
particular port. For example, entering the auto qos voip cisco-softphone command enables the QoS
ingress macro for the Cisco IP SoftPhone.
The Smartports feature provides a set of tools for configuring all switch settings related to a specific
application with a single command. For example, entering the auto qos voip cisco-phone command
configures all the settings necessary to connect an IP phone to the switch.
You can enter the show auto qos command to display the configured AutoQoS macros.
AutoQoS and Smartports are supported on the following modules:
• WS-X6548-RJ45
• WS-X6548-RJ21
• WS-X6148-GE_TX
• WS-X6548-GE-TX-CR
• WS-X6148-RJ45V
• WS-X6148-RJ21V
• WS-X6348-RJ45
• WS-X6348-RJ21
• WS-X6248-TEL
Note The no auto qos voip interface configuration command does not disable QoS globally or delete the
received CoS-to-internal-DSCP maps created by AutoQoS.
The auto qos voip cisco-phone and the auto qos voip cisco-softphone commands allow you to enable
the inbound QoS configuration macros for AutoQoS on an interface. In some cases, the interface-specific
auto qos voip commands also generate configuration commands that are applied globally.
You must configure the interface with the switchport command if you enter the auto qos voip
cisco-phone command. You cannot configure the interface with the switchport command if you enter
the auto qos voip cisco-softphone command.
If you configure an interface with the switchport command, AutoQoS configures the interface to trust
CoS. If you do not configure the interface with the switchport command, AutoQoS configures the
interface to trust DSCP.
AutoQoS uses a nondefault CoS-to-DSCP map. For this reason, you must configure port trust on a
per-port-ASIC basis.
When you enter the auto qos voip cisco-phone command, the following behavior occurs:
• QoS is enabled if it is disabled.
• The port is changed to port-based QoS.
• The appropriate CoS map is set.
• All ports are changed to port-based mode (if applicable).
• A trust-CoS QoS policy is created and applied for the ports that need a trust-CoS QoS policy (COIL2
and COIL1).
• A trusted boundary is enabled on the port.
• The CoS value for a trust boundary is set to zero.
• The port trust is set to trust-cos.
• Only 10/100 ports and 10/100/1000 ports are supported.
• A warning message is displayed if the CDP version is not version 2.
When you enter the auto qos voip cisco-softphone command, the following behavior occurs:
• The cisco-softphone macro is a superset of the cisco-phone macro and configures all features that
are required for a Cisco IP Phone to work properly on the Catalyst 6500 series switch.
• The global settings for AutoQoS policy maps, class maps, and access lists are created to classify
VoIP packets and to put them in the priority queue or another low-latency queue. The interface
settings are created depending on the type of interface and the link speed.
• Two rate limiters are associated with the interface on which the cisco-softphone port-based autoqos
macro is executed. The two rate limiters ensure that all inbound traffic on a cisco-softphone port
have the following characteristics:
– The rate of DCSP 46 is at or less than that of the expected softphone rate.
– The rate of DSCP 26 is at or less than the expected signaling rate.
– All other traffic is re-marked to DSCP 0 (default traffic).
• DSCP 46 is policed at the rate of 320 kbps with a burst of 2 Kb. DSCP 26 is policed at 32 kbps with
a burst of 8 Kb.
• The port is set to untrusted for all port types. The policed-dscp-map is set to ensure that DSCP 46
is marked down to DSCP 0 and DSCP 26 is marked down to DSCP 0. The default QoS IP ACL
re-marks all other traffic to DSCP 0.
When you enter the auto qos voip soft-phone command, the following behavior occurs:
• Enables QoS if QoS is disabled.
• Changes the port to port-based QoS.
• Sets the appropriate police-dscp-map.
• Sets the appropriate CoS-to-DSCP map.
• Changes all ports to port-based mode (if applicable).
• Creates a trust-dscp QoS policy for the ports that need it (COIL2 and COIL1).
• Applies the trust-dscp QoS policy to the port (COIL2 and COIL1).
• Disables a trusted boundary on the port.
• Changes trust to untrusted.
• Allows 10/100 ports and 10/100/1000 ports only.
• Applies two rate limiters, one for DSCP 46 and one for DSCP 26 inbound traffic, and trusts only
inbound DSCP 46 and DSCP 26 traffic.
• Marks violations of either rate limiter results in traffic down to DSCP 0.
• Re-marks all other (non-DSCP 26 and 46) inbound traffic to DSCP 0.
When you enter the auto qos voip trust command, the following applies:
• The DSCP and the CoS markings are trusted for classification of the voice traffic.
• Enables QoS if QoS is disabled.
• Changes the port to port-based QoS.
• Changes all ports to port-based mode (if applicable).
• Creates a trust-dscp and a trust-cos QoS policy for the ports that need it (COIL2 and COIL1).
• Applies the trust-dscp and a trust-cos QoS policy to the port (COIL2 and COIL1).
• Disables the trusted boundary on the port.
• Sets port trust to trust-cos.
• All ports are supported.
• Bases queueing for all ports that allow dscp-to-q mapping on DSCP. If not, queueing is based on
CoS.
Examples The following example shows how to enable the QoS ingress macro for the Cisco IP Phone:
Router(config-if)# auto qos voip cisco-phone
no bandwidth
no bandwidth
Syntax Description bandwidth-kbps Amount of bandwidth, in kilobits per second (kbps), to be assigned to the
class. The amount of bandwidth varies according to the interface and platform
in use.
remaining percent Percentage of guaranteed bandwidth based on a relative percent of available
percentage bandwidth. The percentage can be a number from 1 to 100.
percent percentage Percentage of guaranteed bandwidth based on an absolute percent of available
bandwidth to be set aside for the priority class. The percentage can be a
number from 1 to 100.
aal3 Specifies the ATM Adaptation Layer 5 that supports both connectionless and
connection-oriented links. You must specify either aal3 or aal5.
user-defined Specifies that the router is to use an offset size when calculating ATM
overhead.
offset Specifies the offset size when calculating ATM overhead. Valid values are
from -63 to 63 bytes.
Note The router configures the offset size if you do not specify the
user-defined offset option.
atm Applies ATM cell tax in the ATM overhead calculation.
Note Configuring both the offset and atm options adjusts the packet size to
the offset size and then adds ATM cell tax.
Specifying Bandwidth as a Percentage for All Supported Platforms Except the Cisco 10000 Series Routers
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth
as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion,
the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth
percentage is based on the interface bandwidth or when used in a hierarchical policy. Available
bandwidth is equal to the interface bandwidth minus the sum of all bandwidths reserved by the Resource
Reservation Protocol (RSVP) feature, the IP RTP Priority feature, and the low latency queueing (LLQ)
feature.
Note It is important to remember that when the bandwidth remaining percent command is configured, hard
bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class
bandwidths are always proportional to the specified percentages of the interface bandwidth. When the
link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If
the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in
kbps.
Note It is important to remember that when the bandwidth remaining percent command is configured, hard
bandwidth guarantees may not be provided and only relative bandwidths are assured. That is, class
bandwidths are always proportional to the specified percentages of the interface bandwidth. When the
link bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If
the link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in
kbps.
The router converts the specified bandwidth to the nearest multiple of 1/255 (ESR–PRE1) or 1/65,535
(ESR–PRE2) of the interface speed. Use the show policy-map interface command to display the actual
bandwidth.
Note To meet the minimum bandwidth guarantees required by interfaces, it is especially important to modify
the default queue limit of high-speed interfaces by using the queue-limit command.
bandwidth 10000
On the PRE3, you only specify a bandwidth value. Because the unit is always kbps, the PRE3 does not
support the unit argument. Valid values are from 1 to 2000000. For example, the following command
configures a bandwidth of 128,000 kbps on the PRE3:
bandwidth 128000
The PRE3 accepts the PRE2 bandwidth command only if the command is used without the unit
argument. The PRE3 rejects the PRE2 bandwidth command if the specified bandwidth is outside the
valid PRE3 bandwidth value range (1 to 2000000).
Besides specifying the amount of bandwidth in kilobits per second (kbps), you can specify bandwidth
as a percentage of either the available bandwidth or the total bandwidth. During periods of congestion,
the classes are serviced in proportion to their configured bandwidth percentages. The bandwidth
percentage is based on the interface bandwidth or when used in a hierarchical policy the minimum
bandwidth percentage is based on the nearest parent shape rate.
Note It is important to remember that when the bandwidth remaining percent command is configured, hard
bandwidth guarantees may not be provided and only relative bandwidths are assured. Class bandwidths
are always proportional to the specified percentages of the interface bandwidth. When the link
bandwidth is fixed, class bandwidth guarantees are in proportion to the configured percentages. If the
link bandwidth is unknown or variable, the router cannot compute class bandwidth guarantees in kbps.
The router converts the specified bandwidth to the nearest multiple of 1/255 (PRE1) or 1/65535 (PRE2,
PRE3) of the interface speed. Use the show policy-map interface command to display the actual
bandwidth.
• mux-rbe
• snap-dot1q-rbe
• mux-dot1q-rbe
• snap-pppoa
• mux-pppoa
• snap-1483routed
• mux-1483routed
The user-defined offset values must match for the child and parent policies.
The following output from the show policy-map command shows the configuration for the policy map
called policy1:
Router# show policy-map policy1
The output from the show policy-map interface command shows that 50 percent of the interface
bandwidth is guaranteed for the class called class1, and 25 percent is guaranteed for the class called
class2. The output displays the amount of bandwidth as both a percentage and a number of kbps.
Router# show policy-map interface serial3/2
Serial3/2
Service-policy output:policy1
Class-map:class1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:none
Weighted Fair Queueing
Output Queue:Conversation 265
Bandwidth 50 (%)
Bandwidth 772 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map:class2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:none
Weighted Fair Queueing
Output Queue:Conversation 266
Bandwidth 25 (%)
Bandwidth 386 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map:class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:any
In this example, serial interface 3/2 has a total bandwidth of 1544 kbps. During periods of congestion,
50 percent (or 772 kbps) of the bandwidth is guaranteed to the class called class1, and 25 percent
(or 386 kbps) of the link bandwidth is guaranteed to the class called class2.
Policy Map p1
Class voice
Weighted Fair Queueing
Strict Priority
Bandwidth 500 (kbps) Burst 12500 (Bytes)
Class class1
Weighted Fair Queueing
Bandwidth remaining 50 (%) Max Threshold 64 (packets)
Class class2
Weighted Fair Queueing
Bandwidth remaining 25 (%) Max Threshold 64 (packets)
The following output from the show policy-map interface command on serial interface 3/2 shows that
500 kbps of bandwidth is guaranteed for the class called voice1. The classes called class1 and class2
receive 50 percent and 25 percent of the remaining bandwidth, respectively. Any unallocated bandwidth
is divided proportionally among class1, class2, and any best-effort traffic classes.
Note Note that in this sample output (unlike many of the others earlier in this section) the bandwidth is
displayed only as a percentage for class 1 and class 2. Bandwidth expressed as a number of kbps is not
displayed because the percent keyword was used with the bandwidth remaining command. The
bandwidth remaining percent command allows you to allocate bandwidth as a relative percentage of
the total bandwidth available on the interface.
Serial3/2
Service-policy output:p1
Class-map:voice (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:ip precedence 5
Weighted Fair Queueing
Strict Priority
Output Queue:Conversation 264
Bandwidth 500 (kbps) Burst 12500 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map:class1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:none
Weighted Fair Queueing
Output Queue:Conversation 265
Bandwidth remaining 50 (%) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map:class2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:none
Weighted Fair Queueing
Output Queue:Conversation 266
Bandwidth remaining 25 (%) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map:class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:any
In the following example, the router uses 20 overhead bytes and ATM cell tax in calculating ATM
overhead. The child and parent policies contain the required matching offset values. The parent policy
is attached to virtual template 1.
Router(config)# policy-map child
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 500 account user-defined 20 atm
Router(config-pmap-c)# exit
Router(config-pmap)# class class2
Router(config-pmap-c)# shape average 30000 account user-defined 20 atm
Router(config-pmap)# exit
Router(config)# exit
Router(config)# Router(config-pmap)#Router(config-pmap-c)#Router(config-pmap-c)# Router(co
nfig-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# Router(config-if)# Router(config-if)# end
Command Description
policy-map Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
priority Specifies the priority of a class of traffic belonging to a policy
map.
queue-limit Specifies or modifies the maximum number of packets the queue
can hold for a class policy configured in a policy map.
random-detect (interface) Enables WRED or DWRED.
random-detect Configures the WRED and DWRED exponential weight factor for
exponential-weighting- the average queue size calculation.
constant
random-detect precedence Configures WRED and DWRED parameters for a particular IP
precedence.
show policy-map Displays the configuration of all classes for a specified service
policy map or all classes for all existing policy maps.
show policy-map interface Displays the packet statistics of all classes that are configured for
all service policies either on the specified interface or subinterface
or on a specific PVC on the interface.
Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
Syntax Description ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues. Valid values are from 1 to 1000. At the
subinterface level, the default value is platform dependent. At the class
queue level, the default is 1.
Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues.
Note For the Cisco 7300 series router and 7600 series router, valid values
are from 1 to 10000, and the default value is 1.
Note For the Cisco 10000 series router, valid values are from 1 to 1000,
and the default is 1.
account (Optional) Enables ATM overhead accounting.
qinq (Optional) Specifies queue-in-queue encapsulation as the BRAS-DSLAM
encapsulation type.
dot1q (Optional) Specifies IEEE 802.1Q VLAN encapsulation as the
BRAS-DSLAM encapsulation type.
aal5 (Optional) Specifies the ATM adaptation layer 5 that supports
connection-oriented variable bit rate (VBR) services.
subscriber-encapsulation (Optional) Specifies the encapsulation type at the subscriber line.
Encapsulation type varies according to subscriber line.
user-defined offset (Optional) Specifies the offset size, in bytes, that the router uses when
calculating the ATM overhead.
Note For the Cisco 7300 series router and 7600 series router, valid values
are from –48 to +48.
Note For the Cisco 10000 series router, valid values are from –63 to +63.
Cisco ASR 1000 Series Routers
ratio Relative weight of this subinterface or class queue with respect to other
subinterfaces or class queues. Valid values are from 1 to 1000. At the
subinterface level and class-queue level, the default is 1.
The bandwidth remaining ratio command cannot coexist with another bandwidth command in
different traffic classes of the same policy map. For example, the following configuration is not valid
and causes an error message to display:
policy-map Prec1
class precedence_0
bandwidth remaining ratio 10
class precedence_2
bandwidth 1000
For the PRE2, the bandwidth remaining ratio command can coexist with another bandwidth command
in the same class of a policy map. On the PRE3, the bandwidth remaining ratio command cannot
coexist with another bandwidth command in the same class. For example, the following configuration
is not valid on the PRE3 and causes an error message to display:
policy-map Prec1
class precedence_0
bandwidth 1000
bandwidth remaining ratio 10
In a hierarchical policy map in which the parent policy has only the class-default class defined with a
child queuing policy applied, the router accepts only the bandwidth remaining ratio form of the
bandwidth command in the class-default class.
The bandwidth remaining ratio command cannot coexist with the priority command in the same class.
For example, the following configuration is not valid and causes an error message to display:
policy-map Prec1
class precedence_1
priority
police percent 30
bandwidth remaining ratio 10
All of the queues for which the bandwidth remaining ratio command is not specified receive the
platform-specified minimum bandwidth-remaining ratio. The router determines the minimum
committed information rate (CIR) based on the configuration.
Examples Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco 10000 Series Router
The following example shows how to configure a bandwidth-remaining ratio on an ATM subinterface.
In the example, the router guarantees a peak cell rate of 50 Mbps for the variable bit rate-non-real time
(VBR-nrt) PVC 0/200. During periods of congestion, the subinterface receives a share of excess
bandwidth (unused by priority traffic) based on the bandwidth-remaining ratio of 10, relative to the other
subinterfaces configured on the physical interface.
policy-map Child
class precedence_0
bandwidth 10000
class precedence_1
shape average 100000
bandwidth 100
!
policy-map Parent
class class-default
The following example shows how to configure bandwidth remaining ratios for individual class queues.
Some of the classes configured have bandwidth guarantees and a bandwidth-remaining ratio explicitly
specified. When congestion occurs within a subinterface level, the class queues receive excess
bandwidth (unused by priority traffic) based on their class-level bandwidth-remaining ratios: 20, 30,
120, and 100, respectively for the precedence_0, precedence_1, precedence_2, and precedence_5
classes. Normally, the precedence_3 class (without a defined ratio) would receive bandwidth based on
the bandwidth-remaining ratio of the class-default class defined in the Child policy. However, in the
example, the Child policy does not define a class-default bandwidth remaining ratio, therefore, the router
uses a ratio of 1 to allocate excess bandwidth to precedence_3 traffic.
policy-map Child
class precedence_0
shape average 100000
bandwidth remaining ratio 20
class precedence_1
shape 10000
bandwidth remaining ratio 30
class precedence_2
shape average 200000
bandwidth remaining ratio 120
class precedence_3
set ip precedence 3
class precedence_5
set ip precedence 5
bandwidth remaining ratio 100
policy-map Parent
class class-default
bandwidth remaining ratio 10
service-policy Child
!
interface GigabitEthernet 2/0/1.10
encapsulation dot1q 10
service-policy output Parent
bump
To configure the bumping rules for a virtual circuit (VC) class that can be assigned to a VC bundle, use
the bump command in VC-class configuration mode. To remove the explicit bumping rules for the VCs
assigned to this class and return to the default condition of implicit bumping, use the no bump explicit
command or the bump implicit command. To specify that the VC bundle members do not accept any
bumped traffic, use the no form of this command.
To configure the bumping rules for a specific VC or permanent virtual circuit (PVC) member of a bundle,
use the bump command in bundle-vc or SVC-bundle-member configuration mode. To remove the
explicit bumping rules for the VC or PVC bundle member and return to the default condition of implicit
bumping, use the bump implicit command. To specify that the VC or PVC bundle member does not
accept any bumped traffic, use the no bump traffic command.
Syntax Description explicit precedence-level Specifies the precedence level to which traffic on a VC or PVC will be
bumped when the VC or PVC goes down. Valid values for the
precedence-level argument are numbers from 0 to 7.
implicit Applies the implicit bumping rule, which is the default, to a single VC or
PVC bundle member or to all VCs in the bundle (VC-class mode). The
implicit bumping rule stipulates that bumped traffic is to be carried by a
VC or PVC with a lower precedence level.
traffic Specifies that the VC or PVC accepts bumped traffic (the default
condition). The no form stipulates that the VC or PVC does not accept
any bumped traffic.
Release Modification
12.2(16)BX This command was implemented on the ESR-PRE2.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train.
Support in a specific 12.2SX release of this train depends on your
feature set, platform, and platform hardware.
Usage Guidelines Use the bump command in bundle-vc configuration mode (for an ATM VC bundle member) or
SVC-bundle-member configuration mode (for an SVC bundle member) to configure bumping rules for
a discrete VC or PVC bundle member. Use the bump command in VC-class configuration mode to
configure a VC class that can be assigned to a bundle member.
The effects of different bumping configuration approaches are as follows:
• Implicit bumping: If you configure implicit bumping, bumped traffic is sent to the VC or PVC
configured to handle the next lower precedence level. When the original VC or PVC that bumped
the traffic comes back up, the traffic that it is configured to carry is restored to it. If no other positive
forms of the bump command are configured, the bump implicit command takes effect.
• Explicit bumping: If you configure a VC or PVC with the bump explicit command, you can specify
the precedence level to which traffic will be bumped when that VC or PVC goes down, and the traffic
will be directed to a VC or PVC mapped with that precedence level. If the VC or PVC that picks up
and carries the traffic goes down, the traffic is subject to the bumping rules for that VC or PVC. You
can specify only one precedence level for bumping.
• Permit bumping: The VC or PVC accepts bumped traffic by default. If the VC or PVC has been
previously configured to reject bumped traffic, you must use the bump traffic command to return
the VC or PVC to its default condition.
• Reject bumping: To configure a discrete VC or PVC to reject bumped traffic when the traffic is
directed to it, use the no bump traffic command.
Note When no alternative VC or PVC can be found to handle bumped traffic, the bundle is declared down. To
avoid this occurrence, configure explicitly the bundle member VC or PVC that has the lowest precedence
level.
To use this command in VC-class configuration mode, you must enter the vc-class atm global
configuration command before you enter this command.
To use this command to configure an individual bundle member in bundle-VC configuration mode, first
issue the bundle command to enter bundle configuration mode for the bundle to which you want to add
or modify the VC member to be configured. Then use the pvc-bundle command to specify the VC to be
created or modified and enter bundle-vc configuration mode.
This command has no effect if the VC class that contains the command is attached to a standalone VC;
that is, if the VC is not a bundle member. In this case, the attributes are ignored by the VC.
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next-highest precedence):
• VC configuration in bundle-vc mode
• Bundle configuration in bundle mode (with the effect of assigned VC-class configuration)
• Subinterface configuration in subinterface mode
Examples The following example configures the class called “five” to define parameters applicable to a VC in a
bundle. If the VC goes down, traffic will be directed (bumped explicitly) to a VC mapped with
precedence level 7.
vc-class atm five
ubr 5000
precedence 5
bump explicit 7
The following example configures the class called “premium-class” to define parameters applicable to a
VC in a bundle. Unless overridden with a bundle-vc bump configuration, the VC that uses this class will
not allow other traffic to be bumped onto it.
vc-class atm premium-class
no bump traffic
bump explicit 7
Command Description
bundle Enters bundle configuration mode to create a bundle or modify an existing
bundle.
vbr-nrt Configures the VBR-NRT QoS and specifies output peak cell rate, output
sustainable cell rate, and output maximum burst cell size for an ATM PVC,
SVC, VC class, or VC bundle member.
vc-class atm Configures a VC class or an ATM VC or interface.
bundle
To create a bundle or modify an existing bundle to enter bundle configuration mode, use the bundle
command in subinterface configuration mode. To remove the specified bundle, use the no form of this
command.
bundle bundle-name
no bundle bundle-name
Syntax Description bundle-name The name of the bundle to be created. The limit is 16 alphanumeric
characters.
Usage Guidelines From within bundle configuration mode you can configure the characteristics and attributes of the bundle
and its members, such as the encapsulation type for all virtual circuits (VCs) in the bundle, the bundle
management parameters, and the service type. Attributes and parameters you configure in bundle
configuration mode are applied to all VC members of the bundle.
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next highest precedence):
• VC configuration in bundle-vc mode
• Bundle configuration in bundle mode
• Subinterface configuration in subinterface mode
To display status on bundles, use the show atm bundle and show atm bundle statistics commands.
Examples The following example configures a bundle called bundle1. The example specifies the IP address of the
subinterface and the router protocol—the router uses Intermediate System-to-Intermediate System
(IS-IS) as an IP routing protocol—then configures the bundle.
interface atm1/0.1 multipoint
ip address 10.0.0.1 255.255.255.0
ip router isis
bundle bundle1
bundle svc
To create or modify a switched virtual circuit (SVC) bundle, use the bundle svc command in interface
configuration mode. To remove the specified bundle, use the no form of this command.
Syntax Description bundle-name Unique bundle name that identifies the SVC bundle in the router. The bundle
names at each end of the virtual circuit (VC) must be the same. Length limit
is 16 alphanumeric characters.
nsap nsap-address Destination network services access point (NSAP) address of the SVC
bundle.
Usage Guidelines This command causes the system to enter SVC-bundle configuration mode. The bundle name must be
the same on both sides of the VC.
From SVC-bundle configuration mode, you can configure the characteristics and attributes of the bundle
and its members, such as the encapsulation type for all virtual circuits (VCs) in the bundle, the bundle
management parameters, the service type, and so on. Attributes and parameters you configure in
SVC-bundle configuration mode are applied to all VC members of the bundle.
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next-highest precedence):
• VC configuration in bundle-VC mode
• Bundle configuration in bundle mode
• Subinterface configuration in subinterface mode
To display the status of bundles, use the show atm bundle svc and show atm bundle svc statistics
commands.
class (EtherSwitch)
To define a traffic classification for a policy to act on using the class-map name or access group, use the
class command in policy-map configuration mode. To delete an existing class map, use the no form of
this command.
no class class-map-name
Usage Guidelines Before you use the class (EtherSwitch) command, use the policy-map global configuration command to
identify the policy map and to enter policy-map configuration mode. After you specify a policy map, you
can configure a policy for new classes or modify a policy for any existing classes in that policy map. You
attach the policy map to an interface by using the service-policy interface configuration command;
however, you cannot attach one that uses an ACL classification to the egress direction.
The class name that you specify in the policy map ties the characteristics for that class to the class map
and its match criteria as configured by using the class-map global configuration command.
The class (EtherSwitch) command performs the same function as the class-map global configuration
command. Use the class (EtherSwitch) command when a new classification, which is not shared with
any other ports, is needed. Use the class-map command when the map is shared among many ports.
Note In a policy map, the class named “class-default” is not supported. The Ethernet switch network module
does not filter traffic on the basis of the policy map defined by the class class-default policy-map
configuration command.
After entering the class (EtherSwitch) command, you enter policy-map class configuration mode. When
you are in this mode, these configuration commands are available:
• default: sets a command to its default.
• exit: exits policy-map class configuration mode and returns to policy-map configuration mode.
• no: returns a command to its default setting.
• police: defines a policer for the classified traffic. The policer specifies the bandwidth limitations and
the action to take when the limits are exceeded. For more information, see the police command.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Note For more information about configuring IP ACLs, refer to the “Configuring IP Services” chapter in the
Cisco IOS IP Application Services Configuration Guide.
Examples The following example shows how to create a policy map named “policy1.” When attached to the ingress
port, it matches all the incoming traffic defined in class1 and polices the traffic at an average rate of
1 Mbps and bursts at 131072 bytes. Traffic exceeding the profile is dropped.
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# police 1000000 131072 exceed-action drop
Router(config-pmap-c)# exit
You can verify your settings by entering the show policy-map privileged EXEC command.
class (policy-map)
To specify the name of the class whose policy you want to create or change or to specify the default class
(commonly known as the class-default class) before you configure its policy, use the class command in
policy-map configuration mode. To remove a class from the policy map, use the no form of this
command.
Syntax Description class-name Name of the class to be configured or whose policy is to be modified. The
class name is used for both the class map and to configure a policy for the
class in the policy map.
class-default Specifies the default class so that you can configure or modify its policy.
insert-before (Optional) Adds a class map between any two existing class maps.
class-name
Inserting a new class map between two existing class map provides more
flexibility when modifying existing policy map configurations. Without this
option, the class map is appended to the end of the policy map.
This keyword is supported only on flexible packet matching (FPM) policies.
Class Characteristics
The class name that you specify in the policy map ties the characteristics for that class—that is, its
policy—to the class map and its match criteria, as configured using the class-map command.
When you configure policy for a class and specify its bandwidth and attach the policy map to an
interface, class-based weighted fair queueing (CBWFQ) determines if the bandwidth requirement of the
class can be satisfied. If so, CBWFQ allocates a queue for the bandwidth requirement.
When a class is removed, available bandwidth for the interface is incremented by the amount previously
allocated to the class.
The maximum number of classes that you can configure for a router—and, therefore, within a policy
map—is 64.
Examples The following example configures three class policies included in the policy map called policy1. Class1
specifies policy for traffic that matches access control list 136. Class2 specifies policy for traffic on
interface ethernet101. The third class is the default class to which packets that do not satisfy configured
match criteria are directed.
! The following commands create the policy map, which is defined to contain policy
! specification for class1, class2, and the default class:
policy-map policy1
Class1 has these characteristics: A minimum of 2000 kbps of bandwidth is expected to be delivered to
this class in the event of congestion, and the queue reserved for this class can enqueue 40 packets before
tail drop is enacted to handle additional packets.
Class2 has these characteristics: A minimum of 3000 kbps of bandwidth is expected to be delivered to
this class in the event of congestion, and a weight factor of 10 is used to calculate the average queue size.
For congestion avoidance, WRED packet drop is used, not tail drop.
The default class has these characteristics: 16 dynamic queues are reserved for traffic that does not meet
the match criteria of other classes whose policy is defined by the policy map called policy1, and a
maximum of 20 packets per queue is enqueued before tail drop is enacted to handle additional packets.
Note When the policy map that contains these classes is attached to the interface to stipulate the service policy
for that interface, available bandwidth is assessed, taking into account all class policies and Resource
Reservation Protocol (RSVP), if configured.
The following example configures policy for the default class included in the policy map called policy8.
The default class has these characteristics: 20 dynamic queues are available for traffic that does not meet
the match criteria of other classes whose policy is defined by the policy map called policy8, and a weight
factor of 14 is used to calculate the average queue size. For congestion avoidance, WRED packet drop
is used, not tail drop.
Router(config)# policy-map policy8
Router(config-pmap)# class class-default
Router(config-pmap-c)# fair-queue 20
Router(config-pmap-c)# random-detect exponential-weighting-constant 14
The following example configures policy for a class called acl136 included in the policy map called
policy1. Class acl136 has these characteristics: a minimum of 2000 kbps of bandwidth is expected to be
delivered to this class in the event of congestion, and the queue reserved for this class can enqueue 40
packets before tail drop is enacted to handle additional packets. Note that when the policy map that
contains this class is attached to the interface to stipulate the service policy for that interface, available
bandwidth is assessed, taking into account all class policies and RSVP, if configured.
The following example configures policy for a class called int101 included in the policy map called
policy8. Class int101 has these characteristics: a minimum of 3000 kbps of bandwidth are expected to
be delivered to this class in the event of congestion, and a weight factor of 10 is used to calculate the
average queue size. For congestion avoidance, WRED packet drop is used, not tail drop. Note that when
the policy map that contains this class is attached to the interface to stipulate the service policy for that
interface, available bandwidth is assessed.
Router(config)# policy-map policy8
Router(config-pmap)# class int101
Router(config-pmap-c)# bandwidth 3000
Router(config-pmap-c)# random-detect exponential-weighting-constant 10
The following example configures policy for the class-default default class included in the policy map
called policy1. The class-default default class has these characteristics: 10 hashed queues for traffic that
does not meet the match criteria of other classes whose policy is defined by the policy map called
policy1; and a maximum of 20 packets per queue before tail drop is enacted to handle additional
enqueued packets.
Router(config)# policy-map policy1
Router(config-pmap)# class class-default
Router(config-pmap-c)# fair-queue
Router(config-pmap-c)# queue-limit 20
The following example configures policy for the class-default default class included in the policy map
called policy8. The class-default default class has these characteristics: 20 hashed queues for traffic that
does not meet the match criteria of other classes whose policy is defined by the policy map called
policy8; and a weight factor of 14 is used to calculate the average queue size. For congestion avoidance,
WRED packet drop is used, not tail drop.
Router(config)# policy-map policy8
Router(config-pmap)# class class-default
Router(config-pmap-c)# fair-queue 20
Router(config-pmap-c)# random-detect exponential-weighting-constant 14
The following example shows how to configure FPM for blaster packets. The class map contains the
following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start
of IP header.
load protocol disk2:ip.phdf
load protocol disk2:tcp.phdf
load protocol disk2:udp.phdf
class arp-peruser
To create a control class for arp-peruser, use the class arp-peruser command in policy map
configuration mode. To remove the arp-peruser class, use the no form of this command.
class arp-peruser
no class arp-peruser
Usage Guidelines Use this command when creating a per-user policy map.
Usage Guidelines If this command is used and the class is not configured, an error is generated. The error may be
something such as “% class map {name} not configured.” If the class needs to be inserted before a
specific class map, the insert-before keyword can be used. The insert-before keyword is typically
needed if the administrator is configuring any per-host class maps and would like it inserted before a
specific class map. The class type tag command creates the policy-map class configuration mode. There
can be multiple classes under the policy map.
Examples The following example shows the class map “usergroup1_class” is to be associated with a policy map:
class type tag usergroup1_class
class-bundle
To configure a virtual circuit (VC) bundle with the bundle-level commands contained in the specified
VC class, use the class-bundle command in bundle or SVC-bundle configuration mode. To remove the
VC class parameters from a VC bundle, use the no form of this command.
class-bundle vc-class-name
no class-bundle vc-class-name
Syntax Description vc-class-name Name of the VC class that you are assigning to your VC bundle.
Usage Guidelines To use this command, you must first enter the bundle or bundle svc command to create the bundle and
enter bundle or SVC-bundle configuration mode.
Use this command to assign a previously defined set of parameters (defined in a VC class) to an ATM
VC bundle. Parameters set through bundle-level commands that are contained in a VC class are applied
to the bundle and its VC members.
You can add the following commands to a VC class to be used to configure a VC bundle: broadcast,
encapsulation, inarp, oam-bundle, oam retry, and protocol.
Bundle-level parameters applied through commands that are configured directly on a bundle supersede
bundle-level parameters applied through a VC class by the class-bundle command. Some bundle-level
parameters applied through a VC class or directly to the bundle can be superseded by commands that
you directly apply to individual VCs in bundle-VC configuration mode.
Examples In the following example, a class called “class1” is created and then applied to the bundle called
“bundle1”:
! The following commands create the class class1:
vc-class atm class1
encapsulation aal5snap
broadcast
protocol ip inarp
oam-bundle manage 3
oam 4 3 10
With hierarchy precedence rules taken into account, VCs belonging to the bundle called “bundle1” will
be characterized by these parameters: aal5snap, encapsulation, broadcast on, use of Inverse Address
Resolution Protocol (Inverse ARP) to resolve IP addresses, and Operation, Administration, and
Maintenance (OAM) enabled.
class-map
To create a class map to be used for matching packets to a specified class, use the class-map command
in global configuration mode. To remove an existing class map from the router, use the no form of this
command.
Note The class-map command enters class-map configuration mode in which you can enter one of the match
commands to configure the match criteria for this class.
Cisco 2600, 3660, 3845, 6500, 7200, 7401, and 7500 Series Routers
Syntax Description type stack (Optional) Enables flexible packet matching (FPM) functionality to
determine the correct protocol stack to examine.
If the appropriate protocol header description files (PHDFs) have been
loaded onto the router (via the load protocol command), a stack of protocol
headers can be defined so that the filter can determine which headers are
present and in what order.
type access-control (Optional) Determines the exact pattern to look for in the protocol stack of
interest.
Note You must specify a stack class map (via the type stack keywords)
before you can specify an access-control class map (via the type
access-control keywords).
type port-filter (Optional) Creates a port-filter class map that enables the TCP/UDP port
policing of control plane packets. When enabled, it provides filtering of
traffic that is destined to specific ports on the control-plane host
subinterface.
type queue-threshold (Optional) Enables queue thresholding that limits the total number of
packets for a specified protocol that are allowed in the control plane IP input
queue. This feature applies only to the control-plane host subinterface.
type logging log-class (Optional) Enables logging of packet traffic on the control plane. The
log-class is the name of the log class. The name can be a maximum of 40
alphanumeric characters.
match-all (Optional) Determines how packets are evaluated when multiple match
criteria exist. Matches statements under this class map based on the logical
AND function. One statement and another are accepted. If you do not
specify the match-all or match-any keyword, the default keyword is
match-all.
match-any (Optional) Determines how packets are evaluated when multiple match
criteria exist. Matches statements under this class map based on the logical
OR function. One statement or another is accepted. If you do not specify the
match-any or match-all keyword, the default keyword is match-all.
class-map-name Name of the class for the class map. The name can be a maximum of
40 alphanumeric characters. The class name is used for both the class map
and to configure a policy for the class in the policy map.
Usage Guidelines Cisco 2600, 3660, 3845, 6500, 7200, 7401, and 7500 Series Routers
Use the class-map command to specify the class that you will create or modify to meet the class-map
match criteria. This command enters class-map configuration mode in which you can enter one of the
match commands to configure the match criteria for this class. Packets that arrive at either the input
interface or the output interface (determined by how the service-policy command is configured) are
checked against the match criteria configured for a class map to determine if the packets belong to that
class.
When configuring a class map, you can use one or more match commands to specify match criteria. For
example, you can use the match access-group command, the match protocol command, or the match
input-interface command. The match commands vary according to the Cisco IOS release. For more
information about match criteria and match commands, see the “Modular Quality of Service
Command-Line Interface (CLI) (MQC)” chapter of the Cisco IOS Quality of Service Solutions
Configuration Guide.
Examples The following example specifies class101 as the name of a class, and it defines a class map for this class.
The class called class101 specifies policy for traffic that matches access control list 101.
Router(config)# class-map class101
Router(config-cmap)# match access-group 101
The following example shows how to define FPM traffic classes for slammer and UDP packets. The
match criteria defined within the class maps are for slammer and UDP packets with an IP length not to
exceed 404 bytes, UDP port 1434, and pattern 0x4011010 at 224 bytes from the start of the IP header.
Router(config)# load protocol disk2:ip.phdf
Router(config)# load protocol disk2:udp.phdf
The following example shows how to configure a port-filter policy to drop all traffic that is destined to
closed or “nonlistened” ports except SNMP.
Router(config)# class-map type port-filter pf-class
Router(config-cmap)# match not port udp 123
Router(config-cmap)# match closed-ports
Router(config-cmap)# exit
Router(config)# policy-map type port-filter pf-policy
Router(config-pmap)# class pf-class
Router(config-pmap-c)# drop
Router(config-pmap-c)# end
The following example shows how to access the class-map commands and subcommands, configure a
class map named ipp5, and enter a match statement for IP precedence 5:
Router(config)# class-map ipp5
Router(config-cmap)# match ip precedence 5
class-map arp-peruser
To create a class map to be used for matching Address Resolution Protocol (ARP) per-user packets, use
the class-map arp-peruser command in global configuration mode. To disable, use the no form of the
command.
class-map arp-peruser
Usage Guidelines Use this command to create an ARP class map when configuring CoPP.
clear control-plane
To clear counters for control-plane interfaces or subinterfaces, use the clear control-plane command in
privileged EXEC mode.
Usage Guidelines Use the clear control-plane command to clear counters for all features on the control-plane interfaces
or subinterfaces.
Examples The following example clears the counters for all features on the control-plane host feature path.
Router# clear control-plane host
Command Description
show control-plane Displays the configured features for the aggregate control-plane interface.
features
show control-plane Displays the control-plane packet counters for the control-plane host
host counters subinterface.
show control-plane Displays the configured features for the control-plane host subinterface.
host features
show control-plane Displays a list of open TCP/UDP ports that are registered with the port-filter
host open-ports database.
show control-plane Displays the control-plane packet counters for the control-plane transit
transit counters subinterface.
show control-plane Displays the configured features for the control-plane transit subinterface.
transit features
Syntax Description ip-address (Optional) Frees security associations with a specific neighbor.
hostname (Optional) Frees security associations with a specific host.
Note The difference between the ip-address and hostname arguments is the difference of specifying the
neighbor by its IP address or by its name.
Usage Guidelines Use the clear ip rsvp authentication command for the following reasons:
• To eliminate security associations before their lifetimes expire
• To free up memory
• To resolve a problem with a security association being in some indeterminate state
• To force reauthentication of neighbors
You can delete all RSVP security associations if you do not enter an IP address or a hostname, or just
the ones with a specific RSVP neighbor or host.
If you delete a security association, it is re-created as needed when the trusted RSVP neighbors start
sending more RSVP messages.
Examples The following command shows how to clear all security associations before they expire:
Router# clear ip rsvp authentication
Syntax Description confirm (Optional) Requests a confirmation that all IP RSVP counters were cleared.
Usage Guidelines This command allows you to set all IP RSVP counters to zero so that you can see changes easily.
Examples In the following example, all IP RSVP counters that are being maintained are cleared:
Router# clear ip rsvp counters
Examples Following is sample output from the show ip rsvp hello instance detail command and then the clear ip
rsvp hello instance counters command. Notice that the “Statistics” fields have been cleared to zero.
Router# show ip rsvp hello instance detail
Examples This example shows sample output from the show ip rsvp hello statistics command and the values in
those fields after you enter the clear ip rsvp hello instance statistics command.
Router# show ip rsvp hello statistics
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:4
Current length: 0 (max:500)
Number of samples taken: 2398525
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:0
Current length: 0 (max:500)
Number of samples taken: 0
Usage Guidelines Use this command to remove all information about how long hello packets have been in the hello input
queue.
Examples Following is sample output from the show ip rsvp hello statistics command and the clear ip rsvp hello
statistics command. Notice that the values in the “Packet arrival queue” fields have been cleared.
Router# show ip rsvp hello statistics
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:4
Current length: 0 (max:500)
Number of samples taken: 2398525
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:0
Current length: 0 (max:500)
Number of samples taken: 16
Usage Guidelines Use the clear ip rsvp high-availability counters command to clear (set to zero) the HA counters, which
include state, ISSU, resource failures, and historical information.
Examples The following example clears all the HA information currently being maintained by the RP:
Router# clear ip rsvp high-availability counters
To clear the Resource Reservation Protocol (RSVP) message pacing output from the show ip rsvp
neighbor command, use the clear ip rsvp msg-pacing command in privileged EXEC mode.
Examples The following example clears the RSVP message pacing output:
Router# clear ip rsvp msg-pacing
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, it is the IP multicast address of the session.
sender-ip-address The IP address of the sender.
tcp | udp | ip-protocol TCP, User Datagram Protocol (UDP), or IP protocol in the range from 0 to
65535.
session-dport The destination port.
Note Port numbers are specified in all cases, because the use of 16-bit
ports following the IP header is not limited to UDP or TCP. If
destination is zero, source must be zero, and the implication is that
ports are not checked. If destination is nonzero, source must be
nonzero (except for wildcard filter (wf) reservations, for which the
source port is always ignored and can therefore be zero).
sender-sport The source port.
Note Port numbers are specified in all cases, because the use of 16-bit
ports following the IP header is not limited to UDP or TCP. If
destination is zero, source must be zero, and the implication is that
ports are not checked. If destination is nonzero, source must be
nonzero (except for wildcard filter (wf) reservations, for which the
source port is always ignored and can therefore be zero).
* Wildcard used to clear all senders.
Usage Guidelines Use the clear ip rsvp reservation command to remove the RESV-related sender information currently
in the database so that when reservation requests arrive, based on the RSVP admission policy, the
relevant ones can be reestablished.
Whenever you change the clockrate or bandwidth of an interface, RSVP does not update its database to
reflect the change. This is because such a change requires that RSVP reestablish reservations based on
the new clockrate or bandwidth value and arbitrarily dropping some reservations while retaining others
is not desired. The solution is to clear the RESV state by issuing the clear ip rsvp reservation command.
The clear ip rsvp reservation command clears the RESV state from the router on which you issued the
command and causes the router to send a PATH TEAR message to the upstream routers thereby clearing
the RESV state for that reservation on all the upstream routers.
Examples The following example clears all the RESV-related receiver information currently in the database:
Router# clear ip rsvp reservation *
The following example clears all the RESV-related receiver information for a specified reservation
currently in the database:
Router# clear ip rsvp reservation 10.2.1.1 10.1.1.2 udp 10 20
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, it is the IP multicast address of the session.
sender-ip-address The IP address of the sender.
tcp | udp | ip-protocol TCP, User Datagram Protocol (UDP), or IP protocol in the range from 0 to
65535.
session-dport The destination port.
Note Port numbers are specified in all cases, because the use of 16-bit
ports following the IP header is not limited to UDP or TCP. If
destination is zero, source must be zero, and the implication is that
ports are not checked. If destination is nonzero, source must be
nonzero (except for wildcard filter (wf) reservations, for which the
source port is always ignored and can therefore be zero).
sender-sport The source port.
Note Port numbers are specified in all cases, because the use of 16-bit
ports following the IP header is not limited to UDP or TCP. If
destination is zero, source must be zero, and the implication is that
ports are not checked. If destination is nonzero, source must be
nonzero (except for wildcard filter (wf) reservations, for which the
source port is always ignored and can therefore be zero).
* Wildcard used to clear all senders.
Usage Guidelines Use the clear ip rsvp sender command to remove the PATH-related sender information currently in the
database so that when reservation requests arrive, based on the RSVP admission policy, the relevant ones
can be reestablished.
Whenever you change the clockrate or bandwidth of an interface, RSVP does not update its database to
reflect the change. This is because such a change requires that RSVP reestablish reservations based on
the new clockrate or bandwidth value and arbitrarily dropping some reservations while retaining others
is not desired. The solution is to clear the PATH state by issuing the clear ip rsvp sender command.
The clear ip rsvp sender command clears the PATH state from the router on which you issued the
command and causes the router to send a PATH TEAR message to the downstream routers thereby
clearing the PATH state for that reservation on all the downstream routers.
Examples The following example clears all the PATH-related sender information currently in the database:
Router# clear ip rsvp sender *
The following example clears all the PATH-related sender information for a specified reservation
currently in the database:
Router# clear ip rsvp sender 10.2.1.1 10.1.1.2 udp 10 20
Command Default The default is to clear all the RSVP FLR counters.
Usage Guidelines Use the clear ip rsvp signalling fast-local-repair statistics command to set all the RSVP FLR counters
to zero. The statistics include information about FLR procedures such as the current state, the start time,
and the repair rate.
Examples The following example clears all the RSVP FLR counters being maintained in the database:
Router# clear ip rsvp signalling fast-local-repair statistics
Usage Guidelines Use the clear ip rsvp signalling rate-limit command to clear the counters recording dropped messages.
Examples The following command shows how all dropped messages are cleared:
Router# clear ip rsvp signalling rate-limit
Usage Guidelines Use the clear ip rsvp signalling refresh reduction command to clear the counters recording
retransmissions and out-of-order RSVP messages.
Examples The following command shows how all the retransmissions and out-of-order messages are cleared:
Router# clear ip rsvp signalling refresh reduction
clear mls qos [ip | ipx | mac | mpls | ipv6 | arp [interface-type interface-number |
null interface-number | port-channel number | vlan vlan-id]]
Usage Guidelines The valid values for interface-type include the ge-wan, atm, and pos keywords that are supported on
Cisco 7600 series routers that are configured with a Supervisor Engine 2.
The ipx keyword is supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2 only.
The ipv6 and arp keywords are supported on Cisco 7600 series routers that are configured with a
Supervisor Engine 720 only.
The interface-number argument designates the module and port number. Valid values for
interface-number depend on the specified interface type and the chassis and module that are used. For
example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module
that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values
for the port number are from 1 to 48.
If you enter the clear mls qos command with no arguments, the global and per-interface aggregate QoS
counters for all protocols are cleared.
If you do not enter an interface type, the protocol aggregate-QoS counters for all interfaces are cleared.
Note Entering the clear mls qos command affects the policing token bucket counters and might briefly allow
traffic to be forwarded that would otherwise be policed.
Examples This example shows how to clear the global and per-interface aggregate-QoS counters for all protocols:
Router# clear mls qos
This example shows how to clear the specific protocol aggregate-QoS counters for all interfaces:
Router# clear mls qos ip
compression header ip
To configure Real-Time Transport Protocol (RTP) or TCP IP header compression for a specific class,
use the compression header ip command in policy-map class configuration mode. To remove RTP or
TCP IP header compression for a specific class, use the no form of this command.
no compression header ip
Defaults If you do not specify either RTP or TCP header compression (that is, you press the enter key after the
command name) both RTP and TCP header compressions are configured. This is intended to cover the
“all compressions” scenario.
Usage Guidelines Using any form of the compression header ip command overrides any previously entered form.
The compression header ip command can be used at any level in the policy map hierarchy configured
with the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) feature.
Examples In the following example, the compression header ip command has been configured to use RTP header
compression for a class called “class1”. Class1 is part of policy map called “policy1”.
Router(config)# policy-map policy1
Router(config-pmap)# class-map class1
Router(config-pmap-c)# compression header ip rtp
Router(config-pmap-c)# end
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or
parameters (such as a service policy) that are associated with the control plane of the device, use the
control-plane command in global configuration mode. To remove an existing control-plane
configuration from the router, use the no form of this command.
no control-plane
Usage Guidelines After you enter the control-plane command, you can apply a control-plane policing (CoPP), port-filter,
or queue-threshold policy to police traffic destined for the control plane. You can define aggregate CoPPs
for the route processor (RP) and configure a service policy to police all traffic destined to the control
plane:
• From all line cards on the router (aggregate CP services)
• From all interfaces on a line card (distributed CP services)
Aggregate CP services manage traffic destined for the control plane and received on the central switch
engine from all line cards in the router.
Distributed CP services manage CP traffic from interfaces on a specified line card before CP packets are
forwarded to the central switch engine where aggregate CP services are applied.
Note On the Cisco 12000 series Internet router, you can combine distributed and aggregate CP services to
protect the control plane from DoS attacks and provide packet QoS. The slot slot-number parameter is
used only for distributed CP services configurations.
Control-plane policing includes enhanced control-plane functionality. It provides a mechanism for early
dropping of packets directed toward closed or nonlistened Cisco IOS TCP/UPD ports on the router. It
also provides the ability to limit protocol queue usage such that no single misbehaving protocol process
can wedge the control plane interface hold queue.
Note The control-plane command is supported by Cisco IOS Release 12.2S only for the Cisco 7600 router.
For other Cisco IOS releases, the Cisco 7600 supports only the no control-plane command to
discontinue a previously existing configuration condition.
With this enhancement, you can classify control-plane traffic into different categories of traffic. These
categories are as follows:
• Control-plane host subinterface—Subinterface that receives all control-plane IP traffic that is
directly destined for one of the router interfaces. Examples of control-plane host IP traffic include
tunnel termination traffic, management traffic, or routing protocols such as SSH, SNMP, BGP,
OSPF, and EIGRP. All host traffic terminates on and is processed by the router. Most control-plane
protection features and policies operate strictly on the control-plane host subinterface. Since most
critical router control-plane services, such as routing protocols and management traffic, are received
on the control-plane host subinterface, it is critical to protect this traffic through policing and
protection policies. CoPP, port-filtering, and per-protocol queue thresholding protection features
can be applied on the control-plane host subinterface.
• Control-plane transit subinterface—Subinterface that receives all control-plane IP traffic that is
software switched by the route processor. This means packets not directly destined to the router
itself but rather traffic traversing through the router. Nonterminating tunnels handled by the router
are an example of this type of control-plane traffic. Control-plane protection allows specific
aggregate policing of all traffic received at this subinterface.
• Control-plane CEF-exception subinterface—Subinterface that receives all traffic that is either
redirected as a result of a configured input feature in the CEF packet forwarding path for process
switching or directly enqueued in the control-plane input queue by the interface driver (for example,
ARP, L2 keepalives, and all non-IP host traffic). Control-plane protection allows specific aggregate
policing of this specific type of control-plane traffic.
Examples The following example shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
to forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets to be policed at the specified rate. The QoS policy is then applied for aggregate CP services to
all packets that are entering the control plane from all line cards in the router.
! Allow 10.1.1.1 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate-limit all other Telnet traffic.
Router(config)# access-list 140 permit tcp any any eq telnet
! Define class map “telnet-class.”
Router(config)# class-map telnet-class
Router(config-cmap)# match access-group 140
Router(config-cmap)# exit
Router(config)# policy-map control-plane-in
Router(config-pmap)# class telnet-class
Router(config-pmap-c)# police 80000 conform transmit exceed drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
! Define aggregate control plane service for the active route pSrocessor.
Router(config)# control-plane
Router(config-cp)# service-policy input control-plane-in
Router(config-cp)# exit
The next example also shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
to forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets that enter through slot 1 to be policed at the specified rate. The QoS policy is applied for
distributed CP services to all packets that enter through the interfaces on the line card in slot 1 and are
destined for the control plane.
! Allow 10.1.1.1 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate-limit all other Telnet traffic.
Router(config)# access-list 140 permit tcp any any eq telnet
! Define class map “telnet-class.”
Router(config)# class-map telnet-class
Router(config-cmap)# match access-group 140
Router(config-cmap)# exit
Router(config)# policy-map control-plane-in
Router(config-pmap)# class telnet-class
Router(config-pmap-c)# police 80000 conform transmit exceed drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
! Define aggregate control plane service for the active route processor.
Router(config)# control-plane slot 1
Router(config-cp)# service-policy input control-plane-in
Router(config-cp)# exit
The following shows how to apply an aggregate CoPP policy to the host control-plane traffic by applying
it to the host control-plane feature path:
Router(config)# control-plane host
Router(config-cp)# service-policy input cpp-policy-host
The following shows how to apply an aggregate CoPP policy to the transit control-plane traffic by
applying it to the control-plane transit feature path:
Router(config)# control-plane transit
Router(config-cp)# service-policy input cpp-policy-transit
The following shows how to apply an aggregate CoPP policy to the Cef-exception control-plane traffic
by applying it to the control-plane CEF-exception feature path:
Router(config)# control-plane cef-exception
Router(config-cp)# service-policy input cpp-policy-cef-exception
custom-queue-list
To assign a custom queue list to an interface, use the custom-queue-list command in interface
configuration mode. To remove a specific list or all list assignments, use the no form of this command.
custom-queue-list [list-number]
no custom-queue-list [list-number]
Syntax Description list-number Any number from 1 to 16 for the custom queue list.
Usage Guidelines Only one queue list can be assigned per interface. Use this command in place of the priority-list
interface command (not in addition to it). Custom queueing allows a fairness not provided with priority
queueing. With custom queueing, you can control the bandwidth available on the interface when the
interface is unable to accommodate the aggregate traffic enqueued. Associated with each output queue
is a configurable byte count, which specifies how many bytes of data should be delivered from the
current queue by the system before the system moves on to the next queue. When a particular queue is
being processed, packets are sent until the number of bytes sent exceeds the queue byte count or until
the queue is empty.
Use the show queueing custom and show interfaces commands to display the current status of the
custom output queues.
Examples In the following example, custom queue list number 3 is assigned to serial interface 0:
interface serial 0
custom-queue-list 3
description (class-map)
To add a description to the class map or the policy map, use the description command in class-map
configuration or policy-map configuration mode. To remove the description from the class map or the
policy map, use the no form of this command.
description character-string
no description
Syntax Description character-string Comment or a description that is added to the class map or the policy map.
The character-string cannot exceed 161 characters.
Usage Guidelines The description command is meant solely as a comment to be put in the configuration to help you
remember information about the class map or policy map, such as which packets are included within the
class map.
Examples The following example shows how to specify a description within the class map “ip-udp” and the policy
map “fpm-policy”:
class-map type stack match-all ip-udp
description “match UDP over IP packets”
match field ip protocol eq 0x11 next udp
!
policy-map type access-control fpm-policy
description “drop worms and malicious attacks”
class ip-udp
service-policy fpm-udp-policy
!
!
interface gigabitEthernet 0/1
service-policy type access-control input fpm-policy
disconnect qdm
To disconnect a Quality of Service Device Manager (QDM) client, use the disconnect qdm command
in EXEC or privileged EXEC mode.
Syntax Description client (Optional) Specifies that a specific QDM client will be disconnected.
client-id (Optional) Specifies the specific QDM identification number to disconnect.
A QDM identification number can be a number from 0 to 2,147,483,647.
Usage Guidelines Use the disconnect qdm command to disconnect all QDM clients that are connected to the router.
Use the disconnect qdm [client client-id] command to disconnect a specific QDM client connected to
a router. For instance, using the disconnect qdm client 42 command will disconnect the QDM client
with the ID 42.
Note For the Cisco 7600 series QDM is not supported on Cisco Optical Services Module (OSM)
interfaces.
Examples The following example shows how to disconnect all connected QDM clients:
Router# disconnect qdm
The following example shows how to disconnect a specific QDM client with client ID 9:
Router# disconnect qdm client 9
drop
To configure a traffic class to discard packets belonging to a specific class, use the drop command in
policy-map class configuration mode. To disable the packet discarding action in a traffic class, use the
no form of this command.
drop
no drop
Defaults Disabled
Usage Guidelines Note the following points when configuring the drop command to unconditionally discard packets in a
traffic class:
• Discarding packets is the only action that can be configured in a traffic class. That is, no other
actions can be configured in the traffic class.
• When a traffic class is configured with the drop command, a “child” (nested) policy cannot be
configured for this specific traffic class through the service policy command.
• Discarding packets cannot be configured for the default class known as the class-default class.
Examples In the following example a traffic class called “class1” has been created and configured for use in a
policy map called “policy1.” The policy map (service policy) is attached to an output serial interface 2/0.
All packets matching access-group 101 are placed in a class called “c1.” Packets belonging to this class
are discarded.
Router(config)# class-map class1
Router(config-cmap)# match access-group 101
Router(config-cmap)# policy-map policy1
Router(config-pmap)# class c1
Router(config-pmap-c)# drop
Router(config-pmap-c)# interface s2/0
Router(config-if)# service-policy output policy1
Router(config-if)# end
dscp
To change the minimum and maximum packet thresholds for the differentiated services code point
(DSCP) value, use the dscp command in random-detect-group configuration mode. To return the
minimum and maximum packet thresholds to the default for the DSCP value, use the no form of this
command.
Syntax Description dscp-value Specifies the DSCP value. The DSCP value can be a number from
0 to 63, or it can be one of the following keywords: ef, af11, af12,
af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2,
cs3, cs4, cs5, or cs7.
min-threshold Minimum threshold in number of packets. The value range of this
argument is from 1 to 4096. When the average queue length reaches
the minimum threshold, Weighted Random Early Detection
(WRED) randomly drops some packets with the specified DSCP
value.
max-threshold Maximum threshold in number of packets. The value range of this
argument is the value of the min-threshold argument to 4096. When
the average queue length exceeds the maximum threshold, WRED
drops all packets with the specified DSCP value.
mark-probability-denominator (Optional) Denominator for the fraction of packets dropped when
the average queue depth is at the maximum threshold. For example,
if the denominator is 512, one out of every 512 packets is dropped
when the average queue is at the maximum threshold. The value
range is from 1 to 65536. The default is 10; one out of every ten
packets is dropped at the maximum threshold.
Command Default If WRED is using the DSCP value to calculate the drop probability of a packet, all entries of the DSCP
table are initialized with the default settings shown in Table 7 of the “Usage Guidelines” section.
Usage Guidelines This command must be used in conjunction with the random-detect-group command.
Additionally, the dscp command is available only if you specified the dscp-based argument when using
the random-detect-group command.
Table 7 lists the DSCP default settings used by the dscp command. Table 7 lists the DSCP value, and its
corresponding minimum threshold, maximum threshold, and mark probability. The last row of the table
(the row labeled “default”) shows the default settings used for any DSCP value not specifically shown
in the table.
Examples The following example enables WRED to use the DSCP value af22. The minimum threshold for the
DSCP value af22 is 28, the maximum threshold is 40, and the mark probability is 10.
Router> enable
Router# configure terminal
Router(config)# random-detect-group class1 dscp-based
Router(cfg-red-group)# dscp af22 28 40 10
Router(cfg-red-group)# end
estimate bandwidth
To estimate the bandwidth needed per traffic class for given quality of service (QoS) targets based on
traffic data, use the estimate bandwidth command in policy-map class configuration mode. To disable
the estimated bandwidth processing, use the no form of this command.
no estimate bandwidth
Syntax Description drop-one-in n (Optional) The packet loss rate; for example, a value of 999 means drop no
more than one packet out of 999. The range for n is 50 to 1000000 packets.
delay-one-in n (Optional) The packet delay time and probability; the range for n is 50 to
milliseconds n 1000000 packets. The delay threshold; the range for n is 8 to 1000
milliseconds.
Defaults Disabled
Usage Guidelines Use the estimate bandwidth command to specify the target drop probability, the delay time and
probability, and the timeframe.
If you specify a delay time, you must also specify a delay threshold.
If you issue the estimate bandwidth command with no keywords, the default target is drop less than
2 percent, which is the same as entering estimate bandwidth drop-one-in 500.
Examples In the following example, the QoS targets are drop no more than one packet in 100, and delay no more
than one packet in 100 by more than 50 milliseconds:
Router(config-pmap-c)# estimate bandwidth drop-one-in 100 delay-one-in 100 milliseconds 50
exponential-weighting-constant
To configure the exponential weight factor for the average queue size calculation for a Weighted Random
Early Detection (WRED) parameter group, use the exponential-weighting-constant command in
random-detect-group configuration mode. To return the exponential weight factor for the group to the
default, use the no form of this command.
exponential-weighting-constant exponent
no exponential-weighting-constant
Syntax Description exponent Exponent from 1 to 16 used in the average queue size calculation.
Usage Guidelines When used, this command is issued after the random-detect-group command is entered.
Use this command to change the exponent used in the average queue size calculation for a WRED
parameter group. The average queue size is based on the previous average and the current size of the
queue. The formula is:
average = (old_average * (1-1/2^x)) + (current_queue_size * 1/2^x)
where x is the exponential weight factor specified in this command. Thus, the higher the factor, the more
dependent the average is on the previous average.
Note The default WRED parameter values are based on the best available data. We recommend that you do
not change the parameters from their default values unless you have determined that your applications
would benefit from the changed values.
For high values of x, the previous average becomes more important. A large factor smooths out the peaks
and lows in queue length. The average queue size is unlikely to change very quickly. The WRED process
will be slow to start dropping packets, but it may continue dropping packets for a time after the actual
queue size has fallen below the minimum threshold. The resulting slow-moving average will
accommodate temporary bursts in traffic.
If the value of x gets too high, WRED will not react to congestion. Packets will be sent or dropped as if
WRED were not in effect.
For low values of x, the average queue size closely tracks the current queue size. The resulting average
may fluctuate with changes in the traffic levels. In this case, the WRED process will respond quickly to
long queues. Once the queue falls below the minimum threshold, the process will stop dropping packets.
If the value of x gets too low, WRED will overreact to temporary traffic bursts and drop traffic
unnecessarily.
Examples The following example configures the WRED group called sanjose with a weight factor of 10:
random-detect-group sanjose
exponential-weighting-constant 10
fair-queue (class-default)
To specify the number of dynamic queues to be reserved for use by the class-default class as part of the
default class policy, use the fair-queue command in policy-map class configuration mode. To delete the
configured number of dynamic queues from the class-default policy, use the no form of this command.
fair-queue [number-of-dynamic-queues]
no fair-queue [number-of-dynamic-queues]
Syntax Description number-of-dynamic-queues (Optional) A power of 2 that specifies the number of dynamic queues.
Range is from 16 to 4096.
Command Default The number of dynamic queues is derived from the interface or ATM permanent virtual circuit (PVC)
bandwidth. See Table 8 in the “Usage Guidelines” section for the default number of dynamic queues that
weighted fair queueing (WFQ) and class-based WFQ (CBWFQ) use when they are enabled on an
interface. See Table 9 in the “Usage Guidelines” section for the default number of dynamic queues used
when WFQ or CBWFQ is enabled on an ATM PVC.
Usage Guidelines This command can be used for the default class (commonly known as the class-default class) only. You
can use it in conjunction with either the queue-limit command or the random-detect command.
The class-default class is the default class to which traffic is directed if that traffic does not satisfy the
match criteria of other classes whose policy is defined in the policy map.
Table 8 lists the default number of dynamic queues that weighted fair queueing (WFQ) and class-based
WFQ (CBWFQ) use when they are enabled on an interface.
Table 9 lists the default number of dynamic queues used when WFQ or CBWFQ is enabled on an
ATM PVC.
Examples The following example configures policy for the default class included in the policy map called policy9.
Packets that do not satisfy match criteria specified for other classes whose policies are configured in the
same service policy are directed to the default class, for which 16 dynamic queues have been reserved.
Because the queue-limit command is configured, tail drop is used for each dynamic queue when the
maximum number of packets are enqueued and additional packets arrive.
policy-map policy9
class class-default
fair-queue 16
queue-limit 20
The following example configures policy for the default class included in the policy map called policy8.
The fair-queue command reserves 20 dynamic queues to be used for the default class. For congestion
avoidance, Weighted Random Early Detection (WRED) packet drop is used, not tail drop.
policy-map policy8
class class-default
fair-queue 64
random-detect
fair-queue (DWFQ)
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ), use the
fair-queue command in interface configuration mode. To disable DWFQ, use the no form of this
command.
fair-queue
no fair-queue
Command Default DWFQ is enabled by default for physical interfaces whose bandwidth is less than or equal to
2.048 Mbps.
DWFQ can be configured on interfaces but not subinterfaces. It is not supported on Fast EtherChannel,
tunnel, or other logical or virtual interfaces such as Multilink PPP (MLP).
See Table 10 in the “Usage Guidelines” section of this command for a list of the default queue lengths
and thresholds.
Usage Guidelines The fair-queue (DWFQ) command enables DWFQ on an interface using a VIP2-40 or greater interface
processor.
With DWFQ, packets are classified by flow. Packets with the same source IP address, destination IP
address, source TCP or User Datagram Protocol (UDP) port, destination TCP or UDP port, and protocol
belong to the same flow.
DWFQ allocates an equal share of the bandwidth to each flow.
Table 10 lists the default queue lengths and thresholds.
Examples The following example enables DWFQ on the High-Speed Serial Interface (HSSI) interface 0/0/0:
interface Hssi0/0/0
description 45Mbps to R2
ip address 10.200.14.250 255.255.255.252
fair-queue
fair-queue [dynamic-queues]
no fair-queue [dynamic-queues]
Syntax Description dynamic-queues (Optional) A number specifying the number of dynamic conversation
queues. The number can be in the range of 16 to 4096.
Usage Guidelines On a VIP, the fair-queue command can be used for any traffic class (as opposed to non-VIP platforms,
which can only use the fair-queue command in the default traffic class). The fair-queue command can
be used in conjunction with either the queue-limit command or the random-detect
exponential-weighting-constant command.
Examples The following example configures the default traffic class for the policy map called policy9 to reserve
ten queues for packets that do not satisfy match criteria specified for other traffic classes whose policy
is configured in the same service policy. Because the queue-limit command is configured, tail drop is
used for each queue when the maximum number of packets is enqueued and additional packets arrive.
policy-map policy9
class class-default
fair-queue 10
queue-limit 20
The following example configures a service policy called policy8 that is associated with a user-defined
traffic class called class1. The fair-queue command reserves 20 queues to be used for the service policy.
For congestion avoidance, Weighted Random Early Detection (WRED) or distributed WRED (DWRED)
packet drop is used, not tail drop.
policy-map policy8
class class1
fair-queue 20
random-detect exponential-weighting-constant 14
fair-queue (WFQ)
To enable weighted fair queueing (WFQ), use the fair-queue command in interface configuration or
policy-map class configuration mode. To disable WFQ, use the no form of this command.
no fair-queue
Syntax Description congestive-discard-threshold (Optional) Number of messages allowed in each queue. The range is
1 to 4096 and the default is 64 messages. When a conversation
reaches this threshold, new message packets are discarded.
dynamic-queues (Optional) Number of dynamic queues used for best-effort
conversations (that is, a normal conversation not requiring any
special network services). Values are 16, 32, 64, 128, 256, 512, 1024,
2048, and 4096. See Table 4 and Table 5 in the fair-queue
(class-default) command for the default number of dynamic queues.
reservable-queues (Optional) Number of reservable queues used for reserved
conversations in the range 0 to 1000. The default is 0. Reservable
queues are used for interfaces configured for features such as
Resource Reservation Protocol (RSVP).
Command Default Fair queueing is enabled by default for physical interfaces whose bandwidth is less than or equal to
2.048 Mbps and that do not use the following:
• X.25 and Synchronous Data Link Control (SDLC) encapsulations
• Link Access Procedure, Balanced (LAPB)
• Tunnels
• Loopbacks
• Dialer
• Bridges
• Virtual interfaces
Fair queueing is not an option for the protocols listed above. However, if custom queueing or priority
queueing is enabled for a qualifying link, it overrides fair queueing, effectively disabling it. Additionally,
fair queueing is automatically disabled if you enable the autonomous or silicon switching engine
mechanisms.
Note A variety of queueing mechanisms can be configured using multilink; for example, Multichassis
Multilink PPP (MMP). However, if only PPP is used on a tunneled interface—for example, virtual
private dialup network (VPND), PPP over Ethernet (PPPoE), or PPP over Frame Relay (PPPoFR)—no
queueing can be configured on the virtual interface.
The number of dynamic queues is derived from the interface or ATM permanent virtual circuit (PVC)
bandwidth. See Table 11 in the fair-queue (class-default) command for the default number of dynamic
queues that WFQ and class-based WFQ (CBWFQ) use when they are enabled on an interface. See
Table 11 in the fair-queue (class-default) command for the default number of dynamic queues used
when WFQ and CBWFQ are enabled on an ATM PVC.
Usage Guidelines This command enables WFQ. With WFQ, packets are classified by flow. For example, packets with the
same source IP address, destination IP address, source TCP or User Datagram Protocol (UDP) port,
destination TCP or UDP port, and protocol belong to the same flow; see Table 11 for a full list of
protocols and traffic stream discrimination fields.
When enabled for an interface, WFQ provides traffic priority management that automatically sorts
among individual traffic streams without requiring that you first define access lists. Enabling WFQ
requires use of this command only.
When WFQ is enabled for an interface, new messages for high-bandwidth traffic streams are discarded
after the configured or default congestive discard threshold has been met. However, low-bandwidth
conversations, which include control message conversations, continue to enqueue data. As a result, the
fair queue may occasionally contain more messages than its configured threshold number specifies.
WFQ uses a traffic data stream discrimination registry service to determine which traffic stream a
message belongs to. For each forwarding protocol, Table 11 shows the message attributes that are used
to classify traffic into data streams.
IP Precedence, congestion in Frame Relay switching, and discard eligible (DE) flags affect the weights
used for queueing.
IP Precedence, which is set by the host or by policy maps, is a number in the range from 0 to 7. Data
streams of precedence number are weighted so that they are given an effective bit rate of number+1 times
as fast as a data stream of precedence 0, which is normal.
In Frame Relay switching, message flags for forward explicit congestion notification (FECN), backward
explicit congestion notification (BECN), and DE message flags cause the algorithm to select weights
that effectively impose reduced queue priority. The reduced queue priority provides the application with
“slow down” feedback and sorts traffic, giving the best service to applications within their committed
information rate (CIR).
Fair queueing is supported for all LAN and line (WAN) protocols except X.25, including LAPB and
SDLC; see the notes in the section “Defaults.” Because tunnels are software interfaces that are
themselves routed over physical interfaces, fair queueing is not supported for tunnels. Fair queueing is
on by default for interfaces with bandwidth less than or equal to 2 Mbps.
Note For Release 10.3 and earlier releases for the Cisco 7000 and 7500 routers with a Route Switch Processor
(RSP) card, if you used the tx-queue-limit command to set the transmit limit available to an interface
on a Multiport Communications Interface (MCI) or serial port communications interface (SCI) card and
you configured custom queueing or priority queueing for that interface, the configured transmit limit was
automatically overridden and set to 1. With Cisco IOS Release 12.0 and later releases, for WFQ, custom
queueing, and priority queueing, the configured transmit limit is derived from the bandwidth value set
for the interface using the bandwidth (interface) command. Bandwidth value divided by 512 rounded
up yields the effective transmit limit. However, the derived value only applies in the absence of a
tx-queue-limit command; that is, a configured transmit limit overrides this derivation.
When you configure Resource Reservation Protocol (RSVP) on an interface that supports fair queueing
or on an interface that is configured for fair queueing with the reservable queues set to 0 (the default),
the reservable queue size is automatically configured using the following method: interface bandwidth
divided by 32 kbps. You can override this default by specifying a reservable queue other than 0. For more
information on RSVP, refer to the chapter “Configuring RSVP” in the Cisco IOS Quality of Service
Solutions Configuration Guide.
Examples The following example enables WFQ on serial interface 0, with a congestive threshold of 300. This
threshold means that messages are discarded from the queueing system only when 300 or more messages
have been queued and the message is in a data stream that has more than one message in the queue. The
transmit queue limit is set to 2, based on the 384-kilobit (Kb) line set by the bandwidth command:
interface serial 0
bandwidth 384
fair-queue 300
You can apply the fair-queue command to a user-defined class as shown in the following example:
policy-map p1
class c1
bandwidth 1000
fair-queue
fair-queue aggregate-limit
To set the maximum number of packets in all queues combined for Versatile Interface Processor
(VIP)-distributed weighted fair queueing (DWFQ), use the fair-queue aggregate-limit command in
interface configuration mode. To return the value to the default, use the no form of this command.
no fair-queue aggregate-limit
Syntax Description aggregate-packets Total number of buffered packets allowed before some packets may be
dropped. Below this limit, packets will not be dropped.
Command Default The total number of packets allowed is based on the transmission rate of the interface and the available
buffer space on the VIP.
Usage Guidelines In general, you should not change the maximum number of packets allows in all queues from the default.
Use this command only if you have determined that you would benefit from using a different value,
based on your particular situation.
DWFQ keeps track of the number of packets in each queue and the total number of packets in all queues.
When the total number of packets is below the aggregate limit, queues can buffer more packets than the
individual queue limit.
When the total number of packets reaches the aggregate limit, the interface starts enforcing the
individual queue limits. Any new packets that arrive for a queue that is over its individual queue limit
are dropped. Packets that are already in the queue will not be dropped, even if the queue is over the
individual limit.
In some cases, the total number of packets in all queues put together may exceed the aggregate limit.
fair-queue individual-limit
To set the maximum individual queue depth for Versatile Interface Processor (VIP)-distributed weighted
fair queueing (DWFQ), use the fair-queue individual-limit command in interface configuration mode.
To return the value to the default, use the no form of this command.
no fair-queue individual-limit
Syntax Description individual-packet Maximum number of packets allowed in each per-flow or per-class queue
during periods of congestion.
Usage Guidelines In general, you should not change the maximum individual queue depth from the default. Use this
command only if you have determined that you would benefit from using a different value, based on your
particular situation.
DWFQ keeps track of the number of packets in each queue and the total number of packets in all queues.
When the total number of packets is below the aggregate limit, queues can buffer more packets than the
individual queue limit.
When the total number of packets reaches the aggregate limit, the interface starts enforcing the
individual queue limits. Any new packets that arrive for a queue that is over its individual queue limit
are dropped. Packets that are already in the queue will not be dropped, even if the queue is over the
individual limit.
In some cases, the total number of packets in all queues put together may exceed the aggregate limit.
Examples The following example sets the individual queue limit to 27:
interface Fddi9/0/0
mac-address 0000.0c0c.2222
ip address 10.1.1.1 255.0.0.0
fair-queue tos
fair-queue individual-limit 27
fair-queue limit
To set the maximum queue depth for a specific Versatile Interface Processor (VIP)-distributed weighted
fair queueing (DWFQ) class, use the fair-queue limit command in interface configuration mode. To
return the value to the default, use the no form of this command.
Syntax Description qos-group number Number of the QoS group, as assigned by a committed access rate (CAR)
policy or the Policy Propagation via Border Gateway Protocol (BGP)
feature. The value can range from 1 to 99.
tos number Two low-order IP Precedence bits of the type of service (ToS) field.
class-packet Maximum number of packets allowed in the queue for the class during
periods of congestion.
Command Default The individual queue depth, as specified by the fair-queue individual-limit command. If the fair-queue
individual-limit command is not configured, the default is half of the aggregate queue limit.
Usage Guidelines Use this command to specify the number queue depth for a particular class for class-based DWFQ. This
command overrides the global individual limit specified by the fair-queue individual-limit command.
In general, you should not change this value from the default. Use this command only if you have
determined that you would benefit from using a different value, based on your particular situation.
Examples The following example sets the individual queue limit for ToS group 3 to 20:
interface Fddi9/0/0
mac-address 0000.0c0c.2222
ip address 10.1.1.1 255.0.0.0
fair-queue tos
fair-queue tos 3 limit 20
fair-queue qos-group
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ) and classify
packets based on the internal QoS-group number, use the fair-queue qos-group command in interface
configuration mode. To disable QoS-group-based DWFQ, use the no form of this command.
fair-queue qos-group
no fair-queue qos-group
Usage Guidelines Use this command to enable QoS-group-based DWFQ, a type of class-based DWFQ. Class-based DWFQ
overrides flow-based DWFQ. Therefore, this command overrides the fair-queue (DWFQ) command.
When this command is enabled, packets are assigned to different queues based on their QoS group. A
QoS group is an internal classification of packets used by the router to determine how packets are treated
by certain QoS features, such as DWFQ and committed access rate (CAR). Use a CAR policy or the QoS
Policy Propagation via Border Gateway Protocol (BGP) feature to assign packets to QoS groups.
Specify a weight for each class. In periods of congestion, each group is allocated a percentage of the
output bandwidth equal to the weight of the class. For example, if a class is assigned a weight of 50,
packets from this class are allocated at least 50 percent of the outgoing bandwidth during periods of
congestion.
Examples The following example enables QoS-based DWFQ and allocates bandwidth for nine QoS groups (QoS
groups 0 through 8):
interface Hssi0/0/0
description 45Mbps to R2
ip address 10.200.14.250 255.255.255.252
fair-queue qos-group
fair-queue qos-group 1 weight 5
fair-queue qos-group 2 weight 5
fair-queue qos-group 3 weight 10
fair-queue tos
To enable Versatile Interface Processor (VIP)-distributed weighted fair queueing (DWFQ) and classify
packets using the type of service (ToS) field of packets, use the fair-queue tos command in interface
configuration command. To disable ToS-based DWFQ, use the no form of this command.
fair-queue tos
no fair-queue tos
Usage Guidelines Use this command to enable ToS-based DWFQ, a type of class-based DWFQ. Class-based DWFQ
overrides flow-based DWFQ. Therefore, this command overrides the fair-queue (DWFQ) command.
When this command is enabled, packets are assigned to different queues based on the two low-order IP
Precedence bits in the ToS field of the packet header.
In periods of congestion, each group is allocated a percentage of the output bandwidth equal to the
weight of the class. For example, if a class is assigned a weight of 50, packets from this class are
allocated at least 50 percent of the outgoing bandwidth during periods of congestion.
If you wish to change the weights, use the fair-queue weight command.
Examples The following example enables ToS-based DWFQ on the High-Speed Serial Interface (HSSI) interface
0/0/0:
interface Hssi0/0/0
description 45Mbps to R2
ip address 10.200.14.250 255.255.255.252
fair-queue
fair-queue tos
fair-queue weight
To assign a weight to a class for Versatile Interface Processor (VIP)-distributed weighted fair queueing
(DWFQ), use the fair-queue weight command in interface configuration mode. To remove the
bandwidth allocated for the class, use the no form of this command.
Syntax Description qos-group number Number of the quality of service (QoS) group, as assigned by a committed
access rate (CAR) policy or the Policy Propagation via Border Gateway
Protocol (BGP) feature. The value range is from 1 to 99.
tos number Two low-order IP Precedence bits of the type of service (ToS) field. The
value range is from 1 to 3.
weight Percentage of the output link bandwidth allocated to this class. The sum of
weights for all classes cannot exceed 99.
Command Default For QoS DWFQ, unallocated bandwidth is assigned to QoS group 0.
For ToS-based DWFQ, class 0 is assigned a weight of 10; class 1 is assigned a weight of 20; class 2 is
assigned a weight of 30; and class 3 is assigned a weight of 40.
Usage Guidelines Use this command to allocate percentages of bandwidth for specific DWFQ classes. You must also
enable class-based DWFQ on the interface with either the fair-queue qos-group or fair-queue tos
command.
Enter this command once for every class to allocate bandwidth to the class.
For QoS-group-based DWFQ, packets that are not assigned to any QoS groups are assigned to QoS group
0. When assigning weights to QoS group class, remember the following guidelines:
• One percent of the available bandwidth is automatically allocated to QoS group 0.
• The total weight for all the other QoS groups combined cannot exceed 99.
• Any unallocated bandwidth is assigned to QoS group 0.
Examples The following example allocates bandwidth to different QoS groups. The remaining bandwidth
(5 percent) is allocated to QoS group 0.
interface Fddi9/0/0
fair-queue qos-group
fair-queue qos-group 1 weight 10
fair-queue qos-group 2 weight 15
fair-queue qos-group 3 weight 20
fair-queue qos-group 4 weight 20
fair-queue qos-group 5 weight 30
feedback
To enable the context-status feedback messages from the interface or link, use the feedback command
in IPHC-profile configuration mode. To disable the context-status feedback messages, use the no form
of this command.
feedback
no feedback
Restriction
There are two types of IPHC profiles: Internet Engineering Task Force (IETF) profiles and van-jacobson
profiles. The feedback command is supported for IETF IPHC profiles only. The feedback command is
not supported for van-jacobson IPHC profiles. For more information about IPHC profile types, see the
“Header Compression” section of the Cisco IOS Quality of Service Solutions Configuration Guide,
Release 12.4T.
Prerequisite
Before using the feedback command, you must enable either TCP header compression or non-TCP
header compression. To enable TCP header compression, use the tcp command. To enable non-TCP
header compression, use the non-tcp command.
When the decompressor loses synchronization with the compressor, the decompressor sends a context
status message to the compressor with a list of context IDs to invalidate. The compressor then sends a
full-header packet to the decompressor to reestablish a consistent state. Note that all packets for the
invalid context IDs are discarded until a full-header packet is received for that context ID.
You can disable the sending of context-status messages either when the time it takes for the packet to
traverse the uplink and the downlink portions of the data path is greater than the refresh period (in which
case, the sending of the context-status message would not be useful) or when a feedback path does not
exist.
Examples The following is an example of an IPHC profile called profile2. In this example, context-status feedback
messages have been disabled.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# no feedback
Router(config-iphcp)# end
To assign priority to a permanent virtual circuit (PVC) within a Frame Relay map class, use the
frame-relay interface-queue priority command in map-class configuration mode. To remove priority
from a PVC within a Frame Relay map class, use the no form of this command.
Syntax Description high-limit (Optional) Size of the high priority queue specified in maximum number of
packets.
medium-limit (Optional) Size of the medium priority queue specified in maximum number
of packets.
normal-limit (Optional) Size of the normal priority queue specified in maximum number
of packets.
low-limit (Optional) Size of the low priority queue specified in maximum number of
packets.
high Assigns high priority to a PVC.
medium Assigns medium priority to a PVC.
normal Assigns normal priority to a PVC.
low Assigns low priority to a PVC.
Command Default The default sizes of the high, medium, normal, and low priority queues are 20, 40, 60, and 80 packets,
respectively.
When FR PIPQ is enabled on the interface, the default PVC priority is normal priority.
Usage Guidelines FR PIPQ must be enabled on the interface in order for the map-class configuration of PVC priority to be
effective.
Before you configure FR PIPQ using the frame-relay interface-queue priority command, the
following conditions must be met:
• PVCs should be configured to carry a single type of traffic.
• The network should be configured with adequate call admission control to prevent starvation of any
of the priority queues.
You will not be able to configure FR PIPQ if any queueing other than first-in first out (FIFO) queueing
is already configured at the interface level. You will be able to configure FR PIPQ when weighted fair
queueing (WFQ) is in use, as long as WFQ is the default interface queueing method. Disabling FR PIPQ
will restore the interface to dual FIFO queueing if FRF.12 is enabled, FIFO queueing if Frame Relay
Traffic Shaping (FRTS) is enabled, or the default queueing method for the interface.
Examples In the following example, FR PIPQ is enabled on serial interface 0, and the limits of the high, medium,
normal, and low priority queues are set to 10, 20, 30, and 40 packets, respectively. PVC 100 is assigned
high priority, so all traffic destined for PVC 100 will be sent to the high priority interface queue.
interface serial0
encapsulation frame-relay
frame-relay interface-queue priority 10 20 30 40
frame-relay interface-dlci 100
class high_priority_class
!
map-class frame-relay high_priority_class
frame-relay interface-queue priority high
Syntax Description number Maximum number of RTP header compression connections. The range is
from 3 to 256.
Usage Guidelines Before you can configure the maximum number of connections, RTP header compression must be
configured on the interface using the frame-relay ip rtp header-compression command.
The number of RTP header compression connections must be set to the same value at each end of the
connection.
Examples The following example shows the configuration of a maximum of 150 RTP header compression
connections on serial interface 0:
interface serial 0
encapsulation frame-relay
frame-relay ip rtp header-compression
frame-relay ip rtp compression-connections 150
Usage Guidelines When the frame-relay ip rtp header-compression command is used on the physical interface, all the
interface maps inherit the command; that is, all maps will perform UDP and RTP IP header compression.
Examples The following example enables RTP header compression for all Frame Relay maps on a physical
interface:
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0.1
In the following example, RTP header compression is enabled and the optional periodic-refresh
keyword is specified:
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0.2
Router(config-if)# frame-relay ip rtp header-compression periodic-refresh
Router(config-if)# end
Syntax Description starting-rtp-port-number The starting UDP port number. The lowest port number to which the
packets are sent. A port number can be a number from 2000 to 65535.
port-number-range The range of UDP destination ports. Number, which added to the
starting-rtp-port-number argument, yields the highest UDP port
number. The range can be from 0 to 16383.
bandwidth Maximum allowed bandwidth, in kbps. The bandwidth can range
from 0 to 2000 kbps.
Usage Guidelines This command is most useful for voice applications, or other applications that are delay-sensitive. To
use this command, you must first enter the map-class frame-relay command. After the Frame Relay
map class has been configured, it must then be applied to a PVC.
This command extends the functionality offered by the ip rtp priority command by supporting Frame
Relay PVCs. The command allows you to specify a range of UDP ports whose voice traffic is guaranteed
strict priority service over any other queues or classes using the same output interface. Strict priority
means that if packets exist in the priority queue, they are dequeued and sent first—that is, before packets
in other queues are dequeued.
Frame Relay Traffic Shaping (FRTS) and Frame Relay Fragmentation (FRF.12) must be configured
before the frame-relay ip rtp priority command is used.
Compressed RTP (CRTP) can be used to reduce the bandwidth required per voice call. When using CRTP
with Frame Relay, you must use the encapsulation frame-relay cisco command instead of the
encapsulation frame-relay ietf command.
Remember the following guidelines when configuring the bandwidth parameter:
• It is always safest to allocate to the priority queue slightly more than the known required amount of
bandwidth, to allow room for network bursts.
• The IP RTP Priority admission control policy takes RTP header compression into account.
Therefore, while configuring the bandwidth parameter of the ip rtp priority command you need to
configure only for the bandwidth of the compressed call. Because the bandwidth parameter is the
maximum total bandwidth, you need to allocate enough bandwidth for all calls if there will be more
than one call.
• Configure a bandwidth that allows room for Layer 2 headers. The bandwidth allocation takes into
account the payload plus the IP, UDP, and RTP headers but does not account for Layer 2 headers.
Allowing 25 percent bandwidth for other overhead is conservative and safe.
• The sum of all bandwidth allocation for voice and data flows on an interface cannot exceed
75 percent of the total available bandwidth, unless you change the default maximum reservable
bandwidth. To change the maximum reservable bandwidth, use the max-reserved-bandwidth
command on the interface.
For more information on IP RTP Priority bandwidth allocation, refer to the section “IP RTP Priority” in
the chapter “Congestion Management Overview” in the Cisco IOS Quality of Service Solutions
Configuration Guide.
Examples The following example first configures the Frame Relay map class called voip and then applies the map
class to PVC 100 to provide strict priority service to matching RTP packets:
map-class frame-relay voip
frame-relay cir 256000
frame-relay bc 2560
frame-relay be 600
frame-relay mincir 256000
no frame-relay adaptive-shaping
frame-relay fair-queue
frame-relay fragment 250
frame-relay ip rtp priority 16384 16380 210
interface Serial5/0
ip address 10.10.10.10 255.0.0.0
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
load-interval 30
clockrate 1007616
frame-relay traffic-shaping
frame-relay interface-dlci 100
class voip
frame-relay ip rtp header-compression
frame-relay intf-type dce
In this example, RTP packets on PVC 100 with UDP ports in the range from 16384 to 32764
(32764 = 16384 + 16380) will be matched and given strict priority service.
Syntax Description number Maximum number of TCP header compression connections. The range is
from 3 to 256.
Usage Guidelines Before you can configure the maximum number of connections, TCP header compression must be
configured on the interface using the frame-relay ip tcp header-compression command.
The number of TCP header compression connections must be set to the same value at each end of the
connection.
Examples The following example shows the configuration of a maximum of 150 TCP header compression
connections on serial interface 0:
interface serial 0
encapsulation frame-relay
frame-relay ip tcp header-compression
frame-relay ip tcp compression-connections 150
Command Description
frame-relay map ip tcp Assigns header compression characteristics to an IP map that differ
header-compression from the compression characteristics of the interface with which the
IP map is associated.
show frame-relay ip tcp Displays statistics and TCP/IP header compression information for
header-compression the interface.
Syntax Description passive (Optional) Compresses the outgoing TCP/IP packet header only if an incoming packet
had a compressed header.
Command Default Active TCP/IP header compression; all outgoing TCP/IP packets are subjected to header compression.
Usage Guidelines This command applies to interfaces that support Frame Relay encapsulation, specifically serial ports and
High-Speed Serial Interface (HSSI).
Frame Relay must be configured on the interface before this command can be used.
TCP/IP header compression and Internet Engineering Task Force (IETF) encapsulation are mutually
exclusive. If an interface is changed to IETF encapsulation, all encapsulation and compression
characteristics are lost.
When you use this command to enable TCP/IP header compression, every IP map inherits the
compression characteristics of the interface, unless header compression is explicitly rejected or modified
by use of the frame-relay map ip tcp header compression command.
We recommend that you shut down the interface prior to changing encapsulation types. Although this is
not required, shutting down the interface ensures the interface is reset for the new type.
Examples The following example configures serial interface 1 to use the default encapsulation (cisco) and passive
TCP header compression:
interface serial 1
encapsulation frame-relay
frame-relay ip tcp header-compression passive
Usage Guidelines This command does not have a “no” form. That is, a command called no frame-relay map ip compress
does not exist.
Examples The following example enables both RTP and TCP header compression on serial interface 1 and sets the
maximum number of RTP and TCP header connections at 16:
interface serial 1
encapsulation frame-relay
ip address 10.108.175.110 255.255.255.0
frame-relay map ip 10.108.175.220 180 compress connections 16
Usage Guidelines This command does not have a “no” form. That is, a command called no frame-relay map ip
nocompress does not exist.
Examples The following example disables RTP and TCP header compression on DLCI 180:
interface serial 1
encapsulation frame-relay
frame-relay map ip 10.108.175.220 180 nocompress
Command Description
show frame-relay ip rtp header-compression Displays RTP header compression statistics for
Frame Relay.
show frame-relay ip tcp header-compression Displays statistics and TCP/IP header
compression information for the interface.
Usage Guidelines When this command is configured, the specified maps inherit RTP header compression. You can have
multiple Frame Relay maps, with and without RTP header compression. If you do not specify the number
of RTP header compression connections, the map will inherit the current value from the interface.
Examples The following example enables RTP header compression on the Serial1/2.1 subinterface and sets the
maximum number of RTP header compression connections at 64:
Router> enable
Router# configure terminal
Router(config)# interface Serial1/2.1
Router(config-if)# encapsulation frame-relay
Router(config-if)# ip address 10.108.175.110 255.255.255.0
Router(config-if)# frame-relay map ip 10.108.175.220 180 rtp header-compression
connections 64
Router(config-if)# end
In the following example, RTP header compression is enabled on the Serial1/1.0 subinterface, and the
optional periodic-refresh keyword is included in the configuration:
Router> enable
Router# configure terminal
Router(config)# interface Serial1/1.0
Router(config-if)# encapsulation frame-relay
Router(config-if)# ip address 10.108.175.110 255.255.255.0
Router(config-if)# frame-relay map ip 10.108.175.220 180 rtp header-compression
periodic-refresh
Router(config-if)# end
Usage Guidelines This command refers to the global identity policy that is configured on the device that contains the access
policies that are to be applied. Only a single identity policy can be configured under the policy class
configuration submode. If the identity policy is not defined on the device, an error is generated during
the application of the policy.
Examples The following example shows that an identity policy is being configured:
Router(config)# policy-map type control tag healthy_pmap
Router(config-pmap)# class healthy_class
Router(config-pmap-class)# identity policy healthy_identity
Router(config-pmap-class)# end
ip header-compression disable-feedback
To disable the context-status feedback messages from the interface or link, use the ip
header-compression disable-feedback command in interface configuration mode. To enable
context-status feedback messages from the interface or link, use the no form of this command.
ip header-compression disable-feedback
no ip header-compression disable-feedback
Usage Guidelines The ip header-compression disable-feedback command is designed for use with satellite links where
the path for the upward link is different from the path for the downward link. When the paths are
different, context-status messages are not useful.
The ip header-compression disable-feedback command can be used with either Real-Time Transport
Protocol (RTP) or TCP header compression.
Examples The following example disables the context-status messages on serial interface 2/0:
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0
Router(config-if)# ip header-compression disable-feedback
Router(config-if)# end
ip header-compression max-header
To specify the maximum amount of time to wait before the compressed IP header is refreshed, use the
ip header-compression max-header command in interface configuration mode. To return the amount
of time to wait before the compressed IP header is refreshed to the default value, use the no form of this
command.
Syntax Description max-header-size Size of the IP header, in bytes. The size of the IP header can be in the range of
20 to 168.
Usage Guidelines The max-header-size argument of the ip header-compression max-header command can be used to
restrict the size of the header to be compressed.
Examples In the following example, the ip header-compression max-header command is configured to specify
the maximum IP header size of the packet. In this configuration, the maximum IP header size is
100 bytes.
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0
Router(config-if)# ip header-compression max-header 100
Router(config-if)# end
ip header-compression max-period
To specify the maximum number of compressed packets between full headers, use the ip
header-compression max-period command in interface configuration mode. To return the number of
compressed packets to the default value, use the no form of this command.
Syntax Description number-of-packets Specifies a number of packets between full headers. The number can be in the
range of 0 to 65535.
Usage Guidelines With the ip header-compression max-period command, full IP packet headers are sent in an
exponentially increasing period after there has been a change in the context status. This exponential
increase in the time period avoids the necessity of exchanging messages between the mechanism
compressing the header and the mechanism decompressing the header.
By default, the ip header-compression max-period command operates on User Datagram Protocol
(UDP) traffic only. However, if the periodic refresh keyword of either the frame-relay ip rtp
header-compression command or the frame-relay map ip rtp header-compression command is
configured, the ip header-compression max-period command operates on both UDP and Real-Time
Transport Protocol (RTP) traffic.
Examples In the following example, the ip header-compression max-period command is configured to specify
the number of packets between full header packets. In this configuration, the packet number specified is
160.
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0
Router(config-if)# ip header-compression max-period 160
Router(config-if)# end
ip header-compression max-time
To specify the maximum amount of time to wait before the compressed IP header is refreshed, use the
ip header-compression max-time command in interface configuration mode. To return to the default
value, use the no form of this command.
Syntax Description length-of-time Specifies a different amount of time (other than the default) in seconds to wait
before the IP header is refreshed. The range is 0 to 65535.
Defaults 5 seconds
Usage Guidelines The ip header-compression max-time command is designed to avoid losing too many packets if the
context status of the receiver has been lost.
If a packet is to be sent and the maximum amount of time has elapsed since the last time the IP header
was refreshed, a full header is sent.
By default, the ip header-compression max-time command operates on User Datagram Protocol (UDP)
traffic only. However, if the periodic refresh keyword of either the frame-relay ip rtp
header-compression command or the frame-relay map ip rtp header-compression command is
configured, the ip header-compression max-time command operates on UDP and Real-Time Transport
Protocol (RTP) traffic.
Examples In the following example, the ip header-compression max-time command is configured to specify the
maximum amount of time to wait before refreshing the compressed IP header. In this configuration the
amount of time to wait is 30 seconds.
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0
Router(config-if)# ip header-compression max-time 30
Router(config-if)# end
ip header-compression recoverable-loss
To enable Enhanced Compressed Real-Time Transport Protocol (ECRTP) on an interface, use the ip
header-compression recoverable-loss command in interface configuration mode. To disable ECRTP on
an interface, use the no form of this command.
no ip header-compression recoverable-loss
Usage Guidelines Enhanced CRTP reduces corruption by changing the way the compressor updates the context at the
decompressor. The compressor sends changes multiple times to keep the compressor and decompressor
synchronized. This method is characterized by the number of packet-drops that represent the quality of
the link between the hosts. By repeating the updates, the probability of context corruption due to packet
loss is minimized.
The packet-drops value is maintained independently for each context and is not required to be the same
for all contexts.
Examples In the following example, a serial interface is configured with Point-to-Point Protocol (PPP)
encapsulation, and ECRTP is enabled with dynamic loss recovery:
Router(config)# interface serial 2/0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression ietf-format
Router(config-if)# ip header-compression recoverable-loss dynamic
Router(config-if)# end
ip nbar custom
To extend the capability of network-based application recognition (NBAR) Protocol Discovery to
classify and monitor additional static port applications or to allow NBAR to classify nonsupported static
port traffic, use the ip nbar custom command in global configuration mode. To disable NBAR from
classifying and monitoring additional static port application or classifying nonsupported static port
traffic, use the no form of this command.
Syntax Description name The name given to the custom protocol. This name is reflected wherever
the name is used, including NBAR Protocol Discovery, the match
protocol command, the ip nbar port-map command, and the NBAR
Protocol Discovery MIB.
The name must be no longer than 24 characters and can only contain
uppercase and lowercase letters, digits, and the underscore (_) character.
offset (Optional) A digit representing the byte location for payload inspection.
The offset function is based on the beginning of the payload directly
after the TCP or User Datagram Protocol (UDP) header.
format value (Optional) Defines the format of the value and the length of the value
that is being inspected in the packet payload. Current format options are
ascii, hex, and decimal. The length of the value is dependent on the
chosen format. The length restrictions for each format are listed below:
• ascii—Up to 16 characters can be searched. Regular expressions are
not supported.
• hex—Up to 4 bytes.
• decimal—Up to 4 bytes.
variable field-name (Optional) When the variable keyword is entered, a specific portion of
field-length the custom protocol can be treated as an NBAR-supported protocol (for
example, a specific portion of the custom protocol can be tracked using
class-map statistics and can be matched using the class-map command).
If the variable keyword is entered, the following fields must be defined:
• field-name—Provides a name for the field to search in the payload.
After a custom protocol is configured using a variable, this
field-name can be used with up to 24 different values per router
configuration.
• field-length—Enters the field length in bytes. The field length can be
up to 4 bytes, so the field-length value can be entered as 1, 2, 3, or 4.
source | destination (Optional) Specifies the direction in which packets are inspected. If
source or destination is not specified, all packets traveling in either
direction are monitored by NBAR.
tcp | udp (Optional) Specifies the TCP or the UDP implemented by the
application.
range start end (Optional) Specifies a range of ports that the custom application
monitors. The start is the first port in the range, and the end is the last
port in the range. One range of up to 1000 ports can be specified for each
custom protocol.
port-number (Optional) The port that the custom application monitors. Up to 16
individual ports can be specified as a single custom protocol.
Defaults If source or destination is not specified, traffic flowing in both directions is inspected if the custom
protocol is enabled in NBAR.
Usage Guidelines More than 30 custom applications can be created on the router.
NBAR can support up to 128 protocols total.
If the variable keyword is entered while you configure the custom protocol, traffic statistics for the
variable appear in some NBAR class map show outputs.
Up to 24 variable values per custom protocol can be expressed in class maps. For instance, in the
following configuration, 4 variables are used and 20 more “scid” values could be used.
Router(config)# ip nbar custom ftdd 23 variable scid 1 tcp range 5001 5005
Examples In the following example, the custom protocol “app_sales1” identifies TCP packets that have a source
port of 4567 and that contains the term “SALES” in the fifth byte of the payload:
Router(config)# ip nbar custom app_sales1 5 ascii SALES source tcp 4567
In the following example, the custom protocol “virus_home” identifies UDP packets that have a
destination port of 3000 and that contains “0x56” in the seventh byte of the payload:
Router(config)# ip nbar custom virus_home 7 hex 0x56 destination udp 3000
In the following example, the custom protocol “media_new” identifies TCP packets that have a
destination or source port of 4500 and have a value of 90 in the sixth byte of the payload:
Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500
In the following example, the custom protocol “msn1” looks for TCP packets that have a destination or
source port of 6700:
Router(config)# ip nbar custom msn1 tcp 6700
In the following example, the custom protocol “mail_x” looks for UDP packets that have a destination
port of 8202.
Router(config)# ip nbar custom mail_x destination udp 8202
In the following example, the custom protocol “mail_y” looks for UDP packets that have destination
ports between 3000 and 4000, inclusive:
Router(config)# ip nbar custom mail_y destination udp range 3000 4000
In the following example, the custom protocol “ftdd” is created by using a variable. A class map
matching this custom protocol based on the variable is also created. In this example, class map
“matchscidinftdd” matches all traffic that has the value “804” at byte 23 entering or leaving TCP ports
5001 to 5005. The variable scid is 2 bytes in length.
Router(config)# ip nbar custom ftdd 23 variable scid 2 tcp range 5001 5005
The same example above can also be done using hexadecimal values in the class map as follows:
Router(config)# ip nbar custom ftdd 23 variable scid 2 tcp range 5001 5005
In the following example, the variable keyword is used while you create a custom protocol, and class
maps are configured to classify different values within the variable field into different traffic classes.
Specifically, in the example below, variable scid values 0x15, 0x21, and 0x27 are classified into class
map “active-craft” while scid values 0x11, 0x22, and 0x25 are classified into class map “passive-craft.”
Router(config)# ip nbar custom ftdd 23 variable scid 1 tcp range 5001 5005
ip nbar pdlm
To extend or enhance the list of protocols recognized by network-based application recognition (NBAR)
through a Cisco-provided Packet Description Language Module (PDLM), use the ip nbar pdlm
command in global configuration mode. To unload a PDLM previously loaded, use the no form of this
command.
Syntax Description pdlm-name URL at which the PDLM can be found on the flash card.
Usage Guidelines The ip nbar pdlm command is used to extend the list of protocols recognized by a given version of
NBAR or to enhance an existing protocol recognition capability. NBAR can be given an external PDLM
at run time. In most cases, the PDLM enables NBAR to recognize new protocols without requiring a new
Cisco IOS image or a router reload. Only Cisco can provide you with a new PDLM.
A list of the available PDLMs can be viewed online at Cisco.com.
Examples The following example configures NBAR to load the citrix.pdlm PDLM from flash memory on the
router:
ip nbar pdlm flash://citrix.pdlm
ip nbar port-map
To configure network-based application recognition (NBAR) to search for a protocol or protocol name
using a port number other than the well-known port, use the ip nbar port-map command in global
configuration mode. To look for the protocol name using only the well-known port number, use the no
form of this command.
Usage Guidelines The ip nbar port-map command is used to tell NBAR to look for the protocol or protocol name, using
a port number or numbers other than the well-known Internet Assigned Numbers Authority
(IANA)-assigned) port number. For example, use this command to configure NBAR to look for Telnet
on a port other than 23. Up to 16 ports can be specified with this command.
Some of the NBAR protocols look at the ports as well as follow the heuristic approach for traffic
classification. If you apply different ports to a protocol using the ip nbar port-map command, the
heuristic nature of the protocol does not change. The advantage to adding a port number is better
performance.
You can remove well-known ports from a predefined port map only if you first set the predefined port
map to a port not belonging to any existing port map. For example, if you want to define a custom port
map X and also associate it with port 20, you get an error saying that it is not possible. However, if you
associate port map A with another port first, such as port 100, and then remove its association with port
20, you can associate custom port map X with port 20.
Examples The following example configures NBAR to look for the protocol Structured Query Language
(SQL)*NET on port numbers 63000 and 63001 instead of on the well-known port number:
ip nbar port-map sqlnet tcp 63000 63001
ip nbar protocol-discovery
To configure Network-Based Application Recognition (NBAR) to discover traffic for all protocols that
are known to NBAR on a particular interface, use the ip nbar protocol-discovery command in interface
configuration mode or VLAN configuration mode. To disable traffic discovery, use the no form of this
command.
ip nbar protocol-discovery
no ip nbar protocol-discovery
Usage Guidelines Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all
protocols that are known to NBAR. Protocol discovery provides an easy way to discover application
protocols transiting an interface so that QoS policies can be developed and applied. The protocol
discovery feature discovers any protocol traffic supported by NBAR. Protocol discovery can be used to
monitor both input and output traffic and may be applied with or without a service policy enabled.
ip nbar resources
The ip nbar resources command is replaced by the ip nbar resources protocol and the ip nbar
resources system commands. See the ip nbar resources protocol and the ip nbar resources system
commands for more information.
Syntax Description link-age Time, in seconds, at which the links for a protocol are aged (expire). The
range of values is from 1 to 1000000000. The default is 30.
Note The link-age argument must be a multiple of the value currently set
in the ip nbar resources system system-link-age command. For
example, if you set the system-link-age argument to 30, then the
range of values for the link-age argument is 30, 60, 90, 120, and so
on.
protocol-name (Optional) Name of the protocol as registered in a loaded Protocol
Description Language (PDL) module.
Note To display a list of supported protocols, enter the match protocol ?
or the show ip nbar port-map commands.
Command Default The default link age for all protocols is 120 seconds upon NBAR activation.
Usage Guidelines You must enter a value for the link-age argument that is a multiple of the system-link-age argument that
you set using the ip nbar resources system command. In other words, the protocol link age is dependent
upon the system link age.
The system link age defaults to 30 seconds, and each protocol defaults to 120 seconds. Internally, each
protocol then has a link age value of 4 seconds; that is, 120/30. If you change the system link age, the
protocol link age becomes whatever the new system link age is times 4. For example, if the system link
age is 30 and each protocol is set to 240, the internal protocol link age is 8; that is, 240/30. Then if you
change the system link age, the protocol link age becomes whatever the new system link age is times 8.
If you enter an invalid value for the link-age argument, the following error message displays:
%NBAR ERROR: protocol link age entered must be an even multiple of the system link age,
<system link age>
The no form of this command must include the link-age argument to set the protocol link age of the
specific protocol or all protocols with the specified link age to zero.
If you omit the optional protocol-name argument, all protocols update to the specified link age value.
If you enter a protocol name that does not exist, the following error message displays:
%NBAR ERROR: <entered string> is not a valid protocol
In addition to resetting the link age in all state nodes associated with a specified protocol, the protocol
name along with its link age is saved in NVRAM for potential router system resets.
Examples In the following example, the link age for the kazaa2 protocol is set to 180 seconds:
Router# configure terminal
Router(config)# ip nbar resources protocol 180 kazaa2
In the following example, the link age for all protocols is set to 360 seconds:
Router# configure terminal
Router(config)# ip nbar resources protocol 360
Syntax Description system-link-age Time, in seconds, at which the links for a system are aged (expire). The range
of values is from 10 to 86400. The default is 30.
initial-memory Size of memory, in kilobytes, allocated for the links at initialization. The
range of values is from 1 to 30000. The default is 10 percent of the total
amount of free memory at system initialization and varies from platform to
platform.
exp-memory Size of memory, in kilobytes, that can be expanded if NBAR detects that
more space is needed for the links. The range of values is from 0 to 112. The
default is 112.
Note The default is based on the size of an internal NBAR structure and
may change in future releases.
Command Default The default system link age is 30 seconds upon NBAR activation.
Usage Guidelines Because the ip nbar resources system command affects NBAR on a systemwide basis, you should not
change the parameters arbitrarily. Doing so may cause NBAR to perform inefficiently or incorrectly. The
default values are effective in most instances.
Examples In the following example, the system link age is 30 seconds, the initial memory is 200 kilobytes, and the
expanded memory is 112 kilobytes:
Router# configure terminal
Router(config)# ip nbar resources system 30 200 112
ip options
To drop or ignore IP options packets that are sent to the router, use the ip options command in global
configuration mode. To disable this functionality and allow all IP options packets to be sent to the router,
use the no form of this command.
Syntax Description drop Router drops all IP options packets that it receives.
ignore Router ignores all options and treats the packets as though they did not have
any IP options. (The options are not removed from the packet—just
ignored.)
Note This option is not available on the Cisco 10000 series router.
Usage Guidelines The ip options command allows you to filter IP options packets, mitigating the effects of IP options on
the router, and on downstream routers and hosts.
Drop and ignore modes are mutually exclusive; that is, if the drop mode is configured and you configure
the ignore mode, the ignore mode overrides the drop mode.
The ip options ignore command is not supported. The router supports only the ip options drop
command.
Examples The following example shows how to configure the router (and downstream routers) to drop all options
packets that enter the network:
ip options drop
% Warning:RSVP and other protocols that use IP Options packets may not function in drop or
ignore modes.
end
Defaults This command is enabled by default. The default value of bytes saved for RTP is 36; for UDP, 20.
Usage Guidelines Use the ip rsvp admission-control compression predict command to disable or enable the RSVP
prediction of compression for a specified method or all methods if neither rtp nor udp is selected. You
can adjust the default compressibility parameter that RSVP uses to compute the compression factor for
each flow.
If you use the ip rsvp admission-control compression predict command to change the compression
method or the number of bytes saved per packet, these values affect only new flows, not existing
ones.
There are two approaches to compression—conservative and aggressive. When you predict compression
conservatively, you assume savings of fewer bytes per packet, but receive a higher likelihood of
guaranteed quality of service (QoS). You are allowed more bandwidth per call, but each link
accommodates fewer calls. When you predict compression aggressively, you assume savings of more
bytes per packet, but receive a lower likelihood of guaranteed QoS. You are allowed less bandwidth per
call, but each link accommodates more calls.
Examples The following command sets the compressibility parameter for flows using the RTP method to 30 bytes
saved per packet:
Router(config-if)# ip rsvp admission-control compression predict method rtp bytes-saved 30
The following command sets the compressibility parameter for flows using the UDP method to 20 bytes
saved per packet:
Router(config-if)# ip rsvp admission-control compression predict method udp bytes-saved 20
Note Disabling the compressibility parameter affects only those flows using the specified method.
ip rsvp aggregation ip
To enable Resource Reservation Protocol (RSVP) aggregation on a router, use the ip rsvp aggregation
ip command in global configuration mode. To disable RSVP aggregation, use the no form of this
command.
ip rsvp aggregation ip
no ip rsvp aggregation ip
Usage Guidelines When you enable aggregation on a router, the router can act as an aggregator, a deaggregator, or an
interior router. To perform aggregator and deaggregator functions, the RSVP process must see messages
with the RSVP-E2E-IGNORE protocol type (134) on a router; otherwise, the messages are forwarded as
data by the router’s data plane. The ip rsvp aggregation ip command enables RSVP to identify messages
with the RSVP-E2E-IGNORE protocol. You then configure additional commands to specify the
aggregation and deaggregation behavior of end-to-end (E2E) reservations.
The ip rsvp aggregation ip command registers a router to receive RSVP-E2E-IGNORE messages. It is
not necessary to issue this command on interior routers because they are only processing RSVP
aggregate reservations. If you do so, you may decrease performance because the interior router will then
unnecessarily process all the RSVP-E2E-IGNORE messages.
Note If you enable RSVP aggregation globally on an interior router, then you should configure all interfaces
as interior. Otherwise, interfaces default to exterior and discard RSVP-E2E-IGNORE packets.
Examples The following example shows how to enable RSVP aggregation on a router:
Router(config)# ip rsvp aggregation ip
Usage Guidelines Use the ip rsvp aggregation ip map command to configure a single global rule for mapping E2E
reservations onto aggregates.
Before using the ip rsvp aggregation ip map command, you should configure an ACL to define a group
of RSVP endpoints whose reservations are to be aggregated onto a single DSCP. The ACL can be a
standard or extended ACL and matches as follows:
Standard ACLs
• IP address matches the RSVP PATH message sender template or RSVP RESV message filter spec;
this is the IP source address or the RSVP sender.
Extended ACLs
The ACLs used within the ip rsvp aggregation ip map command match the RSVP message objects as
follows for an extended ACL:
• Source IP address and port match the RSVP PATH message sender template or RSVP RESV
message filter spec; this is the IP source or the RSVP sender.
• Destination IP address and port match the RSVP PATH/RESV message session object IP address;
this is the IP destination address or the RSVP receiver.
• Protocol matches the RSVP PATH/RESV message session object protocol; if protocol = IP, then it
matches the source or destination address as above.
Note In classic (unaggregated) RSVP, a session is identified in the reservation message session object by the
destination IP address and protocol information. In RSVP aggregation, a session is identified by the
destination IP address and DSCP within the session object of the aggregate RSVP message. E2E
reservations are mapped onto a particular aggregate RSVP session identified by the E2E reservation
session object alone or a combination of the session object and sender template or filter spec.
Examples In the following example, access list 1 is defined for all RSVP messages whose RSVP PATH message
session object destination address is in the 10.1.0.0 subnet so that the deaggregator maps those
reservations onto an aggregate reservation for the DSCP associated with the AF41 per hop behavior:
Router(config)# access-list 1 permit host 10.1.0.0 0.0.255.255
Router(config)# ip rsvp aggregation ip map access-list 1 dscp af41
In the following example, all reservations between an aggregator and a deaggregator are to be aggregated
onto a single DSCP:
Router(config)# ip rsvp aggregation ip map any dscp af41
Syntax Description value The differentiated services code point (DSCP) for aggregate reservations.
Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
aggregator (Optional) Specifies the IP address of the aggregator for which the data-rate,
agg-ip-address burst-size, and peak-rate traffic parameters apply.
Note If omitted, all aggregate reservations to an deaggregator use the same
token bucket parameters.
data-rate The average data rate, which is a bandwidth number of kilobits per second
from 1 to 10000000.
burst-size (Optional) The data burst size, which is a number of kilobytes from 1 to
8192.
Note If omitted, this value is equal to the aggregate rate value.
peak-rate (Optional) The peak data rate, which is a bandwidth number of kilobits per
second from 1 to 10000000.
Note If omitted, this value is equal to the aggregate rate value.
Command Default No aggregation reservation attributes (token bucket parameters) are configured.
Usage Guidelines Because Cisco IOS Release 12.2(33)SRC does not support dynamic resizing of aggregate reservations,
you issue the ip rsvp aggregation ip reservation dscp traffic-params static rate command to
configure the token bucket parameters statically.
The data-rate, burst-size, and peak-rate parameters are required on deggregators to help construct the
flowspec object for aggregate RESV messages. Existing RSVP procedures specify that the size of a
reservation established for a flow is set to the minimum of the PATH sender_tspec and the RESV
flowspec. So if the aggregate PATH sender_tspec data-rate, burst-size, or peak-rate parameters are
greater than the data-rate, burst-size, or peak-rate parameters configured on the deaggregator, the
aggregate RESV flowspec object will contain the minimum of data-rate, burst-size, and peak-rate from
the PATH message and the configured values.
When the aggregate reservation size is changed to a value less strict than the total bandwidth of the
end-to-end (E2E) reservations mapped to the aggregate, preemption may occur.
When the aggregate bandwidth is lowered, if preemption is required and has not been enabled by issuing
the ip rsvp policy preempt command, then the change is rejected and the following messages may
appear:
RSVP:AGG: Command not accepted.
RSVP-AGG: This change requires some E2E reservations to be removed and
RSVP:AGG: preemption is not enabled. Issue 'ip rsvp policy preempt'
RSVP:AGG: in order to make this change.
Examples In the following example, the aggregate RESV message for an aggregate reservation established with
aggregator 10.10.10.10 for DSCP = AF11 includes a flowspec that requests an average rate and peak rate
of 100K bps and a burst size of 8 KB:
Router(config)# ip rsvp aggregation ip reservation dscp af11 aggregator 10.10.10.10
traffic-params static rate 10 burst 8 peak 10
Command Default RSVP aggregation is not configured on aggregator and deaggregator interior routers.
Usage Guidelines This command does not have any effect on a router until end-to-end (E2E) messages arrive on an
interface.
If a router is an interior node for all E2E flows, you do not have to configure any aggregation commands.
RSVP will not get notifications on any of the RSVP-E2E-IGNORE messages that are forwarded as IP
datagrams; however, because the router is loaded with an image that supports aggregation, the router will
process aggregate signaling messages correctly.
If you enable aggregation on an interior node, all its interfaces must be configured as interior. Otherwise,
all the interfaces have the exterior role, and any E2E Path (E2E-IGNORE) messages arriving at the router
are discarded.
In summary, there are two options for an interior router:
• No RSVP aggregation configuration commands are entered.
• Aggregation is enabled and all interfaces are configured as interior.
If the interior role of an interface is unconfigured, all aggregate and E2E reservations installed on that
interface are brought down.
The reason for configuring these commands is because Cisco IOS Release 12.2(33)SRC supports control
plane aggregation only. The RSVP data packet classifier does not support aggregation. Data plane
aggregation must be achieved by using the RSVP Scalability Enhancements feature.
Examples The following example shows how to configure the Ethernet 0/0 interface on an aggregator or
deaggregator interior router:
Router(config)# interface Ethernet0/0
Router(config-if)# ip rsvp aggregation ip role interior
ip rsvp atm-peak-rate-limit
To set a limit on the peak cell rate (PCR) of reservations for all newly created Resource Reservation
Protocol (RSVP) switched virtual circuits (SVCs) established on the current interface or any of its
subinterfaces, use the ip rsvp atm-peak-rate-limit command in interface configuration mode. To
remove the current peak rate limit, in which case the reservation peak rate is limited by the line rate, use
the no form of this command.
no ip rsvp atm-peak-rate-limit
Syntax Description limit The peak rate limit of the reservation specified, in KB. The minimum value allowed is
1 KB; the maximum value allowed is 2 GB.
Command Default The peak rate of a reservation defaults to the line rate.
Usage Guidelines Each RSVP reservation corresponds to an ATM SVC with a certain peak cell rate (PCR), sustainable cell
rate (SCR), and maximum burst size. The PCR, also referred to as the peak rate, can be configured by
the user or allowed to default to the line rate.
RSVP controlled-load reservations do not define any peak rate for the data. By convention, the allowable
peak rate in such reservations is taken to be infinity, which is usually represented by a very large number.
Under these circumstances, when a controlled-load reservation is converted to an ATM SVC, the PCR
for the SVC becomes correspondingly large and may be out of range for the switch. You can use the ip
rsvp atm-peak-rate-limit command to limit the peak rate.
The following conditions determine the peak rate limit on the RSVP SVC:
• The peak rate defaults to the line rate.
• If the peak rate is greater than the configured peak rate limiter, the peak rate is lowered to the peak
rate limiter.
• The peak rate cannot be less than the reservation bandwidth. If this is the case, the peak rate is raised
to the reservation bandwidth.
Note Bandwidth conversions applied to the ATM space from the RSVP space are also applied to the peak rate.
The peak rate limit is local to the router; it does not affect the normal messaging of RSVP. Only the SVC
setup is affected. Large peak rates are sent to the next host without modification.
For RSVP SVCs established on subinterfaces, the peak rate limit applied to the subinterface takes effect
on all SVCs created on that subinterface. If a peak rate limit is applied to the main interface, the rate
limit has no effect on SVCs created on a subinterface of the main interface even if the limit value on the
main interface is lower than the limit applied to the subinterface.
For a given interface or subinterface, a peak rate limit applied to that interface affects only new SVCs
created on the interface, not existing SVCs.
Note This command is available only on interfaces that support the ip rsvp svc-required command.
Use the show ip rsvp atm-peak-rate-limit command to determine the peak rate limit set for an interface
or subinterface, if one is configured.
Examples The following configuration sample sets the peak rate limit for ATM interface 2/0/0.1 to 100 KB:
interface atm2/0/0.1
ip rsvp atm-peak-rate-limit 100
ip rsvp authentication
To activate Resource Reservation Protocol (RSVP) cryptographic authentication, use the ip rsvp
authentication command in interface configuration mode. To deactivate authentication, use the no form
of this command.
ip rsvp authentication
no ip rsvp authentication
Usage Guidelines Use the ip rsvp authentication command to deactivate and then reactivate RSVP authentication without
reentering the other RSVP authentication configuration commands. You should not enable
authentication unless you have previously configured a key. If you issue this command before the ip rsvp
authentication key command, you get a warning message indicating that RSVP discards all messages
until you specify a key. The no ip rsvp authentication command disables RSVP cryptographic
authentication. However, the command does not automatically remove any other authentication
parameters that you have configured. You must issue a specific no ip rsvp authentication command;
for example, no ip rsvp authentication key, no ip rsvp authentication type, or no ip rsvp
authentication window-size, if you want to remove them from the configuration.
The ip rsvp authentication command is similar to the ip rsvp neighbor command. However, the ip
rsvp authentication command provides better authentication and performs system logging.
Usage Guidelines The ip rsvp authentication challenge command requires RSVP to perform a challenge-response
handshake with any new RSVP neighbors that are discovered on a network. Such a handshake allows the
router to thwart RSVP message replay attacks while booting, especially if there is a long period of inactivity
from trusted RSVP neighbors following the reboot. If messages from trusted RSVP neighbors arrive very
quickly after the router reboots, then challenges may not be required because the router will have
reestablished its security associations with the trusted nodes before the untrusted nodes can attempt replay
attacks.
If you enable RSVP authentication globally on an interface over which a Multiprotocol Label Switching
(MPLS) Traffic Engineering (TE) label switched path (LSP) travels and the router on which
authentication is enabled experiences a stateful switchover (SSO), the following occurs:
• If challenges are disabled (you did not specify the ip rsvp authentication challenge command), the
LSP recovers properly.
• If challenges are enabled (you specified the ip rsvp authentication challenge command), more
RSVP signaling messages are required and the LSP takes longer to recover or the forwarding state
may time out and the LSP does not recover. If a timeout occurs, data packet forwarding is interrupted
while the headend router signals a new LSP.
If you enable RSVP authentication challenges, you should consider enabling RSVP refresh reduction by
using the ip rsvp signalling refresh reduction command. While a challenge handshake is in progress,
the receiving router that is initiating the handshake discards all RSVP messages from the node that is
being challenged until the handshake-initiating router receives a valid challenge response.
Note If a neighbor does not reply to the first challenge message after 1 second, the Cisco IOS software sends
another challenge message and waits 2 seconds. If no response is received to the second challenge, the
Cisco IOS software sends another and waits 4 seconds. If no response to the third challenge is received,
the Cisco IOS software sends a fourth challenge and waits 8 seconds. If there is no response to the fourth
challenge, the Cisco IOS software stops the current challenge to that neighbor, logs a system error
message, and does not create a security association for that neighbor. This kind of exponential backoff
is used to recover from challenges dropped by the network or busy neighbors.
Activating refresh reduction enables the challenged node to resend dropped messages more quickly once
the handshake has completed. This causes RSVP to reestablish reservation state faster when the router
reboots.
Enable authentication challenges wherever possible to reduce the router’s vulnerability to replay attacks.
Examples The following command shows how to enable RSVP to perform a challenge-response handshake:
Router(config-if)# ip rsvp authentication challenge
Syntax Description pass-phrase Phrase that ranges from 8 to 40 characters. See “Usage Guidelines” for
additional information.
Usage Guidelines Use the ip rsvp authentication key command to select the key for the authentication algorithm. This
key is a passphrase of 8 to 40 characters. It can include spaces; quotes are not required if spaces are used.
The key can consist of more than one word. We recommend that you make the passphrase as long as
possible. This key must be the same for all RSVP neighbors on this interface. As with all passwords, you
should choose them carefully so that attackers cannot easily guess them.
Here are some guidelines:
• Use a mixture of upper- and lowercase letters, digits, and punctuation.
• If using just a single word, do not use a word contained in any dictionary of any language, spelling
lists, or other lists of words.
• Use something easily remembered so you do not have to write it down.
• Do not let it appear in clear text in any file or script or on a piece of paper attached to a terminal.
By default, RSVP authentication keys are stored in clear text in the router configuration file, but they
can optionally be stored as encrypted text in the configuration file. To enable key encryption, use the
global configuration key config-key 1 string command. After you enter this command, the passphrase
parameter of each ip rsvp authentication key command is encrypted with the Data Encryption Standard
(DES) algorithm when you save the configuration file. If you later issue a no key config-key 1 string
command, the RSVP authentication key is stored in clear text again when you save the configuration.
The string argument is not stored in the configuration file; it is stored only in the router’s private
NVRAM and will not appear in the output of a show running-config or show config command.
Therefore, if you copy the configuration file to another router, any encrypted RSVP keys in that file will
not be successfully decrypted by RSVP when the router boots and RSVP authentication will not operate
correctly. To recover from this, follow these steps on the new router:
1. For each RSVP interface with an authentication key, issue a no ip rsvp authentication key
command to clear the old key.
2. For that same set of RSVP interfaces, issue an ip rsvp authentication key command to reconfigure
the correct clear text keys.
3. Issue a global key config-key 1 string command to reencrypt the RSVP keys for the new router.
4. Save the configuration.
Examples The following command sets the passphrase to 11223344 in clear text:
Router(config-if)# ip rsvp authentication key 11223344
To encrypt the authentication key, issue the key config-key 1 string command as follows:
Router# configure terminal
Router(config)# key config-key 1 11223344
Router(config)# end
Syntax Description string Name of key chain; must have at least one key, but can have up to
2,147,483647 keys.
Usage Guidelines Use the ip rsvp authentication key-chain command to select the key chain.
Note You cannot use the ip rsvp authentication key and the ip rsvp authentication key-chain commands
on the same router interface. The commands supersede each other; however, no error message is
generated.
Examples The following commands set the key chain to RSVPkey for neighbor authentication:
Router(config)# ip rsvp authentication neighbor address 10.1.1.1 key-chain RSVPkey
or
The following command sets the global default key chain to RSVPkey:
Router(config)# ip rsvp authentication key-chain RSVPkey
Syntax Description hh:mm:ss Hours: minutes: seconds that RSVP maintains security associations with
other trusted RSVP neighbors. The range is 1 second to 24 hours. The
default is 30 minutes.
Command Default If you do not specify a security association lifetime setting, 30 minutes is used.
Usage Guidelines Use the ip rsvp authentication lifetime command to indicate when to end security associations with
RSVP trusted neighbors. If an association’s lifetime expires, but at least one valid, RSVP authenticated
message was received in that time period, RSVP resets the security association’s lifetime to this
configured value. When a neighbor stops sending RSVP signaling messages (that is, the last reservation
has been torn down), the memory used for the security association is freed as well as when the
association’s lifetime period ends. The association can be re-created if that RSVP neighbor resumes its
signaling. Setting the lifetime to shorter periods allows memory to be recovered faster when the router
is handling a lot of short-lived reservations. Setting the lifetime to longer periods reduces the workload
on the router when establishing new authenticated reservations.
Use the clear ip rsvp authentication command to free security associations before their lifetimes
expire.
Examples The following command sets the lifetime period for 30 minutes and 5 seconds:
Router(config-if)# ip rsvp authentication lifetime 00:30:05
Syntax Description access-list A standard numbered or named IP access list that describes the set of
acl-name-or-number neighbor IP addresses that share this key.
address address A single IP address for a specific neighbor; usually one of the neighbor’s
physical or logical (loopback) interfaces.
challenge (Optional) Requires RSVP to perform a challenge-response handshake with
an RSVP neighbor for which RSVP does not have an existing security
association in memory.
key-chain name (Optional) The name of a key chain that contains the set of keys to be used
to communicate with the neighbor.
type (Optional) The algorithm to generate cryptographic signatures in RSVP
messages.
md5 (Optional) RSA Message Digest 5 algorithm.
sha-1 (Optional) National Institute of Standards and Technologies (NIST) Secure
Hash Algorithm-1; it is newer and more secure than md5.
window-size (Optional) The maximum number of authenticated messages that can be
number-of-messages received out of order. The range is 1 to 64, with a default of 1.
Usage Guidelines If you omit the optional keywords, the ip rsvp authentication neighbor command enables RSVP
cryptographic authentication for a neighbor. Using the optional keywords inherits the global defaults.
In order to enable per-neighbor authentication, you must issue the ip rsvp authentication neighbor
command (or the no ip rsvp authentication neighbor command to disable authentication). If you issue
the ip rsvp authentication command without neighbor, then this command enables authentication for
all neighbors and interfaces, regardless of whether there are any per-neighbor or per-interface keys
defined. If you issue the ip rsvp authentication neighbor command, then authentication is enabled only
for that neighbor.
Named standard IP ACLs are also recommended because you can include the neighbor router’s hostname
as part of the ACL name, thereby making it easy to identify the per-neighbor ACLs in your router
configuration.
The RSVP CLI displays an error message if a valid named or numbered ACL is specified, but a
nonexistent or invalid key chain has not been associated with it, since the lack of a key chain could cause
RSVP messages to or from that neighbor to be dropped; for example,
Router(config)# ip rsvp authentication neighbor access-list myneighbor key-chain xyz
Key Chains
In the key-chain parameter, the keys are used in order of ascending expiration deadlines. The only
restriction on the name is that it cannot contain spaces. The key-chain parameter is optional; that is, you
could omit it if you were trying to change other optional authentication parameters for the RSVP
neighbor. However, when searching for a key, RSVP ignores any ip rsvp authentication neighbor
access-list command that does not include a key-chain parameter that refers to a valid key chain with at
least one unexpired key.
RSVP error: key chains abc and xyz contain duplicate key ID 1
RSVP error: Invalid argument(s)
The RSVP CLI returns an error if the specified key chain does not exist or does not contain at least one
unexpired key.
If a key chain is properly defined and RSVP later tries to send a message to that neighbor, but cannot
find a valid, unexpired per-neighbor or per-interface key, RSVP generates the
RSVP_AUTH_NO_KEYS_LEFT system message indicating that a key could not be obtained for that
neighbor.
If the key chain contains keys with finite expiration times, RSVP generates the
RSVP_AUTH_ONE_KEY_EXPIRED message to indicate when each key has expired.
If RSVP receives a message from a neighbor with the wrong digest type, it generates the
RSVP_MSG_AUTH_TYPE_MISMATCH system message indicating that there is a digest type
mismatch with that neighbor.
If RSVP receives a message that is a duplicate of a message already in the window or is outside the
window, RSVP logs the BAD_RSVP_MSG_RCVD_AUTH_DUP or the
BAD_RSVP_MSG_RCVD_AUTH_WIN error message indicating that the message sequence number is
invalid.
If a challenge of a neighbor fails or times out, RSVP generates the
BAD_RSVP_MSG_RCVD_AUTH_COOKIE system message or the
RSVP_MSG_AUTH_CHALLENGE_TIMEOUT message, indicating that the specified neighbor failed
to respond successfully to a challenge.
Examples In the following example, an access list and a key chain are created for neighbors V, Y, and Z and
authentication is enabled globally using inheritance for all other authentication parameters:
Router# configure terminal
Router(config)# ip access-list standard neighbor_V
Router(config-std-nacl)# permit 10.0.0.2
Router(config-std-nacl)# permit 10.1.16.1
Router(config-std-nacl)# exit
Router(config)# ip access-list standard neighbor_Y
Router(config-std-nacl)# permit 10.0.1.2
Router(config-std-nacl)# permit 10.16.0.1
Router(config-std-nacl)# exit
Router(config)# ip access-list standard neighbor_Z
Router(config-std-nacl)# permit 10.16.0.2
Router(config-std-nacl)# permit 10.1.0.2
Router(config-std-nacl)# permit 10.0.1.2
Router(config-std-nacl)# exit
Router(config)# ip rsvp authentication neighbor access-list neighbor_V key-chain
neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y key-chain
neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z key-chain
neighbor_Z
Router(config)# ip rsvp authentication
Router(config)# end
In the following example, an access list and a key chain are created for neighbors V, Y, and Z and
authentication is explicitly enabled for each neighbor:
Router(config)# ip rsvp authentication neighbor access-list neighbor_V key-chain
neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_V
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y key-chain
neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Y
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z key-chain
neighbor_Z
Router(config)# ip rsvp authentication neighbor access-list neighbor_Z
Router(config)# end
Note Before you use the no ip rsvp authentication type command, see the “Usage Guidelines” section for
more information.
Usage Guidelines Use the ip rsvp authentication type command to specify the algorithm to generate cryptographic
signatures in RSVP messages. If you do not specify an algorithm, md5 is used.
If you use the ip rsvp authentication type command rather than the ip rsvp authentication neighbor
type command, the global default for type changes.
The no ip rsvp authentication type command is not supported in Cisco IOS Releases 12.0S and 12.2S
because every security association must have a digest type, and you cannot disable it. Use the default ip
rsvp authentication type command to remove the authentication type from a configuration and force the
type to its default.
Although the no ip rsvp authentication type command is supported in Cisco IOS T releases, the default
ip rsvp rsvp authentication type command is recommended to remove the authentication type from a
configuration and force the type to its default.
or
Router(config)# ip rsvp authentication neighbor access-list 1 type sha-1
The following command sets the global default type to sha-1 for authentication:
Router(config)# ip rsvp authentication type sha-1
Syntax Description number-of-messages (Optional) Maximum number of authenticated messages that can be
received out of order. The range is 1 to 64; the default value is 1.
Usage Guidelines Use the ip rsvp authentication window-size command to specify the maximum number of RSVP
authenticated messages that can be received out of order. All RSVP authenticated messages include a
sequence number that is used to prevent replays of RSVP messages.
With a default window size of one message, RSVP rejects any duplicate authenticated messages because
they are assumed to be replay attacks. However, sometimes bursts of RSVP messages become reordered
between RSVP neighbors. If this occurs on a regular basis, and you can verify that the node sending the
burst of messages is trusted, you can use the ip rsvp authentication window-size command option to
allow for the burst size such that RSVP will not discard such reordered bursts. RSVP will still check for
duplicate messages within these bursts.
ip rsvp bandwidth
To enable Resource Reservation Protocol (RSVP) for IP on an interface, use the ip rsvp bandwidth
command in interface configuration mode. To disable RSVP completely, use the no form of this
command. To eliminate only the subpool portion of the bandwidth, use the no form of this command
with the sub-pool keyword.
Syntax Description interface-kbps (Optional) Maximum amount of bandwidth, in kbps, that may be allocated
by RSVP flows. The range is from 1 to 10,000,000.
single-flow-kbps (Optional) Maximum amount of bandwidth, in kbps, that may be allocated
to a single flow. The range is from 1 to 10,000,000. [This value is ignored by
the Diff-Serv-aware MPLS Traffic Engineering feature].
rdm kbps Russian Doll Model for DiffServ-aware traffic engineering. The keyword is
optional.
subpool kbps This keyword and value are used in the traditional (pre-IETF-Standard)
implementation of DS-TE to specify the amount of bandwidth, in kbps, on
the interface that is to be reserved to a portion of the total. The range is from
1 to the value of the smaller of the interface-kbps and rdm kbps arguments.
bc1 subpool This keyword and value are used in the IETF-Standard implementation of
DS-TE to specify the same bandwidth portion as subpool kbps, namely the
amount of bandwidth, in kbps, on the interface that is to be reserved to a
portion of the total. The range is from 1 to the value of the smaller of the
interface-kbps and rdm kbps arguments.
mam Maximum Allocation Model for DiffServ-aware traffic engineering.
max-reservable-bw The maximum reservable bandwidth — this sets a limit on the size of the
kbps total pool.
bc0 kbps Amount of bandwidth, in kbps, on the interface to be reserved to the total
(formerly called “global pool”). The range is from 1 to the value of the
max-reservable-bw kbps argument.
bc1 kbps Amount of bandwidth, in kbps, on the interface to be reserved to a portion of
the total. (Formerly this portion was called the “subpool”). The range is from
1 to the value of the max-reservable-bw kbps argument.
Usage Guidelines RSVP cannot be configured with distributed Cisco Express Forwarding (dCEF).
RSVP is disabled by default to allow backward compatibility with systems that do not implement RSVP.
Weighted Random Early Detection (WRED) or fair queueing must be enabled first.
When you issue the ip rsvp bandwidth command, the RSVP bandwidth pool adjusts dynamically when
the bandwidth of the interface changes.
When using this command for DiffServ-aware traffic engineering (DS-TE) in IETF Standard mode, you
must use either rdm and its arguments or mam and its arguments; you cannot use both. For more details
about each alternative, see Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic
Engineering ed. by F. Le Faucheur (RFC 4127) and Maximum Allocation Bandwidth Constraints Model
for Diffserv-aware MPLS Traffic Engineering by F. Le Faucheur & W. Lai (RFC 4125).
Examples The following example shows a T1 (1536 kbps) link configured to permit RSVP reservation of up to
1158 kbps, but no more than 100 kbps for any given flow on serial interface 0. Fair queueing is
configured with 15 reservable queues to support those reserved flows, should they be required.
Router(config)# interface serial 0
Router(config-if)# fair-queue 64 256 15
Router(config-if)# ip rsvp bandwidth 1158 100
Command Description
ip rsvp udp-multicasts Instructs the router to generate UDP-encapsulated RSVP multicasts
whenever it generates an IP-encapsulated multicast packet.
random-detect Enables WRED or DWRED.
(interface)
show ip rsvp installed Displays RSVP-related installed filters and corresponding bandwidth
information.
show ip rsvp interface Displays RSVP-related interface information.
show ip rsvp neighbor Displays current RSVP neighbors.
show ip rsvp Displays RSVP-related receiver information currently in the database.
reservation
show ip rsvp sender Displays RSVP PATH-related sender information currently in the
database.
Syntax Description percentage Percentage of bandwidth configured. The range is from 1 to 100.
max-flow-bw Maximum amount of bandwidth, in kbps, configured for a single flow. The
range is from 1 to 10000000; however, the amount you can configure
depends on how much bandwidth remains in the pool.
Usage Guidelines RSVP cannot be configured with distributed Cisco Express Forwarding (dCEF).
RSVP is disabled by default to allow backward compatibility with systems that do not implement RSVP.
Weighted Random Early Detection (WRED) or fair queueing must be enabled first.
Use the ip rsvp bandwidth percent command to set the RSVP bandwidth pool to a specified percentage
of interface bandwidth. When you issue the ip rsvp bandwidth percent command, the RSVP bandwidth
pool adjusts dynamically whenever the bandwidth of the interface changes.
Examples The following example shows a serial link configured to permit an RSVP reservation of up to 90 percent
of interface bandwidth but no more than 1000 kbps for any given flow on serial interface 0:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface serial 0
Router(config-if)# ip rsvp bandwidth percent 90 1000
Syntax Description factor (Optional) Indicates a burst factor value as a percentage of the requested
burst of the receiver.
Command Default The default value is 200; the minimum value is 100, and the maximum value is 700.
Usage Guidelines You configure the burst police factor per interface, not per flow. The burst factor controls how strictly or
loosely the traffic of the sender is policed with respect to burst.
The burst factor applies to all RSVP flows installed on a specific interface. You can configure each
interface independently for burst policing.
Examples Here is an example of the ip rsvp burst policing command with a burst factor of 200:
ip rsvp burst policing 200
Usage Guidelines Use the ip rsvp data-packet classification none command when you do not want RSVP to process
every packet. Configuring RSVP so that not every packet is processed eliminates overhead and improves
network performance and scalability.
Examples This section contains two examples of the ip rsvp data-packet classification none command. In the first
example, data packet classification is turned off (disabled), as follows:
Router# configure terminal
Router(config)# interface atm6/0
Router(config-if)# ip rsvp data-packet classification none
Syntax Description priority (Optional) A value in the range from 64 to 128. Among contenders for the
DSBM, the interface with the highest priority number wins the DSBM
election process.
Command Default An interface is not configured as a DSBM contender by default. If you use this command to enable the
interface as a DSBM candidate and you do not specify a priority, the default priority of 64 is assumed.
Usage Guidelines SBM protocol entities, any one of which can manage resources on a segment, can reside in Layer 2 or
Layer 3 devices. Many SBM-capable devices may be attached to a shared Layer 2 segment. When more
than one SBM exists on a given segment, one of the SBMs is elected to be the DSBM. The elected DSBM
is responsible for exercising admission control over requests for resource reservations on a segment,
which, in the process, becomes a managed segment. A managed segment includes those interconnected
parts of a shared LAN that are not separated by DSBMs. In all circumstances, only one, if any, DSBM
exists for each Layer 2 segment.
You can configure an interface to have a DSBM priority in the range from 64 to 128. You can exempt an
interface from participation in the DSBM election on a segment but still allow the system to interact with
the DSBM if a DSBM is present on the segment. In other words, you can allow a Resource Reservation
Protocol (RSVP)-enabled interface on a router connected to a managed segment to be managed by the
DSBM even if you do not configure that interface to participate as a candidate in the DSBM election
process. To exempt an interface from DSBM candidacy, do not issue the ip rsvp dsbm candidate
command on that interface.
RSVP cannot be configured with Versatile Interface Processor (VIP)-distributed Cisco Express
Forwarding (dCEF).
Examples The following example configures Ethernet interface 2 as a DSBM candidate with a priority of 100:
interface Ethernet2
ip rsvp dsbm candidate 100
ip rsvp dsbm non-resv-send-limit {rate kbps | burst kilobytes | peak kbps | min-unit bytes |
max-unit bytes}
no ip rsvp dsbm non-resv-send-limit {rate kbps | burst kilobytes | peak kbps | min-unit bytes |
max-unit bytes}
Syntax Description rate kbps The average rate, in kbps, for the Designated Subnetwork Bandwidth
Manager (DSBM) candidate. The average rate is a number from 1 to
2147483.
burst kilobytes The maximum burst size, in kb, for the DSBM candidate. The maximum
burst size is a number from 1 to 2147483.
peak kbps The peak rate, in kBps, for the DSBM candidate. The peak rate is a number
from 1 to 2147483.
min-unit bytes The minimum policed unit, in bytes, for the DSBM candidate. The minimum
policed unit is a number from 1 to 2147483647.
max-unit bytes The maximum packet size, in bytes, for the DSBM candidate. The maximum
packet size is a number from 1 to 2147483647.
Command Default The default for the rate, burst, peak, min-unit, and max-unit keywords is unlimited; all traffic can be
sent without a valid Resource Reservation Protocol (RSVP) reservation.
Usage Guidelines To configure the per-flow limit on the amount of traffic that can be sent without a valid RSVP
reservation, configure the rate, burst, peak, min-unit, and max-unit values for finite values greater
than 0.
To allow all traffic to be sent without a valid RSVP reservation, configure the rate, burst, peak,
min-unit, and max-unit values for unlimited traffic. To configure the parameters for unlimited traffic,
you can either omit the command, or enter the no form of the command (for example, no ip rsvp dsbm
non-resv-send-limit rate). Unlimited is the default value.
The absence of the NonResvSendLimit object allows any amount of traffic to be sent without a valid
RSVP reservation.
RSVP cannot be configured with VIP-distributed Cisco Express Forwarding (dCEF).
Examples The following example configures Ethernet interface 2 as a DSBM candidate with a priority of 100, an
average rate of 500 kBps, a maximum burst size of 1000 KB, a peak rate of 500 kBps, and unlimited
minimum and maximum packet sizes:
interface Ethernet2
ip rsvp dsbm candidate 100
ip rsvp dsbm non-resv-send-limit rate 500
ip rsvp dsbm non-resv-send-limit burst 1000
ip rsvp dsbm non-resv-send-limit peak 500
ip rsvp flow-assist
To enable Resource Reservation Protocol (RSVP) to integrate with the Cisco Express Forwarding (CEF)
path for flow classification, policing, and marking, use the ip rsvp flow-assist command in interface
configuration mode. To disable integration of RSVP with CEF for this purpose, use the ip rsvp
data-packet classification none command.
ip rsvp flow-assist
Command Default This command is on by default; RSVP integrates with CEF for classification, policing, and marking of
data packets.
Usage Guidelines To police and mark data packets of a reserved flow, RSVP must interact with the underlying packet
forwarding mechanism, which is CEF.
In Cisco IOS Release 12.4, the no form of the ip rsvp flow-assist command is no longer supported since
you can use the existing ip rsvp data-packet classification none command to disable RSVP from
integrating with any mechanism for handling data packets.
Syntax Description h (Optional) Layer 2 encapsulation header plus trailer size applied to each
Layer 3 packet in bytes. Valid sizes are numbers from 0 to 65535.
c (Optional) Layer 2 cell header size applied to each Layer 2 cell in bytes.
Valid sizes are numbers from 0 to 65535.
n (Optional) Layer 2 payload size in bytes. Valid sizes are numbers from 0
to 65534.
Defaults This command is enabled by default on ATM interfaces that are running RSVP and WFQ. You can also
use this command on non-ATM interfaces.
The default version of the command, which you specify by entering the default prefix, default ip rsvp
layer2 overhead, or by omitting the parameters (h, c, and n) and entering the ip rsvp layer2 overhead
command causes RSVP to determine the overhead values automatically, based on the interface/PVC
encapsulation. (Currently, RSVP recognizes ATM Adaptation Layer 5 (AAL5) subnetwork access
protocol (SNAP) and MUX (multiplexer) encapsulations.)
On non-ATM/PVC interfaces, the configured h, c, and n parameters determine the values that RSVP uses
for its overhead.
Usage Guidelines When an IP flow traverses a link, the overhead of Layer 2 encapsulation can increase the amount of
bandwidth that the flow requires to exceed the advertised (Layer 3) rate.
In many cases, the additional bandwidth a flow requires because of Layer 2 overhead is negligible and
can be transmitted as part of the 25 percent of the link, which is unreservable and kept for routing updates
and Layer 2 overhead. This situation typically occurs when the IP flow uses large packet sizes or when
the Layer 2 encapsulation allows for frames of variable size (such as in Ethernet and Frame Relay
encapsulations).
However, when a flow’s packet sizes are small and the underlying Layer 2 encapsulation uses fixed-size
frames, the Layer 2 encapsulation overhead can be significant, as is the case when Voice Over IP (VoIP)
flows traverse ATM links.
To avoid oversubscribing ATM PVCs, which use AAL5 SNAP or AAL5 MUX encapsulations, RSVP
automatically accounts for the Layer 2 overhead when admitting a flow. For each flow, RSVP determines
the total amount of bandwidth required, including Layer 2 overhead, and uses this value for admission
control with the WFQ bandwidth manager.
Note The ip rsvp layer2 overhead command does not affect bandwidth requirements of RSVP flows on ATM
switched virtual circuits (SVCs).
Examples In the following example, the total amount of bandwidth reserved with WFQ appears:
Router# show ip rsvp installed detail
In the preceding example, the flow’s advertised Layer 3 rate is 50 kbps. This value is used for admission
control with the ip rsvp bandwidth value. The actual bandwidth required, inclusive of Layer 2 overhead,
is 89 kbps. WFQ uses this value for admission control.
Typically, you should not need to configure or disable the Layer 2 overhead accounting. RSVP uses the
advertised Layer 3 flow rate, minimum packet size, and maximum unit size in conjunction with the
Layer 2 encapsulation characteristics of the ATM PVC to compute the required bandwidth for admission
control. However, you can disable or customize the Layer 2 overhead accounting (for any link type) with
the ip rsvp layer2 overhead command. The parameters of this command are based on the following
steps that show how a Layer 3 packet is fragmented and encapsulated for Layer 2 transmission.
Step 1 Start with a Layer 3 packet, as shown in Figure 1, which includes an IP header and a payload.
Layer 3 packet
Layer 2
52717
Layer 3 packet
header
h bytes
Step 3 Segment the resulting packet into fixed-sized cells, as shown in Figure 3, with a cell header of c bytes
and a cell payload of n bytes.
52718
header header header
In the following example, Layer 2 overhead accounting is configured with ATM AAL5 SNAP
encapsulation:
Router(config-if)# no ip rsvp layer2 overhead 8 5 48
In the following example, Layer 2 overhead accounting is configured with ATM AAL5 MUX
encapsulation:
Router(config-if)# ip rsvp layer2 overhead 0 5 48
In the following example, Layer 2 overhead accounting is configured with Ethernet V2.0 encapsulation
(including 8-byte preamble, 6-byte source-active (SA) messages, 6-byte destination-active (DA)
messages, 2-byte type, and 4-byte frame check sequence (FCS) trailer):
Router(config-if)# ip rsvp layer2 overhead 26 0 1500
ip rsvp listener
To configure a Resource Reservation Protocol (RSVP) router to listen for PATH messages, use the ip
rsvp listener command in global configuration mode. To disable listening, use the no form of this
command.
ip rsvp listener dst {udp | tcp | any | number} {any | dst-port} {announce | reply | reject}
no ip rsvp listener dst {udp | tcp | any | number} {any | dst-port} {announce | reply | reject}
Command Default This command is disabled by default; therefore, no listeners are configured.
Usage Guidelines Use the ip rsvp listener command to allow a router to send a matching RESV message when a PATH
message arrives with the desired destination address, port, and protocol. This command copies the
application ID and preemption priority value, if present, from the PATH message and includes them in
the RESV message.
This command is similar to the ip rsvp reservation and ip rsvp reservation-host commands. However,
they do not allow you to specify more than one port or protocol per command; so you may have to enter
many commands to proxy for a set of ports and protocols. In contrast, the ip rsvp listener command
allows you to use a wildcard for a set of ports and protocols by using just that one command.
You can use the debug ip rsvp api command to look for a matching PATH message, but no RESV
message will be sent.
Examples In the following example, the sender is requesting that the receiver reply with a RESV message for the
flow if the PATH message destination is 192.168.2.1:
Router# configure terminal
Router(config)# ip rsvp listener 192.168.2.1 any any reply
Syntax Description reply For a PATH message that usually exits from a specified interface, the
router does the following:
• Installs local PATH state for the message.
• Terminates the PATH message and does not forward it
downstream.
• Generates and sends a RESV (reply) message upstream on behalf
of the PATH message with the following.
– The objects in the RESV message are the same as those in the
PATH message.
– The policy objects, such as preemption and application IDs,
are echoed back.
– Shared explicit style is used.
reject For a PATH message that usually exits from a specified interface, the
router does the following:
• Terminates the PATH message and does not forward it
downstream.
• Generates and sends a PATHERROR (reject) message upstream.
• Does not install local PATH state and discards the PATH message.
Command Default This command is disabled by default; therefore, no listeners are configured.
Usage Guidelines Use the ip rsvp listener outbound command to match all PATH messages that are being sent from a
specified interface.
When you configure an interface-based receiver proxy to reply, RSVP performs Call Admission Control
(CAC) on the outbound (or egress) interface for the flow. If CAC fails, the reservation is not generated.
This is the same behavior as for the global RSVP receiver proxy command.
The outbound interface that a flow uses is determined when the flow is set up, and the interface-based
receiver proxy is consulted at that time. The interface-based receiver proxy is not consulted if there is a
change in routing for an existing flow.
If the interface-based receiver proxy receives a RESVERR message with an admission control failure
error or a policy reject error, the interface-based receiver proxy generates a PATHERR message with the
same error to provide explicit notification to the sender of the reservation failure.
Examples In the following example, PATH messages sent through Ethernet interface 3/0 are rejected and
PATHERROR messages are generated:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface Ethernet3/0
Router(config-if)# ip rsvp listener outbound reject
ip rsvp msg-pacing
Note Effective with Cisco IOS Release 12.2(13)T, the ip rsvp msg-pacing command is replaced by the ip
rsvp signalling rate-limit command. See the ip rsvp signalling rate-limit command for more
information.
To configure the transmission rate for Resource Reservation Protocol (RSVP) messages, use the ip rsvp
msg-pacing command in global configuration mode. To disable this feature, use the no form of this
command.
no rsvp msg-pacing
Syntax Description period ms (Optional) Length of the interval, in milliseconds, during which a router can
send the number of RSVP messages specified in the burst keyword. The
value can be from 1 to 1000 milliseconds.
burst msgs (Optional) Maximum number of RSVP messages that a router can send to
an output interface during each interval specified in the period keyword.
The value can be from 1 to 2000.
maxsize qsize (Optional) Size of per-interface output queues in the sending router. Valid
values are from 1 to 2000.
Usage Guidelines You can use this command to prevent a burst of RSVP traffic engineering signaling messages from
overflowing the input queue of a receiving router. Overflowing the input queue with signaling messages
results in the router dropping some messages. Dropped messages substantially delay the completion of
signaling for LSPs for which messages have been dropped.
If you enter the ip rsvp msg-pacing command without the optional burst keyword, the transmission rate
for RSVP messages is limited to 200 messages per second per outgoing interface. The default output
queue size, specified in the maxsize keyword, is 500.
Examples In the following example, a router can send a maximum of 150 RSVP traffic engineering signaling
messages in 1 second to a neighbor, and the size of the output queue is 750:
Router(config)# ip rsvp msg-pacing period 1 burst 150 maxsize 750
ip rsvp neighbor
To enable neighbors to request a reservation, use the ip rsvp neighbor command in interface
configuration mode. To disable this function, use the no form of this command.
Syntax Description access-list-number Number of a standard or extended IP access list. It can be any number in the
range from 1 to 199.
Usage Guidelines Use this command to allow only specific Resource Reservation Protocol (RSVP) neighbors to make a
reservation. If no limits are specified, any neighbor can request a reservation. If an access list is
specified, only neighbors meeting the specified access list requirements can make a reservation.
RSVP cannot be configured with Versatile Interface Processor (VIP)-distributed Cisco Express
Forwarding (dCEF).
Examples The following example allows neighbors meeting access list 1 requirements to request a reservation:
interface ethernet 0
ip rsvp neighbor 1
Command Description
ip rsvp sender Enables a router to simulate receiving and forwarding RSVP PATH
messages.
ip rsvp udp-multicasts Instructs the router to generate UDP-encapsulated RSVP multicasts
whenever it generates an IP-encapsulated multicast packet.
random-detect (interface) Enables WRED or DWRED.
show ip rsvp installed Displays RSVP-related installed filters and corresponding bandwidth
information.
show ip rsvp interface Displays RSVP-related interface information.
show ip rsvp neighbor Displays current RSVP neighbors.
show ip rsvp reservation Displays RSVP-related receiver information currently in the database.
show ip rsvp sender Displays RSVP PATH-related sender information currently in the
database.
Command Default The default state is OFF, causing all adjudicable RSVP messages to be processed by the configured
COPS policy.
Usage Guidelines When this command is used, COPS does not attempt to adjudicate PATHERROR and RESVERROR
messages. Instead, those messages are all accepted and forwarded.
Examples In the following example, COPS authentication is restricted to PATH and RESV messages:
ip rsvp policy cops minimal
Command Default The default state of this command is to send reports to the Policy Decision Point (PDP) about
configuration decisions only.
Usage Guidelines In the default state, the router reports to the PDP when the router has succeeded or failed to implement
Resource Reservation Protocol (RSVP) configuration decisions.
A configuration decision contains at least one of the following:
• A RESV ALLOC context (with or without additional contexts)
• A stateless or named decision object
A decision that does not contain at least one of those elements is an outsourcing decision.
Some brands of policy server might expect reports about RSVP messaging, which the default state of the
Cisco Common Open Policy Service (COPS) for RSVP does not issue. In such cases, use the ip rsvp
policy cops report-all command to ensure interoperability between the router and the policy server.
Doing so does not adversely affect policy processing on the router.
Unicast FF reservation requests always stimulate a report from the router to the PDP, because those
requests contain a RESV ALLOC context (combined with an IN CONTEXT and an OUT CONTEXT).
Examples In order to show the Policy Enforcement Point (PEP)-to-PDP reporting process, the debug cops
command in the following example already is enabled when a new PATH message arrives at the router:
Router(config)# ip rsvp policy cops report-all
Syntax Description acl (Optional) Specifies the access control list (ACL) whose sessions will be
governed by the COPS policy.
server-ip (Optional) Specifies the IP addresses of the servers governing the COPS
policy. As many as eight servers can be specified, with the first being
treated as the primary server.
Command Default If no ACL is specified, the default behavior is for all reservations to be governed by the specified policy
servers.
Usage Guidelines If more than one server is specified, the first server is treated by RSVP as the primary serer, and functions
as such for all ACLs specified.
All servers in the list must have the same policy configuration.
If the connection of the router to the server breaks, the router tries to reconnect to that same server. If
the reconnection attempt fails, the router then obeys the following algorithm:
If the connection to the Policy Decision Point (PDP) is closed (either because the PDP closed the
connection, a TCP/IP error occurred, or the keepalives failed), the Policy Enforcement Point (PEP)
issues a CLIENT-CLOSE message and then attempts to reconnect to the same PDP. If the PEP receives
a CLIENT-CLOSE message containing a PDP redirect address, the PEP attempts to connect to the
redirected PDP.
Examples This first example applies the COPS policy residing on server 172.27.224.117 to all reservations passing
through router-9. It also identifies the backup COPS server for this router as the one at address
172.27.229.130:
Router(config)# ip rsvp policy cops servers 172.27.224.117 172.27.229.130
The next example applies the COPS policy residing on server 172.27.224.117 to reservations passing
through router-9 only if they match access lists 40 and 160. Other reservations passing through that
router will not be governed by this server. The command statement also identifies the backup COPS
server for that router to be the one at address 172.27.229.130:
Router(config)# ip rsvp policy cops 40 160 servers 172.27.224.117 172.27.229.130
The following example turns off COPS for the previously specified access lists 40 and 160 (you cannot
turn off just one of the previously specified lists):
Router(config)# no ip rsvp policy cops 40 160 servers
Examples The following example configures the router to time out all policy information relating to a lost server
in 10 minutes:
ip rsvp policy cops timeout 600
Command Default Without this command, the default behavior of Resource Reservation Protocol (RSVP) is to accept,
install, or forward all unmatched RSVP messages. Once this command is invoked, all unmatched RSVP
messages are rejected.
Usage Guidelines If COPS is configured without an ACL, or if any policy ACL is configured to use the permit ip any any
command, the behavior of that ACL will take precedence, and no session will go unmatched.
Note This command makes one exception to its blocking of unmatched messages. It forwards RESVERROR
and PATHERROR messages that were generated by its own rejection of RESV and PATH messages. That
is done to ensure that the default-reject operation does not remain totally hidden from network managers.
Caution Be extremely careful with this command. It will shut down all RSVP processing on the router if access
lists are too narrow or if no Common Open Policy Service (COPS) server has been specified. (Use the
ip rsvp policy cops servers command to specify a COPS server.)
Examples The following example configures RSVP to reject all unmatched reservations:
ip rsvp policy default-reject
Syntax Description alias A string used within the router to reference the identity in RSVP
configuration commands and show displays. The string can have as many as
64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator string
itself, you must type the CTRL/V key sequence before entering the
embedded “ ”or ? characters. The alias is never transmitted to other
routers.
policy-locator locator A string that is signaled in RSVP messages and contains application IDs in
X.500 Distinguished Name (DN) format. (See the “Usage Guidelines”
section for detailed information.)
Command Default This command is disabled by default; therefore, no RSVP application identities are defined.
Usage Guidelines You can use RSVP identities as criteria for matching RSVP PATH and RESV messages to local policies.
Identities can also be used to configure static senders and receivers. When you use an RSVP identity as
the match criterion for a local policy, RSVP treats the policy locator string as a type of pattern-matching
string known as a regular expression. Regular expressions allow you to configure a single identity for
use with a local policy that can match multiple X.500 DNs. Regular expressions, by default, are not exact
matches unless you add appropriate control characters to the expression to force it to be an exact match.
In Cisco IOS software, the locator is the primary piece of information that the router uses to find the
correct policy to apply to RSVP messages that contain application IDs. This string assumes the format
of an X.500 DN and includes the following attributes as recommended in RFC 2872:
• APP = Application identifier, a required attribute.
• VER = Version number of the application, a required attribute.
Command Restrictions
• User identities are not supported in Cisco IOS Release 12.4(6)T.
• You cannot configure a single router with more than 100 identities at a time.
ip rsvp policy local {acl acl1 [acl2...acl8] | dscp-ip value1 [value2...value8] | default | identity
alias1 [alias2...alias4] | origin-as as1 [as2...as8]}
no ip rsvp policy local {acl acl1 [acl2...acl8] | dscp-ip value1 [value2...value4] | default | identity
alias1 [alias2...alias4] | origin-as as1 [as2...as8]}
Syntax Description acl acl1 [acl2...acl8] Specifies an access control list (ACL). Values for each ACL are 1 to 199.
Note You must associate at least one ACL with an ACL-based policy.
However, you can associate as many as eight.
dscp-ip value1 Specifies the differentiated services code point (DSCP) for matching
[value2...value8] aggregate reservations. Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
Note You must associate at least one DSCP with a DSCP-based policy.
However, you can associate as many as eight.
default Specifies a default when an RSVP message does not match any ACL, DSCP,
identity, or autonomous system.
identity alias1 Specifies an application ID alias for an application ID previously
[alias2...alias4] configured using the ip rsvp policy identity command.
Note You must associate at least one alias with an application-ID-based
policy. However, you can associate as many as four.
origin-as as1 Specifies an autonomous system. Values for each autonomous system are
[as2...as8] 1 to 65535.
Note You must associate at least one autonomous system with an
autonomous-system-based policy. However, you can associate as
many as eight.
Command Default This command is disabled by default; therefore, no local policies are configured.
Usage Guidelines Use the ip rsvp policy local command to determine how to perform authorization on RSVP requests.
Note Before entering the origin-as as keyword and argument combination, you must have Border Gateway
Protocol (BGP) running; otherwise, an RSVP warning message appears stating that the
autonomous-system-based policy will be ineffective.
You can use all types of match criteria with non-Traffic-Engineering (TE) reservations. You can use all
types of match criteria except application ID with TE reservations because TE PATH and RESV
messages sent by Cisco routers do not contain application IDs.
There are five types of local policies—one default local policy, one or more ACL-based policies, one or
more autonomous-system-based policies, one or more application-ID-based policies, and one or more
DSCP-based policies. The default policy is used when an RSVP message does not match any ACL-,
autonomous-system-, application-ID-, or DSCP-based policies.
You can configure a mixture of local policy types including ACL, autonomous system, application ID,
DSCP, or default on the same interface or globally. Policies have the following priority (from highest to
lowest):
• Nondefault interface policies
• Default interface policy
• Nondefault global policies
• Global default policy
Note If you configure an ACL to use with a TE tunnel, do not use 0 as the protocol because RSVP cannot
accept any messages since they do not match the ACL.
Policy-Match Criteria
Note You cannot specify a policy-match criteria more than once using the ip rsvp policy local command.
An ACL-based policy must have at least one ACL associated with it, but it can optionally have up to
eight ACLs. The ACLs can be standard or extended IP ACLs. They are matched against
source/destination addresses/ports based on RSVP objects inside RSVP signaling messages as described
below.
• ACL source address—Matched against the source address in the SENDER_TEMPLATE object in
RSVP messages. If this object is not present, the source address in the IP header is used.
• ACL destination address—Matched against the destination address in the SESSION object in RSVP
messages. If this object is not present, the destination address in the IP header is used.
• ACL source port—Matched against the source port in the SENDER_TEMPLATE object in RSVP
messages. If this object is not present, the source port of 0 is used.
• ACL destination port—Matched against the destination port in the SESSION object in RSVP
messages. If this object is not present, the destination port of 0 is used.
• ACL IP protocol—Matched against the IP protocol in the SESSION object in RSVP messages. If
this object is not present, the IP protocol of 0 is used. If the IP protocol is for a TE session, then the
ACL IP protocol should be UDP.
• ACL differentiated services code point (DSCP) values—Matched against the DSCP value in the IP
header of the RSVP message.
Note These same policy-match criteria apply when you create ACLs for the debug ip rsvp filter command
except the command does not use DSCP and the protocol is ignored for TE sessions.
An autonomous-system-based policy must have at least one autonomous system associated with it, but
it can optionally have up to eight autonomous systems. They are matched against the incoming
interface/source IP address contained in RSVP objects inside RSVP signaling messages, not on the IP
headers of the RSVP messages.
An application-ID-based policy must have at least one application ID associated with it, but it can
optionally have up to four application IDs. They are matched against the incoming interface/source IP
address contained in RSVP objects inside RSVP signaling messages, not on the IP headers of the RSVP
messages.
A DSCP-based policy must have at least one DSCP associated with it, but it can optionally have up to
four DSCPs. RSVP extracts the DSCP from the aggregate message SESSION object and applies the local
policy that matches the DSCP criteria.
Command Restrictions
• You cannot configure more than 300 local policies per router. This limit is independent of policy
location (global or per interface) or match criteria such as application IDs, access control lists, or
autonomous systems.
• You cannot configure a single local policy with more than four RSVP identities.
CLI Submodes
Once you type the ip rsvp policy local command, you enter the local policy CLI submode where you
define the properties of the local policy that you are creating.
Note The local policy that you create automatically rejects all RSVP messages unless you enter a submode
command that instructs RSVP on the types of messages to accept or forward.
– resv—Accepts and forwards RESV messages that meet the match criteria for this policy. If you
omit this command, RESV messages that meet the match criteria are not forwarded to the previous
(upstream) hop.
– resv-error—Accepts and forwards RESVERROR messages that meet the match criteria for this
policy. If you omit this command, the RESVERROR messages that meet the match criteria are
not forwarded to the next (downstream) hop. You may want to reject outbound RESVERROR
messages if you are receiving RESV messages from an untrusted node because someone could
be trying to port-scan for RSVP. If you reply with a RESVERROR message, then the untrusted
node knows that you support RSVP and your IP address. Such information could be used to
attempt RSVP-based attacks.
• local-override—Overrides any other policy sources by enforcing this local policy. Finalizes any
decisions by this policy. If local-override is omitted, RSVP holds onto the local policy decision to
see if another local or remote policy exists that will make a decision on the RSVP message, and only
if there is no other policy decision will the local policy decision be enforced.
• maximum [bandwidth [group x] [single y] | senders n]—Sets the limits for resources.
– bandwidth [group x] [single y]—Indicates bandwidth limits for RSVP reservations. The group
keyword specifies the amount of bandwidth that can be requested by all reservations covered by this
policy. The single keyword specifies the maximum bandwidth that can be requested by any specific
RSVP reservation covered by this policy. The x and y values are in kilobits per second and can range
from 1 to 10,000,000 (similar in concept to the existing interface mode ip rsvp bandwidth
command). Absence of a bandwidth command implies that there is no policy limit on bandwidth
requests.
Previously, the maximum bandwidth command applied only to PATH messages. However, as
part of the application ID enhancement, this command now applies only to RESV messages.
This change has the following benefits:
Allows the local policy bandwidth limit to be used by RSVP’s admission control process for
both shared and nonshared reservations. Previous releases that performed group bandwidth
checks on PATH messages could not account for bandwidth sharing, and, as a result, you had to
account for sharing by creating a larger maximum group bandwidth for the policy.
Allows a local policy to trigger preemption during the admission control function if there is
insufficient policy bandwidth to meet the needs of an incoming RESV message.
– senders n—Limits the number of RSVP senders affected by this policy that can be active at the same
time on this router. The value for n ranges from 1 to 50,000 with a default of 1000.
Note If you do not configure the ip rsvp policy preempt command, the maximum command may
be rejected, resulting in the following error message: “RSVP error: insufficient preemptable
bandwidth” if there are reservations admitted against the policy, and you try to reduce the
group bandwidth to less than the amount of admitted bandwidth on the policy.
The x value indicates the upper limit of the priority for TE reservations. The range of x values is
0 to 7 in which the smaller the number, the higher the reservation’s priority. For non-TE reservations,
the range of x values is 0 to 65535 in which the higher the number, the higher the reservation’s
priority.
The setup-priority argument indicates the priority of a reservation when it is initially installed. The
optional hold-priority argument indicates the priority of a reservation after it has been installed; if
omitted, it defaults to the setup-priority. Values for the setup-priority and hold-priority arguments
range from 0 to 7 where 0 is considered the highest priority.
If the incoming message has a preemption priority that requests a priority higher than the policy
allows, the message is rejected. Use the tunnel mpls traffic-eng priority command to configure
preemption priority for TE tunnels.
A single policy can contain a preempt-priority traffic-eng and a preempt-priority command,
which may be useful if the policy is bound to an ACL that identifies a subnet containing a mix of
TE and non-TE endpoints or midpoints.
Note If you exit local policy configuration mode without entering any submode commands, the policy that
you have created rejects all RSVP messages.
Application-ID-Based Policy
RSVP matches incoming RSVP messages with IDs to configured IDs and policies. The following
example configures a global RSVP local policy that limits voice calls to 200 kbps for the whole router
regardless of which interface the RSVP signaling occurs on:
Router# configure terminal
Router(config)# ip rsvp policy local identity rsvp-voice policy-locator
"GUID=www.cisco.com, APP=Voice"
Router(config)# ip rsvp policy local identity rsvp-voice
Router(config-rsvp-local-policy)# forward all
Router(config-rsvp-local-policy)# maximum bandwidth group 200
Router(config-rsvp-local-policy)# end
DSCP-Based Policy
The following example configures a local policy to match RSVP aggregation reservations with an RSVP
session object DSCP value of 46 and sets the preempt-priority with a setup and hold priority equal to 5.
Router# configure terminal
Router(config)# ip rsvp policy local dscp-ip 46
Router(config-rsvp-local-policy)# forward all
Router(config-rsvp-local-policy)# preempt-priority 5 5
Router(config-rsvp-local-policy)# end
Command Default RSVP does not reassign bandwidth from lower-priority reservations to higher-priority reservations.
Usage Guidelines Use the ip rsvp policy preempt command to enable or disable the preemption parameter for all
configured local and remote policies without setting the preemption parameter for each policy
individually. This command allows you to give preferential quality of service (QoS) treatment to one
group of RSVP hosts or applications over another.
ip rsvp pq-profile
To specify the criteria for Resource Reservation Protocol (RSVP) to use to determine which flows to
direct into the priority queue (PQ) within weighted fair queueing (WFQ), use the ip rsvp pq-profile
command in global configuration mode. To disable the specified criteria, use the no form of this
command.
no ip rsvp pq-profile
Syntax Description voice-like (Optional) Indicates pq-profile parameters sufficient for most voice flows.
The default values for r’, b’, and p-to-r’ are used. These values should cause
all voice flows generated from Cisco IOS applications and most voice flows
from other RSVP applications, such as Microsoft NetMeeting, to be
directed into the PQ.
r’ (Optional) Indicates maximum rate of a flow in bytes per second. Valid
range is from 1 to 1048576 bytes per second.
b’ (Optional) Indicates maximum burst of a flow in bytes. Valid range is
from 1 to 8192 bytes.
p-to-r’ (Optional) Indicates maximum ratio of peak rate to average rate as a
percentage. Valid range is from 100 to 4000 percent.
ignore-peak-value (Optional) Indicates that the peak rate to average rate ratio of the flow is not
evaluated when RSVP identifies flows.
Command Default The default value for r’ is 12288 bytes per second.
The default value for b’ is 592 bytes.
The default value for p-to-r’ is 110 percent.
Usage Guidelines Use this command to define the profile of RSVP flows to be placed in the PQ within the WFQ system.
You can have only one profile in effect at a time. Changes to this configuration affect only new flows,
not existing flows.
This command applies only on interfaces that are running RSVP and WFQ.
RSVP recognizes voice flows based upon the r, b, and p values within the flowspec of a receiver. A
reserved flow is granted to the PQ as long as the flowspec parameters of a receiver meet the following
default criteria:
(r <= r’) AND (b <= b’) AND (p/r <= p-to-r’)
Examples In the following example, voice-like flows (with the default criteria for voice) are put into the PQ:
Router(config)# ip rsvp pq-profile
Router(config)# ip rsvp pq-profile voice-like
Router(config)# ip rsvp pq-profile 12288 592 110
Router(config)# default ip rsvp pq-profile
Router# show running-config | include pq-profile
In the following example, all flows matching the voice criteria are put into the PQ:
Router(config)# ip rsvp pq-profile 10240 512 100
Router# show running-config | include pq-profile
no ip rsvp pq-profile
In the following example, flows with the criteria given for r’ and b’ and the default value for p-to-r’ are
put into the PQ:
Router(config)# ip rsvp pq-profile 9000 300
Router# show running-config | include pq-profile
In the following example, flows with the criteria given for r’ and b’ and ignoring the peak value of the
flow are put into the PQ:
Router(config)# ip rsvp pq-profile 9000 300 ignore-peak-value
Router# show running-config | include pq-profile
In the following example, Microsoft NetMeeting voice flows with G.711 or adaptive differential pulse
code modulation (ADPCM) codecs are put into the PQ:
Router(config)# ip rsvp pq-profile 10200 1200
ip rsvp precedence
To enable the router to mark the IP Precedence value of the type of service (ToS) byte for packets in a
Resource Reservation Protocol (RSVP) reserved path using the specified values for packets that either
conform to or exceed the RSVP flowspec, use the ip rsvp precedence command in interface
configuration mode. To remove existing IP Precedence settings, use the no form of this command.
Syntax Description conform precedence-value Specifies an IP Precedence value in the range from 0 to 7 for traffic that
conforms to the RSVP flowspec. The IP Precedence value is written to
the three high-order bits (bits 5 to 7) of the ToS byte in the IP header of
a packet. Either the conform or exceed keyword is required; both
keywords may be specified.
When used with the no form of the command, the conform keyword is
optional.
exceed precedence-value Specifies an IP Precedence value in the range from 0 to 7 for traffic that
exceeds the RSVP flowspec. The IP Precedence value is written to the
three high-order bits (bits 5 to 7) of the ToS byte in the IP header of a
packet. Either the conform or exceed keyword is required; both
keywords may be specified.
When used with the no form of the command, the exceed keyword is
optional.
Command Default The IP Precedence bits of the ToS byte are left unmodified when this command is not used. The default
state is equivalent to execution of the no ip rsvp precedence command.
Usage Guidelines Packets in an RSVP reserved path are divided into two classes: those that conform to the reservation
flowspec and those that correspond to a reservation but that exceed, or are outside, the reservation
flowspec.
The ip rsvp precedence command allows you to set the IP Precedence values to be applied to packets
belonging to these two classes. You must specify the IP Precedence value for at least one class of traffic
when you use this command. You can use a single instance of the command to specify values for both
classes, in which case you can specify the conform and exceed keywords in either order.
As part of its input processing, RSVP uses the ip rsvp precedence command to set the IP Precedence
bits on conforming and nonconforming packets. If per-VC DWRED is configured, the system uses the
IP Precedence and ToS bit settings on the output interface in its packet drop process. The IP Precedence
setting of a packet can also be used by interfaces on downstream routers.
Execution of the ip rsvp precedence command causes IP Precedence values for all preexisting
reservations on the interface to be modified.
Note RSVP must be enabled on an interface before you can use this command; that is, use of the ip rsvp
bandwidth command must precede use of the ip rsvp precedence command. RSVP cannot be
configured with VIP-distributed Cisco Express Forwarding (dCEF).
RSVP receives packets from the underlying forwarding mechanism. Therefore, before you use
the ip rsvp precedence command to set IP Precedence, one of the following features is required:
• Weighted fair queueing (WFQ) must be enabled on the interface.
• RSVP switched virtual circuits (SVCs) must be used.
• NetFlow must be configured to assist RSVP.
Note Use of the no form of this command is not equivalent to giving the ip rsvp precedence 0 command,
which sets all precedence on the packets to 0, regardless of previous precedence setting.
Examples The following example sets the IP Precedence value to 3 for all traffic on the ATM interface 0 that
conforms to the RSVP flowspec and to 2 for all traffic that exceeds the flowspec:
interface atm0
ip rsvp precedence conform 3 exceed 2
The following example sets the IP Precedence value to 2 for all traffic on ATM interface 1 that conforms
to the RSVP flowspec. The IP Precedence values of those packets that exceed the flowspec are not
altered in any way.
interface ATM1
ip rsvp precedence conform 2
ip rsvp qos
To enable Resource Reservation Protocol (RSVP) quality of service (QoS) flows on a router running
Multiprotocol Label Switching Traffic Engineering (MPLS TE), use the ip rsvp qos command in global
configuration mode. To disable RSVP QoS flows, use the no form of this command.
ip rsvp qos
no ip rsvp qos
Usage Guidelines If RSVP QoS flows and MPLS TE are enabled, the router processes and installs RSVP label-switched
path (LSP) and IPv4 messages such as PATH and RESV. If RSVP QoS flows and MPLS TE are then
disabled with IPv4 and LSP states installed, all installed IPv4 states are immediately cleared. LSP states
remain unmodified. Further refreshes or new IPv4 RSVP messages are forwarded unmodified.
Use the show ip rsvp command to see the status of the ip rsvp qos command.
Examples The following example configures RSVP QoS flows on a router running MPLS TE:
Router(config)# ip rsvp qos
ip rsvp reservation
To enable a router to simulate receiving Resource Reservation Protocol (RSVP) RESV messages from a
downstream host, use the ip rsvp reservation command in global configuration mode. To disable this
function, use the no form of this command.
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, this is the IP multicast address of the session.
sender-ip-address IP address of the sender.
tcp | udp | ip-protocol TCP, UDP, or IP protocol in the range from 0 to 255.
session-d-port The session-d-port argument is the destination port. The sender-s-port
sender-s-port argument is the source port. Port numbers are specified in all cases,
because the use of 16-bit ports following the IP header is not limited to
UDP or TCP. If the destination is zero, the source must be zero, and the
implication is that ports are not checked. If the destination is nonzero, the
source must be nonzero (except for wf reservations, for which the source
port is always ignored and can therefore be zero).
next-hop-ip-address Hostname or address of the receiver or the router closest to the receiver.
next-hop-interface Next-hop interface or subinterface type and number. Interface type can be
ethernet, loopback, null, or serial.
ff | se | wf Reservation style:
• Fixed Filter (ff) is single reservation.
• Shared Explicit (se) is shared reservation, limited scope.
• Wildcard Filter (wf) is shared reservation, unlimited scope.
rate | load QoS guaranteed bit rate service or controlled load service.
bandwidth Average bit rate, in kbps, to reserve up to 75 percent of the total on the
interface. The range is from 1 to 10000000.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to
65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can
have as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator
string itself, you must type the CTRL/V key sequence before
entering the embedded “ ” or ? characters. The alias is never
transmitted to other routers.
Command Default The router does not simulate receiving RSVP RESV messages.
Usage Guidelines Use the ip rsvp reservation command to make the router simulate receiving RSVP RESV messages
from a downstream host and to proxy RSVP RESV messages for that host. By giving a local (loopback)
next-hop address and next-hop interface, you can also use this command to proxy RSVP for the router
that you are configuring or you can use the ip rsvp reservation-host command.
An alias must reference an RSVP identity that you created by using the ip rsvp identity command. The
policy-locator string associated with this identity is signaled in the RESV message. This identity
overrides any application ID that is contained in the matching PATH message.
If the matching PATH message has an application ID, but you have not specified an application ID using
the ip rsvp reservation command, the RESV message will not contain an application ID. However, the
RESV message proxied by the ip rsvp listener command does put the matching PATH message
application ID into the proxied RESV message.
Examples The following example specifies the use of a Shared Explicit style of reservation and the controlled load
service, with token buckets of 100 or 150 kbps and 60 or 65 kbytes maximum queue depth:
Router(config)# ip rsvp reservation 239.250.0.2 172.16.1.1 udp 20 30 172.16.4.1 Ethernet1
se load 100 60
The following example specifies the use of a Wildcard Filter style of reservation and the guaranteed bit
rate service, with token buckets of 300 or 350 kbps, 60 or 65 kbytes maximum queue depth, and an
application ID:
Router(config)# ip rsvp reservation 239.250.0.3 0.0.0.0 udp 20 0 172.16.4.1 Ethernet1 wf
rate 300 60 identity xyz
Note that the wildcard filter does not admit the specification of the sender; it accepts all senders. This
action is denoted by setting the source address and port to zero. If, in any filter style, the destination port
is specified to be zero, RSVP does not permit the source port to be anything else; it understands that such
protocols do not use ports or that the specification applies to all ports.
ip rsvp reservation-host
To enable a router to simulate a host generating Resource Reservation Protocol (RSVP) RESV messages,
use the ip rsvp reservation-host command in global configuration mode. To disable this function, use
the no form of this command.
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver. IP
multicast addresses cannot be used with this argument. It must be a
logical address configured on an interface on the router that you are
configuring.
sender-ip-address IP address of the sender.
tcp | udp | ip-protocol TCP, UDP, or IP protocol in the range from 0 to 255.
session-d-port The session-d-port argument is the destination port. The sender-s-port
sender-s-port argument is the source port. Port numbers are specified in all cases,
because the use of 16-bit ports following the IP header is not limited to
UDP or TCP. If the destination is zero, the source must be zero, and the
implication is that ports are not checked. If the destination is nonzero, the
source must be nonzero (except for wf reservations, for which the source
port is always ignored and can therefore be zero).
ff | se | wf Reservation style:
• Fixed Filter (ff) is single reservation.
• Shared Explicit (se) is shared reservation, limited scope.
• Wildcard Filter (wf) is shared reservation, unlimited scope.
rate | load QoS guaranteed bit rate service or controlled load service.
bandwidth Average bit rate, in kbps, to reserve up to 75 percent of the total on the
interface. The range is from 1 to 10000000.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to
65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can
have as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator
string itself, you must type the CTRL/V key sequence before
entering the embedded “ ” or ? characters. The alias is never
transmitted to other routers.
Command Default The router does not simulate a host generating RSVP RESV messages.
Usage Guidelines Use the ip rsvp reservation-host command to make a router simulate a host generating its own RSVP
RESV messages. This command is similar to the ip rsvp reservation command, which can cause a
router to generate RESV messages on behalf of another host. The main differences between the ip rsvp
reservation-host and ip rsvp reservation commands follow:
• When you enter the ip rsvp reservation-host command, the session-ip-address argument must be a
local address configured on an interface on the router. Therefore, you cannot proxy a reservation on
behalf of a flow that is destined for another host. Also, you cannot use this command to generate
reservation messages for multicast sessions.
• Because the message is assumed to originate from the router that you are configuring, you do not
specify a next-hop or incoming interface for the RSVP RESV message when entering the ip rsvp
reservation-host command.
• Use the ip rsvp reservation-host command for debugging and testing purposes because you cannot
use it to proxy RSVP for non-RSVP-capable hosts or for multicast sessions.
An alias must reference an RSVP identity that you created by using the ip rsvp identity command. The
policy-locator string associated with this identity is signaled in the RESV message. This identity
overrides any application ID that is contained in the matching PATH message.
If the matching PATH message has an application ID, but you have not specified an application ID using
the ip rsvp reservation-host command, the RESV message does not contain an application ID.
However, the RESV message proxied by the ip rsvp listener command does put the matching PATH
message application ID into the proxied RESV message.
Examples The following example specifies the use of a Shared Explicit style of reservation and the controlled load
service, with token buckets of 100 or 150 kbps, 60 or 65 kbps maximum queue depth, and an application
ID:
Router(config)# ip rsvp reservation-host 10.1.1.1 10.30.1.4 udp 20 30 se load 100 60
identity xyz
Command Description
ip rsvp sender-host Enables a router to simulate a host generating RSVP PATH messages.
show ip rsvp installed Displays RSVP-related bandwidth information.
show ip rsvp interface Displays RSVP-related interface information.
show ip rsvp neighbor Displays current RSVP neighbors.
show ip rsvp policy Displays selected RSVP identities in a router configuration.
identity
show ip rsvp Displays RSVP RESV-related receiver information currently in the
reservation database.
show ip rsvp sender Displays RSVP PATH-related sender information currently in the
database.
ip rsvp resource-provider
To configure a resource provider for an aggregate flow, use the ip rsvp resource-provider command in
interface configuration mode. To disable a resource provider for an aggregate flow, use the no form of
this command.
no ip rsvp resource-provider
Syntax Description none No resource provider specified regardless of whether one is configured on
the interface.
wfq interface Weighted fair queueing (WFQ) specified as the resource provider on the
interface.
wfq pvc WFQ specified as the resource provider on the permanent virtual circuit
(PVC) or connection.
Command Default The wfq interface is the default resource provider that Resource Reservation Protocol (RSVP)
configures on the interface.
Usage Guidelines Use the ip rsvp resource-provider command to configure the resource provider with which you want
RSVP to interact when it installs a reservation.
To ensure that a flow receives quality of service (QoS) guarantees when using WFQ on a per-flow basis,
configure wfq interface or wfq pvc as the resource provider. To ensure that a flow receives QoS
guarantees when using class-based weighted fair queueing (CBWFQ) for data packet processing,
configure none as the resource provider.
Examples In the following example, the ip rsvp resource-provider command is configured with wfq interface or
wfq pvc as the resource provider, ensuring that a flow receives QoS guarantees when using WFQ on a
per-flow basis:
Router# configure terminal
Router(config)# interface atm6/0
Router(config-if)# ip rsvp resource-provider wfq pvc
In the following example, the ip rsvp resource-provider command is configured with none as the
resource provider, ensuring that a flow receives QoS guarantees when using CBWFQ for data packet
processing:
Router# configure terminal
Router(config)# interface atm6/0
Router(config-if)# ip rsvp resource-provider none
ip rsvp sender
To enable a router to simulate receiving Resource Reservation Protocol (RSVP) PATH messages, use the
ip rsvp sender command in global configuration mode. To disable this function, use the no form of this
command.
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, it is the IP multicast address of the session.
sender-ip-address IP address of the sender.
tcp | udp | ip-protocol TCP, UDP, or IP protocol in the range from 0 to 255.
session-d-port The session-d-port argument is the destination port. The sender-s-port
sender-s-port argument is the source port. Port numbers are specified in all cases,
because the use of 16-bit ports following the IP header is not limited to
UDP or TCP. If the destination is zero, the source must be zero, and the
implication is that ports are not checked. If the destination is nonzero, the
source must be nonzero.
previous-hop-ip-address Address of the sender or the router closest to the sender.
previous-hop-interface Previous-hop interface or subinterface. Interface type can be ethernet,
loopback, null, or serial.
bandwidth Average bit rate, in kbps, to reserve up to 75 percent of the total on the
interface. The range is from 1 to 10000000.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to
65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can
have as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the alias or locator
string itself, you must type the CTRL/V key sequence before
entering the embedded “ ” or ? characters. The alias is never
transmitted to other routers.
Command Default The router does not simulate receiving RSVP PATH messages.
Usage Guidelines Use the ip rsvp sender command to make the router simulate that it is receiving RSVP PATH messages
from an upstream host and to proxy RSVP PATH messages from that host. By including a local
(loopback) previous-hop address and previous-hop interface, you can also use this command to proxy
RSVP for the router that you are configuring.
An alias must reference an RSVP identity that you created by using the ip rsvp identity command. The
policy-locator string associated with this identity is supplied in the PATH message.
Examples The following example sets up the router to act as though it is receiving RSVP PATH messages using
UDP over loopback interface 1:
Router(config)# ip rsvp sender 239.250.0.1 172.16.2.1 udp 20 30 172.16.2.1 loopback 1 50 5
identity xyz
ip rsvp sender-host
To enable a router to simulate a host generating a Resource Reservation Protocol (RSVP) PATH
message, use the ip rsvp sender-host command in global configuration mode. To disable this function,
use the no form of this command.
Syntax Description session-ip-address For unicast sessions, this is the address of the intended receiver; for
multicast sessions, it is the IP multicast address of the session.
sender-ip-address IP address of the sender. It must be a logical address configured on an
interface on the router that you are configuring.
tcp | udp | ip-protocol TCP, UDP, or IP protocol in the range from 0 to 255.
session-d-port The session-d-port argument is the destination port. The sender-s-port
sender-s-port argument is the source port. Port numbers are specified in all cases, because
the use of 16-bit ports following the IP header is not limited to UDP or TCP.
If the destination is zero, the source must be zero, and the implication is that
ports are not checked. If the destination is nonzero, the source must be
nonzero.
bandwidth Average bit rate, in kbps, to reserve up to 75 percent of the total on the
interface. The range is from 1 to 10000000.
burst-size Maximum burst size (kbps of data in queue). The range is from 1 to 65535.
identity alias (Optional) Specifies an application ID alias. An alias is a string that can have
as many as 64 printable characters (in the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the string itself, you must
type the CTRL/V key sequence before entering the embedded “ ” or
? characters. The alias is never transmitted to other routers.
Command Default The router does not simulate RSVP PATH message generation.
Usage Guidelines Use the ip rsvp sender-host command to make a router simulate a host generating its own RSVP PATH
messages. This command is similar to the ip rsvp sender command, which can cause a router to generate
RSVP PATH messages on behalf of another host. The main differences between the ip rsvp sender-host
and ip rsvp sender commands follow:
• When you enter the ip rsvp sender-host command, the sender-ip-address argument must be a local
address configured on an interface of the router.
• Because the message is assumed to originate from the router that you are configuring, you do not
specify a previous-hop or incoming interface for the RSVP PATH message when entering the ip rsvp
sender-host command.
• Use the ip rsvp sender-host command for debugging and testing purposes because you cannot use
it to proxy RSVP for non-RSVP-capable hosts.
An alias must reference an RSVP identity that you created by using the ip rsvp identity command. The
policy-locator string associated with this identity is signaled in the RESV message. This identity
overrides any application ID that is contained in the matching PATH message.
Examples The following example sets up the router to act like a host that sends traffic to the given address:
Router(config)# ip rsvp sender-host 10.0.0.7 10.0.0.1 udp 1 1 10 10 identity xyz
Syntax Description value A number for the DSCP. Range is from 0 to 63. Default is 0.
Usage Guidelines You configure the DSCP per interface, not per flow. The DSCP determines the priority that a packet
receives from various hops as it travels to its destination.
The DSCP applies to all RSVP flows installed on a specific interface. You can configure each interface
independently for DSCP.
Examples Here is an example of the ip rsvp signalling dscp command with a DSCP value of 6
Router(config-if)# ip rsvp signalling dscp 6
Router(config-if)# end
To verify the DSCP value, enter the show ip rsvp interface detail command:
Router# show ip rsvp interface serial2/0 detail
Se2/0:
Bandwidth:
Curr allocated:10K bits/sec
Max. allowed (total):1536K bits/sec
Max. allowed (per flow):1536K bits/sec
Neighbors:
Using IP enacp:1. Using UDP encaps:0
DSCP value used in Path/Resv msgs:0x6
Burst Police Factor:300%
RSVP:Data Packet Classification provided by: none
Syntax Description number Total number of notifications to be sent. The range is 10 to 10000. The
default is 1000.
Command Default There are always notifications sent by the routing information base (RIB) and processed by RSVP. If this
command is not configured, RSVP processes 1000 notifications, suspends, then resumes processing of
another 1000 notifications, and so on.
Usage Guidelines Upon a route change, RIB builds a list of notifications, one per affected flow, and notifies RSVP by
sending an event including these notifications. Therefore, these events can contain thousands of elements
depending on the number of path state blocks (PSBs) affected.
RSVP processes, by default, 1000 notifications at a time and then suspends if required, to prevent the
CPU from being overwhelmed. However, you can configure this number using the ip rsvp signalling
fast-local-repair notifications command.
Examples The following example configures the number of flows that are repaired before RSVP suspends to 100:
Router(config)# ip rsvp signalling fast-local-repair notifications 100
Command Description
ip rsvp signalling Configures the delay that RSVP uses to start an FLR procedure.
fast-local-repair
wait-time
show ip rsvp signalling Displays FLR-specific information maintained by RSVP.
fast-local-repair
Syntax Description rate FLR rate for PATH state refresh and repair, in messages per second
(msg/sec). The range is 0 to 5000. The default is 400.
Command Default If this command is not configured, the RSVP message pacing rate is used.
Note The RSVP message pacing rate is enabled by default in Cisco IOS Release 12.2 and later.
Usage Guidelines The default repair rate is based on the RSVP message pacing rate.
If you configure the FLR rate by using the ip rsvp signalling fast-local-repair rate command, and
RSVP message pacing is enabled, the minimum between the FLR rate and the RSVP message pacing
rate takes effect. If you disable the RSVP rate limit by using the no ip rsvp signalling rate-limit
command, then the FLR rate is used. However, if you disable the RSVP rate limit and do not configure
an FLR rate, then RSVP performs no message pacing and messages are sent back-to-back. This action
is not recommended because the point of local repair (PLR) may flood the downstream node with PATH
messages causing some of them to be dropped.
The repair rate is determined at notification time, and this same rate is used during the time of the repair
even if you change either the RSVP message pacing rate or the FLR rate during this time.
Examples The following example configures a repair rate of 100 messages per second:
Router(config)# ip rsvp signalling fast-local-repair rate 100
Syntax Description interval Amount of time before an FLR procedure begins, in milliseconds (ms). The
range is 0 to 5000 ms. The default is 0.
Usage Guidelines Use the ip rsvp signalling fast-local-repair wait-time command to configure the delay desired in
starting an FLR procedure. If you do not configure a delay, then path refreshes are triggered immediately
after RSVP receives a route change notification from the routing information base (RIB).
Usage Guidelines To enable hello globally on a router, you must enter this command. You also must enable hello on the
interface.
Usage Guidelines You must configure hello globally on a router and on the specific interface.
Usage Guidelines If a link is congested, it is recommended that you set the DSCP to a value higher than 0 to reduce the
likelihood that hello messages will be dropped.
You configure the DSCP per interface, not per flow.
The DSCP applies to the RSVP hellos created on a specific interface. You can configure each interface
independently for DSCP.
If you issue the ip rsvp signalling hello dscp command without the optional fast-reroute keyword, the
command applies to Fast Reroute hellos. This command is provided for backward compatibility;
however, we recommend that you use the ip rsvp signalling hello fast-reroute dscp command.
Examples In the following example, hello messages sent from this interface have a DSCP value of 30 and Fast
Reroute capability is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute dscp 30
In the following example, hello messages sent from this interface have a DSCP value of 30 and Fast
Reroute capability is enabled by default:
Router(config-if)# ip rsvp signalling hello dscp 30
Syntax Description num DSCP value. Valid values are from 0 to 63.
Usage Guidelines If a link is congested, set the DSCP to a value higher than 0 to reduce the likelihood that hello messages
get dropped.
The DSCP applies to the RSVP hellos created on a specific router. You can configure each router
independently for the DSCP.
Examples In the following example, hello messages have a DSCP value of 30:
Router(config)# ip rsvp signalling hello graceful-restart dscp 30
Syntax Description help-neighbor Enables support for a neighboring router to restart after a failure.
full Enables support for a router to perform self recovery or to help a neighbor
restart after a failure.
Command Default Graceful restart is disabled until you issue this command.
Usage Guidelines Use the ip rsvp signalling hello graceful-restart mode help-neighbor command to enable support
capability for a neighboring router to restart after a failure.
Use the ip rsvp signalling hello graceful-restart mode full command to enable support capability for
a router to begin self recovery or help its neighbor to restart on platforms that support stateful switchover
(SSO), such as Cisco 7600 series routers, provided that you have installed and configured a standby RP.
Examples In the following example, an RP is configured with support capability to perform self recovery after a
failure:
Router(config)# ip rsvp signalling hello graceful-restart mode full
To enable Resource Reservation Protocol (RSVP) traffic engineering (TE) graceful restart capability on
a neighboring router, use the ip rsvp signalling hello graceful-restart mode help-neighbor command
in global configuration mode. To disable graceful restart capability, use the no form of this command.
Usage Guidelines Use the ip rsvp signalling hello graceful-restart mode help-neighbor command to restart a
neighboring router.
Command Default No neighboring routers have graceful restart capability enabled until you issue this command.
Usage Guidelines Use the ip rsvp signalling hello graceful-restart neighbor command to enable support for graceful
restart on routers helping their neighbors recover TE tunnels following stateful switchover (SSO).
Note You must issue this command on every interface of the neighboring router that you want to help restart.
Examples The following example configures graceful restart on POS interface 1/0/0 of a neighboring router with
the IP address 10.0.0.1:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface POS1/0/0
Router(config-if)# ip rsvp signalling hello graceful-restart neighbor 10.0.0.1
Syntax Description interval-value Frequency, in milliseconds (ms), at which a node sends hello messages to a
neighbor. Valid values are from 1000 to 30000.
Usage Guidelines A node periodically generates a hello message that contains a Hello Request object for all its neighbors.
The frequency of those hello messages is determined by the hello interval.
Note If you change the default value for this command and you are also using the ip rsvp signalling refresh
interval command, ensure that the value for the ip rsvp signalling hello graceful-restart refresh
interval command is less than the value for the ip rsvp signalling refresh interval command.
Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after a stateful
switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling refresh interval
command be twice the value for the ip rsvp signalling hello graceful-restart refresh interval
command.
Examples In the following example, hello requests are sent to a neighbor every 5000 ms:
Router(config)# ip rsvp signalling hello graceful-restart refresh interval 5000
Syntax Description msg-count The number of sequential hello acknowledgments (ACKs) that a node can
miss before RSVP considers the state expired and tears it down. Valid
values are from 4 to 10.
Usage Guidelines A hello message comprises a hello message, a Hello Request object, and a Hello ACK object. Each
request is answered by an acknowledgment. If a link is congested or a router has a heavy load, set this
number to a value higher than the default value to ensure that hello does not falsely declare that a
neighbor is down.
Note If you change the default value for this command and you are also using the ip rsvp signalling hello
refresh misses command, ensure that the value for the ip rsvp signalling hello graceful-restart refresh
misses command is less than the value for the ip rsvp signalling hello refresh misses command.
Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after a stateful
switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling hello refresh
misses command be twice the value for the ip rsvp signalling hello graceful-restart refresh misses
command.
Examples In the following example, if the node does not receive five sequential hello acknowledgments, the node
declares that its neighbor is down:
Command Default The default frequency at which a node sends hello messages to a neighbor is 1000 milliseconds (10
seconds).
Usage Guidelines You can configure the hello request interval on a per-interface basis. A node periodically generates a
hello message containing a Hello Request object for each neighbor whose status is being tracked. The
frequency of those hello messages is determined by the hello interval.
If you issue the ip rsvp signalling hello refresh interval command without the optional fast-reroute
keyword, the command applies to Fast Reroute hellos. This command is provided for backward
compatibility; however, we recommend that you use the ip rsvp signalling hello fast-reroute refresh
interval command.
Examples In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by specifying the fast-reroute keyword:
In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by default:
Router(config-if)# ip rsvp signalling hello refresh interval 5000
Usage Guidelines A hello comprises a hello message, a Hello Request object, and a Hello ACK object. Each request is
answered by an acknowledgment. If a link is very congested or a router has a very heavy load, set this
number to a value higher than the default value to ensure that hello does not falsely declare that a
neighbor is down.
If you issue the ip rsvp signalling hello refresh misses command without the optional fast-reroute
keyword, the command applies to Fast Reroute hellos and Fast Reroute capability is enabled by default.
This command is provided for backward compatibility; however, we recommend that you use the ip rsvp
signalling hello fast-reroute refresh misses command.
Examples In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down and Fast Reroute is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute refresh misses 5
In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down and Fast Reroute is enabled by default:
Router(config-if)# ip rsvp signalling hello refresh misses 5
Syntax Description num DSCP value. Valid values are from 0 to 63.
Usage Guidelines If a link is congested, you should set the DSCP to a value higher than 0 to reduce the likelihood that hello
messages get dropped.
You configure the DSCP per interface, not per flow.
The DSCP applies to the RSVP hellos created on a specific interface. You can configure each interface
independently for DSCP.
Examples In the following example, hello messages sent from this interface have a DSCP value of 30:
Router(config-if)# ip rsvp signalling hello reroute dscp 30
Command Default The default frequency at which a node sends hello messages to a neighbor is 1000 milliseconds (10
seconds).
Usage Guidelines You can configure the hello request interval on a per-interface basis. A node periodically generates a
hello message containing a Hello Request object for each neighbor whose status is being tracked. The
frequency of those hello messages is determined by the hello interval. For some routers, if you set the
interval to a value less than the default value, CPU usage may be high.
Examples In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by specifying the fast-reroute keyword:
Router(config-if)# ip rsvp signalling hello fast-reroute refresh interval 5000
In the following example, hello requests are sent to a neighbor every 5000 milliseconds and Fast Reroute
capability is enabled by default:
Router(config-if)# ip rsvp signalling hello reroute refresh interval 5000
Syntax Description msg-count The number of sequential hello acknowledgments (ACKs) that a node can
miss before RSVP considers the state expired and tears it down. Valid
values are from 4 to 10.
Usage Guidelines A hello comprises a hello message, a Hello Request object, and a Hello ACK object. Each request is
answered by an acknowledgment. If a link is very congested or a router has a very heavy load, set this
number to a value higher than the default value to ensure that hello does not falsely declare that a
neighbor is down.
Examples In the following example, if the node does not receive five hello acknowledgments in a row, the node
declares that its neighbor is down:
Router(config-if)# ip rsvp signalling hello reroute refresh misses 5
Syntax Description delay-value Minimum amount of time that a router waits for an ACK message before the
first retransmission of the same message. The delay value ranges from 500
to 30,000 milliseconds (ms).
Usage Guidelines Use the ip rsvp signalling initial-retransmit-delay command to configure the minimum amount of time
that a router waits for an ACK message before retransmitting the same message.
If an ACK is not received for a state, the first retransmit occurs after the initial retransmit interval. If no
ACK is received after the first retransmit, a second retransmit occurs. The message continues to be
retransmitted, with the gap between successive retransmits being twice the previous interval, until an
ACK is received. Then the message drops into normal refresh schedule if it needs to be refreshed (Path
and Resv messages), or is processed (Error or Tear messages). If no ACK is received after five
retransmits, the message is discarded as required.
Examples The following command shows how to set the initial-retransmit-delay to 2 seconds:
Router(config)# ip rsvp signalling initial-retransmit-delay 2000
The following command shows how to reset the initial-retransmit-delay to the default (1.0 sec):
Router(config)# no ip rsvp signalling initial-retransmit-delay
Syntax Description neighbor (Optional) Adjacent routers that are part of a particular traffic engineering
tunnel.
acl (Optional) A simple access list with values from 1 to 99.
Defaults Disabled
Usage Guidelines Use the ip rsvp signalling patherr state-removal command to allow routers to delete Path state
automatically when forwarding a PathError message, thereby eliminating the need for a subsequent
PathTear message.
This command is most effective when all network nodes support this feature. All nodes need to have the
latest version of Cisco IOS software configured.
This command applies only to label-switched path (LSP) flows.
Examples The following command shows how to enable ip rsvp signalling patherr state-removal:
The following command shows how to disable ip rsvp signalling patherr state-removal:
The following command shows how to enable ip rsvp signalling patherr state-removal based on an
access control list (ACL):
Router(config)# ip rsvp signalling patherr state-removal neighbor 98
The following command shows how to disable ip rsvp signalling patherr state-removal based on an
ACL:
Router(config)# no ip rsvp signalling patherr state-removal neighbor 98
Syntax for Cisco IOS 12.0S Releases, 12.2S Releases, and Release 12.4()20)T and Later T Releases
ip rsvp signalling rate-limit [burst number] [limit number] [maxsize bytes] [period ms]
Syntax Description burst number (Optional) Maximum number of RSVP messages sent to a neighboring
router during each interval. The range is from 1 to 5000. The default is 8.
maxsize bytes (Optional) Maximum size of the message queue, in bytes. The range is from
1 to 5000. The default is 2000.
period ms (Optional) Length of the interval (time frame) in milliseconds (ms). The
range is from 10 to 5000. The default is 20.
limit number (Optional) Maximum number of messages to send per queue interval when
the number of messages sent is less than the number of messages to be sent
normally. The range is from 1 to 5000. The default is 37.
Command Default If you do not enter this command, the default values are used.
Usage Guidelines Use the ip rsvp signalling rate-limit command to prevent a burst of RSVP traffic engineering signaling
messages from overflowing the input queue of a receiving router, which would cause the router to drop
some messages. Dropped messages substantially delay the completion of signaling.
This command replaces the ip rsvp msg-pacing command.
Examples The following command shows how 6 messages with a message queue of 500 bytes are sent every 10 ms
to any neighboring router:
Router(config)# ip rsvp signalling rate-limit period 10 burst 6 maxsize 500
Syntax Description interval-value Time between sending refreshes for each RSVP state. Specified in
milliseconds and ranges from 5000 to 4294967295 milliseconds; default
value is 30000 milliseconds (30 seconds).
Usage Guidelines Use the ip rsvp signalling refresh interval command to specify the interval between sending refresh
messages for each RSVP state.
The RSVP protocol relies on a soft-state mechanism to maintain state consistency in the face of network
losses. This mechanism is based on continuous refresh messages to keep a state current. Each RSVP
router is responsible for sending periodic refresh messages to its neighbors.
Note If you change the default value for this command and you are also using the ip rsvp signalling hello
graceful-restart refresh interval command, ensure that the value for the ip rsvp signalling hello
graceful-restart refresh interval command is less than the value for the ip rsvp signalling refresh
interval command. Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after
a stateful switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling
refresh interval command be twice the value for the ip rsvp signalling hello graceful-restart refresh
interval command.
Examples The following example specifies a refresh interval of 60000 milliseconds (60 seconds):
Router(config)# ip rsvp signalling refresh interval 60000
The following example returns the refresh interval to the default value of 30 seconds:
Router(config)# no ip rsvp signalling refresh interval
Syntax Description msg-count Number of successive refresh messages that can be missed before RSVP
considers the state expired and tears it down. Range is 2 to 10.
Usage Guidelines Use the ip rsvp signalling refresh misses command to specify the number of successive refresh
messages that can be missed before RSVP regards the router state as expired and removes that state from
the database.
Note If you change the default value for this command and you are also using the ip rsvp signalling hello
graceful-restart refresh misses command, ensure that the value for the ip rsvp signalling hello
graceful-restart refresh misses command is less than the value for the ip rsvp signalling refresh
misses command. Otherwise, some or all of the label-switched paths (LSPs) may not be recovered after
a stateful switchover (SSO) has occurred. We recommend that the value for the ip rsvp signalling
refresh misses command be twice the value for the ip rsvp signalling hello graceful-restart refresh
misses command.
The following example returns the refresh misses limit to the default value of 4:
Router(config)# no ip rsvp signalling refresh misses
Defaults Disabled
Usage Guidelines RSVP refresh reduction is a set of extensions to reduce the messaging load imposed by RSVP and to
help it scale to support larger numbers of flows.
The following features of the refresh reduction standard (RFC 2961) are supported and will be turned on
with this command:
• Setting the refresh-reduction-capable bit in message headers
• Message-Identifier (ID) usage
• Reliable messaging with rapid retransmit, acknowledgement (ACK) messages, and MESSAGE_ID
objects
• Summary refresh extension
• Bundle messages (reception only)
Refresh reduction requires the cooperation of the neighbor to operate; for this purpose, the neighbor
must also support the standard. If the router detects that a directly connected neighbor is not supporting
the refresh reduction standard (either through observing the refresh-reduction-capable bit in messages
received from the next hop, or by sending a MESSAGE_ID object to the next hop and receiving an error),
refresh reduction will not be used on this link irrespective of this command.
Examples The following command shows how to enable RSVP refresh reduction:
Router(config)# ip rsvp signalling refresh reduction
Syntax Description delay-value Maximum amount of time that a router holds on to an ACK message before
sending it. Values range from 100 to 10000 milliseconds (ms).
Usage Guidelines Use the ip rsvp signalling refresh reduction ack-delay command to configure the maximum amount
of time that an RSVP-configured router keeps an ACK message before sending it.
Examples The following command shows how to set the ack-delay value to 1 second:
Router(config)# ip rsvp signalling refresh reduction ack-delay 1000
The following command shows how to set the ack-delay value to the default value:
Router(config)# no ip rsvp signalling refresh reduction ack-delay
ip rsvp source
To configure a Resource Reservation Protocol (RSVP) router to populate an address other than the native
interface address in the previous hop (PHOP) address field of the PHOP object when forwarding a PATH
message onto that interface, use the ip rsvp source command in interface configuration mode. To keep
the native interface address in the PHOP field, use the no form of this command.
no ip rsvp source
Syntax Description address ip-address IP address for the PHOP address field.
interface type number Interface type and number for the PHOP address field.
Examples The following example configures IP address 10.1.3.13 for the PHOP address field:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface ethernet 0/0
Router(config-if)# ip rsvp bandwidth
Router(config-if)# ip rsvp source address 10.1.3.13
Router(config-if)# end
The following example configures loopback interface 0 for the PHOP address field:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface ethernet 1/0
Router(config-if)# ip rsvp bandwidth
Router(config-if)# ip rsvp source interface loopback 0
Router(config-if)# end
ip rsvp svc-required
To enable creation of a switched virtual circuit (SVC) to service any new Resource Reservation Protocol
(RSVP) reservation made on the interface or subinterface of an Enhanced ATM port adapter (PA-A3),
use the ip rsvp svc-required command in interface configuration mode. To disable SVC creation for
RSVP reservations, use the no form of this command.
ip rsvp svc-required
no ip rsvp svc-required
Usage Guidelines This command applies exclusively to the RSVP-ATM QoS Interworking feature.
Usually reservations are serviced when RSVP classifies packets and a queueing mechanism schedules
them for transmission to manage congestion. Traditionally, RSVP is used with weighted fair queueing
(WFQ). When RSVP is coupled with WFQ, all of the packets visible to WFQ are also visible to RSVP,
which allows RSVP to identify and take action on packets important to it. In this case, WFQ provides
bandwidth guarantees.
However, when the ip rsvp svc-required command is used to configure an interface or subinterface, a
new SVC is established and used to service each new reservation on the interface. ATM SVCs are used
to provide bandwidth guarantees and NetFlow is used on input interfaces to make data packets visible to
RSVP.
Note When RSVP is enabled, all packets are processed by the Route Switch Processor (RSP).
This command must be executed on both ends of an SVC driven by RSVP. This command is supported
only for the Enhanced ATM port adapter (PA-A3) and its subinterfaces.
Note For this command to take effect, NetFlow must be enabled. Therefore, the ip route-cache flow command
must precede this command in the configuration.
Use the show ip rsvp interface command to determine whether this command is in effect for any
interface or subinterface.
Examples The following example signals RSVP that reservations made on ATM interface 2/0/0 will be serviced by
creation of an SVC:
interface atm2/0/0
ip rsvp svc-required
ip rsvp tos
To enable the router to mark the five low-order type of service (ToS) bits of the IP header ToS byte for
packets in a Resource Reservation Protocol (RSVP) reserved path using the specified values for traffic
that either conforms to or exceeds the RSVP flowspec, use the ip rsvp tos command in interface
configuration mode. To remove existing settings for the ToS bits, use the no form of this command; if
neither the conform nor exceed keyword is specified, all settings for the ToS bits are removed.
Syntax Description conform tos-value Specifies a ToS value in the range from 0 to 31 for traffic that conforms to
the RSVP flowspec. The ToS value is written to the five low-order bits (bits
0 to 4) of the ToS byte in the IP header of a packet. Either the conform or
exceed keyword is required; both keywords may be specified.
When used with the no form of the command, the conform keyword is
optional.
exceed tos-value (Optional) Specifies a ToS value in the range from 0 to 31 for traffic that
exceeds the RSVP flowspec. The ToS byte value is written to the five
low-order bits (bits 0 to 4) of the ToS byte in the IP header of a packet. Either
the conform or exceed keyword is required; both keywords may be
specified.
When used with the no form of the command, the exceed keyword is
optional.
Command Default The ToS bits of the ToS byte are left unmodified when this command is not used. (The default behavior
is equivalent to use of the no ip rsvp tos command.)
Usage Guidelines Packets in an RSVP reserved path are divided into two classes: those that conform to the reservation
flowspec and those that correspond to a reservation but that exceed, or are outside, the reservation
flowspec.
The ip rsvp tos command allows you to set the ToS values to be applied to packets belonging to these
two classes. You must specify the ToS value for at least one class of traffic when you use this command.
You can use a single instance of the command to specify values for both classes, in which case you can
specify the conform and exceed keywords in either order.
As part of its input processing, RSVP uses the ip rsvp tos command configuration to set the ToS bits of
the ToS byte on conforming and nonconforming packets. If per-virtual circuit (VC) VIP-distributed
Weighted Random Early Detection (DWRED) is configured, the system uses the ToS bit and IP
Precedence bit settings on the output interface in its packet drop process. The ToS bit and IP Precedence
bit settings of a packet can also be used by interfaces on downstream routers.
Execution of the ip rsvp tos command causes ToS bit values for all preexisting reservations on the
interface to be modified.
Note RSVP must be enabled on an interface before you can use this command; that is, use of the ip rsvp
bandwidth command must precede use of the ip rsvp tos command. RSVP cannot be configured with
VIP-distributed Cisco Express Forwarding (dCEF).
Note The ip rsvp tos command sets bits 0 to 4 so that in combination with the IP Precedence bit settings every
bit in the ToS byte is set. Use of these bits is made with full knowledge of the fact that certain canonical
texts that address the ToS byte specify that only bits 1 to 4 are used as the ToS bits.
RSVP receives packets from the underlying forwarding mechanism. Therefore, to use the ip rsvp tos
command to set the ToS bits, one of the following features is required:
• Weighted fair queueing (WFQ) must be enabled on the interface.
• RSVP switched virtual circuits (SVCs) must be used.
• NetFlow must be configured to assist RSVP.
Note Use of the no form of this command is not equivalent to giving the ip rsvp tos 0 command, which sets
all precedence on the packets to 0, regardless of previous precedence setting.
Examples The following example sets the ToS bits value to 4 for all traffic on ATM interface 1 that conforms to
the RSVP flowspec. ToS bits on packets exceeding the flowspec are not altered.
interface atm1
ip rsvp tos conform 4
ip rsvp udp-multicasts
To instruct the router to generate User Datagram Protocol (UDP)-encapsulated Resource Reservation
Protocol (RSVP) multicasts whenever it generates an IP-encapsulated multicast packet, use the ip rsvp
udp-multicasts command in interface configuration mode. To disable this function, use the no form of
this command.
Syntax Description multicast-address (Optional) Host name or UDP multicast address of router.
Command Default The generation of UDP multicasts is disabled. If a system sends a UDP-encapsulated RSVP message to
the router, the router begins using UDP for contact with the neighboring system. The router uses
multicast address 224.0.0.14 and starts sending to UDP port 1699. If the command is entered with no
specifying multicast address, the router uses the same multicast address.
Usage Guidelines Use this command to instruct a router to generate UDP-encapsulated RSVP multicasts whenever it
generates an IP-encapsulated multicast packet. Some hosts require this trigger from the router.
RSVP cannot be configured with VIP-distributed Cisco Express Forwarding (dCEF).
Examples The following example reserves up to 7500 kbps on Ethernet interface 2, with up to 1 Mbps per flow.
The router is configured to use UDP encapsulation with the multicast address 224.0.0.14.
interface ethernet 2
ip rsvp bandwidth 7500 1000
ip rsvp udp-multicasts 224.0.0.14
ip rtp compression-connections
To specify the total number of Real-Time Transport Protocol (RTP) header compression connections that
can exist on an interface, use the ip rtp compression-connections command in interface configuration
mode. To restore the default value, use the no form of this command.
no ip rtp compression-connections
Syntax Description number Number of RTP header compression connections the cache supports, in the
range from 3 to 1000.
Command Default For PPP and High-Level Data Link Control (HDLC) interfaces, the default is 16 compression
connections.
For Frame Relay interfaces, the default is 256 compression connections.
Usage Guidelines You should configure one connection for each RTP call through the specified interface.
Each connection sets up a compression cache entry, so you are in effect specifying the maximum number
of cache entries and the size of the cache. Too few cache entries for the specified interface can lead to
degraded performance, and too many cache entries can lead to wasted memory.
Note Both ends of the serial connection must use the same number of cache entries.
Examples The following example changes the number of RTP header compression connections supported to 150:
Router> enable
Router# configure terminal
Router(config)# interface Serial1/0.0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression
Router(config-if)# ip rtp compression-connections 150
Router(config-if)# end
ip rtp header-compression
To enable Real-Time Transport Protocol (RTP) header compression, use the ip rtp header-compression
command in interface configuration mode. To disable RTP header compression, use the no form of this
command.
Syntax Description passive (Optional) Compresses outgoing RTP packets only if incoming RTP packets on
the same interface are compressed. If you do not specify the passive keyword, all
RTP packets are compressed.
iphc-format (Optional) Indicates that the IP Header Compression (IPHC) format of header
compression will be used.
ietf-format (Optional) Indicates that the Internet Engineering Task Force (IETF) format of
header compression will be used.
periodic-refresh (Optional) Indicates that the compressed IP header will be refreshed periodically.
Usage Guidelines You can compress IP/User Datagram Protocol (UDP)/RTP headers to reduce the size of your packets.
Compressing headers is especially useful for RTP because RTP payload size can be as small as 20 bytes,
and the uncompressed header is 40 bytes.
Note The header compression format (in this case, IPHC) must be the same at both ends of the network. That
is, if you specify the iphc-format keyword on the local router, you must also specify the iphc-format
keyword on the remote router.
Note The header compression format (in this case, IETF) must be the same at both ends of the network. That
is, if you specify the ietf-format keyword on the local router, you must also specify the ietf-format
keyword on the remote router.
Examples The following example enables RTP header compression on the Serial1/0 interface and limits the number
of RTP header compression connections to 10. In this example, the optional iphc-format keyword of the
ip rtp header-compression command is specified.
Router> enable
Router# configure terminal
Router(config)# interface Serial1/0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression iphc-format
Router(config-if)# ip rtp compression-connections 10
Router(config-if)# end
The following example enables RTP header compression on the Serial2/0 interface and limits the number
of RTP header compression connections to 20. In this example, the optional ietf-format keyword of the
ip rtp header-compression command is specified.
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression ietf-format
Router(config-if)# ip rtp compression-connections 20
Router(config-if)# end
In the following example, RTP header compression is enabled on the Serial1/0 interface and the optional
periodic-refresh keyword of the ip rtp header-compression command is specified:
Router> enable
Router# configure terminal
Router(config)# interface Serial1/0
Router(config-if)# encapsulation ppp
Router(config-if)# ip rtp header-compression iphc-format periodic-refresh
Router(config-if)# ip rtp compression-connections 10
Router(config-if)# end
ip rtp priority
To reserve a strict priority queue for a set of Real-Time Transport Protocol (RTP) packet flows belonging
to a range of User Datagram Protocol (UDP) destination ports, use the ip rtp priority command in
interface configuration mode. To disable the strict priority queue, use the no form of this command.
no ip rtp priority
Syntax Description starting-rtp-port-number The starting RTP port number. The lowest port number to which the
packets are sent. The port number can be a number from 2000
to 65,535.
port-number-range The range of UDP destination ports. Number, when added to the
starting-rtp-port-number argument, that yields the highest UDP port
number. The range of UDP destination ports is from 0 to 16,383.
bandwidth Maximum allowed bandwidth, in kbps. The maximum allowed
bandwidth is from 0 to 2000.
Usage Guidelines This command is most useful for voice applications, or other applications that are delay-sensitive.
This command extends and improves on the functionality offered by the ip rtp reserve command by
allowing you to specify a range of UDP/RTP ports whose voice traffic is guaranteed strict priority service
over any other queues or classes using the same output interface. Strict priority means that if packets
exist in the priority queue, they are dequeued and sent first—that is, before packets in other queues are
dequeued. We recommend that you use the ip rtp priority command instead of the ip rtp reserve
command for voice configurations.
This command can be used in conjunction with either weighted fair queueing (WFQ) or class-based
WFQ (CBWFQ) on the same outgoing interface. In either case, traffic matching the range of ports
specified for the priority queue is guaranteed strict priority over other CBWFQ classes or WFQ flows;
voice packets in the priority queue are always serviced first.
Remember the following guidelines when using the ip rtp priority command:
• When used in conjunction with WFQ, the ip rtp priority command provides strict priority to voice,
and WFQ scheduling is applied to the remaining queues.
• When used in conjunction with CBWFQ, the ip rtp priority command provides strict priority to
voice. CBWFQ can be used to set up classes for other types of traffic (such as Systems Network
Architecture [SNA]) that need dedicated bandwidth and need to be treated better than best effort and
not as strict priority; the nonvoice traffic is serviced fairly based on the weights assigned to the
enqueued packets. CBWFQ can also support flow-based WFQ within the default CBWFQ class if
so configured.
Remember the following guidelines when configuring the bandwidth argument:
• It is always safest to allocate to the priority queue slightly more than the known required amount of
bandwidth, to allow room for network bursts.
• The IP RTP Priority admission control policy takes RTP header compression into account.
Therefore, while configuring the bandwidth argument of the ip rtp priority command you need to
configure only for the bandwidth of the compressed call. Because the bandwidth argument is the
maximum total bandwidth, you need to allocate enough bandwidth for all calls if there will be more
than one call.
• Configure a bandwidth that allows room for Layer 2 headers. The bandwidth allocation takes into
account the payload plus the IP, UDP, and RTP headers but does not account for Layer 2 headers.
Allowing 25 percent bandwidth for other overhead is conservative and safe.
• The sum of all bandwidth allocation for voice and data flows on an interface cannot exceed
75 percent of the total available bandwidth, unless you change the default maximum reservable
bandwidth. To change the maximum reservable bandwidth, use the max-reserved-bandwidth
command on the interface.
For more information on IP RTP Priority bandwidth allocation, refer to the section “IP RTP Priority” in
the chapter “Congestion Management Overview” in the Cisco IOS Quality of Service Solutions
Configuration Guide.
Examples The following example first defines a CBWFQ configuration and then reserves a strict priority queue
with the following values: a starting RTP port number of 16384, a range of 16383 UDP ports, and a
maximum bandwidth of 40 kbps:
! The following commands define a class map:
class-map class1
match access-group 101
exit
ip tcp compression-connections
To specify the total number of Transmission Control Protocol (TCP) header compression connections
that can exist on an interface, use the ip tcp compression-connections command in interface
configuration mode. To restore the default, use the no form of this command.
no ip tcp compression-connections
Syntax Description number Number of TCP header compression connections the cache supports, in the
range from 3 to 256.
Command Default For PPP and High-Level Data Link Control (HDLC) interfaces, the default is 16 compression
connections.
For Frame Relay interfaces, the default is 256 compression connections.
Usage Guidelines You should configure one connection for each TCP connection through the specified interface.
Each connection sets up a compression cache entry, so you are in effect specifying the maximum number
of cache entries and the size of the cache. Too few cache entries for the specified interface can lead to
degraded performance, and too many cache entries can lead to wasted memory.
Note Both ends of the serial connection must use the same number of cache entries.
Examples The following example sets the first serial interface for header compression with a maximum of ten
cache entries:
Router> enable
Router# configure terminal
Router(config)# interface serial 0
Router(config-if)# ip tcp header-compression
Router(config-if)# ip tcp compression-connections 10
Router(config-if)# end
ip tcp header-compression
To enable Transmission Control Protocol (TCP) header compression, use the ip tcp
header-compression command in interface configuration mode. To disable compression, use the no
form of this command.
Syntax Description passive (Optional) Compresses outgoing TCP packets only if incoming TCP packets
on the same interface are compressed. If you do not specify the passive
keyword, all TCP packets are compressed.
iphc-format (Optional) Indicates that the IP Header Compression (IPHC) format of header
compression will be used.
ietf-format (Optional) Indicates that the Internet Engineering Task Force (IETF) format
of header compression will be used.
Usage Guidelines You can compress the headers of your TCP/IP packets in order to reduce the size of your packets. TCP
header compression is supported on serial lines using Frame Relay, HDLC, or PPP encapsulation. You
must enable compression on both ends of a serial connection. Compressing the TCP header can speed
up Telnet connections dramatically.
In general, TCP header compression is advantageous when your traffic consists of many small packets,
not for traffic that consists of large packets. Transaction processing (usually using terminals) tends to
use small packets and file transfers use large packets. This feature only compresses the TCP header, so
it has no effect on User Datagram Protocol (UDP) packets or other protocol headers.
Note The header compression format (in this case, IPHC) must be the same at both ends of the network. That
is, if you specify the iphc-format keyword on the local router, you must also specify the iphc-format
keyword on the remote router.
Note The header compression format (in this case, IETF) must be the same at both ends of the network. That
is, if you specify the ietf-format keyword on the local router, you must also specify the ietf-format
keyword on the remote router.
Examples The following example sets the first serial interface for header compression with a maximum of ten
cache entries:
Router> enable
Router# configure terminal
Router(config)# interface serial 0
Router(config-if)# ip tcp header-compression
Router(config-if)# ip tcp compression-connections 10
Router(config-if)# end
The following example enables RTP header compression on the Serial1/0.0 subinterface and limits the
number of RTP header compression connections to 10. In this example, the optional iphc-format
keyword of the ip tcp header-compression command is specified.
Router> enable
Router# configure terminal
Router(config)# interface Serial1/0.0
Router(config-if)# encapsulation ppp
Router(config-if)# ip tcp header-compression iphc-format
Router(config-if)# ip tcp compression-connections 10
Router(config-if)# end
The following example enables RTP header compression on the Serial2/0.0 subinterface and limits the
number of RTP header compression connections to 20. In this example, the optional ietf-format
keyword of the ip tcp header-compression command is specified.
Router> enable
Router# configure terminal
Router(config)# interface Serial2/0.0
Router(config-if)# encapsulation ppp
Router(config-if)# ip tcp header-compression ietf-format
Router(config-if)# ip tcp compression-connections 20
Router(config-if)# end
iphc-profile
To create an IP Header Compression (IPHC) profile and to enter IPHC-profile configuration mode, use
the iphc-profile command in global configuration mode. To attach an existing IPHC profile to an
interface or subinterface, use the iphc-profile command in interface configuration mode. To delete the
IPHC profile, use the no form of this command.
no iphc-profile profile-name
Syntax Description profile-name Name of the IPHC profile to be created or attached. The IPHC profile name
can be a maximum of 32 characters.
ietf Specifies that the IPHC profile is for Internet Engineering Task Force (IETF)
header compression.
van-jacobson Specifies that the IPHC profile is for Van Jacobson header compression.
Usage Guidelines The iphc-profile command creates an IPHC profile used for enabling header compression and enters
IPHC-profile configuration mode (config-iphcp). An IPHC profile is a template within which you can
configure the type of header compression that you want to use, enable any optional features and settings
for header compression, and then apply the profile to an interface, a subinterface, or a Frame Relay
permanent virtual circuit (PVC).
Note If you are using Frame Relay encapsulation, you must specify the ietf keyword (not the van-jacobson
keyword).
Note The header compression format in use on the router that you are configuring and the header compression
format in use on the remote network link must match.
Table 12 Van Jacobson IPHC Profile Type Header Compression Features and Settings
If you specify IETF as the IPHC profile type, you can enable non-TCP header compression (that is, RTP
header compression), along with a number of additional features and settings. Table 13 lists each
available IETF IPHC profile type header compression feature and setting and the command or
commands used to enable it.
Table 13 IETF IPHC Profile Type Header Compression Features and Settings
Examples In the following example, an IPHC profile called profile1 is created, and the Van Jacobson IPHC profile
type is specified.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile1 van-jacobson
Router(config-iphcp)# end
In the following example, a second IPHC profile called profile2 is created. For this IPHC profile, the
IETF IPHC profile type is specified.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# end
In the following example, an existing IPHC profile called profile2 is attached to serial interface 3/0. For
this IPHC profile, the IPHC profile type (in this case, IETF) of profile2 is specified.
Router> enable
Router# configure terminal
Router(config)# interface serial 3/0
Router(config-if)# iphc-profile profile2 ietf
Router(config-iphcp)# end
Examples This example shows how to apply a LANE QoS database to a subinterface:
Router(config-subif)# lane client qos user1
Usage Guidelines This command specifies a named database of QoS parameters. The database can be applied on the
subinterfaces on which a LANE client is configured.
Examples This example shows how to begin configuring a QoS over LANE database named user1 on a Catalyst
5000 family ATM switch:
ATM# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ATM(config)# lane qos database user1
This example shows how to begin configuring a QoS over LANE database named user2 on a router:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# lane qos database user2
load protocol
To load a protocol header description file (PHDF) onto a router, use the load protocol command in
global configuration mode. To unload all protocols from a specified location or a single protocol, use the
no form of this command.
Syntax Description location:filename Location of the PHDF that is to be loaded onto the router.
When used with the no version of this command, all protocols loaded from
the specified filename will be unloaded.
Note The location must be local to the router.
protocol-name Unloads only the specified protocol.
Note If you attempt to unload a protocol that is being referenced by a filter,
you will receive an error.
Command Default If this command is not issued, no PHDFs will be loaded onto the router.
Usage Guidelines Flexible packet matching allows users to classify traffic on the basis of any portion of a packet header
given the protocol field, length, and pattern. Protocol headers are defined in separate files called PHDFs;
the field names that are defined within the PHDFs are used for defining the packet filters. A PHDF is a
file that allows the user to leverage the flexibility of extensible markup language (XML) to describe
almost any protocol header. The important components of the PHDF are the version, the XML file
schema location, and the protocol field definitions. The protocol field definitions name the appropriate
field in the protocol header, allow for a comment describing the field, provide the location of the protocol
header field in the header (the offset is relative to the start of the protocol header), and provide the length
of the field. Users can choose to specify the measurement in bytes or in bits.
Note The total length of the header must be specified at the end of each PHDF.
In case of a redundant setup, users should ensure all PHDFs that are used in the flexible packet matching
configuration are present on the corresponding standby disk. If the PHDFs are not on standby disk, all
flexible packet matching policies using the PHDFs will be broken.
Users can write their own custom PHDFs via XML. However, the following standard PHDFs can also
be loaded onto the router: ip.phdf, ether.phdf, tcp.phdf, and udp.phdf.
Standard PHDFs are available on Cisco.com at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/fpm
Because PHDFs are defined via XML, they are not shown in a running configuration.
Issue the load protocol command to apply filters to a protocol by defining and loading a PHDF for that
protocol header.
Examples The following example shows how to configure FPM for blaster packets. The class map contains the
following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start
of IP header.
load protocol disk2:ip.phdf
load protocol disk2:tcp.phdf
load protocol disk2:udp.phdf
match access-group
To configure the match criteria for a class map on the basis of the specified access control list (ACL),
use the match access-group command in class-map configuration mode. To remove ACL match criteria
from a class map, use the no form of this command.
Syntax Description access-group Numbered ACL whose contents are used as the match criteria against
which packets are checked to determine if they belong to this class.
An ACL number can be a number from 1 to 2699.
name access-group-name Named ACL whose contents are used as the match criteria against
which packets are checked to determine if they belong to this class.
The name can be a maximum of 40 alphanumeric characters.
Usage Guidelines For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
including ACLs, protocols, input interfaces, quality of service (QoS) labels, and EXP field values.
Packets satisfying the match criteria for a class constitute the traffic for that class.
Note For Zone-Based Policy Firewall, this command is not applicable to CBWFQ.
The match access-group command specifies a numbered or named ACL whose contents are used as the
match criteria against which packets are checked to determine if they belong to the class specified by the
class map.
Note Zone-Based Policy Firewall supports only the match access-group, match protocol, and match
class-map commands.
If you specify more than one command in a class map, only the last command entered applies. The last
command overrides the previously entered commands.
Note The match access-group command specifies the numbered access list against whose contents packets
are checked to determine if they match the criteria specified in the class map. Access lists configured
with the optional log keyword of the access-list command are not supported when you configure match
criteria. For more information about the access-list command, refer to the Cisco IOS IP Application
Services Command Reference.
Note The match access-group command specifies the numbered access list against whose contents packets
are checked to determine if they match the criteria specified in the class map. Access lists configured
with the optional log keyword of the access-list command are not supported when you configure match
criteria.
Examples The following example specifies a class map called acl144 and configures the ACL numbered 144 to be
used as the match criterion for that class:
class-map acl144
match access-group 144
The following example pertains to Zone-Based Policy Firewall. The example defines a class
map called c1 and configures the ACL numbered 144 to be used as the match criterion for
that class.
match any
To configure the match criteria for a class map to be successful match criteria for all packets, use the
match any command in class-map configuration mode. To remove all criteria as successful match
criteria, use the no form of this command.
match any
no match any
Examples In the following configuration, all packets leaving Ethernet interface 1/1 will be policed based on the
parameters specified in policy-map class configuration mode:
Router(config)# class-map matchany
Router(config-cmap)# match any
Router(config-cmap)# exit
match atm-clp
To enable packet matching on the basis of the ATM cell loss priority (CLP), use the match atm-clp
command in class-map configuration mode. To disable packet matching on the basis of the ATM CLP,
use the no form of this command.
match atm-clp
no match atm-clp
Command Default Packets are not matched on the basis of the ATM CLP.
Usage Guidelines This command is supported on policy maps that are attached to ATM main interfaces, ATM
subinterfaces, or ATM permanent virtual circuits (PVCs). However, policy maps (containing the match
atm-clp command) that are attached to these types of ATM interfaces can be input policy maps only.
This command is supported on the PA-A3 adaptor only.
Examples In this example, a class called “class-c1” has been created using the class-map command, and the match
atm-clp command has been configured inside that class. Therefore, packets are matched on the basis of
the ATM CLP and are placed into this class.
Router> enable
Router# configure terminal
Router(config)# class-map class-c1
Router(config-cmap)# match atm-clp
Router(config-cmap)# end
match cos
To match a packet on the basis of a Layer 2 class of service (CoS)/Inter-Switch Link (ISL) marking, use
the match cos command in class-map configuration mode. To remove a specific Layer 2 CoS/ISL
marking as a match criterion, use the no form of this command.
Syntax Description Supported Platforms Other Than the Cisco 10000 Series Routers
cos-value Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to
four CoS values, separated by a space, can be specified in one match cos
statement.
Cisco 10000 Series Routers
cos-value Specific packet CoS bit value. Specifies that the packet CoS bit value must
match the specified CoS value. The cos-value is from 0 to 7; up to four CoS
values, separated by a space, can be specified in one match cos statement.
Command Default Packets are not matched on the basis of a Layer 2 CoS/ISL marking.
Examples In the following example, the CoS values of 1, 2, and 3 are successful match criteria for the interface
that contains the classification policy called cos:
Router(config)# class-map cos
Router(config-cmap)# match cos 1 2 3
In the following example, classes called voice and video-n-data are created to classify traffic based on
the CoS values. QoS treatment is then given to the appropriate packets in the CoS-based-treatment policy
map (in this case, the QoS treatment is priority 64 and bandwidth 512). The service policy configured in
this example is attached to all packets leaving Fast Ethernet interface 0/0.1. The service policy can be
attached to any interface that supports service policies.
Router(config)# class-map voice
Router(config-cmap)# match cos 7
Syntax Description cos-value Specific IEEE 802.1Q/ISL CoS value. The cos-value is from 0 to 7; up to
four CoS values can be specified in one match cos statement.
Examples In the following example, the inner CoS-values of 1, 2, and 3 are successful match criteria for the
interface that contains the classification policy called cos:
Router(config)# class-map cos
Router(config-cmap)# match cos inner 1 2 3
Examples The following example specifies a class map called macaddress and specifies the destination MAC
address to be used as the match criterion for this class:
class-map macaddress
match destination-address mac 00:00:00:00:00:00
match discard-class
To specify a discard class as a match criterion, use the match discard-class command in class-map
configuration mode. To remove a previously specified discard class as a match criterion, use the no form
of this command.
Syntax Description class-nmber Number of the discard class being matched. Valid values are 0 to 7.
Usage Guidelines A discard-class value has no mathematical significance. For example, the discard-class value 2 is not
greater than 1. The value simply indicates that a packet marked with discard-class 2 should be treated
differently than a packet marked with discard-class 1.
Packets that match the specified discard-class value are treated differently from packets marked with
other discard-class values. The discard-class is a matching criterion only, used in defining per hop
behavior (PHB) for dropping traffic.
Examples The following example shows that packets in discard class 2 are matched:
Router(config-cmap)# match discard-class 2
match dscp
To identify one or more differentiated service code point (DSCP), Assured Forwarding (AF), and
Certificate Server (CS) values as a match criterion, use the match dscp command in class-map
configuration mode. To remove a specific DSCP value from a class map, use the no form of this
command.
match [ip] dscp dscp-value [dscp-value dscp-value dscp-value dscp-value dscp-value dscp-value
dscp-value]
Syntax Description ip (Optional) Specifies that the match is for IPv4 packets only. If not used, the
match is on both IPv4 and IPv6 packets.
Note For the Cisco 10000 series router, the ip keyword is required.
dscp-value The DSCP value used to identify a DSCP value. For valid values, see the
“Usage Guidelines.”
For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the IP DSCP
values must be a successful match criterion, not all of the specified DSCP values), enter the match dscp
0 1 2 3 4 5 6 7 command.
This command is used by the class map to identify a specific DSCP value marking on a packet. In this
context, dscp-value arguments are used as markings only and have no mathematical significance. For
instance, the dscp-value of 2 is not greater than 1. The value simply indicates that a packet marked with
the dscp-value of 2 is different than a packet marked with the dscp-value of 1. The treatment of these
marked packets is defined by the user through the setting of Quality of Service (QoS) policies in
policy-map class configuration mode.
Examples The following example shows how to set multiple match criteria. In this case, two IP DSCP value and
one AF value.
Router(config)# class-map map1
Router(config-cmap)# match dscp 1 2 af11
match field
To configure the match criteria for a class map on the basis of the fields defined in the protocol header
description files (PHDFs), use the match field command in class-map configuration mode. To remove
the specified match criteria, use the no form of this command.
match field protocol protocol-field {eq [mask] | neq [mask] | gt | lt | range range | regex string}
value [next next-protocol]
no match field protocol protocol-field {eq [mask] | neq [mask] | gt | lt | range range | regex string}
value [next next-protocol]
Syntax Description protocol Name of protocol whose PHDF has been loaded onto a router.
protocol field Match criteria is based upon the specified field within the loaded protocol.
eq Match criteria is met if the packet is equal to the specified value or mask.
neq Match criteria is met if the packet is not equal to the specified value or mask.
mask (Optional) Can be used when the eq or the neq keywords are issued.
gt Match criteria is met if the packet does not exceed the specified value.
lt Match criteria is met if the packet is less than the specified value.
range range Match criteria is based upon a lower and upper boundary protocol field
range.
regex string Match criteria is based upon a string that is to be matched.
value Value for which the packet must be in accordance with.
next next-protocol Specify the next protocol within the stack of protocols that is to be used as
the match criteria.
Usage Guidelines Before issuing the match-field command, you must load a PHDF onto the router via the load protocol
command. Thereafter, you must first enter the class-map command to specify the name of the class
whose match criteria you want to establish.
Match criteria are defined via a start point, offset, size, value to match, and mask. A match can be defined
on a pattern with any protocol field.
Examples The following example shows how to configure FPM for blaster packets. The class map contains the
following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start
of IP header.
load protocol disk2:ip.phdf
load protocol disk2:tcp.phdf
load protocol disk2:udp.phdf
Usage Guidelines The match flow pdp command allows you to match and classify traffic on the basis of a PDP flow.
The match flow pdp command is included with the Flow-Based QoS for GGSN feature available with
Cisco IOS Release 12.4(9)T. The Flow-Based QoS for GGSN feature is designed specifically for the
Gateway General Packet Radio Service (GPRS) Support Node (GGSN).
Per-PDP Policing
The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).
The match flow pdp command (when used in conjunction with the class-map command, the
policy-map command, the police rate pdp command, and the service-policy command) allows you to
configure per-PDP policing (session-based policing) for downlink traffic on a GGSN.
Note the following points related to per-PDP policing:
• When using the class-map command to define a class map for PDP flow classification, do not use
the match-any keyword.
• Per-PDP policing functionality requires that you configure Universal Mobile Telecommunications
System (UMTS) quality of service (QoS). For information on configuring UMTS QoS, see the
“Configuring QoS on the GGSN” section of the Cisco GGSN Release 6.0 Configuration Guide,
Cisco IOS Release 12.4(2)XB.
• The policy map created to configure per-PDP policing cannot contain multiple classes within which
only the match flow pdp command has been specified. In other words, if there are multiple classes
in the policy map, the match flow pdp command must be used in conjunction with another match
statement (for example, match precedence) in at least one class.
Note To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called
“Configuring Per-PDP Policing.”
For more information about the GGSN-specific commands, see the Cisco GGSN Release 6.0 Command
Reference, Cisco IOS Release 12.4(2)XB.
Examples The following example specifies PDP flows as the match criterion in a class map named “class-pdp”:
class-map class-pdp
match flow pdp
match fr-dlci
To specify the Frame Relay data-link connection identifier (DLCI) number as a match criterion in a class
map, use the match fr-dlci command in class-map configuration mode. To remove a previously specified
DLCI number as a match criterion, use the no form of this command.
Syntax Description dlci-number Number of the DLCI associated with the packet.
Usage Guidelines This match criterion can be used in main interfaces and point-to-multipoint subinterfaces in Frame Relay
networks, and it can also be used in hierarchical policy maps.
Examples In the following example a class map called “class1” has been created and the Frame Relay DLCI
number of 500 has been specified as a match criterion. Packets matching this criterion are placed in
class1.
Router(config)# class-map class1
Router(config-cmap)# match fr-dlci 500
Router(config-cmap)# end
Syntax Description input-vlan-list One or more VLAN IDs to be matched. The valid range for VLAN IDs is
from 1 to 4094, and the list of VLAN IDs can include one or all of the
following:
• Single VLAN IDs, separated by spaces. For example:
100 200 300
• One or more ranges of VLAN IDs, separated by spaces. For example:
1-1024 2000-2499
Usage Guidelines The match input vlan command allows you to create a class map that matches packets with one or more
specific VLAN IDs, as they were received on the input (ingress) interface. This enables hierarchical
Quality of Service (HQoS) for Ethernet over MPLS (EoMPLS) Virtual Circuits (VC), allowing parent
and child relationships between QoS class maps and policy maps. This in turn enables service providers
to easily classify and shape traffic for a particular EoMPLS network.
In EoMPLS applications, the parent class map typically specifies the maximum bandwidth for all of the
VCs in a specific EoMPLS network. Then the child class maps perform other QoS operations, such as
traffic shaping, on a subset of this traffic.
Do not confuse the match input vlan command with the match vlan command, which is also a
class-map configuration command.
• The match vlan command matches the VLAN ID on packets for the particular interface at which
the policy map is applied. Policy maps using the match vlan command can be applied to either
ingress or egress interfaces on the router, using the service-policy {input | output} command.
• The match input vlan command matches the VLAN ID that was on packets when they were
received on the ingress interface on the router. Typically, policy maps using the match input vlan
command are applied to egress interfaces on the router, using the service-policy output command.
The match input vlan command can also be confused with the match input-interface vlan command,
which matches packets being received on a logical VLAN interface that is used for inter-VLAN routing.
Tip Because class maps also support the match input-interface command, you cannot abbreviate the input
keyword when giving the match input vlan command.
Note The match input vlan command cannot be used only on Layer 2 LAN ports on FlexWAN, Enhanced
FlexWAN, and Optical Service Modules (OSM) line cards.
Restrictions
The following restrictions apply when using the match input vlan command:
• You cannot attach a policy with match input vlan to an interface if you have already attached a
service policy to a VLAN interface (a logical interface that has been created with the interface vlan
command).
• Class maps that use the match input vlan command support only the match-any option. You cannot
use the match-all option in class maps that use the match input vlan command.
• If the parent class contains a class map with a match input vlan command, you cannot use a match
exp command in a child class map.
Examples The following example creates a class map and policy map that matches packets with a VLAN ID of
1000. The policy map shapes this traffic to a committed information rate (CIR) value of 10 Mbps
(10,000,000 bps). The final lines then apply this policy map to a specific gigabit Ethernet WAN interface.
Router# configure terminal
Router(config)# class-map match-any vlan1000
Router(config-cmap)# match input vlan 1000
Router(config-cmap)# exit
Router(config)# policy-map policy1000
Router(config-pmap)# class vlan1000
Router(config-pmap-c)# exit
Router(config-pmap)# shape average 10000000
Router(config-pmap)# interface GE-WAN 3/0
Router(config-if)# service-policy output policy1000
Router(config-if)#
The following example shows a class map being configured to match VLAN IDs 100, 200, and 300:
Router# configure terminal
Router(config)# class-map match-any hundreds
Router(config-cmap)# match input vlan 100 200 300
Router(config-cmap)#
The following example shows a class map being configured to match all VLAN IDs from 2000 to 2999
inclusive:
Router# configure terminal
Router(config)# class-map match-any vlan2000s
Router(config-cmap)# match input vlan 2000-2999
Router(config-cmap)#
The following example shows a class map being configured to match both a range of VLAN IDs, as well
as specific VLAN IDs:
Router# configure terminal
Router(config)# class-map match-any misc
Router(config-cmap)# match input vlan 1 5 10-99 2000-2499
Router(config-cmap)#
match input-interface
To configure a class map to use the specified input interface as a match criterion, use the match
input-interface command in class-map configuration mode. To remove the input interface match
criterion from a class map, use the no form of this command.
Syntax Description interface-name Name of the input interface to be used as match criteria.
Usage Guidelines Supported Platforms Other Than Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
including input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and
experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for
that class.
The match input-interface command specifies the name of an input interface to be used as the match
criterion against which packets are checked to determine if they belong to the class specified by the class
map.
To use the match input-interface command, you must first enter the class-map command to specify the
name of the class whose match criteria you want to establish. After you identify the class, you can use
one of the following commands to configure its match criteria:
• match access-group
• match input-interface
• match mpls experimental
• match protocol
If you specify more than one command in a class map, only the last command entered applies. The last
command overrides the previously entered commands.
Examples The following example specifies a class map called ethernet1 and configures the input interface named
ethernet1 to be used as the match criterion for this class:
class-map ethernet1
match input-interface ethernet1
match ip dscp
The match ip dscp command is replaced by the match dscp command. See the match dscp command
for more information.
match ip precedence
The match ip precedence command is replaced by the match precedence command. See the match
precedence command for more information.
match ip rtp
To configure a class map to use the Real-Time Protocol (RTP) port as the match criterion, use the match
ip rtp command in class-map configuration mode. To remove the RTP port match criterion, use the no
form of this command.
no match ip rtp
Syntax Description starting-port-number The starting RTP port number. Values range from 2000 to 65535.
port-range The RTP port number range. Values range from 0 to 16383.
Usage Guidelines This command is used to match IP RTP packets that fall within the specified port range. It matches
packets destined to all even User Datagram Port (UDP) port numbers in the range from the starting port
number argument to the starting port number plus the port range argument.
Use of an RTP port range as the match criterion is particularly effective for applications that use RTP,
such as voice or video.
Examples The following example specifies a class map called ethernet1 and configures the RTP port number 2024
and range 1000 to be used as the match criteria for this class:
class-map ethernet1
match ip rtp 2024 1000
Syntax Description number EXP field value (any number from 0 through 7) to be used as a match
criterion. You can specify multiple values, separated by a space (for
example, 3 4 7).
Usage Guidelines Supported Platforms Other Than the Cisco 10000 Series
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
such as input interfaces, access control lists (ACLs), protocols, quality of service (QoS) labels, and
experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic for
that class.
The match mpls experimental command specifies the name of an EXP field value to be used as the
match criterion against which packets are compared to determine if they belong to the class specified by
the class map.
To use the match mpls experimental command, you must first enter the class-map command to specify
the name of the class whose match criteria you want to establish. After you identify the class, you can
use one of the following commands to configure its match criteria:
• match access-group
• match input-interface
• match mpls experimental
• match protocol
If you specify more than one command in a class map, only the last command entered applies. The last
command overrides the previously entered commands.
Examples The following example specifies a class map called ethernet1 and configures the Multiprotocol Label
Switching (MPLS) experimental values of 1 and 2 to be used as the match criteria for this class:
Router(config)# class-map ethernet1
Router(config-cmap)# match mpls experimental 1 2
Syntax Description number The Multiprotocol Label Switching (MPLS) EXP field in the topmost label
header. Valid values are 0 to 7.
Command Default No EXP match criterion is configured for the topmost label.
Usage Guidelines You can enter this command on the input and the output interfaces. It will match only on MPLS packets.
Examples The following example shows that the EXP value 3 in the topmost label is matched:
match mpls experimental topmost 3
match not
To specify the single match criterion value to use as an unsuccessful match criterion, use the match not
command in QoS class-map configuration mode. To remove a previously specified source value to not
use as a match criterion, use the no form of this command.
Syntax Description match-criterion The match criterion value that is an unsuccessful match criterion. All
other values of the specified match criterion will be considered
successful match criteria.
Usage Guidelines The match not command is used to specify a quality of service (QoS) policy value that is not used as a
match criterion. When the match not command is used, all other values of that QoS policy become
successful match criteria.
For instance, if the match not qos-group 4 command is issued in QoS class-map configuration mode,
the specified class will accept all QoS group values except 4 as successful match criteria.
Examples In the following traffic class, all protocols except IP are considered successful match criteria:
Router(config)# class-map noip
Router(config-cmap)# match not protocol ip
Router(config-cmap)# exit
Syntax Description max Maximum. Indicates that a maximum value for the Layer 3 packet length is
to be specified.
maximum-length-value Specifies the maximum length value of the Layer 3 packet length, in bytes.
The range is from 1 to 2000.
min Minimum. Indicates that a minimum value for the Layer 3 packet length is
to be specified.
minimum-length-value Specifies the minimum length value of the Layer 3 packet length, in bytes.
The range is from 1 to 2000.
Command Default If only the minimum value is specified, a packet with a Layer 3 length greater than the minimum is
viewed as matching the criterion.
If only the maximum value is specified, a packet with a Layer 3 length less than the maximum is viewed
as matching the criterion.
Usage Guidelines This command considers only the Layer 3 packet length in the IP header. It does not consider the Layer 2
packet length in the IP header.
When using this command, you must at least specify the maximum or minimum value. However, you do
have the option of entering both values.
Examples In the following example a class map called “class 1” has been created, and the Layer 3 packet length
has been specified as a match criterion. In this example, packets with a minimum Layer 3 packet length
of 100 and a maximum Layer 3 packet length of 300 are viewed as meeting the match criteria.
Router> enable
Router# configure terminal
Router(config)# class-map match-all class1
Router(config-cmap)# match packet length min 100 max 300
Router(config-cmap)# end
match port-type
To match the access policy on the basis of the port for a class map, use the match port-type command
in class-map configuration mode. To delete the port type, use the no form of this command.
Syntax Description routed Matches the routed interface. Use this keyword if the class map has to be
associated with only a routed interface.
switched Matches the switched interface. Use this keyword if the class map has to be
associated with only a switched interface.
Usage Guidelines This command is used because, on the basis of the port on which a user is connecting, the access policies
that are applied to it can be different.
Examples The following example shows that an access policy has been matched on the basis of the port for a class
map:
Router(config-cmap)# match port-type routed
match precedence
To identify IP precedence values to use as the match criterion, use the match precedence command in
QoS class-map configuration mode. To remove IP precedence values from a class map, use the no form
of this command.
Syntax Description ip (Optional) Specifies that the match is for IPv4 packets only. If not used, the
match is on both IP and IPv6 packets.
Note For the Cisco 10000 series router, the ip keyword is required.
precedence-criteria1 Identifies the precedence value. You may enter up to four different values,
separated by a space. See the “Usage Guidelines” for valid values.
precedence-criteria2
precedence-criteria3
precedence-criteria4
Usage Guidelines You may enter up to four matching criteria, as number abbreviation (0 to 7) or criteria names (critical,
flash, and so on), in a single match statement. For example, if you wanted the precedence values of 0, 1,
2, or 3 (note that only one of the precedence values must be a successful match criterion, not all of the
specified precedence values), enter the match ip precedence 0 1 2 3 command. The precedence-criteria
numbers are not mathematically significant; that is, the precedence-criteria of 2 is not greater than 1.
The way that these different packets are treated depends upon quality of service (QoS) policies, set in
the policy-map configuration mode.
You can configure a QoS policy to include IP precedence marking for packets entering the network.
Devices within your network can then use the newly marked IP precedence values to determine how to
treat the packets. For example, class-based weighted random early detection (WRED) uses IP
precedence values to determine the probability that a packet is dropped. You can also mark voice packets
with a particular precedence. You can then configure low-latency queueing (LLQ) to place all packets
of that precedence into the priority queue.
Matching Precedence for IPv6 and IPv4 Packets on the Cisco 10000 and 7600 Series Routers
On the Cisco 7600 Series and 10000 Series Routers, you set matching criteria based on precedence
values for only IPv6 packets using the match protocol command with the ipv6 keyword. Without that
keyword, the precedence match defaults to match both IPv4 and IPv6 packets. You set matching criteria
based on precedence values for IPv4 packets only, use the ip keyword. Without the ip keyword the match
occurs on both IPv4 and IPv6 packets.
Do not use IP precedence 6 or 7 to mark packets, unless you are marking control packets.
Router(config-pmap-c)# priority 50
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fa1/0/0
Router(config-if)# service-policy input priority50
match protocol
To configure the match criterion for a class map on the basis of the specified protocol, use the match
protocol command in class-map configuration mode. To remove protocol-based match criterion from a
class map, use the no form of this command.
Syntax Description protocol-name Name of the protocol (for example, bgp) used as a matching criterion. See
the “Usage Guidelines” for a list of protocols supported by most routers.
Release Modification
12.4(15)XZ This command was integrated into Cisco IOS Release 12.4(15)XZ.
12.4(20)T This command was implemented on the Cisco 1700, Cisco 1800,
Cisco 2600, Cisco 2800, Cisco 3700, Cisco 3800, Cisco 7200, and
Cisco 7300 routers.
Usage Guidelines Supported Platforms Other Than Cisco 7600 Routers and Cisco 10000 Series Routers
For class-based weighted fair queueing (CBWFQ), you define traffic classes based on match criteria
protocols, access control lists (ACLs), input interfaces, quality of service (QoS) labels, and
Experimental (EXP) field values. Packets satisfying the match criteria for a class constitute the traffic
for that class.
The match protocol command specifies the name of a protocol to be used as the match criteria against
which packets are checked to determine if they belong to the class specified by the class map.
The match protocol ipx command matches packets in the output direction only.
To use the match protocol command, you must first enter the class-map command to specify the name
of the class whose match criteria you want to establish. After you identify the class, you can use one of
the following commands to configure its match criteria:
• match access-group
• match input-interface
• match mpls experimental
If you specify more than one command in a class map, only the last command entered applies. The last
command overrides the previously entered commands.
To configure NBAR to match protocol types that are supported by NBAR traffic, use the match protocol
(NBAR) command.
Supported Protocols
Table 15 lists the protocols supported by most routers. Some routers support a few additional protocols.
For example, the Cisco 7600 router supports the aarp and decnet protocols, while the Cisco 7200 router
supports the directconnect and pppoe protocols. For a complete list of supported protocols, see the online
help for the match protocol command on the router that you are using.
Examples The following example specifies a class map called ftp and configures the protocol as a match criterion:
Router(config)# class-map ftp
Router(config-cmap)# match protocol ftp
Syntax Description protocol-name Particular protocol type known to NBAR. These known protocol types
can be used to match traffic. For a list of protocol types that are known
to NBAR, see Table 16 in “Usage Guidelines.”
variable-field-name (Optional and usable only with custom protocols) Predefined variable
that was created when you created a custom protocol. The
variable-field-name will match the field-name variable entered when
you created the custom protocol.
value (Optional and usable only with custom protocols) Specific value in the
custom payload to match. A value can be entered along with a
variable-field-name only. The value can be expressed in decimal or
hexadecimal format.
Command Default Traffic is not matched by a protocol type that is known to NBAR.
Release Modification
12.2(18)ZY This command was integrated into Cisco IOS Release 12.2(18)ZY. This
command was modified to enhance NBAR functionality on the
Catalyst 6500 series switch that is equipped with the
Supervisor 32/programmable intelligent services accelerator (PISA)
engine.
12.2(18)ZYA This command was modified to integrate NBAR and Firewall Service
Module (FWSM) functionality on the Catalyst 6500 series switch that is
equipped with a Supervisor 32/PISA. This command now recognizes
additional protocols as noted in Table 16 in “Usage Guidelines.”
Usage Guidelines Use the match protocol (NBAR) command to match protocol types that are known to NBAR. NBAR is
capable of classifying the following types of protocols:
• Non-UDP and non-TCP IP protocols
• TCP and UDP protocols that use statically assigned port numbers
• TCP and UDP protocols that use statically assigned port numbers but still require stateful inspection
• TCP and UDP protocols that dynamically assign port numbers and therefore require stateful
inspection
Table 16 lists the NBAR-supported protocols available in Cisco IOS software, sorted by category. The
table also provides information about the protocol type, the well-known port numbers (if applicable), the
syntax for entering the protocol in NBAR, and the Cisco IOS release in which the protocol was initially
supported. This table is updated when a protocol is added to a new Cisco IOS release train.
In the following example, custom protocol ftdd is created by using a variable. A class map matching this
custom protocol based on the variable is also created. In this example, class map matchscidinftdd will
match all traffic that has the value “804” at byte 125 entering or leaving TCP ports 5001 to 5005. The
variable scid is 2 bytes in length.
Router(config)# ip nbar custom ftdd 125 variable scid 2 tcp range 5001 5005
The same example above can also be done by using hexadecimal values in the class map as follows:
Router(config)# ip nbar custom ftdd 125 variable scid 2 tcp range 5001 5005
In the following example, the variable keyword is used while you create a custom protocol, and class
maps are configured to classify different values within the variable field into different traffic classes.
Specifically, in the example below, variable scid values 0x15, 0x21, and 0x27 will be classified into class
map active-craft, while scid values 0x11, 0x22, and 0x25 will be classified into class map passive-craft.
Router(config)# ip nbar custom ftdd field scid 125 variable 1 tcp range 5001 5005
Usage Guidelines Entering the match protocol citrix command without the app keyword establishes all Citrix traffic as
successful match criteria.
Entering the match protocol citrix command with the ica-tag keyword prioritizes Citrix ICA traffic.
The priority tag values can be a number from 0 to 3, with 0 having the highest priority and 3 the lowest.
Examples The following example configures NBAR to match all Citrix traffic:
match protocol citrix
The following example configures NBAR to match Citrix traffic with the application name of packet1:
match protocol citrix app packet1
The following example configures NBAR to give Citrix ICA traffic a priority of 1:
match protocol citrix ica-tag-1
Syntax Description file-transfer Indicates that a regular expression will be used to identify specific
FastTrack traffic.
“regular-expression” Regular expression used to identify specific FastTrack traffic. For
instance, entering “cisco” as the regular expression would classify the
FastTrack traffic containing the string “cisco” as matches for the traffic
policy.
To specify that all FastTrack traffic be identified by the traffic class, use
“*” as the regular expression.
Usage Guidelines To specify that all FastTrack traffic be identified by the traffic class, use “*” as the regular expression.
Applications that use FastTrack include KaZaA, Grokster, and Morpheus (although newer versions of
Morpheus use Gnutella).
Examples The following example configures NBAR to match all FastTrack traffic:
match protocol fasttrack file-transfer “*”
In the following example, all FastTrack files that have the “.mpeg” extension will be classified into class
map nbar:
class-map match-all nbar
match protocol fasttrack file-transfer "*.mpeg"
The following example configures NBAR to match FastTrack traffic that contains the string “cisco”:
match protocol fasttrack file-transfer “*cisco*”
Syntax Description file-transfer Indicates that a regular expression will be used to identify specific
Gnutella traffic.
“regular-expression” The regular expression used to identify specific Gnutella traffic. For
instance, entering “cisco” as the regular expression would classify the
Gnutella traffic containing the string “cisco” as matches for the traffic
policy.
To specify that all Gnutella traffic be identified by the traffic class, use
“*” as the regular expression.
Usage Guidelines To specify that all Gnutella traffic be identified by the traffic class, use “*” as the regular expression.
Applications that use Gnutella include the following:
• BearShare
• Gnewtellium
• Gnucleus
• Gtk-Gnutella
• JTella
• LimeWire
• Morpheus
• Mutella
• Phex
• Qtella
• Swapper
• XoloX
• XCache
Examples The following example configures NBAR to match all Gnutella traffic:
match protocol gnutella file-transfer “*”
In the following example, all Gnutella files that have the “.mpeg” extension will be classified into class
map nbar:
class-map match-all nbar
match protocol gnutella file-transfer "*.mpeg"
In the following example, only Gnutella traffic that contains the characters “cisco” is classified:
class-map match-all nbar
match protocol gnutella file-transfer “*cisco*”
match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field
c-header-field-string | s-header-field s-header-field-string]
no match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field
c-header-field-string | s-header-field s-header-field-string]
Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine
Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine
content-encoding (Optional) Specifies matching by the encoding mechanism used to
package the entity body.
content-encoding-name-stri (Optional) User-specified content-encoding name.
ng
from (Optional) Specifies matching by the e-mail address of the person
controlling the user agent.
from-address-string (Optional) User-specified e-mail address.
location (Optional) Specifies matching by the exact location of the resource
from request.
location-name-string (Optional) User-specified location of the resource.
referer (Optional) Specifies matching by the address from which the resource
request was obtained.
referer-address-name-strin (Optional) User-specified address of the referer resource.
g
server (Optional) Specifies matching by the software used by the origin server
handling the request.
server-software-name-strin (Optional) User-specified software name.
g
user-agent (Optional) Specifies matching by the software used by the agent
sending the request.
user-agent-software-name-s (Optional) User-specified name of the software used by the agent
tring sending the request.
Command Default NBAR does not match HTTP traffic by URL, host, MIME type, or fields in HTTP packet headers.
Release Modification
12.4(2)T The command was integrated into Cisco IOS Release 12.4(2)T and was
modified to include the c-header-field c-header-field-string and
s-header-field s-header-field-string keywords and arguments.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(18)ZY2 This command was integrated into Cisco IOS Release 12.2(18)ZY2, and
support was provided for the Catalyst 6500 series switch that is equipped
with the Supervisor 32/PISA engine.
Note For this Cisco IOS release and this platform, the c-header-field
c-header-field-string and s-header-field s-header-field-string
keywords and arguments are not available. To achieve the same
functionality, use the individual keywords and arguments as shown
in the syntax for the Catalyst 6500 series switch.
Note For Cisco IOS Release 12.2(18)ZY2 on the Cisco Catalyst 6500 series switch that is equipped with a
Supervisor 32/PISA engine, up to 56 parameters or sub-classifications can be specified with the match
protocol http command. These parameters or sub-classifications can be a combination of any of the
available match choices, such as HOST matches, MIME matches, server matches, URL matches, and so
on. For other Cisco IOS releases and platforms, the maximum is 24 parameters or sub-classifications.
To match the www.anydomain.com portion, use the hostname matching feature. The parameter
specification strings can take the form of a regular expression with the following options:
Option Description
* Match any zero or more characters in this position.
? Match any one character in this position.
| Match one of a choice of characters.
(|) Match one of a choice of characters in a range. For example cisco.(gif | jpg) matches either
cisco.gif or cisco.jpg.
[] Match any character in the range specified, or one of the special characters. For example,
[0-9] is all of the digits. [*] is the “*” character and [[] is the “[” character.
Note Use of the Content-Base field has not been implemented by the HTTP community. (See
RFC 2616 for details.) Therefore, the Content-Base field is not identified by NBAR on
the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA engine.
Within NBAR, the match protocol http c-header-field command is used to specify request messages
(the “c” in the c-header-field portion of the command is for client). The match protocol http
s-header-field command is used to specify response messages (the “s” in the s-header-field portion of
the command is for server).
It is important to note that combinations of URL, host, MIME type, and HTTP headers can be used
during NBAR configuration. These combinations provide customers with more flexibility to classify
specific HTTP traffic based on their network requirements.
Note For Cisco IOS Release 12.2(18)ZY2 on the Cisco Catalyst 6500 series switch that is equipped with a
Supervisor 32/PISA engine, the c-header-field and s-header-field keywords and associated arguments
are not available. Instead, use the individual keywords and arguments as shown in the syntax to achieve
the same functionality.
Examples The following example classifies, within class map class1, HTTP packets based on any URL containing
the string whatsnew/latest followed by zero or more characters:
class-map class1
match protocol http url whatsnew/latest*
The following example classifies, within class map class2, packets based on any hostname containing
the string cisco followed by zero or more characters:
class-map class2
match protocol http host cisco*
The following example classifies, within class map class3, packets based on the JPEG MIME type:
class-map class3
match protocol http mime “*jpeg”
In the following example, any response message that contains “gzip” in the Content-Base (if available),
Content-Encoding, Location, or Server header fields will be classified by NBAR. Typically, the term
“gzip” would be found in the Content-Encoding header field of the response message.
class-map class4
match protocol http s-header-field “gzip”
In the following example, HTTP header fields are combined with a URL to classify traffic. In this
example, traffic with a User-Agent field of “CERN-LineMode/3.0” and a Server field of “CERN/3.0”,
along with URL “www.cisco.com”, will be classified using NBAR.
class-map match-all c-http
match protocol http c-header-field “CERN-LineMode/3.0”
match protocol http s-header-field “CERN/3.0”
match protocol http url “www.cisco.com”
Catalyst 6500 Series Router Equipped with a Supervisor 32/PISA Engine Example
In the following two examples, the individual keywords and associated arguments are used to specify
traffic (instead of the c-header-field and the s-header-field keywords).
In the first example, the user-agent, referrer, and from keywords are specified. In the second example,
the server, location, content-encoding keywords are specified.
class-map match-all test1
match protocol http user-agent Mozilla
match protocol http referrer *10.0.10.50
match protocol http from *cisco.com
Syntax Description audio (Optional) Specifies matching by audio payload-type values in the range of
0 to 23. These payload-type values are reserved for audio traffic.
video (Optional) Specifies matching by video payload-type values in the range of
24 to 33. These payload-type values are reserved for video traffic.
Usage Guidelines Entering the match protocol rtp command without any other keywords establishes all RTP traffic as
successful match criteria.
RTP is a packet format for multimedia data streams. It can be used for media-on-demand as well as
interactive services such as Internet telephony. RTP consists of a data and a control part. The control part
is called Real-Time Transport Control Protocol (RTCP). It is important to note that the NBAR RTP
Payload Classification feature does not identify RTCP packets and that RTCP packets run on
odd-numbered ports while RTP packets run on even-numbered ports.
The payload type field of an RTP packet identifies the format of the RTP payload and is represented by
a number. NBAR matches RTP traffic on the basis of this field in the RTP packet. A working knowledge
of RTP and RTP payload types is helpful if you want to configure NBAR to match RTP traffic. For more
information about RTP and RTP payload types, refer to RFC 1889, RTP: A Transport Protocol for
Real-Time Applications.
Examples The following example configures NBAR to match all RTP traffic:
class-map class1
match protocol rtp
The following example configures NBAR to match RTP traffic with the payload-types 0, 1, 4, 5, 6, 7, 8,
9, 10, 11, 12, 13, 14, 15, 16, 17, 18, and 64:
class-map class2
match protocol rtp payload-type "0, 1, 4-0x10, 10001b-10010b, 64"
match qos-group
To identify a specific quality of service (QoS) group value as a match criterion, use the match qos-group
command in class-map configuration mode. To remove a specific QoS group value from a class map, use
the no form of this command.
Syntax Description qos-group-value The exact value from 0 to 99 used to identify a QoS group value.
Usage Guidelines The match qos-group command is used by the class map to identify a specific QoS group value marking
on a packet. This command can also be used to convey the received Multiprotocol Label Switching
(MPLS) experimental (EXP) field value to the output interface.
The qos-group-value argument is used as a marking only. The QoS group values have no mathematical
significance. For instance, the qos-group-value of 2 is not greater than 1. The value simply indicates that
a packet marked with the qos-group-value of 2 is different than a packet marked with the
qos-group-value of 1. The treatment of these packets is defined by the user through the setting of QoS
policies in QoS policy-map class configuration mode.
The QoS group value is local to the router, meaning that the QoS group value that is marked on a packet
does not leave the router when the packet leaves the router. If you need a marking that resides in the
packet, use IP precedence setting, IP differentiated services code point (DSCP) setting, or another
method of packet marking.
This command can be used with the random-detect discard-class-based command.
Examples The following example shows how to configure the service policy called “priority50” and attach service
policy “priority50” to an interface. In this example, the class map called “qosgroup5” will evaluate all
packets entering Fast Ethernet interface 1/0/0 for a QoS group value of 5. If the incoming packet has
been marked with the QoS group value of 5, the packet will be treated with a priority level of 50.
Router(config)# class-map qosgroup5
Router(config-cmap)# match qos-group 5
Router(config)# exit
Router(config)# policy-map priority50
Router(config-pmap)# class qosgroup5
Router(config-pmap-c)# priority 50
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fastethernet1/0/0
Router(config-if)# service-policy output priority50
Syntax Description address-destination The source destination MAC address to be used as a match criterion.
Usage Guidelines This command can be used only on an input interface with a MAC address, for example, Fast Ethernet
and Ethernet interfaces.
This command cannot be used on output interfaces with no MAC address, such as serial and ATM
interfaces.
Examples The following example uses the MAC address mac 0.0.0 as a match criterion:
Router(config)# class-map matchsrcmac
Router(config-cmap)# match source-address mac 0.0.0
match start
To configure the match criteria for a class map on the basis of the datagram header (Layer 2 ) or the
network header (Layer 3), use the match start command in class-map configuration mode. To remove
the specified match criteria, use the no form of this command.
Syntax Description l2-start Match criterion starts from the datagram header.
l3-start Match criterion starts from the network header.
offset number Match criterion can be made according to any aribitrary offset.
size number Number of bytes in which to match.
eq Match criteria is met if the packet is equal to the specified value or mask.
neq Match criteria is met if the packet is not equal to the specified value or mask.
mask (Optional) Can be used when the eq or the neq keywords are issued.
gt Match criteria is met if the packet is greater than the specified value.
lt Match criteria is met if the packet is less than the specified value.
range range Match critera is based upon a lower and upper boundary protocol field range.
regex string Match critera is based upon a string that is to be matched.
value Value for which the packet must be in accordance with.
Usage Guidelines To the match criteria that is to be used for flexible packet matching, you must first enter the class-map
command to specify the name of the class whose match criteria you want to establish. Thereafter, you
can enter one of the following commands:
• match-field (which configures the match criteria for a class map on the basis of the fields defined
in the protocol header description files [PHDFs])
• match-start (which can be used if a PHDF is not loaded onto the router)
Examples The following example shows how to configure FPM for blaster packets. The class map contains the
following match criteria: TCP port 135, 4444 or UDP port 69; and pattern 0x0030 at 3 bytes from start
of IP header.
load protocol disk2:ip.phdf
load protocol disk2:tcp.phdf
load protocol disk2:udp.phdf
Command Description
load protocol Loads a PHDF onto a router.
match field Configures the match criteria for a class map on the basis of the fields
defined in the PHDFs.
Usage Guidelines The access control server (ACS) sends the tag attribute to the network access device (NAD) using the
Cisco attribute-value (AV) pair. (The tag attribute can also be sent to the NAD using the IETF attribute
88.)
Examples The following example shows that the tag to be matched is named “healthy”:
Router(config)# class-map type tag healthy_class
Router(config-cmap)# match tag healthy
Router(config-cmap)# end
Syntax Description vlan-id-number VLAN identification number, numbers, or range of numbers. Valid
VLAN identification numbers must be in the range of 1 to 4095.
Command Default Traffic is not matched on the basis of the VLAN identification number.
Support Restrictions
The following restrictions apply to the match vlan command:
• The match vlan command is supported for IEEE 802.1q and Inter-Switch Link (ISL) VLAN
encapsulations only.
• As of Cisco IOS Release 12.2(31)SB2, the match vlan command is supported on Cisco 10000 series
routers only.
Examples In the following sample configuration, the match vlan command is enabled to classify and match traffic
on the basis of a range of VLAN identification numbers. Packets with VLAN identification numbers in
the range of 25 to 50 are placed in the class called class1.
Router> enable
Router# configure terminal
Router(config)# class-map class1
Router(config-cmap)# match vlan 25-50
Router(config-cmap)# end
Note Typically, the next step would be to configure class1 in a policy map, enable a quality of service (QoS)
feature (for example, class-based weighted fair queueing [CBWFQ]) in the policy map, and attach the
policy map to an interface. To configure a policy map, use the policy-map command. To enable
CBWFQ, use the bandwidth command (or use the command for the QoS feature that you want to
enable). To attach the policy map to an interface, use the service-policy command. For more information
about classifying network traffic on the basis of a match criterion, see the “Classification” part of the
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4T.
Syntax Description vlan-ids One or more VLAN IDs to be matched. The valid range for VLAN IDs is
from 1 to 4095, and the list of VLAN IDs can include one or all of the
following:
• Single VLAN IDs, separated by spaces. For example:
100 200 300
• One or more ranges of VLAN IDs, separated by spaces. For example:
1-1024 2000-2499
Command Default Packets are not matched on the basis of incoming dot1q VLAN inner IDs.
Examples The following example creates a class map that matches packets with a VLAN IDs of 100 to 300.
Router(config)# class-map match-all vlan100
Router(config-cmap)# match vlan inner 100
Router(config-cmap)# exit
Router(config)# class-map match-all vlan200
Router(config-cmap)# match vlan inner 200
Router(config-cmap)# exit
Router(config)# class-map match-all vlan300
Router(config-cmap)# match vlan inner 300
Syntax Description bandwidth (Optional) Indicates bandwidth limits for RSVP reservations.
group x (Optional) Specifies the amount of bandwidth, in kbps, that can be requested
by all the reservations covered by a local policy. The x value ranges from 1
to 10000000.
single y (Optional) Specifies the maximum bandwidth, in kbps, that can be requested by
any specific RSVP reservation covered by a local policy. The y value ranges
from 1 to 10000000.
senders n (Optional) Limits the number of RSVP senders affected by a local policy that
can be active at the same time on a router. The value for n ranges from 1 to
50000; the default is 1000.
Command Default No maximum bandwidth limit is set and no RSVP senders are configured.
Usage Guidelines Previously, the maximum bandwidth command applied only to PATH messages. However, as part of
the application ID enhancement, this command now applies only to RESV messages. This change has
the following benefits:
• Allows the local policy bandwidth limit to be used by RSVP’s admission control process for both
shared and nonshared reservations. Previous releases that performed group bandwidth checks on
PATH messages could not account for bandwidth sharing and, as a result, you had to account for
sharing by creating a larger maximum group bandwidth for the policy.
• Allows a local policy to trigger preemption during the admission control function if there is
insufficient policy bandwidth to meet the needs of an incoming RESV message.
Examples The following example specifies the maximum bandwidth for a group of reservations and for a single
reservation, respectively:
Router(config-rsvp-local-policy)# maximum bandwidth group 500
Router(config-rsvp-local-policy)# maximum bandwidth single 50
maximum header
To specify the maximum size of the compressed IP header, use the maximum header command in
IPHC-profile configuration mode. To return the maximum size of the compressed IP header to the default
size, use the no form of this command.
no maximum header
Syntax Description number-of-bytes The maximum header size, in bytes. Valid entries are numbers from 20 to
168. Default is 168.
Command Default The maximum size of the compressed IP header is 168 bytes.
Usage Guidelines The maximum header command allows you to define the maximum size of the IP header of a packet to
be compressed. Any packet with an IP header that exceeds the maximum size is sent uncompressed.
Use the number-of-bytes argument of the maximum header command to restrict the size of the IP header
to be compressed.
Prerequisite
Before using the maximum header command, you must enable either TCP header compression or
non-TCP header compression. To enable TCP header compression, use the tcp command. To enable
non-TCP header compression, use the non-tcp command.
Examples The following is an example of an IPHC profile called profile2. In this example, the maximum size of
the compressed IP header is set to 75 bytes.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# maximum header 75
Router(config-iphcp)# end
max-reserved-bandwidth
To change the percent of interface bandwidth allocated for Resource Reservation Protocol (RSVP),
class-based weighted fair queueing (CBWFQ), low latency queueing (LLQ), IP RTP Priority, Frame
Relay IP RTP Priority, Frame Relay PVC Interface Priority Queueing (PIPQ), or hierarchical queueing
framework (HQF), use the max-reserved bandwidth command in interface configuration mode. To
restore the default value, use the no form of this command.
max-reserved-bandwidth percent
no max-reserved-bandwidth
Syntax Description percent Amount of interface bandwidth allocated for RSVP, CBWFQ, LLQ, IP RTP
Priority, Frame Relay IP RTP Priority, Frame Relay PIPQ, and HQF.
Command Default 75 percent on all supported platforms except the Cisco 7500 series routers, which do not have this
restriction.
Usage Guidelines The sum of all bandwidth allocation on an interface should not exceed 75 percent of the available
bandwidth on an interface. The remaining 25 percent of bandwidth is used for overhead, including
Layer 2 overhead, control traffic, and best-effort traffic.
If you need to allocate more than 75 percent for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP
RTP Priority, Frame Relay PIPQ, or HQF, you can use the max-reserved-bandwidth command. The
percent argument specifies the maximum percentage of the total interface bandwidth that can be used.
If you do use the max-reserved-bandwidth command, make sure that not too much bandwidth is taken
away from best-effort and control traffic.
Examples In the following example, the policy map called policy1 is configured for three classes with a total of
8 Mbps configured bandwidth, as shown in the output from the show policy-map command:
Router# show policy-map policy1
When you enter the service-policy command in an attempt to attach the policy map on a 10-Mbps
Ethernet interface, an error message such as the following is produced:
I/f Ethernet1/1 class class3 requested bandwidth 3000 (kbps) Available only 2500 (kbps)
The error message is produced because the default maximum configurable bandwidth is 75 percent of
the available interface bandwidth, which in this example is 7.5 Mbps. To change the maximum
configurable bandwidth to 80 percent, use the max-reserved-bandwidth command in interface
configuration mode, as follows:
max-reserved-bandwidth 80
service output policy1
end
To verify that the policy map was attached, enter the show policy-map interface command:
Router# show policy-map interface e1/1
interface Serial0/1
bandwidth 64
ip address 10.1.1.2 255.255.255.0
no ip directed-broadcast
encapsulation ppp
ppp multilink
end
Note To make the virtual access interface function properly, do not configure the bandwidth command on the
virtual template. Configure it on the actual interface, as shown in the example.
mls ip pbr
To enable the multilayer switching (MLS) support for policy-routed packets, use the mls ip pbr
command in global configuration mode. To disable the MLS support for policy-routed packets, use the
no form of this command.
no mls ip pbr
Syntax Description null0 (Optional) Enables the hardware support for the interface null0 in the route-maps.
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 720.
Note Do not enable PBR and SLB on the same interface; PBR-based packets are not forwarded correctly.
When you enable the hardware-policy routing by entering the mls ip pbr command, all policy routing
occurs in the hardware and is applied to all interfaces, regardless of which interface was configured for
policy routing.
Use the null0 keyword when you have routed traffic only to enable the hardware support for the set
interface null0 in the route-maps.
Examples This example shows how to enable the MLS support for policy-routed packets:
Router(config)# mls ip pbr
mls qos
no mls qos
Usage Guidelines If you enable QoS globally, QoS is enabled on all interfaces with the exception of the interfaces where
you disabled QoS. If you disable QoS globally, all traffic is passed in QoS pass-through mode.
In port-queueing mode, Policy Feature Card (PFC) QoS (marking and policing) is disabled, and packet
type of service (ToS) and class of service (CoS) are not changed by the PFC. All queueing on rcv and
xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or Inter-Switch Link (ISL)-encapsulated port links, queueing is based on the packet 802.1Q
or ISL CoS.
For the router main interfaces or access ports, queueing is based on the configured per-port CoS (the
default CoS is 0).
This command enables or disables ternary content addressable memory (TCAM) QoS on all interfaces
that are set in the OFF state.
This example shows how to disable QoS globally on the Cisco 7600 series router:
Router(config)# no mls qos
Router(config)#
mls qos
no mls qos
Usage Guidelines This command is deprecated on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs
and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on
these OSMs.
If you disable QoS globally, it is also disabled on all interfaces.
This command enables or disables TCAM QoS (classification, marking, and policing) for the interface.
Syntax Description name Name of the aggregate policer. See the “Usage Guidelines” section for
naming conventions.
rate-bps Maximum bits per second. Range is 32000 to 10000000000.
normal-burst-bytes (Optional) Normal burst bytes. Range is 1000 to 31250000.
maximum-burst-bytes (Optional) Maximum burst bytes. Range is 1000 to 31250000 (if entered,
this value must be set equal to normal-burst-bytes).
pir peak-rate-bps (Optional) Keyword and argument that set the peak information rate
(PIR). Range is 32000 to 10000000000. Default is equal to the normal
(cir) rate.
action-type action (Optional) Action type keyword. This command may include multiple
action types and corresponding actions to set several actions
simultaneously. Valid values are:
• conform-action—Keyword that specifies the action to be taken when
the rate is not exceeded. Valid actions are:
– drop—Drops the packet.
– set-dscp-transmit value—Sets the DSCP value and sends the
packet. Valid entries are: 0 to 63 (differentiated code point
value), af11 to af43 (match packets with specified AF DSCP),
cs1 to cs7 (match packets with specified CS DSCP), default, or
ef (match packets with the EF DSCP).
– set-mpls-exp-imposition-transmit number—Sets experimental
(exp) bits at the tag imposition. Valid range is 0 to 7.
– set-prec-transmit—Rewrites packet precedence and sends the
packet.
– transmit—Transmits the packet. This is the default.
• exceed-action—Keyword that specifies the action to be taken when
QoS values are exceeded. Valid actions are:
– drop—Drops the packet. This is the default.
– policed-dscp-transmit—Changes the DSCP value according to
the policed-dscp map and sends the packet.
– transmit—Transmits the packet.
• violate-action—Keyword that specifies the action to be taken when
QoS values are violated. Valid actions are:
– drop—Drops the packet.
– policed-dscp-transmit—Changes the DSCP value according to
the policed-dscp map and sends the packet.
– transmit—Transmits the packet.
Release Modification
12.3 This command was implemented on the Cisco 6500 and Cisco 7600.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines This policer can be shared by different policy map classes and on different interfaces. The Cisco 7600
series router supports up to 1023 aggregates and 1023 policing rules.
The mls qos aggregate-policer command allows you to configure an aggregate flow and a policing rule
for that aggregate. When you enter the rate and burst parameters, the range for the average rate is 32 kbps
to 10 Gbps (entered as 32000 and 10000000000) and the range for the burst size is 1 KB (entered as
1000) to 31.25 MB (entered as 31250000). Modifying an existing aggregate rate limit entry causes that
entry to be modified in NVRAM and in the Cisco 7600 series router if that entry is currently being used.
Note Because of hardware granularity, the rate value is limited, so the burst that you configure may not be the
value that is used.
Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM as well as in the
Cisco 7600 series router if it is currently being used.
When you enter the aggregate policer name, follow these naming conventions:
• Maximum of 31 characters and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.).
• Must start with an alphabetic character and must be unique across all ACLs of all types.
• Case sensitive.
• Cannot be a number.
• Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer.
Aggregate policing works independently on each DFC-equipped switching module and independently
on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not
combine flow statistics from different DFC-equipped switching modules. You can display aggregate
policing statistics for each DFC-equipped switching module, PFC2, and any non-DFC-equipped
switching modules that are supported by the PFC2 by entering the show mls qos aggregate policer
command.
Examples The following example shows how to configure a QoS aggregate policer to allow a maximum of 100000
bits per second with a normal burst byte size of 10000, to set DSCP to 48 when these rates are not
exceeded, and to drop packets when these rates are exceeded:
Router(config)# mls qos aggregate-policer micro-one 100000 10000 conform-action
set-dscp-transmit 48 exceed-action drop
Examples This example shows how to enable the microflow policing for bridged traffic on a VLAN interface:
Router(config-if)# mls qos bridged
Usage Guidelines The mls qos channel-consistency command is supported on port channels only.
Examples This example shows how to enable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# mls qos channel-consistency
This example shows how to disable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# no mls qos channel-consistency
Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
Syntax Description cos-value Assigns a default CoS value to a port. If the port is CoS trusted and packets are
untagged, the default CoS value is used to select one output queue as an index into
the CoS-to-DSCP map. The CoS range is 0 to 7. The default is 0.
override Overrides the CoS of the incoming packets and applies the default CoS value on the
port to all incoming packets.
Usage Guidelines Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
You can assign the default CoS and differentiated services code point (DSCP) value to all packets
entering a port if the port has been configured by use of the override keyword.
Use the override keyword when all incoming packets on certain ports deserve a higher or lower priority
than packets the enter from other ports. Even if a port was previously set to trust DSCP or CoS, this
command overrides that trust state, and all the CoS values on the incoming packets are changed to the
default CoS value that is configured with the mls qos cos command. If an incoming packet is tagged, the
CoS value of the packet is modified at the ingress port. It is changed to the default CoS of that port.
Use the show mls qos interface privileged EXEC command to verify your settings.
Examples Cisco 3660, 3845, 6500, 7200, 7400, and 7500 Series Routers
The following example shows how to assign 4 as the default port CoS:
Router(config)# interface gigabitethernet 0/1
Router(config-if)# mls qos trust cos
Router(config-if)# mls qos cos 4
The following example shows how to assign 4 as the default port CoS value for all packets the enter the
port:
Router(config)# interface gigabitethernet0/1
Router(config-if)# mls qos cos 4
Router(config-if)# mls qos cos override
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Examples This example shows how to attach the ingress-CoS mutation map named mutemap2:
Router(config-if)# mls qos cos-mutation mutemap2
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Examples This example shows how to attach the egress-DSCP mutation map named mutemap1:
Router(config-if)# mls qos dscp-mutation mutemap1
Examples This example shows how to attach the egress-exp mutation map named mutemap2:
Router(config-if)# mls qos exp-mutation mutemap2
Router(config-if)#
Usage Guidelines With mls qos loopback applied at the interface, the packets are not forwarded to the destination.
Before you enter the mls qos loopback command, you must specify a MAC address for the Optical
Services Modules (OSM) interface. The MAC address must be different from the LAN router MAC
address that is used in PFC2 hardware switching.
Examples This example shows how to prevent packets from being forwarded to the destination:
Router(config-if)# mls qos loopback
CoS 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56
Usage Guidelines All of the CoS-to-DSCP and DSCP-to-CoS maps are globally defined. You apply all maps to all ports.
If you enter the mls qos trust cos command, the default CoS-to-DSCP map is applied.
If you enter the mls qos trust dscp command, the default DSCP-to-CoS map is applied.
After a default map is applied, you can define the CoS-to-DSCP or DSCP-to-CoS map by entering
consecutive mls qos map commands.
If the mls qos trust dscp command is entered and a packet with an untrusted DSCP value is at an ingress
port, the packet CoS value is set to 0.
Use the show mls qos maps privileged EXEC command to verify your settings.
Examples The following example shows how to define the CoS-to-DSCP map. CoS values 0 to 7 are mapped to
DSCP values 8, 8, 8, 8, 24, 32, 56, and 56.
Router# configure terminal
Router(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56
Command Default If the CoS-to-CoS mutation map is not configured, the default CoS-to-CoS mutation mapping is listed
in Table 18.
CoS-in 0 1 2 3 4 5 6 7
CoS-out 0 1 2 3 4 5 6 7
Usage Guidelines This command is not supported on the Catalyst 6500 series switches and the Cisco 7600 series routers
that are configured with a Supervisor Engine 2.
This command is supported on the Catalyst 6500 series switches and the Cisco 7600 series routers that
are configured with the following modules only:
• WS-X6704-10GE
• WS-X6724-SFP
• WS-X6748-GE-TX
CoS mutation is not supported on non-802.1Q tunnel ports.
When you enter the mls qos map cos-mutation command, you are configuring the mutated-CoS values
map to sequential ingress-CoS numbers. For example, by entering the mls qos map cos-mutation 2 3 4
5 6 7 0 1 command, you configure this map:
CoS-in 0 1 2 3 4 5 6 7
CoS-out 2 3 4 5 6 7 0 1
Usage Guidelines The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map
determines the output queue and threshold to which the packet is assigned. The CoS map is written into
the Inter-Switch Link (ISL) header or 802.1Q tag of the transmitted packet on trunk interfaces and
contains a table of 64 DSCP values and the corresponding CoS values. The Catalyst 6500 series switch
and the Cisco 7600 series router have one map.
All of the CoS-to-DSCP and DSCP-to-CoS maps are globally defined. You apply all maps to all ports.
If you enter the mls qos trust cos command, the default CoS-to-DSCP map is applied.
If you enter the mls qos trust dscp command, the default DSCP-to-CoS map is applied.
After a default map is applied, you can define the CoS-to-DSCP or DSCP-to-CoS map by entering
consecutive mls qos map commands.
If the mls qos trust dscp command is entered and a packet with an untrusted DSCP value is at an ingress
port, the packet CoS value is set to 0.
Use the show mls qos maps privileged EXEC command to verify your settings.
Examples The following example shows how to define the DSCP-to-CoS map. DSCP values 16, 18, 24, and 26 are
mapped to CoS 1. DSCP values 0, 8, and 10 are mapped to CoS 0.
Router# configure terminal
Router(config)# mls qos map dscp-cos 16 18 24 26 to 1
Router(config)# mls qos map dscp-cos 0 8 10 to 0
Syntax Description dscp-values DSCP values; valid values are from 0 to 63.
to Defines mapping.
exp-values EXP values; valid values are from 0 to 7.
Examples This example shows how to configure the final DSCP value to a final EXP value:
Router(config)# mls qos map dscp-exp 20 25 to 3
Usage Guidelines This command is not supported on the Catalyst 6500 series switches and the Cisco 7600 series routers
that are configured with a Supervisor Engine 2.
When configuring a named DSCP mutation map, note the following:
• You can enter up to eight input DSCP values that map to a mutated DSCP value.
• You can enter multiple commands to map additional DSCP values to a mutated DSCP value.
• You can enter a separate command for each mutated DSCP value.
You can configure 15 egress-DSCP mutation maps to mutate the internal DSCP value before it is written
as the egress-DSCP value. You can attach egress-DSCP mutation maps to any interface that Policy
Feature Card (PFC) QoS supports.
PFC QoS derives the egress-class-of-service (CoS) value from the internal DSCP value. If you configure
egress-DSCP mutation, PFC QoS does not derive the egress-CoS value from the mutated DSCP value.
Examples This example shows how to map DSCP 30 to mutated DSCP value 8:
Router(config)# mls qos map dscp-mutation mutemap1 30 to 8
Syntax Description dscp-values Defines the ingress EXP value to the internal DSCP map. Range: 0 to 63.
EXP 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56
Examples This example shows how to configure the received EXP value to an internal DSCP value:
Router(config)# mls qos map exp-dscp 20 25 30 31 32 32 33 34
Command Default If the EXP-to-EXP mutation map is not configured, the default EXP-to-EXP mutation mapping is listed
in Table 22.
EXP-in 0 1 2 3 4 5 6 7
EXP-out 0 1 2 3 4 5 6 7
Usage Guidelines This command is not supported on the Catalyst 6500 series switch and the Cisco 7600 series router that
are configured with a Supervisor Engine 2.
This command is supported in PFC3BXL or PFC3B mode only.
When you enter the mls qos map exp-mutation command, you are configuring the mutated EXP values
map to the sequential EXP numbers. For example, by entering the mls qos map exp-mutation 2 3 4 5 6
7 0 1 command, you configure the map as shown in Table 23 below:
EXP-in 0 1 2 3 4 5 6 7
EXP-out 2 3 4 5 6 7 0 1
Examples This example shows how to map the EXP value of a packet to a new EXP value:
Router(config)# mls qos map exp-mutation mutemap1 1 2 3 4 5 6 7 0
Syntax Description dscp-values DSCP values corresponding to IP precedence values 0 to 7; valid values are
from 0 to 63.
IP-Precedence 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56
Usage Guidelines Use the mls qos map ip-prec-dscp command to map the IP precedence of IP packets arriving on trusted
interfaces (or flows) to a DSCP when the trust type is trust-ipprec.
You can enter up to eight DSCP values separated by a space.
This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The
Catalyst 6500 series switch and the Cisco 7600 series router have one map. The IP precedence values
are as follows:
• network 7
• internet 6
• critical 5
• flash-override 4
• flash 3
• immediate 2
• priority 1
• routine 0
Examples This example shows how to configure the ingress-IP precedence-to-DSCP mapping for trusted
interfaces:
Router(config)# mls qos map ip-prec-dscp 20 30 1 43 63 12 13 8
mls qos map policed-dscp {normal-burst | max-burst} dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6
[dscp7 [dscp8]]]]]]] to policed-dscp
Syntax Description normal-burst Configures the markdown map used by the exceed-action
policed-dscp-transmit keywords.
max-burst Configures the markdown map used by the violate-action
policed-dscp-transmit keywords.
dscp1 DSCP value. Range: 0 to 63.
dscp2 through dscp8 (Optional) DSCP values. Range: 0 to 63.
to Defines mapping.
policed-dscp Policed-to-DSCP values; valid values are from 0 to 63.
Usage Guidelines The DSCP-to-policed-DSCP map determines the marked-down DSCP value that is applied to
out-of-profile flows. The Catalyst 6500 series switch and the Cisco 7600 series router have one map.
You can enter up to eight DSCP values separated by a space.
You can enter up to eight policed DSCP values separated by a space.
Note To avoid out-of-sequence packets, configure the DSCP-to-policed-DSCP map so that marked-down
packets remain in the same queue as the in-profile traffic.
Examples This example shows how to map multiple DSCPs to a single policed-DSCP value:
Router(config)# mls qos map policed-dscp 20 25 43 to 4
Usage Guidelines Use the mls qos marking ignore port-trust command to mark packets even if the interface is trusted.
Examples This example shows how to mark packets even if the interface is trusted:
mls qos marking ignore port-trust
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Use the show policy-map interface command to display policy-map statistics.
Examples This example shows how to disable allocation of the policer-traffic class identification with set actions:
Router(config)# mls qos marking statistics
This example shows how to allow allocation of the policer-traffic class identification with set actions:
Router(config)# no mls qos marking statistics
Command Default With the trusted state enabled, the defaults are as follows:
• Untrusted—The packets are marked to 0 or by policy.
• trust-cos.
With the trusted state disabled, the defaults are as follows:
• trust-exp—The port or policy trust state is ignored.
• The packets are marked by policy.
Usage Guidelines You can enter the mls qos mpls trust exp command to treat MPLS packets as other Layer 2 packets for
class of service (CoS) and egress queueing purposes (for example, to apply port or policy trust). All
trusted cases (trust CoS/IP/Differentiated Services Code Point (DSCP)) are treated as trust-cos.
Class of Service (CoS) refers to three bits in either an ISL header or an 802.1Q header that are used to
indicate the priority of the Ethernet frame as it passes through a switched network. The CoS bits in the
802.1Q header are commonly referred to as the 802.1p bits. To maintain QoS when a packet traverses
both Layer 2 and Layer 3 domain, the ToS and CoS values can be mapped to each other.
Examples This example shows how to set the trusted state of MPLS packets to trust-cos:
mls qos mpls trust exp
This example shows how to set the trusted state of MPLS packets to untrusted:
no mls qos mpls trust exp
Usage Guidelines This command is supported on PFC3BXL or PFC3B mode only. With Release 12.2(17b)SXA, enter the
show platform earl-mode command to display the PFC3 mode.
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
Use the no mls qos police redirected command whenever you require NetFlow Data Export (NDE)
accuracy (if you do not require QoS-redirected packets).
Examples This example shows how to turn on the ACL-redirected packet policing:
Router(config)# mls qos police redirected
This example shows how to turn off the ACL-redirected packet policing:
Router(config)# no mls qos police redirected
Usage Guidelines You can use the mls qos police serial command to configure the PFC3C or PFC3CXL ingress and egress
policers to operate independently of each other (in serial mode). Normally, ingress and egress policers
operate in parallel mode, where action by one policer causes a corresponding action in the other. For
example, if the egress policer drops a packet, the ingress policer does not count the packet either. In serial
mode, however, action by one policer does not cause a corresponding action in the other.
Examples The following command example shows how to enable serial policing mode on the PFC3C or PFC3CXL:
Router(config)# mls qos police serial
mls qos protocol protocol-name pass-through | police rate burst | precedence value [police rate
burst]
Syntax Description protocol-name Protocol name; valid values are arp, bgp, eigrp, igrp, isis, ldp, nd, ospf, and rip.
pass-through Specifies pass-through mode.
police rate Specifies the maximum bits per second (bps) to be policed; valid values are from
32000 to 4000000000 bps.
burst Normal burst bytes; valid values are from 1000 to 31250000 bytes.
precedence value Specifies the IP-precedence value of the protocol packets to rewrite; valid values
are from 0 to 7.
Release Modification
12.2(18)SXF The no form of this command was changed to remove the arguments and
keywords.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines This command does not support ARP, ISIS, or EIGRP on Cisco 7600 series routers that are configured
with a Supervisor Engine 2.
If you enter the precedence value keyword and arguments without entering the police rate burst
keyword and arguments, only the packets from an untrusted port are marked.
You can make the protocol packets avoid the per-interface policy maps by entering the police rate,
pass-through, or precedence value keywords and arguments.
The mls qos protocol command allows you to define the routing-protocol packet policing as follows:
• When you specify the pass-through mode, the DSCP value does not change and is not policed.
• When you set the police rate, the DSCP value does not change and is policed.
• When you specify the precedence value, the DSCP value changes for the packets that come from
an untrusted port, the class of service (CoS) value that is based on DSCP-to-CoS map changes, and
the traffic is not policed.
• When you specify the precedence value and the police rate, the DSCP value changes, the CoS value
that is based on DSCP-to-CoS map changes, and the DSCP value is policed. In this case, the DSCP
value changes are based on the trust state of the port; the DSCP value is changed only for the packets
that come from an untrusted port.
• If you do not enter a precedence value, the DSCP value is based on whether or not you have enabled
multilayer switching (MLS) QoS as follows:
– If you enabled MLS QoS and the port is untrusted, the internal DSCP value is overwritten to
zero.
– If you enabled MLS QoS and the port is trusted, then the incoming DSCP value is maintained.
You can make the protocol packets avoid policing completely if you choose the pass-through mode. If
the police mode is chosen, the committed information rate (CIR) specified is the rate that is used to
police all the specified protocol’s packets, both entering or leaving the Cisco 7600 series router.
To protect the system by ARP broadcast, you can enter the mls qos protocol arp police bps command.
Examples This example shows how to define the routing-protocol packet policing:
Router(config)# mls qos protocol arp police 43000
This example shows how to define the IP-precedence value of the protocol packets to rewrite:
Router(config)# mls qos protocol bgp precedence 4
This example shows how to define the IP-precedence value of the protocol packets to rewrite and police
the DSCP value:
Router(config)# mls qos protocol bgp precedence 4 police 32000 1200
Usage Guidelines In port-queueing mode, Policy Feature Card (PFC) QoS (marking and policing) is disabled, and packet
type of service (ToS) and class of service (CoS) are not changed by the PFC. All queueing on rcv and
xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or Inter-Link Switch (ISL)-encapsulated port links, queueing is based on the packet 802.1Q
or ISL CoS.
For router main interfaces or access ports, queueing is based on the configured per-port CoS (the default
CoS is 0).
Examples This example shows how to enable the port-queueing mode globally:
Router(config)# mls qos queueing-only
Command Default The queuing mode of an interfaces is class of service (CoS) mode.
Examples This example shows how to set the queuing mode to DSCP on an interface:
mls qos queue-mode mode-dscp
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
If you disable ToS-to-DSCP rewrite, and QoS is enabled globally, the following occurs:
• Final ToS-to-DSCP rewrite is disabled, and the ToS-to-DSCP packet is preserved.
• Policing and marking function according to the QoS configuration.
• Marked and marked-down class of service (CoS) is used for queueing.
• In QoS disabled mode, both ToS and CoS are preserved.
The no mls qos rewrite ip dscp command is incompatible with Multiprotocol Label Switching (MPLS).
The default mls qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or
PFC3B to assign the correct MPLS Experimental (EXP) value for the labels that it imposes.
Usage Guidelines You must enable data export globally to set up data export on your Cisco 7600 series router.
QoS-statistics data export is not supported on OSM interfaces.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or
IP address and the User Datagram Port (UDP) number.
For example, if you have QoS-statistics data export that is enabled on FastEthernet4/5, the exported
records could be (in this example, the delimiter is a | [pipe]) as follows:
|1|4/5|123|80|12500|6800|982361894|
Usage Guidelines QoS-statistics data export is not supported on Optical Services Modules (OSM) interfaces.
You must enable data export on the shared aggregate policer and globally to set up data export on your
Cisco 7600 series router.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the
mls qos statistics-export delimiter command.
For each data export-enabled shared aggregate or named policer, statistics data per policer per EARL is
exported. For each data export-enabled shared aggregate or named policer, the following information is
exported:
• Type (3 denotes aggregate policer export type)
• Aggregate name
• Direction (in or out)
• Encoded Address Recognition Logic (EARL) identification
• Accepted packets (accumulated hardware-counter values)
• Exceeded normal-rate packets (accumulated hardware-counter values)
• Exceeded excess-rate packets (accumulated hardware-counter values)
• Time stamp (time in seconds since January 1, 1970 UTC relative)
If a shared aggregate policer is attached to policies in both directions, two records are exported (one in
each direction). Each record will contain the same counter values for accepted packets, exceeded normal
packet rates, and exceeded excess packet rates.
For example, if you have the following configuration:
• QoS-statistics data export that is enabled on the shared aggregate policer named “aggr_1”
• An EARL in the supervisor engine that is installed in slot 1
• An EARL on the Distributed Forwarding Card (DFC) that is installed in slot 3
the exported records could be (note that in this example, the delimiter is a | [pipe]) as follows:
|3|agg_1|in|1|45543|2345|982361894|
|3|agg_1|in|3|45543|2345|982361894|
Examples This example shows how to enable per-shared aggregate or named-policer data export:
Router(config)# mls qos statistics-export aggregate-policer aggr1M
If the interface is a Cisco 7600 series router VLAN, the following information is exported:
• Type (5 denotes class-map VLAN export)
• Class-map name
• Direction (in or out)
• Encoded Address Recognition Logic (EARL) identification (slot number in which the EARL is
installed)
• VLAN number
• Accepted packets (cumulated hardware-counter values)
• Exceeded normal-rate packets (cumulated hardware-counter values)
• Exceeded excess-rate packets (cumulated hardware-counter values)
• Time stamp (time in seconds since January 1, 1970 UTC relative)
If the interface is a Cisco 7600 series router port channel, the following information is exported:
• Type (6 denotes class-map port-channel export)
• Class-map name
• Direction (in or out)
• EARL identification (slot number in which the EARL is installed)
• Port-channel number
• Accepted packets (cumulated hardware-counter values)
• Exceeded normal-rate packets (cumulated hardware-counter values)
• Exceeded excess-rate packets (cumulated hardware-counter values)
• Time stamp (time in seconds since January 1, 1970 UTC relative)
For example, if you have the following configuration:
• QoS-statistics data export enabled on the class map named “class_1”
• An EARL in the supervisor engine that is installed in slot 1
• An EARL on the Distributed Forwarding Card (DFC) that is installed in slot 3
• The Cisco 7600 series router is in the policy map named “policy_1”
• policy_1 is attached to the following interfaces in the ingress direction:
– FastEthernet4/5
– VLAN 100
– Port-channel 24
The exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|4|class_1|in|4/5|45543|2345|2345|982361894|
|5|class_1|in|1|100|44000|3554|36678|982361894|
|5|class_1|in|3|100|30234|1575|1575|982361894|
Examples This example shows how to enable QoS-statistics data export for a class map:
Router(config)# mls qos statistics-export class-map class3
Usage Guidelines QoS-statistics data export is not supported on Optical Service Module (OSM) interfaces.
You must enable data export globally to set up data export on your Cisco 7600 series router.
Examples This example shows how to set the QoS-statistics data-export field delimiter (a comma) and verify the
configuration:
Router(config)# mls qos statistics-export delimiter ,
Command Default The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
• port is 514.
• facility is local6.
• severity is debug.
Usage Guidelines QoS-statistics data export is not supported on Optical Service Module (OSM) interfaces.
Valid facility values are as follows:
• authorization—Security/authorization messages
• cron—Clock daemon
• daemon—System daemon
• kernel—Kernel messages
• local0—Local use 0
• local1—Local use 1
• local2—Local use 2
• local3—Local use 3
• local4—Local use 4
• local5—Local use 5
• local6—Local use 6
• local7—Local use 7
• lpr—Line printer subsystem
• mail—Mail system
• news—Network news subsystem
• syslog—Messages that are generated internally by syslogd
• user—User-level messages
• uucp—UNIX-to-UNIX Copy Program (UUCP) subsystem
Valid severity levels are as follows:
• alert—Action must be taken immediately
• critical—Critical conditions
• debug—Debug-level messages
• emergency—System is unusable
• error—Error conditions
• informational—Informational
• notice—Normal but significant conditions
• warning—Warning conditions
Examples This example shows how to specify the destination host address and syslog as the UDP port number:
Router(config)# mls qos statistics-export destination 172.20.52.3 syslog
Syntax Description interval Export time; valid values are from 30 to 65535 seconds.
Usage Guidelines QoS-statistics data export is not supported on Optical Services Module (OSM) interfaces.
The interval needs to be short enough to avoid counter wraparound with the activity in your
configuration.
Caution Be careful when decreasing the interval because exporting QoS statistics imposes a noticeable load on
the Cisco 7600 series router.
Examples This example shows how to set the QoS-statistics data-export interval:
Router(config)# mls qos statistics-export interval 250
Usage Guidelines The RSP720-10GE has both 10GE and 1GE uplink ports. You can configure the RSP720-10GE to run
QoS features on all uplink ports (mixed mode) or on 10GE ports only. The number of queues available
for QoS depends on which mode is used:
• In mixed mode (10GE and 1GE ports), the default, only four queues are available for QoS.
The QoS port architecture for fixed mode for 1GE ports is (Rx/Tx): 2q8t/1p3q8t.
• In 10GE only mode, eight queues are available for QoS.
The QoS port architecture for 10GE only mode is as follows (Rx/Tx):
– 8q8t/1p7q8t (CoS)
– 16q8t/1p15q8t (DSCP)
– 16q1t/1p15q1t (VLAN)
When you switch between mixed-mode QoS and 10GE only mode, service is temporarily lost on the
RSP720-10GE uplinks. In addition, when you switch between modes, any existing QoS configuration
on the uplinks is lost. You must reconfigure QoS.
When you switch from 10GE only to mixed-mode QoS, you must issue the no shutdown command on
each of the three 1GE ports to resume QoS service on those ports.
In 10GE only mode, the 1GE ports are visible but they remain in an administratively down state.
Note To obtain more information on queues, use the show queueing interface command.
Examples The following example shows how to configure the RSP720-10GE to run QoS on 10GE ports only:
Router(config)# mls qos supervisor 10g-only
The following ports will be shut to enable 10g-only mode:
Gix/1 Gix/2 Gix/3
The following example shows how in a redundant setup (High Availability), the 1GE uplink ports on
both supervisors are shut down even though the redundant links are not used:
Router(config)# mls qos supervisor 10g-only
The following ports will be shut to enable 10g-only mode:
Gi6/1 Gi6/2 Gi6/3 Gi5/1 Gi5/2 Gi5/3
Syntax Description cos (Optional) Classifies incoming packets that have packet CoS values. The CoS
bits in incoming frames are trusted. The internal DSCP value is derived from the
CoS bits. The port default CoS value should be used for untagged packets.
dscp (Optional) Classifies incoming packets that have packet DSCP values (the most
significant 6 bits of the 8-bit service-type field). The ToS bits in the incoming
packets contain the DSCP value. For non-IP packets, the packet CoS value is 0.
If you do not enter a keyword, mls qos trust dscp is assumed.
ip-precedence (Optional) Specifies that the ToS bits in the incoming packets contain an IP
precedence value. The internal DSCP value is derived from the IP-precedence
bits.
Command Default The defaults for LAN interfaces and WAN interfaces on the Optical Service Modules (OSMs) are as
follows:
• If you enable global QoS, the port is not trusted.
• If no keyword is specified or the global QoS is disabled, the default is dscp.
Usage Guidelines Packets the enter a quality of service (QoS) domain are classified at its edge. Because the packets are
classified at the edge, the switch port within the QoS domain can be configured to a trusted state. It is
not necessary to classify the packets at every switch within the domain. Use the mls qos trust command
to set the trusted state of an interface and to indicate which fields of the packet are used to classify traffic.
The following conditions apply to the mls qos trust command running on Cisco 7600 series routers:
• The cos keyword is not supported for pos or atm interface types.
• The trust state does not apply to FlexWAN modules.
• The trust state does not apply to 1q4t LAN ports except for Gigabit Ethernet ports.
• Incoming queue drop thresholds are not implemented when you enter the mls qos trust cos
command on 4-port Gigabit Ethernet WAN modules.
• The set qos-group command is used to set the trust state on Layer 2 WAN interfaces.
Note This command can be used only on Cisco 7600 Series Routers.
Examples The following example shows how to set the trusted state of an interface to IP precedence:
Router(config-if)# mls qos trust ip-precedence
Syntax Description cos value (Optional) Specifies the class of service (CoS) value that is used to remark the
packets from the PC; valid values are from 0 to 7.
Examples This example shows how to set the phone that is attached to the switch port in trust mode:
Router(config-if)# interface fastethernet5/1
Router(config-if)# mls qos trust extend
This example shows how to change the mode to untrusted and set the remark CoS value to 3:
Router(config-if)# interface fastethernet5/1
Router(config-if)# mls qos trust extend cos 3
This example shows how to set the configuration to the default mode:
Router(config-if)# interface fastethernet5/1
Router(config-if)# no mls qos trust extend
Usage Guidelines This command is supported on switch-port and port-channel interfaces only.
In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is
driven by the policy map that is attached to the corresponding VLAN interface.
You can configure per-VLAN QoS only on Layer 2 interfaces.
Note Layer 3 interfaces are always in interface-based mode. Layer 3 VLAN interfaces are always in
VLAN-based mode.
Examples This example shows how to enable per-VLAN QoS for a Layer 2 interface:
Router(config-if)# mls qos vlan-based
mpls experimental
To configure Multiprotocol Label Switching (MPLS) experimental (EXP) levels for a virtual circuit
(VC) class that can be assigned to a VC bundle and thus applied to all VC members of that bundle, use
the mpls experimental command in VC-class configuration mode. To remove the MPLS EXP levels
from the VC class, use the no form of this command.
To configure the MPLS EXP levels for a VC member of a bundle, use the mpls experimental command
in bundle-vc configuration mode. To remove the MPLS EXP levels from the VC, use the no form of this
command.
no mpls experimental
Syntax Description other (Optional) Specifies any MPLS EXP levels in the range from 0 to 7 that are
not explicitly configured. This is the default.
range (Optional) A single MPLS EXP level specified as a number from 0 to 7, or
a range of levels, specified as a hyphenated range.
Defaults Defaults to other, that is, any MPLS EXP levels in the range from 0 to 7 that are not explicitly
configured.
Usage Guidelines Assignment of MPLS EXP levels to VC bundle members allows you to create differentiated service
because you can distribute the MPLS EXP levels over the different VC bundle members. You can map
a single level or a range of levels to each discrete VC in the bundle, thereby enabling VCs in the bundle
to carry packets marked with different levels. Alternatively, you can configure a VC with the mpls
experimental other command to indicate that it can carry traffic marked with levels not specifically
configured for it. Only one VC in the bundle can be configured with the mpls experimental other
command to carry all levels not specified. This VC is considered the default one.
To use this command in VC-class configuration mode, enter the vc-class atm global configuration
command before you enter this command. This command has no effect if the VC class that contains the
command is attached to a standalone VC, that is, if the VC is not a bundle member.
To use this command to configure an individual bundle member in bundle-VC configuration mode, first
enter the bundle command to enact bundle configuration mode for the bundle to which you want to add
or modify the VC member to be configured. Then use the pvc-bundle command to specify the VC to be
created or modified and enter bundle-VC configuration mode.
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next highest MPLS EXP level):
• VC configuration in bundle-VC mode
• Bundle configuration in bundle mode (with the effect of assigned VC class configuration)
• Subinterface configuration in subinterface mode
Note If you are using an ATM interface, you must configure all MPLS EXP levels (ranging from 0 to 7) for
the bundle. For this configuration, Cisco recommends configuring one member of the bundle with the
mpls experimental other command. The other keyword defaults to any MPLS EXP level in a range
from 0 to 7 that is not explicitly configured.
Examples The following example configures a class named control-class that includes an mpls experimental
command that, when applied to a bundle, configures all VC members of that bundle to carry MPLS EXP
level 7 traffic. Note that VC members of that bundle can be individually configured with the mpls
experimental command at the bundle-vc level, which would supervene.
vc-class atm control-class
mpls experimental 7
The following example configures permanent virtual circuit (PVC) 401, named control-class, to carry
traffic with MPLS EXP levels in the range of 4 to 2, overriding the level mapping set for the VC through
VC-class configuration:
pvc-bundle control-class 401
mpls experimental 4-2
non-tcp
To enable non-Transmission-Control-Protocol (non-TCP) header compression within an IP Header
Compression (IPHC) profile, use the non-tcp command in IPHC-profile configuration mode. To disable
non-TCP header compression within an IPHC profile, use the no form of this command.
non-tcp
no non-tcp
Examples The following example shows how to configure an IPHC profile called profile2. In this example,
non-TCP header compression is configured.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# end
non-tcp contexts
To set the number of contexts available for non-Transmission-Control-Protocol (TCP) header
compression, use the non-tcp contexts command in IPHC-profile configuration mode. To remove the
number of previously configured contexts, use the no form of this command.
no non-tcp contexts
Syntax Description absolute Indicates that the maximum number of compressed non-TCP contexts will
be based on a fixed (absolute) number.
number-of-connections Number of non-TCP connections. Range is from 1 to 1000.
kbps-per-context Indicates that the maximum number of compressed non-TCP contexts will
be based on available bandwidth.
kbps Number of kbps to allow for each context. Range is from 1 to 100.
Command Default The non-tcp contexts command calculates the number of contexts on the basis of bandwidth and
allocates 4 kbps per context.
Usage Guidelines Use the non-tcp contexts command to set the number of contexts available for non-TCP header
compression. A context is the state that the compressor uses to compress a header and that the
decompressor uses to decompress a header. The context is the uncompressed version of the last header
sent and includes information used to compress and decompress the packet.
Examples The following is an example of an IPHC profile called profile2. In this example, the number of non-TCP
contexts has been set to 75.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp contexts absolute 75
Router(config-iphcp)# end
oam-bundle
To enable end-to-end F5 Operation, Administration, and Maintenance (OAM) loopback cell generation
and OAM management for all virtual circuit (VC) members of a bundle or a VC class that can be applied
to a VC bundle, use the oam-bundle command in SVC-bundle configuration mode or VC-class
configuration mode. To remove OAM management from the bundle or class configuration, use the no
form of this command.
To enable end-to-end F5 OAM loopback cell generation and OAM management for all VC members of
a bundle, use the oam-bundle command in bundle configuration mode. To remove OAM management
from the bundle, use the no form of this command.
Syntax Description manage (Optional) Enables OAM management. If this keyword is omitted, loopback
cells are sent, but the bundle is not managed.
frequency (Optional) Number of seconds between transmitted OAM loopback cells.
Values range from 0 to 600 seconds. The default value for the frequency
argument is 10 seconds.
Command Default End-to-end F5 OAM loopback cell generation and OAM management are disabled, but if OAM cells are
received, they are looped back.
Usage Guidelines This command defines whether a VC bundle is OAM managed. If this command is configured for a
bundle, every VC member of the bundle is OAM managed. If OAM management is enabled, further
control of OAM management is configured using the oam retry command.
This command has no effect if the VC class that contains the command is attached to a standalone VC;
that is, if the VC is not a bundle member. In this case, the attributes are ignored by the VC.
To use this command in VC-class configuration mode, first enter the vc-class atm global configuration
command.
To use this command in bundle configuration mode, first enter the bundle subinterface configuration
command to create the bundle or to specify an existing bundle.
VCs in a VC bundle are subject to the following configuration inheritance rules (listed in order of
next-highest precedence):
• VC configuration in bundle-VC mode
• Bundle configuration in bundle mode (with the effect of assigned VC-class configuration)
Examples The following example enables OAM management for a bundle called “bundle 1”:
bundle bundle1
oam-bundle manage
Usage Guidelines This command is supported on Optical Services Modules (OSMs) only.
802.1Q transparency allows a service provider to modify the Multiprotcol Label Switching Experimental
bits (MPLS EXP) bits for core-based QoS policies while leaving any Virtual Private LAN Service
(VPLS) customer 802.1p bits unchanged.
With releases before Cisco IOS Release 12.2(18)SXF1, application of a service policy to a VLAN
interface that matches all and sets the MPLS EXP bits had an effect on both the Interior Gateway
Protocol (IGP) label and the VC label. Because the 802.1p bits were rewritten on the egress Provider
Edge (PE) based on the received Virtual Circuit (VC) MPLS EXP bits, the VPLS customer’s 802.1p bits
were changed.
The Dot1q Transparency for EoMPLS feature causes the VLAN-applied policy to affect only the IGP
label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the
802.1p bits are still rewritten based on the received VC EXP bits; however, because the EXP bits now
match the ingress 802.1p bits, a VPLS customer’s 802.1p bits do not change.
Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI)
EoMPLS VCs configured on the Cisco 7600 series routers.
To ensure interoperability, apply the Dot1q Transparency for EoMPLS feature to all participating PE
routers.
police
To configure traffic policing, use the police command in policy-map class configuration mode or
policy-map class police configuration mode. To remove traffic policing from the configuration, use the
no form of this command.
Syntax Description bps Average rate, in bits per second. Valid values are 8000 to 200000000.
burst-normal (Optional) Normal burst size in bytes. Valid values are 1000 to 51200000.
Default normal burst size is 1500.
burst-max (Optional) Maximum burst size, in bytes. Valid values are 1000 to 51200000.
Default varies by platform.
conform-action Specifies action to take on packets that conform to the rate limit.
exceed-action Specifies action to take on packets that exceed the rate limit.
violate-action (Optional) Specifies action to take on packets that violate the normal and
maximum burst sizes.
Command Modes Policy-map class configuration (config-pmap-c) when specifying a single action to be applied to a
marked packet
Policy-map class police configuration (config-pmap-c-police) when specifying multiple actions to be
applied to a marked packet
Usage Guidelines Use the police command to mark a packet with different quality of service (QoS) values based on
conformance to the service-level agreement.
Traffic policing will not be executed for traffic that passes through an interface.
Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router
The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to
support marking of the inner CoS value as a policing action when using MPB features on the Enhanced
FlexWAN module and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600
SIP-400 on the Cisco 7600 series router.
This command is not supported on the Cisco 7600 SIP-600.
For more information about QoS and the forms of police commands supported by the SIPs on the
Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the token bucket ((0.25 * 8000)/8),
leaving 800 bytes in the token bucket. If the next packet is 900 bytes, the packet exceeds and the exceed
action (drop) is taken. No bytes are taken from the token bucket.
In this example, the initial token buckets starts full at 1000 bytes. If a 450-byte packet arrives, the packet
conforms because enough bytes are available in the conform token bucket. The conform action (send) is
taken by the packet, and 450 bytes are removed from the conform token bucket (leaving 550 bytes).
If the next packet arrives 0.25 seconds later, 250 bytes are added to the conform token bucket
((0.25 * 8000)/8), leaving 800 bytes in the conform token bucket. If the next packet is 900 bytes, the
packet does not conform because only 800 bytes are available in the conform token bucket.
The exceed token bucket, which starts full at 1000 bytes (as specified by the excess burst size), is then
checked for available bytes. Because enough bytes are available in the exceed token bucket, the exceed
action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving
100 bytes in the exceed token bucket).
If the next packet arrives 0.40 seconds later, 400 bytes are added to the token buckets ((.40 * 8000)/8).
Therefore, the conform token bucket now has 1000 bytes (the maximum number of tokens available in
the conform bucket) and 200 bytes overflow the conform token bucket (because only 200 bytes were
needed to fill the conform token bucket to capacity). These overflow bytes are placed in the exceed token
bucket, giving the exceed token bucket 300 bytes.
If the arriving packet is 1000 bytes, the packet conforms because enough bytes are available in the
conform token bucket. The conform action (transmit) is taken by the packet, and 1000 bytes are removed
from the conform token bucket (leaving 0 bytes).
If the next packet arrives 0.20 seconds later, 200 bytes are added to the token bucket ((.20 * 8000)/8).
Therefore, the conform bucket now has 200 bytes. If the arriving packet is 400 bytes, the packet does not
conform because only 200 bytes are available in the conform bucket. Similarly, the packet does not
exceed because only 300 bytes are available in the exceed bucket. Therefore, the packet violates and the
violate action (drop) is taken.
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example
The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN)
100 into a class named “vlan-inner-100” and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to an average rate of 500 kbps, with a normal burst of 1000 bytes
and a maximum burst of 1500 bytes, and sets the inner CoS value to 3. Since setting of the inner CoS
value is supported only with bridging features, the configuration also shows the service policy being
applied as an output policy for an ATM SPA interface permanent virtual circuit (PVC) that bridges traffic
into VLAN 100 using the bridge-domain command.
Router(config)# class-map match-all vlan-inner-100
Router(config-cmap)# match vlan inner 100
Router(config-cmap)# exit
Router(config)# policy-map vlan-inner-100
Router(config-pmap)# class vlan-inner-100
Router(config-pmap-c)# police 500000 1000 1500 conform-action set-cos-inner-transmit 3
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface atm3/0/0
Router(config-if)# pvc 100/100
Router(config-if-atm-vc)# bridge-domain 100 dot1q
Router(config-if-atm-vc)# service-policy output vlan-inner-100
Router(config-if-atm-vc)# end
police (EtherSwitch)
To define a policer for classified traffic, use the police command in policy-map class configuration
mode. To remove an existing policer, use the no form of this command.
police {bps | cir bps} [burst-byte | bc burst-byte] conform-action transmit [exceed-action {drop
| dscp dscp-value}]
Syntax Description bps | cir bps Average traffic rate or committed information rate (CIR) in bits per
second (bps).
For 10/100 ports, the range is 1000000 to 100000000, and the granularity
is 1 Mbps.
For Gigabit-capable Ethernet ports, the range is 8000000 to 1016000000,
and the granularity is 8 Mbps.
burst-byte | bc burst-byte (Optional) Normal burst size or burst count in bytes.
conform-action transmit Sends packets that conform to the rate limit.
exceed-action drop (Optional) When the specified rate is exceeded, specifies that the switch
drops the packet.
exceed-action dscp (Optional) When the specified rate is exceeded, specifies that the switch
dscp-value changes the differentiated services code point (DSCP) of the packet to the
specified dscp-value and then sends the packet.
Usage Guidelines You can configure up to six policers on ingress Fast Ethernet ports.
You can configure up to 60 policers on ingress Gigabit-capable Ethernet ports.
Policers cannot be configured on egress Fast Ethernet and Gigabit-capable Ethernet ports.
To return to policy-map configuration mode, use the exit command. To return to privileged EXEC mode,
use the end command.
Use the show policy-map command to verify your settings.
Examples The following example shows how to configure a policer that sets the DSCP value to 46 if traffic does
not exceed a 1-Mbps average rate with a burst size of 65536 bytes and drops packets if traffic exceeds
these conditions:
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# set ip dscp 46
Router(config-pmap-c)# police 1000000 65536 conform-action transmit exceed-action drop
Router(config-pmap-c)# end
police (percent)
To configure traffic policing on the basis of a percentage of bandwidth available on an interface, use the
police command in QoS policy-map class configuration mode. To remove traffic policing from the
configuration, use the no form of this command.
police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be
peak-burst-in-msec ms] [conform-action action] [exceed-action action]
[violate-action action]
no police cir percent percent [burst-in-msec] [bc conform-burst-in-msec ms] [pir percent] [be
peak-burst-in-msec ms] [conform-action action] [exceed-action action]
[violate-action action]
Syntax Description cir Committed information rate. Indicates that the CIR will be used for policing
traffic.
percent Specifies that a percentage of bandwidth will be used for calculating the
CIR.
percentage Specifies the bandwidth percentage. Valid range is a number from 1 to 100.
burst-in-msec (Optional) Burst in milliseconds. Valid range is a number from 1 to 2000.
bc (Optional) Conform burst (bc) size used by the first token bucket for policing
traffic.
conform-burst-in-msec (Optional) Specifies the bc value in milliseconds. Valid range is a number
from 1 to 2000.
ms (Optional) Indicates that the burst value is specified in milliseconds.
be (Optional) Peak burst (be) size used by the second token bucket for policing
traffic.
peak-burst-in-msec (Optional) Specifies the be size in milliseconds. Valid range is a number
from 1 to 2000.
pir (Optional) Peak information rate. Indicates that the PIR will be used for
policing traffic.
percent (Optional) Specifies that a percentage of bandwidth will be used for
calculating the PIR.
conform-action (Optional) Action to take on packets whose rate is less than the conform
burst. You must specify a value for peak-burst-in-msec before you specify
the conform-action.
exceed-action (Optional) Action to take on packets whose rate is within the conform and
conform plus exceed burst.
violate-action (Optional) Action to take on packets whose rate exceeds the conform plus
exceed burst. You must specify the exceed-action before you specify the
violate-action.
action (Optional) Action to take on packets. Specify one of the following keywords:
Usage Guidelines This command calculates the cir and pir on the basis of a percentage of the maximum amount of
bandwidth available on the interface. When a policy map is attached to the interface, the equivalent cir
and pir values in bits per second (bps) are calculated on the basis of the interface bandwidth and the
percent value entered with this command. The show policy-map interface command can then be used
to verify the bps rate calculated.
The calculated cir and pir bps rates must be in the range of 8000 and 2000000000 bps. If the rates are
outside this range, the associated policy map cannot be attached to the interface. If the interface
bandwidth changes (for example, more is added), the bps values of the cir and the pir are recalculated
on the basis of the revised amount of bandwidth. If the cir and pir percentages are changed after the
policy map is attached to the interface, the bps values of the cir and pir are recalculated.
the next higher level (in this case, the physical interface, the highest point in the hierarchy) as the
reference point. The police (percent) command always looks to the next higher level for the bandwidth
reference point. The following sample configuration illustrates this point:
Policymap parent_policy
class parent
shape average 512000
service-policy child_policy
Policymap child_policy
class normal_type
police cir percent 30
In this sample configuration, there are two hierarchical policies: one called parent_policy and one called
child_policy. In the policy map called child_policy, the police command has been configured in the class
called normal_type. In this class, the percentage specified by for the police (percent) command is
30 percent. The command will use 512 kbps, the peak rate, as the bandwidth reference point for class
parent in the parent_policy. The police (percent) command will use 512 kbps as the basis for calculating
the cir rate (512 kbps * 30 percent).
interface serial 4/0
service-policy output parent_policy
Policymap parent_policy
class parent
bandwidth 512
service-policy child_policy
In the above example, there is one policy map called parent_policy. In this policy map, a peak rate has
not been specified. The bandwidth command has been used, but this command does not represent the
maximum rate of bandwidth available. Therefore, the police (percent) command will look to the next
higher level (in this case serial interface 4/0) to get the bandwidth reference point. Assuming the
bandwidth of serial interface 4/0 is 1.5 Mbps, the police (percent) command will use 1.5 Mbps as the
basis for calculating the cir rate (1500000 * 30 percent).
Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router
The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to
support marking of the inner CoS value as a policing action when using MPB features on the Enhanced
FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600
SIP-400 on the Cisco 7600 series router.
Examples The following example shows how to configure traffic policing using a CIR and a PIR on the basis of a
percentage of bandwidth. In this example, a CIR of 20 percent and a PIR of 40 percent have been
specified. Additionally, an optional bc value and be value (300 ms and 400 ms, respectively) have been
specified.
Router> enable
Router# configure terminal
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40
Router(config-pmap-c-police)# exit
After the policy map and class maps are configured, the policy map is attached to an interface as shown
in the following example:
Router> enable
Router# configure terminal
Router(config)# interface serial4/0
Router(config-if)# service-policy input policy1
Router(config-if)# exit
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router
The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN)
100 into a class named vlan-inner-100 and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to a CIR of 20 percent and a PIR of 40 percent, with a conform
burst (bc) of 300 ms, and peak burst (be) of 400 ms, and sets the inner CoS value to 3. Because setting
of the inner CoS value is only supported with bridging features, the configuration also shows the service
policy being applied as an output policy for an ATM shared port adapter (SPA) interface permanent
virtual circuit (PVC) that bridges traffic into VLAN 100 using the bridge-domain command.
Router(config)# class-map match-all vlan-inner-100
Router(config-cmap)# match vlan inner 100
Router(config-cmap)# exit
Router(config)# policy-map vlan-inner-100
Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40
conform-action set-cos-inner-transmit 3
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface atm3/0/0
Router(config-if)# pvc 100/100
Router(config-if-atm-vc)# bridge-domain 100 dot1q
Router(config-if-atm-vc)# service-policy output vlan-inner-100
Router(config-if)# end
and excess bursts of 1 ms. The router transmits Voice traffic that conforms to the committed rate, sets
the QoS transmit value to 4 for Voice traffic that exceeds the burst sizes, and drops Voice traffic that
violates the committed rate.
Router(config)# policy-map New-Traffic
Router(config-pmap)# class Voice
Router(config-pmap-c)# priority
Router(config-pmap-c)# queue-limit 32
Router(config-pmap-c)# police percent 25 4 ms 1 ms conform-action transmit exceed-action
set-qos-transmit 4 violate-action drop
police
The police command syntax is described in the Cisco IOS Quality of Service Solutions Command
Reference.
police aggregate
policy-map name
no policy-map name
police flow
police flow mask {dest-only | full-flow | src-only} bps [burst-normal | conform-action action]
no police flow mask {dest-only | full-flow | src-only} bps [burst-normal | conform-action action]
Syntax Description aggregate name Specifies a previously defined aggregate policer name and configures the
policy-map class to use the specified aggregate policer.
policy-map name Creates the named Quality of Service (QoS) policy map.
flow Specifies a microflow policer that will police each flow.
bps Average rate, in bits per second. Valid values are from 8000 to
10000000000.
burst-normal (Optional) Committed information rate (CIR) token-bucket size, in bytes.
Valid range is from 1000 to 31250000.
conform-action action (Optional) Action to take on packets that conform to the rate limit. See the
“Usage Guidelines” section for valid values.
mask Specifies the flow mask to be used for policing.
dest-only Specifies the destination-only flow mask.
full-flow Specifies the full-flow mask.
src-only Specifies the source-only flow mask.
Usage Guidelines The valid values for the bps argument are from 8000 to 10000000000. The exception is that in
Release 12.2(17d)SXB3, valid values for the FlexWAN interfaces only are from 8000 to 4000000000
bps.
Use the mls qos aggregate-policer policer-name command to create a named aggregate policer.
You can create two types of aggregate policers: named and per-interface. Both types can be attached to
more than one port as follows:
• You create named aggregate policers using the mls qos aggregate-policer command. If you attach
a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress
ports to which it is attached.
• You define per-interface aggregate policers in a policy-map class using the police command. If you
attach a per-interface aggregate policer to multiple ingress ports, it polices the matched traffic on
each ingress port separately.
The burst-normal argument sets the CIR token bucket size.
Use the no police aggregate aggregate-name command to clear the use of the named aggregate policer.
You can enter the police flow command to define a microflow policer (you cannot apply microflow
policing to ARP traffic).
You can enter the police command to define per-interface aggregate policers.
If the traffic is both aggregate and microflow policed, the aggregate and the microflow policers must both
be in the same policy-map class and each must use the same conform-action and exceed-action
keyword.
Additional Values
The valid values for the action argument are:
• drop—Drops packets that do not exceed the bps rate.
• set-clp-transmit—Sets and sends the ATM cell loss priority (CLP).
• set-dscp-transmit {dscp-bit-pattern | dscp-value | default | ef}—Marks the matched traffic with a
new DSCP value.
– dscp-bit-pattern—Specifies a DSCP bit pattern. Valid values are listed in Table 25.
– dscp-value—Specifies a DSCP value. Valid values are from 0 to 63.
– default—Matches packets with default DSCP value (000000).
– ef—Matches packets with the EF DSCP value (101110).
Keyword Definition
af11 Matches packets with AF11 DSCP (001010).
af12 Matches packets with AF12 DSCP (001100).
af13 Matches packets with AF13 DSCP (001110).
af21 Matches packets with AF21 DSCP (010010).
af22 Matches packets with AF22 DSCP (010100).
af23 Matches packets with AF23 DSCP (010110).
af31 Matches packets with AF31 DSCP (011010).
af32 Matches packets with AF32 DSCP (011100).
af33 Matches packets with AF33 DSCP (011110).
af41 Matches packets with AF41 DSCP (100010).
af42 Matches packets with AF42 DSCP (100100).
af43 Matches packets with AF43 DSCP (100110).
cs1 Matches packets with CS1 (precedence 1) DSCP (001000).
cs2 Matches packets with CS2 (precedence 2) DSCP (010000).
cs3 Matches packets with CS3 (precedence 3) DSCP (011000).
cs4 Matches packets with CS4 (precedence 4) DSCP (100000).
cs5 Matches packets with CS5 (precedence 5) DSCP (101000).
cs6 Matches packets with CS6 (precedence 6) DSCP (110000).
cs7 Matches packets with CS7 (precedence 7) DSCP (111000).
• set-frde-transmit—Sets and sends the Frame Relay discard eligible (FR DE). Valid value is
exceed-action.
• set-mpls-exp-imposition-transmit new-mpls-exp—Rewrites the MPLS experimental bits on
imposed label entries and transmits the bits. The new-mpls-exp argument specifies the value used to
set the MPLS EXP bits that are defined by the policy map. Valid values for new-mpls-exp are from
0 to 7.
• set-mpls-exp-topmost-transmit—Sets experimental (exp) bits on the topmost label and sends the
packet. Valid range is 0 to 7.
• set-prec-transmit new-precedence [exceed-action]—Marks the matched traffic with a new
IP-precedence value and transmits it. Valid values for new-precedence are from 0 to 7. Optionally,
you may also enter exceed-action.
• set-qos-transmit—Rewrites qos-group and sends the packet.
• transmit—Transmits the packets that do not exceed the bps rate. The optional keyword for transmit
is exceed-action action.
• exceed-action action and violate-action action—Two additional actions, exceed-action and
violate-action, appear as subcommands under police (policy map). The former specifies the action
to be taken when the bps rate has been exceeded. The latter specifies action to be taken when the
bps rate is greater than the burst-max rate. Both have the following valid values:
– drop—Drops packets that do not exceed the bps rate.
– policed-dscp-transmit—Causes all the out-of-profile traffic to be marked down as specified in
the markdown map.
– transmit—Transmits the packets that do not exceed the bps rate. The optional keyword for
transmit is exceed-action action.
Examples This example shows how to specify a previously defined aggregate-policer name and configures the
policy-map class to use the specified aggregate policer:
Router(config-pmap-c)# police aggregate agg1
This example shows how to create a policy map named police-setting that uses the class map
access-match, which is configured to trust received IP-precedence values and is configured with a
maximum-capacity aggregate policer and a microflow policer:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# policy-map police-setting
Router(config-pmap)# class access-match
Router(config-pmap-c)# trust ip-precedence
Router(config-pmap-c)# police 1000000000 200000 conform-action set-prec-transmit 6
exceed-action policed-dscp-transmit
Router(config-pmap-c)# police flow 10000000 10000 conform-action set-prec-transmit 6
exceed-action policed-dscp-transmit
Router(config-pmap-c)# exit
Command Description
show policy-map Displays information about the policy map.
show policy-map Displays the statistics and the configurations of the input and output
interface policies that are attached to an interface.
0\
police cir cir [bc conform-burst] [pir pir] [be peak-burst] [conform-action action [exceed-action
action [violate-action action]]]
no police cir
Syntax Description cir Committed information rate (CIR) at which the first token bucket is updated.
cir Specifies the CIR value in bits per second. The value is a number from 8000
to 200000000.
bc (Optional) Conform burst (bc) size used by the first token bucket for policing.
conform-burst (Optional) Specifies the bc value in bytes. The value is a number from 1000
to 51200000.
pir (Optional) Peak information rate (PIR) at which the second token bucket is
updated.
pir (Optional) Specifies the PIR value in bits per second. The value is a number
from 8000 to 200000000.
be (Optional) Peak burst (be) size used by the second token bucket for policing.
peak-burst (Optional) Specifies the peak burst (be) size in bytes. The size varies
according to the interface and platform in use.
conform-action (Optional) Action to take on packets that conform to the CIR and PIR.
exceed-action (Optional) Action to take on packets that conform to the PIR but not the CIR.
Release Modification
12.2(2)T The following keywords for the action argument were added:
• set-clp-transmit
• set-frde-transmit
• set-mpls-exp-transmit
12.2(4)T This command expanded for the Two-Rate Policing feature. The cir and pir
keywords were added to accommodate two-rate traffic policing.
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB, and the
set-dscp-tunnel-transmit and set-prec-tunnel-transmit keywords for the action
argument were added. These keywords are intended for marking Layer 2 Tunnel
Protocol Version 3 (L2TPv3) tunneled packets.
12.2(33)SRA The set-cos-inner-transmit keyword for the action argument was added when
using multipoint bridging (MPB) features on the Enhanced FlexWAN module, and
when using MPB on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on
the Cisco 7600 series router.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support in a
specific 12.2SX release of this train depends on your feature set, platform, and
platform hardware.
12.2(33)SRC This command was modified to support the Cisco 7600 series router equipped with
a Cisco Multilayer Switch Feature Card 3 (MSFC3).
12.4(15)T2 This command was modified to include support for marking Generic Routing
Encapsulation (GRE) tunneled packets.
Note For this release, marking GRE-tunneled packets is supported only on
platforms equipped with a Cisco MGX Route Processor Module (RPM-XF).
12.2(33)SB This command was modified to include support for marking GRE-tunneled packets,
and support for the Cisco 7300 series router was added.
12.4(20)T Support was added for hierarchical queueing framework (HQF) using the Modular
Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
Token Buckets
Two-rate traffic policing uses two token buckets—Tc and Tp—for policing traffic at two independent
rates. Note the following points about the two token buckets:
• The Tc token bucket is updated at the CIR value each time a packet arrives at the two-rate policer.
The Tc token bucket can contain up to the confirm burst (Bc) value.
• The Tp token bucket is updated at the PIR value each time a packet arrives at the two-rate policer.
The Tp token bucket can contain up to the peak burst (Be) value.
Marking Traffic
The two-rate policer marks packets as either conforming, exceeding, or violating a specified rate. The
following points (using a packet of B bytes) illustrate how a packet is marked:
• If B > Tp(t), the packet is marked as violating the specified rate.
• If B > Tc(t), the packet is marked as exceeding the specified rate, and the Tp(t) token bucket is
updated as Tp(t) = Tp(t) – B.
Otherwise, the packet is marked as conforming to the specified rate, and both token buckets—Tc(t) and
Tp(t)—are updated as follows:
Tp(t) = Tp(t) – B
Tc(t) = Tc(t) – B
For example, if the CIR is 100 kbps, the PIR is 200 kbps, and a data stream with a rate of 250 kbps arrives
at the two-rate policer, the packet would be marked as follows:
• 100 kbps would be marked as conforming to the rate.
• 100 kbps would be marked as exceeding the rate.
• 50 kbps would be marked as violating the rate.
Figure 4 Marking Packets and Assigning Actions with the Two-Rate Policer
PIR CIR
Be Bc
No No
B > Tp B > Tc
Packet of size B
Yes Yes
60515
Action Action Action
Using the set-cos-inner-transmit Action for SIPs and SPAs on the Cisco 7600 Series Router
The set-cos-inner-transmit keyword action was introduced in Cisco IOS Release 12.2(33)SRA to
support marking of the inner CoS value as a policing action when using MPB features on the Enhanced
FlexWAN module, and when using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600
SIP-400 on the Cisco 7600 series router.
This command is not supported on the Cisco 7600 SIP-600.
For more information about QoS and the forms of police commands supported by the SIPs on the
Cisco 7600 series router, see the Cisco 7600 Series SIP, SSC, and SPA Software Configuration Guide.
Two-Rate Policing
In the following example, two-rate traffic policing is configured on a class to limit traffic to an average
committed rate of 500 kbps and a peak rate of 1 Mbps:
Router(config)# class-map police
Router(config-cmap)# match access-group 101
Router(config-cmap)# policy-map policy1
Router(config-pmap)# class police
Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
transmit exceed-action set-prec-transmit 2 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface serial3/0
Router(config-if)# service-policy output policy1
Router(config-if)# end
Router# show policy-map policy1
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked
as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent.
All traffic marked as exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.
In the following example, 1.25 Mbps of traffic is sent (“offered”) to a policer class:
Router# show policy-map interface serial3/0
Serial3/0
The two-rate policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and
250 kbps of traffic as violating the specified rate. Packets marked as conforming to the rate will be sent
as is, and packets marked as exceeding the rate will be marked with IP Precedence 2 and then sent.
Packets marked as violating the rate are dropped.
Setting the Inner CoS Value as an Action for SIPs and SPAs on the Cisco 7600 Series Router: Example
The following example shows configuration of a QoS class that filters all traffic for virtual LAN (VLAN)
100 into a class named “vlan-inner-100,” and establishes a traffic shaping policy for the vlan-inner-100
class. The service policy limits traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps
and sets the inner CoS value to 3. Since setting of the inner CoS value is only supported with bridging
features, the configuration also shows the service policy being applied as an output policy for an ATM
SPA interface permanent virtual circuit (PVC) that bridges traffic into VLAN 100 using the
bridge-domain command.
Router(config)# class-map match-all vlan-inner-100
Router(config-cmap)# match vlan inner 100
Router(config-cmap)# exit
Router(config)# policy-map vlan-inner-100
Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
set-cos-inner-transmit 3
Router(config-pmap-c)# exit
Router(config-pmap)# exit
police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps]
[peak-burst peak-burst-in-packets packets] [conform-action action]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst
peak-burst-in-packets packets] [conform-action action]
police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps]
[peak-burst peak-burst-in-packets packets]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [pack-burst
peak-burst-in-packets packets]
police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst
peak-burst-in-bytes bytes]
no police rate units bps [burst burst-in-bytes bytes] [peak-rate peak-rate-in-bps bps] [peak-burst
peak-burst-in-bytes bytes]
police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst ms ms]
no police rate percent percentage [burst ms ms] [peak-rate percent percentage] [peak-burst
ms ms]
police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps]
[peak-burst peak-burst-in-packets packets] [conform-action action [exceed-action action]
[violate-action action]
no police rate units pps [burst burst-in-packets packets] [peak-rate peak-rate-in-pps pps] [peak-burst
peak-burst-in-packets packets] [conform-action action] [exceed-action action] [violate-action
action]
Syntax Description units Specifies the police rate. If the police rate is specified in pps, the valid
range of values is:
• Cisco 10000 series router—Valid range is 1 to 500000
• Other platforms—Valid range is 1 to 2000000
If the police rate is specified in bps, the valid range of values is 8000 to
10000000000.
pps Specifies that packets per seconds (pps) will be used to determine the
rate at which traffic is policed.
burst burst-in-packets (Optional) Specifies the burst rate, in packets, will be used for policing
packets traffic. Valid range of values are:
• Cisco 10000 series router—Valid range is 1 to 25000
• Other platforms—Valid range is 1 to 512000
peak-rate peak-rate-in-pps (Optional) Specifies the peak information rate (PIR) will be used for
pps policing traffic and calculating the PIR. Valid range of values are:
• Cisco 10000 series router—Valid range is 1 to 500000
• Other platforms—Valid range is 1 to 512000
peak-burst (Optional) Specifies the peak burst value, in packets, will be used for
peak-burst-in-packets policing traffic. Valid range of values are:
packets
• Cisco 10000 series router—Valid range is 1 to 25000
• Other platforms—Valid range is 1 to 512000
bps (Optional) Specifies that bits per second (bps) will be used to determine
the rate at which traffic is policed.
burst burst-in-bytes bytes (Optional) Specifies the burst rate, in bytes, will be used for policing
traffic. Valid range is from 1000 to 512000000.
peak-rate peak-rate-in-bps (Optional) Specifies the peak burst value, in bytes, for the peak rate.
bps Valid range is from 1000 to 512000000.
peak-burst (Optional) Specifies the peak burst value, in bytes, will be used for
peak-burst-in-bytes bytes policing traffic. Valid range is from 1000 to 512000000.
percent A percentage of interface bandwidth will be used to determine the rate at
which traffic is policed.
percentage Specifies the bandwidth percentage. Valid range is from 1 to 100.
burst ms ms (Optional) Specifies the burst rate, in milliseconds, will be used for
policing traffic. Valid range is from 1 to 2000.
peak-rate percent (Optional) Specifies a percentage of interface bandwidth will be used to
percentage determine the PIR. Valid range is from 1 to 100.
peak-burst ms ms (Optional) Specifies the peak burst rate, in milliseconds, will be used for
policing traffic. Valid range is from 1 to 2000.
conform-action action (Optional) Specifies the action to take on packets that conform to the
police rate limit. See the “Usage Guidelines” section for the actions you
can specify.
exceed-action action (Optional) Specifies the action to take on packets that exceed the rate
limit. See the “Usage Guidelines” section for the actions you can specify.
violate-action action (Optional) Specifies the action to take on packets that continuously
exceed the police rate limit. See the “Usage Guidelines” section for the
actions you can specify.
Usage Guidelines Use the police rate command to limit traffic that is destined for the control plane on the basis of packets
per second (pps), bytes per seconds (bps), or a percentage of interface bandwidth.
If the police rate command is issued, but the a rate is not specified, traffic that is destined for the control
plane will be policed on the basis of bps.
Table 26 lists the actions you can specify for the action argument.
Action Description
drop Drops the packet. This is the default action for traffic that
exceeds or violates the committed police rate.
set-clp-transmit value Sets the ATM Cell Loss Priority (CLP) bit on the ATM cell.
Valid values are 0 or 1.
set-discard-class-transmit value Sets the discard class attribute of a packet and transmits the
packet with the new discard class setting. Valid values are
from 0 to 7.
set-dscp-transmit value Sets the IP differentiated services code point (DSCP) value
and transmits the packet with the new IP DSCP value setting.
Valid values are from 0 to 63.
set-dscp-tunnel-transmit value Rewrites the tunnel packet DSCP and transmits the packet
with the new tunnel DSCP value. Valid values are from 0 to
63.
Action Description
set-frde-transmit value Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1
on the Frame Relay frame and transmits the packet with the
DE bit set to 1.
set-mpls-exp-imposition-transmit Sets the Multiprotocol Label Switching (MPLS)
value experimental (EXP) bits in the imposed label headers and
transmits the packet with the new MPLS EXP bit value
setting. Valid values are from 0 to 7.
set-mpls-exp-transmit value Sets the MPLS EXP field value in the MPLS label header at
the input interface, output interface, or both. Valid values are
from 0 to 7.
set-prec-transmit value Sets the IP precedence and transmits the packet with the new
IP precedence value. Valid values are from 0 to 7.
set-prec-tunnel-transmit value Sets the tunnel packet IP precedence and transmits the packet
with the new IP precedence value. Valid values are from 0 to
7.
set-qos-transmit value Sets the QoS group and transmits the packet with the new
QoS group value. Valid values are from 0 to 63.
transmit Transmits the packet. The packet is not altered.
Examples The following example shows how to configure the action to take on packets that conform to the police
rate limit:
Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
Router(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
Router(config)# access-list 140 permit tcp any any eq telnet
Router(config)# class-map match-any pps-1
Router(config-cmap)# match access-group 140
Router(config-cmap)# exit
Router(config)# policy-map copp-pps
Router(config-pmap)# class pps-1
Router(config-pmap)# police rate 10000 pps burst 100 packets peak-rate 10100 pps
peak-burst 150 packets conform-action transmit
Router(config-cmap)# exit
Router(config)# control-plane
Router(config-cp)# service-policy input copp-pps
Router(config-cp)# exit
police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action
exceed-action action [violate-action action]
no police rate pdp [burst bytes] [peak-rate pdp [peak-burst bytes]] conform-action action
exceed-action action [violate-action action]
Syntax Description burst bytes (Optional) Committed burst size, in bytes. The size varies according to the
interface and platform in use. Valid rage is 1000 to 512000000. Default
is 1500.
peak-rate pdp (Optional) Specifies that the peak rate of sessions be considered when PDP
traffic is policed.
peak-burst bytes (Optional) Peak burst size, in bytes. The size varies according to the interface
and platform in use. Valid range is 1000 to 512000000. Default is 2500.
conform-action Action to take on packets when the rate is less than the conform burst.
exceed-action Action to take on packets when the rate exceeds the conform burst.
violate-action (Optional) Action to take on packets when the rate violates the conform burst.
action Action to take on packets. Specify one of the following keywords:
• drop—Drops the packet.
• set-dscp-transmit new-dscp-value—Sets the IP differentiated services
code point (DSCP) value and sends the packet with the new IP DSCP
value.
• set-prec-transmit new-prec-value—Sets the IP precedence and sends
the packet with the new IP precedence value.
• transmit—Sends the packet with no alteration.
Usage Guidelines The police rate pdp command is included with the Flow-Based QoS for GGSN feature available with
Cisco IOS Release 12.4(9)T.
The Flow-Based QoS for GGSN feature is designed specifically for the Gateway General Packet Radio
Service (GPRS) Support Node (GGSN).
Per-PDP Policing
The Flow-Based QoS for GGSN feature includes per-PDP policing (session-based policing).
Per-PDP policing is a gateway GPRS support node traffic conditioner (3G TS 23.107) function that can
be used to limit the maximum rate of traffic received on the Gi interface for a particular PDP context.
The policing function enforces the call admission control (CAC)-negotiated data rates for a PDP context.
The GGSN can be configured to either drop nonconforming traffic or mark nonconforming traffic for
preferential dropping if congestion should occur.
The policing parameters used depend on the PDP context, such as the following:
• For GTPv1 PDPs with R99 quality of service (QoS) profiles, the maximum bit rate (MBR) and
guaranteed bit rate (GBR) parameters from the CAC-negotiated QoS profile are used. For nonreal
time traffic, only the MBR parameter is used.
• For GTPv1 PDPs with R98 QoS profiles and GTPv0 PDPs, the peak throughput parameter from the
CAC-negotiated QoS policy is used.
Before configuring per-PDP policing, note the following points:
• Universal Mobile Telecommunications System (UMTS) QoS mapping must be enabled on the
GGSN.
• Cisco Express Forwarding (CEF) must be enabled on the Gi interface.
• Per-PDP policing is supported for downlink traffic at the Gi interface only.
• The initial packets of a PDP context are not policed.
• Hierarchical policing is not supported.
• If flow-based policing is configured in a policy map that is attached to an Access Point Network
(APN), the show policy-map apn command displays the total number of packets received before
policing and does not display the policing counters.
Note To clear policing counters displayed by the show policy-map apn command, use the clear
gprs access-point statistics access-point-index command.
• A service policy that has been applied to an APN cannot be modified. To modify a service policy,
remove the service policy from the APN, modify it, and then reapply the service policy.
• Multiple class maps, each with match flow pdp configured and a different differentiated services
code point (DSCP) value specified, are supported in a policy map only if the DSCP is trusted (the
gprs umts-qos dscp unmodified global configuration command has not been configured on the
GGSN).
Note To configure the Flow-Based QoS for GGSN feature, follow the instructions in the section called
“Configuring Per-PDP Policing.”
For more information about the show policy-map apn command, the gprs umts-qos dscp unmodified
command, the clear gprs access-point statistics command, and other GGSN-specific commands, see
theCisco GGSN Release 6.0 Command Reference, Cisco IOS Release 12.4(2)XB.
Examples The following is an example of a per-PDP policing policy map applied to an APN:
class-map match-all class-pdp
match flow pdp
!
! Configures a policy map and attaches this class map to it.
policy-map policy-gprs
class class-pdp
police rate pdp
conform-action set-dscp-transmit 15
exceed-action set-dscp-transmit 15
violate-action drop
policy-map
To create or modify a policy map that can be attached to one or more interfaces to specify a service
policy, use the policy-map command in global configuration mode. To delete a policy map, use the no
form of this command. The policy-map command enters policy-map configuration mode in which you
can configure or modify the class policies for that policy map.
Syntax Description type stack (Optional) Determines the exact pattern to look for in the protocol stack
of interest.
type access-control (Optional) Enables the policy map for the flexible packet matching
feature.
type port-filter (Optional) Enables the policy map for the port-filter feature.
type queue-threshold (Optional) Enables the policy map for the queue-threshold feature.
type logging (Optional) Enables the policy map for the control-plane packet logging
feature.
log-policy Type of log policy for control-plane logging.
policy-map-name Name of the policy map. The name can be a maximum of 40
alphanumeric characters.
type control (Optional) Creates a control policy map.
type service (Optional) Creates a service policy map.
Release Modification
12.4(6)T The type logging keywords were added to support control-plane packet
logging.
12.2(31)SB The type control and type service keywords were added to support the
Cisco 10000 series router.
12.2(18)ZY The following modifications were made to the policy-map command:
• The type access-control keywords were integrated into Cisco IOS
Release 12.2(18)ZY on the Catalyst 6500 series switch that is equipped
with the Supervisor 32/programmable intelligent services accelerator
(PISA) engine.
• The command was modified to enhance Network-Based Application
Recognition (NBAR) functionality on the Catalyst 6500 series switch
that is equipped with the Supervisor 32/PISA engine.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
Usage Guidelines Use the policy-map command to specify the name of the policy map to be created, added to, or modified
before you configure policies for classes whose match criteria are defined in a class map. The
policy-map command enters policy-map configuration mode in which you can configure or modify the
class policies for that policy map.
You can configure class policies in a policy map only if the classes have match criteria defined for them.
You use the class-map and match commands to configure the match criteria for a class. Because you
can configure a maximum of 64 class maps, no policy map can contain more than 64 class policies.
A single policy map can be attached to multiple interfaces concurrently. When you attempt to attach a
policy map to an interface, the attempt is denied if the available bandwidth on the interface cannot
accommodate the total bandwidth requested by class policies comprising the policy map. In this case, if
the policy map is already attached to other interfaces, it is removed from them.
Whenever you modify class policy in an attached policy map, class-based weighted fair queueing
(CBWFQ) is notified and the new classes are installed as part of the policy map in the CBWFQ system.
Examples The following example creates a policy map called policy1 and configures two class policies included
in that policy map. The class policy called class1 specifies policy for traffic that matches access control
list (ACL) 136. The second class is the default class to which packets that do not satisfy configured
match criteria are directed.
! The following commands create class-map class1 and define its match criteria:
class-map class1
match access-group 136
! The following commands create the policy map, which is defined to contain policy
! specification for class1 and the default class:
policy-map policy1
class class1
bandwidth 2000
queue-limit 40
class class-default
fair-queue 16
queue-limit 20
The following example creates a policy map called policy9 and configures three class policies to belong
to that map. Of these classes, two specify policy for classes with class maps that specify match criteria
based on either a numbered ACL or an interface name, and one specifies policy for the default class
called class-default to which packets that do not satisfy configured match criteria are directed.
policy-map policy9
class acl136
bandwidth 2000
queue-limit 40
class ethernet101
bandwidth 3000
random-detect exponential-weighting-constant 10
class class-default
fair-queue 10
queue-limit 20
The following example shows the configuration of a service policy map named redirect-profile:
policy-map type service redirect-profile
class type traffic CLASS-ALL
redirect to group redirect-sg
policy-map copp-peruser
To create a policy map that defines a Control Plane Policing and Protection (CoPP) per-user policy, use
the policy-map copp-peruser command in global configuration mode. To disable, use the no form of
the command.
policy-map copp-peruser
no policy-map copp-peruser
Usage Guidelines Use this command to create a CoPP per-user policy map when configuring CoPP.
precedence
To configure precedence levels for a virtual circuit (VC) class that can be assigned to a VC bundle and
thus applied to all VC members of that bundle, use the precedence command in vc-class configuration
mode. To remove the precedence levels from the VC class, use the no form of this command.
To configure the precedence levels for a VC or permanent virtual circuit (PVC) member of a bundle, use
the precedence command in bundle-vc configuration mode for ATM VC bundle members, or in switched
virtual circuit (SVC)-bundle-member configuration mode for an ATM SVC. To remove the precedence
levels from the VC or PVC, use the no form of this command.
no precedence
Syntax Description other (Optional) Any precedence levels in the range from 0 to 7 that are not
explicitly configured.
range (Optional) A single precedence level specified either as a number from 0 to
7 or a range of precedence levels, specified as a hyphenated range.
Command Default Defaults to other—that is, any precedence levels in the range from 0 to 7 that are not explicitly
configured.
Usage Guidelines Assignment of precedence levels to VC or PVC bundle members allows you to create differentiated
service because you can distribute the IP precedence levels over the various VC/PVC bundle members.
You can map a single precedence level or a range of levels to each discrete VC/PVC in the bundle,
thereby enabling VCs/PVCs in the bundle to carry packets marked with different precedence levels.
Alternatively, you can use the precedence other command to indicate that a VC/PVC can carry traffic
marked with precedence levels not specifically configured for other VCs/PVCs. Only one VC/PVC in
the bundle can be configured using the precedence other command. This VC/PVC is considered the
default one.
To use this command in vc-class configuration mode, first enter the vc-class atm command in global
configuration mode. The precedence command has no effect if the VC class that contains the command
is attached to a standalone VC; that is, if the VC is not a bundle member.
To use the precedence command to configure an individual bundle member in bundle-VC configuration
mode, first enter the bundle command to enact bundle configuration mode for the bundle to which you
want to add or modify the VC member to be configured. Then use the pvc-bundle command to specify
the VC to be created or modified and enter bundle-VC configuration mode.
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next-highest precedence):
• VC configuration in bundle-vc mode
• Bundle configuration in bundle mode (with effect of assigned vc-class configuration)
• Subinterface configuration in subinterface mode
Examples The following example configures a class called “control-class” that includes a precedence command
that, when applied to a bundle, configures all VC members of that bundle to carry IP precedence level 7
traffic. Note, however, that VC members of that bundle can be individually configured with the
precedence command at the bundle-vc level, which would supervene.
vc-class atm control-class
precedence 7
The following example configures PVC 401 (with the name of “control-class”) to carry traffic with IP
precedence levels in the range of 4–2, overriding the precedence level mapping set for the VC through
vc-class configuration:
pvc-bundle control-class 401
precedence 4-2
Command Description
protect Configures a VC class with protected group or protected VC status for
application to a VC bundle member.
pvc-bundle Adds a PVC to a bundle as a member of the bundle and enters bundle-vc
configuration mode in order to configure that PVC bundle member.
pvc Creates or assigns a name to an ATM PVC, specifies the encapsulation type
on an ATM PVC, and enters interface-ATM-VC configuration mode.
ubr Configures UBR QoS and specifies the output peak cell rate for an ATM
PVC, SVC, VC class, or VC bundle member.
ubr+ Configures UBR QoS and specifies the output peak cell rate and output
minimum guaranteed cell rate for an ATM PVC, SVC, VC class, or VC
bundle member.
vbr-nrt Configures the VBR-NRT QoS and specifies output peak cell rate, output
sustainable cell rate, and output maximum burst cell size for an ATM PVC,
SVC, VC class, or VC bundle member.
vc-class atm Configures a VC class for an ATM VC or interface.
Command Default For all IP Precedences, the mark-probability-denominator argument is 10, and the max-threshold
argument is based on the output buffering capacity and the transmission speed for the interface.
The default min-threshold argument depends on the IP Precedence. The min-threshold argument for IP
Precedence 0 corresponds to half of the max-threshold argument. The values for the remaining IP
Precedences fall between half the max-threshold argument and the max-threshold argument at evenly
spaced intervals. See Table 27 in the “Usage Guidelines” section for a list of the default minimum value
for each IP Precedence.
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP).
If used, this command is issued after the random-detect-group command.
When you configure the random-detect group command on an interface, packets are given preferential
treatment based on the IP Precedence of the packet. Use the precedence command to adjust the
treatment for different IP Precedences.
If you want WRED or DWRED to ignore the IP Precedence when determining which packets to drop,
enter this command with the same parameters for each IP Precedence. Remember to use reasonable
values for the minimum and maximum thresholds.
Note The default WRED or DWRED parameter values are based on the best available data. We recommend
that you do not change the parameters from their default values unless you have determined that your
applications would benefit from the changed values.
Examples The following example specifies parameters for the WRED parameter group called sanjose for the
different IP Precedences:
random-detect-group sanjose
precedence 0 32 256 100
precedence 1 64 256 100
precedence 2 96 256 100
precedence 3 128 256 100
precedence 4 160 256 100
precedence 5 192 256 100
precedence 6 224 256 100
precedence 7 256 256 100
preempt-priority
To specify the Resource Reservation Protocol (RSVP) quality of service (QoS) priorities to be inserted
into PATH and RESV messages if they were not signaled from an upstream or downstream neighbor or
local client application, use the preempt-priority command in local policy configuration mode. To
delete the priorities, use the no form of this command.
Syntax Description traffic-eng x (Optional) Indicates the upper limit of the priority for Traffic Engineering
(TE) reservations. The range of x values is 0 to 7 in which the smaller the
number, the higher the reservation’s priority. For non-TE reservations, the
range of x values is 0 to 65535 in which the higher the number, the higher
the reservation’s priority.
setup-priority Indicates the priority of a reservation when it is initially installed. Values
range from 0 to 7 where 0 is considered the highest priority. For TE
reservations, the default value is 7; for non-TE reservations, the default is 0.
hold-priority (Optional) Indicates the priority of a reservation after it has been installed.
If omitted, this argument defaults to the setup-priority. Values range from 0
to 7 where 0 is considered the highest priority. For TE reservations, the
default value is 7; for non-TE reservations, the default is 0.
Command Default No RSVP QoS priorities are specified until you configure them.
Usage Guidelines Use the preempt-priority command to specify the maximum setup or hold priority that RSVP QoS or
MPLS/ TE sessions can signal. A PATHERROR, RESVERROR, or local application error is returned if
these limits are exceeded.
If an incoming message has a preemption priority that requests a priority higher than the policy allows,
the message is rejected. Use the tunnel mpls traffic-eng priority command to configure preemption
priority for TE tunnels.
A single policy can contain a preempt-priority traffic-eng and a preempt-priority command, which
may be useful if the policy is bound to an access control list (ACL) that identifies a subnet containing a
mix of TE and non-TE endpoints or midpoints.
When selecting reservations for preemption, RSVP preempts lower-priority reservations before those
with higher priority. If there are multiple nonTE reservations with the same preemption priority, RSVP
selects the oldest reservations first.
Examples The following example has a setup priority of 0 and a hold priority of 5:
Router(config-rsvp-local-policy)# preempt-priority 0 5
priority
To give priority to a class of traffic belonging to a policy map, use the priority command in policy-map
class configuration mode. To remove a previously specified priority for a class, use the no form of this
command.
Syntax Description bandwidth-kbps Guaranteed allowed bandwidth, in kbps, for the priority traffic.
The amount of guaranteed bandwidth varies according to the
interface and platform in use. Beyond the guaranteed bandwidth,
the priority traffic will be dropped in the event of congestion to
ensure that the nonpriority traffic is not starved.
percent Specifies that the amount of guaranteed bandwidth will be
specified by the percent of available bandwidth.
percentage Used in conjunction with the percent keyword, specifies the
percentage of the total available bandwidth to be set aside for the
priority class. The percentage can be a number from 1 to 100.
burst (Optional) Specifies the burst size in bytes. The burst size
configures the network to accommodate temporary bursts of
traffic. The default burst value, which is computed as
200 milliseconds of traffic at the configured bandwidth rate, is
used when the burst argument is not specified. The range of the
burst is from 32 to 2000000 bytes.
Release Modification
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train.
Support in a specific 12.2SX release of this train depends on your
feature set, platform, and platform hardware.
Usage Guidelines This command configures low latency queueing (LLQ), providing strict priority queueing (PQ) for
class-based weighted fair queueing (CBWFQ). Strict PQ allows delay-sensitive data such as voice to be
dequeued and sent before packets in other queues are dequeued.
The priority command allows you to set up classes based on a variety of criteria (not just User Datagram
Ports (UDP) ports) and assign priority to them, and is available for use on serial interfaces and ATM
permanent virtual circuits (PVCs). A similar command, the ip rtp priority command, allows you to
stipulate priority flows based only on UDP port numbers and is not available for ATM PVCs.
When the device is not congested, the priority class traffic is allowed to exceed its allocated bandwidth.
When the device is congested, the priority class traffic above the allocated bandwidth is discarded.
The bandwidth and priority commands cannot be used in the same class, within the same policy map.
These commands can be used together in the same policy map, however.
Within a policy map, you can give one or more classes priority status. When multiple classes within a
single policy map are configured as priority classes, all traffic from these classes is queued to the same,
single, priority queue.
When the policy map containing class policy configurations is attached to the interface to stipulate the
service policy for that interface, available bandwidth is assessed. If a policy map cannot be attached to
a particular interface because of insufficient interface bandwidth, the policy is removed from all
interfaces to which it was successfully attached.
For more information on bandwidth allocation, refer to the chapter “Congestion Management Overview”
in the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples The following example configures PQ with a guaranteed bandwidth of 50 kbps and a one-time allowable
burst size of 60 bytes for the policy map called policy1:
Router(config)# policy-map policy1
Router(config-pmap)# class voice
Router(config-pmap-c)# priority 50 60
In the following example, 10 percent of the available bandwidth is reserved for the class called voice on
interfaces to which the policy map called policy1 has been attached:
Router(config)# policy-map policy1
Router(config-pmap)# class voice
Router(config-pmap-c)# priority percent 10
priority level
To configure multiple priority queues, use the priority level command in policy-map class configuration
mode. To remove a previously specified priority level for a class, use the no form of this command.
Syntax Description level Defines multiple levels of a strict priority service model. When
you enable a traffic class with a specific level of priority service,
the implication is a single priority queue associated with all
traffic enabled with the specified level of priority service.
level A range of priority levels. Valid values are from 1 (high priority)
to 4 (low priority). Default: 1
Usage Guidelines The bandwidth and priority level commands cannot be used in the same class, within the same policy
map. These commands can be used in the same policy map, however.
The shape and priority level commands cannot be used in the same class, within the same policy map.
These commands can be used in the same policy map, however,
Within a policy map, you can give one or more classes priority status. The router associates a single
priority queue with all of the traffic enabled with the same priority level and services the high level
priority queues until empty before servicing the next level priority queues and non-priority queues.
You cannot specify the same priority level for two different classes in the same policy map.
You cannot specify the priority command and the priority level command for two different classes in
the same policy map. For example, you cannot specify the priority bandwidth-kbps or priority percent
percentage command and the priority level command for different classes.
When the priority level command is configured with a specific level of priority service, the queue-limit
and random-detect commands can be used if only a single class at that level of priority is configured.
You cannot configure the default queue as a priority queue at any priority level.
Examples The following example shows how to configure multi-level priority queues. In the example, the traffic
class named Customer1 is given high priority (level 1) and the class named Customer2 is given level 2
priority. To prevent Customer2 traffic from becoming starved of bandwidth, Customer1 traffic is policed
at 30 percent of the available bandwidth.
Router> enable
Router# config terminal
Router(config)# policy-map Business
Router(config-pmap)# class Customer1
Router(config-pmap-c)# priority level 1
Router(config-pmap-c)# police 30
Router(config-pmap-c)# exit
Router(config-pmap)# class Customer2
Router(config-pmap-c)# priority level 2
priority-group
To assign the specified priority list to an interface, use the priority-group command in interface
configuration mode. To remove the specified priority group assignment, use the no form of this
command.
priority-group list-number
no priority-group list-number
Syntax Description list-number Priority list number assigned to the interface. Any number from 1 to 16.
Usage Guidelines Only one list can be assigned per interface. Priority output queueing provides a mechanism to prioritize
packets sent on an interface.
Use the show queueing and show interfaces commands to display the current status of the output
queues.
Examples The following example causes packets for transmission on serial interface 0 to be classified by priority
list 1:
interface serial 0
priority-group 1
The following example shows how to establish queueing priorities based on the address of the serial link
on a serial tunnel (STUN) connection. Note that you must use the priority-group interface configuration
command to assign a priority group to an output interface.
stun peer-name 172.16.0.0
stun protocol-group 1 sdlc
!
interface serial 0
! Disable the ip address for interface serial 0:
no ip address
! Enable the interface for STUN:
encapsulation stun
!
stun group 2
stun route address 10 tcp 172.16.0.1 local-ack priority
!
! Assign priority group 1 to the input side of interface serial 0:
priority-group 1
! Assign a low priority to priority list 1 on serial link identified
! by group 2 and address A7:
priority-list 1 stun low address 2 A7
priority-list default
To assign a priority queue for those packets that do not match any other rule in the priority list, use the
priority-list default command in global configuration mode. To return to the default or assign normal
as the default, use the no form of this command.
Syntax Description list-number Any number from 1 to 16 that identifies the priority list.
high | medium | normal | low Priority queue level. The normal queue is used if you use the no
form of this command.
Usage Guidelines When you use multiple rules, remember that the system reads the priority settings in order of appearance.
When classifying a packet, the system searches the list of rules specified by priority-list commands for
a matching protocol or interface type. When a match is found, the system assigns the packet to the
appropriate queue. The system searches the list in the order specified, and the first matching rule
terminates the search.
Examples The following example sets the priority queue for those packets that do not match any other rule in the
priority list to a low priority:
priority-list 1 default low
Command Description
priority-list protocol Establishes queueing priorities based on the protocol type.
priority-list queue-limit Specifies the maximum number of packets that can be waiting in each
of the priority queues.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.
priority-list interface
To establish queueing priorities on packets entering from a given interface, use the priority-list
interface command in global configuration mode. To remove an entry from the list, use the no form of
this command with the appropriate arguments.
Syntax Description list-number Any number from 1 to 16 that identifies the priority list.
interface-type The type of the interface.
interface-number The number of the interface.
high | medium | normal | low Priority queue level.
Usage Guidelines When you use multiple rules, remember that the system reads the priority settings in order of appearance.
When classifying a packet, the system searches the list of rules specified by priority-list commands for
a matching protocol or interface type. When a match is found, the system assigns the packet to the
appropriate queue. The system searches the list in the order specified, and the first matching rule
terminates the search.
Examples The following example assigns a list entering on serial interface 0 to a medium priority queue level:
priority-list 3 interface serial 0 medium
Note This command defines a rule that determines how packets are attached to an interface. Once the rule is
defined, the packet is actually attached to the interface using the priority-group command.
priority-list protocol
To establish queueing priorities based upon the protocol type, use the priority-list protocol command
in global configuration mode. To remove a priority list entry assigned by protocol type, use the no form
of this command with the appropriate arguments.
Syntax Description list-number Any number from 1 to 16 that identifies the priority list.
protocol-name Protocol type: aarp, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, compressedtcp, cmns, decnet, decnet_node,
decnet_router-l1, decnet_router-l2, dlsw, ip, ipx, pad, rsrb,
stun and x25.
high | medium | normal | low Priority queue level.
queue-keyword keyword-value Possible keywords are fragments, gt, list, lt, tcp, and udp. For
more information about keywords and values, see Table 28 in the
“Usage Guidelines” section.
Usage Guidelines When you use multiple rules for a single protocol, remember that the system reads the priority settings
in order of appearance. When classifying a packet, the system searches the list of rules specified by
priority-list commands for a matching protocol type. When a match is found, the system assigns the
packet to the appropriate queue. The system searches the list in the order specified, and the first matching
rule terminates the search.
The decnet_router-l1 keyword refers to the multicast address for all level 1 routers, which are intra-area
routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are interarea routers.
The dlsw, rsrb, and stun keywords refer only to direct encapsulation.
Use Table 28, Table 29, and Table 30 to configure the queueing priorities for your system.
Option Description
fragments Assigns the priority level defined to fragmented IP packets (for use with IP
only). More specifically, this command matches IP packets whose fragment
offset field is nonzero. The initial fragment of a fragmented IP packet has a
fragment offset of zero, so such packets are not matched by this command.
Note Packets with a nonzero fragment offset do not contain TCP or User
Datagram Protocol (UDP) headers, so other instances of this
command that use the tcp or udp keyword will always fail to match
such packets.
gt byte-count Specifies a greater-than count. The priority level assigned goes into effect
when a packet size exceeds the value entered for the byte-count argument.
Note The size of the packet must also include additional bytes because of
MAC encapsulation on the outgoing interface.
list list-number Assigns traffic priorities according to a specified list when used with
AppleTalk, bridging, IP, IPX, VINES, or XNS. The list-number argument is
the access list number as specified by the access-list global configuration
command for the specified protocol-name. For example, if the protocol is
AppleTalk, list-number should be a valid AppleTalk access list number.
lt byte-count Specifies a less-than count. The priority level assigned goes into effect when
a packet size is less than the value entered for the byte-count argument.
Note The size of the packet must also include additional bytes because of
MAC encapsulation on the outgoing interface.
tcp port Assigns the priority level defined to TCP segments originating from or
destined to a specified port (for use with IP only). Table 29 lists common
TCP services and their port numbers.
udp port Assigns the priority level defined to UDP packets originating from or
destined to a specified port (for use with IP only). Table 30 lists common
UDP services and their port numbers.
Service Port
FTP data 20
FTP 21
Simple Mail Transfer Protocol (SMTP) 25
Telnet 23
Note To display a complete list of TCP services and their port numbers, enter a help string, such as the
following example:
Service Port
Domain Name System (DNS) 53
Network File System (NFS) 2049
remote-procedure call (RPC) 111
SNMP 161
TFTP 69
Note To display a complete list of UDP services and their port numbers, enter a help string, such as the
following example:
Note Table 29 and Table 30 include some of the more common TCP and UDP port numbers. However, you
can specify any port number to be prioritized; you are not limited to those listed.
For some protocols, such as TFTP and FTP, only the initial request uses port 69. Subsequent packets use
a randomly chosen port number. For these types of protocols, the use of port numbers fails to be an
effective method to manage queued traffic.
Examples The following example assigns 1 as the arbitrary priority list number, specifies DECnet as the protocol
type, and assigns a high-priority level to the DECnet packets sent on this interface:
priority-list 1 protocol decnet high
The following example assigns a medium-priority level to every DECnet packet with a size greater than
200 bytes:
priority-list 2 protocol decnet medium gt 200
The following example assigns a medium-priority level to every DECnet packet with a size less than 200
bytes:
priority-list 4 protocol decnet medium lt 200
The following example assigns a high-priority level to traffic that matches IP access list 10:
priority-list 1 protocol ip high list 10
The following example assigns a high-priority level to traffic that matches Ethernet type code access list
201:
priority-list 1 protocol bridge high list 201
The following example assigns a high-priority level to data-link switching plus (DLSw+) traffic with
TCP encapsulation:
priority-list 1 protocol ip high tcp 2065
The following example assigns a high-priority level to DLSw+ traffic with direct encapsulation:
priority-list 1 protocol dlsw high
Note This command define a rule that determines how packets are attached to an interface. Once the rule is
defined, the packet is actually attached to the interface using the priority-group command.
priority-list queue-limit
To specify the maximum number of packets that can be waiting in each of the priority queues, use the
priority-list queue-limit command in global configuration mode. To select the normal queue, use the
no form of this command.
Syntax Description list-number Any number from 1 to 16 that identifies the priority list.
high-limit (Optional) Priority queue maximum length. A value of 0 for any of the four
medium-limit arguments means that the queue can be of unlimited size for that particular queue.
normal-limit For default values for these arguments, see Table 31.
low-limit
Usage Guidelines If a priority queue overflows, excess packets are discarded and messages can be sent, if appropriate, for
the protocol.
The default queue limit arguments are listed in Table 31.
Note If priority queueing is enabled and there is an active ISDN (Integrated Services Digital Network) call in
the queue, changing the configuration of the priority-list queue-limit command drops the call from the
queue. For more information about priority queueing, refer to the Cisco IOS Quality of Service Solutions
Configuration Guide.
Examples The following example sets the maximum packets in the priority queue to 10:
priority-list 2 queue-limit 10 40 60 80
priority-queue cos-map
To map CoS values to the receive and transmit strict-priority queues in interface configuration command
mode, use the priority-queue cos-map command. To return to the default mapping, use the no form of
this command.
priority-queue cos-map queue-id cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]
no priority-queue cos-map
Command Default The default mapping is queue 1 is mapped to CoS 5 for the following receive and transmit strict-priority
queues:
• 1p1q4t receive queues
• 1p1q0t receive queues
• 1p1q8t receive queues
• 1p2q2t transmit queues
• 1p3q8t transmit queues
• 1p7q8t transmit queues
• 1p3q1t transmit queues
• 1p2q1t transmit queues
Usage Guidelines When mapping CoS values to the strict-priority queues, note the following information:
• The queue number is always 1.
• You can enter up to 8 CoS values to map to the queue.
Examples This example shows how to map CoS value 7 to the strict-priority queues on Gigabit Ethernet port 1/1:
priority-queue queue-limit
To set the priority-queue size on an interface, use the priority-queue queue-limit command in interface
configuration mode. To return to the default priority-queue size, use the no form of this command.
Syntax Description percent Priority-queue size in percent; valid values are from 1 to 100.
Command Default When global quality of service (QoS) is enabled, the priority-queue size is 15. When global QoS is
disabled, the priority-queue size is 0.
Examples The following example shows how to set the priority-queue size on an interface:
priority-queue queue-limit 15
1. 1p2q1t—One strict-priority queue, two standard queues with one WRED drop threshold and one
non-configurable (100%) tail-drop threshold per queue.
2. 1p3q8t—One strict-priority queue, three standard queues with eight WRED drop thresholds per queue.
3. 1p7q8t—One strict-priority queue, seven standard queues with eight WRED drop thresholds per queue.
4. 1p7q4t—One strict-priority queue, seven standard queues with four WRED drop thresholds per queue.
pvc-bundle
To add a virtual circuit (VC) to a bundle as a member of the bundle and enter bundle-vc configuration
mode in order to configure that VC bundle member, use the pvc-bundle command in bundle
configuration mode. To remove the VC from the bundle, use the no form of this command.
Syntax Description pvc-name The name of the permanent virtual circuit (PVC) bundle.
vpi/ (Optional) ATM network virtual path identifier (VPI) for this PVC. The
absence of the / and a vpi value defaults the vpi value to 0.
On the Cisco 7200 and 7500 series routers, the value range is from 0 to 255;
on the Cisco 4500 and 4700 routers, the value range is from 0 to 1 less than
the quotient of 8192 divided by the value set by the atm vc-per-vp
command.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
vci (Optional) ATM network virtual channel identifier (VCI) for this PVC. The
value range is from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, lower values 0 to 31 are reserved
for specific traffic (F4 Operation, Administration, and Maintenance (OAM),
switched virtual circuit (SVC) signaling Integrated Local Management
Interface (ILMI), and so on) and should not be used.
The VCI is a 16-bit field in the header of the ATM cell. The VCI value is
unique only on a single link, not throughout the ATM network, because it
has local significance only.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
Release Modification
12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
Usage Guidelines Each bundle can contain multiple VCs having different quality of service (QoS) attributes. This
command associates a VC with a bundle, making it a member of that bundle. Before you can add a VC
to a bundle, the bundle must exist. Use the bundle command to create a bundle. You can also use this
command to configure a VC that already belongs to a bundle. You enter the command in the same way,
giving the name of the VC bundle member.
The pvc-bundle command enters bundle-vc configuration mode, in which you can specify VC-specific
and VC class attributes for the VC.
Examples The following example specifies an existing bundle called bundle1 and enters bundle configuration
mode. Then it adds two VCs to the bundle. For each added VC, bundle-vc mode is entered and a VC
class is attached to the VC to configure it.
bundle bundle1
pvc-bundle bundle1-control 207
class control-class
pvc-bundle bundle1-premium 206
class premium-class
The following example configures the PVC called bundle1-control, an existing member of the bundle
called bundle1, to use class-based weighted fair queueing (CBWFQ). The example configuration
attaches the policy map called policy1 to the PVC. Once the policy map is attached, the classes
comprising policy1 determine the service policy for the PVC bundle1-control.
bundle bundle1
pvc-bundle bundle1-control 207
class control-class
service-policy output policy1
Command Description
ubr Configures UBR QoS and specifies the output peak cell rate for an ATM
PVC, SVC, VC class, or VC bundle member.
ubr+ Configures UBR QoS and specifies the output peak cell rate and output
minimum guaranteed cell rate for an ATM PVC, SVC, VC class, or VC
bundle member.
vbr-nrt Configures the VBR-NRT QoS and specifies output peak cell rate, output
sustainable cell rate, and output maximum burst cell size for an ATM PVC,
SVC, VC class, or VC bundle member.
qos pre-classify
To enable quality of service (QoS) preclassification, use the qos pre-classify command in interface
configuration mode. To disable the QoS preclassification feature, use the no form of this command.
qos pre-classify
no qos pre-classify
Usage Guidelines This command is restricted to tunnel interfaces, virtual templates, and crypto maps. The qos pre-classify
command is unavailable on all other interface types.
You can enable the qos pre-classify command for IP packets only.
Note QoS preclassification is not supported for all fragmented packets. If a packet is fragmented, each
fragment might receive different preclassifications.
Examples The following example enables the QoS for Virtual Private Networks (VPNs) feature on tunnel interfaces
and virtual templates:
Router(config-if)# qos pre-classify
queue-limit
To specify or modify the maximum number of packets or bytes that a queue can hold for a class policy
configured in a policy map during a specified interval in milliseconds (ms), use the queue-limit
command in policy-map class configuration mode. To remove the queue limit from a class policy, use
the no form of this command.
no queue-limit
Syntax Description number-of-packets Number in the range from 1 to 64 specifying the maximum amount of
packets that the queue for this class can accumulate.
Note For ESR-PRE1, number-of-packets is a number from 32 to 16384;
the number must be a power of 2. If the number you specify is not
a power of 2, the router converts the number to the nearest power of
2 value.
For Cisco IOS Release 12.2(16)BX, number-of-packets is a number
from 32 to 16384. The number does not need to be a power of 2.
For Cisco IOS Release 12.3(7)XI and later releases, if the interface
speed is less than 500 MB, number-of-packets is a number from 8
to 4096; the number must be a power of 2. If the interface speed is
greater than 500 MB, number-of-packets is a number from 128 to
64000 and must be a power of 2. If it is not, the router converts the
number to the nearest power of 2 value.
number-of-bytes Amount of data in bytes that a queue can accumulate. Values are 1 to 4096.
number-of-milliseconds Length of time in milliseconds (ms) that a queue can accumulate packets.
Values are 1 to 4096.
packets, bytes, Unit of measure.
milliseconds
Note If you are using the number-of-packets argument, the packets
keyword is optional.
Command Default The default behavior of the queue-limit command for class queues with and without weighted random
early detection (WRED) is as follows:
• Class queues with WRED—The router uses the default queue limit of two times the largest WRED
maximum threshold value, rounded to the nearest power of 2.
Note For Cisco IOS Release 12.2(16)BX, the router does not round the value to the nearest power of 2.
• Priority queues and class queues without WRED—The router has buffers for up to 50 ms of 256-byte
packets at line rate, but not fewer than 32 packets.
Note Using the queue-limit command to modify the default queue limit is especially important for
higher-speed interfaces, in order to meet the minimum bandwidth guarantees required by the interface.
Examples The following example configures a policy map called policy11 to contain policy for a class called
acl203. Policy for this class is set so that the queue reserved for it has a maximum packet limit of 40.
Router(config)# policy-map policy11
Router(config-pmap)# class acl203
Router(config-pmap-c)# bandwidth 2000
Router(config-pmap-c)# queue-limit 40
queue-list default
To assign a priority queue for those packets that do not match any other rule in the queue list, use the
queue-list default command in global configuration mode. To restore the default value, use the no form
of this command.
Syntax Description list-number Number of the queue list. Any number from 1 to 16 that identifies the queue
list.
queue-number Number of the queue. Any number from 1 to 16.
Usage Guidelines When you use multiple rules, remember that the system reads the queue-list commands in order of
appearance. When classifying a packet, the system searches the list of rules specified by queue-list
commands for a matching protocol or interface type. When a match is found, the system assigns the
packet to the appropriate queue. The system searches the list in the order specified, and the first matching
rule terminates the search.
Queue number 0 is a system queue. It is emptied before any of the other queues are processed. The
system enqueues high-priority packets, such as keepalives, to this queue.
Use the show interfaces command to display the current status of the output queues.
Examples In the following example, the default queue for list 10 is set to queue number 2:
queue-list 10 default 2
queue-list interface
To establish queueing priorities on packets entering on an interface, use the queue-list interface
command in global configuration mode. To remove an entry from the list, use the no form of this
command.
Syntax Description list-number Number of the queue list. Any number from 1 to 16 that identifies the queue
list.
interface-type Type of the interface.
interface-number Number of the interface.
queue-number Number of the queue. Any number from 1 to 16.
Usage Guidelines When you use multiple rules, remember that the system reads the queue-list commands in order of
appearance. When classifying a packet, the system searches the list of rules specified by queue-list
commands for a matching protocol or interface type. When a match is found, the system assigns the
packet to the appropriate queue. The list is searched in the order specified, and the first matching rule
terminates the search.
Examples In the following example, queue list 4 establishes queueing priorities for packets entering on interface
tunnel 3. The queue number assigned is 10.
queue-list 4 interface tunnel 3 10
queue-list lowest-custom
To set the lowest number for a queue to be treated as a custom queue, use the queue-list lowest-custom
command in global configuration mode. To restore the default value, use the no form of this command.
Syntax Description list-number Number of the queue list. Any number from 1 to 16 that identifies the queue
list.
queue-number Number of the queue. Any number from 1 to 16.
Usage Guidelines All queues from queue 0 to the queue prior to the one specified in the queue-list lowest-custom
command use the priority queue. (Queue 0 has the highest priority.)
All queues from the one specified in the queue-list lowest-custom command to queue 16 use a
round-robin scheduler.
Use the show queueing custom command to display the current custom queue configuration.
Examples In the following example, the lowest custom value is set to 2 for queue list 4:
queue-list 4 lowest-custom 2
Command Description
queue-list queue byte-count Specifies how many bytes the system allows to be delivered from a
given queue during a particular cycle.
queue-list queue limit Designates the queue length limit for a queue.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.
queue-list protocol
To establish queueing priority based upon the protocol type, use the queue-list protocol command in
global configuration mode. To remove an entry from the list, use the no form of this command.
Syntax Description list-number Number of the queue list. Any number from 1 to 16.
protocol-name Protocol type: aarp, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, cmns, compressedtcp, decnet, decnet_node,
decnet_routerl1, decnet_routerl2, dlsw, ip, ipx, pad, rsrb, stun
and x25.
queue-number Number of the queue. Any number from 1 to 16.
queue-keyword keyword-value Possible keywords are fragments, gt, list, lt, tcp, and udp. See the
priority-list protocol command for more information about this
keyword.
Usage Guidelines When you use multiple rules for a single protocol, remember that the system reads the queue-list
commands in order of appearance. When classifying a packet, the system searches the list of rules
specified by queue-list commands for a matching protocol. When a match is found, the system assigns
the packet to the appropriate queue. The system searches the list in the order specified, and the first
matching rule terminates the search.
The decnet_router-l1 keyword refers to the multicast address for all level 1 routers, which are intra-area
routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are interarea routers.
The dlsw, rsrb, and stun keywords refer only to direct encapsulation.
Use the tables listed in the priority-list protocol command documention to configure the queueing
priorities for your system.
Examples The following example assigns 1 as the custom queue list, specifies DECnet as the protocol type, and
assigns 3 as a queue number to the packets sent on this interface:
queue-list 1 protocol decnet 3
The following example assigns DECnet packets with a size greater than 200 bytes to queue number 2:
queue-list 2 protocol decnet 2 gt 200
The following example assigns DECnet packets with a size less than 200 bytes to queue number 2:
queue-list 4 protocol decnet 2 lt 200
The following example assigns traffic that matches IP access list 10 to queue number 1:
queue-list 1 protocol ip 1 list 10
The following example assigns User Datagram Protocol (UDP) Domain Name Service packets to queue
number 2:
queue-list 4 protocol ip 2 udp 53
The following example assigns traffic that matches Ethernet type code access list 201 to queue number 1:
queue-list 1 protocol bridge 1 list 201
Syntax Description list-number Number of the queue list. Any number from 1 to 16.
queue-number Number of the queue. Any number from 1 to 16.
byte-count-number The average number of bytes the system allows to be delivered from a given
queue during a particular cycle.
Command Default This command is disabled by default. The default byte count is 1500 bytes.
Examples In the following example, queue list 9 establishes the byte count as 1400 for queue number 10:
queue-list 9 queue 10 byte-count 1400
Command Description
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.
Syntax Description list-number Number of the queue list. Any number from 1 to 16.
queue-number Number of the queue. Any number from 1 to 16.
limit-number Maximum number of packets that can be enqueued at any time. The range is
from 0 to 32767 queue entries. A value of 0 means that the queue can be of
unlimited size.
Examples In the following example, the queue length of queue 10 is increased to 40:
queue-list 5 queue 10 limit 40
random-detect
To enable Weighted Random Early Detection (WRED) or distributed WRED (DWRED) on an interface,
use the random-detect command in interface configuration mode. To configure WRED for a class in a
policy map, use the random-detect command in policy-map class configuration mode. To disable
WRED or DWRED, use the no form of this command.
no random-detect
Syntax Description dscp-based (Optional) Specifies that WRED is to use the differentiated services code
point (DSCP) value when it calculates the drop probability for a packet.
prec-based (Optional) Specifies that WRED is to use the IP Precedence value when it
calculates the drop probability for a packet.
Availability
The random-detect command is not available at the interface level for Cisco IOS Releases 12.1E or
12.0S. The random-detect command is available in policy-map class configuration mode only for Cisco
IOS Releases 12.1E, 12.0S, and later.
WRED Functionality
WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP). WRED and DWRED are most useful with protocols like Transport
Control Protocol (TCP) that respond to dropped packets by decreasing the transmission rate.
The router automatically determines parameters to use in the WRED calculations. To change these
parameters, use the random-detect precedence command.
Note If you use WRED packet drop instead of tail drop for one or more classes in a policy map, you
must ensure that WRED is not configured on the interface to which you attach that policy map.
Note the following points when deciding which method to instruct WRED to use:
• With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type
of service (ToS) byte) to calculate the drop probability.
• With the prec-based keyword, WRED will use the IP Precedence value to calculate the drop
probability.
• The dscp-based and prec-based keywords are mutually exclusive.
• If neither argument is specified, WRED uses the IP Precedence value to calculate the drop
probability (the default method).
Examples The following example configures WRED on the High-Speed Serial Interface (HSSI) 0/0/0 interface:
interface Hssi0/0/0
random-detect
The following example configures the policy map called policy1 to contain policy specification for the
class called class1. During times of congestion, WRED packet drop is used instead of tail drop.
! The following commands create the class map called class1:
class-map class1
match input-interface fastethernet0/1
! The following commands define policy1 to contain policy specification for class1:
policy-map policy1
class class1
bandwidth 1000
random-detect
The following example enables WRED to use the DSCP value 8. The minimum threshold for the DSCP
value 8 is 24 and the maximum threshold is 40. This configuration was performed at the interface level.
Router(config)# interface serial0/0
Router(config-if)# random-detect dscp-based
Router(config-if)# random-detect dscp 8 24 40
The following example enables WRED to use the DSCP value 8 for class c1. The minimum threshold
for DSCP value 8 is 24 and the maximum threshold is 40. The last line attaches the service policy to the
output interface or virtual circuit (VC) p1.
Router(config-if)# class-map c1
Router(config-cmap)# match access-group 101
Router(config-if)# policy-map p1
Router(config-pmap)# class c1
Router(config-pmap-c)# bandwidth 48
Router(config-pmap-c)# random-detect dscp-based
Router(config-pmap-c)# random-detect dscp 8 24 40
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface serial0/0
Router(config-if)# service-policy output p1
Command Description
random-detect flow Enables flow-based WRED.
random-detect precedence Configures WRED and DWRED parameters for a particular IP
Precedence.
show interfaces Displays statistics for all interfaces configured on the router or
access server.
show queueing Lists all or selected configured queueing strategies.
show tech-support rsvp Generates a report of all RSVP-related information.
Syntax Description attach group-name (Optional) Name of the WRED or DWRED group.
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP). WRED and DWRED are most useful with protocols like TCP that
respond to dropped packets by decreasing the transmission rate.
WRED and DWRED are configurable at the interface and per-VC levels. The VC-level WRED or
DWRED configuration will override the interface-level configuration if WRED or DWRED is also
configured at the interface level.
Use this command to configure a single ATM VC or a VC that is a member of a bundle.
Note the following points when using the random-detect (per VC) command:
• If you use this command without the optional attach keyword, default WRED or DWRED
parameters (such as minimum and maximum thresholds) are used.
• If you use this command with the optional attach keyword, the parameters defined by the specified
WRED or DWRED parameter group are used. (WRED or DWRED parameter groups are defined
through the random-detect-group command.) If the specified WRED or DWRED group does not
exist, the VC is configured with default WRED or DWRED parameters.
When this command is used to configure an interface-level WRED or DWRED group to include per-VC
WRED or DWRED as a drop policy, the configured WRED or DWRED group parameters are inherited
under the following conditions:
• All existing VCs—including Resource Reservation Protocol (RSVP) switched virtual circuits
(SVCs) that are not specifically configured with a VC-level WRED or DWRED group—will inherit
the interface-level WRED or DWRED group parameters.
• Except for the VC used for signalling and the Interim Local Management Interface (ILMI) VC, any
VCs created after the configuration of an interface-level DWRED group will inherit the parameters.
When an interface-level WRED or DWRED group configuration is removed, per-VC WRED or DWRED
parameters are removed from any VC that inherited them from the configured interface-level WRED or
DWRED group.
When an interface-level WRED or DWRED group configuration is modified, per-VC WRED or
DWRED parameters are modified accordingly if the WRED or DWRED parameters were inherited from
the configured interface-level WRED or DWRED group configuration.
This command is only supported on interfaces that are capable of VC-level queueing. The only currently
supported interface is the Enhanced ATM port adapter (PA-A3).
The DWRED feature is only supported on Cisco 7000 series routers with an RSP7000 card and
Cisco 7500 series routers with a VIP2-40 or greater interface processor. A VIP2-50 interface processor
is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater than
DS3. A VIP2-50 interface processor is required for OC-3 rates.
To use DWRED, distributed Cisco Express Forwarding (dCEF) switching must first be enabled on the
interface. For more information on dCEF, refer to the Cisco IOS Switching Services Configuration Guide
and the Cisco IOS Switching Services Command Reference.
Examples The following example configures per-VC WRED for the permanent virtual circuit (PVC) called cisco.
Because the attach keyword was not used, WRED uses default parameters.
pvc cisco 46
random-detect
The following example creates a DWRED group called Rome and then applies the parameter group to
an ATM PVC:
! The following commands create the DWRED parameter group Rome:
random-detect-group Rome
precedence rsvp 46 50 10
precedence 1 32 50 10
precedence 2 34 50 10
precedence 3 36 50 10
precedence 4 38 50 10
precedence 5 40 50 10
precedence 6 42 50 10
precedence 7 44 50 10
exit
exit
! The following commands create a PVC on an ATM interface and then apply the
! DWRED group Rome to that PVC:
interface ATM2/0.23 point-to-point
ip address 10.9.23.10 255.255.255.0
no ip mroute-cache
The following show queueing command displays the current settings for each of the IP Precedences
following configuration of per-VC DWRED:
Router# show queueing random-detect interface atm2/0.23 vc 201/201
exponential weight 9
class min-threshold max-threshold mark-probability
----------------------------------------------------------
0 30 50 1/10
1 32 50 1/10
2 34 50 1/10
3 36 50 1/10
4 38 50 1/10
5 40 50 1/10
6 42 50 1/10
7 44 50 1/10
rsvp 46 50 1/10
random-detect aggregate
To enable aggregate Weighted Random Early Detection (WRED), use the random-detect aggregate
command in policy-map class configuration mode. To disable aggregate WRED, use the no form of this
command.
Syntax Description precedence-based (Optional) Enables aggregate WRED based on IP precedence values. This is
the default.
dscp-based (Optional) Enables aggregate WRED based on differentiated services code
point (DSCP) values.
minimum-thresh (Optional) Default minimum threshold (in number of packets) to be used for
min-thresh all subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from 1 to 12288.
maximum-thresh (Optional) Default maximum threshold (in number of packets) to be used for
max-thresh all subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from the minimum threshold argument to 12288.
mark-probability (Optional) Default denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. This value is used for all
subclasses (IP precedence or DSCP values) that have not been specifically
configured. Valid values are from 1 to 255.
Command Default If no precedence-based or dscp-based keyword is specified in the command, the default is
precedence-based.
If optional parameters for a default aggregate class are not defined, all subclass values that are not
explicitly configured will use plain (non-weighted) RED drop behavior. This is different from standard
random-detect configuration where the default is to always use WRED behavior.
Usage Guidelines For ATM interfaces, the Aggregate WRED feature requires that the ATM SPA cards are installed in a
Cisco 7600 SIP-200 carrier card or a Cisco 7600 SIP-400 carrier card.
To configure WRED on an ATM interface, you must use the random-detect aggregate commands; the
standard random-detect commands are no longer supported on ATM interfaces.
The precedence-based and dscp-based keywords are mutually exclusive. If you do not specify either
keyword, precedence-based is the default.
Defining WRED profile parameter values for the default aggregate class is optional. If defined, WRED
profile parameters applied to the default aggregate class will be used for all subclasses that have not been
explicitly configured. If all possible IP precedence or DSCP values are defined as subclasses, a default
specification is unnecessary. If the optional parameters for a default aggregate class are not defined and
packets with an unconfigured IP precedence or DSCP value arrive at the interface, plain (non-weighted)
RED drop behavior will be used.
Use this command with a random-detect precedence (aggregate) or random-detect dscp (aggregate)
command within a policy map configuration to configure aggregate Weighted Random Early Detection
(WRED) parameters for specific IP precedence or DSCP value(s).
After the policy map is defined, the policy map must be attached at the VC level.
Use the show policy-map interface command to display the statistics for aggregated subclasses.
Examples The following example shows a precedence-based aggregate WRED configuration for an ATM interface.
Note that first a policy map named prec-aggr-wred is defined for the default class, then precedence-based
Aggregate WRED is enabled with the random-detect aggregate command, then subclasses and WRED
parameter values are assigned in a series of random-detect precedence (aggregate) commands, and,
finally, the policy map is attached at the ATM VC level using the interface and service-policy
commands.
Router(config)# policy-map prec-aggr-wred
Router(config-pmap)# class class-default
Router(config-pmap-c)# random-detect aggregate
Router(config-pmap-c)# random-detect precedence values 0 1 2 3 minimum thresh 10
maximum-thresh 100 mark-prob 10
Router(config-pmap-c)# random-detect precedence values 4 5 minimum-thresh 40
maximum-thresh 400 mark-prob 10
Router(config-pmap-c)# random-detect precedence values 6 minimum-thresh 60 maximum-thresh
600 mark-prob 10
Router(config-pmap-c)# random-detect precedence values 7 minimum-thresh 70 maximum-thresh
700 mark-prob 10
Router(config-pmap-c)# interface ATM4/1/0.10 point-to-point
Router(config-subif)# ip address 10.0.0.2 255.255.255.0
Router(config-subif)# pvc 10/110
Router(config-subif)# service-policy output prec-aggr-wred
The following example shows a DSCP-based aggregate WRED configuration for an ATM interface. Note
that first a policy map named dscp-aggr-wred is defined for the default class, then dscp-based Aggregate
WRED is enabled with the random-detect dscp-based aggregate command, then subclasses and
WRED parameter values are assigned in a series of random-detect dscp (aggregate) commands, and,
finally, the policy map is attached at the ATM VC level using the interface and service-policy
commands.
Router(config)# policy-map dscp-aggr-wred
Router(config-pmap)# class class-default
Router(config-pmap-c)# random-detect dscp-based aggregate minimum-thresh 1 maximum-thresh
10 mark-prob 10
random-detect atm-clp-based
To enable weighted random early detection (WRED) on the basis of the ATM cell loss priority (CLP) of
a packet, use the random-detect atm-clp-based command in policy-map class configuration mode. To
disable WRED, use the no form of this command.
no random-detect atm-clp-based
no random-detect atm-clp-based
Command Default When WRED is configured, the default minimum and maximum thresholds are determined on the basis
of output buffering capacity and the transmission speed for the interface.
The default maximum probability denominator is 10.
On the Cisco 10000 series router, the default is disabled.
Usage Guidelines You cannot use the random-detect atm-clp-based command with the random-detect cos-based
command in the same HQF configuration. You must use the no random-detect cos-based command to
disable it before you configure the random-detect atm-clp-based command.
Examples In the following example, WRED is configured on the basis of the ATM CLP. In this configuration, the
random-detect atm-clp-based command has been configured and an ATM CLP of 1 has been specified.
Router> enable
Router# configure terminal
Router(config)# policy-map policymap1
Router(config-pmap)# class class1
Router(config-pmap-c)# random-detect atm-clp-based 1
Router(config-pmap-c)# end
random-detect cos-based
To enable weighted random early detection (WRED) on the basis of the class of service (CoS) value of
a packet, use the random-detect cos-based command in policy-map class configuration mode. To
disable WRED, use the no form of this command.
no random-detect cos-based
Command Default When WRED is configured, the default minimum and maximum thresholds are determined on the basis
of output buffering capacity and the transmission speed for the interface.
The default maximum probability denominator is 10.
Usage Guidelines You cannot use the random-detect cos-based command with the random-detect atm-clp-based
command in the same HQF configuration. You must use the no random-detect atm-clp-based
command to disable it before you configure the random-detect cos-based command.
Examples In the following example, WRED is configured on the basis of the CoS value. In this configuration, the
random-detect cos-based command has been configured and a CoS value of 2 has been specified.
Router> enable
Router# configure terminal
Router(config)# policy-map policymap1
Router(config-pmap)# class class1
Router(config-pmap-c)# random-detect cos-based 2
Router(config-pmap-c)# end
random-detect discard-class
To configure the weighted random early detection (WRED) parameters for a discard-class value for a
class policy in a policy map, use the random-detect discard-class command in QoS policy-map class
configuration mode. To disable the discard-class values, use the no form of this command.
Syntax Description value Discard class. This is a number that identifies the drop eligibility of a
packet. Valid values are 0 to 7.
min-threshold Specifies the minimum number of packets allowed in the queue. When
the average queue length reaches the minimum threshold, WRED
randomly drops some packets with the specified DSCP, IP precedence,
or discard-class value. Valid minimum threshold values are 1 to
16384.
max-threshold Specifies the maximum number of packets allowed in the queue.
When the average queue length exceeds the maximum threshold,
WRED drops all packets with the specified DSCP, IP precedence, or
discard-class value. Valid maximum threshold values are 1 to 16384.
max-probability-denominator Denominator for the fraction of packets dropped when the average
queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the
average queue is at the maximum threshold. Valid values are 1 to
65535.
Command Default For all precedence levels, the max-probability-denominator default is 10 packets; 1 out of every 10
packets is dropped at the maximum threshold.
Usage Guidelines When you configure the random-detect discard-class command on an interface, packets are given
preferential treatment based on the discard class of the packet. Use the random-detect discard-class
command to adjust the discard class for different discard-class values.
Examples The following example shows how to configure discard class 2 to randomly drop packets when the
average queue reaches the minimum threshold of 100 packets and 1 in 10 packets are dropped when the
average queue is at the maximum threshold of 200 packets:
policy-map set-MPLS-PHB
class IP-AF11
bandwidth percent 40
random-detect discard-class-based
random-detect-discard-class 2 100 200 10
random-detect discard-class-based
To base weighted random early detection (WRED) on the discard class value of a packet, use the
random-detect discard-class-based command in policy-map class configuration mode. To disable this
feature, use the no form of this command.
random-detect discard-class-based
no random-detect discard-class-based
Usage Guidelines Enter this command so that WRED is based on the discard class instead of on the IP precedence field.
Examples The following example shows that random detect is based on the discard class value of a packet:
policy-map name
class-name
bandwidth percent 40
random-detect discard-class-based
random-detect dscp
To change the minimum and maximum packet thresholds for the differentiated services code point
(DSCP) value, use the random-detect dscp command in interface or QoS policy-map class
configuration mode. To return the minimum and maximum packet thresholds to the default for the DSCP
value, use the no form of this command.
Syntax Description dscp-value The DSCP value. The DSCP value can be a number from 0 to 63, or
it can be one of the following keywords: af11, af12, af13, af21,
af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4,
cs5, cs7, ef, or rsvp.
min-threshold Minimum threshold in number of packets. The value range of this
argument is from 1 to 4096. When the average queue length reaches
the minimum threshold, Weighted Random Early Detection
(WRED) or distributed WRED (dWRED) randomly drops some
packets with the specified DSCP value.
max-threshold Maximum threshold in number of packets. The value range of this
argument is from the value of the min-threshold argument to 4096.
When the average queue length exceeds the maximum threshold,
WRED or dWRED drops all packets with the specified DSCP value.
max-probability-denominator (Optional) Denominator for the fraction of packets dropped when
the average queue depth is at the maximum threshold. For example,
if the denominator is 512, 1 out of every 512 packets is dropped
when the average queue is at the maximum threshold. The value
range is from 1 to 65536. The default is 10; 1 out of every 10 packets
is dropped at the maximum threshold.
Command Default The default values for the random-detect dscp command are different on Versatile Interface Processor
(VIP)-enabled Cisco 7500 series routers and Catalyst 6000 family switches with a FlexWAN module
(dWRED). All other platforms running WRED have another set of default values. For more information
about random-detect dscp defaults, see the “Usage Guidelines” section.
Release Modification
12.0(15)S This command was integrated into Cisco IOS Release 12.0(15)S in
policy-map class configuration mode only.
12.2(14)S This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
Usage Guidelines Use the random-detect dscp command in conjunction with the random-detect command in interface
configuration mode.
Additionally, the random-detect dscp command is available only if you specified the dscp-based
argument when using the random-detect command in interface configuration mode.
Note The random-detect dscp command is not available at the interface level for Cisco IOS Release 12.1E
or Release 12.0S. The random-detect dscp command is available only in policy-map class
configuration mode in Cisco IOS Release 12.1E.
Defaults for VIP-Enabled Cisco 7500 Series Routers and Catalyst 6000 Family Switches with a FlexWAN Module
For all IP precedence values, the default mark-probability-denominator is 10, and the max-threshold
value is based on the output buffering capacity and the transmission speed of the interface.
The default min-threshold value depends on the IP precedence value. The min-threshold value for IP
precedence 0 corresponds to half of the max-threshold value. The values for the remaining IP precedence
values fall between half the max-threshold and the max-threshold at even intervals.
Unless the maximum and minimum threshold values for the DSCP values are configured by the user, all
DSCP values have the same minimum threshold and maximum threshold values as the value specified
for precedence 0.
Within each AF class, IP packets are marked with one of three possible drop precedence values (binary
2{010}, 4{100}, or 6{110}), which exist as the three lowest bits in the DSCP header. In congested
network environments, the drop precedence value of the packet determines the importance of the packet
within the AF class. Packets with higher drop precedence values are discarded before packets with lower
drop precedence values.
The upper three bits of the DSCP value determine the AF class; the lower three values determine the
drop probability.
Default Values
Table 33 lists the default WRED minimum threshold value for each IP precedence value on the
distributed platforms.
Table 33 Default WRED Minimum Threshold Values for the Distributed Platforms
Minimum Threshold
Class Value (Fraction of
IP Selector Maximum Threshold
(Precedence) (CS) Value Value) Important Notes About the Value
0 cs0 8/16 All DSCP values that are not configured by the
user will have the same threshold values as IP
precedence 0.
1 cs1 9/16 —
2 cs2 10/16 —
3 cs3 11/16 —
4 cs4 12/16 —
5 cs5 13/16 —
6 cs6 14/16 —
7 cs7 15/16 The EF code point will always be equal to IP
precedence 7.
Defaults for Non-VIP-Enabled Cisco 7500 Series Routers and Catalyst 6000 Family Switches with a
FlexWAN Module
All platforms except the VIP-enabled Cisco 7500 series router and the Catalyst 6000 have the default
values shown in Table 34.
If WRED is using the DSCP value to calculate the drop probability of a packet, all 64 entries of the DSCP
table are initialized with the default settings shown in Table 34.
Examples The following example enables WRED to use the DSCP value 8. The minimum threshold for the DSCP
value 8 is 20, the maximum threshold is 40, and the mark probability is 1/10.
random-detect dscp 8 20 40 10
Syntax Description sub-class-val1 DSCP value(s) to which the following WRED profile parameter
specifications are to apply. A maximum of eight subclasses (DSCP values)
sub-class-val2
can be specified per command-line interface (CLI) entry. See the “Usage
sub-class-val3 Guidelines” for a list of valid DSCP values.
sub-class-val4
min-thresh The minimum number of packets allowed in the queue. When the average
queue length reaches the minimum threshold, WRED randomly drops some
packets with the specified DSCP value. Valid minimum threshold values are
1 to 16384.
max-thresh The maximum number of packets allowed in the queue. When the average
queue length exceeds the maximum threshold, WRED drops all packets
with the specified DSCP value. Valid maximum threshold values are 1 to
16384.
mark-prob The denominator for the fraction of packets dropped when the average
queue depth is at the maximum threshold. For example, if the denominator
is 512, 1 out of every 512 packets is dropped when the average queue is at
the maximum threshold. Valid values are 1 to 65535.
Cisco 10000 Series Router
values sub-class-val1 DSCP value(s) to which the following WRED profile parameter
[...[subclass-val8]] specifications are to apply. A maximum of 8 subclasses (DSCP values) can
be specified per CLI entry. The DSCP value can be a number from 0 to 63,
or it can be one of the following keywords: ef, af11, af12, af13, af21, af22,
af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
minimum-thresh Specifies the minimum number of packets allowed in the queue. When the
min-thresh average queue length reaches the minimum threshold, WRED randomly
drops some packets with the specified DSCP value. Valid minimum
threshold values are 1 to 16384.
maximum-thresh Specifies the maximum number of packets allowed in the queue. When the
max-thresh average queue length exceeds the maximum threshold, WRED drops all
packets with the specified DSCP value. Valid maximum threshold values
are 1 to 16384.
mark-probability Specifies the denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the average
queue is at the maximum threshold. Valid values are 1 to 65535.
Command Default For all precedence levels, the mark-prob default value is 10 packets.
Usage Guidelines For ATM interfaces, the Aggregate WRED feature requires that the ATM SPA cards are installed in a
Cisco 7600 SIP-200 carrier card or a Cisco 7600 SIP-400 carrier card.
To configure WRED on an ATM interface, you must use the random-detect aggregate commands; the
standard random-detect commands are no longer supported on ATM interfaces.
Use this command with a random-detect aggregate command within a policy map configuration.
Repeat this command for each set of DSCP values that share WRED parameters.
After the policy map is defined, the policy map must be attached at the virtual circuit (VC) level.
The set of subclass (DSCP precedence) values defined on a random-detect dscp (aggregate) CLI will
be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be
aggregated.
Use the show policy-map interface command to display the statistics for aggregated subclasses.
On the PRE2, the drop counter for each precedence belonging to the default profile only has a drop count
that matches the specific precedence value. Because the PRE2 has a default threshold for the default
profile, the CBQOSMIB displays default threshold values. On the PRE3, the drop counter for each
precedence belonging to the default profile has the aggregate counter of the default profile and not the
individual counter for a specific precedence. The default profile on the PRE3 does not display any
default threshold values in the CBQOSMIB if you do not configure any threshold values for the default
profile.
DSCP Values
You must enter one or more differentiated service code point (DSCP) values. The command may include
any combination of the following:
• numbers (0 to 63) representing differentiated services code point values
• af numbers (for example, af11) identifying specific AF DSCPs
• cs numbers (for example, cs1) identifying specific CS DSCPs
• default—Matches packets with the default DSCP.
• ef—Matches packets with EF DSCP.
For example, if you wanted the DCSP values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the IP DSCP
values must be a successful match criterion, not all of the specified DSCP values), enter the match dscp
0 1 2 3 4 5 6 7 command.
Examples The following example shows how to create a class map named map1 and associate it with the policy
map named map2. The configuration enables WRED to drop map1 packets based on DSCP 8 with a
minimum threshold of 24 and a maximum threshold of 40. The map2 policy map is attached to the
outbound ATM interface 1/0/0.
Router(config-if)# class-map map1
Router(config-cmap)# match access-group 10
Router(config-cmap)# exit
Router(config)# policy-map map2
Router(config-pmap)# class map1
Router(config-pmap-c)# bandwidth 48
Router(config-pmap-c)# random-detect dscp-based
Router(config-pmap-c)# random-detect dscp 8 24 40
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface atm 1/0/0
Router(config-if)# service-policy output map2
The following example shows a DSCP-based aggregate WRED configuration for an ATM interface. Note
that first a policy map named dscp-aggr-wred is defined for the default class, then dscp-based aggregate
WRED is enabled with the random-detect dscp-based aggregate command, then subclasses and
WRED parameter values are assigned in a series of random-detect dscp (aggregate) commands, and,
finally, the policy map is attached at the ATM VC level using the interface and service-policy
commands.
Router(config)# policy-map dscp-aggr-wred
Router(config-pmap)# class class-default
Router(config-pmap-c)# random-detect dscp-based aggregate minimum-thresh 1 maximum-thresh
10 mark-prob 10
!
! Define an aggregate subclass for packets with DSCP values of 0-7 and assign the WRED
! profile parameter values for this subclass
random-detect ecn
To enable explicit congestion notification (ECN), use the random-detect ecn command in policy-map
class configuration mode. To disable ECN, use the no form of this command.
random-detect ecn
no random-detect ecn
Usage Guidelines If ECN is enabled, ECN can be used whether Weighted Random Early Detection (WRED) is based on
the IP precedence value or the differentiated services code point (DSCP) value.
Examples The following example enables ECN in a policy map called “pol1”:
Router(config)# policy-map pol1
Router(config-pmap)# class class-default
Router(config-pmap)# bandwidth per 70
Router(config-pmap-c)# random-detect
Router(config-pmap-c)# random-detect ecn
random-detect exponential-weighting-constant
To configure the Weighted Random Early Detection (WRED) and distributed WRED (DWRED)
exponential weight factor for the average queue size calculation for the queue, use the random-detect
exponential-weighting-constant command in interface configuration mode. To configure the
exponential weight factor for the average queue size calculation for the queue reserved for a class, use
the random-detect exponential-weighting-constant command in policy-map class configuration
mode. To return the value to the default, use the no form of this command.
no random-detect exponential-weighting-constant
Syntax Description exponent Exponent from 1 to 16 used in the average queue size calculation.
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the VIP instead of the Route Switch Processor
(RSP). WRED and DWRED are most useful with protocols like TCP that respond to dropped packets by
decreasing the transmission rate.
Use this command to change the exponent used in the average queue size calculation for the WRED and
DWRED services. You can also use this command to configure the exponential weight factor for the
average queue size calculation for the queue reserved for a class.
Note The default WRED or DWRED parameter values are based on the best available data. We recommend
that you do not change the parameters from their default values unless you have determined that your
applications would benefit from the changed values.
Examples The following example configures WRED on an interface with a weight factor of 10:
interface Hssi0/0/0
description 45Mbps to R1
ip address 10.200.14.250 255.255.255.252
random-detect
random-detect exponential-weighting-constant 10
The following example configures the policy map called policy1 to contain policy specification for the
class called class1. During times of congestion, WRED packet drop is used instead of tail drop. The
weight factor used for the average queue size calculation for the queue for class1 is 12.
! The following commands create the class map called class1:
class-map class1
match input-interface FE0/1
! The following commands define policy1 to contain policy specification for class1:
policy-map policy1
class class1
bandwidth 1000
random-detect
random-detect exponential-weighting-constant 12
The following example configures policy for a traffic class named int10 to configure the exponential
weight factor as 12. This is the weight factor used for the average queue size calculation for the queue
for traffic class int10. WRED packet drop is used for congestion avoidance for traffic class int10, not tail
drop.
policy-map policy12
class int10
bandwidth 2000
random-detect exponential-weighting-constant 12
random-detect flow
To enable flow-based Weighted Random Early Detection (WRED), use the random-detect flow
command in interface configuration mode. To disable flow-based WRED, use the no form of this
command.
random-detect flow
no random-detect flow
Usage Guidelines You must use this command to enable flow-based WRED before you can use the random-detect flow
average-depth-factor and random-detect flow count commands to further configure the parameters of
flow-based WRED.
Before you can enable flow-based WRED, you must enable and configure WRED. For complete
information, refer to the Cisco IOS Quality of Service Solutions Configuration Guide.
Command Description
random-detect flow Sets the multiplier to be used in determining the average depth
average-depth-factor factor for a flow when flow-based WRED is enabled.
random-detect flow count Sets the flow count for flow-based WRED.
random-detect precedence Configures WRED and DWRED parameters for a particular IP
Precedence.
show interfaces Displays the statistical information specific to a serial interface.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.
Syntax Description scaling-factor The scaling factor can be a number from 1 to 16.
Usage Guidelines Use this command to specify the scaling factor that flow-based WRED should use in scaling the number
of buffers available per flow and in determining the number of packets allowed in the output queue for
each active flow. This scaling factor is common to all flows. The outcome of the scaled number of buffers
becomes the per-flow limit.
If this command is not used and flow-based WRED is enabled, the average depth scaling factor defaults
to 4.
A flow is considered nonadaptive—that is, it takes up too much of the resources—when the average flow
depth times the specified multiplier (scaling factor) is less than the depth for the flow, for example:
average-flow-depth * (scaling factor) < flow-depth
Before you use this command, you must use the random-detect flow command to enable flow-based
WRED for the interface. To configure flow-based WRED, you may also use the random-detect flow
count command.
Examples The following example enables flow-based WRED on serial interface 1 and sets the scaling factor for
the average flow depth to 8:
interface Serial1
random-detect
random-detect flow
random-detect flow average-depth-factor 8
Usage Guidelines Before you use this command, you must use the random-detect flow command to enable flow-based
WRED for the interface.
Examples The following example enables flow-based WRED on serial interface 1 and sets the flow threshold
constant to 16:
interface Serial1
random-detect
random-detect flow
random-detect flow count 16
Command Description
random-detect precedence Configures WRED and DWRED parameters for a particular IP
Precedence.
show interfaces Displays the statistical information specific to a serial interface.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing Lists all or selected configured queueing strategies.
random-detect prec-based
Note Effective with Cisco IOS Release 12.4(20)T, the random-detect prec-based command is replaced by
the random-detect precedence-based command. See the random-detect precedence-based command
for more information.
To base weighted random early detection (WRED) on the precedence value of a packet, use the
random-detect prec-based command in policy-map class configuration mode. To disable this feature,
use the no form of this command.
random-detect prec-based
no random-detect prec-based
Usage Guidelines With the random-detect prec-based command, WRED is based on the IP precedence value of the
packet.
Use the random-detect prec-based command before configuring the random-detect precedence
command.
Beginning with Cisco IOS Release 12.4(20)T, use the random-detect precedence command when you
configure a policy map.
Examples The following example shows that random detect is based on the precedence value of a packet:
Router> enable
Router# configure terminal
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth percent 80
Router(config-pmap-c)# random-detect precedence-based
Router(config-pmap-c)# random-detect precedence 2 500 ms 1000 ms
Router(config-pmap-c)# exit
random-detect precedence
To configure Weighted Random Early Detection (WRED) and distributed WRED (DWRED) parameters
for a particular IP Precedence, use the random-detect precedence command in interface configuration
mode. To configure WRED parameters for a particular IP Precedence for a class policy in a policy map,
use the random-detect precedence command in policy-map class configuration mode. To return the
values to the default for the precedence, use the no form of this command.
no random-detect precedence
Syntax Description precedence IP Precedence number. The value range is from 0 to 7. For Cisco 7000
series routers with an RSP7000 interface processor and Cisco 7500
series routers with a VIP2-40 interface processor (VIP2-50 interface
processor strongly recommended), the precedence value range is from
0 to 7 only; see Table 35 in the “Usage Guidelines” section.
rsvp Indicates Resource Reservation Protocol (RSVP) traffic.
min-threshold Minimum threshold in number of packets. The value range of this
argument is from 1 to 4096. When the average queue length reaches
the minimum threshold, WRED randomly drops some packets with
the specified IP Precedence.
max-threshold Maximum threshold in number of packets. The value range of this
argument is from the value of the min-threshold argument to 4096.
When the average queue length exceeds the maximum threshold,
WRED drops all packets with the specified IP Precedence.
max-probability-denominator Denominator for the fraction of packets dropped when the average
queue depth is at the minimum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the
average queue is at the minimum threshold. The value range is from 1
to 65536. The default is 10; 1 out of every 10 packets is dropped at the
minimum threshold.
Command Default For all precedences, the max-probability-denominator default is 10, and the max-threshold is based on
the output buffering capacity and the transmission speed for the interface.
The default min-threshold depends on the precedence. The min-threshold for IP Precedence 0
corresponds to half of the max-threshold. The values for the remaining precedences fall between half the
max-threshold and the max-threshold at evenly spaced intervals. See Table 35 in the “Usage Guidelines”
section of this command for a list of the default minimum threshold values for each IP Precedence.
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
congestion exists. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP).
When you configure the random-detect command on an interface, packets are given preferential
treatment based on the IP Precedence of the packet. Use the random-detect precedence command to
adjust the treatment for different precedences.
If you want WRED or DWRED to ignore the precedence when determining which packets to drop, enter
this command with the same parameters for each precedence. Remember to use reasonable values for
the minimum and maximum thresholds.
Note that if you use the random-detect precedence command to adjust the treatment for different
precedences within class policy, you must ensure that WRED is not configured for the interface to which
you attach that service policy.
Table 35 lists the default minimum threshold value for each IP Precedence.
Note The default WRED or DWRED parameter values are based on the best available data. We recommend
that you do not change the parameters from their default values unless you have determined that your
applications would benefit from the changed values.
The DWRED feature is supported only on Cisco 7000 series routers with an RSP7000 card
and Cisco 7500 series routers with a VIP2-40 or greater interface processor. A VIP2-50 interface
processor is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater
than DS3. A VIP2-50 interface processor is required for OC-3 rates.
To use DWRED, distributed Cisco Express Forwarding (dCEF) switching must first be enabled on the
interface. For more information on dCEF, refer to the Cisco IOS IP Switching Configuration Guide and
the Cisco IOS IP Switching Command Reference.
Examples The following example enables WRED on the interface and specifies parameters for the different IP
Precedences:
interface Hssi0/0/0
description 45Mbps to R1
ip address 10.200.14.250 255.255.255.252
random-detect
random-detect precedence 0 32 256 100
random-detect precedence 1 64 256 100
random-detect precedence 2 96 256 100
random-detect precedence 3 120 256 100
random-detect precedence 4 140 256 100
random-detect precedence 5 170 256 100
random-detect precedence 6 290 256 100
random-detect precedence 7 210 256 100
random-detect precedence rsvp 230 256 100
The following example configures policy for a class called acl10 included in a policy map called
policy10. Class acl101 has these characteristics: a minimum of 2000 kbps of bandwidth are expected to
be delivered to this class in the event of congestion and a weight factor of 10 is used to calculate the
average queue size. For congestion avoidance, WRED packet drop is used, not tail drop. IP Precedence
is reset for levels 0 through 4.
policy-map policy10
class acl10
bandwidth 2000
random-detect
random-detect exponential-weighting-constant 10
random-detect precedence 0 32 256 100
random-detect precedence 1 64 256 100
random-detect precedence 2 96 256 100
random-detect precedence 3 120 256 100
random-detect precedence 4 140 256 100
Syntax Description sub-class-val1 IP precedence value to which the following WRED profile parameter
sub-class-val2 specifications are to apply. Up to four subclasses (IP precedence values) can
sub-class-val3 be specified per command line interface (CLI) entry. The value range is from
sub-class-val4 0 to 7.
min-thresh Minimum threshold (in number of packets) for the subclass(es). Valid values
are from 1 to 12288.
max-thresh Specifies the maximum threshold (in number of packets) for the
subclass(es). Valid values are from the minimum threshold argument to
12288.
mark-prob Specifies the denominator for the fraction of packets dropped when the
average queue depth is at the maximum threshold for the subclass(es). Valid
values are from 1 to 255.
Cisco 10000 Series Router
sub-class-val1 IP precedence value(s) to which the following WRED profile parameter
[...[subclass-val8]] specifications are to apply. A maximum of 8 subclasses (IP precedence
values) can be specified per CLI entry. The value range is from 0 to 7.
minimum-thresh Specifies the minimum number of packets allowed in the queue. When the
min-thresh average queue length reaches the minimum threshold, WRED randomly
drops some packets with the specified IP precedence value. Valid minimum
threshold values are 1 to 16384.
maximum-thresh Specifies the maximum number of packets allowed in the queue. When the
max-thresh average queue length exceeds the maximum threshold, WRED drops all
packets with the specified IP precedence value. Valid maximum threshold
values are 1 to 16384.
mark-probability Specifies the denominator for the fraction of packets dropped when the
mark-prob average queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the average
queue is at the maximum threshold. Valid values are 1 to 65535.
Usage Guidelines For ATM interfaces, the Aggregate WRED feature requires that the ATM SPA cards are installed in a
Cisco 7600 SIP-200 carrier card or a Cisco 7600 SIP-400 carrier card.
To configure WRED on an ATM interface, you must use the random-detect aggregate commands; the
standard random-detect commands are no longer supported on ATM interfaces
Use this command with a random-detect aggregate command within a policy map configuration.
Repeat this command for each set of IP precedence values that share WRED parameters.
After the policy map is defined, the policy map must be attached at the VC level.
The set of subclass (IP precedence) values defined on a random-detect precedence (aggregate) CLI will
be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be
aggregated.
Use the show policy-map interface command to display the statistics for aggregated subclasses.
For the PRE2, the random-detect command specifies the default profile for the queue. For the PRE3,
the aggregate random-detect command is used instead to configure aggregate parameters for WRED.
The PRE3 accepts the PRE2 random-detect command as a hidden CLI.
On the PRE2, accounting for the default profile is per precedence. On the PRE3, accounting and
configuration for the default profile is per class map.
On the PRE2, the default threshold is per precedence for a DSCP or precedence value without an explicit
threshold configuration. On the PRE3, the default threshold is to have no WRED configured.
On the PRE2, the drop counter for each precedence belonging to the default profile only has a drop count
that matches the specific precedence value. Because the PRE2 has a default threshold for the default
profile, the CBQOSMIB displays default threshold values. On the PRE3, the drop counter for each
precedence belonging to the default profile has the aggregate counter of the default profile and not the
individual counter for a specific precedence. The default profile on the PRE3 does not display any
default threshold values in the CBQOSMIB if you do not configure any threshold values for the default
profile.
Command Description
random-detect aggregate Enables aggregate WRED and optionally specifies default WRED
parameter values for a default aggregate class. This default class will
be used for all subclasses that have not been explicitly configured.
service-policy Attaches a policy map to an input interface or VC, or an output
interface or VC, to be used as the service policy for that interface or
VC.
show policy-map interface Displays the configuration of all classes configured for all service
policies on the specified interface or displays the classes for the service
policy for a specific PVC on the interface.
random-detect-group
To define the Weighted Random Early Detection (WRED) or distributed WRED (DWRED) parameter
group, use the random-detect group command in global configuration mode. To delete the WRED or
DWRED parameter group, use the no form of this command.
Syntax Description group-name Name for the WRED or DWRED parameter group.
dscp-based (Optional) Specifies that WRED is to use the differentiated services code
point (DSCP) value when it calculates the drop probability for a packet.
prec-based (Optional) Specifies that WRED is to use the IP Precedence value when it
calculates the drop probability for a packet.
Usage Guidelines WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when
there is congestion. DWRED is similar to WRED but uses the Versatile Interface Processor (VIP) instead
of the Route Switch Processor (RSP). WRED and DWRED are most useful when the traffic uses protocols
such as TCP that respond to dropped packets by decreasing the transmission rate.
The router automatically determines parameters to use in the WRED calculations. If you want to change
these parameters for a group, use the exponential-weighting-constant or precedence command.
Note the following points when deciding which method to instruct WRED to use:
• With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type
of service (ToS) byte) to calculate the drop probability.
• With the prec-based keyword, WRED will use the IP Precedence value to calculate the drop
probability.
• The dscp-based and prec-based keywords are mutually exclusive.
• If neither argument is specified, WRED uses the IP Precedence value to calculate the drop
probability (the default method).
Examples The following example defines the WRED parameter group called sanjose:
random-detect-group sanjose
precedence 0 32 256 100
precedence 1 64 256 100
precedence 2 96 256 100
precedence 3 128 256 100
precedence 4 160 256 100
precedence 5 192 256 100
precedence 6 224 256 100
precedence 7 256 256 100
The following example enables WRED to use the DSCP value 9. The minimum threshold for the DSCP
value 9 is 20 and the maximum threshold is 50. This configuration can be attached to other virtual
circuits (VCs) as required.
Router(config)# random-detect-group sanjose dscp-based
Router(cfg-red-grp)# dscp 9 20 50
Router(config-subif-vc)# random-detect attach sanjose
rate-limit
To configure committed access rate (CAR) and distributed committed access rate (DCAR) policies, use
the rate-limit command in interface configuration mode. To remove the rate limit from the
configuration, use the no form of this command.
Syntax Description input Applies this CAR traffic policy to packets received on this input interface.
output Applies this CAR traffic policy to packets sent on this output interface.
bps Average rate, in bits per second (bps). The value must be in increments of
8 kbps. The value is a number from 8000 to 2000000000.
access-group (Optional) Applies this CAR traffic policy to the specified access list.
acl-index (Optional) Access list number. Values are numbers from 1 to 2699.
rate-limit (Optional) The access list is a rate-limit access list.
rate-limit-acl-index (Optional) Rate-limit access list number. Values are numbers from 0 to 99.
dscp (Optional) Allows the rate limit to be applied to any packet matching a
specified differentiated services code point (DSCP).
dscp-value (Optional) The DSCP number. Values are numbers from 0 to 63.
qos-group (Optional) Allows the rate limit to be applied to any packet matching a
specified qos-group number. Values are numbers from 0 to 99.
qos-group-number (Optional) The qos-group number. Values are numbers from 0 to 99.
burst-normal Normal burst size, in bytes. The minimum value is bps divided by 2000. The
value is a number from 1000 to 512000,000.
burst-max Excess burst size, in bytes. The value is a number from 2000 to 1024000000.
conform-action Action to take on packets that conform to the specified rate limit. Specify one
conform-action of the following keywords:
• continue—Evaluate the next rate-limit command.
• drop—Drop the packet.
• set-dscp-continue—Set the differentiated services codepoint (DSCP)
(0 to 63) and evaluate the next rate-limit command.
• set-dscp-transmit—Transmit the DSCP and transmit the packet.
• set-mpls-exp-imposition-continue—Set the Multiprotocol Label
Switching (MPLS) experimental bits (0 to 7) during imposition and
evaluate the next rate-limit command.
• set-mpls-exp-imposition-transmit—Set the MPLS experimental bits
(0 to 7) during imposition and transmit the packet.
• set-prec-continue—Set the IP precedence (0 to 7) and evaluate the next
rate-limit command.
• set-prec-transmit—Set the IP precedence (0 to 7) and transmit the
packet.
• set-qos-continue—Set the quality of service (QoS) group ID (1 to 99)
and evaluate the next rate-limit command.
• set-qos-transmit—Set the QoS group ID (1 to 99) and transmit the
packet.
• transmit—Transmit the packet.
exceed-action Action to take on packets that exceed the specified rate limit. Specify one of
exceed-action the following keywords:
• continue—Evaluate the next rate-limit command.
• drop—Drop the packet.
• set-dscp-continue—Set the DSCP (0 to 63) and evaluate the next
rate-limit command.
• set-dscp-transmit—Transmit the DSCP and transmit the packet.
• set-mpls-exp-imposition-continue—Set the MPLS experimental bits
(0 to 7) during imposition and evaluate the next rate-limit command.
• set-mpls-exp-imposition-transmit—Set the MPLS experimental bits
(0 to 7) during imposition and transmit the packet.
• set-prec-continue—Set the IP precedence (0 to 7) and evaluate the next
rate-limit command.
• set-prec-transmit—Set the IP precedence (0 to 7) and transmit the
packet.
• set-qos-continue—Set the QoS group ID (1 to 99) and evaluate the next
rate-limit command.
• set-qos-transmit—Set the QoS group ID (1 to 99) and transmit the
packet.
• transmit—Transmit the packet.
Usage Guidelines Use this command to configure your CAR policy on an interface. To specify multiple policies, enter this
command once for each policy.
CAR and DCAR can be configured on an interface or subinterface.
Examples In the following example, the recommended burst parameters for CAR are used:
Router(config)# interface serial6/1/0
Router(config-if)# rate-limit input access-group 1 17000000 3187500 6375000 conform-action
transmit exceed-action drop
• All World Wide Web traffic is transmitted. However, the MPLS experimental field for web traffic
that conforms to the first rate policy is set to 5. For nonconforming traffic, the IP precedence is set
to 0 (best effort). See the following commands in the example:
rate-limit input rate-limit access-group 101 20000000 24000 32000 conform-action
set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
access-list 101 permit tcp any any eq www
• FTP traffic is transmitted with an MPLS experimental field value of 5 if it conforms to the second
rate policy. If the FTP traffic exceeds the rate policy, it is dropped. See the following commands in
the example:
rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop
access-list 102 permit tcp any any eq ftp
• Any remaining traffic is limited to 8 Mbps, with a normal burst size of 1,500,000 bytes and an excess
burst size of 3,000,000 bytes. Traffic that conforms is sent with an MPLS experimental field of 5.
Traffic that does not conform is dropped. See the following command in the example:
rate-limit input 8000000 1500000 3000000 conform-action set-mpls-exp-transmit 5
exceed-action drop
Notice that two access lists are created to classify the web and FTP traffic so that they can be handled
separately by the CAR feature.
Router(config)# interface Hssi0/0/0
Router(config-if)# description 45Mbps to R2
Router(config-if)# rate-limit input rate-limit access-group 101 20000000 3750000 7500000
conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
Router(config-if)# rate-limit input access-group 102 10000000 1875000 3750000
conform-action set-mpls-exp-transmit 5 exceed-action drop
Router(config-if)# rate-limit input 8000000 1500000 3000000 conform-action
set-mpls-exp-transmit 5 exceed-action drop
Router(config-if)# ip address 10.1.1.1 255.255.255.252
!
Router(config-if)# access-list 101 permit tcp any any eq www
Router(config-if)# access-list 102 permit tcp any any eq ftp
In the following example, the MPLS experimental field is set, and the packet is transmitted:
Router(config)# interface FastEthernet1/1/0
Router(config-if)# rate-limit input 8000 1500 3000 access-group conform-action
set mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 5
In the following example, any packet with a DSCP of 1 can apply the rate limit:
Router(config)# interface serial6/1/0
Router(config-if)# rate-limit output dscp 1 8000 1500 3000 conform-action transmit
exceed-action drop
rcv-queue bandwidth
To define the bandwidths for ingress (receive) WRR queues through scheduling weights in interface
configuration command mode, use the rcv-queue bandwidth command. To return to the default
settings, use the no form of this command.
no rcv-queue bandwidth
Syntax Description weight-1 ... weight-n WRR weights; valid values are from 0 to 255.
Usage Guidelines This command is not supported on Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
This command is supported on 2q8t and 8q8t ports only.
You can configure up to seven queue weights.
rcv-queue cos-map
To map the class of service (CoS) values to the standard receive-queue drop thresholds, use the
rcv-queue cos-map command in interface configuration mode. To remove the mapping, use the no form
of this command.
Usage Guidelines The cos-n value is defined by the module and port type. When you enter the cos-n value, note that the
higher values indicate higher priorities.
Use this command on trusted ports only.
Examples This example shows how to map the CoS values 0 and 1 to threshold 1 in the standard receive queue:
Router (config-if)# rcv-queue cos-map 1 1 0 1
cos-map configured on: Gi1/1 Gi1/2
rcv-queue queue-limit
To set the size ratio between the strict-priority and standard receive queues, use the rcv-queue
queue-limit command in interface configuration mode. To return to the default settings, use the no form
of this command.
no rcv-queue queue-limit
Syntax Description q-limit-1 Standard queue weight; valid values are from 1 and 100 percent.
q-limit-2 Strict-priority queue weight; see the “Usage Guidelines” section for valid
values.
Usage Guidelines Valid strict-priority weight values are from 1 to 100 percent, except on 1p1q8t ingress LAN ports, where
valid values for the strict-priority queue are from 3 to 100 percent.
The rcv-queue queue-limit command configures ports on a per-ASIC basis.
Estimate the mix of strict-priority-to-standard traffic on your network (for example, 80-percent standard
traffic and 20-percent strict-priority traffic) and use the estimated percentages as queue weights.
Examples This example shows how to set the receive-queue size ratio for Gigabit Ethernet interface 1/2:
Router# configure terminal
Router(config)# interface gigabitethernet 1/2
Router(config-if)# rcv-queue queue-limit 75 15
Router(config-if)# end
rcv-queue random-detect
To specify the minimum and maximum threshold for the specified receive queues, use the rcv-queue
random-detect command in interface configuration mode. To return to the default settings, use the no
form of this command.
Usage Guidelines This command is supported on 1p1q8t and 8q8t ports only.
The 1p1q8t interface indicates one strict queue and one standard queue with eight thresholds. The 8q8t
interface indicates eight standard queues with eight thresholds. The threshold in the strict-priority queue
is not configurable.
Each threshold has a low- and a high-threshold value. The threshold values are a percentage of the
receive-queue capacity.
For additional information on configuring receive-queue thresholds, refer to the QoS chapter in the
Cisco 7600 Series Router Cisco IOS Software Configuration Guide.
Examples This example shows how to configure the low-priority receive-queue thresholds:
Router (config-if)# rcv-queue random-detect max-threshold 1 60 100
rcv-queue threshold
To configure the drop-threshold percentages for the standard receive queues on 1p1q4t and 1p1q0t
interfaces, use the rcv-queue threshold command in interface configuration mode. To return the
thresholds to the default settings, use the no form of this command.
no rcv-queue threshold
Command Default The defaults for the 1p1q4t and 1p1q0t configurations are as follows:
• Quality of service (QoS) assigns all traffic with class of service (CoS) 5 to the strict-priority queue.
• QoS assigns all other traffic to the standard queue.
The default for the 1q4t configuration is that QoS assigns all traffic to the standard queue.
If you enable QoS, the following default thresholds apply:
• 1p1q4t interfaces have this default drop-threshold configuration:
– Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue.
– Using standard receive-queue drop threshold 1, the Cisco 7600 series router drops incoming
frames with CoS 0 or 1 when the receive-queue buffer is 50 percent or more full.
– Using standard receive-queue drop threshold 2, the Cisco 7600 series router drops incoming
frames with CoS 2 or 3 when the receive-queue buffer is 60 percent or more full.
– Using standard receive-queue drop threshold 3, the Cisco 7600 series router drops incoming
frames with CoS 4 when the receive-queue buffer is 80 percent or more full.
– Using standard receive-queue drop threshold 4, the Cisco 7600 series router drops incoming
frames with CoS 6 or 7 when the receive-queue buffer is 100 percent full.
– Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the Cisco 7600 series
router drops incoming frames only when the strict-priority receive-queue buffer is 100 percent
full.
• 1p1q0t interfaces have this default drop-threshold configuration:
– Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue. The Cisco 7600 series
router drops incoming frames when the receive-queue buffer is 100 percent full.
– Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the Cisco 7600 series
router drops incoming frames only when the strict-priority receive-queue buffer is 100 percent
full.
Note The 100-percent threshold may be actually changed by the module to 98 percent to allow Bridge Protocol
Data Unite (BPDU) traffic to proceed. The BPDU threshold is factory set at 100 percent.
Examples This example shows how to configure the receive-queue drop thresholds for Gigabit Ethernet
interface 1/1:
Router(config-if)# rcv-queue threshold 1 60 75 85 100
recoverable-loss
To enable Enhanced Compressed Real-Time Transport Protocol (ECRTP), use the recoverable-loss
command in IPHC-profile configuration mode. To disable ECRTP, use the no form of this command.
Syntax Description dynamic Indicates that the dynamic recoverable loss calculation is used.
packet-drops Maximum number of consecutive packet drops. Range is from 1 to 8.
ECRPT Functionality
ECRTP reduces corruption by managing the way the compressor updates the context information at the
decompressor. The compressor sends updated context information periodically to keep the compressor
and decompressor synchronized. By repeating the updates, the probability of context corruption because
of packet loss is minimized.
The synchronization of context information between the compressor and the decompressor can be
performed dynamically (by specifying the dynamic keyword) or whenever a specific number of packets
are dropped (by using the packet-drops argument).
The number of packet drops represents the quality of the link between the hosts. The lower the number
of packet drops, the higher the quality of the link between the hosts.
The packet drops value is maintained independently for each context and does not have to be the same
for all contexts.
Note If you specify the number of packet drops with the packet-drops argument, the recoverable-loss
command automatically enables ECRTP.
Examples The following example shows how to configure an IPHC profile called profile2. In this example, ECRTP
is enabled with a maximum number of five consecutive packet drops.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# recoverable-loss 5
Router(config-iphcp)# end
refresh max-period
To set the number of packets sent between full-header refresh occurrences, use the refresh max-period
command in IPHC-profile configuration mode. To use the default number of packets, use the no form of
this command.
no refresh max-period
Syntax Description number-of-packets Number of packets sent between full-header refresh occurrences. Range is
from 0 to 65535. Default is 256.
infinite Indicates no limitation on the number of packets sent between full-header
refresh occurrences.
Command Default The number of packets sent between full-header refresh occurrences is 256.
Usage Guidelines Use the refresh max-period command to set the number of non-TCP packets sent between full-header
refresh occurrences. The refresh max-period command also allows you to specify no limitation on the
number of packets sent between full-header refresh occurrences. To specify no limitation on the number
of packets sent, use the infinite keyword.
Prerequisite
Before you use the refresh max-period command, you must enable non-TCP header compression by
using the non-tcp command.
Examples The following is an example of an IPHC profile called profile2. In this example, the number of packets
sent before a full-header refresh occurrence is 700 packets.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# refresh max-period 700
Router(config-iphcp)# end
refresh max-time
To set the amount of time to wait before a full-header refresh occurrence, use the refresh max-time
command in IPHC-profile configuration mode. To use the default time, use the no form of this command.
no refresh max-time
Syntax Description seconds Length of time, in seconds, to wait before a full-header refresh occurrence.
Range is from 0 to 65535. Default is 5.
infinite Indicates no limitation on the time between full-header refreshes.
Command Default The amount of time to wait before a full-header refresh occurrence is set to 5 seconds.
Usage Guidelines Use the refresh max-time command to set the maximum amount of time to wait before a full-header
refresh occurs. The refresh max-time command also allows you to indicate no limitation on the time
between full-header refresh occurrences. To specify no limitation on the time between full-header
refresh occurrences, use the infinite keyword.
Prerequisite
Before you use the refresh max-time command, you must enable non-TCP header compression by using
the non-tcp command.
Examples The following is an example of an IPHC profile called profile2. In this example, the maximum amount
of time to wait before a full-header refresh occurs is 500 seconds.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# non-tcp
Router(config-iphcp)# refresh max-time 500
Router(config-iphcp)# end
refresh rtp
To enable a context refresh occurrence for Real-Time Transport Protocol (RTP) header compression, use
the refresh rtp command in IPHC-profile configuration mode. To disable a context refresh occurrence
for RTP header compression, use the no form of this command.
refresh rtp
no refresh rtp
Command Default Context refresh occurrences for RTP header compression are disabled.
Usage Guidelines Use the refresh rtp command to enable a context refresh occurrence for RTP header compression. A
context is the state that the compressor uses to compress a header and that the decompressor uses to
decompress a header. The context is the uncompressed version of the last header sent and includes
information used to compress and decompress the packet.
Prerequisite
Before you use the refresh rtp command, you must enable RTP header compression by using the rtp
command.
Examples The following is an example of an IPHC profile called profile2. In this example, the refresh rtp
command is used to enable a context refresh occurrence for RTP header compression.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# rtp
Router(config-iphcp)# refresh rtp
Router(config-iphcp)# end
rtp
To enable Real-Time Transport Protocol (RTP) header compression within an IP Header Compression
(IPHC) profile, use the rtp command in IPHC-profile configuration mode. To disable RTP header
compression within an IPHC profile, use the no form of this command.
rtp
no rtp
Usage Guidelines The rtp command enables RTP header compression and automatically enables non-TCP header
compression (the equivalent of using the non-tcp command).
Examples The following example shows how to configure an IPHC profile called profile2. In this example, RTP
header compression is configured.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 ietf
Router(config-iphcp)# rtp
Router(config-iphcp)# end
Syntax Description client (Optional) Specifies a QDM client to receive the message.
client-id (Optional) Specifies the QDM identification of the client that will receive
the text message.
message Specifies that a message will be sent.
message-text The actual text of the message.
Usage Guidelines Use the send qdm command to send a message to a specific QDM client. For example, entering the send
qdm client 9 message hello command will send the message “hello” to client ID 9.
Use the send qdm message message-text command to send a message to all QDM clients. For example,
entering the send qdm message hello command sends the message “hello” to all open QDM clients.
Examples The following example sends the text message “how are you?” to client ID 12:
send qdm client 12 message how are you?
The following example sends the text message “how is everybody?” to all QDM clients connected to the
router:
send qdm message how is everybody?
service-policy
To attach a policy map to an input interface, a virtual circuit (VC), an output interface, or to a VC that
will be used as the service policy for the interface or VC, use the service-policy command in the
appropriate configuration mode. To remove a service policy from an input or output interface or from an
input or output VC, use the no form of this command.
Syntax Description type access-control Determines the exact pattern to look for in the protocol stack of interest.
input Attaches the specified policy map to the input interface or input VC.
output Attaches the specified policy map to the output interface or output VC.
policy-map-name The name of a service policy map (created using the policy-map command)
to be attached. The name can be a maximum of 40 alphanumeric characters.
history Maintains a history of QoS metrics.
type control Creates a Class–Based Policy Language (CPL) control policy map that is
control-policy-name applied to a context.
Usage Guidelines You can attach a single policy map to one or more interfaces or to one or more VCs to specify the service
policy for those interfaces or VCs.
Currently a service policy specifies class-based weighted fair queueing (CBWFQ). The class policies
that comprise the policy map are then applied to packets that satisfy the class map match criteria for the
class.
To successfully attach a policy map to an interface or ATM VC, the aggregate of the configured
minimum bandwidths of the classes that make up the policy map must be less than or equal to 75 percent
of the interface bandwidth or the bandwidth allocated to the VC.
To enable Low Latency Queuing (LLQ) for Frame Relay (priority queueing [PQ]/CBWFQ), you must
first enable Frame Relay Traffic Shaping (FRTS) on the interface using the frame-relay traffic-shaping
command in interface configuration mode. You then attach an output service policy to the Frame Relay
VC using the service-policy command in map-class configuration mode.
For a policy map to be successfully attached to an interface or ATM VC, the aggregate of the configured
minimum bandwidths of the classes that make up the policy map must be less than or equal to 75 percent
of the interface bandwidth or the bandwidth allocated to the VC. For a Frame Relay VC, the total amount
of bandwidth allocated must not exceed the minimum committed information rate (CIR) configured for
the VC less any bandwidth reserved by the frame-relay voice bandwidth or frame-relay ip rtp
priority map-class commands. If not configured, the minimum CIR defaults to half of the CIR.
Configuring CBWFQ on a physical interface is only possible if the interface is in the default queueing
mode. Serial interfaces at E1 (2.048 Mbps) and below use WFQ by default. Other interfaces use FIFO
by default. Enabling CBWFQ on a physical interface overrides the default interface queueing method.
Enabling CBWFQ on an ATM permanent virtual circuit (PVC) does not override the default queueing
method.
When you attach a service policy with CBWFQ enabled to an interface, commands related to fancy
queueing such as those pertaining to fair queueing, custom queueing, priority queueing, and Weighted
Random Early Detection (WRED) are available using the modular quality of service command line
interface (MQC). However, you cannot configure these features directly on the interface until you
remove the policy map from the interface.
You can modify a policy map attached to an interface or VC, changing the bandwidth of any of the
classes that comprise the map. Bandwidth changes that you make to an attached policy map are effective
only if the aggregate of the bandwidth amounts for all classes comprising the policy map, including the
modified class bandwidth, is less than or equal to 75 percent of the interface bandwidth or the VC
bandwidth. If the new aggregate bandwidth amount exceeds 75 percent of the interface bandwidth or VC
bandwidth, the policy map is not modified.
After you apply the service-policy command to set a class of service (CoS) bit to an Ethernet interface,
the policy is set in motion as long as there is a subinterface that is performing 8021.Q or Inter-Switch
Link (ISL) trunking. Upon reload, however, the service policy is removed from the configuration due to
the following error message:
Process ‘set’ action associated with class-map voip failed: Set cos supported only with
IEEE 802.1Q/ISL interfaces.
For Cisco IOS Release 12.0(22)S and later releases, to enable LLQ for Frame Relay (priority queueing
(PQ)/CBWFQ) on the Cisco 10000 series router, first create a policy map and then assign priority to a
defined traffic class using the priority command. For example, the following sample configuration
shows how to configure a priority queue with a guaranteed bandwidth of 8000 kbps. In the example, the
Business class in the policy map named Gold is configured as the priority queue. The Gold policy also
includes the Non-Business class with a minimum bandwidth guarantee of 48 kbps. The Gold policy is
attached to serial interface 2/0/0 in the outbound direction.
class-map Business
match ip precedence 3
policy-map Gold
class Business
priority
police 8000
class Non-Business
bandwidth 48
interface serial 2/0/0
frame-relay encapsulation
service-policy output Gold
On the PRE2, you can use the service-policy command to attach a QoS policy to an ATM subinterface
or to a PVC. However, on the PRE3, you can attach a QoS policy only to a PVC.
Examples The following example shows how to attach a policy map to a Fast Ethernet interface:
Router(config)# interface fastethernet 5/20
Router(config-if)# service-policy input pmap1
The following example shows how to attach the service policy map called policy9 to data-link
connection identifier (DLCI) 100 on output serial interface 1 and enables LLQ for Frame Relay:
Router(config)# interface Serial1/0.1 point-to-point
Router(config-if)# frame-relay interface-dlci 100
Router(config-if)# class fragment
!
Router(config-if)# map-class frame-relay fragment
Router(config-if)# service-policy output policy9
The following example shows how to attach the service policy map called policy9 to input serial
interface 1:
Router(config)# interface Serial1
Router(config-if)# service-policy input policy9
The following example attaches the service policy map called policy9 to the input PVC called cisco:
Router(config)# pvc cisco 0/34
Router(config)# service-policy input policy9
Router(config)# vbr-nt 5000 3000 500
Router(config)# precedence 4-7
The following example shows how to attach the policy called policy9 to output serial interface 1 to
specify the service policy for the interface and enable CBWFQ on it:
Router(config)# interface serial1
Router(config-if)# service-policy output policy9
The following example attaches the service policy map called policy9 to the output PVC called cisco:
Router(config)# pvc cisco 0/5
Router(config)# service-policy output policy9
Router(config)# vbr-nt 4000 2000 500
Router(config)# precedence 2-3
Note You must be running Cisco IOS Release 12.0(22)S or later releases to attach a policy to a DLCI in this
way. If you are running a release prior to Cisco IOS Release 12.0(22)S, attach the service policy as
described in the previous configuration examples using the Frame Relay legacy commands.
The following example shows how to attach a QoS service policy named bronze to PVC 0/101 on the
ATM subinterface 3/0/0.1 for inbound traffic.
interface atm 3/0/0
atm pxf queuing
interface atm 3/0/0.1
pvc 0/101
service-policy input bronze
The following example shows how to attach a service policy named myQoS to the physical Gigabit
Ethernet interface 1/0/0 for inbound traffic. VLAN 4, configured on the GigabitEthernet
subinterface 1/0/0.3, inherits the service policy of the physical Gigabit Ethernet interface 1/0/0.
interface GigabitEthernet 1/0/0
service-policy input myQoS
interface GigabitEthernet 1/0/0.3
encapsulation dot1q 4
The following example shows how to attach the service policy map called voice to ATM VC 2/0/0 within
a PVC range of a total of 3 PVCs and enable PVC range configuration mode where a point-to-point
subinterface is created for each PVC in the range. Each PVC created as part of the range has the voice
service policy attached to it.
configure terminal
interface atm 2/0/0
range pvc 1/50 1/52
service-policy input voice
The following example shows how to attach the service policy map called voice to ATM VC 2/0/0 within
a PVC range, where every VC created as part of the range has the voice service policy attached to it. The
exception is PVC 1/51, which is configured as an individual PVC within the range and has a different
service policy called data attached to it in PVC-in-range configuration mode.
configure terminal
interface atm 2/0/0
range pvc 1/50 1/52
service-policy input voice
pvc-in-range 1/51
service-policy input data
service-policy (class-map)
To attach a policy map to a class, use the service-policy command in class-map configuration mode. To
remove a service policy from a class, use the no form of this command.
service-policy policy-map
no service-policy
Syntax Description policy-map The name of a service policy map (created using the policy-map command)
to be attached. The name can be a maximum of 40 alphanumeric characters.
Usage Guidelines You can attach a single policy map to one or more classes to specify the service policy for those classes.
This command is only available for the output interface, which is assumed.
Examples In the following example, three policy maps are defined—cust1-classes, cust2-classes, and cust-policy.
The policy maps cust1-classes and cust2-classes have three classes defined—gold, silver, and bronze.
For cust1-classes, gold is configured to use 50 percent of the bandwidth. Silver is configured to use
20 percent of the bandwidth, and bronze is configured to use 15 percent of the bandwidth.
For cust2-classes, gold is configured to use 30 percent of the bandwidth. Silver is configured to use
15 percent of the bandwidth, and bronze is configured to use 10 percent of the bandwidth.
The policy map cust-policy specifies average rate shaping of 384 kbps and assigns the service policy
called cust1-classes to the policy map called cust1-classes. The policy map called cust-policy specifies
peak rate shaping of 512 kbps and assigns the service policy called cust2-classes to the policy map called
cust2-classes.
To configure classes for cust1-classes, use the following commands:
Router(config)# policy-map cust1-classes
Router(config-pmap)# class gold
Router(config-pmap-c)# bandwidth percent 50
Router(config-pmap-c)# exit
To define the customer policy with cust1-classes and cust2-classes and QoS features, use the following
commands:
Router(config)# policy-map cust-policy
Router(config-pmap)# class cust1
Router(config-pmap-c)# shape average 38400
Router(config-pmap-c)# service-policy cust1-classes
Router(config-pmap-c)# exit
Router(config-pmap)# class cust2
Router(config-pmap-c)# shape peak 51200
Router(config-pmap-c)# service-policy cust2-classes
Router(config-pmap-c)# interface Serial 3/2
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# exit
Router(config)# interface serial0/0
Router(config-if)# service out cust-policy
service-policy (control-plane)
To attach a policy map to a control plane for aggregate or distributed control plane services, use the
service-policy command in control-plane configuration mode. To remove a service policy from a control
plane, use the no form of this command.
Syntax Description input Applies the specified service policy to packets that are entering the control
plane.
output Applies the specified service policy to packets that are exiting the control
plane, and enables the router to silently discard packets.
policy-map-name Name of a service policy map (created using the policy-map command) to
be attached. The name can be a maximum of 40 alphanumeric characters.
Usage Guidelines After entering the control-plane command, use the service-policy command to configure a quality of
service (QoS) policy. This policy is attached to the control plane interface for aggregate or distributed
control plane services, and controls the number or rate of packets that are going to the process level.
When you configure output policing on control-plane traffic, using the service-policy output
policy-map-name command, a router is automatically enabled to silently discard packets. Output
policing is supported as follows:
• Supported only in:
– Cisco IOS Release 12.2(25)S and later Cisco IOS 12.2S releases.
– Cisco IOS Release 12.3(4)T and later Cisco IOS 12.3T releases.
– Cisco IOS Release 12.2(18)SXD1 and later Cisco IOS 12.2SX releases.
• Not supported for attaching a QoS policy for distributed control-plane services.
• Not supported on the Cisco 6500 router, Cisco 7500 series, and Cisco 10720 Internet router.
The service-policy output command configures output policing, which is performed in silent mode to
silently discard packets exiting from the control plane according to the attached QoS policy. Silent mode
allows a router that is running Cisco IOS software to operate without sending any system messages. If a
packet that is exiting from the control plane is discarded for output policing, you do not receive an error
message.
Silent mode allows a router that is running Cisco IOS software to operate without sending any system
messages. If a packet that is destined for the router is discarded for any reason, users will not receive an
error message. Some events that will not generate error messages are as follows:
• Traffic that is being transmitted to a port to which the router is not listening
• A connection to a legitimate address and port that is rejected because of a malformed request
Examples The following example shows how to configure trusted hosts with source addresses 10.1.1.1 and 10.1.1.2
to forward Telnet packets to the control plane without constraint, while allowing all remaining Telnet
packets to be policed at the specified rate:
! Allow 10.1.1.1 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.1 any eq telnet
! Allow 10.1.1.2 trusted host traffic.
Router(config)# access-list 140 deny tcp host 10.1.1.2 any eq telnet
! Rate limit all other Telnet traffic.
Router(config)# access-list 140 permit tcp any any eq telnet
! Define class-map “telnet-class.”
Router(config)# class-map telnet-class
Router(config-cmap)# match access-group 140
Router(config-cmap)# exit
Router(config)# policy-map control-plane-policy
Router(config-pmap)# class telnet-class
Router(config-pmap-c)# police 80000 conform transmit exceed drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
! Define aggregate control plane service for the active Route Processor.
Router(config)# control-plane
Router(config-cp)# service-policy input control-plane-policy
Router(config-cp)# exit
The next example shows how to configure trusted networks with source addresses 10.0.0.0 and 10.0.0.2
to receive Internet Control Message Protocol (ICMP) port-unreachable responses without constraint,
while allowing all remaining ICMP port-unreachable to be dropped:
! Allow 10.0.0.0 trusted network traffic.
Router(config)# access-list 141 deny icmp host 10.0.0.0 255.255.255.224 any
port-unreachable
! Allow 10.0.0.2 trusted network traffic.
service-policy policy-map-name
no service-policy policy-map-name
Syntax Description policy-map-name Specifies the name of the predefined policy map to be used as a QoS
policy. The name can be a maximum of 40 alphanumeric characters.
Usage Guidelines This command is used to create hierarchical service policies in policy-map class configuration mode.
This command is different from the service-policy [input | output] policy-map-name command used in
interface configuration mode. The purpose of the service-policy [input | output] policy-map-name is to
attach service policies to interfaces.
The child policy is the previously defined service policy that is being associated with the new service
policy through the use of the service-policy command. The new service policy using the preexisting
service policy is the parent policy.
This command has the following restrictions:
• The set command is not supported on the child policy.
• The priority command can be used in either the parent or the child policy, but not both policies
simultaneously.
• The shape command can be used in either the parent or the child policy, but not both polices
simultaneously on a subinterface.
Examples The following example creates a hierarchical service policy in the service policy called parent:
Router(config)# policy-map child
Router(config-pmap)# class voice
Router(config-pmap-c)# priority 50
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child
FRF.11 and FRF.12 configurations on a Versatile Interface Processor (VIP)-enabled Cisco 7500 series
router often require a hierarchical service policy for configuration. A hierarchical service policy for
FRF.11 and FRF.12 requires the following elements:
1. A traffic class that uses the Voice over Frame Relay (VoFR) protocol as the only match criterion.
2. A traffic policy that insures low latency queueing (LLQ), which is achieved using the priority
command, for all VoFR protocol traffic
3. A traffic policy that defines the shaping parameters and includes the elements listed in element 2.
Element 3 can only be fulfilled through the use of a hierarchical service policy, which is configured
using the service-policy command.
In the following example, element 1 is configured in the traffic class called frf, element 2 is configured
in the traffic policy called llq, and element 3 is configured in the traffic policy called llq-shape.
Router(config)# class-map frf
Router(config-cmap)# match protocol vofr
Router(config-cmap)# exit
Router(config)# policy-map llq
Router(config-pmap)# class frf
Router(config-pmap-c)# priority 2000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map llq-shape
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 1000 128000
Router(config-pmap-c)# service-policy llq
The final step in using a hierarchical service policy for FRF.11 and FRF.12 is using the service policy in
map-class configuration mode. In the following example, the traffic policy called llq-shape is attached
to the map class called frag:
Router(config)# map-class frame-relay frag
Router(config-map-class)# frame-relay fragment 40
Router(config-map-class)# service-policy llq-shape
set atm-clp
To set the cell loss priority (CLP) bit when a policy map is configured, use the set atm-clp command in
policy-map class configuration mode. To remove a specific CLP bit setting, use the no form of this
command.
set atm-clp
no set atm-clp
Command Default The CLP bit is automatically set to 0 when Cisco routers convert IP packets into ATM cells for
transmission through Multiprotocol Label Switching (MPLS)-aware ATM networks.
Usage Guidelines To disable this command, remove the service policy from the interface.
The set atm-clp command works only on platforms that support one of the following adapters: the
Enhanced ATM Port Adapter (PA-A3), the ATM Inverse Multiplexer over ATM Port Adapter with eight
T1 ports (PA-A3-8T1IMA), or the ATM Inverse Multiplexer over ATM Port Adapter with eight E1 ports
(PA-A3-8E1IMA). For more information, refer to the documentation for your specific router.
A policy map containing the set atm-clp command can be attached as an output policy only. The
set atm-clp command does not support packets that originate from the router.
Examples The following example illustrates setting the CLP bit using the set atm-clp command in the policy map:
Router(config)# class-map ip-precedence
Router(config-cmap)# match ip precedence 0 1
Router(config-cmap)# exit
set cos
To set the Layer 2 class of service (CoS) value of an outgoing packet, use the set cos command in
policy-map class configuration mode. To remove a specific CoS value setting, use the no form of this
command.
Release Modification
12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB and
implemented on the Cisco 10000 series router.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
Usage Guidelines CoS packet marking is supported only in the Cisco Express Forwarding switching path.
The set cos command should be used by a router if a user wants to mark a packet that is being sent to a
switch. Switches can leverage Layer 2 header information, including a CoS value marking.
The set cos command can be used only in service policies that are attached in the output direction of an
interface. Packets entering an interface cannot be set with a CoS value.
The match cos and set cos commands can be used together to allow routers and switches to interoperate
and provide quality of service (QoS) based on the CoS markings.
Layer 2 to Layer 3 mapping can be configured by matching on the CoS value because switches already
can match and set CoS values. If a packet that needs to be marked to differentiate user-defined QoS
services is leaving a router and entering a switch, the router should set the CoS value of the packet
because the switch can process the Layer 2 header.
Note If you configure the set cos dscp command, only the first three bits (the class selector bits) of the DSCP
field are used.
Examples In the following example, the policy map called “cos-set” is created to assign different CoS values for
different types of traffic. This example assumes that the class maps called “voice” and “video-data” have
already been created.
Router(config)# policy-map cos-set
Router(config-pmap)# class voice
Router(config-pmap-c)# set cos 1
Router(config-pmap-c)# exit
Router(config-pmap)# class video-data
Router(config-pmap-c)# set cos 2
Router(config-pmap-c)# end
Note The set cos command is applied when you create a service policy in QoS policy-map configuration mode
and attach the service policy to an interface or ATM virtual circuit (VC). For information on attaching a
service policy, refer to the “Modular Quality of Service Command-Line Interface Overview” chapter of
the Cisco IOS Quality of Service Solutions Configuration Guide.
Command Default P bits are copied from the outer provider-edge VLAN tag.
Usage Guidelines This command is supported on the Gigabit Ethernet WAN interfaces on Cisco 7600 series routers that
are configured with an Optical Service Module (OSM)-2+4GE-WAN+ OSM module only.
OSMs are not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 32.
The 802.1P prioritization bits are used in the VLAN tag for QoS processing.
When the router copies the double-tagged QinQ packets to the destination interface, by default it uses
the P bits from the outer (provider) VLAN tag. To preserve the P bits that are in the inner (customer)
VLAN tag, use the set cos cos-inner command.
For the set cos cos-inner command to be effective, you must configure the appropriate interface or
subinterface as a trusted interface using the mls qos trust command. Otherwise, the interface or
subinterface defaults to being untrusted, where the Layer 2 interface zeroes out the P bits of the incoming
packets before the set cos cos-inner command can copy them to the outer VLAN tag.
The set cos cos-inner command is supported only for the subinterfaces that are configured with an inner
(customer) VLAN. The set cos cos-inner command is not supported for the subinterfaces that use the
out-range keyword on the bridge-domain (subinterface configuration) command or that are not
configured with any form of the bridge-domain (subinterface configuration) command.
This behavior remains when you configure the set cos cos-inner command on a policy that is applied to
a main interface. The set cos cos-inner command affects the subinterfaces that are configured with a
specific inner VLAN but it does not affect the subinterfaces that are not configured with any VLAN or
that are configured with the out-range keyword.
Examples This example shows how to configure a policy map for voice traffic that uses the P bits from the inner
VLAN tag:
Router(config-cmap)# set cos cos-inner
This example shows how to configure the default policy map class to reset to its default value:
Router(config-cmap)# no set cos cos-inner
This example shows the system message that appears when you attempt to apply a policy to a
subinterface that is configured with the bridge-domain (subinterface configuration) command:
Router(config-if)# bridge-vlan 32 dot1q-tunnel out-range
Router(config-if)# service-policy output cos1
%bridge-vlan 32 does not have any inner-vlan configured. 'set cos cos-inner' is not
supported
set cos-inner
To mark the inner class of service field in a bridged frame, use the set cos-inner command in policy-map
class configuration mode. To remove marking of the inner CoS field, use the no form of this command.
Usage Guidelines This command was introduced in Cisco IOS Release 12.2(33)SRA to support marking of the inner CoS
value when using multipoint bridging (MPB) features on the Enhanced FlexWAN module, and when
using MPB features on SPAs with the Cisco 7600 SIP-200 and Cisco 7600 SIP-400 on the Cisco 7600
series router.
This command is not supported on the Cisco 7600 SIP-600.
On the Cisco 7600 SIP-200, this command is not supported with the set cos command on the same
interface.
For more information about QoS and the forms of marking commands supported by the SIPs on the
Cisco 7600 series router, refer to the Cisco 7600 Series SIP, SSC, and SPA Software Configuration
Guide.
Examples The following example shows configuration of a QoS class that filters all traffic matching on VLAN 100
into a class named “vlan-inner-100.” The configuration shows the definition of a policy-map (also named
“vlan-inner-100”) that marks the inner CoS with a value of 3 for traffic in the vlan-inner-100 class. Since
marking of the inner CoS value is only supported with bridging features, the configuration also shows
the service policy being applied as an output policy to a serial SPA interface that bridges traffic into
VLAN 100 using the bridge-domain command:
Router(config)# class-map match-all vlan-inner-100
Router(config-cmap)# match vlan inner 100
Router(config-cmap)# exit
Router(config)# policy-map vlan-inner-100
Router(config-pmap)# class vlan-inner-100
Router(config-pmap-c)# set cos-inner 3
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Usage Guidelines This command was introduced in Cisco IOS Release 12.2(33)SRB and is limited to policies that are
applied to the EVC service instances.
For classification, the reference to the outer and inner tags is made to the frames as seen on the wire -
that is, for ingress frames, tags prior to the "rewrite", while the for egress, it is after the "rewrite" of the
tags, if any.
For marking, the reference to the outer COS at the ingress is to the DBUS-COS and reference to the inner
is to the COS in the first tag on the frame; while, at the egress, the reference to outer and inner COS is
to the ones in the frame.
Examples The following example matches on outer COS 3 and 4 and copies the outer COS to the inner COS.
Router(config)# class-map cos3_4
Router(config-cmap)# match cos 3 4
Router(config)# policy-map mark-it-in
Router(config-pmap)# class cos3_4
Router(config-pmap-c)# set cos-inner cos
Command Description
policy-map Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
class (policy-map) Specifies the name of the class whose policy you want to create or change,
and the default class (commonly known as the class-default class) before you
configure its policy.
service-policy Attaches a policy map to an input interface or virtual circuit (VC) or an
output interface or VC, to be used as the service policy for that interface or
VC.
set discard-class
To mark a packet with a discard-class value, use the set discard-class command in QoS policy-map
configuration mode. To prevent the discard-class value of a packet from being altered, use the no form
of this command.
Syntax Description value Specifies per-hop behavior (PHB) for dropping traffic. The value sets the
priority of a type of traffic. Valid values are numbers from 0 to 7.
Command Default If you do not enter this command, the packet has a discard-class value of 0.
Usage Guidelines The discard class value indicates the discard portion of the PHB. Use the set discard-class command
only in DiffServ Tunneling Pipe mode. The discard class value is required when the input PHB marking
will be used to classify packets on the output interface.
You can also use this command to specify the type of traffic that will be dropped when there is
congestion.
Examples The following example shows that traffic will be set to the discard-class value of 2:
set discard-class 2
set dscp
To mark a packet by setting the differentiated services code point (DSCP) value in the type of service
(ToS) byte, use the set dscp command in policy-map class configuration mode. To remove a previously
set DSCP value, use the no form of this command.
Syntax Description ip (Optional) Specifies that the match is for IPv4 packets only. If not used, the
match is on both IPv4 and IPv6 packets.
dscp-value A number from 0 to 63 that sets the DSCP value. The following reserved
keywords can be specified instead of numeric values:
• EF (expedited forwarding)
• AF11 (assured forwarding class AF11)
• AF12 (assured forwarding class AF12)
from-field Specific packet-marking category to be used to set the DSCP value of the
packet. If you are using a table map for mapping and converting
packet-marking values, this establishes the “map from” packet-marking
category. Packet-marking category keywords are as follows:
• cos
• qos-group
table (Optional) Used in conjunction with the from-field argument. Indicates that
the values set in a specified table map will be used to set the DSCP value.
table-map-name (Optional) Used in conjunction with the table keyword. Name of the table
map used to specify the DSCP value. The name can be a maximum of 64
alphanumeric characters.
Usage Guidelines Once the DSCP bit is set, other quality of service (QoS) features can then operate on the bit settings.
Note The CoS field is a three-bit field, and the DSCP field is a six-bit field. If you configure the set dscp cos
command, only the three bits of the CoS field will be used.
If you configure the set dscp qos-group command, the QoS group value will be copied and used as the
DSCP value.
The valid value range for the DSCP is a number from 0 to 63. The valid value range for the QoS group
is a number from 0 to 99. Therefore, when configuring the set dscp qos-group command, note the
following points:
• If a QoS group value falls within both value ranges (for example, 44), the packet-marking value will
be copied and the packets will be marked.
• If QoS group value exceeds the DSCP range (for example, 77), the packet-marking value will not
be copied and the packet will not be marked. No action is taken.
The set dscp command is applied when you create a service policy in QoS policy-map configuration
mode. This service policy is not yet attached to an interface. For information on attaching a service
policy to an interface, refer to the “Modular Quality of Service Command-Line Interface” section of the
Cisco IOS Quality of Service Solutions Configuration Guide.
set fr-de
To change the discard eligible (DE) bit setting in the address field of a Frame Relay frame to 1 for all
traffic leaving an interface, use the set fr-de command in policy-map class command. To remove the DE
bit setting, use the no form of this command.
set fr-de
no set fr-de
Defaults The DE bit is usually set to 0. This command changes the DE bit setting to 1.
Usage Guidelines To disable this command in a traffic policy, use the no set fr-de command in policy-map class
configuration mode of the traffic policy.
If the DE bit is already set to 1, no changes are made to the frame.
Examples The following example shows how to set the DE bit using the set fr-de command in the traffic policy.
The router sets the DE bit of outbound packets belonging to the ip-precedence class.
Router(config)# class-map ip-precedence
Router(config-cmap)# match ip precedence 0 1
Router(config-cmap)# exit
Router(config)# policy-map set-de
Router(config-pmap)# class ip-precedence
Router(config-pmap-c)# set fr-de
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface serial 1/0/0
Router(config-if)# no ip address
Router(config-if)# encapsulation frame-relay
Router(config-if)# interface serial 1/0/0.1
Router(config-subif)# ip address 10.1.1.1 255.255.255.252
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# service-policy output set-de
set ip dscp
The set ip dscp command is replaced by the set dscp command. See the set dscp command for more
information.
Syntax Description ip-dscp-value IP DSCP value; valid values are from 0 to 63. See the “Usage Guidelines”
section for additional information.
Usage Guidelines You can enter reserved keywords EF (expedited forwarding), AF11 (assured forwarding class AF11),
and AF12 (assured forwarding class AF12) instead of numeric values for ip-dscp-value.
After the IP DSCP bit is set, other quality of service (QoS) features can operate on the bit settings.
You cannot mark a packet by the IP precedence using the set ip precedence (policy-map configuration)
command and then mark the same packet with an IP DSCP value using the set ip dscp command.
The network gives priority (or some type of expedited handling) to marked traffic. Typically, you set IP
precedence at the edge of the network (or administrative domain); data is queued based on the
precedence. Weighted Fair Queueing (WFQ) can speed up handling for high-precedence traffic at
congestion points. Weighted Random Early Detection (WRED) ensures that high-precedence traffic has
lower loss rates than other traffic during traffic congestion.
The set ip precedence (policy-map configuration) command is applied when you create a service policy
in QoS policy-map configuration mode. This service policy is not attached to an interface or to an ATM
virtual circuit. See the service-policy command for information on attaching a service policy to an
interface.
Examples This example shows how to set the IP DSCP ToS byte to 8 in the policy map called policy1:
Router(config)# policy-map policy1
Router(config-cmap)# class class1
Router(config-cmap)# set ip dscp 8
All packets that satisfy the match criteria of class1 are marked with the IP DSCP value of 8. How packets
that are marked with the IP DSCP value of 8 are treated is determined by the network configuration.
This example shows that after you configure the settings that are shown for voice packets at the edge of
the network, all intermediate routers are then configured to provide low-latency treatment to the voice
packets:
Router(config)# class-map voice
Router(config-cmap)# match ip dscp ef
Router(config)# policy qos-policy
Router(config-cmap)# class voice
Router(config-cmap)# priority 24
Syntax Description dscp-value Number from 0 to 63 that identifies the tunnel header value. The following
reserved keywords can be specified instead of numeric values:
• EF (expedited forwarding)
• AF11 (assured forwarding class AF11)
Usage Guidelines It is possible to configure L2TPv3 (or GRE) tunnel marking and the ip tos command at the same time.
However, Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) (L2TPv3 or GRE)
tunnel marking has higher priority over ip tos commands, meaning that tunnel marking always rewrites
the IP header of the tunnel packet and overwrites the values set by ip tos commands. The order of
enforcement is as follows when these commands are used simultaneously:
1. set ip dscp tunnel or set ip precedence tunnel (L2TPv3 or GRE tunnel marking)
2. ip tos reflect
3. ip tos tos-value
This is the designed behavior. We recommend that you configure only L2TPv3 (or GRE) tunnel marking
and reconfigure any peers configured with the ip tos command to use L2TPv3 (or GRE) tunnel marking.
Note For Cisco IOS Release 12.4(15)T2, marking GRE-tunneled packets is supported only on platforms
equipped with a Cisco RPM-XF.
Examples The following example shows the set ip dscp tunnel command used in a tunnel marking configuration.
In this example, a class map called “class-cl” has been configured to match traffic on the basis of the
Frame Relay discard eligible (DE) bit setting. Also, a policy map called “policy1” has been created
within which the set ip dscp tunnel command has been configured.
Router> enable
Router# configure terminal
Router(config)# class-map class-c1
Router(config-cmap)# match fr-de
Router(config-cmap)# exit
Router(config)# policy-map policy1
Router(config-pmap)# class tunnel
Router(config-pmap-c)# set ip dscp tunnel 5
Router(config-pmap-c)# end
Note The policy map must still be attached to an interface or ATM PVC using the service-policy command.
For more information about attaching a policy map to an interface or ATM PVC, see the “Applying QoS
Features Using the MQC” module of the Cisco IOS Quality of Service Solutions Configuration Guide.
no set ip precedence
Syntax Description ip-precedence-value Precedence-bit value in the IP header; valid values are from 0 to 7. See
Table 38 for a list of value definitions.
Usage Guidelines Table 38 lists the value definitions for precedence values in the IP header. They are listed from least to
most important.
Values Definitions
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet
7 network
After the IP precedence bits are set, other quality of service (QoS) features, such as Weighted Fair
Queueing (WFQ) and Weighted Random Early Detection (WRED), operate on the bit settings.
The network priorities (or some type of expedited handling) mark traffic through the application of WFQ
or WRED at points downstream in the network. Typically, you set IP precedence at the edge of the
network (or administrative domain); data is queued based on the precedence. WFQ can speed up
handling for certain precedence traffic at congestion points. WRED can ensure that certain precedence
traffic has lower loss rates than other traffic during traffic congestion.
The set ip precedence command is applied when you create a service policy in policy-map configuration
mode. This service policy is not attached to an interface or to an ATM virtual circuit. See the
service-policy command for information on attaching a service policy to an interface.
Examples This example shows how to set the IP precedence to 5 for packets that satisfy the match criteria of the
class map called class1:
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# set ip precedence 5
All packets that satisfy the match criteria of class1 are marked with the IP precedence value of 5. How
packets that are marked with the IP-precedence value of 5 are treated is determined by the network
configuration.
no set ip precedence
Syntax Description number | name (Optional) A number or name that sets the precedence bits in the IP header.
The values for the number argument and the corresponding name argument
are listed in Table 39 from least to most important.
Usage Guidelines Table 39 lists the values for the number argument and the corresponding name argument for precedence
values in the IP header. They are listed from least to most important.
Number Name
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet
7 network
You can set the precedence using either a number or the corresponding name. Once the IP Precedence
bits are set, other QoS services such as weighted fair queueing (WFQ) and Weighted Random Early
Detection (WRED) then operate on the bit settings.
The network gives priority (or some type of expedited handling) to marked traffic through the application
of WFQ or WRED at points downstream in the network. Typically, you set IP Precedence at the edge of
the network (or administrative domain); data then is queued based on the precedence. WFQ can speed
up handling for certain precedence traffic at congestion points. WRED can ensure that certain
precedence traffic has lower loss rates than other traffic during times of congestion.
The mapping from arguments such as routine and priority to a precedence value is useful only in some
instances. That is, the use of the precedence bit is evolving. You can define the meaning of a precedence
value by enabling other features that use the value. In the case of the high-end Internet QoS available
from Cisco, IP Precedences can be used to establish classes of service that do not necessarily correspond
numerically to better or worse handling in the network.
Use the route-map (IP) global configuration command with the match and set route-map configuration
commands to define the conditions for redistributing routes from one routing protocol into another, or
for policy routing. Each route-map command has an associated list of match and set commands. The
match commands specify the match criteria—the conditions under which redistribution or policy
routing is allowed for the current route-map command. The set commands specify the set actions—the
particular redistribution or policy routing actions to perform if the criteria enforced by the match
commands are met. The no route-map command deletes the route map.
The set route-map configuration commands specify the redistribution set actions to be performed when
all of the match criteria of a route map are met.
Examples The following example sets the IP Precedence to 5 (critical) for packets that pass the route map match:
interface serial 0
ip policy route-map texas
route-map texas
match length 68 128
set ip precedence 5
Syntax Description precedence-value Number from 0 to 7 that identifies the precedence value of the tunnel header.
Usage Guidelines It is possible to configure L2TPv3 (or GRE) tunnel marking and the ip tos command at the same time.
However, Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC) (L2TPv3 or GRE)
tunnel marking has higher priority over ip tos commands, meaning that tunnel marking always rewrites
the IP header of the tunnel packet and overwrites the values set by ip tos commands. The order of
enforcement is as follows when these commands are used simultaneously:
1. set ip dscp tunnel or set ip precedence tunnel (L2TPv3 or GRE tunnel marking)
2. ip tos reflect
3. ip tos tos-value
This is the designed behavior. We recommend that you configure only L2TPv3 (or GRE) tunnel marking
and reconfigure any peers configured with the ip tos command to use L2TPv3 (or GRE) tunnel marking.
Note For Cisco IOS Release 12.4(15)T2, marking GRE-tunneled packets is supported only on platforms
equipped with a Cisco RPM-XF.
Examples The following example shows the set ip precedence tunnel command used in a tunnel marking
configuration. In this example, a class map called “MATCH_FRDE” has been configured to match traffic
on the basis of the Frame Relay discard eligible (DE) bit setting. Also, a policy map called “policy1” has
been created within which the set ip precedence tunnel command has been configured.
Router> enable
Router# configure terminal
Router(config)# class-map MATCH_FRDE
Router(config-cmap)# match fr-de
Router(config-cmap)# exit
Router(config)# policy-map policy1
Router(config-pmap)# class tunnel
Router(config-pmap-c)# set ip precedence tunnel 7
Router(config-pmap-c)# end
Note The policy map must still be attached to an interface or ATM PVC using the service-policy command.
For more information about attaching a policy map to an interface or ATM PVC, see the “Applying QoS
Features Using the MQC” module of the Cisco IOS Quality of Service Solutions Configuration Guide.
no set ip tos
Syntax Description tos-bit-value (Optional) A value (number) from 0 to 15 that sets the ToS bits in the IP
header. See Table 40 for more information.
max-reliability (Optional) Sets the maximum reliability ToS bits to 2.
max-throughput (Optional) Sets the maximum throughput ToS bits to 4.
min-delay (Optional) Sets the minimum delay ToS bits to 8.
min-monetary-cost (Optional) Sets the minimum monetary cost ToS bits to 1.
normal (Optional) Sets the normal ToS bits to 0.
Usage Guidelines This command allows you to set four bits in the ToS byte header. Table 40 shows the format of the four
bits in binary form.
T3 T2 T1 T0 Description
0 0 0 0 0 normal forwarding
0 0 0 1 1 minimum monetary cost
0 0 1 0 2 maximum reliability
0 1 0 0 4 maximum throughput
1 0 0 0 8 minimum delay
The T3 bit sets the delay. Setting T3 to 0 equals normal delay, and setting it to 1 equals low delay.
The T2 bit sets the throughput. Setting this bit to 0 equals normal throughput, and setting it to 1 equals
maximum throughput. Similarly, the T1 and T0 bits set reliability and cost, respectively. Therefore, as
an example, if you want to set a packet with the following requirements:
minimum delay T3 = 1
normal throughput T2 = 0
normal reliability T1 = 0
minimum monetary cost T0 = 1
You would set the ToS to 9, which is 1001 in binary format.
Use the route-map (IP) global configuration command with the match and set (route-map)
configuration commands to define the conditions for redistributing routes from one routing protocol into
another, or for policy routing. Each route-map command has an associated list of match and set
commands. The match commands specify the match criteria—the conditions under which redistribution
or policy routing is allowed for the current route-map command. The set commands specify the set
actions—the particular redistribution or policy routing actions to perform if the criteria enforced by the
match commands are met. The no route-map command deletes the route map.
The set (route-map) commands specify the redistribution set actions to be performed when all of the
match criteria of a route map are met.
Examples The following example sets the IP ToS bits to 8 (minimum delay as shown in Table 40) for packets that
pass the route-map match:
interface serial 0
ip policy route-map texas
!
route-map texas
match length 68 128
set ip tos 8
!
set precedence
To set the precedence value in the packet header, use the set precedence command in policy-map class
configuration mode. To remove the precedence value, use the no form of this command.
Syntax Description precedence-value A number from 0 to 7 that sets the precedence bit in the packet header.
from-field Specific packet-marking category to be used to set the precedence value of
the packet. If you are using a table map for mapping and converting
packet-marking values, this argument value establishes the “map from”
packet-marking category. Packet-marking category keywords are as follows:
• cos
• qos-group
table (Optional) Indicates that the values set in a specified table map will be used
to set the precedence value.
table-map-name (Optional) Name of the table map used to specify a precedence value based
on the class of service (CoS) value. The name can be a maximum of 64
alphanumeric characters.
Bit Settings
Once the precedence bits are set, other quality of service (QoS) features such as weighted fair queueing
(WFQ) and Weighted Random Early Detection (WRED) then operate on the bit settings.
Precedence Value
The network gives priority (or some type of expedited handling) to marked traffic through the application
of WFQ or WRED at points downstream in the network. Typically, you set the precedence value at the
edge of the network (or administrative domain); data then is queued according to the specified
precedence. WFQ can speed up handling for certain precedence traffic at congestion points. WRED can
ensure that certain precedence traffic has lower loss rates than other traffic during times of congestion.
The set precedence command cannot be used with the set dscp command to mark the same packet. The
two values, differentiated services code point (DSCP) and precedence, are mutually exclusive. A packet
can have one value or the other, but not both.
Examples In the following example, the policy map named policy-cos is created to use the values defined in a table
map named table-map1. The table map named table-map1 was created earlier with the table-map (value
mapping) command. For more information about the table-map (value mapping) command, see the
table-map (value mapping) command page.
In this example, the precedence value will be set according to the CoS value defined in table-map1.
Router(config)# policy-map policy-cos
Router(config-pmap)# class class-default
Router(config-pmap-c)# set precedence cos table table-map1
Router(config-pmap-c)# end
The set precedence command is applied when you create a service policy in QoS policy-map
configuration mode. This service policy is not yet attached to an interface or to an ATM virtual circuit.
For information on attaching a service policy to an interface, refer to the “Modular Quality of Service
Command-Line Interface Overview” chapter of the Cisco IOS Quality of Service Solutions
Configuration Guide.
Command Description
show table-map Displays the configuration of a specified table map or all table maps.
table-map (value Creates and configures a mapping table for mapping and converting one
mapping) packet-marking value to another.
set qos-group
To set a quality of service (QoS) group identifier (ID) that can be used later to classify packets, use the
set qos-group command in policy-map class configuration mode. To remove the group ID, use the no
form of this command.
Release Modification
12.2(13)T This command can now be used with the random-detect
discard-class-based command, and this command was modified for the
Enhanced Packet Marking feature. A mapping table (table map) can now be
used to convert and propagate packet-marking values.
12.2(18)SXE This command was integrated into Cisco IOS 12.2(18)SXE, and the cos
keyword was added.
12.2(31)SB This command was integrated into Cisco IOS Release 12.2(31)SB.
Usage Guidelines The set qos-group command allows you to associate a group ID with a packet. The group ID can be used
later to classify packets into QoS groups based as prefix, autonomous system, and community string.
A QoS group and discard class are required when the input per-hop behavior (PHB) marking will be used
for classifying packets on the output interface.
Note The set qos-group cos and set qos-group precedence commands are equivalent to the mls qos trust cos
and mls qos trust prec commands.
Tip The set qos-group command cannot be applied until you create a service policy in policy-map
configuration mode and then attach the service policy to an interface or ATM virtual circuit (VC). For
information on attaching a service policy, refer to the “Modular Quality of Service Command-Line
Interface Overview” chapter of the Cisco IOS Quality of Service Solutions Configuration Guide.
Examples The following example shows how to set the QoS group to 1 for all packets that match the class map
called class 1. These packets are then rate limited on the basis of the QoS group ID.
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# set qos-group 1
Router(config-pmap-c)# end
The following example shows how to set the QoS group value based on the packet’s original 802.1P CoS
value:
Router(config)# policy map policy1
Router(config-pmap)# class class-default
Router(config-pmap-c)# set qos-group cos
Router(config-pmap-c)# end
shape
To specify average or peak rate traffic shaping, use the shape command in class-map configuration
mode. To remove traffic shaping, use the no form of this command.
Usage Guidelines Traffic shaping limits the rate of transmission of data. In addition to using a specifically configured
transmission rate, you can use Generic Traffic Shaping (GTS) to specify a derived transmission rate
based on the level of congestion.
You can specify two types of traffic shaping; average rate shaping and peak rate shaping. Average rate
shaping limits the transmission rate to the CIR. Using the CIR ensures that the average amount of traffic
being sent conforms to the rate expected by the network.
Peak rate shaping configures the router to send more traffic than the CIR. To determine the peak rate,
the router uses the following formula:
peak rate = CIR(1 + Be / Bc)
where:
• Be is the Excess Burst size.
• Bc is the Committed Burst size.
Peak rate shaping allows the router to burst higher than average rate shaping. However, using peak rate
shaping, the traffic sent above the CIR (the delta) could be dropped if the network becomes congested.
If your network has additional bandwidth available (over the provisioned CIR) and the application or
class can tolerate occasional packet loss, that extra bandwidth can be exploited through the use of peak
rate shaping. However, there may be occasional packet drops when network congestion occurs. If the
traffic being sent to the network must strictly conform to the configured network provisioned CIR, then
you should use average traffic shaping.
Examples The following example sets the uses average rate shaping to ensure a bandwidth of 256 kbps:
shape average 256000
The following example uses peak rate shaping to ensure a bandwidth of 300 kbps but allow throughput
up to 512 kbps if enough bandwidth is available on the interface:
bandwidth 300
shape peak 512000
shape (percent)
To specify average or peak rate traffic shaping on the basis of a percentage of bandwidth available on an
interface, use the shape command in policy-map class configuration mode. To remove traffic shaping,
use the no form of this command.
Examples The following example configures traffic shaping using an average shaping rate on the basis of a
percentage of bandwidth. In this example, 25 percent of the bandwidth has been specified. Additionally,
an optional be value and bc value (100 ms and 400 ms, respectively) have been specified.
Router> enable
Router# configure terminal
Router(config)# policy-map policy1
After the policy map and class maps are configured, the policy map is attached to interface as shown in
the following example.
Router> enable
Router# configure terminal
Router(config)# interface serial4/0
Router(config-if)# service-policy input policy1
Router(config-if)# end
shape [average | peak] mean-rate [burst-size] [excess-burst-size] account {qinq | dot1q} aal5
{subscriber-encapsulation | {user-defined offset}}
no shape [average | peak] mean-rate [burst-size] [excess-burst-size] account {qinq | dot1q} aal5
{subscriber-encapsulation | {user-defined offset}}
shape [average | peak] mean-rate [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation]
no shape [average | peak] mean-rate [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation]
shape [average] mean-rate [unit] [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation
no shape [average] mean-rate [unit] [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5
subscriber-encapsulation
shape [average] mean-rate [burst-size] [excess-burst-size] account {{{qinq | dot1q} {aal5 | aal3}
{subscriber-encapsulation}} | {user-defined offset [atm]}}
Syntax Description average (Optional) Committed Burst (Bc) is the maximum number of bits sent
out in each interval.
peak (Optional) Bc + Excess Burst (Be) is the maximum number of bits
sent out in each interval.
Note The router configures the offset size if you do not specify the
user-defined offset option.
atm Applies ATM cell tax in the ATM overhead calculation.
Note For the Cisco 7300 and Cisco 7600 series routers, the atm
keyword is not supported.
Note Configuring both the offset and atm options adjusts the
packet size to the offset size and then adds ATM cell tax.
Command Default When the excess burst size (Be) is not configured, the default Be value is equal to the committed burst
size (Bc). For more information about burst size defaults, see the “Usage Guidelines” section.
Traffic shaping overhead accounting for ATM is disabled.
Release Modification
12.2(31)SB2 This command was enhanced for ATM overhead accounting and
implemented on the Cisco 10000 series router for the PRE3.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX This command is supported in the Cisco IOS Release 12.2SX train.
Support in a specific 12.2SX release of this train depends on your
feature set, platform, and platform hardware.
12.2(31)SB6 This command was enhanced to specify an offset size when
calculating ATM overhead and implemented on the Cisco 10000
series router for the PRE3.
12.2(33)SRC Support for the Cisco 7600 series router was added.
12.2(33)SB Support for the Cisco 7300 series router was added.
Usage Guidelines The measurement interval is the committed burst size (Bc) divided by committed information rate (CIR).
Bc cannot be set to 0. If the measurement interval is too large (greater than 128 milliseconds), the system
subdivides it into smaller intervals.
If you do not specify the committed burst size (Bc) and the excess burst size (Be), the algorithm decides
the default values for the shape entity. The algorithm uses a 4 milliseconds measurement interval, so Bc
is CIR * (4 / 1000).
Burst sizes larger than the default committed burst size (Bc) need to be explicitly specified. The larger
the Bc, the longer the measurement interval. A long measurement interval may affect voice traffic
latency, if applicable.
When the excess burst size (Be) is not configured, the default value is equal to the committed burst size
(Bc).
On the PRE3, you only need to specify a shape rate. Because the unit is always bps on the PRE3, the unit
argument is not available. Valid values for the shape rate are from 1000 to 2488320000.
shape 1000
The PRE3 accepts the PRE2 shape command as a hidden command. However, the PRE3 rejects the
PRE2 shape command if the specified rate is outside the valid PRE3 shape rate range (1000 to
2488320000).
Traffic Shaping Overhead Accounting for ATM (Cisco 7300 Series Router, Cisco 7600 Series Router, and Cisco
10000 Series Router)
When configuring ATM overhead accounting on the Cisco 7300 series router, the Cisco 7600 series
router, or the Cisco 10000 series router, you must specify the BRAS-DSLAM, DSLAM-CPE, and
subscriber line encapsulation types. The router supports the following subscriber line encapsulation
types:
• snap-rbe
• mux-rbe
• snap-dot1q-rbe
• mux-dot1q-rbe
• snap-pppoa
• mux-pppoa
• snap-1483routed
• mux-1483routed
For hierarchical policies, configure ATM overhead accounting in the following ways:
• Enabled on parent—If you enable ATM overhead accounting on a parent policy, you are not required
to enable accounting on the child policy.
• Enabled on child and parent—If you enable ATM overhead accounting on a child policy, then you
must enable ATM overhead accounting on the parent policy.
The encapsulation types must match for the child and parent policies.
The user-defined offset values must match for the child and parent policies.
Examples The following example configures a shape entity with a CIR of 1 Mbps and attaches the policy map
called dts-interface-all-action to interface pos1/0/0:
policy-map dts-interface-all-action
class class-interface-all
shape average 1000000
interface pos1/0/0
service-policy output dts-interface-all-action
In the following example, the router will use 20 overhead bytes and ATM cell tax in calculating ATM
overhead. The child and parent policies contain the required matching offset values. The parent policy
is attached to virtual template 1.
policy-map child
class class1
bandwidth 500 account user-defined 20 atm
class class2
shape average 30000 account user-defined 20 atm
shape adaptive
To configure a Frame Relay interface or a point-to-point subinterface to estimate the available bandwidth
by backward explicit congestion notification (BECN) integration while traffic shaping is enabled, use
the shape adaptive command in policy-map class configuration mode. To leave the available bandwidth
unestimated, use the no form of this command.
no shape adaptive
Syntax Description mean-rate-lower-bound Specifies the lower bound of the range of permitted bit rates.
Usage Guidelines If traffic shaping is not enabled, this command has no effect.
When continuous BECN messages are received, the shape entity immediately decreases its maximum
shape rate by one-fourth for each BECN message received until it reaches the lower bound committed
information rate (CIR). If, after several intervals, the interface has not received another BECN and traffic
is waiting in the shape queue, the shape entity increases the shape rate back to the maximum rate by 1/16
for each interval. A shape entity configured with the shape adaptive mean-rate-lower-bound command
will always be shaped between the mean rate upper bound and the mean rate lower bound.
Examples The following example configures a shape entity with CIR of 128 kbps and sets the lower bound CIR to
64 kbps when BECNs are received:
policy-map dts-p2p-all-action
class class-p2p-all
shape average 128000
shape adaptive 64000
shape fecn-adapt
To configure a Frame Relay interface to reflect received forward explicit congestion notification (FECN)
bits as backward explicit congestion notification (BECN) bits in Q.922 TEST RESPONSE messages, use
the shape fecn-adapt command in policy-map class configuration mode. To configure the Frame Relay
interface to not reflect FECN as BECN, use the no form of this command.
shape fecn-adapt
no shape fecn-adapt
Usage Guidelines When the downstream Frame Relay switch is congested, a Frame Relay interface or point-to-point
interface receives a Frame Relay message with the FECN bit on. This message may be an indication that
no traffic is waiting to carry a BECN to the far end (voice/multimedia traffic is one-way). When the
shape fecn-adapt command is configured, a small buffer is allocated and a Frame Relay TEST
RESPONSE is built on behalf of the Frame Relay switch. The Frame Relay TEST RESPONSE is
equipped with the triggering data-link connection identifier (DLCI) of the triggering mechanism. It also
sets the BECN bit and sends it out to the wire.
Examples The following example configures a shape entity with a committed information rate (CIR) of 1 Mbps
and adapts the Frame Relay message with FECN to BECN:
policy-map dts-p2p-all-action
class class-p2p-all
shape average 1000000
shape fecn-adapt
shape max-buffers
To specify the number of buffers allowed on shaping queues, use the shape max-buffers command in
class-map configuration mode. To set the number of buffers to its default value, use the no form of this
command.
no shape max-buffers
Syntax Description number-of-buffers Specifies the number of buffers. The minimum number of buffers is 1; the
maximum number of buffers is 4096.
Usage Guidelines You can specify the maximum number of buffers allowed on shaping queues for each class configured
to use Generic Traffic Shaping (GTS).
You configure this command under a class in a policy map. However, the shape max-buffers command
is not supported for HQF in Cisco IOS Release 12.4(20)T. Use the queue-limit command, which
provides similar functionality.
Examples The following example configures shaping and sets the maximum buffer limit to 100:
shape average 350000
shape max-buffers 100
Syntax Description acl-index (Optional) Rate-limit access list number from 1 to 299.
Examples The following is sample output from the show access-lists rate-limit command:
Router# show access-lists rate-limit
The following is sample output from the show access-lists rate-limit command when specific rate-limit
access lists are specified:
Router# show access-lists rate-limit 1
Field Description
Rate-limit access list Rate-limit access list number. A number from 1 to 99 represents a
precedence-based access list. A number from 100 to 199 indicates a
MAC address-based access list.
0 IP Precedence for packets in this rate-limit access list.
mask FF IP Precedence mask for packets in this rate-limit access list.
1001.0110.1111 MAC address for packets in this rate-limit access list.
Syntax Description bundle-name The name of the bundle whose member information is displayed. This is the
bundle name specified by the bundle command when the bundle was
created.
Examples The following is sample output from the show atm bundle command (* indicates that this VC is the VC
for all precedence levels not explicitly configured):
Router# show atm bundle
Accept
Syntax Description bundle-name Specifies the name of the bundle whose member information is displayed.
This is the bundle name specified by the bundle command when the bundle
was created.
detail (Optional) Displays detailed statistics.
Examples The following is sample output from the show atm bundle statistics command:
Router# show atm bundle san-jose statistics
Syntax Description bundle-name (Optional) Name of the switched virtual circuit (SVC) bundle to be
displayed, as identified by the bundle svc command.
Command Default If no bundle name is specified, all SVC bundles configured on the system are displayed.
Examples The following example provides output for the show atm bundle svc command. The bundle named
“finance” is configured on ATM interface 1/0.1 with eight members. All of the members are up except
bundle member zero. Bundle member zero is the default member, which if initiated once will always be
on and used as the default for all traffic.
Router# show atm bundle svc finance
finance on ATM1/0.1:UP
Field Description
finance on ATM1/0.1: UP Name of SVC bundle, interface type and number,
status of bundle.
VC Name Name of SVC bundle.
VPI/VCI Virtual path identifier / virtual channel identifier.
Config. Preced. Configured precedence.
Current Preced. Current precedence.
Peak Kbps Peak kbps for the SVC.
Avg/Min kbps Average or minimum kbps for the SVC.
Sts Status of the bundle member.
* Indicates the default bundle member.
Syntax Description bundle-name Name of the SVC bundle as identified by the bundle svc command.
Examples The following example provides output for the show atm bundle svc statistics command using a bundle
named “city”:
Router# show atm bundle svc city statistics
Field Description
Bundle Name: Name of the bundle.
Bundle State: State of the bundle.
BUNDLE is managed Bundle management.
by.
InARP frequency: Number of minutes between Inverse ARP messages, or “DISABLED” if
Inverse ARP is not in use on this VC.
InPkts: Total number of packets received on this virtual circuit (VC), including all
fast-switched and process-switched packets.
Field Description
OutPkts: Total number of packets sent on this VC, including all fast-switched and
process-switched packets.
InBytes: Total number of bytes received on this VC, including all fast-switched and
process-switched packets.
OutBytes: Total number of bytes sent on this VC, including all fast-switched and
process-switched packets.
InPRoc: Number of incoming packets being process switched.
OutPRoc: Number of outgoing packets being process switched.
Broadcasts: Number of process-switched broadcast packets.
InFast: Number of incoming packets being fast switched.
OutFast: Number of outgoing packets being fast switched.
InAS Number of autonomous-switched or silicon-switched input packets received.
OutAS Number of autonomous-switched or silicon-switched input packets sent.
InPktDrops: Number of incoming packets dropped.
OutPktDrops: Number of outgoing packets dropped.
CrcErrors: Number of cyclic redundancy check (CRC) errors.
SarTimeOuts: Number of packets that timed out before segmentation and reassembly
occurred.
LengthViolation: Number of packets too long or too short.
Syntax Description interface (Optional) Indicates that the configurations for a specific interface type will
be displayed.
type number (Optional) Specifies the interface type and number.
Command Default Displays the configurations created for all interface types.
Usage Guidelines The suggested policy output (shown in the example below) lets you preview class maps and policy maps
before you issue the auto qos command on an interface. You can then continue with the Auto-Discovery
phase until more data is gathered or you can cut and paste the existing data and edit it as desired.
Examples The following is sample output from the show auto discovery qos command. This example displays the
data collected during the Auto-Discovery (data collection) phase using DSCP classification in trusted
mode and includes suggested policy map information.
Router# show auto discovery qos
Serial2/1.1
AutoQoS Discovery enabled for trusted DSCP
Discovery up time: 2 hours, 42 minutes
AutoQoS Class information:
Class Voice:
Recommended Minimum Bandwidth: 118 Kbps/1% (PeakRate)
Detected DSCPs and data:
DSCP value AverageRate PeakRate Total
(kbps/%) (kbps/%) (bytes)
----------- ----------- -------- ------------
46/ef 106/1 118/1 129510064
Class Interactive Video:
Recommended Minimum Bandwidth: 25 Kbps/<1% (AverageRate)
Detected DSCPs and data:
DSCP value AverageRate PeakRate Total
(kbps/%) (kbps/%) (bytes)
!
class-map match-any AutoQoS-Voice-Trust
match ip dscp ef
!
class-map match-any AutoQoS-Inter-Video-Trust
match ip dscp af41
!
class-map match-any AutoQoS-Signaling-Trust
match ip dscp cs3
!
class-map match-any AutoQoS-Stream-Video-Trust
match ip dscp cs4
!
class-map match-any AutoQoS-Transactional-Trust
match ip dscp af21
match ip dscp af22
match ip dscp af23
!
class-map match-any AutoQoS-Bulk-Trust
match ip dscp af11
match ip dscp af12
match ip dscp af13
!
class-map match-any AutoQoS-Scavenger-Trust
match ip dscp cs1
!
class-map match-any AutoQoS-Management-Trust
match ip dscp cs2
!
class-map match-any AutoQoS-Routing-Trust
match ip dscp cs6
!
policy-map AutoQoS-Policy-S2/1.1Trust
class AutoQoS-Voice-Trust
priority percent 1
class AutoQoS-Inter-Video-Trust
bandwidth remaining percent 1
class AutoQoS-Signaling-Trust
bandwidth remaining percent 1
class AutoQoS-Stream-Video-Trust
bandwidth remaining percent 1
class AutoQoS-Transactional-Trust
bandwidth remaining percent 1
random-detect dscp-based
class AutoQoS-Bulk-Trust
bandwidth remaining percent 1
random-detect dscp-based
class AutoQoS-Scavenger-Trust
bandwidth remaining percent 1
class AutoQoS-Management-Trust
bandwidth remaining percent 1
class AutoQoS-Routing-Trust
bandwidth remaining percent 1
class class-default
fair-queue
Field Description
Serial2/1.1 The interface or subinterface on which data is being
collected.
AutoQoS Discovery enabled for trusted Indicates that the data collection phase of AutoQoS has
DSCP been enabled.
Discovery up time Indicates the period of time in which data was collected.
AutoQoS Class information Displays information for each AutoQoS class.
Class Voice Information for the named class, along with data
pertaining to the detected applications. This data
includes DSCP value, average rate (in kilobits per second
(kbps)), peak rate (kbps), and total packets (bytes).
Suggested AutoQoS Policy based on a Policy-map and class-map statistics based on a specified
discovery uptime of hours and minutes discovery time.
Syntax Description interface (Optional) Displays the configurations created by the AutoQoS - VoIP
feature on all the interfaces or PVCs on which the AutoQoS - VoIP feature
is enabled.
When the interface keyword is configured but an interface type is not
specified, the show auto qos interface command displays the configurations
created by the AutoQoS - VoIP feature on all the interfaces or Permanent
Virtual Circuits (PVCs) on which the AutoQoS - VoIP feature is enabled.
type (Optional) Specifies an interface type; valid values are atm, ethernet,
fastethernet, ge-wan, gigabitethernet, pos, and tengigabitethernet.
slot/port Module and port number.
Command Default Configurations created for all interface types are displayed.
Usage Guidelines The show auto qos interface command can be used with Frame Relay data-link connection identifiers
(DLCIs) and ATM permanent virtual circuits (PVCs).
When the AutoQoS—VoIP or the AutoQos for the Enterprise features are enabled, configurations are
generated for each interface or PVC. These configurations are then used to create the interface
configurations, policy maps, class maps, and access control lists (ACLs) for use on the network. The
show auto qos command can be used to verify the contents of the interface configurations, policy maps,
class maps, and ACLs.
Examples show auto qos interface Command: Configured for the AutoQoS—VoIP Feature
When the interface keyword is configured along with the corresponding type slot/port argument, the
show auto qos interface type slot/port command displays the configurations created by the
AutoQoS—VoIP feature on the specified interface.
In the following example, the serial subinterface 6/1.1 has been specified:
Router# show auto qos interface serial6/1.1
When the interface keyword is configured but an interface type is not specified, the show auto qos
interface command displays the configurations created by the AutoQoS—VoIP feature on all the
interfaces or PVCs on which the AutoQoS—VoIP feature is enabled.
Router# show auto qos interface
!
map-class frame-relay AutoQoS-VoIP-FR-Serial6/1-100
frame-relay cir 512000
frame-relay bc 5120
frame-relay be 0
frame-relay mincir 512000
service-policy output AutoQoS-Policy-UnTrust
frame-relay fragment 640
The following example displays all of the configurations created by the AutoQoS—VoIP feature:
Router# show auto qos
Field Description
class AutoQoS-VoIP-FR-Serial6/1-100 Name of the class created by the AutoQoS—VoIP
feature. In this instance, the name of the class is
AutoQoS-VoIP-FR-Serial6/1-100.
service-policy output Indicates that the policy map called
AutoQoS-Policy-UnTrust “AutoQoS-Policy-UnTrust” has been attached to an
interface in the outbound direction of the interface.
show auto qos interface Command: Configured for the AutoQoS for the Enterprise Feature
The following is sample output from the show auto qos command. This example displays the classes,
class maps, and policy maps created on the basis of the data collected during the Auto-Discovery phase
of the AutoQoS for the Enterprise feature.
Router# show auto qos
!
policy-map AutoQoS-Policy-Se2/1.1
class AutoQoS-Voice-Se2/1.1
priority percent 70
set dscp ef
class AutoQoS-Inter-Video-Se2/1.1
bandwidth remaining percent 10
set dscp af41
class AutoQoS-Stream-Video-Se2/1.1
bandwidth remaining percent 1
set dscp cs4
class AutoQoS-Transactional-Se2/1.1
bandwidth remaining percent 1
set dscp af21
class AutoQoS-Scavenger-Se2/1.1
bandwidth remaining percent 1
set dscp cs1
class class-default
fair-queue
!
policy-map AutoQoS-Policy-Se2/1.1-Parent
class class-default
shape average 1024000
service-policy AutoQoS-Policy-Se2/1.1
!
class-map match-any AutoQoS-Stream-Video-Se2/1.1
match protocol cuseeme
!
class-map match-any AutoQoS-Transactional-Se2/1.1
match protocol sqlnet
!
class-map match-any AutoQoS-Voice-Se2/1.1
match protocol rtp audio
!
class-map match-any AutoQoS-Inter-Video-Se2/1.1
match protocol rtp video
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner
AutoQoS
Serial2/1.1: DLCI 58 -
!
interface Serial2/1.1 point-to-point
frame-relay interface-dlci 58
class AutoQoS-FR-Serial2/1-58
!
map-class frame-relay AutoQoS-FR-Serial2/1-58
frame-relay cir 1024000
frame-relay bc 10240
frame-relay be 0
frame-relay mincir 1024000
service-policy output AutoQoS-Policy-Se2/1.1-Parent
Table 46 show auto qos Field Descriptions (AutoQoS for the Enterprise Feature Configured)
Field Description
policy-map AutoQoS-Policy-Se2/1.1 Name of the policy map created by the AutoQoS feature.
In this instance the name of the policy map is
AutoQoS-Policy-Se2/1.1.
class AutoQoS-Voice-Se2/1.1 Name of class created by the AutoQoS feature. In this
instance, the name of the class is
priority percent 70
AutoQoS-Voice-Se2/1.1. Following the class name, the
set dscp ef
specific QoS features configured for the class are
displayed.
class-map match-any Name of the class map and the packet matching criteria
AutoQoS-Stream-Video-Se2/1.1 specified.
match protocol cuseeme
show class-map
To display all class maps and their matching criteria, use the show class-map command in user or
privileged EXEC mode.
Syntax Description type stack (Optional) Displays class maps configured to determine the correct protocol
stack in which to examine via flexible packet matching (FPM).
type access-control (Optional) Displays class maps configured to determine the exact pattern to
look for in the protocol stack of interest.
class-map-name (Optional) Name of the class map. The class map name can be a maximum
of 40 alphanumeric characters.
Usage Guidelines You can use the show class-map command to display all class maps and their matching criteria. If you
enter the optional class-map-name argument, the specified class map and its matching criteria will be
displayed.
Examples In the following example, three class maps are defined. Packets that match access list 103 belong to
class c3, IP packets belong to class c2, and packets that come through input Ethernet interface 1/0 belong
to class c1. The output from the show class-map command shows the three defined class maps.
Router# show class-map
Class Map c3
Match access-group 103
Class Map c2
Match protocol ip
Class Map c1
Match input-interface Ethernet1/0
In the following example, a class map called “c1” has been defined, and the Frame Relay DLCI number
of 500 has been specified as a match criterion:
Router# show class-map
The following example shows how to display class-map information for all class maps:
Router# show class-map
The following example shows how to display class-map information for a specific class map:
Router# show class-map ipp5
Field Description
Class Map Class of traffic being displayed. Output is displayed for each configured
class map in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
Match Match criteria specified for the class map. Criteria include the Frame
Relay DLCI number, Layer 3 packet length, IP precedence, IP
differentiated services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental value, access groups, and quality of
service (QoS) groups.
1. A number in parentheses may appear next to the class-map name and match criteria information. The number is for Cisco
internal use only and can be disregarded.
Usage Guidelines The show control-plane cef-exception counters command displays the following packet counts for
features configured on the control-plane cef-exception subinterface:
• Total number of packets that were processed by the cef-exception subinterface
• Total of packets that were dropped
• Total number of errors
Examples The following is sample output from the show control-plane cef-exception counters command:
Router# show control-plane cef-exception counters
Field Description
Feature Name of the configured feature on this subinterface.
Packets Processed Total number of packets that were processed by the feature.
Dropped Total number of packets that were dropped by the feature.
Errors Total number of errors detected by the feature.
Usage Guidelines The show control-plane cef-exception features command displays the following aggregate feature
configurations for the control-plane cef-exception subinterface:
• Number of features configured for the control-plane cef-exception subinterface.
• Name of the feature
• Date and time the feature was activated
Examples The following is sample output from the show control-plane cef-exception features command:
Router# show control-plane cef-exception features
Field Description
Total features configured Number of features configured.
Feature Name Name of the configured features.
Activated Date and time the feature was activated.
Usage Guidelines The show control-plane counters command displays the following aggregate packet counts for all
control-plane interfaces and subinterface:
• Total number of packets that were processed by control-plane aggregate host, transit, and
cef-exception subinterfaces
• Total number of packets that were dropped
• Total number of errors
Examples The following is sample output from the show control-plane counters command:
Router# show control-plane counters
Field Description
Feature Name of the interface or subinterface displayed.
Packets Processed Total number of packets that were processed by the subinterface.
Dropped Total number of packets that were dropped.
Errors Total number of errors detected.
Usage Guidelines The show control-plane features command displays control-plane features enabled on the
control-plane aggregate sub-interfaces. Information includes the following:
• Number of features configured for the control plane
• Name of the feature
• Date and time the feature was activated
Examples The following is sample output from the show control-plane features command:
Router# show control-plane features
Field Description
Total features configured Number of features configured.
Feature Name Name of the configured features.
activated Date and time the feature was activated.
Usage Guidelines The show control-plane host counters command displays the following packet counts for the
control-plane host subinterface:
• Total number of packets that were processed by features configured on the host subinterface
• Total number of packets that were dropped
• Total number of errors
Examples The following is sample output from the show control-plane host counters command:
Router# show control-plane host counters
Field Description
Feature Name of the feature configured on the host subinterface.
Packets Processed Total number of packets that were processed by the feature.
Dropped Total number of packets that were dropped.
Errors Total number of errors detected.
Usage Guidelines The show control-plane host features command displays the features configured for the control-plane
host subinterface. Information includes the following:
• Number of features configured for the control plane
• Name of the feature
• Date and time the feature was activated
Examples The following is sample output from the show control-plane host features command:
Router# show control-plane host features
Field Description
Feature Name Name of the configured features.
activated Date and time the feature was activated.
Usage Guidelines The show control-plane host open-ports command displays a list of open TCP/UDP ports that are
registered with the port-filter database.
Examples The following is sample output from the show control-plane host open-ports command.
Router# show control-plane host open-ports
Field Description
Port Port type, either TCP or UDP.
Local Address Local IP address and port number. An asterisk (*) indicates that the
service is listening on all configured network interfaces.
Field Description
Foreign Address Remote IP address and port number. An asterisk (*) indicates that the
service is listening on all configured network interfaces.
Service Name of the configured Cisco IOS service listening on the port.
State Listen or Established.
Usage Guidelines The show control-plane transit counters command displays the following packet counts for the
control-plane transit subinterface:
• Total number of packets that were processed by the transit subinterface
• Total number of packets that were dropped
• Total number of errors
Examples The following is sample output from the show control-plane transit counters command.
Router# show control-plane transit counters
Field Description
Feature Name of the feature configured on the transit sub-interface.
Packets Processed Total number of packets that were processed by the configured feature.
Dropped Total number of packets that were dropped.
Errors Total number of errors detected.
Usage Guidelines The show control-plane transit features command displays the control-plane features configured for
the control-plane transit subinterface. Information includes the following:
• Number of features configured for the control plane
• Name of the feature
• Date and time the feature was activated
Examples The following is sample output from the show control-plane transit features command:
Router# show control-plane transit features
Field Description
Total Features Configured Number of features configured.
Feature Name Name of the configured features.
Activated Date and time the feature was activated.
Usage Guidelines You can also use the show cops server command to display information about the Common Open Policy
Service (COPS) client on the router.
Examples In the following example, information is displayed about the current policy server and client. When
Client Type appears followed by an integer, 1 stands for Resource Reservation Protocol (RSVP) and 2
stands for Differentiated Services Provisioning. (0 indicates keepalive.)
Router# show cops servers
COPS SERVER: Address: 10.0.0.1. Port: 3288. State: 0. Keepalive: 120 sec
Number of clients: 1. Number of sessions: 1.
COPS CLIENT: Client type: 1. State: 0.
Usage Guidelines Use the show crypto eng qos command to determine if QoS is enabled on LLQ for IPSec encryption
engines.
Examples The following example shows how to determine if LLQ for IPSec encryption engines is enabled:
Router# show crypto eng qos
Syntax Description interface type number (Optional) Specifies an interface for which information will be displayed.
A space between the interface type and number is optional.
dlci (Optional) Specifies a data-link connection identifier (DLCI) for which
information will be displayed. The range is from 16 to 1022.
Command Default RTP header compression statistics are displayed for all DLCIs on interfaces that have RTP header
compression configured.
Examples The following is sample output from the show frame-relay ip rtp header-compression command:
Router# show frame-relay ip rtp header-compression
The following is sample output from the show frame-relay ip rtp header-compression command when
ECRTP is enabled:
Router# show frame-relay ip rtp header-compression
In the following example, the show frame-relay ip rtp header-compression command displays
information about DLCI 21:
Router# show frame-relay ip rtp header-compression 21
In the following example, the show frame-relay ip rtp header-compression command displays
information for all DLCIs on serial interface 3/1:
Router# show frame-relay ip rtp header-compression interface serial3/1
In the following example, the show frame-relay ip rtp header-compression command displays
information only for DLCI 21 on serial interface 3/1:
Router# show frame-relay ip rtp header-compression interface serial3/1 21
The following sample output from the show frame-relay ip rtp header-compression command shows
statistics for a PVC bundle called MP-3-static:
Router# show frame-relay ip rtp header-compression interface Serial1/4
Field Description
Interface Type and number of the interface and type of header compression.
Rcvd: Table of details concerning received packets.
total Number of packets received on the interface.
compressed Number of packets with compressed headers.
errors Number of errors.
dropped Number of dropped packets.
buffer copies Number of buffers that were copied.
buffer failures Number of failures in allocating buffers.
Sent: Table of details concerning sent packets.
total Total number of packets sent.
compressed Number of packets sent with compressed headers.
bytes saved Total savings in bytes because of compression.
bytes sent Total bytes sent after compression.
efficiency improvement factor Compression efficiency.
Connect: Table of details about the connections.
rx slots Total number of receive slots.
tx slots Total number of transmit slots.
long searches Searches that needed more than one lookup.
misses Number of new states that were created.
hit ratio Number of times that existing states were revised.
five minute miss rate Average miss rate.
max Maximum miss rate.
Syntax Description interface type number (Optional) Specifies an interface for which information will be displayed.
A space is optional between the type and number.
dlci (Optional) Specifies a data-link connection identifier (DLCI) for which
information will be displayed. Range is from 16 to 1022.
Examples The following is sample output from the show frame-relay ip tcp header-compression command:
Router# show frame-relay ip tcp header-compression
The following sample output from the show frame-relay ip tcp header-compression command shows
statistics for a PVC bundle called “MP-3-static”:
Router# show frame-relay ip tcp header-compression interface Serial1/4
In the following example, the show frame-relay ip tcp header-compression command displays
information about DLCI 21:
Router# show frame-relay ip tcp header-compression 21
The following is sample output from the show frame-relay ip tcp header-compression command for a
specific DLCI on a specific interface:
Router# show frame-relay ip tcp header-compression pos2/0 21
Field Description
Rcvd: Table of details concerning received packets.
total Sum of compressed and uncompressed packets
received.
Field Description
compressed Number of compressed packets received.
errors Number of errors caused by errors in the header fields
(version, total length, or IP checksum).
dropped Number of packets discarded. Seen only after line
errors.
buffer failures Number of times that a new buffer was needed but was
not obtained.
Sent: Table of details concerning sent packets.
total Sum of compressed and uncompressed packets sent.
compressed Number of compressed packets sent.
bytes saved Number of bytes reduced because of the compression.
bytes sent Actual number of bytes transmitted.
Connect: Table of details about the connections.
rx slots, tx slots Number of states allowed over one TCP connection. A
state is recognized by a source address, a destination
address, and an IP header length.
long searches Number of times that the connection ID in the
incoming packet was not the same as the previous one
that was processed.
misses Number of times that a matching entry was not found
within the connection table and a new entry had to be
entered.
hit ratio Percentage of times that a matching entry was found
in the compression tables and the header was
compressed.
Five minute miss rate Miss rate computed over the most recent 5 minutes
and the maximum per-second miss rate during that
period.
Examples The following is sample output from the show interfaces fair-queue command for VIP-distributed
WFQ (DWFQ):
Router# show interfaces fair-queue
Field Description
queue size Current output queue size for this interface.
packets output Number of packets sent out this interface or number of packets in
this class sent out the interface.
drops Number of packets dropped or number of packets in this class
dropped.
aggregate queue limit Aggregate limit, in number of packets.
individual queue limit Individual limit, in number of packets.
Field Description
max available buffers Available buffer space allocated to aggregate queue limit, in number
of packets.
Class QoS group or type of service (ToS) class.
weight Percent of bandwidth allocated to this class during periods of
congestion.
limit Queue limit for this class in number of packets.
qsize Current size of the queue for this class.
Examples The following is sample output from the show interfaces random-detect command for VIP-distributed
WRED (DWRED):
Router# show interfaces random-detect
Field Description
queue size Current output queue size for this interface.
packets output Number of packets sent out this interface.
drops Number of packets dropped.
queue average Average queue length.
weight Weighting factor used to determine the average queue size.
Precedence WRED parameters for this precedence.
min threshold Minimum threshold for this precedence.
max threshold Maximum length of the queue. When the average queue is this long,
any additional packets will be dropped.
mark weight Probability of a packet being dropped if the average queue is at the
maximum threshold.
packets output Number of packets with this precedence that have been sent.
random Number of packets dropped randomly through the WRED process.
threshold Number of packets dropped automatically because the average queue
was at the maximum threshold length.
(no traffic) No packets with this precedence.
Examples The following is sample output from the show interfaces rate-limit command:
Router# show interfaces fddi2/1/0 rate-limit
Fddi2/1/0
Input
matches: access-group rate-limit 100
params: 800000000 bps, 64000 limit, 80000 extended limit
conformed 0 packets, 0 bytes; action: set-prec-continue 1
exceeded 0 packets, 0 bytes; action: set-prec-continue 0
last packet: 4737508ms ago, current burst: 0 bytes
last cleared 01:05:47 ago, conformed 0 bps, exceeded 0 bps
matches: access-group 101
params: 80000000 bps, 56000 limit, 72000 extended limit
conformed 0 packets, 0 bytes; action: set-prec-transmit 5
exceeded 0 packets, 0 bytes; action: set-prec-transmit 0
last packet: 4738036ms ago, current burst: 0 bytes
last cleared 01:02:05 ago, conformed 0 bps, exceeded 0 bps
matches: all traffic
params: 50000000 bps, 48000 limit, 64000 extended limit
conformed 0 packets, 0 bytes; action: set-prec-transmit 5
exceeded 0 packets, 0 bytes; action: set-prec-transmit 0
last packet: 4738036ms ago, current burst: 0 bytes
last cleared 01:00:22 ago, conformed 0 bps, exceeded 0 bps
Output
matches: all traffic
params: 80000000 bps, 64000 limit, 80000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 4809528ms ago, current burst: 0 bytes
last cleared 00:59:42 ago, conformed 0 bps, exceeded 0 bps
Field Description
Input These rate limits apply to packets received by the interface.
matches Packets that match this rate limit.
params Parameters for this rate limit, as configured by the rate-limit command.
bps Average rate, in bits per second.
limit Normal burst size, in bytes.
extended limit Excess burst size, in bytes.
conformed Number of packets that have conformed to the rate limit.
action Conform action.
exceeded Number of packets that have exceeded the rate limit.
action Exceed action.
last packet Time since the last packet, in milliseconds.
current burst Instantaneous burst size at the current time.
last cleared Time since the burst counter was set back to zero by the clear counters
command.
conformed Rate of conforming traffic.
exceeded Rate of exceeding traffic.
Output These rate limits apply to packets sent by the interface.
Usage Guidelines This command is used to display a list of all the PDLMs that have been loaded into NBAR using the
ip nbar pdlm command.
Examples In this example of the show ip nbar pdlm command, the citrix.pdlm PDLM has been loaded from Flash
memory:
Router# show ip nbar pdlm
Syntax Description protocol-name (Optional) Limits the command display to the specified protocol.
Usage Guidelines The show ip nbar port-map command displays port assignments for NBAR protocols.
This command is used to display the current protocol-to-port mappings in use by NBAR. When the
ip nbar port-map command has been used, the show ip nbar port-map command displays the ports
assigned by the user to the protocol. If no ip nbar port-map command has been used, the show ip nbar
port-map command displays the default ports. The protocol-name argument can also be used to limit
the display to a specific protocol.
Examples The following is sample output from the show ip nbar port-map command:
Router# show ip nbar port-map
Syntax Description interface (Optional) Specifies that Protocol Discovery statistics for the interface
are to be displayed.
type Type of interface or subinterface whose policy configuration is to be
displayed.
number Port, connector, VLAN, or interface card number.
stats (Optional) Specifies that the byte count, byte rate, or packet count is to
be displayed.
byte-count (Optional) Specifies that the byte count is to be displayed.
max-bit-rate (Optional) Specifies that the maximum bit rate is to be displayed.
packet-count (Optional) Specifies that the packet count is to be displayed.
protocol (Optional) Specifies that statistics for a specific protocol are to be
displayed.
protocol-name (Optional) User-specified protocol name for which the statistics are to
be displayed.
top-n (Optional) Specifies that a top-n is to be displayed. A top-n is the
number of most active NBAR-supported protocols, where n is the
number of protocols to be displayed. For instance, if top-n 3 is entered,
the three most active NBAR-supported protocols will be displayed.
number (Optional) Specifies the number of most active NBAR-supported
protocols to be displayed.
Command Default Statistics for all interfaces on which the NBAR Protocol Discovery feature is enabled are displayed.
Release Modification
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(18)ZYA This command was integrated into Cisco IOS Release 12.2(18)ZYA.
This command was modified to include information about VLANs (as
applicable) and to provide support for both Layer 2 and Layer 3
Etherchannels (Catalyst switches only).
Usage Guidelines Use the show ip nbar protocol-discovery command to display statistics gathered by the NBAR
Protocol Discovery feature. This command, by default, displays statistics for all interfaces on which
protocol discovery is currently enabled. The default output of this command includes, in the following
order, input bit rate (in bits per second), input byte count, input packet count, and protocol name.
Protocol discovery can be used to monitor both input and output traffic and may be applied with or
without a service policy enabled. NBAR protocol discovery gathers statistics for packets switched to
output interfaces. These statistics are not necessarily for packets that exited the router on the output
interfaces, because packets may have been dropped after switching for various reasons, including
policing at the output interface, access lists, or queue drops.
Examples The following example displays output from the show ip nbar protocol-discovery command for the five
most active protocols on an Ethernet interface:
Router# show ip nbar protocol-discovery top-n 5
Ethernet2/0
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
30sec Bit Rate (bps) 30sec Bit Rate (bps)
30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
--------------------------- ------------------------ ------------------------
rtp 3272685 3272685
242050604 242050604
768000 768000
2002000 2002000
gnutella 513574 513574
118779716 118779716
383000 383000
987000 987000
ftp 482183 482183
37606237 37606237
121000 121000
312000 312000
http 144709 144709
32351383 32351383
105000 105000
269000 269000
Field Description
Interface Type and number of an interface.
Input Incoming traffic on an interface.
Output Outgoing traffic on an interface.
Protocol The protocols being used. Unknown is the sum of all the
protocols that NBAR could not classify for some reason.
Packet Count Number of packets coming in and going out the interface.
Byte Count Number of bytes coming in and going out the interface.
30sec Bit Rate Average value of the bit rate in bits per second (bps) since
protocol discovery was enabled, per protocol, over the last
30 seconds.
30sec Max Bit Rate Highest value of the bit rate in bits per second (bps) since
protocol discovery was enabled, per protocol, over the last
30 seconds.
Total Total input and output traffic.
Syntax Description PDLM-name (Optional) Specifies the name of a specific PDLM whose information
will be displayed.
Usage Guidelines The show ip nbar version command treats all protocols that were added to NBAR after the initial NBAR
release as PDLMs, including protocols that were added into the Cisco IOS software without a user
having to download a PDLM from Cisco.com. PDLMs downloaded from Cisco.com and incorporated
into NBAR by the user also appear when the show ip nbar version command is entered.
When using NBAR, various elements within NBAR are assigned versioning numbers. These versioning
numbers become significant when you want to download a PDLM. PDLMs, which are also versioned,
can be downloaded only to NBAR on a particular Cisco IOS release if the PDLM versioning numbers
are compatible with the NBAR version numbers in the Cisco IOS software.
The following NBAR-related version information is available:
• NBAR Software Version—Version of NBAR software running on the current version of Cisco IOS
software.
• Resident Module Version—Version of the NBAR-supported PDLM protocol.
The following version number is kept by the PDLM:
• NBAR Software Version—Minimum version of the NBAR software that is required to load this
PDLM.
The show ip nbar version command provides version information for PDLMs already loaded onto the
Cisco IOS software.
Examples The following is sample output from the show ip nbar version command:
Router# show ip nbar version
1 base Mv: 2
2 ftp Mv: 2
3 http Mv: 7, Nv: 3; slot1:http_vers.pdlm
4 static-port Mv: 6
5 tftp Mv: 1
6 exchange Mv: 1
7 vdolive Mv: 1
8 sqlnet Mv: 1
9 rcmd Mv: 1
10 netshow Mv: 1
11 sunrpc Mv: 2
12 streamwork Mv: 1
13 citrix Mv: 5
14 fasttrack Mv: 2
15 gnutella Mv: 1
16 kazaa Mv: 6, Nv: 3; slot1:kazaa2_vers.pdlm
17 custom-protocols Mv: 1
18 rtsp Mv: 1
19 rtp Mv: 2
20 mgcp Mv: 1
21 skinny Mv: 1
22 h323 Mv: 1
23 sip Mv: 1
24 rtcp Mv: 1
Field Description
NBAR Software Version NBAR software version running in the current Cisco IOS
software. In this particular example, version 3 is the NBAR
software running on the current version of the Cisco IOS
software.
Mv Resident Module Version. The Resident Module Version is the
version of the NBAR-supported PDLM protocol and, therefore,
varies by protocol. The Resident Module Version of TFTP, for
example, is 1.
Nv Minimum version of the NBAR software that is required to load
a nonnative PDLM. This number is available only for nonnative
PDLMs that were loaded onto the router such as the Kazaa
PDLM (protocol 17); in that case, the Nv version is 3.
For the same network setup, the following example shows the output if a specific protocol with a PDLM
is specified in the show ip nbar version CLI:
Router# show ip nbar version http
show ip rsvp
To display specific information for Resource Reservation Protocol (RSVP) categories, use the show ip
rsvp command in user EXEC or privileged EXEC mode.
Examples The following is sample output from the show ip rsvp command:
RSVP: enabled (on 1 interface(s))
RSVP QoS signalling enabled
MPLS/TE signalling enabled
Signalling:
Refresh interval (msec): 30000
Refresh misses: 4
Neighbors: 0
Raw IP encap: 0 UDP encap: 0 Raw IP, UDP encap: 0
Hello:
RSVP Hello for Fast-Reroute/Reroute: Disabled
Statistics: Disabled
BFD for Fast-Reroute/Reroute: Disabled
RSVP Hello for Graceful Restart: Disabled
Fast-Reroute:
PSBs w/ Local protection desired
Yes: 0
No: 0
Local policy:
COPS:
Field Description
RSVP The state of RSVP, QoS, and MPLS/TE signaling; values are
enabled (activated) or disabled (deactivated).
Note This field is disabled only if an internal error occurred
when registering with RIB.
Signalling The RSVP signaling parameters in effect are as follows:
• Refresh interval—Time, in milliseconds (ms), between
sending refreshes for each RSVP state.
• Refresh misses—Number of successive refresh messages
that can be missed before RSVP considers the state expired
and tears it down.
Rate Limiting: enabled or disabled The RSVP rate-limiting parameters in effect are as follows:
• Burst—Maximum number of RSVP messages allowed to be
sent to a neighboring router during an interval.
• Limit—Maximum number of RSVP messages to send per
queue interval.
• Maxsize—Maximum size of the message queue, in bytes.
• Period—Length of an interval (timeframe), in milliseconds
(msec).
• Max rate—Maximum number of messages allowed to be
sent per second.
Refresh Reduction: enabled or The RSVP refresh-reduction parameters in effect are as follows:
disabled
• ACK delay (msec)—How long, in milliseconds, before the
receiving router sends an acknowledgment (ACK).
• Initial retransmit delay (msec)—How long, in milliseconds,
before the router retransmits a message.
• Local epoch—The RSVP message identifier (ID); randomly
generated each time a node reboots or the RSVP process
restarts.
• Message IDs—The number of message IDs in use, the total
number allocated, and the total number available (freed).
Neighbors The total number of neighbors and the types of encapsulation in
use including RSVP and User Datagram Protocol (UDP).
RFC 3175 Aggregation The state of aggregation as defined in RFC 3175, Aggregation of
RSVP for IPv4 and IPv6 Reservations; values are the following:
• Enabled—Active.
• Disabled—Inactive.
Field Description
Level Aggregation level of the reservations; common values are the
following:
• 0 = End-to-end (E2E) reservations.
• 1 = Aggregated reservations.
Note Level x reservations can be aggregated to form
reservations at level x+1.
Default QoS Service Type of quality of service (QoS) configured; values are the
following:
• Controlled-Load—Allows applications to reserve
bandwidth to meet their requirements. For example, RSVP
with Weighted Random Early Detection (WRED) provides
this kind of service.
• Guaranteed-Rate—Allows applications to have low delay
and high throughput even during times of congestion. For
example, weighted fair queueing (WFQ) with RSVP
provides this kind of service.
Number of signaled aggregate Cumulative number of signaled aggregate reservations.
reservations
Number of signaled E2E Cumulative number of signaled E2E reservations.
reservations
Number of configured map Cumulative number of configured map commands.
commands
Number of configured reservation Cumulative number of configured reservation commands.
commands
Hello Subsequent fields describe the processes for which hello is
enabled or disabled. Choices are Fast Reroute, reroute (hello for
state timer), bidirectional forwarding detection (BFD), and
Graceful Restart for a node with restart capability.
Statistics Status of hello statistics. Valid values are as follows:
• Enabled—Statistics are configured. Hello packets are
time-stamped when they arrive in the hello input queue for
the purpose of recording the time it takes until they are
processed.
• Disabled—Hello statistics are not configured.
• Shutdown—Hello statistics are configured, but not
operational. The input queue is too long (that is, more than
10,000 packets are queued).
Field Description
Graceful Restart: enabled or The RSVP Graceful Restart parameters in effect are as follows:
disabled
• Refresh interval—Frequency, in milliseconds (msecs), with
which a node sends a hello message to its neighbor.
• Refresh misses—Number of missed hello messages that
trigger a neighbor-down event upon which stateful
switchover (SSO) procedures are started.
• DSCP—Differentiated services code point (DSCP) value in
the IP header of a hello message.
• Advertised restart time—Time, in milliseconds (msecs),
required for the sender to restart the RSVP-traffic
engineering (TE) component and exchange hello messages
after a failure.
• Advertised recovery time—Time, in milliseconds (msecs),
within which a recovering node wants its neighbor router to
resynchronize the RSVP or Multiprotocol Label Switching
(MPLS) forwarding state after SSO. A zero value indicates
that the RSVP or MPLS forwarding state is not preserved
after SSO.
• Maximum wait for recovery—Maximum amount of time, in
milliseconds (msecs), that a router waits for a neighbor to
recover.
Fast-Reroute The Fast Reroute parameters in effect are as follows:
• PSBs w/ Local protection desired—Yes means that path
state blocks (PSBs) are rerouted when a tunnel goes down
and packet flow is not interrupted; No means that PSBs are
not rerouted.
Fast Local Repair: enabled or The Fast Local Repair parameters in effect are as follows:
disabled
• Max repair rate (paths/sec)—Maximum repair rate, in paths
per second.
• Max processed (paths/run)—Maximum notification
elements processed, in paths per run.
Local policy The local policy currently configured.
COPS The Common Open Policy Service (COPS) currently in effect.
Generic policy settings Policy settings that are not specific to COPS or the local policy.
• Default policy: Accept all means that all RSVP messages are
accepted and forwarded. Reject all means all RSVP
messages are rejected.
• Preemption: Disabled means that RSVP is not prioritizing
reservations and allocating bandwidth accordingly. Enabled
means that RSVP is prioritizing reservations and allocating
more bandwidth to those with the highest priority.
show ip rsvp aggregation ip [endpoints | interface [if-name] | map [dscp value] | reservation
[dscp value [aggregator ip-address]]
Syntax Description endpoints (Optional) Specifies the aggregator and deaggregator nodes for the
aggregation region.
interface if-name (Optional) Specifies the interface name.
map (Optional) Displays the map configuration rules.
dscp value (Optional) Specifies the differentiated services code point (DSCP) for the
map keyword. Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
reservation (Optional) Displays the reservation configuration.
dscp value (Optional) Specifies the differentiated services code point (DSCP) for the
reservation keyword. Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
aggregator ip-address (Optional) Specifies the IP address of the aggregator.
Command Default If you enter the show ip rsvp aggregation ip command without an optional keyword, the command
displays summary information for all aggregate reservations.
Usage Guidelines Use the show ip rsvp aggregation ip command to display summary information for aggregation,
including the number of aggregate, map, and reservation configurations.
Field Description
RFC 3175 Aggregation The state of aggregation as defined in RFC 3175, Aggregation of
RSVP for IPv4 and IPv6 Reservations; values are the following:
• Enabled—Active.
• Disabled—Inactive.
Level Aggregation level of the reservations; common values are the
following:
• 0 = End-to-end (E2E) reservations.
• 1 = Aggregated reservations.
Note Level x reservations can be aggregated to form
reservations at the next higher level; for example, level
x+1.
Default QoS service Type of quality of service (QoS) configured; values are the
following:
• Controlled-Load—Allows applications to reserve
bandwidth to meet their requirements. For example, RSVP
with Weighted Random Early Detection (WRED) provides
this kind of service.
• Guaranteed-Rate—Allows applications to have low delay
and high throughput even during times of congestion. For
example, Weighted Fair Queueing (WFQ) with RSVP
provides this kind of service.
Number of signaled aggregate Cumulative number of signaled aggregate reservations.
reservations
Number of signaled E2E Cumulative number of signaled E2E reservations.
reservations
Field Description
Number of configured map Cumulative number of configured map commands.
commands
Number of configured reservation Cumulative number of configured reservation commands.
commands
Field Description
Interface Name Name and number of the interface.
Role Configuration of a router’s interfaces; values are interior and
exterior.
The following is sample output from the show ip rsvp aggregation ip interface command with a
specified interface:
Router# show ip rsvp aggregation ip interface Ethernet0/0
Syntax Description role (Optional) Specifies a router’s position in the aggregation region.
aggregator (Optional) Specifies the router at the beginning of the aggregation region.
deaggregator (Optional) Specifies the router at the end of the aggregation region.
ip-address (Optional) IP address of the aggregator or the deaggregator.
dscp value (Optional) Specifies the differentiated services code point (DSCP) for the
aggregator and deaggregator routers. Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
detail (Optional) Displays additional information about the aggregators and
deaggregators.
Command Default If you enter the show ip rsvp aggregation ip endpoints command without an optional keyword, the
command displays information for all aggregate reservations.
Usage Guidelines Use the show ip rsvp aggregation ip endpoints command to display any of the following output at
aggregator and deaggregator routers:
• All aggregate reservations.
• All aggregate reservations for which a node is the aggregator.
• All aggregate reservations for which a node is the deaggregator.
• All aggregate reservations for which the remote node is identified with an IP address.
• All aggregate reservations for a given DSCP.
• Any combination of the preceding options; for example, all aggregates with a given DSCP for which
a node is an aggregator and the remote node as specified in the IP address.
• Any of the preceding options with detailed information.
Examples The following is sample output from the show ip rsvp aggregation ip endpoints detail command:
Router# show ip rsvp aggregation ip endpoints detail
Field Description
Role The router’s function; values are aggregator or deaggregator.
DSCP DSCP value.
Aggregator IP address of the aggregator.
Deaggregator IP address of the deaggregator.
Field Description
State Status of the reservation. Each aggregate reservation can be in
one of the following states:
• PATH_WAIT—Valid at the deaggregator only. The
aggregate reservation at the deaggregator enters this state
after the deaggregator has sent a PATHERROR message
requesting a new aggregate needed.
• RESV_WAIT—Valid at the aggregator only. The aggregate
reservation at the aggregator enters this state after the
aggregator has sent a PATH message for the aggregate
reservation.
• RESVCONF_WAIT—Valid at the deaggregator only. The
aggregate reservation at the deaggregator enters this state
after the deaggregator has sent a RESV message for the
aggregate reservation.
• ESTABLISHED—Valid at both the aggregator and the
deaggregator. The aggregator enters this state after a
RESVCONF message has been sent. The deaggregator
enters this state after it receives a RESVCONF message for
the aggregate reservation.
• SHUT_DELAY—Valid at both the aggregator and the
deaggregator. The aggregator and the deaggregator enter this
state after the last end-to-end (E2E) reservation has been
removed.
Rate Allocated bandwidth in bits per second (BPS).
Used Amount of bandwidth used in bits per second (BPS).
QBM Pool ID The quality of service (QoS) bandwidth manager (QBM) ID for
the reservation.
Aggregate Reservation for the Information for the reservation:
following E2E Flows
PSB—path state block. Contains data used for forwarding PATH
messages downstream;
RSB—reservation state block. Contains data for the incoming
RESV message.
Reqs—requests. Contain data required to forward a RESV
message upstream to the node that sent the PATH message.
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. Code indicates IP protocol such as TCP or User
Datagram Protocol (UDP).
DPort Destination port number.
Sport Source port number.
Prev Hop or Next Hop IP address of the previous or next hop.
I/F Interface of the previous or next hop.
Field Description
Fi Filter (Wildcard Filter, Shared-Explicit, or Fixed-Filter).
Serv Service (RATE or LOAD).
BPS Bandwidth used by the aggregate reservation in bits per second
(BPS).
Usage Guidelines The show ip rsvp atm-peak-rate-limit command displays the configured peak rate using the following
notations for brevity:
• Kilobytes is shown as K bytes; for example, 1200 kilobytes is displayed as 1200K bytes.
• 1000 kilobytes is displayed as 1M bytes.
If no interface name is specified, configured peak rates for all Resource Reservation Protocol
(RSVP)-enabled interfaces are displayed.
Examples The following example depicts results of the show ip rsvp atm-peak-rate-limit command, presuming
that the ATM subinterface 2/0/0.1 was configured with a reservation peak rate limit of 100 KB using the
ip rsvp atm-peak-rate-limit command.
The following is sample output from the show ip rsvp atm-peak-rate-limit command using the
interface-type interface-number arguments:
Router# show ip rsvp atm-peak-rate-limit atm2/0/0.1
The following samples show output from the show ip rsvp atm-peak-rate-limit command when no
interface name is given:
Router# show ip rsvp atm-peak-rate-limit
show ip rsvp authentication [detail] [from {ip-address | hostname}] [to {ip-address | hostname}]
Syntax Description detail (Optional) Displays additional information about RSVP security
associations.
from (Optional) Specifies the starting point of the security associations.
to (Optional) Specifies the ending point of the security associations.
ip-address (Optional) Information about a neighbor with a specified IP address.
hostname (Optional) Information about a particular host.
Usage Guidelines Use the show ip rsvp authentication command to display the security associations that RSVP has
established with other RSVP neighbors. You can display all security associations or specify an IP address
or hostname of a particular RSVP neighbor, which restricts the size of the display.
The difference between the ip-address and hostname arguments is whether you specify the neighbor by
its IP address or by its name.
Examples The following is sample output from the show ip rsvp authentication command:
Router# show ip rsvp authentication
Field Description
Codes Keys can be either static (manually configured) or dynamic (created from a per-ACL
key or obtained from a key management server such as Kerberos). Cisco IOS software
does not currently support dynamic keys from key management servers. If the field
contains the string per-neighbor, it means the security association is using a
per-neighbor key; if the field contains the string per-interface, it means the security
association is using a per-interface key. If the field contains the string chain, it means
the key for the security association comes from the key chain specified in the Key
Source.
From Starting point of the security association.
To Ending point of the security association.
I/F Name and number of the interface over which the security association is being maintained.
Mode Separate associations maintained for sending and receiving RSVP messages for a
specific RSVP neighbor. Possible values are Send or Receive.
Key-Source Indicates where the key was configured.
Key-ID A string which, along with the IP address, uniquely identifies a security association.
The key ID is automatically generated in Cisco IOS software by using the per-interface
ip rsvp authentication key command, but it is configured in Cisco IOS software when
using key chains for per-neighbor or per-interface RSVP keys. The key ID may be
configurable on other RSVP platforms. A key ID is provided in every RSVP
authenticated message initiated by a sender and is stored by every RSVP receiver.
Note Key Expired in this field means that all possible keys used for this neighbor
have expired.
Code Indicates the type of key ID used.
The following is sample output from the show ip rsvp authentication detail command:
Router# show ip rsvp authentication detail
From: 192.168.102.1
To: 192.168.104.3
Neighbor: 192.168.102.2
Interface: Ethernet2/2
Mode: Send
Key ID: 1
Key ACL: R2 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 01000411
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:17:08
Challenge: Supported
Window size: 1
Last seq # sent: 14167519095569779135
From: 192.168.104.1
To: 192.168.104.3
Neighbor: 192.168.102.2
Interface: Ethernet2/2
Mode: Send
Key ID: 1
Key ACL: R2 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 0400040F
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:22:06
Challenge: Supported
Window size: 1
Last seq # sent: 14167520384059965440
From: 192.168.104.1
To: 192.168.104.3
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Key ACL: R3 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 02000404
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:16:37
Challenge: Supported
Window size: 1
Last seq # sent: 14167518979605659648
From: 192.168.106.1
To: 192.168.104.3
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Key ACL: R3 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 01000408
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:11:37
Challenge: Supported
Window size: 1
Last seq # sent: 14167517691115473376
From: 192.168.106.1
To: 192.168.106.2
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Send
Key ID: 1
Key ACL: R3 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: 8D00040E
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:29
Challenge: Supported
Window size: 1
Last seq # sent: 14167808344437293057
From: 192.168.106.2
To: 192.168.104.1
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Receive
Key ID: 1
Key ACL: R3 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: CD00040A
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:33
Challenge: Not configured
Window size: 1
Last seq # rcvd: 14167808280012783626
From: 192.168.106.2
To: 192.168.106.1
Neighbor: 192.168.106.2
Interface: ATM1/0.1
Mode: Receive
Key ID: 1
Key ACL: R3 (populated)
Key Source: RSVPKey (enabled)
Key Type: Dynamic per-neighbor chain
Handle: C0000412
Hash Type: MD5
Lifetime: 00:30:00
Expires: 00:29:33
Challenge: Not configured
Window size: 1
Last seq # rcvd: 14167808280012783619
Field Description
From Starting point of the security association.
To Ending point of the security association.
Neighbor IP address of the RSVP neighbor with which the security association is being maintained.
Interface Name and number of the interface over which the security association is being maintained.
Mode Separate associations maintained for sending and receiving RSVP messages for a
specific RSVP neighbor. Possible values are Send or Receive.
Key ID A string which, along with the IP address, uniquely identifies a security association.
The key ID is automatically generated in Cisco IOS software by using the per-interface
ip rsvp authentication key command, but it is configured in Cisco IOS software when
using key chains for per-neighbor or per-interface RSVP keys. The key ID may be
configurable on other RSVP platforms. A key ID is provided in every RSVP
authenticated message initiated by a sender and is stored by every RSVP receiver.
Note Key Expired in this field means that all possible keys used for this neighbor
have expired.
Field Description
Key ACL For key types that say dynamic and chain, this field indicates which ACL matched that
neighbor, and therefore, which key chain to use. Possible values include:
• populated = ACL has entries in it.
• removed = ACL has been removed from the configuration.
Key Source Indicates where the key was configured and whether it is enabled or disabled. For key
chains, this indicates the name of the key chain; the Key ID field indicates which key
in the chain is currently being used. For per-interface keys, this field contains the name
of the interface that was configured with the key.
Key Type Static (manually configured) or dynamic (created from a per-ACL key or obtained from
a key management server such as Kerberos).
Note Cisco IOS software does not currently support dynamic keys from key
management servers.
Handle Internal database ID assigned to the security association by RSVP for bookkeeping
purposes.
Hash Type Type of secure hash algorithm being used with that neighbor.
Lifetime Maximum amount of time (in hours, minutes, and seconds) that can elapse before a
security association is expired.
Note This is not how long a key is valid; to obtain duration times for keys, use the
show key chain command.
Expires Amount of time remaining (in days, hours, minutes, and seconds) before the security
association expires.
Note This is not when the current key expires; to obtain expiration times for keys, use
the show key chain command.
Challenge For receive-type security associations, possible values are Not Configured,
Completed, In Progress, and Failed. For send-type security associations, the value is
Supported. Cisco IOS software can always respond to challenges; however, there may
be non-Cisco neighbors that do not implement challenges.
Window Indicates the size of the window for receive-type security associations and the
size maximum number of authenticated RSVP messages that can be received out-of-order
before a replay attack is to be suspected.
Last seq # Displayed only for send-type security associations. It indicates the sequence number
sent used to send the last authenticated message to the RSVP neighbor. Use this information
to troubleshoot certain types of authentication problems.
Last valid Displayed only for receive-type security associations. It indicates the authentication
seq # rcvd sequence number of the last valid RSVP message received from the neighbor. By
default, it shows only one sequence number. However, if you use the ip rsvp
authentication window-size command to increase the authentication window size to n,
then the last n valid received sequence numbers are displayed. Use this information to
troubleshoot certain types of authentication problems.
Command Default If you enter the show ip rsvp counters command without an optional keyword, the command displays
the number of RSVP messages that were sent and received for each interface on which RSVP is
configured.
Examples The following example shows the values for the number of RSVP messages of each type that were sent
and received by the router over all interfaces, including the hello and message queues information:
Router# show ip rsvp counters summary
Field Description
All Interfaces Types of messages displayed for all interfaces.
Note Hello is a summary of graceful restart, reroute (hello
state timer), and Fast Reroute messages.
Recv Number of messages received on the specified interface or on all
interfaces.
Xmit Number of messages transmitted from the specified interface or
from all interfaces.
Recv Msg Queues Queues for received messages for RSVP, hello per interface, and
awaiting authentication.
• Current—Number of messages queued.
• Max—Maximum number of messages ever queued.
Usage Guidelines Use the show ip rsvp counters state teardown command when a label-switched path (LSP) is down. If
graceful restart triggered the state teardown, the numbers in the Path, Resv-In, and Resv-Out columns in
the “Examples” section are greater than 0.
Examples The following is sample output from the show ip rsvp counters state teardown command:
Router# show ip rsvp counters state teardown
States
Reason for Teardown State torn down
Path Resv-In Resv-Out
PathTear arrival 0 0 0
ResvTear arrival 0 0 0
Local application requested tear 0 0 0
Output or Input I/F went down 0 0 0
Missed refreshes 0 0 0
Preemption 0 0 0
Backup tunnel failed for FRR Active LSP 0 0 0
Reroutabilty changed for FRR Active LSP 0 0 0
Hello RR Client (HST) requested tear 0 0 0
Graceful Restart (GR) requested tear 0 0 0
Downstream neighbor SSO-restarting 0 0 0
Resource unavailable 0 0 0
Policy rejection 0 0 0
Policy server sync failed 0 0 0
Traffic control error 0 0 0
Error in received message 0 0 0
Non RSVP HOP upstream, TE LSP 0 0 0
Other 0 0 0
Field Description
States RSVP state, including path state block (PSB) and reservation state
block (RSB) information.
Reason for Teardown Event triggering the teardown.
Command Default The backup bandwidth protection and backup tunnel status information is not displayed.
Examples The following is sample output from the show ip rsvp fast bw-protect command:
Router# show ip rsvp fast bw-protect
Field Description
Primary Tunnel Identification of the tunnel being protected.
Protect I/F Interface name.
Field Description
BW BPS:Type Bandwidth, in bits per second, and type of bandwidth. Possible values
are:
• S—Subpool
• G—Global pool
Backup Tunnel:Label Identification of the backup tunnel.
State Status of backup tunnel. Valid values are:
• Ready—Data is passing through the primary tunnel, but the
backup tunnel is ready to take over if the primary tunnel goes
down.
• Active—The primary tunnel is down, so the backup tunnel is used
for traffic.
• None—There is no backup tunnel.
BW-P Status of backup bandwidth protection. Possible values are ON and
OFF.
Type Type of backup tunnel. Possible values are:
• Nhop—Next hop
• NNHOP—Next-next hop
Examples The following is sample output from the show ip rsvp fast detail command:
Router# show ip rsvp fast detail
PATH:
Tun Dest: 10.0.0.7 Tun ID: 500 Ext Tun ID: 10.0.0.5
Tun Sender: 10.0.0.5 LSP ID: 8
Path refreshes:
sent: to NHOP 10.5.6.6 on POS2/0
Session Attr:
Setup Prio: 7, Holding Prio: 7
Flags: Local Prot desired, Label Recording, SE Style, Bandwidth Prot desired
Session Name: PRAB-72-5_t500
ERO: (incoming)
10.0.0.5 (Strict IPv4 Prefix, 8 bytes, /32)
555.5.6.6 (Strict IPv4 Prefix, 8 bytes, /32)
555.6.7.7 (Strict IPv4 Prefix, 8 bytes, /32)
10.0.0.7 (Strict IPv4 Prefix, 8 bytes, /32)
ERO: (outgoing)
555.5.6.6 (Strict IPv4 Prefix, 8 bytes, /32)
555.6.7.7 (Strict IPv4 Prefix, 8 bytes, /32)
10.0.0.7 (Strict IPv4 Prefix, 8 bytes, /32)
Traffic params - Rate: 500K bits/sec, Max. burst: 1K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 4294967295 bytes
Fast-Reroute Backup info:
Inbound FRR: Not active
Outbound FRR: Ready -- backup tunnel selected
Backup Tunnel: Tu501 (label 19)
Bkup Sender Template:
Field Description
Tun Dest IP address of the receiver.
Tun ID Tunnel identification number.
Ext Tun ID Extended tunnel identification number.
Tun Sender IP address of the sender.
LSP ID Label-switched path identification number.
Setup Prio Setup priority.
Holding Prio Holding priority.
Flags Backup bandwidth protection has been configured for the
label-switched path (LSP).
Session Name Name of the session.
ERO (incoming) EXPLICIT_ROUTE object of incoming path messages.
ERO (outgoing) EXPLICIT_ROUTE object of outgoing path messages.
Traffic params Rate Average rate, in bits per second.
Max. burst Maximum burst size, in bytes.
Min Policed Unit Minimum policed units, in bytes.
Max Pkt Size Maximum packet size, in bytes.
Inbound FRR Status of inbound Fast Reroute (FRR) backup tunnel. If this node is
downstream from a rerouted LSP (for example, at a merge point for
this LSP), the state is Active.
Outbound FRR Status of outbound FRR backup tunnel. If this node is a point of local
repair (PLR) for an LSP, there are three possible states:
• Active—This LSP is actively using its backup tunnel, presumably
because there has been a downstream failure.
• No Backup—This LSP does not have local (Fast Reroute)
protection. No backup tunnel has been selected for it to use in case
of a failure.
• Ready—This LSP is ready to use a backup tunnel in case of a
downstream link or node failure. A backup tunnel has been
selected for it to use.
Field Description
Backup Tunnel If the Outbound FRR state is Ready or Active, this field indicates the
following:
• Which backup tunnel has been selected for this LSP to use in case
of a failure.
• The inbound label that will be prepended to the LSP’s data packets
for acceptance at the backup tunnel tail (the merge point).
Bkup Sender Template If the Outbound FRR state is Ready or Active, SENDER_TEMPLATE
and FILTERSPEC objects are shown. These objects will be used in
RSVP messages sent by the backup tunnel if or when the LSP starts
actively using the backup tunnel. They differ from the original
(prefailure) objects only in that the node (the PLR) substitutes its own
IP address for that of the original sender. For example, path and
pathTear messages will contain the new SENDER_TEMPLATE. Resv
and resvTear messages will contain the new FILTERSPEC object. If
this LSP begins actively using the backup tunnel, the display changes.
Bkup FilerSpec If the Outbound FRR state is Ready or Active, SENDER_TEMPLATE
and FILTERSPEC objects are shown. These objects will be used in
RSVP messages sent by the backup tunnel if or when the LSP starts
actively using the backup tunnel. They differ from the original
(prefailure) objects only in that the node (the PLR) substitutes its own
IP address for that of the original sender. For example, path and
pathTear messages will contain the new SENDER_TEMPLATE. Resv
and resvTear messages will contain the new FILTERSPEC object. If
this LSP begins actively using the backup tunnel, the display changes.
Path ID handle Protection Switch Byte (PSB) identifier.
Incoming policy Policy decision of the LSP. If RSVP policy was not granted for the
incoming path message for the tunnel, the LSP does not come up.
Accepted is displayed.
Policy source(s) For FRR LSPs, this value always is MPLS/TE for the policy source.
Status For FRR LSPs, valid values are as follows:
• Proxied—Headend routers.
• Proxied Terminated—Tailend routers.
For midpoint routers, the field always is blank.
Command Default Information about fast-reroutable primary tunnels and their corresponding backup tunnels is not
displayed.
Examples The following example displays information about fast reroutable primary tunnels and their
corresponding backup tunnels that provide protection:
Router# show ip rsvp fast-reroute
Field Description
Primary Tunnel Hostname and tunnel ID.
Protect I/F Interface that is being protected.
BW BPS:Type Bandwidth bits per second and pool from which bandwidth
comes. Valid values are G, global pool; S, subpool.
Backup Tunnel:Label Backup tunnel ID and label.
Field Description
State Status of protection. Valid values are Ready and Active.
Level Level of bandwidth. Valid values are any and unl (unlimited).
Type Type of backup tunnel: Nhop (next hop) or NNhop
(next-next hop).
Examples The following is sample output from the show ip rsvp hello command:
Router# show ip rsvp hello
Hello:
RSVP Hello for Fast-Reroute/Reroute: Enabled
Statistics: Disabled
BFD for Fast-Reroute/Reroute: Enabled
RSVP Hello for Graceful Restart: Disabled
Table 75 describes the significant fields shown in the display. The fields describe the processes for which
hello is enabled or disabled.
Field Description
RSVP Hello for Status of Fast-Reroute/Reroute:
Fast-Reroute/Reroute
• Enabled—Fast reroute and reroute (hello for state timer) are
activated (enabled).
• Disabled—Fast reroute and reroute (hello for state timer) are not
activated (disabled).
Statistics Status of hello statistics:
• Enabled—Statistics are configured. Hello packets are
time-stamped when they arrive in the hello input queue for the
purpose of recording the time required until they are processed.
• Disabled—Hello statistics are not configured.
• Shutdown—Hello statistics are configured but not operational.
The input queue is too long (that is, more than 10,000 packets are
queued).
BFD for Status of BFD for Fast-Reroute/Reroute:
Fast-Reroute/Reroute
• Enabled—BFD is configured.
• Disabled—BFD is not configured.
Graceful Restart Restart capability:
• Enabled—Restart capability is activated for a router (full mode) or
its neighbor (help-neighbor).
• Disabled—Restart capability is not activated.
Usage Guidelines Use the show ip rsvp hello client lsp detail command to display information about the LSPs, including
IP addresses and their types.
Examples The following is sample output from the show ip rsvp hello client lsp detail command:
Router# show ip rsvp hello client lsp detail
Field Description
Hello Client LSPs Current clients include graceful restart (GR), reroute (RR) (hello
state timer), and fast reroute (FRR).
Tun Dest IP address of the destination tunnel.
Tun ID Identification number of the tunnel.
Table 76 show ip rsvp hello client lsp detail Field Descriptions (continued)
Field Description
Ext Tun ID Extended identification number of the tunnel. Usually, this is the
same as the source address.
Tun Sender IP address of the tunnel sender.
LSP ID Identification number of the LSP.
Lsp flags LSP database information.
Lsp GR DN nbr IP address of the LSP graceful restart downstream neighbor.
Lsp RR DN nbr IP address LSP reroute downstream neighbor; HST—hello state
timer.
Usage Guidelines Use the show ip rsvp hello client lsp summary command to display information about the LSPs,
including IP addresses and identification numbers.
Examples The following is sample output from the show ip rsvp hello client lsp summary command:
Router# show ip rsvp hello client lsp summary
Field Description
Local IP address of the tunnel sender.
Remote IP address of the tunnel destination.
tun_id Identification number of the tunnel.
lsp_id Identification number of the LSP.
FLAGS Database information.
Usage Guidelines Use the show ip rsvp hello client neighbor detail command to display information about the hello
neighbors, including their state and type.
Examples The following is sample output from the show ip rsvp hello client neighbor detail command:
Router# show ip rsvp hello client neighbor detail
Table 78 describes the significant fields shown in the display. The fields provide information that
uniquely identifies the neighbors. Clients can include graceful restart, reroute (hello state timer), and fast
reroute.
Field Description
Remote addr IP address of the remote neighbor. For graceful restart, this is the
neighbor router’s ID; for fast reroute and hello state timer (reroute),
this is one of the neighbor’s interface addresses.
Local addr IP address of the local neighbor. For graceful restart, this is the
neighbor router’s ID; for fast reroute and hello state timer (reroute),
this is one of the neighbor’s interface addresses.
Nbr State State of the neighbor; values can be the following:
• Normal = neighbor is functioning normally.
• Restarting = neighbor is restarting.
• Recover Nodal = neighbor is recovering from node failure.
• HST_GR_LOST = HST (hello state timer for reroute) is lost;
waiting to see if graceful restart (GR) is also lost.
• WAIT PathTear = PathTear message is delayed to allow traffic
in the pipeline to be transmitted.
Type Type of client; graceful restart, Reroute (hello state timer), or Fast
Reroute.
Nbr Hello State State of hellos for the neighbor. Values are as follows:
• Up—Node is communicating with its neighbor.
• Lost—Communication has been lost.
• Init—Communication is being established.
LSPs protecting Number of LSPs being protected.
I/F Interface name and number associated with the hello instance.
Usage Guidelines Use the show ip rsvp hello client neighbor summary command to display information about the
neighbors, including state, type, and hello instance status.
Examples The following is sample output from the show ip rsvp hello client neighbor summary command:
Router# show ip rsvp hello client neighbor summary
LocalRemoteTypeNBR_STATEHI_STATELSPs
10.0.0.110.0.0.3RRNormalUp1
172.16.1.1192.168.1.1GRNormalLost1
Field Description
Local IP address of the tunnel sender.
Remote IP address of the tunnel destination.
Type Type of client; graceful restart (GR), reroute (RR (hello state
timer)), or fast reroute (FRR).
Table 79 show ip rsvp hello client neighbor summary Field Descriptions (continued)
Field Description
NBR_STATE State of the neighbor; values can be the following:
• Normal—Neighbor is functioning normally.
• Restarting—Neighbor is restarting.
• Recover Nodal—Neighbor is recovering from node failure.
• HST_GR_LOST—HST (hello state timer for reroute) is lost;
waiting to see if graceful restart (GR) is also lost.
• WAIT PathTear—PathTear message is delayed to allow traffic
in the pipeline to be transmitted.
HI_STATE State of hello instances for the neighbor. Values are as follows:
• Up—Node is communicating with its neighbor.
• Lost—Communication has been lost.
• Init—Communication is being established.
LSPs Number of LSPs going to or coming from the neighbor.
Usage Guidelines Use the show ip rsvp hello graceful-restart command to display the status of graceful restart and
related statistics.
Examples The following is sample output from the show ip rsvp hello graceful-restart command:
Router# show ip rsvp hello graceful-restart
Field Description
Graceful Restart Restart capability:
• Enabled—Restart capability is activated for a router (full mode)
or its neighbor (help-neighbor).
• Disabled—Restart capability is not activated.
Refresh interval Frequency in milliseconds (ms) with which a node sends a hello
message to its neighbor.
Refresh misses Number of missed hello messages that trigger a neighbor down
event upon which stateful switchover (SSO) procedures are started.
DSCP The differentiated services code point (DSCP) value in the IP
header of the hello messages.
Advertised restart time The time, in ms, that is required for the sender to restart the
RSVP-TE component and exchange hello messages after a failure.
Advertised recovery time The time, in ms, within which a recovering node wants its neighbor
router to resynchronize the RSVP or Multiprotocol Label Switching
(MPLS) forwarding state after SSO.
Note A zero value indicates that the RSVP or MPLS forwarding
state is not preserved after SSO.
Maximum wait for recovery The maximum amount of time, in ms, that the router waits for a
neighbor to recover.
Syntax Description filter destination ip-address (Optional) IP address of the neighbor node.
Usage Guidelines Use the show ip rsvp hello instance detail command to display information about the processes
(clients) currently configured.
Examples The following is sample output from the show ip rsvp hello instance detail command:
Router# show ip rsvp hello instance detail
Num times: 0
Reasons:
Missed acks: 0
Bad Src_Inst received: 0
Bad Dst_Inst received: 0
I/F went down: 0
Neighbor disabled Hello: 0
Msgs Received: 55590
Sent: 55854
Suppressed: 521
Field Description
Neighbor IP address of the adjacent node.
Source IP address of the node that is sending the hello message.
Type Values are Active (node is sending a request) and Passive (node
is responding to a request).
I/F Interface from which hellos are sent for this instance. Any means
that the hellos can be sent out any interface.
State Status of communication. Values are as follows:
• Up—Node is communicating with its neighbor.
• Lost—Communication has been lost.
• Init—Communication is being established.
Clients Clients that created this hello instance; they include graceful
restart, ReRoute (hello state timer), and Fast Reroute.
LSPs protecting Number of LSPs that are being protected by this hello instance.
Missed acks Number of times that communication was lost due to missed
acknowledgments (ACKs).
IP DSCP IP differentiated services code point (DSCP) value used in the
hello IP header.
Refresh Interval (msec) The frequency (in milliseconds) with which a node generates a
hello message containing a Hello Request object for each
neighbor whose status is being tracked.
Configured Configured refresh interval.
Statistics Refresh interval statistics from a specified number of samples
(packets).
Min Minimum refresh interval.
Field Description
Max Maximum refresh interval.
Average Average refresh interval.
Waverage Weighted average refresh interval.
Current Current refresh interval.
Last sent Src_instance The last source instance sent to a neighbor.
Last recv nbr’s Src_instance The last source instance field value received from a neighbor.
(0 means none received.)
Counters Incremental information relating to communication with a
neighbor.
Num times Total number of times that communication with a neighbor was
lost.
Reasons Subsequent fields designate why communication with a neighbor
was lost.
Missed acks Number of times that communication was lost due to missed
ACKs.
Bad Src_Inst received Number of times that communication was lost due to bad source
instance fields.
Bad Dst_Inst received Number of times that communication was lost due to bad
destination instance fields.
I/F went down Number of times that the interface became unoperational.
Neighbor disabled Hello Number of times that a neighbor disabled hello messages.
Msgs Received Number of messages that were received.
Sent Number of messages that were sent.
Suppressed Number of messages that were suppressed due to optimization.
Examples The following is sample output from the show ip rsvp hello instance summary command:
Router# show ip rsvp hello instance summary
Active Instances:
Client Neighbor I/F State LostCnt LSPs Interval
RR 10.0.0.3 Se2/0 Up 0 1 6000
GR 10.1.1.1 Any Up 13 1 10000
GR 10.1.1.5 Any Lost 0 1 10000
GR 10.2.2.1 Any Init 1 0 5000
Passive Instances:
Neighbor I/F
10.0.0.1 Se2/1
Field Description
Active Instances Active nodes that are sending hello requests.
Client Clients on behalf of which hellos are sent; they include GR (graceful
restart), RR (reroute = hello state timer), and FRR (Fast Reroute).
Neighbor IP address of the adjacent node. For graceful restart, this is the neighbor
router’s ID; for Fast Reroute and hello state timer (reroute), this is one
of the neighbor’s interface addresses.
I/F Interface from which hellos are sent for this instance. Any means that
the hellos can be sent out any interface.
State Status of communication. Values are as follows:
• Up—Node is communicating with its neighbor.
• Lost—Communication has been lost.
• Init—Communication is being established.
LostCnt Number of times that communication was lost with the neighbor.
LSPs Number of label-switched paths (LSPs) protected by this hello instance.
Interval Hello refresh interval in milliseconds.
Field Description
Passive Instances Passive nodes that are responding to hello requests.
Neighbor IP address of adjacent node. For graceful restart, this is the neighbor
router’s ID; for Fast Reroute and hello state timer (reroute), this is one
of the neighbor’s interface addresses.
I/F Interface from which hellos are sent for this instance. Any means that
the hellos can be sent out any interface.
Command Default Information about how long hello packets have been in the hello input queue is not displayed.
Usage Guidelines You can use this command to determine if the hello refresh interval is too small. If the interval is too
small, communication may falsely be declared as lost.
Examples The following is sample output from the show ip rsvp hello statistics command:
Router# show ip rsvp hello statistics
Status: Enabled
Packet arrival queue:
Wait times (msec)
Current:0
Average:0
Weighted Average:0 (weight = 0.8)
Max:4
Current length: 0 (max:500)
Number of samples taken: 2398525
Field Description
Status Indicator of whether Hello has been enabled globally on the router.
Current Amount of time, in milliseconds, that the current hello packet has been in
the Hello input queue.
Average Average amount of time, in milliseconds, that hello packets are in the Hello
input queue.
Max Maximum amount of time, in milliseconds, that hello packets have been in
the Hello input queue.
Current length Current amount of time, in milliseconds, that hello packets have been in the
Hello input queue.
Number of samples taken Number of packets for which these statistics were compiled.
Usage Guidelines Use the show ip rsvp high-availability counters command to display the HA counters, which include
state, ISSU, checkpoint messages, resource failures, and errors.
The command output differs depending on whether the RP is active or standby. (See the “Examples”
section for more information.)
Use the clear ip rsvp high-availability counters command to clear all counters.
Examples The following is sample output from the show ip rsvp high-availability counters command on the
active RP:
Router# show ip rsvp high-availability counters
State: Active
Bulk sync
initiated: 3
Send timer
started: 1
ISSU:
Checkpoint Messages Transformed:
On Send:
Succeeded: 3
Failed: 0
Transformations: 0
On Recv:
Succeeded: 0
Failed: 0
Transformations: 0
Negotiation:
Started: 3
Finished: 3
Failed to Start: 0
Messages:
Sent:
Send succeeded: 21
Send failed: 0
Buffer allocated: 21
Buffer freed: 0
Buffer alloc failed: 0
Received:
Succeeded: 15
Failed: 0
Buffer freed: 15
Init:
Succeeded: 1
Failed: 0
Session Registration:
Succeeded: 2
Failed: 0
Session Unregistration:
Succeeded: 2
Failed: 0
Errors:
None
Field Description
State The RP state:
• Active—Active RP.
Bulk sync The number of requests made by the standby RP to the active
RP to resend all write database entries:
• Initiated—The number of bulk sync operations initiated
by the standby RP since reboot.
Send timer The write database timer.
Checkpoint Messages (Items) Sent The details of the bundle messages or items sent since
booting.
Field Description
Succeeded The number of bundle messages or items sent from the active
RP to the standby RP since booting. Values are the following:
• Acks accepted—The number of bundle messages or
items sent from the active RP to the standby RP.
• Acks ignored—The number of bundle messages or items
sent by the active RP, but rejected by the standby RP.
• Nacks—The number of bundle messages or items given
to the checkpointing facility (CF) on the active RP for
transmitting to the standby RP, but failed to transmit.
Failed The number of bundle messages or items the active RP
attempted to send the standby RP when the send timer
updated, but received an error back from CF.
Buffer alloc Storage space allocated.
Buffer freed Storage space available.
ISSU In-Service Software Upgrade (ISSU) counters.
Checkpoint Messages Transformed The details of the bundle messages or items transformed
(upgraded or downgraded for compatibility) since booting so
that the active RP and the standby RP can interoperate.
On Send The number of messages sent by the active RP that
succeeded, failed, or were transformations.
On Recv The number of messages received by the active RP that
succeeded, failed, or were transformations.
Negotiation The number of times that the active RP and the standby RP
have negotiated their interoperability parameters.
Started The number of negotiations started.
Finished The number of negotiations finished.
Failed to Start The number of negotiations that failed to start.
Messages The number of negotiation messages sent and received. These
messages can be succeeded or failed.
• Send succeeded—Number of messages sent
successfully.
• Send failed—Number of messages sent unsuccessfully.
• Buffer allocated—Storage space allowed.
• Buffer freed—Storage space available.
• Buffer alloc failed—No storage space available.
Init The number of times the RSVP ISSU client has successfully
and unsuccefully (failed) initialized.
Session Registration The number of session registrations, succeeded and failed,
performed by the active RP whenever the standby RP reboots.
Field Description
Session Unregistration The number of session unregistrations, succeeded and failed,
before the standby RP resets.
Errors The details of errors or caveats.
The following is sample output from the show ip rsvp high-availability counters command on the
standby RP:
Router# show ip rsvp high-availability counters
State: Standby
ISSU:
Checkpoint Messages Transformed:
On Send:
Succeeded: 0
Failed: 0
Transformations: 0
On Recv:
Succeeded: 1
Failed: 0
Transformations: 0
Negotiation:
Started: 1
Finished: 1
Failed to Start: 0
Messages:
Sent:
Send succeeded: 5
Send failed: 0
Buffer allocated: 5
Buffer freed: 0
Buffer alloc failed: 0
Received:
Succeeded: 7
Failed: 0
Buffer freed: 7
Init:
Succeeded: 1
Failed: 0
Session Registration:
Succeeded: 0
Failed: 0
Session Unregistration:
Succeeded: 0
Failed: 0
Errors:
None
Field Description
State The RP state:
• Standby—Standby (backup) RP.
Checkpoint Messages (Items) Received The details of the messages or items received by the standby
RP. Values are the following:
• Valid—The number of valid messages or items received
by the standby RP.
• Invalid—The number of invalid messages or items
received by the standby RP.
• Buffer freed—Amount of storage space available.
ISSU ISSU counters.
Note For descriptions of the ISSU fields, see Table 84.
Errors The details of errors or caveats.
Syntax Description hello Displays information about the hello entries in the read and write databases.
link-management Displays information about the link-management entries in the read and
write databases.
interfaces Displays information about the link-management interfaces in the read and
write databases.
system Displays information about the link-management system in the read and
write databases.
lsp Displays information about the label switched path (LSP) entries in the read
and write databases.
filter destination (Optional) Displays filtered information on the IP address of the destination
ip-address (tunnel tail).
filter lsp-id lsp-id (Optional) Displays filtered information on a specific LSP ID designated by
a number from 0 to 65535.
filter source ip-address (Optional) Displays filtered information on the IP address of the source
(tunnel head).
filter tunnel-id (Optional) Displays filtered information on a specific tunnel ID designated
tunnel-id by a number from 0 to 65535.
lsp-head Displays information about the LSP-headend entries in the read and write
databases.
filter number (Optional) Displays filtered information on a specific LSP-head router
designated by a number from 0 to 65535.
summary Displays cumulative information about the entries in the read and write
databases.
Release Modification
12.2(33)SRC This command was integrated into Cisco IOS Release 12.2(33)SRC. The
command output was modified to include path protection information if you
specify the lsp-head keyword.
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T.
Usage Guidelines Use the show ip rsvp high-availability database command to display information about the entries in
the read and write databases.
Use the show ip rsvp high-availability database lsp command to display loose hop information. A
loose hop expansion can be performed on a router when the router processes the explicit router object
(ERO) for an incoming path message. After the router removes all local IP addresses from the incoming
ERO, it finds the next hop. If the ERO specifies that the next hop is loose instead of strict, the router
consults the TE topology database and routing to determine the next hop and output interface to forward
the path message. The result of the calculation is a list of hops; that list is placed in the outgoing ERO
and checkpointed with the LSP data as the loose hop information.
Use the show ip rsvp high-availability database lsp-head command on a headend router only. On other
routers, this command gives no information.
HELLO WRITE DB
Header:
State: Checkpointed Action: Add
Seq #: 1 Flags: 0x0
Data:
Last sent Src_instance: 0xDE435865
HELLO READ DB
Field Description
HELLO WRITE DB Storage area for active RP hello data consisting of
checkpointed RSVP-TE information that is sent to the
standby RP when it becomes the active RP and needs to
recover LSPs. This field is blank on a standby RP.
Header Header information.
Field Description
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
acknowledgment (ack) of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and negative acknowledgments (nacks) to
messages sent.
Flags Attribute used to identify or track data.
Data Information.
Last sent Src_instance Last source instance identifier sent.
HELLO READ DB Storage area for standby RP hello data. This field is blank on
an active RP except when it is in recovery mode.
HELLO WRITE DB
HELLO READ DB
Header:
State: Checkpointed Action: Add
Seq #: 1 Flags: 0x0
Data:
Last sent Src_instance: 0xDE435865
These fields are the same as those for the active RP described in Table 86 except they are now in the read
database for the standby RP.
TE LINK WRITE DB
Flooding Protocol: ospf IGP Area ID: 0 Link ID: 0 (GigabitEthernet3/2)
Header:
State: Checkpointed Action: Add
Seq #: 4 Flags: 0x0
Data:
Ifnumber: 5 Link Valid Flags: 0x193B
Link Subnet Type: Broadcast
Local Intfc ID: 0 Neighbor Intf ID: 0
Link IP Address: 172.16.3.1
Neighbor IGP System ID: 172.16.3.2 Neighbor IP Address: 10.0.0.0
IGP Metric: 1 TE Metric: 1
Physical Bandwidth: 1000000 kbits/sec
Res. Global BW: 3000 kbits/sec
Res. Sub BW: 0 kbits/sec
Upstream::
Global Pool Sub Pool
----------- ----------
Reservable Bandwidth[0]: 0 0 kbits/sec
Reservable Bandwidth[1]: 0 0 kbits/sec
Reservable Bandwidth[2]: 0 0 kbits/sec
Reservable Bandwidth[3]: 0 0 kbits/sec
Reservable Bandwidth[4]: 0 0 kbits/sec
Reservable Bandwidth[5]: 0 0 kbits/sec
Reservable Bandwidth[6]: 0 0 kbits/sec
Reservable Bandwidth[7]: 0 0 kbits/sec
Downstream::
Global Pool Sub Pool
----------- ----------
Reservable Bandwidth[0]: 3000 0 kbits/sec
Reservable Bandwidth[1]: 3000 0 kbits/sec
Reservable Bandwidth[2]: 3000 0 kbits/sec
Reservable Bandwidth[3]: 3000 0 kbits/sec
Reservable Bandwidth[4]: 3000 0 kbits/sec
Reservable Bandwidth[5]: 3000 0 kbits/sec
Reservable Bandwidth[6]: 3000 0 kbits/sec
Reservable Bandwidth[7]: 2900 0 kbits/sec
Affinity Bits: 0x0
Protection Type: Capability 0, Working Priority 0
Number of TLVs: 0
Field Description
TE LINK WRITE DB Storage area for active TE RP link data. This field is blank on
a standby RP.
Flooding Protocol Protocol that is flooding information for this area. ospf =
Open Shortest Path First.
IGP Area ID Interior Gateway Protocol (IGP) identifier for the area being
flooded.
Link ID Link identifier and interface for the area being flooded.
Header Header information.
Field Description
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
ack of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and nacks to messages sent.
Flags Attribute used to identify or track data.
Data Information.
Ifnumber Interface number.
Link Valid Flags Attributes used to identify or track links.
Link Subnet Type Subnet type of the link. Values are as follows:
• Broadcast—Data for multiple recipients.
• Nonbroadcast Multiaccess—A network in which data is
transmitted directly from one computer to another over a
virtual circuit or across a switching fabric.
• Point-to-Multipoint—Unidirectional connection in
which a single source end system (known as a root node)
connects to multiple destination end systems (known as
leaves).
• Point-to-Point—Unidirectional or bidirectional
connection between two end systems.
• Unknown subnet type—Subnet type not identified.
Local Intfc ID Local interface identifier.
Neighbor Intf ID Neighbor’s interface identifier.
Link IP Address IP address of the link.
Neighbor IGP System ID Neighbor system identifier configured using IGP.
Neighbor IP Address Neighbor’s IP address.
IGP Metric Metric value for the TE link configured using IGP.
Field Description
TE Metric Metric value for the TE link configured using Multiprotocol
Label Switching (MPLS) TE.
Physical Bandwidth Link bandwidth capacity (in kilobits per second).
Res. Global BW Amount of reservable global pool bandwidth (in kilobits per
second) on this link.
Res. Sub BW Amount of reservable subpool bandwidth (in kilobits per
second) on this link.
Upstream Header for the following section of bandwidth values.
Global Pool Global pool bandwidth (in kilobits per second) on this link.
Sub Pool Subpool bandwidth (in kilobits per second) on this link.
Reservable Bandwidth [1] Amount of bandwidth (in kilobits per second) available for
reservations in the global TE topology and subpools.
Downstream Header for the following section of bandwidth values.
Affinity Bits Link attributes required in tunnels.
Protection Type LSPs protected by fast reroute (FRR). Capability = LSPs
capable of using FRR. Working Priority = LSPs actually
using FRR.
Number of TLVs Number of type, length, values (TLVs).
The fields for a standby RP are the same as those described in Table 87 except they are now in the TE
link read database instead of the TE link write database that is used by an active RP.
TE SYSTEM WRITE DB
Flooding Protocol: OSPF IGP Area ID: 0
Header:
State: Checkpointed Action: Modify
Seq #: 4 Flags: 0x0
Data:
LM Flood Data::
LSA Valid flags: 0x0 Node LSA flag: 0x0
IGP System ID: 172.16.3.1 MPLS TE Router ID: 10.0.0.3
Flooded links: 1 TLV length: 0 (bytes)
Fragment id: 0
TE SYSTEM READ DB
Field Description
TE SYSTEM WRITE DB Storage area for active TE RP system data. This field is blank
on a standby RP.
Flooding Protocol Protocol that is flooding information for this area. OSPF =
Open Shortest Path First.
IGP Area ID IGP identifier for the area being flooded.
Header Header information.
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
ack of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and nacks to messages sent.
Flags Attribute used to identify or track data.
Data Information.
LM Flood Data Link management (LM) flood data.
LSA Valid flags Link-state advertisement (LSA) attributes.
Node LSA flag LSA attributes used by a router.
IGP System ID Identification (IP address) that IGP flooding uses in this area
to identify this node.
MPLS TE Router ID MPLS TE router identifier (IP address).
Flooded links Number of flooded links.
TLV length TLV length in bytes.
Fragment id Fragment identifier for this link.
TE SYSTEM READ DB Storage area for standby TE RP system data. This field is
blank on a standby RP.
The fields for a standby RP are the same as those described in Table 88 except they are now in the TE
system read database instead of the TE system write database that is used by an active RP.
LSP WRITE DB
Tun ID: 10 LSP ID: 8
Dest: 10.0.0.9
Sender: 10.0.0.3 Ext. Tun ID: 10.0.0.3
Header:
State: Checkpointed Action: Add
Seq #: 3 Flags: 0x0
Data:
InLabel: -
Out I/F: Gi3/2
Next-Hop: 172.16.3.1
OutLabel: 17
LSP READ DB
Field Description
LSP WRITE DB Storage area for active RP LSP data. This field is blank on a
standby RP.
Tun ID Tunnel identifier.
LSP ID LSP identifier.
Dest Tunnel destination IP address.
Sender Tunnel sender IP address.
Ext. Tun ID Extended tunnel identifier; usually set to 0 or the sender’s IP
address.
Header Header information.
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Field Description
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
ack of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and nacks to messages sent.
Flags Attribute used to identify or track data.
Data Information.
InLabel Incoming label identifier.
Out I/F Outgoing interface.
Next-Hop Next hop IP address.
OutLabel Outgoing label identifier.
Loose hop info Lists the loose hop expansions performed on the router, or
specifies None.
LSP READ DB Storage area for standby RP LSP data. This field is blank on
an active RP.
The fields for a standby RP are the same as those described in Table 89 except they are now in the LSP
read database instead of the LSP write database that is used by an active RP.
LSP_HEAD WRITE DB
Tun ID: 10
Header:
State: Checkpointed Action: Add
Seq #: 3 Flags: 0x0
Data:
lsp_id: 8, bandwidth: 100, thead_flags: 0x1, popt: 1
feature_flags: path protection active
output_if_num: 5, output_nhop: 172.16.3.2
RRR path setup info
Destination: 10.0.0.9, Id: 10.0.0.9 Router Node (ospf) flag:0x0
IGP: ospf, IGP area: 0, Number of hops: 5, metric: 2
Hop 0: 172.16.3.1, Id: 172.16.3.1 Router Node (ospf), flag:0x0
Hop 1: 172.16.3.2, Id: 10.0.0.7 Router Node (ospf), flag:0x0
Hop 2: 172.16.6.1, Id: 10.0.0.7 Router Node (ospf), flag:0x0
Hop 3: 172.16.6.2, Id: 10.0.0.9 Router Node (ospf), flag:0x0
Hop 4: 10.0.0.9, Id: 10.0.0.9 Router Node (ospf), flag:0x0
LSP_HEAD READ DB
Field Description
LSP_HEAD WRITE DB Storage area for active RP LSP-head data. This field is blank
on a standby RP.
Tun ID Tunnel identifier.
Header Header information.
State Status of an entry. Values are as follows:
• Ack-Pending—Entries have been sent, but not
acknowledged.
• Checkpointed—Entries have been sent and
acknowledged by the standby RP.
• Send-Pending—Entries are waiting to be sent.
Action Action taken. Values are as follows:
• Add—Adding an item to the standby RP.
• Delete—Deleting an item from the standby RP. This
action appears temporarily while the active RP awaits an
ack of the delete operation.
• Modify—Modifying an item on the standby RP.
• Remove—Removing an item from the standby RP.
Seq # Numbers used by the active and standby RPs to synchronize
message acks and nacks to messages sent.
Flags Attribute used to identify or track data.
Data Information.
lsp_id LSP identifier.
bandwidth Bandwidth on the LSP (in kilobits per second).
thead_flags Tunnel head attribute used to identify or track data.
popt Parsing option number.
feature_flags Indicates whether the LSP being used to forward traffic is the
secondary LSP using the path protection path-option. Valid
values are as follows:
• none
• path protection active
output_if_num Output interface number.
output_nhop Output next hop IP address.
RRR path setup info Routing with Resource Reservation (RRR) path information.
Destination Destination IP address.
Field Description
Id IP address and protocol of the routing node. Values are the
following:
• isis = Intermediate System-to-Intermediate System
• ospf = Open Shortest Path First
flag Attribute used to track data.
IGP Interior Gateway Protocol. ospf = Open Shortest Path First.
IGP area IGP area identifier.
Number of hops Number of connections or routers.
metric Routing cost.
Hop Hop’s number and IP address.
Id IP address and protocol of the routing node. Values are the
following:
• isis = Intermediate System-to-Intermediate System
• ospf = Open Shortest Path First
flag Attribute used to track data.
LSP_HEAD READ DB Storage area for standby RP LSP-head data. This field is
blank on an active RP.
The fields for a standby RP are the same as those described in Table 90 except they are now in the
LSP_head read database instead of the LSP_head write database that is used by an active RP.
Write DB:
Send-Pending: 0
Ack-Pending : 0
Checkpointed: 10
Total : 10
Read DB:
Total : 0
Field Description
Write DB Storage area for active RP summary data. This field is blank
on a standby RP.
Send-Pending Entries are waiting to be sent.
Field Description
Ack-Pending Entries have been sent, but are waiting to be acknowledged.
Checkpointed Entries have been sent and acknowledged.
Total Total number of entries in the write database.
Total Total number of entries in the read database.
Write DB:
Send-Pending: 0
Ack-Pending : 0
Checkpointed: 0
Total : 0
Read DB:
Total : 10
Field Description
Write DB Storage area for active RP summary data.
Send-Pending Entries are waiting to be sent.
Ack-Pending Entries have been sent, but are waiting to be acknowledged.
Checkpointed Entries have been sent and acknowledged.
Total Total number of entries in the write DB.
Total Total number of entries in the read DB.
Usage Guidelines Use the show ip rsvp high-availability summary command to display information about the HA
parameters currently configured on an RP.
The command output differs depending on whether the RP is active or standby.
Examples The following is sample output from the show ip rsvp high-availability summary command on an
active RP:
Router# show ip rsvp high-availability summary
State:
Graceful-Restart: Enabled, mode: full
HA state: Active
Checkpointing: Allowed
Messages:
Send timer: not running (Interval: 1000 msec)
Items sent per Interval: 200
CF buffer size used: 2000
Note On a standby RP, only the first three lines of the output are displayed. On an active RP, all lines are
displayed.
Field Description
State Status of graceful restart and HA.
Graceful Restart Restart capability:
• Enabled—Restart capability is activated for a router (full
mode) or its neighbor (help-neighbor).
• Disabled—Restart capability is not activated.
HA state The RP state, which is the following:
• Active—Active RP.
• Standby—Standby (backup) RP.
• Recovering—The active RP is in recovery period.
Checkpointing The function that copies state information (write database
entries) from the active RP to the standby RP. Values are the
following:
• Allowed—Functioning normally.
• Not Allowed—Checkpointing is not allowed. Reasons
may be that the RP is not present or not ready.
Messages The checkpointed messages that the active RP sends to the
standby RP during a specified interval.
Send timer The write database timer. Values are the following:
• running—Entries are in the write database in the
send-pending state and checkpointing is allowed.
• not running—Checkpointing is not allowed or the write
database is empty.
Note Entries in the write database can be in the following
states:
Field Description
Items sent per Interval The number of database entries (data that has been taken
from the write database and packed into bundle message for
transmitting to the standby RP), which the active RP sends to
the standby RP each time the write database timer activates.
CF buffer size used Amount of storage space, in bytes, used by the checkpointing
facility.
In some cases, the checkpointing field displays Not Allowed. Here is an excerpt from sample output:
Checkpointing: Not Allowed
Peer RP Present : No
RF Comm. Up : No
Flow Control On : No
CF Comm. Up : No
RF Ready to Recv: No
Note If checkpointing is allowed, the attributes displayed in the sample output do not appear. Refer to the
show ip rsvp high-availability summary command output on an active RP for more details.
Field Description
Peer RP Present : No The active RP cannot communicate with any peer RP.
Note This can happen if the standby RP is removed, or if it
is temporarily unavailable, such as during a restart.
RF Comm. Up : No The redundant facility (RF) on the active RP is unable to
communicate with the RF on the standby RP.
Flow Control On : No The active RP cannot send Internet Protocol communications
(IPC) messages (using checkpointing) to the standby RP
because flow control is off.
CF Comm. Up : No The TE CF client on the active RP is unable to communicate
with the TE CF client on the standby RP.
RF Ready to Recv : No The RF on the standby RP is not ready to receive checkpoint
messages.
The following is sample output from the show ip rsvp high-availability summary command after a
stateful switchover (SSO) has occurred.
Router# show ip rsvp high-availability summary
State:
Graceful-Restart: Enabled
HA state: active
Checkpointing: Allowed
Field Description
Advertised The advertised recovery time, in milliseconds.
Last recorded The last recorded recovery time, in milliseconds.
Usage Guidelines Use the show ip rsvp host command to display static RSVP senders and receivers. If a router has any
local host receivers or senders that have RSVP identities configured, the application IDs that they use
are also displayed.
Examples In the following example from the show ip rsvp host senders command, no RSVP identities are
configured for the local sender:
Router# show ip rsvp host senders
Table 96 show ip rsvp host senders (No RSVP Identities Configured) Field Descriptions
Field Description
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. IP protocol such as TCP or UDP.
Table 96 show ip rsvp host senders (No RSVP Identities Configured) Field Descriptions
Field Description
DPort Destination port number. Code 1 indicates IP protocol such as
TCP or UDP.
Sport Source port number. Code 1 indicates IP protocol such as TCP
or UDP.
Prev Hop IP address of the previous hop. Blank means no previous hop.
I/F Interface of the previous hop.
BPS Reservation rate, in bits per second (bps).
Mode(s) Any of the following strings:
• Host—The router is acting as the host system or RSVP
endpoint for this reservation.
• LSP-Tunnel—The reservation is for a Traffic Engineering
(TE) tunnel.
• MIB—The reservation was created via an SNMP SET
directive from a remote management station.
• CLI—The reservation was created via a local RSVP CLI
command.
• Host CLI—A combination of the host and CLI strings
meaning that the static sender being displayed was created
by the ip rsvp sender-host CLI command.
In the following example from the show ip rsvp host senders command, an RSVP identity is configured
for the local sender and more information displays:
Router# show ip rsvp host senders
Table 97 show ip rsvp host senders (RSVP Identity Configured) Field Descriptions
Field Description
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. IP protocol such as TCP or UDP.
DPort Destination port number. Code 1 indicates IP protocol such as
TCP or UDP.
Sport Source port number. Code 1 indicates IP protocol such as TCP
or UDP.
Prev Hop IP address of the previous hop. Blank means no previous hop.
Table 97 show ip rsvp host senders (RSVP Identity Configured) Field Descriptions (continued)
Field Description
I/F Interface of the previous hop.
BPS Reservation rate in bits per second (bps).
Mode(s) Any of the following strings:
• Host—The router is acting as the host system or RSVP
endpoint for this reservation.
• LSP-Tunnel—The reservation is for a Traffic Engineering
(TE) tunnel.
• MIB—The reservation was created via an SNMP SET
directive from a remote management station.
• CLI—The reservation was created via a local RSVP CLI
command.
• Host CLI—A combination of the host and CLI strings
meaning that the static sender being displayed was created
by the ip rsvp sender-host CLI command.
Identity The alias string for the RSVP application ID.
Locator The application ID that is being signaled in the RSVP PATH
message for this statically-configured sender.
ID Type Types of identities. RSVP defines two types: application IDs
(Application) and user IDs (User). Cisco IOS software
currently supports Application only.
Usage Guidelines The show ip rsvp installed command displays information about interfaces and their reservations. Enter
the optional detail keyword for additional information, including the reservation’s traffic parameters,
downstream hop, compression, and resources used by RSVP to ensure quality of service (QoS) for this
reservation.
Field Description
kbps Reserved rate in kilobits per second.
To IP address of the source device.
From IP address of the destination device.
Protocol Protocol code. Code indicates IP protocol such as TCP or User Datagram
Protocol (UDP).
DPort Destination port number.
Sport Source port number.
Weight Weight used in Weighted Fair Queueing (WFQ).
Conversation WFQ conversation number.
Note If WFQ is not configured on the interface, weight and conversation
will be zero.
The following sample output from the show ip rsvp installed detail command shows that compression
is not predicted on the serial3/0 interface because no compression context IDs are available:
Router# show ip rsvp installed detail
Note When no compression context IDs are available, use the ip rtp compression-connections number
command to increase the pool of compression context IDs.
Field Description
RSVP Reservation information for a specified interface.
BPS Reserved rate in bits per second (BPS).
To IP address of the source device.
From IP address of the destination device.
Protoc Protocol code.
• Code indicates IP protocol such as TCP or User Datagram Protocol
(UDP) for end-to-end (E2E) reservations.
• Code is 0 for aggregate reservations.
Field Description
DPort Destination port number.
• Number indicates protocol destination port for E2E reservations.
• Number indicates differentiated services code point (DSCP) for
aggregate reservations.
Sport Source port number.
• Number indicates protocol source port for E2E reservations.
• Number is 0 for aggregate reservations.
RSVP Individual E2E reservations mapped onto an aggregate. Information
includes the following:
• IP address of the aggregate source.
• IP address of the aggregate destination.
• Differentiated services code point (DSCP) value.
Field Description
RSVP Reservation information for a specified interface.
RSVP Reservation Reservation information for the serial 1/0 interface that includes the
following:
• Destination IP address.
– Deaggregator for aggregate reservations.
• Source IP address.
– Aggregator for aggregate reservations.
• Protocol used.
– 0 for aggregate reservations.
– TCP/UDP or protocol for E2E reservations.
• Destination port.
– Differentiated services code (DSCP) for aggregate reservations.
– Protocol port number for E2E reservations.
• Source port.
– 0 for aggregate reservations.
– Protocol port number for E2E reservations.
• Traffic control identifier assigned by RSVP for bookkeeping
purposes.
• Creation date.
• Flowspec information that includes bandwidth, maximum burst, peak
rate, policed unit size, and maximum packet size.
• Resource provider information.
– None for aggregate reservations.
– QoS bandwidth manager (BM) for E2E reservations.
• Type of service provided—reserved and best effort (always 0 packets
in an RSVP/DiffServ node).
• Length of time traffic is classified.
– Bitrate (always 0 on an RSVP/DiffServ node)
• Policies.
RSVP Aggregate information that includes the following:
• IP address of the aggregate source.
• IP address of the aggregate destination.
• DSCP.
Note The remaining fields describe the aggregate’s E2E reservations
with values explained in preceding fields.
Usage Guidelines Use the show ip rsvp interface command to display information about interfaces on which RSVP is
enabled, including the current allocation budget and maximum available bandwidth. Enter the optional
detail keyword for additional information, including bandwidth and signaling parameters and blockade
state.
Use the show ip rsvp interface detail command to display information about the RSVP parameters
associated with an interface. These parameters include the following:
• Total RSVP bandwidth.
• RSVP bandwidth allocated to existing flows.
• Maximum RSVP bandwidth that can be allocated to a single flow.
• The type of admission control supported (header compression methods).
• The compression methods supported by RSVP compression prediction.
• RSVP aggregation.
• The RSVP source address.
Examples This section provides sample output from typical show ip rsvp interface commands. Depending upon
the interface or platform in use and the options enabled, the output you see may vary slightly from the
ones shown below.
• RSVP Interface Information Example, page 869
• RSVP Detailed Information Example, page 870
• RSVP Compression Method Prediction Example, page 872
• RSVP Cryptographic Authentication Example, page 873
• RSVP FLR Example, page 875
• RSVP Aggregation Example, page 876
• RSVP Source Address Example, page 878
Field Description
interface Interface name.
allocated Current allocation budget.
Field Description
i/f max Maximum allocatable bandwidth.
flow max Largest single flow allocatable on this interface.
sub max Largest subpool value allowed on this interface.
PO0/0:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):200M bits/sec
Max. allowed (per flow):200M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
PO1/0:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):50M bits/sec
Max. allowed (per flow):50M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
PO1/1:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):50M bits/sec
Max. allowed (per flow):50M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
PO1/2:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):50M bits/sec
Max. allowed (per flow):50M bits/secMax. allowed for LSP tunnels using sub-pools:0
bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
PO1/3:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):50M bits/sec
Max. allowed (per flow):50M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
Lo0:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):200M bits/sec
Max. allowed (per flow):200M bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Signalling:
DSCP value used in RSVP msgs:0x3F
Number of refresh intervals to enforce blockade state:4
Number of missed refresh messages:4
Refresh interval:30
Table 102 describes the significant fields shown in the detailed display for PO interface 0/0. The fields
for the other interfaces are similar.
Table 102 show ip rsvp interface detail Field Descriptions—Detailed RSVP Information Example
Field Description
PO0/0 Interface name.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per
second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in
bits per second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed
per flow, in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for label switched path (LSP) tunnels, in bits per
second.
• Set aside by policy (total)—The amount of bandwidth set aside by the
local policy, in bits per second.
Signalling The RSVP signalling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point
(DSCP) used in RSVP messages.
• Number of refresh intervals to enforce blockade state—How long, in
milliseconds, before the blockade takes effect.
• Number of missed refresh messages—How many refresh messages
until the router state expires.
• Refresh interval—How long, in milliseconds, until a refresh message
is sent.
Et2/1:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):1158K bits/sec
Max. allowed (per flow):128K bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Admission Control:
Header Compression methods supported:
rtp (36 bytes-saved), udp (20 bytes-saved)
Neighbors:
Using IP encap:0. Using UDP encap:0
Signalling:
Refresh reduction:disabled
Authentication:disabled
Se3/0:
Bandwidth:
Curr allocated:0 bits/sec
Max. allowed (total):1158K bits/sec
Max. allowed (per flow):128K bits/sec
Max. allowed for LSP tunnels using sub-pools:0 bits/sec
Set aside by policy (total):0 bits/sec
Admission Control:
Header Compression methods supported:
rtp (36 bytes-saved), udp (20 bytes-saved)
Neighbors:
Using IP encap:1. Using UDP encap:0
Signalling:
Refresh reduction:disabled
Authentication:disabled
Table 103 describes the significant fields shown in the display for Ethernet interface 2/1. The fields for
serial interface 3/0 are similar.
Table 103 show ip rsvp interface detail Field Descriptions—RSVP Compression Method Prediction
Example
Field Description
Et2/1 Interface name and number.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per
second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in
bits per second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed
per flow, in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the
local policy, in bits per second.
Admission Control The type of admission control in effect is as follows:
• Header Compression methods supported:
– Real-Time Transport Protocol (RTP) or User Data Protocol
(UDP) compression schemes and the number of bytes saved per
packet.
Neighbors The number of neighbors using IP and UDP encapsulation.
Signalling The type of signaling in effect; Refresh reduction is either enabled (active)
or disabled (inactive).
Authentication Authentication is either enabled (active) or disabled (inactive).
Et0/0:
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools: 0 bits/sec
Set aside by policy (total):0 bits/sec
Neighbors:
Using IP encap: 0. Using UDP encap: 0
Signalling:
Refresh reduction: disabled
Authentication: enabled
Key: 11223344
Type: sha-1
Window size: 2
Challenge: enabled
Field Description
Et0/0 Interface name and number.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in bits per
second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed per flow,
in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the local
policy, in bits per second.
Neighbors The number of neighbors using IP and UDP encapsulation.
Signalling The type of signaling in effect; Refresh reduction is either enabled (active) or
disabled (inactive).
Authentication Authentication is either enabled (active) or disabled (inactive). The parameters
are as follows:
• Key—The key (string) for the RSVP authentication algorithm displayed in
clear text (for example, 11223344) or <encrypted>.
• Type—The algorithm to generate cryptographic signatures in RSVP messages;
possible values are md5 and sha-1.
• Window size—Maximum number of RSVP authenticated messages that can be
received out of order.
• Challenge—The challenge-response handshake performed with any new RSVP
neighbors that are discovered on a network; possible values are enabled (active)
or disabled (inactive).
Et1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 9K bits/sec
Max. allowed (total): 300K bits/sec
Max. allowed (per flow): 300K bits/sec
Max. allowed for LSP tunnels using sub-pools (pool 1): 0 bits/sec
Set aside by policy (total): 0 bits/sec
Traffic Control:
RSVP Data Packet Classification is ON via CEF callbacks
Signalling:
DSCP value used in RSVP msgs: 0x30
Number of refresh intervals to enforce blockade state: 4
FLR Wait Time (IPv4 flows):
Repair is delayed by 500 msec.
Authentication: disabled
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
Hello Extension:
State: Disabled
Field Description
Et1/0 Interface name and number.
RSVP Enabled means active; disabled means inactive.
Interface State Up means that the interface is configured; down means that the interface is not
configured.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in bits per
second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed per flow,
in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the local
policy, in bits per second.
Traffic Control RSVP Data Packet Classification is ON via CEF callbacks means that RSVP is
not processing every packet; therefore, excess overhead is avoided and network
performance is improved.
Table 105 show ip rsvp interface detail Field Descriptions—FLR Example (continued)
Field Description
Signalling The signaling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point (DSCP)
value used in RSVP messages.
• Number of refresh intervals to enforce blockade state—How long, in
milliseconds, before the blockade takes effect.
FLR Wait Time Repair is delayed by 500 msec represents the amount of time, in milliseconds,
(IPv4 flows) before the FLR procedure begins on the specified interface.
Authentication Authentication is either enabled (active) or disabled (inactive). The parameters
are as follows:
• Key chain—The key (string) for the RSVP authentication algorithm displayed
in clear text (for example, 11223344) or <encrypted>.
• Type—The algorithm to generate cryptographic signatures in RSVP messages;
possible values are md5 and sha-1.
• Window size—Maximum number of RSVP authenticated messages that can be
received out of order.
• Challenge—The challenge-response handshake performed with any new RSVP
neighbors that are discovered on a network; possible values are enabled (active)
or disabled (inactive).
Hello Extension Enables RSVP nodes to detect when a neighboring node is not reachable. The
state is either enabled (active) or disabled (inactive).
Se1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 300K bits/sec
Max. allowed (total): 400K bits/sec
Max. allowed (per flow): 400K bits/sec
Max. allowed for LSP tunnels using sub-pools (pool 1): 0 bits/sec
Set aside by policy (total): 0 bits/sec
Traffic Control:
RSVP Data Packet Classification is OFF
RSVP resource provider is: none
Signalling:
DSCP value used in RSVP msgs: 0x3F
Number of refresh intervals to enforce blockade state: 4
Authentication: disabled
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
FRR Extension:
Backup Path: Not Configured
BFD Extension:
State: Disabled
Interval: Not Configured
RSVP Hello Extension:
State: Disabled
RFC 3175 Aggregation: Enabled
Role: interior
Table 106 show ip rsvp interface detail Field Descriptions—RSVP Aggregation Example
Field Description
Se1/0 Interface name and number.
RSVP Enabled means active; disabled means inactive.
Interface State Up means that the interface is configured; down means that the interface is not
configured.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in bits per
second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed per flow,
in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the local
policy, in bits per second.
Traffic Control RSVP Data Packet Classification Is OFF—Disabling data packet classification
instructs RSVP not to process every packet, but to perform admission control
only.
RSVP Resource Provider is None—Setting the resource provider to none
instructs RSVP to not associate any resources, such as weighted fair queueing
(WFQ) queues or bandwidth, with a reservation.
These settings are necessary because RSVP aggregation uses RSVP Scalability
Enhancements for control plane aggregation only. Traffic control is performed by
Class-Based Weighted Fair Queuing (CBWFQ).
Signalling The signaling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point (DSCP)
value used in RSVP messages IP headers.
• Number of refresh intervals to enforce blockade state—How long, in
milliseconds, before the blockade takes effect.
Table 106 show ip rsvp interface detail Field Descriptions—RSVP Aggregation Example (continued)
Field Description
Authentication Authentication is either enabled (active) or disabled (inactive). The parameters
are as follows:
• Key chain—The key (string) for the RSVP authentication algorithm displayed
in clear text (for example, 11223344) or <encrypted>.
• Type—The algorithm to generate cryptographic signatures in RSVP messages;
possible values are md5 and sha-1.
• Window size—Maximum number of RSVP authenticated messages that can be
received out of order.
• Challenge—The challenge-response handshake performed with any new RSVP
neighbors that are discovered on a network; possible values are enabled (active)
or disabled (inactive).
FRR Extension Fast Reroute backup path is configured or not configured.
BFD Extension Bidirectional Forwarding Detection; values are the following:
• State—Enabled (active) or disabled (inactive).
• Interval—Configured with a value or Not Configured.
RSVP Hello Enables RSVP nodes to detect when a neighboring node is not reachable. The
Extension state is either enabled (active) or disabled (inactive).
RFC 3175 The state of aggregation as defined in RFC 3175, Aggregation of RSVP for IPv4
Aggregation and IPv6 Reservations; values are the following:
• Enabled—Active.
• Disabled—Inactive.
Role
• Interior—Interface is facing an aggregation region.
• Exterior—Interface is facing a classic RSVP region.
Et1/0:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 7500K bits/sec
Max. allowed (per flow): 7500K bits/sec
Max. allowed for LSP tunnels using sub-pools (pool 1): 0 bits/sec
Set aside by policy (total): 0 bits/sec
Traffic Control:
RSVP Data Packet Classification is ON via CEF callbacks
Signalling:
DSCP value used in RSVP msgs: 0x3F
Number of refresh intervals to enforce blockade state: 4
Ip address used in RSVP objects: 10.1.3.13 <----------source address for Ethernet 0/1
Authentication: disabled
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
Hello Extension:
State: Disabled
Table 107 show ip rsvp interface detail Field Descriptions—RSVP Source Address Example
Field Description
Et1/0 Interface name and number.
RSVP Enabled means active; disabled means inactive.
Interface State Up means that the interface is configured; down means that the interface is not
configured.
Bandwidth The RSVP bandwidth parameters in effect are as follows:
• Curr allocated—Amount of bandwidth currently allocated, in bits per second.
• Max. allowed (total)—Maximum amount of bandwidth allowed, in bits per
second.
• Max. allowed (per flow)—Maximum amount of bandwidth allowed per flow,
in bits per second.
• Max. allowed for LSP tunnels using sub-pools—Maximum amount of
bandwidth allowed for LSP tunnels, in bits per second.
• Set aside by policy (total)—The amount of bandwidth set aside by the local
policy, in bits per second.
Traffic Control RSVP Data Packet Classification is ON via CEF callbacks means that RSVP is
not processing every packet; therefore, excess overhead is avoided and network
performance is improved.
Signalling The signaling parameters in effect are as follows:
• DSCP value used in RSVP msgs—Differentiated services code point (DSCP)
value used in IP headers of RSVP messages.
• Number of refresh intervals to enforce blockade state—How long, in
milliseconds, before the blockade takes effect.
• Ip address used in RSVP objects—The RSVP source address for the specified
interface.
Table 107 show ip rsvp interface detail Field Descriptions—RSVP Source Address Example
(continued)
Field Description
Authentication Authentication is either enabled (active) or disabled (inactive). The parameters
are as follows:
• Key chain—The key (string) for the RSVP authentication algorithm displayed
in clear text (for example, 11223344) or <encrypted>.
• Type—The algorithm to generate cryptographic signatures in RSVP messages;
possible values are md5 and sha-1.
• Window size—Maximum number of RSVP authenticated messages that can be
received out of order.
• Challenge—The challenge-response handshake performed with any new RSVP
neighbors that are discovered on a network; possible values are enabled (active)
or disabled (inactive).
Hello Extension Enables RSVP nodes to detect when a neighboring node is not reachable. The
state is either enabled (active) or disabled (inactive).
Syntax Description interface (Optional) Name of the Interface for which you want to show the hello
configuration.
Examples The following is sample output from the show ip rsvp interface detail command:
Router# show ip rsvp interface detail GigabitEthernet 9/47
Gi9/47:
RSVP: Enabled
Interface State: Up
Bandwidth:
Curr allocated: 0 bits/sec
Max. allowed (total): 0 bits/sec
Max. allowed (per flow): 0 bits/sec
Max. allowed for LSP tunnels using sub-pools (pool 1): 0 bits/sec
Set aside by policy (total): 0 bits/sec
Signalling:
DSCP value used in RSVP msgs: 0x3F
Number of refresh intervals to enforce blockade state: 4
Authentication: disabled
Key chain: <none>
Type: md5
Window size: 1
Challenge: disabled
FRR Extension:
Backup Path: Configured (or "Not Configured")
BFD Extension:
State: Disabled
Interval: Not Configured
RSVP Hello Extension:
State: Disabled
Refresh Interval: FRR: 200 , Reroute: 2000
Missed Acks: FRR: 4 , Reroute: 4
DSCP in HELLOs: FRR: 0x30 , Reroute: 0x30
Field Description
RSVP Status of the Resource Reservation Protocol
(RSVP) protocol (Enabled or Disabled).
Interface State Status of the interface (Up or Down).
Curr allocated Amount of bandwidth (in bits per second [bps])
currently allocated.
Max. allowed (total) Total maximum amount of bandwidth (in bps)
allowed.
Max. allowed (per flow) Maximum amount of bandwidth (in bps) allowed
per flow.
Max. allowed for LSP tunnels using sub-pools Maximum amount of bandwidth permitted for
label-switched path (LSP) tunnels that obtain
their bandwidth from subpools.
DSCP value used in RSVP msgs The differentiated services code point (DSCP)
value that is in RSVP messages.
BFD Extension State State (Enabled or Disabled) of Bidirectional
Forwarding Detection (BFD) extension.
RSVP Hello Extension State State (Enabled or Disabled) of hello extension.
Missed Acks Number of sequential acknowledgments that the
node did not receive.
DSCP in HELLOs The DSCP value that is in hello messages.
show ip rsvp listeners [dst | any] [udp | tcp | any | protocol] [dst-port | any]
Syntax Description dst | any (Optional) A particular destination or any destination for an RSVP
message.
udp | tcp | any | protocol (Optional) User Datagram Protocol (UDP), TCP, or any protocol to
be used on the receiving interface and the UDP or TCP source port
number.
Note If you select protocol, the range is 0 to 255 and the protocol
is IP.
dst-port | any (Optional) A particular destination port from 0 to 65535 or any
destination for an RSVP message.
Defaults If you enter show ip rsvp listeners command without a keyword or an argument, the command displays
all the listeners that were sent and received for each interface on which RSVP is configured.
Usage Guidelines Use the show ip rsvp listeners command to display the number of listeners that were sent and received
for each interface on which RSVP is configured.
Field Description
To IP address of the receiving interface.
Protocol Protocol used.
Field Description
DPort Destination port on the receiving router.
Description Cisco IOS component that requested RSVP to do the listening; for example, RSVP
proxy and label-switched path (LSP) tunnel signaling.
Action Action taken when a flow arrives at its destination. The choices include:
• Announce—The arrival of the flow is announced.
• Reply—After the flow arrives at its destination, the sender receives a reply.
Syntax Description detail (Optional) Displays additional information about RSVP neighbors.
Usage Guidelines Use the show ip rsvp neighbor command to show the IP addresses for the current RSVP neighbors.
Enter the detail keyword to display rate-limiting and refresh-reduction parameters for the RSVP
neighbors.
10.0.0.1 RSVP
10.0.0.2 RSVP
Field Description
10.0.0.1 IP address of neighboring router.
RSVP Type of encapsulation being used.
The following command shows the rate-limiting and refresh-reduction parameters for the current RSVP
neighbors:
Router# show ip rsvp neighbor detail
Neighbor:10.0.0.1
Encapsulation:RSVP
Rate-Limiting:
Dropped messages:0
Refresh Reduction:
Remote epoch:0x1BFEA5
Out of order messages:0
Retransmitted messages:0
Highest rcvd message id:1059
Last rcvd message:00:00:04
Neighbor:10.0.0.2
Encapsulation:RSVP
Rate-Limiting:
Dropped messages:0
Refresh Reduction:
Remote epoch:0xB26B1
Out of order messages:0
Retransmitted messages:0
Highest rcvd message id:945
Last rcvd message:00:00:05
Field Description
Neighbor IP address of the neighboring router.
Encapsulation Type of encapsulation being used.
Note Unknown displays if an RSVP message has been sent to an IP address,
but no RSVP message has been received from that IP address. This is
not an error condition; it simply means that the router does not yet
know what RSVP encapsulation (IP or User Data Protocol (UDP)) is
preferred and should be used to send RSVP messages.
Rate-Limiting The rate-limiting parameters in effect are as follows:
• Dropped messages = number of messages dropped by the neighbor.
Refresh Reduction The refresh-reduction parameters in effect are as follows:
• Remote epoch = the RSVP message number space identifier (ID);
randomly generated whenever the node reboots or the RSVP process
restarts.
• Out of order messages = messages that were dropped because they are out
of sequential order.
• Retransmitted messages = number of messages retransmitted to the
neighbor.
• Highest rcvd message id = highest message ID number sent by the
neighbor.
• Last rcvd message= time delta in hours, minutes, and seconds when last
message was received by the neighbor.
Syntax Description cops | local (Optional) Displays either the configured Common Open Policy Service
(COPS) servers or the local policies.
acl (Optional) Displays the access control lists (ACLs) whose sessions are
governed by COPS servers or the local policies.
Usage Guidelines Use the show ip rsvp policy command to display current local policies, configured COPS servers,
default policies, and the preemption parameter (disabled or enabled).
Examples The following is sample output from the show ip rsvp policy command:
Router# show ip rsvp policy
Local policy:
A=Accept F=Forward
COPS:
Field Description
Local policy The local policy currently configured.
A = Accept the message.
F = Forward the message.
Blank (--) means messages of the specified type are neither
accepted or forwarded.
COPS The COPS servers currently in effect.
Generic policy settings Policy settings that are not specific to COPS or the local policy.
Default policy: Accept all means all RSVP messages are
accepted and forwarded. Reject all means all RSVP messages are
rejected.
Preemption: Disabled means that RSVP should not implement
any preemption decisions required by a particular local or remote
policy. Enabled means that RSVP should implement any
preemption decisions required by a particular local or remote
policy.
Syntax Description regular-expression (Optional) String of text that allows pattern matching on the alias strings of
the RSVP identities to be displayed.
Usage Guidelines Use the show ip rsvp policy identity command with the optional regular-expression argument to
perform pattern matching on the alias strings of the RSVP identities to be displayed. Use this filtering
capability to search for a small subset of RSVP identities in a configuration with a large number of
identities.
Omit the regular-expression argument to display all the configured identities.
Examples In the following example from the show ip rsvp policy identity command, all the configured identities
are displayed:
Router# show ip rsvp policy identity
Alias: voice1
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=1.0
Alias: voice10
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=10.0
Alias: voice100
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=100.0
Alias: voice1000
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=1000.0
Field Description
Alias Name of the alias string. The string can have as many as 64 printable characters
(in the range 0x20 to 0x7E).
The string has no maximum length and must contain printable characters (in
the range 0x20 to 0x7E).
Note If you use the “ ” or ? characters as part of the string itself, you must
type the CTRL/V key sequence before entering the embedded “ ” or ?
characters. The alias is never transmitted to other routers.
Type Types of identities. RSVP defines two types: application IDs and user IDs.
Cisco IOS software currently supports application IDs only.
Locator Information used by a router to find the correct policy to apply to RSVP
messages that contain application IDs.
In the following example from the show ip rsvp policy identity command, all the identities whose
aliases contain voice100 display:
Router# show ip rsvp policy identity voice100
Alias: voice100
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=100.0
Alias: voice1000
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=1000.0
In the following example from the show ip rsvp policy identity command, all the identities whose
aliases contain an exact match on voice100 are displayed:
Router# show ip rsvp policy identity ^voice100$
Alias: voice100
Type: Application ID
Locator: GUID=www.cisco.com,APP=voice,VER=100.0
show ip rsvp policy local [detail] [interface type number] [acl acl | dscp-ip value | default |
identity alias | origin-as as]
Syntax Description detail (Optional) Displays additional information about the configured local
policies including preempt-priority and local-override.
interface type number (Optional) Specifies an interface.
acl acl (Optional) Specifies an access control list (ACL). Values are 1 to 199.
dscp-ip value (Optional) Specifies a differentiated services code point (DSCP) for
aggregate reservations. Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af11 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
default (Optional) Displays information about the default policy.
identity alias (Optional) Specifies an application identity (ID) alias.
origin-as as (Optional) Specifies an autonomous system. Values are 1 to 65535.
Usage Guidelines Use the show ip rsvp policy local command to display information about the selected local policies that
are currently configured. You can use the default keyword and/or the interface type number keyword
and argument combination with one or more of the match criteria.
If you omit the acl acl, the origin-as as, the identity alias, or the dscp-ip value keyword and argument
combinations, all local policies currently configured appear.
If you use the ACL, the autonomous system, the application-ID, or the DSCP options as match criteria,
you can specify only one. However, that parameter can be any ACL, autonomous system, application ID,
or DSCP of any local policy that you have created. If you have multiple local policies with a common
match criteria, using that parameter displays all local policies that meet the match criteria. On the other
hand, if you have created local policies each with multiple ACLs, autonomous systems, application IDs,
or DSCPs as the match criteria, you cannot use that parameter to show only a specific policy. You must
omit the match criteria and show all the local policies.
A=Accept F=Forward
Global:
Path:AF Resv:AF PathErr:AF ResvErr:AF ACL(s):101
Path:AF Resv:AF PathErr:AF ResvErr:AF AS(es):3
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:voice
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:video
Serial2/0/0:
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:voice
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:video
Serial2/0/1:
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:conference
Path:AF Resv:AF PathErr:AF ResvErr:AF ID:iptv
Path:-- Resv:-- PathErr:-- ResvErr:-- Default
Field Description
A=Accept State of RSVP messages.
F=Forward • Accept—Messages being accepted.
• Forward—Messages being forwarded.
Global Location of the local policy. Global—Local policy configured
for the entire router.
Field Description
Path, Resv, PathErr, ResvErr, Types of RSVP messages being accepted and forwarded and the
ACL(s), AS(es), ID, Default match criteria for the local policies configured. Blank (--)
means that messages of the specified type are neither accepted
nor forwarded.
Interface Location of the local policy. Serial2/0/0—Local policy
configured for a specific interface on the router.
Path, Resv, PathErr, ResvErr, Types of RSVP messages being accepted and forwarded and the
ACL(s), AS(es), ID types of local policies configured. Blank (--) means that
messages of the specified type are neither accepted nor
forwarded.
Generic policy settings Policy settings that are not specific to any local or remote
policy.
• Default policy: Accept all means that all RSVP messages
are accepted and forwarded. Reject all means that all RSVP
messages are rejected.
• Preemption: Disabled means that RSVP should not
implement any preemption decisions required by a
particular local or remote policy. Enabled means that RSVP
should implement any preemption decisions required by a
particular local or remote policy.
A=Accept F=Forward
Global:
Path:AF Resv:AF PathErr:AF ResvErr:AF DSCP(s): ef
Global:
Policy for ID: voice
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes
Current Limit
Senders: 0 40
Receivers: 0 N/A
Conversations: 0 N/A
Group bandwidth (bps): 0 200K
Per-flow b/w (bps): N/A 10M
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes
Current Limit
Senders: 2 10
Receivers: 2 10
Conversations: 2 10
Group bandwidth (bps): 100K 200K
Per-flow b/w (bps): N/A 10M
Ethernet2/1:
Policy for ID: voice
Accept Forward
Path: Yes Yes
Resv: Yes Yes
PathError: Yes Yes
ResvError: Yes Yes
Current Limit
Senders: 2 10
Receivers: 2 10
Conversations: 2 10
Group bandwidth (bps): 100K 200K
Per-flow b/w (bps): N/A 10M
Field Description
Global Location of the local policy. Global—Local policy configured
for the entire router.
Policy for ID A global local policy defined for an application ID alias named
voice.
Preemption Scope Describes which classes of RSVP quality of service (QoS)
reservations can be preempted by other classes of RSVP QoS
reservations on the same interface.
Unrestricted means that a reservation using an application ID
such as voice can preempt any other class of reservation on the
same interface as that reservation, even other nonvoice
reservations.
Local Override Overrides any remote policy by enforcing the local policy in
effect.
• Disabled—Not active.
• Enabled—Active.
Fast ReRoute State of Fast ReRoute for Multiprotocol Label Switching
(MPLS)/Traffic Engineering (TE) label switched paths (LSPs).
• Accept—Messages being accepted.
• Do not accept—Messages requesting Fast Reroute service
are not being accepted.
Handle Internal database ID assigned to the security association by RSVP
for bookkeeping purposes.
Accept, Forward State of RSVP messages.
Path, Resv, PathError, ResvError Types of RSVP messages being accepted and forwarded.
• Yes—Messages are being accepted and forwarded.
• No—Messages are not being accepted or forwarded.
Setup Priority, Hold Priority Preemption priorities. Setup Priority indicates the priority of a
reservation when it is initially installed. Hold Priority indicates
the priority of a reservation after it has been installed.
N/A means preemption priorities are not configured.
Table 115 show ip rsvp policy local detail Field Descriptions (continued)
Field Description
TE The preemption priority of TE reservations. Values for Setup
Priority and Hold Priority range from 0 to 7 where 0 is
considered the highest priority.
Non-TE The preemption priority of non-TE reservations. Values for
Setup Priority and Hold Priority range from 0 to 65535 where
65535 is considered the highest priority.
Current, Limit The present number and the highest number of these parameters
allowed.
Senders The number of current PATH states accepted and/or approved
by this policy.
Receivers The number of current RESV states accepted by this policy.
Conversations The number of active bandwidth requests approved by the local
policy.
Group bandwidth (bps) Amount of bandwidth configured for a class of reservations in
bits per second (bps).
Per-flow b/w (bps) Amount of bandwidth configured for each reservation in bits
per second (bps).
Ethernet2/1 Local policy configured for a specific interface on the router.
Generic policy settings Policy settings that are not specific to the local policy.
• Default policy: Accept all means that all RSVP messages
are accepted and forwarded. Reject all means that all RSVP
messages are rejected.
• Preemption: Disabled means that RSVP should not
implement any preemption decisions required by a
particular local or remote policy. Enabled means that RSVP
should implement any preemption decisions required by a
particular local or remote policy.
w ip rsvp request
To display Resource Reservation Protocol (RSVP)-related request information currently in the database,
use the show ip rsvp request command in user EXEC or privileged EXEC mode.
show ip rsvp request [detail] [filter [destination ip-address | hostname] [dst-port port-number]
[source ip-address | hostname] [src-port port-number]]
Usage Guidelines Use the show ip rsvp request command to display the RSVP reservations currently being requested
upstream for a specified interface or all interfaces. The received reservations may differ from requests
because of aggregated or refused reservations. If desired, information for only a single tunnel or a subset
of tunnels can be displayed.
Field Description
To IP address of the end-to-end (E2E) receiver or deaggregator.
From IP address of the E2E sender or aggregator.
Pro Protocol code.
• TCP indicates Transmission Control Protocol.
• Code 0 indicates an aggregate reservation.
DPort Destination port number.
• DSCP for aggregate reservations.
Sport Source port number.
• 0 for aggregate reservations.
Next Hop IP address of the next hop.
• Aggregator for E2E reservations mapped onto aggregates.
• Next hop RSVP node for aggregate or E2E reservations onto an
interface.
I/F Interface of the next hop.
Fi Filter (Wildcard Filter, Shared Explicit, or Fixed Filter).
Serv Service (value can be rate or load).
BPS The rate, in bits per second, in the RSVP reservation request for a
reservation.
Note In the example, the top one is the E2E reservation signaled at 80 bps
and the corresponding aggregate request at 300 bps.
Field Description
RSVP Reservation Destination—Receiver’s IP address of the E2E RESV message.
Source—Sender’s IP address of the E2E RESV message.
Protocol Protocol—IP protocol used; TCP—Transmission Control Protocol.
• 0 for aggregate reservations.
Destination port Receiver’s port number.
• DSCP for aggregate reservations.
Source port Sender’s port number.
• 0 for aggregate reservations.
Previous Hop IP address of the previous hop on the specified interface.
Note This is the aggregator’s IP address in the case of an E2E reservation
mapped onto an aggregate as seen at the deaggregator.
Reservation Style Multi-reservations sharing of bandwidth; values include Fixed-Filter,
Shared-Explicit, and Wildcard-Filter.
QoS Service Type of quality of service (QoS) configured; values include
Guaranteed-Rate and Controlled-Load.
Average Bitrate Average rate requested, in bits per second, for the data.
Maximum Burst Largest amount of data allowed in kilobytes.
Field Description
Request ID handle Internal database ID assigned to the request by RSVP for bookkeeping
purposes.
Policy Policy status: Forwarding—RSVP RESV messages are being accepted and
forwarded.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Priorities RSVP preemption and hold priorities of the reservation; default is 0.
PSB Handle List Path state block (PSB) internal database identifier assigned by RSVP for
bookkeeping purposes.
RSB Handle List Reservation state block (RSB) internal database identifier assigned by
RSVP for bookkeeping purposes.
3175 Aggregation RSVP aggregation as defined in RFC 3175, Aggregation of RSVP for IPv4
and IPv6 Reservations.
Note This E2E reservation is mapped onto an RSVP aggregate reservation
with an aggregator (source) IP address of 192.168.40.1, a
destination (deaggregator) IP address of 192.168.50.1, and a DSCP
value of expedited forwarding (EF).
MP Example
The following is sample output from the show ip rsvp request detail command when the command is
entered on the midpoint (MP) before and after a failure.
Figure 5 illustrates the network topology for the RSVP configuration example.
Tunnel 2
Next-next hop
(NNHOP)
backup tunnel
Notice that after the failure, there are two entries for the rerouted LSP.
The first entry continues to show the prefailure information (that is, RESV messages are being sent to
10.1.1.5 on POS0/1). This state is for the RESV being sent upstream before the failure, in response to
path messages sent before the failure. This state may time out quickly, or it may continue to be refreshed
for a few minutes if, for example, an upstream node is unaware of the failure.
The second entry shows the post-failure information (that is, RESV messages are being sent to 10.0.0.0
on POS0/1). This state is for the RESV messages being sent upstream after the failure (to the point of
local repair [PLR]), and will remain and be refreshed as long as the LSP is rerouted.
In example 2, the MP is also the tail of the LSP. There is no record route object (RRO) information
because there are no nodes downstream.
Release Modification
12.2(31)SB2 This command was integrated into Cisco IOS Release 12.2(31)SB2.
12.2(33)SRC The command output was modified to display tunnel-based admission
control (TBAC) and RSVP aggregation information.
Usage Guidelines Use the show ip rsvp reservation command to display the current receiver (RESV) information in the
database for a specified interface or all interfaces. This information includes reservations aggregated and
forwarded from other RSVP routers.
Field Descriptions
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. UDP = User Data Protocol.
DPort Destination port number.
Sport Source port number.
Next Hop IP address of the next hop.
I/F Interface of the next hop.
Fi Filter (Wildcard Filter, Shared-Explicit, or Fixed-Filter).
Serv Service (value can be RATE or LOAD).
Application ID Example
The following is sample output from the show ip rsvp reservation detail command with application ID
information:
Router# show ip rsvp reservation detail
Field Descriptions
RSVP Reservation Destination—Receiver’s IP address of the RESV message.
Source—Sender’s IP address of the RESV message.
Protocol Protocol—IP protocol used; UDP—User Data Protocol.
Destination port Receiver’s port number.
Source port Sender’s port number.
Next Hop IP address of the next hop.
Interface Interface type of the next hop.
Reservation Style Multireservations sharing of bandwidth; values include Fixed-Filter,
Shared-Explicit, and Wildcard-Filter.
QoS Service Type of qulaity of service (QoS) configured; values include
Guaranteed-Rate and Controlled Load.
Resv ID handle Internal database ID assigned to the RESV message by RSVP for bookkeeping
purposes.
Created Time and date when the reservation was created.
Average Bitrate Average rate, in bits per second, for the data.
Maximum Burst Largest amount of data allowed in kilobytes.
Min Policed Unit Size of the smallest packet generated by the application in bytes, including
the application data and all protocol headers at or above the IP level.
Max Pkt Size Largest packet allowed in bytes.
Status Status of the local policy; values are Proxied and Proxy-terminated.
Note A blank status field means you issued the command on a midpoint
for that reservation.
Policy Policy status: Forwarding—RSVP RESV messages are being accepted and
forwarded.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Field Descriptions
Priorities Preemption priorities in effect.
• preempt: the startup priority; values are 0 to 7 for traffic engineering
(TE) reservations with 0 being the highest. Values are 0 to 65535 for
non-TE reservations with 0 being the lowest.
• defend: the hold priority; values are the same as preempt.
Application ID A quotable string that identifies the sender application and can be used to
match on local policies. The string includes the policy locator in the X.500
Distinguished Name format and the application or filename of the sender
application.
TBAC Example
The following is sample output from the show ip rsvp reservation detail command when TBAC is
configured:
Router# show ip rsvp reservation detail
Field Descriptions
RSVP Reservation Destination—Receiver’s IP address of the RESV message.
Source—Sender’s IP address of the RESV message.
Protocol Protocol—IP protocol used; UDP—User Data Protocol.
Destination port Receiver’s port number.
Source port Sender’s port number.
Next Hop IP address of the next hop on tunnel interface with out-of-band signaling.
Reservation Style Multireservations sharing of bandwidth; values include Fixed-Filter,
Shared-Explicit, and Wildcard-Filter.
QoS Service Type of QoS configured; values include Guaranteed-Rate and Controlled
Load.
Resv ID handle Internal database ID assigned to the RESV message by RSVP for bookkeeping
purposes.
Created Time and date when the reservation was created.
Average Bitrate Average rate, in bits per second, for the data.
Field Descriptions
Maximum Burst Largest amount of data allowed in kilobytes.
Min Policed Unit Size of the smallest packet generated by the application in bytes, including
the application data and all protocol headers at or above the IP level.
Max Pkt Size Largest packet allowed in bytes.
Status Status of the local policy; values are Proxied and Proxy-terminated.
Note A blank status field means you issued the command on a midpoint
for that reservation.
Policy Policy status: Forwarding—RSVP RESV messages are being accepted and
forwarded.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Field Descriptions
RSVP Reservation Destination—Receiver’s IP address of the RESV message.
• Deaggregator for aggregate reservations.
Source—Sender’s IP address of the RESV message.
• Aggregator for aggregate reservations.
Protocol Protocol—IP protocol used; TCP—Transmission Control Protocol.
• 0 for aggregate reservations.
Destination port Receiver’s port number.
• DSCP for aggregate reservations.
Source port Sender’s port number.
• 0 for aggregate reservations.
Next Hop IP address of the next hop on a specified interface.
• Deaggregator IP address for E2E reservations mapped onto an
aggregate as seen at the aggregator.
• None for aggregate reservations as seen at the deaggregator.
Reservation Style Multireservations sharing of bandwidth; values include Fixed-Filter,
Shared-Explicit, and Wildcard-Filter.
QoS Service Type of QoS Service configured; values include Guaranteed-Rate and
Controlled Load.
Resv ID handle Internal database ID assigned to the RESV message by RSVP for bookkeeping
purposes.
Created Time and date when the reservation was created.
Average Bitrate Average rate requested, in bits per second, for the data.
Maximum Burst Largest amount of data allowed in kilobytes.
Min Policed Unit Size of the smallest packet generated by the application in bytes, including
the application data and all protocol headers at or above the IP level.
• Always 0 or 20 on a node configured for RSVP aggregation.
Max Pkt Size Largest packet allowed in bytes.
• Always 0 on a node configured for RSVP aggregation.
Status Status of the local policy; policy source and preemption values.
Note A blank status field means you issued the command on a midpoint
for that reservation.
Table 121 show ip rsvp reservation detail—RSVP Aggregation Field Descriptions (continued)
Field Descriptions
Policy source(s) Type of local policy in effect; values include default, local, and
Multiprotocol Label Switching (MPLS)/Traffic Engineering (TE).
3175 Aggregation: Aggregated reservation on which this E2E reservation is mapped with
agg_info source (aggregator) and destination (deaggregator) endpoints, IP addresses,
and aggregate reservation DSCP.
PLR Examples
The following is sample output from the show ip rsvp reservation detail command when the command
is entered on the PLR before and after a failure.
Figure 6 illustrates the network topology for the RSVP configuration example.
Tunnel 2
NNHOP
backup tunnel
59568
= Primary tunnel before failure
= Section of primary tunnel after failure
Syntax Description detail (Optional) Detailed SBM configuration information, including values for
the NonResvSendLimit object.
interface-type (Optional) Interface name and interface type for which you want to display
interface-number SBM configuration information.
Usage Guidelines To obtain SBM configuration information about a specific interface configured to use RSVP, specify the
interface name with the show ip rsvp sbm command. To obtain information about all interfaces enabled
for RSVP on the router, use the show ip rsvp sbm command without specifying an interface name.
To view the values for the NonResvSendLimit object, use the detail keyword.
Examples The following example displays information for the RSVP-enabled Ethernet interfaces 1 and 2 on
router1:
Router# show ip rsvp sbm
The following example displays information about the RSVP-enabled Ethernet interface e2 on router1:
Router# show ip rsvp sbm e2
Field Description
Interface Name of the Designated Subnetwork Bandwidth Manager (DSBM)
candidate interface on the router.
DSBM Addr IP address of the DSBM.
DSBM Priority Priority of the DSBM.
DSBM Candidate Yes if the ip rsvp dsbm candidate command was issued for this
SBM to configure it as a DSBM candidate. No if it was not so
configured.
My Priority Priority configured for this interface.
The following example displays information about the RSVP-enabled Ethernet interface 2 on router1.
In the left column, the local SBM configuration is shown; in the right column, the corresponding
information for the current DSBM is shown. In this example, the information is the same because the
DSBM won election.
Router# show ip rsvp sbm detail
Interface:Ethernet2
Local Configuration Current DSBM
IP Address:10.2.2.150 IP Address:10.2.2.150
DSBM candidate:yes I Am DSBM:yes
Priority:100 Priority:100
Non Resv Send Limit Non Resv Send Limit
Rate:500 Kbytes/sec Rate:500 Kbytes/sec
Burst:1000 Kbytes Burst:1000 Kbytes
Peak:500 Kbytes/sec Peak:500 Kbytes/sec
Min Unit:unlimited Min Unit:unlimited
Max Unit:unlimited Max Unit:unlimited
Field Description
Local Configuration The local DSBM candidate configuration.
Current DSBM The current DSBM configuration.
Interface Name of the DSBM candidate interface on the router.
IP Address IP address of the local DSBM candidate or the current DSBM.
DSBM candidate Yes if the ip rsvp dsbm candidate command was issued for this
SBM to configure it as a DSBM candidate. No if it was not so
configured.
I am DSBM Yes if the local candidate is the DSBM. No if the local candidate is
not the DSBM.
Priority Priority configured for the local DSBM candidate or the current
SBM.
Rate The average rate, in kbps, for the DSBM candidate.
Field Description
Burst The maximum burst size, in KB, for the DSBM candidate.
Peak The peak rate, in kbps, for the DSBM candidate.
Min Unit The minimum policed unit, in bytes, for the DSBM candidate.
Max Unit The maximum packet size, in bytes, for the DSBM candidate.
Usage Guidelines Use the show ip rsvp sender command to display the RSVP sender (PATH) information currently in the
database for a specified interface or for all interfaces.
The show ip rsvp sender command is very useful for determining the state of RSVP signaling both
before and after a label-switched packet (LSP) has been fast rerouted. The show ip rsvp sender
command is especially useful when used at the point of local repair (PLR) or at the merge point (MP).
Field Description
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code.
• Code 1 indicates an IP protocol such as TCP or UDP.
• Code 0 indicates an aggregate reservation.
DPort Destination port number.
• The DSCP for an aggregate reservation.
Sport Source port number.
• 0 for an aggregate reservation.
Prev Hop IP address of the previous hop.
• None if the node is an aggregator for this reservation.
Field Description
I/F Interface of the previous hop.
• None if the node is an aggregator for this reservation.
BPS As specified in the sender_tspec characteristics of the sender data
flow—specified bit rate, in bits per second.
• Always 17179868160 for an aggregate reservation.
Application ID Example
The following is sample output from the show ip rsvp sender detail command with application IDs
configured:
Router# show ip rsvp sender detail
Field Descriptions
PATH Session address Destination IP address of the PATH message.
• port—Number of the destination port.
• Protocol—IP protocol used.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Inbound from IP address of the sender and the interface name.
Note A blank interface field means that the PATH message originated at
the router on which the show command is being executed (the
headend router). A specified interface means that the PATH message
originated at an upstream router.
Field Descriptions
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Priorities Preemption priorities in effect:
• preempt—The startup priority; values are 0 to 7 for traffic engineering
(TE) reservations with 0 being the highest. Values are 0 to 65535 for
non-TE reservations with 0 being the lowest.
• defend—The hold priority; values are the same as for preempt.
Application ID A quotable string that identifies the sender application and can be used to
match on local policies. The string includes the policy locator in the X.500
Distinguished Name format and the application or filename of the sender
application.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Output on interface Policy status (on the outbound interface):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
bookkeeping purposes.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
PATH:
Field Descriptions
PATH PATH message information:
• Destination IP address.
• Protocol ID number.
• Policing.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Table 126 show ip rsvp sender detail Field Descriptions—Before FLR (continued)
Field Descriptions
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Output on interface Policy status (on the outbound interface):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
bookkeeping purposes.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Path FLR Never repaired—Indicates that the node has never been a point of local
repair (PLR) and, therefore, has never repaired the PSB.
Note A node that initiates an FLR procedure is the point of local repair or PLR.
The following is sample output from the show ip rsvp sender detail command at the PLR during an
FLR procedure:
Router# show ip rsvp sender detail
PATH:
Destination 192.168.101.21, Protocol_Id 17, Don't Police , DstPort 1
Sender address: 10.10.10.10, port: 1
Path refreshes:
arriving: from PHOP 172.16.31.34 on Et0/0 every 30000 msecs
Traffic params - Rate: 9K bits/sec, Max. burst: 9K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 2147483647 bytes
Path ID handle: 01000401.
Incoming policy: Accepted. Policy source(s): Default
Status:
Path FLR: PSB is currently being repaired...try later
PLR - Old Segments: 1
Output on Ethernet1/0, nhop 172.16.36.34
Time before expiry: 2 refreshes
Policy status: Forwarding. Handle: 02000400
Policy source(s): Default
Table 127 show ip rsvp sender detail Field Descriptions—at the PLR During FLR
Field Descriptions
PATH PATH message information including the following:
• Destination IP address.
• Protocol ID number.
• Policing.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Table 127 show ip rsvp sender detail Field Descriptions—at the PLR During FLR (continued)
Field Descriptions
Path FLR PSB is currently being repaired. FLR is in process.
PLR - Old Segments The number of old segments or interfaces after the PLR initiated the FLR
procedure. For each old segment, the following information displays:
• Output on interface—Outbound interface after the FLR and the
next-hop IP address.
• Time before expiry—Number of PATH messages sent on a new segment
before the old route (segment) expires.
• Policy status (on the outbound interface):
– Forwarding—Inbound PATH messages are being forwarded.
– Not Forwarding—Outbound PATH messages are being rejected.
– Handle—Internal database ID assigned to the PATH message by
RSVP for bookkeeping purposes.
Policy source(s)—Type of local policy in effect; values include Default,
Local, and MPLS/TE.
Note The node where the old and new paths (also called segments or interfaces) meet is the merge point (MP).
The following is sample output from the show ip rsvp sender detail command at the MP during an FLR
procedure:
Router# show ip rsvp sender detail
PATH:
Destination 192.168.101.21, Protocol_Id 17, Don't Police , DstPort 1
Sender address: 10.10.10.10, port: 1
Path refreshes:
arriving: from PHOP 172.16.37.35 on Et1/0 every 30000 msecs
Traffic params - Rate: 9K bits/sec, Max. burst: 9K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 2147483647 bytes
Path ID handle: 09000406.
Incoming policy: Accepted. Policy source(s): Default
Status: Proxy-terminated
Path FLR: Never repaired
MP - Old Segments: 1
Input on Serial2/0, phop 172.16.36.35
Time before expiry: 9 refreshes
Table 128 show ip rsvp sender detail Field Descriptions—at the MP During FLR
Field Descriptions
PATH PATH message information:
• Destination IP address.
• Protocol ID number.
• Policing.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Table 128 show ip rsvp sender detail Field Descriptions—at the MP During FLR (continued)
Field Descriptions
Path FLR Never repaired—Indicates that the node has never been a PLR and,
therefore, has never repaired the PSB.
MP - Old Segments The number of old segments or interfaces on the MP before the PLR
initiated the FLR procedure. For each old segment, the following
information displays:
• Input on interface—Inbound interface and the previous-hop IP address.
• Time before expiry—Number of PATH messages to be received on other
segments before this segment expires.
PATH:
Destination 192.168.101.21, Protocol_Id 17, Don't Police , DstPort 1
Sender address: 10.10.10.10, port: 1
Path refreshes:
arriving: from PHOP 172.16.31.34 on Et0/0 every 30000 msecs
Traffic params - Rate: 9K bits/sec, Max. burst: 9K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 2147483647 bytes
Path ID handle: 05000401.
Incoming policy: Accepted. Policy source(s): Default
Status:
Output on Serial3/0. Policy status: Forwarding. Handle: 3B000406
Policy source(s): Default
Path FLR: Started 12:56:16 EST Thu Nov 16 2006, PSB repaired 532(ms) after.
Resv/Perr: Received 992(ms) after.
Table 129 show ip rsvp sender detail Field Descriptions—at the PLR After FLR
Field Descriptions
PATH PATH message information including the following:
• Destination IP address.
• Protocol ID number.
• Policing.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information including the following:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Table 129 show ip rsvp sender detail Field Descriptions—at the PLR After FLR (continued)
Field Descriptions
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
Path ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Output on interface Policy status (on the outbound interface):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
bookkeeping purposes.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Path FLR FLR statistics that show when RSVP received the notification from RIB and
how long thereafter the PATH message was sent. This delay can result when
the interface on which the PATH message was sent had a wait time
configured or when other PSBs were processed before this one or a
combination of both. The statistics also show when an associated RESV or
PATHERROR message was received.
Note This delay tells you the time when QoS was not honored for the
specified flow.
TBAC Example
The following is sample output from the show ip rsvp sender detail command when TBAC is
configured:
Router# show ip rsvp sender detail
PATH:
Field Descriptions
PATH PATH message information:
• Destination IP address.
• Protocol ID number.
• Policing.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Note A blank field means no refreshes have occurred.
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
• Max. burst—Largest amount of data allowed, in kilobytes.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Table 130 show ip rsvp sender detail Field Descriptions—with TBAC (continued)
Field Descriptions
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Output on tunnel Policy status (on the outbound tunnel with out-of-band signaling):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
bookkeeping purposes.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Path FLR Never repaired—Indicates that the node has never been a point of local
repair (PLR) and, therefore, has never repaired the PSB.
PATH:
Destination 10.10.10.21, Protocol_Id 17, Don't Police , DstPort 1
Sender address: 10.10.10.11, port: 1
Path refreshes:
arriving: from PHOP 10.10.10.34 on Et1/0 every 30000 msecs
Traffic params - Rate: 10K bits/sec, Max. burst: 10K bytes
Min Policed Unit: 0 bytes, Max Pkt Size 2147483647 bytes
Path ID handle: 0F000406.
Incoming policy: Accepted. Policy source(s): Default
Status:
3175 Aggregation: agg_info : AggResv 10.10.10.34->10.10.10.2_46
Output on Serial2/0. Policy status: Forwarding. Handle: 09000405
Policy source(s): Default
Path FLR: Never repaired
PATH:
Deaggregator 10.10.10.2, DSCP 46, Don't Police
Aggregator address: 10.10.10.34
Path refreshes:
arriving: from PHOP 192.168.34.36 on Et1/0 every 30000 msecs
Traffic params - Rate: 17179868160 bits/sec, Max. burst: 536870784 bytes
Min Policed Unit: 1 bytes, Max Pkt Size 2147483647 bytes
Path ID handle: 1500040A.
Incoming policy: Accepted. Policy source(s): Default
Status: Proxy-terminated
Path FLR: Never repaired
Table 131 show ip rsvp sender detail Field Descriptions—with RSVP Aggregation
Field Descriptions
PATH PATH message information for E2e reservations:
• Destination IP address.
• Protocol ID number.
• Policing.
– Always Don’t Police.
• Destination port number.
Sender address Source IP address of the PATH message.
• port—Number of the source port.
Path refreshes Refresh information:
• IP address of the source (previous hop [PHOP]).
• Interface name and number.
• Frequency, in milliseconds (msec).
Note A blank field means no refreshes have occurred.
Traffic params Traffic parameters in effect:
• Rate—Speed, in kilobits per second.
– Always MAX rate possible for aggregate reservations.
• Max. burst—Largest amount of data allowed, in kilobytes.
– Always MAX burst possible for aggregate reservations.
• Min Policed Unit—Size, in bytes, of the smallest packet generated by
the application, including the application data and all protocol headers
at or above the IP level.
• Max Pkt Size—Largest packet allowed, in bytes.
PATH ID handle Internal database ID assigned to the PATH message by RSVP for bookkeeping
purposes.
Incoming policy State of the incoming policy:
• Accepted—RSVP PATH messages are being accepted, but not
forwarded.
• Not Accepted—RSVP PATH messages are being rejected.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Status Status of the local policy:
• Proxied—Head.
• Proxy-terminated—Tail.
• Blockaded—Tail or midpoint and an RESVERROR message has
recently been received; therefore, the PSB enters the blockaded state.
Note A blank field means none of the above.
Table 131 show ip rsvp sender detail Field Descriptions—with RSVP Aggregation (continued)
Field Descriptions
3175 Aggregation: IP address of the aggregated reservation on which this E2E reservation is
agg_info mapped with specified source (aggregator) and destination (deaggregator)
endpoints and DSCP.
Output on interface Policy status (on the outbound interface):
• Forwarding—Inbound PATH messages are being forwarded.
• Not Forwarding—Outbound PATH messages are being rejected.
• Handle—Internal database ID assigned to the PATH message by RSVP for
bookkeeping purposes.
Policy source(s) Type of local policy in effect; values include Default, Local, and MPLS/TE.
Path FLR Never repaired—Indicates that the node has never been a point of local
repair (PLR) and, therefore, has never repaired the PSB.
PATH PATH message information for aggregate reservations:
• Deaggregator IP address.
• Differentiated Services Code Point (DSCP) value.
• Policing.
– Always Don’t Police.
• Aggregator IP address.
Note Remaining parameters are defined in the preceding fields.
Tunnel 2
NNHOP
backup tunnel
59568
= Primary tunnel before failure
= Section of primary tunnel after failure
PATH:
Tun Dest: 10.2.2.1 Tun ID: 1 Ext Tun ID: 10.2.2.0
Tun Sender: 10.2.2.0, LSP ID: 126
Path refreshes arriving on POS1/0 from PHOP 10.1.1.1
Path refreshes being sent to NHOP 10.1.1.4 on POS1/1
Session Attr::
Setup Prio: 0, Holding Prio: 0
Flags: Local Prot desired, Label Recording, SE Style
Session Name:tagsw4500-23_t1
ERO:
10.1.1.4 (Strict IPv4 Prefix, 8 bytes, /32)
10.1.1.5 (Strict IPv4 Prefix, 8 bytes, /32)
10.1.1.6 (Strict IPv4 Prefix, 8 bytes, /32)
10.2.2.1 (Strict IPv4 Prefix, 8 bytes, /32)
Traffic params - Rate: 0G bits/sec, Max. burst: 1K bytes
Fast-Reroute Backup info:
Inbound FRR: Not active
Outbound FRR: Ready -- backup tunnel selected
Backup Tunnel: Tu2 (label 0)
Bkup Sender Template:
Tun Sender: 10.0.0.0, LSP ID: 126
Bkup FilerSpec:
Tun Sender: 10.0.0.0, LSP ID 126
Note The Flags field is important for Fast Reroute. For information about flags that must be set, see the Flags
field description in Table 132.
Table 132 show ip rsvp sender detail Field Descriptions—on PLR Before Failure
Field Description
The first five fields provide information that uniquely identifies the LSP.
The first three fields identify the LSP’s session (that is, the contents of the SESSION object in
arriving PATH messages).
Tun Dest IP address of the destination of the tunnel.
Tun ID Tunnel identification number.
Ext Tun ID Extended tunnel identification number.
The next two fields identify the LSP’s sender (SENDER_TEMPLATE object of arriving PATH
messages).
Tun Sender Tunnel sender.
LSP ID LSP identification number.
The remaining fields indented under PATH provide additional information about this LSP.
Session Attr—Session attributes. Refers to information included in the SESSION_ATTRIBUTE
object of arriving PATH messages, such as the Setup and Holding Priorities, Flags, and the Session
Name.
Setup Prio Setup priority.
Holding Prio Holding priority.
Flags An LSP must have the “Local protection desired” flag of the
SESSION_ATTRIBUTE object set for the LSP to use a backup
tunnel (that is, in order to receive local protection). If this flag
is not set, you have not enabled Fast Reroute for this tunnel at
its headend (by entering the tunnel mpls traffic-eng
fast-reroute command). Next-next hop (NNHOP) backup
tunnels rely on label recording, so LSPs should have the “label
recording desired” flag set too. This flag is set if the tunnel was
configured for Fast Reroute.
ERO—Refers to the EXPLICIT_ROUTE Object (ERO) of the PATH messages. This field displays the
contents of the ERO at this node. As a PATH message travels from the sender (headend) to the receiver
(tailend), each node removes its own IP address from the ERO. The displayed value reflects the
remainder of hops between this node and the tail.
Fast-Reroute Backup info—Information that is relevant to Fast Reroute for this LSP.
Inbound FRR If this node is downstream from a rerouted LSP (for example,
at a merge point for this LSP), the state is Active.
Table 132 show ip rsvp sender detail Field Descriptions—on PLR Before Failure (continued)
Field Description
Outbound FRR If this node is a PLR for an LSP, there are three possible states:
• Active—This LSP is actively using its backup tunnel,
presumably because there has been a downstream failure.
• No Backup—This LSP does not have local (Fast Reroute)
protection. No backup tunnel has been selected for it to use
in case of a failure.
• Ready—This LSP is ready to use a backup tunnel in case
of a downstream link or node failure. A backup tunnel has
been selected for it to use.
Backup Tunnel If the Outbound FRR state is Ready or Active, this field
indicates the following:
• Which backup tunnel has been selected for this LSP to use
in case of a failure.
• The inbound label that will be prepended to the LSP’s data
packets for acceptance at the backup tunnel tail (the merge
point).
Bkup Sender Template If the Outbound FRR state is Ready or Active,
SENDER_TEMPLATE and FILTERSPEC objects are shown.
These objects will be used in RSVP messages sent by the
backup tunnel if the LSP starts actively using the backup
tunnel. They differ from the original (prefailure) objects only in
that the node (the PLR) substitutes its own IP address for that
of the original sender. For example, PATH and PATHTEAR
messages will contain the new SENDER_TEMPLATE. RESV
and RESVTEAR messages will contain the new FILTERSPEC
object. If this LSP begins actively using the backup tunnel, the
display changes.
Bkup FilerSpec If the Outbound FRR state is Ready or Active,
SENDER_TEMPLATE and FILTERSPEC objects are shown.
These objects will be used in RSVP messages sent by the
backup tunnel if the LSP starts actively using the backup
tunnel. They differ from the original (prefailure) objects only in
that the node (the PLR) substitutes its own IP address for that
of the original sender. For example, PATH and PATHTEAR
messages will contain the new SENDER_TEMPLATE. RESV
and RESVTEAR messages will contain the new FILTERSPEC
object. If this LSP begins actively using the backup tunnel, the
display changes as shown in Example 2.
PATH:
Tun Dest: 10.2.2.1 Tun ID: 1 Ext Tun ID: 10.2.2.0
Once an LSP is actively using a backup tunnel, the following changes occur:
• PATH refreshes are no longer sent to the original NHOP out the original interface. They are sent
through the backup tunnel to the node that is the tail of the backup tunnel (NHOP or NNHOP).
• The ERO is modified so that it will be acceptable upon arrival at the NHOP or NNHOP.
• The display shows both the original ERO and the new one that is now being used.
• The display shows the original output interface (that is, the interface from which PATH messages
were sent for this LSP before the failure).
PATH:
Tun Dest: 10.2.2.1 Tun ID: 1 Ext Tun ID: 10.2.2.0
Tun Sender: 10.2.2.0, LSP ID: 126
Path refreshes arriving on POS0/0 from PHOP 10.1.1.5
Session Attr::
Setup Prio: 0, Holding Prio: 0
Flags: Local Prot desired, Label Recording, SE Style
Session Name:tagsw4500-23_t1
Traffic params - Rate: 0G bits/sec, Max. burst: 1K bytes
Fast-Reroute Backup info:
Inbound FRR: Not active
Outbound FRR: No backup tunnel selected
• The original PHOP and the original input interface are displayed as shown below.
The following is sample output after a failure:
Router# show ip rsvp sender detail
PATH:
Tun Dest: 10.2.2.1 Tun ID: 1 Ext Tun ID: 10.2.2.0
Tun Sender: 10.2.2.0, LSP ID: 126
Path refreshes arriving on POS0/1 from PHOP 10.0.0.0 on Loopback0
Session Attr::
Setup Prio: 0, Holding Prio: 0
Flags: Local Prot desired, Label Recording, SE Style
Session Name:tagsw4500-23_t1
Traffic params - Rate: 0G bits/sec, Max. burst: 1K bytes
Fast-Reroute Backup info:
Inbound FRR: Active
Orig Input I/F: POS0/0
Orig PHOP: 10.1.1.5
Now using Bkup Filterspec w/ sender: 10.0.0.0 LSP ID: 126
Outbound FRR: No backup tunnel selected
Field Description
To IP address of the receiver.
From IP address of the sender.
Pro Protocol code. Code 1 indicates Internet Control Message Protocol
(ICMP).
DPort Destination port number.
Sport Source port number.
Prev Hop IP address of the previous hop.
I/F Interface of the previous hop.
Field Description
BPS Reservation rate, in bits per second, that the application is advertising it
might achieve.
Bytes Bytes of burst size that the application is advertising it might achieve.
Example 6: The command output shows only senders having a specific destination.
To show only information about senders having a specific destination, specify the destination filter as
shown below. In this example, the destination is 172.16.0.0.
Router# show ip rsvp sender filter destination 172.16.0.0
PATH:
Tun Dest 172.16.0.0 Tun ID 1000 Ext Tun ID 172.31.255.255
Tun Sender: 172.31.255.255, LSP ID: 22
Path refreshes being sent to NHOP 10.1.1.4 on Ethernet2
Session Attr::
Setup Prio: 7, Holding Prio: 7
Flags: SE Style
Session Name:tagsw4500-25_t1000
ERO:
10.1.1.4 (Strict IPv4 Prefix, 8 bytes, /32)
172.16.0.0 (Strict IPv4 Prefix, 8 bytes, /32)
Traffic params - Rate: 0G bits/sec, Max. burst: 1K bytes
Fast-Reroute Backup info:
Inbound FRR: Not active
Outbound FRR: No backup tunnel selected
Usage Guidelines Use the show ip rsvp signalling command with either the rate-limit or the refresh reduction keyword
to display rate-limiting parameters or refresh-reduction parameters, respectively.
Rate Limiting:enabled
Max msgs per interval:4
Interval length (msec):20
Max queue size:500
Max msgs per second:200
Max msgs allowed to be sent:37
Field Description
Rate Limiting: enabled (active) The RSVP rate-limiting parameters in effect including the following:
or disabled (not active)
• Max msgs per interval = number of messages allowed to be sent
per interval (timeframe).
• Interval length (msecs) = interval (timeframe) length in
milliseconds.
• Max queue size = maximum size of the message queue in bytes.
• Max msgs per second = maximum number of messages allowed
to be sent per second.
Refresh Reduction:enabled
ACK delay (msec):250
Initial retransmit delay (msec):1000
Local epoch:0x74D040
Message IDs:in use 600, total allocated 3732, total freed 3132
Table 135 show ip rsvp signalling refresh reduction Command Field Descriptions
Field Description
Refresh Reduction: enabled The RSVP refresh-reduction parameters in effect including the
(active) or disabled (not active) following:
• ACK delay (msec) = how long in milliseconds before the
receiving router sends an acknowledgment (ACK).
• Initial retransmit delay (msec) = how long in milliseconds before
the sending router retransmits a message.
• Local epoch = the RSVP process identifier that defines a local
router for refresh reduction and reliable messaging; randomly
generated each time a node reboots or the RSVP process restarts.
• Message IDs = the number of message identifiers (IDs) in use, the
total number allocated, and the total number available (freed).
Defaults If you enter the show ip rsvp signalling blockade command without a keyword or an argument, the
command displays all the blockaded sessions on the router.
Usage Guidelines Use the show ip rsvp signalling blockade command to display the RSVP sessions that are currently
blockaded.
An RSVP sender becomes blockaded when the corresponding receiver sends a Resv message that fails
admission control on a router that has RSVP configured. A ResvError message with an admission control
error is sent in reply to the Resv message, causing all routers downstream of the failure to mark the
associated sender as blockaded. As a result, those routers do not include that contribution to subsequent
Resv refreshes for that session until the blockade state times out.
Blockading solves a denial-of-service problem on shared reservations where one receiver can request so
much bandwidth as to cause an admission control failure for all the receivers sharing that reservation,
even though the other receivers are making requests that are within the limit.
Examples The following example shows all the sessions currently blockaded:
Router# show ip rsvp signalling blockade
Field Description
To IP address of the receiver.
From IP address of the sender.
Pro Protocol used.
DPort Destination port number.
Sport Source port number.
Time Left Amount of time, in seconds, before the blockade expires.
Rate The average rate, in bits per second, for the data.
The following example shows more detail about the sessions currently blockaded:
Router# show ip rsvp signalling blockade detail
Table 137 show ip rsvp signalling blockade detail Command Field Descriptions
Field Description
Session address Destination IP address of the reservation affected by the blockade.
port Destination port number of the reservation affected by the blockade.
Protocol Protocol used by the reservation affected by the blockade; choices include User
Datagram Protocol (UDP) and TCP.
Sender address Source IP address of the reservation affected by the blockade.
port Source port number of the reservation affected by the blockade.
Admission control IP address of the router where the admission control error occurred.
error location
Flowspec that Parameters for the flowspec that caused the blockade.
caused blockade
Average bitrate The average rate, in bits per second, for the flowspec.
Maximum burst The maximum burst size, in bytes, for the flowspec.
Peak bitrate The peak rate, in bps, for the flowspec.
Minimum policed The minimum policed unit, in bytes, for the flowspec.
unit
Maximum packet The maximum packet size, in bytes, for the flowspec.
size
Requested bitrate The requested rate, in bits per second, for the flowspec.
Slack Time, in milliseconds, allocated to a router for scheduling delivery of packets.
Blockade ends in Time, in seconds, until the blockade expires.
Command Default Information for the FLR and RSVP message pacing displays.
Usage Guidelines Use the show ip rsvp signalling fast-local-repair command to display the FLR and RSVP message
pacing rates that are configured.
Use the show ip rsvp signalling fast-local-repair statistics command to display the FLR procedures
and related information including the following:
• The process number
• The state
• The start time
• The number of path state blocks (PSBs) repaired
• The repair rate
• The routing information base (RIB) notification process time
• The repair time of the last PSB
Use the show ip rsvp signalling fast-local-repair statistics detail command to display detailed
information about FLR procedures including the following:
• The time of the routing notification
• The elapsed time for processing all notifications in the queue
• The rate and pacing unit (the refresh spacing in ms) used
• The number of PSBs repaired
• The number of times RSVP has suspended
Field Description
Fast Local Repair FLR state. Values are the following:
• Enabled—FLR is configured.
• Disabled—FLR is not configured.
Max repair rate (paths/sec) Maximum repair rate, in paths per second.
Max processed (paths/run) Maximum notification elements processed, in paths per run.
FLR Statistics:
Field Description
Fast Local Repair FLR state. Values are the following:
• Enabled—FLR is configured.
• Disabled—FLR is not configured.
Max repair rate (paths/sec) Maximum repair rate, in paths per second.
Max processed (paths/run) Maximum notification elements processed, in paths per run.
FLR Statistics FLR-related information.
FLR Proc. FLR procedure number. The last 32 procedures are listed
from the most recent to the oldest; they are numbered from 1
to 32.
State Current state of the FLR procedure. Values are the following:
• DONE—The FLR procedure is complete.
• IN PROGRESS—The FLR procedure is incomplete.
Start Time Time when RSVP received the routing notification.
#PSB Repair Number of PSBs repaired.
Repair Rate Repair rate used, in paths per second.
RIB Proc Time Time that RSVP spent to process all RIB notifications and
schedule the path refreshes, in microseconds (us),
milliseconds (msec or ms), or seconds (sec).
Note The value is converted to fit the column width;
however, seconds are rarely used because RSVP RIB
notification processing is very fast.
Last PSB Elapsed time, in microseconds (us), milliseconds (msec or
ms), or seconds (sec), between the start of an FLR procedure
and when RSVP sent the last PATH message.
Note The value is converted to fit the column width;
however, seconds are rarely used because RSVP RIB
notification processing is very fast.
FLR Statistics:
FLR 1: DONE
Start Time: 15:16:32 MET Wed Oct 25 2006
Number of PSBs repaired: 2496
Used Repair Rate (msgs/sec): 1000
Table 140 show ip rsvp signalling fast-local-repair statistics detail Field Descriptions
Field Description
Fast Local Repair FLR state. Values are the following:
• Enabled—FLR is configured.
• Disabled—FLR is not configured.
Max repair rate (paths/sec) Maximum repair rate, in paths per second.
Max processed (paths/run) Maximum notification elements processed, in paths per run.
FLR Statistics FLR-related information.
FLR # FLR procedure number and current state. The last 32
procedures are listed from the most recent to the oldest; they
are numbered from 1 to 32. Values for the state are the
following:
• DONE—The FLR procedure is complete.
• IN PROGRESS—The FLR procedure is incomplete.
Start Time Time when RSVP received the routing notification.
Number of PSBs repaired Total PSBs repaired.
Used Repair Rate (msgs/sec) Repair rate used, in messages per second.
RIB notification processing time Time, in milliseconds (ms), that RSVP spent to process all
RIB notifications.
Time of last PSB refresh Elapsed time, in milliseconds (ms), between the start of an
FLR procedure and when RSVP sent the last PATH refresh
message.
Time of last Resv received Elapsed time, in milliseconds (ms), between the start of an
FLR procedure and when RSVP received the last RESV
message.
Time of last Perr received Elapsed time, in microseconds (us), between the start of an
FLR procedure and when RSVP received the last
PATHERROR message.
Table 140 show ip rsvp signalling fast-local-repair statistics detail Field Descriptions (continued)
Field Description
Suspend count Number of times that RSVP has suspended during a specific
procedure.
Note If this value is non-zero, details for each run are
shown.
Run ID Identifier (number) for each time that RSVP has run.
Number of ntf. Number of notifications (PSBs) processed in a run.
Started (time from Start) Time, in milliseconds (ms), that the run began relative to the
start of the FLR procedure.
Duration Length of time, in milliseconds (ms), for the run.
FLR Pacing Unit Frequency, in milliseconds (msec), for RSVP message
pacing; that is, how often a PATH message is sent. The value
is rounded down.
Affected neighbors Neighbors involved in the FLR procedure.
Nbr Address IP address for each neighbor involved in a procedure.
Relative Delay Values Times, in milliseconds (msec), when the PSB refreshes were
sent.
Note In the sample display, there is a 1-msec pacing unit;
therefore, PSBs to 10.1.0.70 have been sent with
delays of 1 msec from 500, 501, 502, 503, ... 2995. If
a 5-msec pacing unit were used, the delays would be
500, 505, 510,... 2990, 2995.
Rate Limiting:
Max msgs per interval: 4
Interval length (msec): 20
Max queue size: 500
Max msgs per second: 200
Field Description
Rate Limiting The RSVP rate-limiting parameters are enabled or disabled. They include the
following:
• Burst = number of messages sent each period from the queue.
• Limit = maximum number of messages sent each period from the queue.
• Max size = maximum size of the message queue in bytes.
• Period (msec) = interval (time frame) length in milliseconds.
• Max rate (msgs/sec) = maximum number of messages allowed to be sent per
second.
Refresh Reduction:
ACK delay (msec): 250
Initial retransmit delay (msec): 1000
Local epoch: 0xF2F6BC
Message IDs: in use 1, total allocated 4, total freed 3
Table 142 show ip rsvp signalling refresh reduction Command Field Descriptions
Field Description
Refresh Reduction The RSVP refresh-reduction parameters in effect including the
following:
• ACK delay (msec) = how long in milliseconds before the receiving
router sends an acknowledgment (ACK).
• Initial retransmit delay (msec) = how long in milliseconds before the
sending router retransmits a message.
• Local epoch = the RSVP message number space ID (identifier);
randomly generated each time a node reboots or the RSVP process
restarts.
• Message IDs = the number of message IDs in use, the total number
allocated, and the total number available (freed).
Usage Guidelines The detail keyword is not available with the show ip rtp header-compression command on a Route
Switch Processor (RSP). However, the detail keyword is available with the show ip rtp
header-compression command on a Versatile Interface Processor (VIP). Enter the show ip rtp
header-compression interface-type interface-number detail command on a VIP to retrieve detailed
information regarding RTP header compression on a specific interface.
Field Description
Interface Type and number of interface.
Rcvd Received statistics described in subsequent fields.
total Number of packets received on the interface.
compressed Number of packets received with compressed headers.
errors Number of errors.
status msgs Number of resynchronization messages received from the
peer.
dropped Number of packets dropped.
buffer copies Number of buffers that were copied.
buffer failures Number of failures in allocating buffers.
Sent Sent statistics described in subsequent fields.
total Number of packets sent on the interface.
compressed Number of packets sent with compressed headers.
status msgs Number of resynchronization messages sent from the peer.
not predicted Number of packets taking a non-optimal path through the
compressor.
bytes saved Total savings in bytes due to compression.
bytes sent Total bytes sent after compression.
efficiency improvement factor Compression efficiency.
Connect Connect statistics described in subsequent fields.
rx slots Total number of receive slots.
tx slots Total number of transmit slots.
misses Total number of misses.
collisions Total number of collisions.
negative cache hits Total number of negative cache hits.
free contexts Number of available context resources.
hit ratio Percentage of received packets that have an associated
context.
five minute miss rate Number of new flows found per second averaged over the last
five minutes.
max Highest average rate of new flows reported.
Examples The following is sample output from the show ip tcp header-compression command:
Router# show ip tcp header-compression
Field Description
Interface Serial2/0 Interface type and number on which compression is enabled.
(compression on, IETF)
Rcvd: Received statistics described in subsequent fields.
total Total number of TCP packets received on the interface.
compressed Total number of TCP packets compressed.
errors Number of packets received with errors.
status msgs Number of resynchronization messages received from the peer.
dropped Number of packets dropped due to invalid compression.
buffer copies Number of packets that needed to be copied into bigger buffers for
decompression.
buffer failures Number of packets dropped due to a lack of buffers.
Sent: Sent statistics described in subsequent fields.
total Total number of TCP packets sent on the interface.
compressed Total number of TCP packets compressed.
status msgs Number of resynchronization messages sent from the peer.
not predicted Number of packets taking a non-optimal path through the
compressor.
bytes saved Total savings in bytes due to compression.
bytes sent Total bytes sent after compression.
efficiency improvement Improvement in line efficiency because of TCP header
factor compression.
Connect: Connection statistics described in subsequent fields.
rx slots Total number of receive slots.
tx slots Total number of transmit slots.
misses Indicates the number of times a match could not be made. If your
output shows a large miss rate, then the number of allowable
simultaneous compression connections may be too low.
collisions Total number of collisions.
negative cache hits Total number of negative cache hits.
Note This field is not relevant for TCP header compression; it
is used for Real-Time Transport Protocol (RTP) header
compression.
free contexts Total number of free contexts.
Note Free contexts (also known as connections) are an
indication of the number of resources that are available,
but not currently in use, for TCP header compression.
hit ratio Percentage of times the software found a match and was able to
compress the header.
Field Description
Five minute miss rate in Calculates the miss rate over the previous five minutes for a
misses/sec longer-term (and more accurate) look at miss rate trends.
max Maximum value of the previous field.
show iphc-profile
To display configuration information for one or more IP Header Compression (IPHC) profiles, use the
show iphc-profile command in privileged EXEC mode.
Command Default If you do not specify an IPHC profile name, all IPHC profiles are displayed.
Examples The following is sample output from the show iphc-profile command. In the output, information about
two IPHC profiles, profile21 and profile20, is displayed.
Router# show iphc-profile
Field Description
IPHC Profile IPHC profile name.
Type IPHC profile type, either VJ (for van-jacobson) or IETF.
Compressing Type of header compression used, such as TCP, non-TCP, or
RTP.
Contexts Number of contexts and setting used to calculate the context
number.
Controlled interfaces Interfaces to which the IPHC profile is attached.
Syntax Description name Specifies the QoS over LANE database to display.
Examples This example shows how to display the contents of a QoS over LANE database for a Catalyst 5000
family ATM Module:
ATM# show lane qos database user1
QOS: user1
configured cos values: 5-7, usage: 1
dst nsap: 47.0091810000000061705B0C01.00E0B0951A40.0A
pcr: 500000, mcr: 100000
This example shows how to display the contents of a QoS over LANE database for a Cisco 4500, 7200,
or 7500 series router:
Router# show lane qos database user2
QOS: user2
configured cos values: 5-7, usage: 1
dst nsap: 47.0091810000000061705B0C01.00E0B0951A40.0A
pcr: 500000, mcr: 100000
Command Description
lane qos database Begins the process of building a QoS over LANE database.
ubr+ cos Maps a CoS value to a UBR+ VCC.
show mls qos [{arp | ipv6 | ip | ipx | last | mac | maps [map-type]} [interface interface-number |
slot slot | null interface-number | port-channel number | vlan vlan-id]]
Syntax Description arp (Optional) Displays Address Resolution Protocol (ARP) information.
ipv6 (Optional) Displays IPv6 information.
ip | ipx (Optional) Displays information about the Multilayer Switching (MLS) IP or
Internetwork Packet Exchange (IPX) status.
last (Optional) Displays information about the last packet-policing.
mac (Optional) Displays information about the MAC address-based QoS status.
maps (Optional) Displays information about the QoS mapping.
map-type (Optional) Map type; see the “Usage Guidelines” section for valid values.
interface (Optional) Interface type; possible valid values are ethernet, fastethernet,
gigabitethernet, tengigabitethernet, ge-wan, pos, and atm.
interface-number (Optional) Module and port number; see the “Usage Guidelines” section for valid
values.
slot slot (Optional) Specifies the slot number; displays the global and per-interface QoS
enabled and disabled settings and the global QoS counters.
null (Optional) Specifies the null interface; the valid value is 0.
interface-number
port-channel (Optional) Specifies the channel interface; valid values are a maximum of
number 64 values ranging from 1 to 282.
vlan vlan-id (Optional) Specifies the VLAN ID; valid values are from 1 to 4094.
Usage Guidelines The ge-wan, pos, and atm keywords are not supported on Cisco 7600 series routers that are configured
with a Supervisor Engine 720.
The interface-number argument designates the module and port number. Valid values for
interface-number depend on the specified interface type and the chassis and module that are used. For
example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module
that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values
for the port number are from 1 to 48.
The port-channel number values from 257 to 282 are supported on the Content Switching Module
(CSM) and the Firewall Services Module (FWSM) only.
Valid values for map-types are defined as follows:
• cos-dscp—Specifies the ingress class of service (CoS)-to-differentiated services code point (DSCP)
mapping to display; valid values are from 0 to 7.
• dscp-cos—Displays the egress DSCP-to-CoS mapping.
• dscp-exp—Displays the DSCP-to-EXP mapping on the Multiprotocol Label Switching (MPLS)
domain ingress and egress; this keyword is not supported.
• exp-dscp—Displays the EXP-to-DSCP mapping on the MPLS domain ingress and egress; this keyword
is not supported.
• ip-prec-dscp value—Specifies the ingress IP precedence-to-DSCP mapping to display; valid values
are from 0 to 7.
• policed-dscp—Displays the policed DSCP values to marked-down DSCP values mapping.
The dscp-exp and exp-dscp options are supported on Cisco 7600 series routers that are configured with
a Supervisor Engine 720 only.
Examples This example shows how to display information about the last logged packet:
Router# show mls qos last
Policed-dscp map:
0 1 2 3 4 5 6 7 8 9
----------------------------------
00: 00 01 02 03 04 05 06 07 08 09
10: 10 11 12 13 14 15 16 17 18 19
20: 20 21 22 23 24 25 26 27 28 29
30: 30 31 32 33 34 35 36 37 38 39
40: 40 41 42 43 44 45 46 47 48 49
50: 50 51 52 53 54 55 56 57 58 59
60: 60 61 62 63
Dscp-cos map:
0 1 2 3 4 5 6 7 8 9
----------------------------------
00: 00 00 00 00 00 00 00 00 01 01
10: 01 01 01 01 01 01 02 02 02 02
20: 02 02 02 02 03 03 03 03 03 03
30: 03 03 04 04 04 04 04 04 04 04
40: 05 05 05 05 05 05 05 05 06 06
50: 06 06 06 06 06 06 07 07 07 07
60: 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
----------------------------------
dscp: 0 8 16 24 32 40 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
----------------------------------
dscp: 0 8 16 24 32 40 48 56
Router#
Note In the DSCP-mutation map displays, the marked-down DSCP values are shown in the body of the matrix.
The first digit of the original DSCP value is in the column labeled d1, and the second digit is in the top
row. In the example, DSCP 30 maps to DSCP 08.
This example shows the output from Cisco 7600 series routers that are configured with a Supervisor
Engine 720.
This example shows the output from Cisco 7600 series routers that are configured with a Supervisor
Engine 2.
This example shows the output if you do not enter any keywords:
Router# show mls qos
Usage Guidelines Aggregate policing works independently on each Distributed Forwarding Card (DFC)-equipped
switching module and independently on the Policy Feature Card 2 (PFC2), which supports any
non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from
different DFC-equipped switching modules. You can display aggregate-policing statistics for each
DFC-equipped switching module, the PFC2, and any non-DFC-equipped switching modules that are
supported by the PFC2.
Examples This example shows how to display information about the aggregate policer for MLS QoS:
Router# show mls qos aggregate-policer
ag1 (undefined)
AgId=0 [ pol1 pol2 ]
ag2 64000 64000 conform-action set-dscp-transmit 56 exceed-action drop
AgId=0 [ pol3 ]
ag3 32000 32000 conform-action set-dscp-transmit 34 exceed-action drop
Examples This example shows how to display the number of free aggregate RAM indexes on the switch processor
and the DFCs:
Router# show mls qos free-agram
Module [1]
Free AGIDs : 1023
Module [6]
Free AGIDs : 1023
Syntax Description interface-type (Optional) Interface type; valid values are the following:
interface-number
• fastethernet
• gigabitethernet
• tengigabitethernet.
(Optional) Module and port number; see the “Usage Guidelines” section
for valid values.
module slot (Optional) Specifies the module slot number.
Examples The following example shows an interface summary for MPLS QoS classes in policy maps:
Router# show mls qos mpls
Field Description
QoS Summary [MPLS]: (* - shared Shows if there are any shared aggregate policers, indicated
aggregates, Mod - switch module) by *, and the type of module.
Int Mod Dir Class-map DSCP Agg Trust Provides the column headings for the following lines in the
Fl AgForward-By AgPoliced-By display. These include interface name and number, module
number, direction, class-map name, and DSCP value.
Fa3/38 5 In exp2 0 1 dscp 0 378900 0 Provides the following information:
• Fa3/38—Interface name and number.
• 5—Module number in the chassis.
• In—Direction of the policy applied (In = ingress).
• exp2—Class map configured in the policy.
• 0—Differentiated Services Code Point (DSCP) value.
• 1—Policer ID assigned to that class map.
• dscp—Trust value configured on the port. In this
example, the value is trusting on DSCP.
• 0—The flow ID if the flow policer is configured.
• 378900—The aggregate forwarded bytes, meaning the
forwarded traffic.
• 0—The aggregate policed bytes, meaning this traffic
has been subjected to policing.
All 5 - Default 0 0* No 0 1191011240 0 The total of the preceding lines including the aggregate
forwarded and aggregate policed bytes.
Usage Guidelines Quality of service (QoS)-statistics data export is not supported on Optical Service Module (OSM)
interfaces.
Examples This example shows how to display information about the MLS-statistics data-export status and
configuration:
Router# show mls qos statistics-export info
Usage Guidelines On Cisco Catalyst 6500 series switches and Cisco 7600 series routers, you cannot attach a quality of
service (QoS) policy map with match input vlan to an interface if you have already attached a QoS
policy map to a VLAN interface (a logical interface that has been created with the interface vlan
command). If you attempt to use both types of service policies, you must remove both types of service
policies before you can add the policy maps.
The show platform qos policy-map command shows whether the router is currently configured for
interface vlan and match input vlan service policies. It also shows the number of policy maps for each
type.
Examples The following example shows a router that has service policies configured only on VLAN interfaces:
Router# show platform qos policy-map
The following example shows a router that has service policies configured on VLAN interfaces and that
has a service policy configured with match input vlan. In this configuration, you must remove all
service policies from their interfaces, and then configure only one type or another.
Router# show platform qos policy-map
Table 147 describes each field shown in the show platform qos policy-map command:
Field Description
service policy Indicates whether any QoS policy maps are configured on VLAN interfaces.
configured on int vlan
# of int vlan service Number of QoS policy maps that are configured on VLAN interfaces.
policy instances
match input vlan service Indicates whether any QoS policy maps that use the match input vlan
policy configured command are configured on interfaces.
# of match input vlan Number of QoS policy maps using the match input vlan command that are
service policy instances configured on interfaces.
show policy-map
To display the configuration of all classes for a specified service policy map or of all classes for all
existing policy maps, use the show policy-map command in user EXEC or privileged EXEC mode.
Syntax Description policy-map (Optional) Name of the service policy map whose complete configuration is
to be displayed. The name can be a maximum of 40 characters.
Release Modification
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB, and the
command was modified to display information about Layer 2 Tunnel
Protocol Version 3 (L2TPv3) tunnel marking.
12.2(31)SB2 This command was enhanced to display bandwidth-remaining ratios
configured on traffic classes and ATM overhead accounting, and was
implemented on the Cisco 10000 series router for the PRE3.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC Support for the Cisco 7600 series router was added.
12.4(15)T2 This command was modified to display information about Generic Routing
Encapsulation (GRE) tunnel marking.
Note For this release, GRE-tunnel marking is supported on the
Cisco MGX Route Processor Module (RPM-XF) platform only.
12.2(33)SB This command was modified to display information about GRE-tunnel
marking, and support for the Cisco 7300 series router was added. This
command’s output was modified on the Cisco 10000 series router for the
PRE3 and PRE4.
Cisco IOS XE 2.1 This command was integrated into Cisco IOS XE Release 2.1 and was
implemented on the Cisco ASR 1000 series router.
12.4(20)T Support was added for hierarchical queueing framework (HQF) using the
Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
Usage Guidelines The show policy-map command displays the configuration of a policy map created using the
policy-map command. You can use the show policy-map command to display all class configurations
comprising any existing service policy map, whether or not that policy map has been attached to an
interface. The command displays:
• ECN marking information only if ECN is enabled on the interface.
• Bandwidth-remaining ratio configuration and statistical information, if configured and used to
determine the amount of unused (excess) bandwidth to allocate to a class queue during periods of
congestion.
policy-map bronze
class class-default
shape average 34386000
service-policy Child
In Cisco IOS Release 12.2(31)SB, output similar to the following displays when you specify a
hierarchical policy in the show policy-map command:
Router# show policy-map Gold
policy-map Gold
Class class-default
Average Rate Traffic Shaping
cir 34386000 (bps)
service-policy Child2
In Cisco IOS Release 12.2(33)SB, the output from the show policy-map command displays police
actions on separate lines as shown in the following sample output:
Router# show policy-map Premium
In Cisco IOS Release 12.2(31)SB, the output from the show policy-map command displays police
actions on one line as shown in the following sample output:
Router# show policy-map Premium
Examples This section provides sample output from typical show policy-map commands. Depending upon the
interface or platform in use and the options enabled (for example, Weighted Fair Queueing [WFQ]), the
output you see may vary slightly from the ones shown below.
• Weighted Fair Queueing: Example, page 977
• Frame Relay Voice-Adaptive Traffic-Shaping: Example, page 978
• Traffic Policing: Example, page 979
• Two-Rate Traffic Policing: Example, page 979
• Multiple Traffic Policing Actions: Example, page 980
• Explicit Congestion Notification: Example, page 981
• Modular QoS CLI (MQC) Unconditional Packet Discard: Example, page 982
• Percentage-Based Policing and Shaping: Example, page 982
• Enhanced Packet Marking: Example, page 984
• Bandwidth-Remaining Ratio: Example, page 984
• ATM Overhead Accounting: Example, page 985
• Tunnel Marking: Example, page 985
• HQF: Example 1, page 986
• HQF: Example 2, page 986
The following example displays the contents of all policy maps on the router. Again, WFQ is enabled.
Router# show policy-map
Field Description
Policy Map Policy map name.
Class Class name.
Bandwidth Amount of bandwidth in kbps allocated to class.
Max thresh Maximum threshold in number of packets.
Field Description
Strict Priority Indicates the queueing priority assigned to the traffic in this class.
Burst Specifies the traffic burst size in bytes.
Traffic Shaping Indicates that Traffic Shaping is enabled.
Average Rate Traffic Shaping Indicates the type of Traffic Shaping enabled. Choices are Peak
Rate Traffic Shaping or Average Rate Traffic Shaping.
CIR Committed Information Rate (CIR) in bps.
Max. Buffers Limit Maximum memory buffer size in packets.
Table 149 show policy-map Field Descriptions—Configured for Frame Relay Voice-Adaptive
Traffic-Shaping (continued)
Field Description
Adapt to Traffic rate when shaping is active.
Voice Adapt Deactivation Timer Indicates that Frame Relay voice-adaptive traffic-shaping is
configured, and that the deactivation timer is set to 30 seconds.
service-policy Name of the service policy configured in the policy map
“MQC-SHAPE-LLQ1”.
Field Description
Policy Map Name of policy map displayed.
Class Name of the class configured in the policy map displayed.
police Indicates that traffic policing on the basis of specified percentage of
bandwidth has been enabled. The committed burst (Bc) and excess burst
(Be) sizes have been specified in milliseconds (ms), and optional conform,
exceed, and violate actions have been specified.
The following sample output shows the contents of the policy map called “policy1”:
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked
as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent.
All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.
Table 151 describes the significant fields shown in the display.
Table 151 show policy-map Field Descriptions—Configured for Two-Rate Traffic Policing
Field Description
police Indicates that the police command has been configured to enable traffic
policing. Also, displays the specified CIR, conform burst size (bc), peak
information rate (PIR), and peak burst (BE) size used for marking packets.
conform-action Displays the action to be taken on packets conforming to a specified rate.
exceed-action Displays the action to be taken on packets exceeding a specified rate.
violate-action Displays the action to be taken on packets violating a specified rate.
violate-action set-prec-transmit 2
violate-action set-frde-transmit
Packets conforming to the specified CIR (1000000 bps) are marked as conforming packets. These are
transmitted unaltered.
Packets exceeding the specified CIR (but not the specified PIR, 2000000 bps) are marked as exceeding
packets. For these packets, the IP Precedence level is set to 4, the discard eligibility (DE) bit is set to 1,
and the packet is transmitted.
Packets exceeding the specified PIR are marked as violating packets. For these packets, the IP
Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted.
Note Actions are specified by using the action argument of the police command. For more information about
the available actions, see the police command reference page.
Table 152 show policy-map Field Descriptions—Configured for Multiple Traffic Policing Actions
Field Description
police Indicates that the police command has been configured to enable
traffic policing. Also, displays the specified CIR, BC, PIR, and BE
used for marking packets.
conform-action Displays the one or more actions to be taken on packets conforming
to a specified rate.
exceed-action Displays the one or more actions to be taken on packets exceeding
a specified rate.
violate-action Displays the one or more actions to be taken on packets violating a
specified rate.
0 - - 1/10
1 - - 1/10
2 - - 1/10
3 - - 1/10
4 - - 1/10
5 - - 1/10
6 - - 1/10
7 - - 1/10
rsvp - - 1/10
Field Description
explicit congestion notification Indication that Explicit Congestion Notification is enabled.
class IP precedence value.
min-threshold Minimum threshold. Minimum WRED threshold in number of
packets.
max-threshold Maximum threshold. Maximum WRED threshold in number of
packets.
mark-probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.
Table 154 show policy-map Field Descriptions—Configured for MQC Unconditional Packet
Discard
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
drop Indicates that the packet discarding action for all the packets belonging to
the specified class has been configured.
The following example displays the contents of the service policy map called “po1”:
Router# show policy-map po1
The following example displays the contents of all policy maps on the router:
Router# show policy-map
Table 155 show policy-map Field Descriptions—Configured for Percentage-Based Policing and
Shaping
Field Description
Policy Map Name of policy map displayed.
Weighted Fair Queueing Indicates that weighted fair queueing (WFQ) has been enabled.
Class Name of class configured in policy map displayed.
Bandwidth Bandwidth, in kbps, configured for this class.
Max threshold Maximum threshold. Maximum WRED threshold in number of packets.
Table 156 show policy-map Field Descriptions—Configured for Enhanced Packet Marking
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
set precedence cos table Name of the set command used to set the specified value.
table-map1 For instance, set precedence cos table-map1 indicates that a table
or map called “table-map1” has been configured to set the precedence
value on the basis of the values defined in the table map.
set cos precedence table
table-map2 Alternately, set cos table table-map2 indicates that a table map
called “table-map2” has been configured to set the CoS value on the
basis of the values defined in the table map.
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
Average Rate Traffic Shaping Indicates that Average Rate Traffic Shaping is configured.
cir Committed information rate (CIR) used to shape traffic.
bandwidth remaining ratio Indicates the ratio used to allocate excess bandwidth.
Table 158 show policy-map Field Descriptions—Configured for ATM Overhead Accounting
Field Description
Average Rate Committed burst (Bc) is the maximum number of bits sent out in each
interval.
cir 10% Committed information rate (CIR) is 10 percent of the available interface
bandwidth.
dot1q BRAS-DSLAM encapsulation is 802.1Q VLAN.
aal5 DSLAM-CPE encapsulation type is based on the ATM Adaptation
Layer 5 service. AAL5 supports connection-oriented variable bit rate
(VBR) services.
snap-rbe Subscriber encapsulation type.
Note As of Cisco IOS Release 12.4(15)T2, GRE-tunnel marking is supported on the RPM-XF platform only.
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
set ip precedence tunnel Indicates that tunnel marking has been configured.
HQF: Example 1
The following sample output from the show policy-map command displays the configuration for a
policy map called “test1”:
Router# show policy-map test1
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
Average Rate Traffic Shaping Indicates that Average Rate Traffic Shaping is configured.
cir Committed information rate (CIR) in bps.
service-policy Name of the service policy configured in policy map “test1”.
HQF: Example 2
The following sample output from the show policy-map command displays the configuration for a
policy map called “test2”:
Router# show policy-map test2
Field Description
Policy Map Name of the policy map being displayed.
Class Name of the class in the policy map being displayed.
Average Rate Traffic Shaping Indicates that Average Rate Traffic Shaping is configured.
priority Indicates the queueing priority percentage assigned to traffic in this
class.
bandwidth Indicates the bandwidth percentage allocated to traffic in this class.
queue-limit Indicates the queue limit in packets for this traffic class.
packet-based wred, exponential Indicates that random detect is being applied and the units used are
weight packets. Exponential weight is a factor for calculating the average
queue size used with WRED.
dscp Differentiated services code point (DSCP). Values can be the
following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af1 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
min-threshold Minimum threshold. Minimum WRED threshold in number of
packets.
max-threshold Maximum threshold. Maximum WRED threshold in number of
packets.
mark-probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.
Command Description
policy-map Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
random-detect ecn Enables ECN.
shape Shapes traffic to the indicated bit rate according to the algorithm
specified, and enables ATM overhead accounting.
show policy-map class Displays the configuration for the specified class of the specified
policy map.
show policy-map interface Displays the packet statistics of all classes that are configured for
all service policies either on the specified interface or subinterface
or on a specific PVC on the interface.
show running-config Displays the current configuration of the router. If configured, the
command output includes information about ATM overhead
accounting.
show table-map Displays the configuration of a specified table map or of all table
maps.
table-map (value mapping) Creates and configures a mapping table for mapping and converting
one packet-marking value to another.
Syntax Description policy-map The name of a policy map that contains the class configuration to be
displayed.
class-name The name of the class whose configuration is to be displayed.
Usage Guidelines You can use the show policy-map class command to display any single class configuration for any
service policy map, whether or not the specified service policy map has been attached to an interface.
Examples The following example displays configurations for the class called class7 that belongs to the policy map
called po1:
Router# show policy-map po1 class class7
Class class7
Bandwidth 937 (kbps) Max Thresh 64 (packets)
show policy-map control-plane [type policy-type] [all | slot slot-number] [host | transit |
cef-exception] [input [class class-name] | output [class class-name]]
show policy-map control-plane [all] [input [class class-name] | output [class class-name]]
Syntax Description type policy-type (Optional) Specifies policy-map type for which you want statistics (for
example, port-filter or queue-threshold).
all (Optional) Displays all QoS control plane policies used in aggregate and
distributed control plane (CP) services.
slot slot-number (Optional) Displays information about the quality of service (QoS) policy
used to perform distributed CP services on the specified line card.
host (Optional) Displays policy-map and class-map statistics for the host
subinterface.
transit (Optional) Displays policy-map and class-map statistics for the transit
subinterface.
cef-exception (Optional) Displays policy-map and class-map statistics for the
Cef-exception subinterface.
input (Optional) Displays statistics for the attached input policy.
output (Optional) Displays statistics for the attached output policy.
Note The output keyword is supported only in Cisco IOS
Release 12.3(4)T and later Cisco IOS 12.3T releases.
class class-name (Optional) Name of the class whose configuration and statistics are to be
displayed.
Command Default Information displays for all classes of the policy map of the control plane.
Release Modification
12.2(18)SXD1 This command was integrated into Cisco IOS Release 12.2(18)SXD1.
12.0(30)S The slot slot-number parameter was added to support distributed CP
services.
12.4(4)T Support was added for the type policy-type keyword and argument
combination and for the host, transit, and cef-exception keywords.
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines The show policy-map control-plane command displays information for aggregate and distributed
control-plane policing services that manage the number or rate of control-plane (CP) packets sent to the
process level of the route processor.
Information for distributed control-plane service is displayed for a specified line card. Distributed CP
services are performed on a line card’s distributed switch engine and manage CP traffic sent from all
interfaces on the line card to the route processor, where aggregate CP services (for CP packets received
from all line cards on the router) are performed.
Examples The following example shows that the policy map TEST is associated with the control plane. This policy
map polices traffic that matches the class map TEST, while allowing all other traffic (that matches the
class map called “class-default”) to go through as is.
Router# show policy-map control-plane
Control Plane
Service-policy input:TEST
Class-map:TEST (match-all)
20 packets, 11280 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:access-group 101
police:
8000 bps, 1500 limit, 1500 extended limit
conformed 15 packets, 6210 bytes; action:transmit
exceeded 5 packets, 5070 bytes; action:drop
violated 0 packets, 0 bytes; action:drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map:class-default (match-any)
105325 packets, 11415151 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match:any
Field Description
Fields Associated with Classes or Service Policies
Service-policy input Name of the input service policy that is applied to the control
plane. (This field will also show the output service policy, if
configured.)
Field Description
Class-map Class of traffic being displayed. Traffic is displayed for each
configured class. The choice for implementing class matches
(for example, match-all or match-any) can also appear next to
the traffic class.
offered rate Rate, in kbps, at which packets are coming into the class.
drop rate Rate, in kbps, at which packets are dropped from the class.
The drop rate is calculated by subtracting the number of
successfully transmitted packets from the offered rate.
Match Match criteria for the specified class of traffic.
For more information about the variety of match criteria
options available, see the “Configuring the Modular Quality
of Service Command-Line Interface” chapter in the
Cisco IOS Quality of Service Solutions Configuration Guide.
Fields Associated with Traffic Policing
police Indicates that the police command has been configured to
enable traffic policing.
conformed Displays the action to be taken on packets that conform to a
specified rate. Displays the number of packets and bytes on
which the action was taken.
exceeded Displays the action to be taken on packets that exceed a
specified rate. Displays the number of packets and bytes on
which the action was taken.
violated Displays the action to be taken on packets that violate a
specified rate. Displays the number of packets and bytes on
which the action was taken.
Cisco 3660, 3845, 6500, 7200, 7400, 7500, and ASR 1000 Series Routers
show policy-map interface [type access-control] type number [vc [vpi/] vci] [dlci dlci]
[input | output]
Syntax Description type access-control (Optional) Displays class maps configured to determine the exact pattern to
look for in the protocol stack of interest.
type Type of interface or subinterface whose policy configuration is to be
displayed.
number Port, connector, or interface card number.
vc (Optional) For ATM interfaces only, shows the policy configuration for a
specified PVC.
vpi/ (Optional) ATM network virtual path identifier (VPI) for this permanent
virtual circuit (PVC). On the Cisco 7200 and 7500 series routers, this value
ranges from 0 to 255.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
The absence of both the forward slash (/) and a vpi value defaults the vpi
value to 0. If this value is omitted, information for all virtual circuits (VCs)
on the specified ATM interface or subinterface is displayed.
vci (Optional) ATM network virtual channel identifier (VCI) for this PVC. This
value ranges from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, the lower values 0 to 31 are
reserved for specific traffic (F4 Operation, Administration, and
Maintenance [OAM], switched virtual circuit [SVC] signaling, Integrated
Local Management Interface [ILMI], and so on) and should not be used.
The VCI is a 16-bit field in the header of the ATM cell. The VCI value is
unique only on a single link, not throughout the ATM network, because it
has local significance only.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
dlci (Optional) Indicates a specific PVC for which policy configuration will be
displayed.
Command Default This command displays the packet statistics of all classes that are configured for all service policies on
the specified interface or subinterface or on a specific permanent virtual circuit (PVC) on the interface.
The absence of both the forward slash (/) and a vpi value defaults the vpi value to 0. If this value is
omitted, information for all virtual circuits (VCs) on the specified ATM interface or subinterface is
displayed.
Release Modification
12.2(18)SXE This command was integrated into Cisco IOS Release 12.2(18)SXE. This
command was modified to display aggregate WRED statistics for the ATM
shared port adapter. Note that changes were made to the syntax, defaults, and
command modes. These changes are labelled “ATM Shared Port Adapter.”
12.4(4)T The type access-control keywords were added to support flexible packet
matching.
12.2(28)SB This command was integrated into Cisco IOS Release 12.2(28)SB, and the
following modifications were made:
• This command was modified to display either legacy (undistributed
processing) QoS or hierarchical queueing framework (HQF) parameters
on Frame Relay interfaces or PVCs.
• This command was modified to display information about Layer 2
Tunnel Protocol Version 3 (L2TPv3) tunnel marking.
12.2(31)SB2 The following modifications were made:
• This command was enhanced to display statistical information for each
level of priority service configured and information about
bandwidth-remaining ratios, and this command was implemented on the
Cisco 10000 series router for the PRE3.
• This command was modified to display statistics for matching packets
on the basis of VLAN identification numbers. As of Cisco IOS
Release 12.2(31)SB2, matching packets on the basis of VLAN
identification numbers is supported on Cisco 10000 series routers only.
12.2(33)SRC This command was integrated into Cisco IOS Release 12.2(33)SRC.
12.4(15)T2 This command was modified to display information about Generic Routing
Encapsulation (GRE) tunnel marking.
Note As of this release, GRE-tunnel marking is supported on the
Cisco MGX Route Processor Module (RPM-XF) platform only.
12.2(33)SB This command was modified to display information about GRE-tunnel
marking, and support for the Cisco 7300 series router was added.
Cisco IOS XE 2.1 This command was integrated into Cisco IOS XE Release 2.1 and was
implemented on the Cisco ASR 1000 series router.
12.4(20)T Support was added for hierarchical queueing framework (HQF) using the
Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
Usage Guidelines Cisco 3660, 3845, 6500, 7200, 7400, 7500, and ASR 1000 Series Routers
The show policy-map interface command displays the packet statistics for classes on the specified
interface or the specified PVC only if a service policy has been attached to the interface or the PVC.
The counters displayed after the show policy-map interface command is entered are updated only if
congestion is present on the interface.
The show policy-map interface command displays policy information about Frame Relay PVCs only
if Frame Relay Traffic Shaping (FRTS) is enabled on the interface.
The show policy-map interface command displays ECN marking information only if ECN is enabled
on the interface.
To determine if shaping is active with HQF, check the queue depth field of the “(queue depth/total
drops/no-buffer drops)” line in the show policy-map interface command output.
HQF
When you configure HQF, the show policy-map interface command displays additional fields that
include the differentiated services code point (DSCP) value, WRED statistics in bytes, transmitted
packets by WRED, and a counter that displays packets output/bytes output in each class.
Examples This section provides sample output from typical show policy-map interface commands. Depending
upon the interface or platform in use and the options enabled, the output you see may vary slightly from
the ones shown below.
• Weighted Fair Queueing (WFQ) on Serial Interface: Example, page 998
• Traffic Shaping on Serial Interface: Example, page 999
• Precedence-Based Aggregate WRED on ATM Shared Port Adapter: Example, page 1002
• DSCP-Based Aggregate WRED on ATM Shared Port Adapter: Example, page 1003
• Frame Relay Voice-Adaptive Traffic-Shaping: Example, page 1005
• Two-Rate Traffic Policing: Example, page 1005
• Multiple Traffic Policing Actions: Example, page 1006
• Explicit Congestion Notification: Example, page 1007
• Class-Based RTP and TCP Header Compression: Example, page 1009
• Modular QoS CLI (MQC) Unconditional Packet Discard: Example, page 1011
• Percentage-Based Policing and Shaping: Example, page 1012
• Traffic Shaping: Example, page 1013
• Packet Classification Based on Layer 3 Packet Length: Example, page 1015
• Enhanced Packet Marking: Example, page 1016
• Traffic Policing: Example, page 1017
Serial3/1
Serial3/2
Service-policy output: p1
Class-map: c1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 0
Traffic Shaping
Target Byte Sustain Excess Interval Increment Adapt
Rate Limit bits/int bits/int (ms) (bytes) Active
320000 2000 8000 8000 25 1000 -
Table 163 describes significant fields commonly shown in the displays. The fields in the table are
grouped according to the relevant QoS feature.
Field Description
Fields Associated with Classes or Service Policies
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Note In distributed architecture platforms (such as the Cisco 7500 series platform), the value of the
transfer rate, calculated as the difference between the offered rate and the drop rate counters,
can sporadically deviate from the average by up to 20 percent or more. This can occur while
no corresponding burst is registered by independent traffic analyser equipment.
Match Match criteria specified for the class of traffic. Choices include criteria
such as IP precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the variety of match
criteria that are available, see the “Classifying Network Traffic” module
in the Cisco IOS Quality of Service Solutions Configuration Guide.
Field Description
Fields Associated with Queueing (if Enabled)
Output Queue The weighted fair queueing (WFQ) conversation to which this class of
traffic is allocated.
Bandwidth Bandwidth, in either kbps or percentage, configured for this class and the
burst size.
pkts matched/bytes Number of packets (also shown in bytes) matching this class that were
matched placed in the queue. This number reflects the total number of matching
packets queued at any time. Packets matching this class are queued only
when congestion exists. If packets match the class but are never queued
because the network was not congested, those packets are not included in
this total. However, if process switching is in use, the number of packets
is always incremented even if the network is not congested.
depth/total Number of packets discarded for this class. No-buffer indicates that no
drops/no-buffer drops memory buffer exists to service the packet.
Fields Associated with Weighted Random Early Detection (WRED) (if Enabled)
exponential weight Exponent used in the average queue size calculation for a WRED
parameter group.
mean queue depth Average queue depth based on the actual queue depth on the interface and
the exponential weighting constant. It is a fluctuating average. The
minimum and maximum thresholds are compared against this value to
determine drop decisions.
class IP precedence level.
Transmitted pkts/bytes Number of packets (also shown in bytes) passed through WRED and not
dropped by WRED.
Note If there is insufficient memory in the buffer to accommodate the
packet, the packet can be dropped after the packet passes through
WRED. Packets dropped because of insufficient memory in the
buffer (sometimes referred to as “no-buffer drops”) are not taken
into account by the WRED packet counter.
Random drop pkts/bytes Number of packets (also shown in bytes) randomly dropped when the
mean queue depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence level.
Tail drop pkts/bytes Number of packets dropped when the mean queue depth is greater than the
maximum threshold value for the specified IP precedence level.
Minimum thresh Minimum threshold. Minimum WRED threshold in number of packets.
Maximum thresh Maximum threshold. Maximum WRED threshold in number of packets.
Mark prob Mark probability. Fraction of packets dropped when the average queue
depth is at the maximum threshold.
Field Description
Fields Associated with Traffic Shaping (if Enabled)
Target Rate Rate used for shaping traffic.
Byte Limit Maximum number of bytes that can be transmitted per interval. Calculated
as follows:
((Bc+Be) /8) x 1
Sustain bits/int Committed burst (Bc) rate.
Excess bits/int Excess burst (Be) rate.
Interval (ms) Time interval value in milliseconds (ms).
Increment (bytes) Number of credits (in bytes) received in the token bucket of the traffic
shaper during each time interval.
Queue Depth Current queue depth of the traffic shaper.
Packets Total number of packets that have entered the traffic shaper system.
Bytes Total number of bytes that have entered the traffic shaper system.
Packets Delayed Total number of packets delayed in the queue of the traffic shaper before
being transmitted.
Bytes Delayed Total number of bytes delayed in the queue of the traffic shaper before
being transmitted.
Shaping Active Indicates whether the traffic shaper is active. For example, if a traffic
shaper is active, and the traffic being sent exceeds the traffic shaping rate,
a “yes” appears in this field.
1. A number in parentheses may appear next to the service-policy output name, class-map name, and match criteria
information. The number is for Cisco internal use only and can be disregarded.
ATM4/1/0.10: VC 10/110 -
ATM4/1/0.11: VC 11/101 -
Match: any
Exp-weight-constant: 0 (1/1)
Mean queue depth: 0
class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytespkts/bytespkts/bytesthreshthreshprob
default 0/0 0/0 0/0 1 10 1/10
0 1 2 3
4 5 6 7 0/0 0/0 0/0 10 20 1/10
8 9 10 11 0/0 0/0 0/0 10 40 1/10
Table 164 describes the significant fields shown in the display when aggregate WRED is configured for
an ATM shared port adapter.
Table 164 show policy-map interface Field Descriptions—Configured for Aggregate WRED on ATM
Shared Port Adapter
Field Description
exponential weight Exponent used in the average queue size calculation for a Weighted
Random Early Detection (WRED) parameter group.
mean queue depth Average queue depth based on the actual queue depth on the interface and
the exponential weighting constant. It is a fluctuating average. The
minimum and maximum thresholds are compared against this value to
determine drop decisions.
Note When Aggregate Weighted Random Early Detection (WRED) is enabled, the following
WRED statistics will be aggregated based on their subclass (either their IP precedence or
differentiated services code point (DSCP) value).
class IP precedence level or differentiated services code point (DSCP) value.
Transmitted pkts/bytes Number of packets (also shown in bytes) passed through WRED and not
dropped by WRED.
Note If there is insufficient memory in the buffer to accommodate the
packet, the packet can be dropped after the packet passes through
WRED. Packets dropped because of insufficient memory in the
buffer (sometimes referred to as “no-buffer drops”) are not taken
into account by the WRED packet counter.
Random drop pkts/bytes Number of packets (also shown in bytes) randomly dropped when the
mean queue depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence level or DSCP
value.
Tail drop pkts/bytes Number of packets dropped when the mean queue depth is greater than the
maximum threshold value for the specified IP precedence level or DSCP
value.
Minimum thresh Minimum threshold. Minimum WRED threshold in number of packets.
Maximum thresh Maximum threshold. Maximum WRED threshold in number of packets.
Mark prob Mark probability. Fraction of packets dropped when the average queue
depth is at the maximum threshold.
Serial3/1.1:DLCI 201 -
Service-policy output:MQC-SHAPE-LLQ1
Class-map:class-default (match-any)
1434 packets, 148751 bytes
30 second offered rate 14000 bps, drop rate 0 bps
Match:any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
63000/63000 1890 7560 7560 120 945
Table 165 describes the significant fields shown in the display. Significant fields that are not described
in Table 165 are described in Table 163, “show policy-map interface Field Descriptions.”
Table 165 show policy-map interface Field Descriptions—Configured for Frame Relay Voice-Adaptive
Traffic Shaping
Field Description
Voice Adaptive Shaping Indicates whether Frame Relay voice-adaptive traffic shaping is active or
active/inactive inactive.
time left Number of seconds left on the Frame Relay voice-adaptive traffic shaping
deactivation timer.
Serial3/0
The two-rate traffic policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding,
and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is,
and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as
violating the specified rate are dropped.
Table 166 describes the significant fields shown in the display.
Table 166 show policy-map interface Field Descriptions—Configured for Two-Rate Traffic Policing
Field Description
police Indicates that the police command has been configured to enable traffic policing.
Also, displays the specified CIR, conform burst size, peak information rate (PIR),
and peak burst size used for marking packets.
conformed Displays the action to be taken on packets conforming to a specified rate. Displays
the number of packets and bytes on which the action was taken.
exceeded Displays the action to be taken on packets exceeding a specified rate. Displays the
number of packets and bytes on which the action was taken.
violated Displays the action to be taken on packets violating a specified rate. Displays the
number of packets and bytes on which the action was taken.
The sample output from show policy-map interface command shows the following:
• 59679 packets were marked as conforming packets (that is, packets conforming to the CIR) and were
transmitted unaltered.
• 59549 packets were marked as exceeding packets (that is, packets exceeding the CIR but not
exceeding the PIR). Therefore, the IP Precedence value of these packets was changed to an IP
Precedence level of 4, the discard eligibility (DE) bit was set to 1, and the packets were transmitted
with these changes.
• 53758 packets were marked as violating packets (that is, exceeding the PIR). Therefore, the IP
Precedence value of these packets was changed to an IP Precedence level of 2, the DE bit was set
to 1, and the packets were transmitted with these changes.
Note Actions are specified by using the action argument of the police command. For more information about
the available actions, see the police command reference page.
Table 167 show policy-map interface Field Descriptions—Configured for Multiple Traffic Policing
Actions
Field Description
police Indicates that the police command has been configured to enable traffic
policing. Also, displays the specified CIR, conform burst size (BC), PIR,
and peak burst size (BE) used for marking packets.
conformed, packets, Displays the number of packets (also shown in bytes) marked as
bytes, actions conforming to a specified rate and the actions taken on the packet. If there
are multiple actions, each action is listed separately.
exceeded, packets, bytes, Displays the number of packets (also shown in bytes) marked as
actions exceeding a specified rate and the actions taken on the packet. If there are
multiple actions, each action is listed separately.
violated, packets, bytes, Displays the number of packets (also shown in bytes) marked as violating
actions a specified rate and the actions taken on the packet. If there are multiple
actions, each action is listed separately.
Serial4/1
Service-policy output:policy_ecn
Class-map:prec1 (match-all)
1000 packets, 125000 bytes
30 second offered rate 14000 bps, drop rate 5000 bps
Match:ip precedence 1
Weighted Fair Queueing
Output Queue:Conversation 42
Bandwidth 20 (%)
Bandwidth 100 (kbps)
(pkts matched/bytes matched) 989/123625
(depth/total drops/no-buffer drops) 0/455/0
exponential weight:9
explicit congestion notification
mean queue depth:0
Field Description
explicit congestion Indication that Explicit Congestion Notification is enabled.
notification
mean queue depth Average queue depth based on the actual queue depth on the interface and
the exponential weighting constant. It is a moving average. The minimum
and maximum thresholds are compared against this value to determine
drop decisions.
class IP precedence value.
Transmitted pkts/bytes Number of packets (also shown in bytes) passed through WRED and not
dropped by WRED.
Note If there is insufficient memory in the buffer to accommodate the
packet, the packet can be dropped after the packet passes through
WRED. Packets dropped because of insufficient memory in the
buffer (sometimes referred to as “no-buffer drops”) are not taken
into account by the WRED packet counter.
Random drop pkts/bytes Number of packets (also shown in bytes) randomly dropped when the
mean queue depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence value.
Table 168 show policy-map interface Field Descriptions—Configured for ECN (continued)
Field Description
Tail drop pkts/bytes Number of packets dropped when the mean queue depth is greater than the
maximum threshold value for the specified IP precedence value.
Minimum threshold Minimum WRED threshold in number of packets.
Maximum threshold Maximum WRED threshold in number of packets.
Mark probability Fraction of packets dropped when the average queue depth is at the
maximum threshold.
ECN Mark pkts/bytes Number of packets (also shown in bytes) marked by ECN.
Serial4/1
Service-policy output:p1
Class-map:class-default (match-any)
1005 packets, 64320 bytes
30 second offered rate 16000 bps, drop rate 0 bps
Match:any
compress:
header ip rtp
UDP/RTP Compression:
Sent:1000 total, 999 compressed,
41957 bytes saved, 17983 bytes sent
3.33 efficiency improvement factor
99% hit ratio, five minute miss rate 0 misses/sec, 0 max
rate 5000 bps
Table 169 show policy-map interface Field Descriptions—Configured for Class-Based RTP and TCP
Header Compression1
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
Table 169 show policy-map interface Field Descriptions—Configured for Class-Based RTP and TCP
Header Compression1 (continued)
Field Description
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
UDP/RTP Compression Indicates that RTP header compression has been configured for the class.
Sent total Count of every packet sent, both compressed packets and full-header
packets.
Sent compressed Count of number of compressed packets sent.
bytes saved Total number of bytes saved (that is, bytes not needing to be sent).
bytes sent Total number of bytes sent for both compressed and full-header packets.
efficiency improvement The percentage of increased bandwidth efficiency as a result of header
factor compression. For example, with RTP streams, the efficiency improvement
factor can be as much as 2.9 (or 290 percent).
hit ratio Used mainly for troubleshooting purposes, this is the percentage of
packets found in the context database. In most instances, this percentage
should be high.
five minute miss rate The number of new traffic flows found in the last five minutes.
misses/sec The average number of new traffic flows found per second, and the highest
max rate of new traffic flows to date.
rate The actual traffic rate (in bits per second) after the packets are
compressed.
1. A number in parentheses may appear next to the service-policy output name and the class-map name. The number is for
Cisco internal use only and can be disregarded.
Serial2/0
Class-map: c1 (match-all)
10184 packets, 1056436 bytes
5 minute offered rate 32000 bps, drop rate 32000 bps
Match: ip precedence 0
drop
Table 170 show policy-map interface Field Descriptions—Configured for MQC Unconditional Packet
Discard1
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Table 170 show policy-map interface Field Descriptions—Configured for MQC Unconditional Packet
Discard1 (continued)
Field Description
Note In distributed architecture platforms (such as the Cisco 7500), the value of the tranfer rate,
calculated as the difference between the offered rate and the drop rate counters, can
sporadically diviate from the average by up to 20 percent or more. This can occur while no
corresponding burst is registered by independent traffic analyser equipment.
Match Match criteria specified for the class of traffic. Choices include criteria
such as the Layer 3 packet length, IP precedence, IP DSCP value, MPLS
experimental value, access groups, and QoS groups. For more information
about the variety of match criteria that are available, see the “Classifying
Network Traffic” module in the Cisco IOS Quality of Service Solutions
Configuration Guide.
drop Indicates that the packet discarding action for all the packets belonging to
the specified class has been configured.
1. A number in parentheses may appear next to the service-policy output name and the class-map name. The number is for
Cisco internal use only and can be disregarded.
Serial3/1
Table 171 show policy-map interface Field Descriptions—Configured for Percentage-Based Policing
and Shaping1
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
police Indicates that traffic policing based on a percentage of bandwidth has been
enabled. Also, displays the bandwidth percentage, the CIR, and the
committed burst (Bc) size in ms.
conformed, actions Displays the number of packets and bytes marked as conforming to the
specified rates, and the action to be taken on those packets.
exceeded, actions Displays the number of packets and bytes marked as exceeding the
specified rates, and the action to be taken on those packets.
1. A number in parentheses may appear next to the service-policy output name and the class-map name. The number is for
Cisco internal use only and can be disregarded.
Serial3/2
Service-policy output: p1
Class-map: c1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment Adapt
Rate Limit bits/int bits/int (ms) (bytes) Active
20 % 10 (ms) 20 (ms)
201500/201500 1952 7808 7808 38 976 -
Table 172 show policy-map interface Field Descriptions—Configured for Percentage-Based Policing
and Shaping (with Traffic Shaping Enabled)1
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Match Match criteria specified for the class of traffic. Choices include criteria
such as the Layer 3 packet length, IP precedence, IP DSCP value, MPLS
experimental value, access groups, and quality of service (QoS) groups.
For more information about the variety of match criteria that are available,
see the “Classifying Network Traffic” module in the Cisco IOS Quality of
Service Solutions Configuration Guide.
Traffic Shaping Indicates that traffic shaping based on a percentage of bandwidth has been
enabled.
Target/Average Rate Rate (percentage) used for shaping traffic and the number of packets
meeting that rate.
Table 172 show policy-map interface Field Descriptions—Configured for Percentage-Based Policing
and Shaping (with Traffic Shaping Enabled)1 (continued)
Field Description
Byte Limit Maximum number of bytes that can be transmitted per interval. Calculated
as follows:
((Bc+Be) /8 ) x 1
Sustain bits/int Committed burst (Bc) rate.
Excess bits/int Excess burst (Be) rate.
Interval (ms) Time interval value in milliseconds (ms).
Increment (bytes) Number of credits (in bytes) received in the token bucket of the traffic
shaper during each time interval.
Adapt Active Indicates whether adaptive shaping is enabled.
Queue Depth Current queue depth of the traffic shaper.
Packets Total number of packets that have entered the traffic shaper system.
Bytes Total number of bytes that have entered the traffic shaper system.
Packets Delayed Total number of packets delayed in the queue of the traffic shaper before
being transmitted.
Bytes Delayed Total number of bytes delayed in the queue of the traffic shaper before
being transmitted.
Shaping Active Indicates whether the traffic shaper is active. For example, if a traffic
shaper is active, and the traffic being sent exceeds the traffic shaping rate,
a “yes” appears in this field.
1. A number in parentheses may appear next to the service-policy output name, class-map name, and match criteria
information. The number is for Cisco internal use only and can be disregarded.
Ethernet4/1
Table 173 show policy-map interface Field Descriptions—Configured for Packet Classification Based
on Layer 3 Packet Length1
Field Description
Service-policy input Name of the input service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Match Match criteria specified for the class of traffic. Choices include criteria
such as the Layer 3 packet length, IP precedence, IP DSCP value, MPLS
experimental value, access groups, and QoS groups.
QoS Set, qos-group, Indicates that class-based packet marking based on the QoS group has
Packets marked been configured. Includes the qos-group number and the number of
packets marked.
1. A number in parentheses may appear next to the service-policy input name, class-map name, and match criteria information.
The number is for Cisco internal use only and can be disregarded.
FastEthernet1/0.1
Table 174 show policy-map interface Field Descriptions—Configured for Enhanced Packet Marking1
Field Description
Service-policy input Name of the input service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of the packets coming into the class.
Match Match criteria specified for the class of traffic. Choices include criteria
such as Precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental value, access
groups, and quality of service (QoS) group (set). For more information
about the variety of match criteria that are available, see the “Classifying
Network Traffic” module in the Cisco IOS Quality of Service Solutions
Configuration Guide.
QoS Set Indicates that QoS group (set) has been configured for the particular class.
precedence cos table Indicates that a table map (called “table-map1”) has been used to
table-map1 determine the precedence value. The precedence value will be set
according to the CoS value defined in the table map.
Packets marked Total number of packets marked for the particular class.
1. A number in parentheses may appear next to the service-policy input name and the class-map name. The number is for Cisco
internal use only and can be disregarded.
Serial2/0
pir 40 % be 400 ms
pir 819000 bps, be 40960 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
In this example, the CIR and PIR are displayed in bps, and both the committed burst (bc) and excess
burst (be) are displayed in bits.
The CIR, PIR bc, and be are calculated on the basis of the formulas described below.
Note Discrepancies between this total and the total shown in the output from the show policy-map
interface command can be attributed to a rounding calculation or to differences associated with
the specific interface configuration.
Field Description
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured class
in the policy. The choice for implementing class matches (for example,
match-all or match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as belonging to the class of
traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate is
calculated by subtracting the number of successfully transmitted packets from
the offered rate.
Match Match criteria specified for the class of traffic. Choices include criteria such as
the Layer 3 packet length, IP precedence, IP differentiated services code point
(DSCP) value, Multiprotocol Label Switching (MPLS) experimental value,
access groups, and quality of service (QoS) groups. For more information
about the variety of match criteria that are available, see the “Classifying
Network Traffic” module in the Cisco IOS Quality of Service Solutions
Configuration Guide.
police Indicates that traffic policing has been enabled. Display includes the CIR, PIR
(in both a percentage of bandwidth and in bps) and the bc and be in bytes and
milliseconds. Also displays the optional conform, exceed, and violate actions,
if any, and the statistics associated with these optional actions.
FastEthernet0/1
Serial4/3
Service-policy : LLQ
Class-map: c1 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 1
Priority: 32 kbps, burst bytes 1500, b/w exceed drops: 0
Note As of Cisco IOS Release 12.2(31)SB2, matching packets on the basis of VLAN ID numbers is supported
on the Catalyst 1000 platform only.
The following is a sample configuration in which packets are matched and classified on the basis of the
VLAN ID number. In this sample configuration, packets that match VLAN ID number 150 are placed in
a class called “class1.”
Router# show class-map
Class1 is then configured as part of the policy map called “policy1.” The policy map is attached to
Fast Ethernet subinterface 0/0.1.
The following sample output of the show policy-map interface command displays the packet statistics
for the policy maps attached to Fast Ethernet subinterface 0/0.1. It displays the statistics for policy1, in
which class1 has been configured.
FastEthernet0/0.1
! Policy-map name.
Service-policy input: policy1
Table 176 show policy-map interface Field Descriptions—Packets Matched on the Basis of VLAN ID
Number1
Field Description
Service-policy input Name of the input service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of the packets coming into the class.
Match Match criteria specified for the class of traffic. Choices include criteria
such as VLAN ID number, precedence, IP differentiated services code
point (DSCP) value, Multiprotocol Label Switching (MPLS)
experimental value, access groups, and quality of service (QoS) group
(set). For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the Cisco IOS
Quality of Service Solutions Configuration Guide.
1. A number in parentheses may appear next to the service-policy input name and the class-map name. The number is for Cisco
internal use only and can be disregarded.
FastEthernet5/36
service-policy input: max-pol-ipp5
class-map: ipp5 (match-all)
0 packets, 0 bytes
5 minute rate 0 bps
match: ip precedence 5
class ipp5
police 2000000000 2000000 conform-action set-prec-transmit 6 exceed-action p
policed-dscp-transmit
The following example shows how to display the input-policy statistics and the configurations for a
specific interface on a Cisco 7600 series router:
Router# show policy-map interface fastethernet 5/36 input
FastEthernet5/36
service-policy input: max-pol-ipp5
class-map: ipp5 (match-all)
0 packets, 0 bytes
5 minute rate 0 bps
match: ip precedence 5
class ipp5
police 2000000000 2000000 conform-action set-prec-transmit 6 exceed-action p
policed-dscp-transmit
Table 177 show policy-map interface Field Descriptions—Cisco 7600 Series Routers
Field Description
service-policy input Name of the input service policy applied to the specified interface.
class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
minute rate Rate, in kbps, of the packets coming into the class.
match Match criteria specified for the class of traffic. Choices include criteria
such as VLAN ID number, precedence, IP differentiated services code
point (DSCP) value, Multiprotocol Label Switching (MPLS)
experimental value, access groups, and quality of service (QoS) group
(set). For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the Cisco IOS
Quality of Service Solutions Configuration Guide.
class Precedence value.
police Indicates that the police command has been configured to enable traffic
policing.
Serial2/1/0
Service-policy output: P1
Queue statistics for all priority classes:
.
.
.
Class-map: Gold (match-all)
0 packets, 0 bytes/*Updated for each priority level configured.*/
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Priority: 0 kbps, burst bytes 1500, b/w exceed drops: 0
Priority Level 4:
0 packets, 0 bytes
Service-policy : child_policy
Field Description
Service-policy output Name of the output service policy applied to the specified interface.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
bandwidth remaining Indicates the ratio used to allocate excess bandwidth.
ratio
Serial0
Table 179 show policy-map interface Field Descriptions—Configured for Tunnel Marking
Field Description
service-policy input Name of the input service policy applied to the specified interface.
class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
match Match criteria specified for the class of traffic. In this example, the Frame
Relay Discard Eligible (DE) bit has been specified as the match criterion.
For more information about the variety of match criteria that are available,
see the “Classifying Network Traffic” module in the Cisco IOS Quality of
Service Solutions Configuration Guide.
ip dscp tunnel Indicates that tunnel marking has been configured to set the DSCP in the
header of a tunneled packet to a value of 3.
Service-policy output:unit-test
Table 180 show policy-map interface Field Descriptions—Configured for Traffic Shaping Overhead
Accounting for ATM
Field Description
service-policy output Name of the output service policy applied to the specified interface.
class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
match Match criteria specified for the class of traffic. In this example, the Frame
Relay Discard Eligible (DE) bit has been specified as the match criterion.
For more information about the variety of match criteria that are available,
see the “Classifying Network Traffic” module in the Cisco IOS Quality of
Service Solutions Configuration Guide.
target shape rate Indicates that traffic shaping is enabled at the specified rate.
overhead accounting Indicates whether overhead accounting is enabled or disabled for traffic
shaping.
bandwidth Indicates the percentage of bandwidth allocated for traffic queueing.
overhead accounting: Indicates whether overhead accounting is enabled or disabled for traffic
queueing.
HQF: Example
The following output from the show policy-map interface command displays the configuration for Fast
Ethernet interface 0/0:
Router# show policy-map interface f0/0
FastEthernet0/0
Service-policy : test2
Class-map: RT (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
Priority: 20% (307 kbps), burst bytes 7650, b/w exceed drops: 0
Class-map: BH (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
Queueing
queue limit 128 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 40% (614 kbps)
Class-map: BL (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip dscp af21 (18)
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 35% (537 kbps)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
Field Description
FastEthernet Name of the interface.
service-policy output Name of the output service policy applied to the specified interface.
class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets, bytes Number of the packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Match Match criteria specified for the class of traffic.
Note For more information about the variety of match criteria that are
available, see the “Classifying Network Traffic” module in the
Cisco IOS Quality of Service Solutions Configuration Guide.
Queueing Indicates that queueing is enabled.
queue limit Maximum number of packets that a queue can hold for a class policy
configured in a policy map.
bandwidth Indicates the percentage of bandwidth allocated for traffic queueing.
dscp Differentiated services code point (DSCP). Values can be the following:
• 0 to 63—Numerical DSCP values. The default value is 0.
• af1 to af43—Assured forwarding (AF) DSCP values.
• cs1 to cs7—Type of service (ToS) precedence values.
• default—Default DSCP value.
• ef—Expedited forwarding (EF) DSCP values.
Command Description
police (percent) Configures traffic policing on the basis of a percentage of bandwidth
available on an interface.
police (two rates) Configures traffic policing using two rates, the CIR and the PIR.
policy-map Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
priority Specifies that low-latency behavior must be given to a traffic class and
configures multiple priority queues.
random-detect ecn Enables ECN.
shape (percent) Specifies average or peak rate traffic shaping on the basis of a percentage
of bandwidth available on an interface.
show class-map Display all class maps and their matching criteria.
show frame-relay pvc Displays statistics about PVCs for Frame Relay interfaces.
show interfaces Displays statistics for all interfaces configured on a router or access server.
show mls qos Displays MLS QoS information.
show policy-map Displays the configuration of all classes for a specified service policy map
or all classes for all existing policy maps.
show policy-map class Displays the configuration for the specified class of the specified policy
map.
show table-map Displays the configuration of a specified table map or of all table maps.
table-map (value Creates and configures a mapping table for mapping and converting one
mapping) packet-marking value to another.
show policy-map interface [input | output] brief [policy-map-name] [vrf [vrf-id]] [timestamp]
Syntax Description input (Optional) Indicates that only the information about the active input policy
maps will be displayed.
output (Optional) Indicates that only the information about the active output policy
maps will be displayed.
brief Indicates that the name of all the active policy maps (both input and output
policy maps) and the interfaces to which the policy maps are attached will
be displayed. The active input policy maps will be displayed first, followed
by the output policy maps.
policy-map-name (Optional) Name of an active policy map to be displayed.
vrf (Optional) Indicates that the active policy maps for Virtual Private Network
(VPN) routing and forwarding (VRF) instances will be displayed.
vrf-id (Optional) A specific VRF identifier.
timestamp (Optional) Indicates that the date and time when the policy map was
attached will be displayed, along with the ID of the user who attached the
policy map.
Command Default If no optional keywords or arguments are specified, all policy maps (even those that are not active) are
displayed.
Usage Guidelines The show policy-map interface brief command displays the name of the active policy maps and the
interfaces to which those policy maps are attached. An active policy map is one that is attached to an
interface.
The optional keywords and arguments allow you to tailor the information displayed about VPNs, time
stamps, and user IDs.
If you do not specify any optional keywords or arguments, all policy maps (even those that are not active)
are displayed.
Note If the network software is reloaded (reinstalled), the time-stamp information (the time and date
information) obtained will not be retained for any of the policy maps attached to interfaces on
the network. Instead, the time and date information displayed will be the time and date when the
software was reloaded.
ATM PVCs
For ATM permanent virtual circuits (PVCs), policy maps do not remain associated with the interface if
the ATM PVC is not working properly (that is, the ATM PVC is “down”). Therefore, if an ATM PVC is
down, and a policy map is attached to an interface, the show policy-map interface brief command does
not include information about the policy maps in the command output.
Examples The information that is displayed by the show policy-map interface brief command varies according
to the optional keywords and arguments that you specify.
The following sections list the significant keyword and argument combinations used with the command
and describe the corresponding information displayed.
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
For example, the display for the show policy-map interface output brief policyname2 timestamp
command is as follows:
Service-policy output: policyname2
interface s2/0/2 - applied 21:47:04 on 24/12/01 by user1
interface s6/0/1 - applied 19:43:04 on 25/12/01 by user1
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
Service-policy input: policyname1
VRFA interface s2/0/1 - applied 21:47:04 on 23/12/01 by user1
VRFB interface s6/0/0 - applied 21:47:04 on 23/12/01 by user1
In some network configurations, the policy map may be attached to the interface initially, and then at a
later time, the interface can be configured to act as a VRF interface. In this kind of network
configuration, the time-stamp information displays the time when the policy map was attached to the
interface. The display does not include the time when the interface was configured to act as a VRF
interface. Displaying only the time when the policy map is attached to the interface also applies to the
scenarios that are described in the following paragraph for other network configurations.
In other network configurations, a VRF may be attached to multiple interfaces as described in the
following scenarios:
• The policy map is also attached to both the interfaces and the VRFs. In this network configuration,
all the interfaces should be shown in the display for the VRF, under the policy map name, as follows:
Service-policy input: policyname1
VRF1 interface s2/0/1 - applied 21:47:37 on 23/12/01 by user1
interface atm0/0 - applied 11:37:57 on 21/11/01 by user1
• The policy map is not attached to all interfaces to which the specific VRF is attached. In this network
configuration, only the VRF interfaces that have that policy map configured are displayed.
show policy-map interface brief policy-map-name vrf vrf-id timestamp Command Example
The show policy-map interface brief policy-map-name vrf vrf-id timestamp command displays all the
policy maps (both the input policy maps and the output policy maps), along with information about the
interface and VRF to which the policy maps are attached. Only the policy map and VRF specified by the
policy-map-name argument and the vrf-id argument are displayed.
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
For example, the display for show policy-map interface brief policyname1 vrf VRFA timestamp
command is as follows:
show policy-map interface input brief vrf vrf-id timestamp Command Example
The show policy-map interface input brief vrf vrf-id timestamp command displays the attached input
policy maps, along with information about the interface and VRF to which the policy maps are attached.
Only the policy maps attached to the VRF specified by the vrf-id argument are displayed.
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
For example, the display for the show policy-map interface input brief vrf VRFA timestamp
command is as follows:
Service-policy input: policyname1
VRFA interface s2/0/1 - applied 21:47:04 on 23/12/01 by user1
show policy-map interface output brief vrf vrf-id timestamp Command Example
The show policy-map interface output brief vrf vrf-id timestamp command displays the attached
output policy maps, along with information about the interface and VRF to which the policy maps are
attached. Only the policy maps attached to the VRF specified by the vrf-id argument are displayed.
The timestamp keyword displays the time and date when the policy map was attached to the specific
interface, along with the user ID of the person who attached the policy map to the interface.
For example, the display for the show policy-map interface output brief vrf VRFB timestamp
command is as follows:
Service-policy output: policyname1
VRFB interface s2/0/1 - applied 21:47:04 on 23/12/01 by user1
Table 182 describes the significant fields shown in the various displays.
Field Description
Service-policy output: Output policy map name.
policyname2
Service-policy input: Input policy map name.
policyname2
interface s2/0/1 Interface to which the policy map is attached.
VRFA VRF to which the policy map is attached.
applied 21:47:04 on Time and date when the policy map was attached to the interface or VRF.
23/12/01
by user1 User ID of the person who attached the policy map to the interface or VRF.
Examples The following example shows the policy-map output for a hierarchical policy on a given service instance
1 under port channel 1:
Router# show policy-map interface port-channel 1 service instance 1
Port-channel1: EFP 1
Service-policy : flat-pc-brr
Match: cos 5
Queueing
queue limit 2500 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Match: any
Queueing
queue limit 2500 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Field Description
Fields Associated with Classes or Service Policies
Service-policy output Name of the output service policy applied to the specified interface or VC.
Class-map Class of traffic being displayed. Output is displayed for each configured
class in the policy. The choice for implementing class matches (for
example, match-all or match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as belonging to the
class of traffic being displayed.
offered rate Rate, in kbps, of packets coming in to the class.
Note If the packets are compressed over an outgoing interface, the
improved packet rate achieved by packet compression is not
reflected in the offered rate. Also, if the packets are classified
before they enter a combination of tunnels (for example, a generic
routing encapsulation (GRE) tunnel and an IP Security (IPSec)
tunnel), the offered rate does not include all the extra overhead
associated with tunnel encapsulation in general. Depending on the
configuration, the offered rate may include no overhead, may
include the overhead for only one tunnel encapsulation, or may
include the overhead for all tunnel encapsulations. In most of the
GRE and IPSec tunnel configurations, the offered rate includes the
overhead for GRE tunnel encapsulation only.
drop rate Rate, in kbps, at which packets are dropped from the class. The drop rate
is calculated by subtracting the number of successfully transmitted
packets from the offered rate.
Match Match criteria specified for the class of traffic. Choices include criteria
such as IP precedence, IP differentiated services code point (DSCP) value,
Multiprotocol Label Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the variety of match
criteria that are available, see the “Classifying Network Traffic” module
in the Cisco IOS Quality of Service Solutions Configuration Guide.
Table 183 show policy-map interface service instance Field Descriptions1 (continued)
Field Description
Fields Associated with Queueing (if Enabled)
Output Queue The weighted fair queueing (WFQ) conversation to which this class of
traffic is allocated.
Bandwidth Bandwidth, in either kbps or percentage, configured for this class and the
burst size.
pkts matched/bytes Number of packets (also shown in bytes) matching this class that were
matched placed in the queue. This number reflects the total number of matching
packets queued at any time. Packets matching this class are queued only
when congestion exists. If packets match the class but are never queued
because the network was not congested, those packets are not included in
this total. However, if process switching is in use, the number of packets
is always incremented even if the network is not congested.
depth/total Number of packets discarded for this class. No-buffer indicates that no
drops/no-buffer drops memory buffer exists to service the packet.
Fields Associated with Weighted Random Early Detection (WRED) (if Enabled)
exponential weight Exponent used in the average queue size calculation for a WRED
parameter group.
mean queue depth Average queue depth based on the actual queue depth on the interface and
the exponential weighting constant. It is a fluctuating average. The
minimum and maximum thresholds are compared against this value to
determine drop decisions.
class IP precedence level.
Transmitted pkts/bytes Number of packets (also shown in bytes) passed through WRED and not
dropped by WRED.
Note If there is insufficient memory in the buffer to accommodate the
packet, the packet can be dropped after the packet passes through
WRED. Packets dropped because of insufficient memory in the
buffer (sometimes referred to as “no-buffer drops”) are not taken
into account by the WRED packet counter.
Random drop pkts/bytes Number of packets (also shown in bytes) randomly dropped when the
mean queue depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence level.
Tail drop pkts/bytes Number of packets dropped when the mean queue depth is greater than the
maximum threshold value for the specified IP precedence level.
Minimum thresh Minimum threshold. Minimum WRED threshold in number of packets.
Maximum thresh Maximum threshold. Maximum WRED threshold in number of packets.
Mark prob Mark probability. Fraction of packets dropped when the average queue
depth is at the maximum threshold.
Table 183 show policy-map interface service instance Field Descriptions1 (continued)
Field Description
Fields Associated with Traffic Shaping (if Enabled)
Target Rate Rate used for shaping traffic.
Byte Limit Maximum number of bytes that can be transmitted per interval. Calculated
as follows:
((Bc+Be) /8) x 1
Sustain bits/int Committed burst (Bc) rate.
Excess bits/int Excess burst (Be) rate.
Interval (ms) Time interval value in milliseconds (ms).
Increment (bytes) Number of credits (in bytes) received in the token bucket of the traffic
shaper during each time interval.
Queue Depth Current queue depth of the traffic shaper.
Packets Total number of packets that have entered the traffic shaper system.
Bytes Total number of bytes that have entered the traffic shaper system.
Packets Delayed Total number of packets delayed in the queue of the traffic shaper before
being transmitted.
Bytes Delayed Total number of bytes delayed in the queue of the traffic shaper before
being transmitted.
Shaping Active Indicates whether the traffic shaper is active. For example, if a traffic
shaper is active, and the traffic being sent exceeds the traffic shaping rate,
a “yes” appears in this field.
1. A number in parentheses may appear next to the service-policy output name, class-map name, and match criteria
information. The number is for Cisco internal use only and can be disregarded.
show policy-map session [uid uid-number] [input class class-name | output class class-name]
Usage Guidelines Use the show policy-map session command with the uid keyword to verify the QoS policy map of a
unique session ID in the input and output streams in the SSS session.
Use the show policy-map session command with the optional class class-name keyword argument
combination to display statistics for a particular class. If you use the show policy-map session command
without the class class-name keyword argument combination, statistics for all the classes defined in the
QoS policy map display.
Examples This section contains sample output from the show policy-map session command.
Note The output of the show policy-map session command varies according to the QoS feature configured in
the policy map. For instance, if traffic shaping or traffic queueing is configured in the policy maps, the
statistics for those features will be included and the output will vary accordingly from what is shown in
this section. Additional self-explanatory fields may appear, but the output will be very similar.
The following example from the show policy-map session command displays QoS policy-map statistics
for traffic in the downstream direction for the QoS policy maps configured:
Router# show policy-map session uid 401 output
Table 184 show policy-map session Field Descriptions — Traffic in the Downstream Direction
Field Description
SSS session identifier Unique session identifier.
Service-policy output Name of the output service policy applied to the
specified interface or virtual circuit (VC).
Class-map Class of traffic being displayed. Output is displayed for
each configured class in the policy. The choice for
implementing class matches (for example, match-all or
match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as
belonging to the class of traffic being displayed.
offered rate Rate, in bps, of packets coming in to the class.
Note If the packets are compressed over an outgoing
interface, the improved packet rate achieved by
packet compression is not reflected in the offered
rate. Also, if the packets are classified before
they enter a combination of tunnels (for example,
a generic routing encapsulation [GRE] tunnel
and an IP Security [IPsec] tunnel), the offered
rate does not include all the extra overhead
associated with tunnel encapsulation in general.
Depending on the configuration, the offered rate
may include no overhead, may include the
overhead for only one tunnel encapsulation, or
may include the overhead for all tunnel
encapsulations. In most of the GRE and IPsec
tunnel configurations, the offered rate includes
the overhead for GRE tunnel encapsulation only.
drop rate Rate, in bps, at which packets are dropped from the class.
The drop rate is calculated by subtracting the number of
successfully transmitted packets from the offered rate.
Match Match criteria specified for the class of traffic. Choices
include criteria such as IP precedence, IP differentiated
services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the
variety of availablematch criteria options, see the
“Applying QoS Features Using the MQC” module of the
Cisco IOS Quality of Service Solutions Configuration
Guide.
QoS Set Indicates that packet marking is in place.
dscp Value used in packet marking.
Packets marked The number of packets marked.
Table 184 show policy-map session Field Descriptions (continued)— Traffic in the Downstream
Field Description
police Indicates that the police command has been configured
to enable traffic policing. Also, displays the specified
committed information rate (CIR), conform burst (bc)
size, peak information rate (PIR), and peak burst (be)
size used for marking packets.
conformed Displays the action to be taken on packets that conform
to a specified rate. Displays the number of packets and
bytes on which the action was taken.
exceeded Displays the action to be taken on packets that exceed a
specified rate. Displays the number of packets and bytes
on which the action was taken.
violated Displays the action to be taken on packets that violate a
specified rate. Displays the number of packets and bytes
on which the action was taken.
The following example from the show policy-map session command displays QoS policy-map statistics
for traffic in the upstream direction for all the QoS policy maps configured:
Router# show policy-map session uid 401 input
Table 185 show policy-map session Field Descriptions — Traffic in the Upstream Direction
Field Description
SSS session identifier Unique session identifier.
Service-policy input Name of the input service policy applied to the specified
interface or VC.
Class-map Class of traffic being displayed. Output is displayed for
each configured class in the policy. The choice for
implementing class matches (for example, match-all or
match-any) can also appear next to the traffic class.
packets and bytes Number of packets (also shown in bytes) identified as
belonging to the class of traffic being displayed.
offered rate Rate, in bps, of packets coming in to the class.
Note If the packets are compressed over an outgoing
interface, the improved packet rate achieved by
packet compression is not reflected in the offered
rate. Also, if the packets are classified before
they enter a combination of tunnels (for example,
a generic routing encapsulation [GRE] tunnel
and an IP Security [IPsec] tunnel), the offered
rate does not include all the extra overhead
associated with tunnel encapsulation in general.
Depending on the configuration, the offered rate
may include no overhead, may include the
overhead for only one tunnel encapsulation, or
may include the overhead for all tunnel
encapsulations. In most of the GRE and IPsec
tunnel configurations, the offered rate includes
the overhead for GRE tunnel encapsulation only.
drop rate Rate, in bps, at which packets are dropped from the class.
The drop rate is calculated by subtracting the number of
successfully transmitted packets from the offered rate.
Match Match criteria specified for the class of traffic. Choices
include criteria such as IP precedence, IP differentiated
services code point (DSCP) value, Multiprotocol Label
Switching (MPLS) experimental (EXP) value, access
groups, and QoS groups. For more information about the
variety of available match criteria options, see the
“Applying QoS Features Using the MQC” module of the
Cisco IOS Quality of Service Solutions Configuration
Guide.
police Indicates that the police command has been configured
to enable traffic policing. Also, displays the specified
committed information rate (CIR), conform burst (bc)
size, peak information rate (PIR), and peak burst (be)
size used for marking packets.
Table 185 show policy-map session Field Descriptions (continued)— Traffic in the Upstream
Field Description
conformed Displays the action to be taken on packets that conform
to a specified rate. Displays the number of packets and
bytes on which the action was taken.
exceeded Displays the action to be taken on packets that exceed a
specified rate. Displays the number of packets and bytes
on which the action was taken.
violated Displays the action to be taken on packets that violate a
specified rate. Displays the number of packets and bytes
on which the action was taken.
Note The QoS: Per-Session Shaping and Queueing on LNS feature does not support packet marking. That is,
this feature does not support the use of the set command to mark packets. Therefore, statistics related to
packet marking are not included in the output.
Service-policy : child
Match: ip precedence 2
Queueing
queue limit 44 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 212000, bc 7632, be 7632
target shape rate 212000
Table 186 describes the significant fields related to per-session traffic shaping and queueing shown in
the display.
.
Table 186 show policy-map session Field Descriptions—Per-Session Traffic Shaping and Queueing
Configured
Field Description
Queueing Indicates that traffic queueing is enabled.
queue limit Displays the queue limit, in packets.
queue depth Current queue depth of the traffic shaper.
shape (average) cir, bc, be Indicates that average rate traffic shaping is enabled.
Displays the committed information rate (CIR), the
committed burst (bc) rate, and the excess burst (be) rate
in bytes.
target shape rate Displays the traffic shaping rate, in bytes.
Field Description
target shape rate Displays the traffic shaping rate, in bytes.
Overhead Accounting Enabled Indicates that overhead accounting is enabled.
Examples The following example shows how to define FPM traffic classes for slammer packets (UDP port 1434).
The match criteria defined within the class maps is for slammer packets with an IP length not to exceed
404 bytes, UDP port 1434, and pattern 0x4011010 at 224 bytes from start of IP header. This example
also shows how to define the service policy “fpm-policy” and apply it to the gigabitEthernet interface.
Show commands have been issued to verify the FPM configuration. (Note that PHDFs are not displayed
in show output because they are in XML format.)
Router(config)# load protocol disk2:ip.phdf
Router(config)# load protocol disk2:udp.phdf
Protocol ID: 1
Protocol name: IP
Description: Definition-for-the-IP-protocol
Original file name: disk2:ip.phdf
Header length: 20
Constraint(s):
Total number of fields: 12
Field id: 0, version, IP-version
Fixed offset. offset 0
Constant length. Length: 4
Field id: 1, ihl, IP-Header-Length
Fixed offset. offset 4
Constant length. Length: 4
Field id: 2, tos, IP-Type-of-Service
Fixed offset. offset 8
Constant length. Length: 8
Field id: 3, length, IP-Total-Length
Fixed offset. offset 16
Constant length. Length: 16
Field id: 4, identification, IP-Identification
Fixed offset. offset 32
Constant length. Length: 16
Field id: 5, flags, IP-Fragmentation-Flags
Fixed offset. offset 48
Constant length. Length: 3
Field id: 6, fragment-offset, IP-Fragmentation-Offset
Fixed offset. offset 51
Constant length. Length: 13
Field id: 7, ttl, Definition-for-the-IP-TTL
Fixed offset. offset 64
Constant length. Length: 8
Field id: 8, protocol, IP-Protocol
Fixed offset. offset 72
Constant length. Length: 8
Field id: 9, checksum, IP-Header-Checksum
Fixed offset. offset 80
Constant length. Length: 16
Field id: 10, source-addr, IP-Source-Address
Fixed offset. offset 96
Constant length. Length: 32
Field id: 11, dest-addr, IP-Destination-Address
Fixed offset. offset 128
Constant length. Length: 32
Protocol ID: 3
Protocol name: UDP
Description: UDP-Protocol
Original file name: disk2:udp.phdf
Header length: 8
Constraint(s):
Total number of fields: 4
Field id: 0, source-port, UDP-Source-Port
Fixed offset. offset 0
Constant length. Length: 16
Field id: 1, dest-port, UDP-Destination-Port
Fixed offset. offset 16
Constant length. Length: 16
Field id: 2, length, UDP-Length
Fixed offset. offset 32
Constant length. Length: 16
Usage Guidelines Use the show qbm client command to confirm that a subset of Cisco IOS software has registered with
QBM.
A subset of Cisco IOS software becomes a client of QBM by calling a QBM registration application
programming interface (API) and receiving an ID. If the subset has not registered, then it is not a client.
Examples The following is sample output from the show qbm client command when RSVP aggregation is enabled:
Router# show qbm client
Field Description
Client Name The name of the application.
• RSVP BW Admit—The RSVP QBM client used for
admitting bandwidth into QBM bandwidth pools.
• RSVP rfc3175 AggResv—RSVP aggregation as defined in
RFC 3175, Aggregation of RSVP for IPv4 and IPv6
Reservations.
– This client is used to create and maintain QBM
bandwidth pools for RSVP aggregate reservations.
Client ID The identifier of the application. One client ID exists per client.
Syntax Description id pool-id (Optional) Displays the identifier for a specified bandwidth pool that is
performing admission control. The values must be between 0x0 and
0xffffffff; there is no default.
Command Default If you enter the show qbm pool command without the optional keyword/argument combination, the
command displays information for all configured QBM pools.
Usage Guidelines Use the show qbm pool command to display information for all configured QBM pools or for a specified
pool. If you enter a pool ID that does not exist, you receive an error message.
This command is useful for troubleshooting QBM operation.
Examples The following sample output is from the show qbm pool command when RSVP aggregation is enabled:
Router# show qbm pool
Pool ID 0x00000009
Associated object: 'RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)'
Minimum: 300Kbps
Oper Status: OPERATIONAL
Oper Minimum: 300Kbps
Used Bandwidth: 80Kbps
Field Description
Total number of pools allocated The number of QBM pools configured.
Pool ID The QBM pool identifier.
Associated object The application (or client) associated with the QBM pool. This
string is provided by the client and as a result, the client chooses
the string, not QBM. For example, RSVP 3175 AggResv
192.168.40.1->192.168.50.1_ef(46) means the QBM pool is
associated with the RSVP aggregate reservation with source
endpoint (aggregator) having IP address 192.168.40.1,
destination endpoint (deaggregator) having IP address
192.168.50.1, and differentiated services code point (DSCP)
expedited forwarding (EF).
Minimum The pool’s minimum bandwidth guarantee. (Units may vary.)
Oper Status Status of the application. Values are the following:
• OPERATIONAL—Application is enabled.
• NON-OPERATIONAL—Application is disabled.
Oper Minimum Defines the minimum bandwidth guarantee that the pool is able
to enforce. This value may differ from the pool’s minimum
bandwidth guarantee because of operational conditions. For
example, if the pool is associated with an interface and the
interface is down, its Oper Status is NON-OPERATIONAL, then
the operational minimum is N/A.
Used Bandwidth The bandwidth reserved by applications/clients using this pool.
N/A displays instead of 0 when the pool’s Oper Status is
NON-OPERATIONAL.
The following sample output is from the show qbm pool command with a specified pool ID:
Router# show qbm pool id 0x000000006
Pool ID 0x00000009
Associated object: 'RSVP 3175 AggResv 192.168.40.1->192.168.50.1_ef(46)'
Minimum: 300Kbps
Oper Status: OPERATIONAL
Oper Minimum: 300Kbps
Used Bandwidth: 80Kbps
Usage Guidelines The show qdm status command can be used on the Cisco 7600 series router.
The output of the show qdm status command includes the following information:
• Number of connected clients
• Client IDs
• Version of the client software
• IP addresses of the connected clients
• Duration of the connection
Examples The following example illustrates the show qdm status output when two QDM clients are connected to
the router:
Router# show qdm status
ueue
To display the contents of packets inside a queue for a particular interface or virtual circuit (VC), use the
show queue command in user EXEC or privileged EXEC mode.
Release Modification
12.2SX This command is supported in the Cisco IOS Release 12.2SX train. Support
in a specific 12.2SX release of this train depends on your feature set,
platform, and platform hardware.
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T, but without
support for hierarchical queueing framework (HQF). See the “Usage
Guidelines” for additional information.
Usage Guidelines This command displays the contents of packets inside a queue for a particular interface or VC.
This command does not support VIP-distributed Weighted Random Early Detection WRED (DWRED).
You can use the vc keyword and the show queue command arguments to display output for a PVC only
on Enhanced ATM port adapters (PA-A3) that support per-VC queueing.
This command does not support HQF. Use the show policy-map and the show policy-map interface
commands to gather HQF information and statistics.
Examples The following examples show sample output when the show queue command is entered and either
weighted fair queueing (WFQ), WRED, or flow-based WRED are configured.
WFQ Example
The following is sample output from the show queue command for PVC 33 on the atm2/0.33 ATM
subinterface. Two conversations are active on this interface. WFQ ensures that both data streams receive
equal bandwidth on the interface while they have messages in the pipeline.
Router# show queue atm2/0.33 vc 33
Field Description
Queueing strategy Type of queueing active on this interface.
Total output drops per VC Total output packet drops.
Field Description
Output queue Output queue size, in packets. Max total defines the aggregate queue size
of all the WFQ flows. Threshold is the individual queue size of each
conversation. Drops are the dropped packets from all the conversations in
WFQ.
Conversations WFQ conversation number. A conversation becomes inactive or times out
when its queue is empty. Each traffic flow in WFQ is based on a queue
and represented by a conversation. Max active is the number of active
conversations that have occurred since the queueing feature was
configured. Max total is the number of conversations allowed
simultaneously.
Reserved Conversations Traffic flows not captured by WFQ, such as class-based weighted fair
queueing (CBWFQ) configured by the bandwidth command or a
Resource Reservation Protocol (RSVP) flow, have a separate queue that
is represented by a reserved conversation. Allocated is the current number
of reserved conversations. Max allocated is the maximum number of
allocated reserved conversations that have occurred.
depth Queue depth for the conversation, in packets.
weight Weight used in WFQ.
discards Number of packets dropped from the conversation’s queue.
tail drops Number of packets dropped from the conversation when the queue is at
capacity.
interleaves Number of packets interleaved.
linktype Protocol name.
length Packet length.
source Source IP address.
destination Destination IP address.
id Packet ID.
ttl Time to live count.
TOS IP type of service.
prot Layer 4 protocol number.
Field Description
Packet Packet number.
flow id Flow-based WRED number.
linktype Protocol name.
length Packet length.
flags Internal version-specific flags.
source Source IP address.
destination Destination IP address.
id Packet ID.
ttl Time to live count.
prot Layer 4 protocol number.
data Packet data.
WRED Example
The following is sample output from the show queue command issued for serial interface 3 on which
WRED is configured. The output has been truncated to show only 2 of the 24 packets.
Router# show queue Serial3
Command Description
fair-queue (WFQ) Enables WFQ for an interface.
priority-group Assigns the specified priority list to an interface.
random-detect Enables WRED or DWRED.
(interface)
random-detect flow Enables flow-based WRED.
show frame-relay pvc Displays information and statistics about WFQ for a VIP-based interface.
show queueing Lists all or selected configured queueing strategies.
show queueing
To list all or selected configured queueing strategies, use the show queueing command in user EXEC or
privileged EXEC mode.
Syntax Description custom (Optional) Status of the custom queueing list configuration.
fair (Optional) Status of the fair queueing configuration.
priority (Optional) Status of the priority queueing list configuration.
random-detect (Optional) Status of the Weighted Random Early Detection (WRED) and
distributed WRED (DWRED) configuration, including configuration of
flow-based WRED.
interface (Optional) Displays the WRED parameters of every virtual circuit (VC) with
atm-subinterface WRED enabled on the specified ATM subinterface.
vc (Optional) Displays the WRED parameters associated with a specific VC. If
desired, both the virtual path identifier (VPI) and virtual circuit identifier
(VCI) values, or just the VCI value, can be specified.
vpi/ (Optional) Specifies the VPI. If the vpi argument is omitted, 0 is used as the
VPI value for locating the permanent virtual circuit (PVC). If the vpi
argument is specified, the / separator is required.
vci (Optional) Specifies the VCI.
Command Default If no optional keyword is entered, this command shows the configuration of all interfaces.
Release Modification
12.2(33)SRA This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(20)T This command was integrated into Cisco IOS Release 12.4(20)T, but without
support for hierarchical queueing framework (HQF). See the “Usage
Guidelines” for additional information.
Usage Guidelines This command does not support HQF. Use the show policy-map and the show policy-map interface
commands to gather HQF information and statistics.
DWRED Example
The following is sample output from the show queueing random-detect command for DWRED:
Field Description
Discard threshold Number of messages allowed in each queue.
Dynamic queue count Number of dynamic queues used for best-effort conversations.
Reserved queue count Number of reservable queues used for reserved conversations.
High limit High DLCI priority queue size in maximum number of packets.
Medium limit Medium DLCI priority queue size, in maximum number of
packets.
Normal limit Normal DLCI priority queue size, in maximum number of
packets.
Low limit Low DLCI priority queue size, in maximum number of packets.
List Custom queueing—Number of the queue list.
Priority queueing—Number of the priority list.
Queue Custom queueing—Number of the queue.
Priority queueing—Priority queue level (high, medium, normal,
or low keyword).
Args Packet matching criteria for that queue.
Exp-weight-constant Exponential weight factor.
Mean queue depth Average queue depth. It is calculated based on the actual queue
depth on the interface and the exponential weighting constant. It
is a moving average. The minimum and maximum thresholds are
compared against this value to determine drop decisions.
Class IP Precedence value.
Random drop Number of packets randomly dropped when the mean queue
depth is between the minimum threshold value and the maximum
threshold value for the specified IP Precedence value.
Tail drop Number of packets dropped when the mean queue depth is greater
than the maximum threshold value for the specified IP Precedence
value.
Minimum threshold Minimum WRED threshold, in number of packets.
Maximum threshold Maximum WRED threshold, in number of packets.
Mark probability Fraction of packets dropped when the average queue depth is at
the maximum threshold.
Command Description
frame-relay interface-queue Enables the FR PIPQ feature.
priority
precedence (WRED group) Configures a WRED group for a particular IP Precedence.
priority-group Assigns the specified priority list to an interface.
priority-list interface Establishes queueing priorities on packets entering from a given
interface.
priority-list queue-limit Specifies the maximum number of packets that can be waiting in
each of the priority queues.
queue-list interface Establishes queueing priorities on packets entering on an
interface.
queue-list queue byte-count Specifies how many bytes the system allows to be delivered from
a given queue during a particular cycle.
random-detect (interface) Enables WRED or DWRED.
random-detect flow Sets the multiplier to be used in determining the average depth
average-depth-factor factor for a flow when flow-based WRED is enabled.
random-detect flow count Sets the flow count for flow-based WRED.
show interfaces Displays the statistical information specific to a serial interface.
show queue Displays the contents of packets inside a queue for a particular
interface or VC.
show queueing interface Displays the queueing statistics of an interface or VC.
Examples The following is sample output from the show queueing interface command. In this example, WRED
is the queueing strategy in use. The output varies according to queueing strategy in use.
Router# show queueing interface atm2/0
Field Description
Queueing strategy Name of the queueing strategy in use (for example, WRED).
Exp-weight-constant Exponential weight constant. Exponent used in the average
queue size calculation for a WRED parameter group.
Mean queue depth Average queue depth based on the actual queue depth on the
interface and the exponential weighting constant. It is a
fluctuating average. The minimum and maximum thresholds
are compared against this value to determine drop decisions.
Class IP precedence level.
Random drop Number of packets randomly dropped when the mean queue
depth is between the minimum threshold value and the
maximum threshold value for the specified IP precedence
level.
Field Description
Tail drop Number of packets dropped when the mean queue depth is
greater than the maximum threshold value for the specified IP
precedence level.
Minimum threshold Minimum WRED threshold in packets.
Maximum threshold Maximum WRED threshold in packets.
Mark probability Fraction of packets dropped when the average queue depth is
at the maximum threshold.
show table-map
To display the configuration of a specified table map or all table maps, use the show table-map
command in EXEC mode.
Syntax Description table-map-name Name of table map used to map one packet-marking value to another. The
name can be a maximum of 64 alphanumeric characters.
Examples The sample output of the show table-map command shows the contents of a table map called “map 1”.
In “map1”, a “to–from” relationship has been established and a default value has been defined. The fields
for establishing the “to–from” mappings are further defined by the policy map in which the table map
will be configured. (Configuring a policy map is the next logical step after creating a table map.)
For instance, a precedence or differentiated services code point (DSCP) value of 0 could be mapped to
a class of service (CoS) value of 1, or vice versa, depending on the how the values are defined in the
table map. Any values not explicitly defined in a “to–from” relationship will be set to a default value.
The following sample output of the show table-map command displays the contents of a table map
called “map1”. In this table map, a packet-marking value of 0 is mapped to a packet-marking value of 1.
All other packet-marking values are mapped to the default value 3.
Router# show table-map map1
Field Description
Table Map The name of the table map being displayed.
from, to The values of the “to–from” relationship established by the table-map
(value mapping) command and further defined by the policy map in which
the table map will be configured.
default The default action to be used for any values not explicitly defined in a
“to–from” relationship by the table-map (value mapping) command. If a
default action is not specified in the table-map (value mapping) command,
the default action is “copy”.
Usage Guidelines This command is not required for normal use of the operating system. This command is useful when you
contact technical support personnel with questions regarding RSVP. The show tech-support rsvp
command generates a series of reports that can be useful to technical support personnel attempting to
solve problems.
Any issues or caveats that apply to the show tech-support command also apply to this command. For
example, the enable password, if configured, is not displayed in the output of the show running-config
command.
Examples The show tech-support rsvp command is equivalent to issuing the following commands:
• show ip rsvp installed
• show ip rsvp interface
• show ip rsvp neighbor
• show ip rsvp policy cops
• show ip rsvp reservation
• show ip rsvp sender
• show running-config
• show version
For the specific examples, refer to the displays and descriptions for the individual commands for more
information.
show traffic-shape
To display the current traffic-shaping configuration, use the show traffic-shape command in EXEC
mode.
Syntax Description interface-type (Optional) The type of the interface. If no interface is specified,
traffic-shaping details for all configured interfaces are shown.
interface-number (Optional) The number of the interface.
Usage Guidelines You must have first enabled traffic shaping using the traffic-shape rate, traffic-shape group, or
frame-relay traffic-shaping command to display traffic-shaping information.
Examples The following is sample output from the show traffic-shape command:
Router# show traffic-shape
Interface Fa0/0
Access Target Byte Sustain Excess Interval Increment Adapt
VC List Rate Limit bits/int bits/int (ms) (bytes) Active
- 1000000 6250 25000 25000 25 3125 -
Field Description
Interface Interface type and number.
VC Virtual circuit.
Note If you configure traffic shaping at a VC level instead of an
interface level, a number appears in this field.
Access List Number of the access list, if one is configured.
Target Rate Rate that traffic is shaped to, in bits per second.
Field Description
Byte Limit Maximum number of bytes sent per internal interval.
Sustain bits/int Configured sustained bits per interval.
Excess bits/int Configured excess bits in the first interval.
Interval (ms) Interval (in milliseconds) being used internally, which may be smaller
than the committed burst divided by the committed information rate,
if the router determines that traffic flow will be more stable with a
smaller configured interval.
Increment (bytes) Number of bytes that will be sustained per internal interval.
Adapt Active Contains “BECN” if Frame Relay has backward explicit congestion
notification (BECN) adaptation configured.
Usage Guidelines When no parameters are specified with this command, the output displays information for all interfaces
and DLCIs containing queued elements. When a specific interface and DLCI are specified, information
is displayed about the queued elements for that DLCI only.
When you use this command with HQF, no output displays.
Examples The following is sample output for the show traffic-shape queue command when weighted fair
queueing is configured on the map class associated with DLCI 16:
Router# show traffic-shape queue Serial1/1 dlci 16
The following is sample output for the show traffic-shape queue command when priority queueing is
configured on the map class associated with DLCI 16:
Router# show traffic-shape queue Serial1/1 dlci 16
The following is sample output for the show traffic-shape queue command when first-come, first-serve
queueing is configured on the map class associated with DLCI 16:
Router# show traffic-shape queue Serial1/1 dlci 16
The following is sample output for the show traffic-shape queue command displaying statistics for the
special queue for voice traffic that is created automatically when the frame-relay voice bandwidth
command is entered:
Router# show traffic-shape queue Serial1/1 dlci 45
Field Description
Queueing strategy When Frame Relay Traffic Shaping (FRTS) is configured, the queueing type
can be weighted fair, custom-queue, priority-group, or fcfs
(first-come, first-serve), depending on what is configured on the Frame
Relay map class for this DLCI. The default is fcfs for FRTS. When generic
traffic shaping is configured, the only queueing type available is weighted
fair queueing (WFQ).
Queueing Stats Statistics for the configured queueing strategy, as follows:
• size—Current size of the queue.
• max total—Maximum number of packets of all types that can be queued
in all queues.
• threshold—For WFQ, the number of packets in the queue after which
new packets for high-bandwidth conversations will be dropped.
• drops—Number of packets discarded during this interval.
Conversations active Number of currently active conversations.
Conversations max total Maximum allowed number of concurrent conversations.
Reserved Conversations Number of currently active conversations reserved for voice.
active
Reserved Conversations Maximum configured number of conversations reserved.
allocated
depth Number of packets currently queued.
weight Number used to classify and prioritize the packet.
discards Number of packets discarded from queues.
Packet Number of queued packet.
linktype Protocol type of the queued packet. (cdp = Cisco Discovery Protocol)
length Number of bytes in the queued packet.
flags Number of flag characters in the queued packet.
source Source IP address.
destination Destination IP address.
id Packet ID.
ttl Time to live count.
TOS IP type of service.
prot Layer 4 protocol number. Refer to RFC 943 for a list of protocol numbers.
(17 = User Datagram Protocol (UDP))
source port Port number of source port.
destination port Port number of destination port.
Syntax Description interface-type (Optional) The type of the interface. If no interface is specified,
traffic-shaping statistics for all configured interfaces are shown.
interface-number (Optional) The number of the interface.
Usage Guidelines You must have first enabled traffic shaping using the traffic-shape rate, traffic-shape group, or
frame-relay traffic-shaping command to display traffic-shaping information.
Examples The following is sample output from the show traffic-shape statistics command:
Router# show traffic-shape statistics
Field Description
I/F Interface.
Access List Number of the access list.
Queue Depth Number of messages in the queue.
Packets Number of packets sent through the interface.
Bytes Number of bytes sent through the interface.
Field Description
Packets Delayed Number of packets sent through the interface that were delayed in the
traffic-shaping queue.
Bytes Delayed Number of bytes sent through the interface that were delayed in the
traffic-shaping queue.
Shaping Active Contains “yes” when timers indicate that traffic shaping is occurring and
“no” if traffic shaping is not occurring.
svc-bundle
To create or modify a member of a switched virtual circuit (SVC) bundle, use the svc-bundle command
in SVC-bundle configuration mode. To remove an SVC bundle member from the bundle, use the no form
of this command.
svc-bundle svc-handle
no svc-bundle svc-handle
Syntax Description svc-handle Unique name for the SVC in the router.
Usage Guidelines Using this command will cause the system to enter SVC-bundle member configuration mode, in which
you can configure characteristics of the member such as precedence, variable bit rate (VBR) traffic
shaping, unspecified bit rate (UBR) traffic shaping, UBR+ traffic shaping, an idle timeout, and bumping
conditions.
Examples The following example creates a member of an SVC bundle named “five”:
svc-bundle five
Syntax Description table-map-name Name of table map to be created. The name can be a maximum of 64
alphanumeric characters.
map from Indicates that a “map from” value will be used.
from-value The “map from” value of the packet-marking category. The value range
varies according to the packet-marking category from which you want to
map and convert. For more information, see the “Usage Guidelines” section
below.
to Indicates that a “map to” value will be used.
to-value The “map to” value of the packet-marking category. The value range varies
according to the packet-marking category to which you want to map and
convert. For more information, see the “Usage Guidelines” section below.
default (Optional) Indicates that a default value or action will be used.
default-value-or-action (Optional) The default value or action to be used if a “to–from” relationship
has not been explicitly configured. Default actions are “ignore” and “copy”.
If neither action is specified, “copy” is used.
Defaults The default keyword and default-value-or-action argument sets the default value (or action) to be used
if a value if not explicitly designated.
If you configure a table map but you do not specify a default-value-or-action argument for the default
keyword, the default action is “copy”.
Usage Guidelines This command allows you to create a mapping table. The mapping table, a type of conversion chart, is
used for establishing a “to–from” relationship between packet-marking types or categories. For example,
a mapping table can be used to establish a “to–from” relationship between the following packet-marking
categories:
• Class of service (CoS)
• Precedence
Examples In the following example, the table-map (value mapping) command has been configured to create a table
map called “map1”. In “map1”, two “to–from” relationships have been established and a default value
has been defined. The fields for establishing the “to–from” mappings are further defined by the policy
map in which the table map will be configured. (Configuring a policy map is the next logical step after
creating a table map.)
For instance, a precedence or DSCP value of 0 could be mapped to a CoS value of 0, or vice versa,
depending on the how the table map is configured. Any values not explicitly defined in a “to–from”
relationship will be set to a default value.
Router(config)# table-map map1
Router(config-tablemap)# map from 0 to 0
Router(config-tablemap)# map from 2 to 1
Router(config-tablemap)# default 3
Router(config-tablemap)# end
tcp
To enable Transmission Control Protocol (TCP) header compression within an IP Header Compression
(IPHC) profile, use the tcp command in IPHC-profile configuration mode. To disable TCP header
compression, use the no form of this command.
tcp
no tcp
Examples The following is an example of an IPHC profile called profile1. In this example, TCP header
compression has been enabled.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile1 van-jacobson
Router(config-iphcp)# tcp
Router(config-iphcp)# end
tcp contexts
To set the number of contexts available for Transmission Control Protocol (TCP) header compression,
use the tcp contexts command in IPHC-profile configuration mode. To remove the number of previously
configured contexts, use the no form of this command.
no tcp contexts
Syntax Description absolute Indicates that the maximum number of compressed TCP contexts will be
based on a fixed (absolute) number.
number-of-contexts Number of TCP contexts. Range is from 1 to 256.
kbps-per-context Indicates that the maximum number of compressed TCP contexts will be
based on available bandwidth.
kbps Number of kbps to allow for each context. Range is from 1 to 100.
Command Default The tcp contexts command calculates the number of contexts on the basis of bandwidth and allocates
4 kbps per context.
Usage Guidelines Use the tcp contexts command to set the number of contexts available for TCP header compression. A
context is the state that the compressor uses to compress a header and that the decompressor uses to
decompress a header. The context is the uncompressed version of the last header sent and includes
information used to compress and decompress the packet.
Examples The following is an example of an IPHC profile called profile2. In this example, the number of TCP
contexts has been set to 75.
Router> enable
Router# configure terminal
Router(config)# iphc-profile profile2 van-jacobson
Router(config-iphcp)# tcp contexts absolute 75
Router(config-iphcp)# end
traffic-shape adaptive
To configure a Frame Relay subinterface to estimate the available bandwidth when backward explicit
congestion notification (BECN) signals are received, use the traffic-shape adaptive interface
configuration command in interface configuration mode. To disregard the BECN signals and not
estimate the available bandwidth, use the no form of this command.
no traffic-shape adaptive
Syntax Description bit-rate Lowest bit rate that traffic is shaped to, in bits per second. The default
bit rate value is 0.
Command Default Bandwidth is not estimated when BECN signals are received.
Usage Guidelines This command specifies the boundaries in which traffic will be shaped when BECN signals are received.
You must enable traffic shaping on the interface with the traffic-shape rate or traffic-shape group
command before you can use the traffic-shape adaptive command.
The bit rate specified for the traffic-shape rate command is the upper limit, and the bit rate specified
for the traffic-shape adaptive command is the lower limit to which traffic is shaped when BECN signals
are received on the interface. The rate actually shaped to will be between these two bit rates.
You should configure this command and the traffic-shape fecn-adapt command on both ends of the
connection to ensure adaptive traffic shaping over the connection, even when traffic is flowing primarily
in one direction. The traffic-shape fecn-adapt command configures the router to reflect forward
explicit congestion notification (FECN) signals as BECN signals.
Examples The following example configures traffic shaping on serial interface 0.1 with an upper limit of 128 kbps
and a lower limit of 64 kbps. This configuration allows the link to run from 64 to 128 kbps, depending
on the congestion level.
interface serial 0
encapsulation-frame-relay
interface serial 0.1
traffic-shape fecn-adapt
To reply to messages with the forward explicit congestion notification (FECN) bit (which are sent with
TEST RESPONSE messages with the BECN bit set), use the traffic-shape fecn-adapt command in
interface configuration mode. To stop backward explicit congestion notification (BECN) signal
generation, use the no form of this command.
traffic-shape fecn-adapt
no traffic-shape fecn-adapt
Usage Guidelines Enable traffic shaping on the interface with the traffic-shape rate or traffic-shape group command.
FECN is available only when traffic shaping is configured.
Use this command to reflect FECN bits as BECN bits. Reflecting FECN bits as BECN bits notifies the
sending DTE that it is transmitting at a rate too fast for the DTE to handle. Use the traffic-shape
adaptivetraffic-shape adaptive command to configure the router to adapt its transmission rate when it
receives BECN signals.
You should configure this command and the traffic-shape adaptive command on both ends of the
connection to ensure adaptive traffic shaping over the connection, even when traffic is flowing primarily
in one direction.
Examples The following example configures traffic shaping on serial interface 0.1 with an upper limit of 128 kbps
and a lower limit of 64 kbps. This configuration allows the link to run from 64 to 128 kbps, depending
on the congestion level. The router reflects FECN signals as BECN signals.
interface serial 0
encapsulation-frame-relay
interface serial 0.1
traffic-shape rate 128000
traffic-shape group
To enable traffic shaping based on a specific access list for outbound traffic on an interface, use the
traffic-shape group command in interface configuration mode. To disable traffic shaping on the
interface for the access list, use the no form of this command.
Syntax Description access-list Number of the access list that controls the packets that traffic shaping is
applied to on the interface. Access list numbers can be numbers from
1 to 2699.
bit-rate Bit rate that traffic is shaped to, in bits per second. This is the access bit rate
that you contract with your service provider, or the service levels you intend
to maintain. Bit rates can be numbers in the range of 8000 to 100000000 bps.
burst-size (Optional) Sustained number of bits that can be sent per interval. On Frame
Relay interfaces, this is the Committed Burst size contracted with your
service provider. Valid entries are numbers in the range of 0 to 100000000.
excess-burst-size (Optional) Maximum number of bits that can exceed the burst size in the first
interval in a congestion event. On Frame Relay interfaces, this is the Excess
Burst size contracted with your service provider. Valid entries are numbers
in the range of 0 to 100000000. The default is equal to the burst-size
argument.
Usage Guidelines Generic traffic shaping is not supported on ISDN and dialup interfaces. It is also not supported on
nongeneric routing encapsulation tunnel interfaces. Traffic shaping is not supported with flow switching.
Traffic shaping uses queues to limit surges that can congest a network. Data is buffered and then sent
into the network in regulated amounts to ensure that traffic will fit within the promised traffic envelope
for the particular connection.
The traffic-shape group command allows you to specify one or more previously defined access list to
shape traffic on the interface. You must specify one traffic-shape group command for each access list
on the interface.
The traffic-shape group command supports both standard and extended access lists.
Use traffic shaping if you have a network with differing access rates or if you are offering a subrate
service. You can configure the values according to your contract with your service provider or the service
levels you intend to maintain.
An interval is calculated as follows:
• If the burst-size is not equal to zero, the interval is the burst-size divided by the bit-rate.
• If the burst-size is zero, the interval is the excess-burst-size divided by the bit-rate.
Traffic shaping is supported on all media and encapsulation types on the router. To perform traffic
shaping on Frame Relay virtual circuits, you can also use the frame-relay traffic-shaping command.
For more information on Frame Relay Traffic Shaping, refer to the “Configuring Frame Relay” chapter
in the Cisco IOS Wide-Area Networking Configuration Guide.
If traffic shaping is performed on a Frame Relay network with the traffic-shape rate command, you can
also use the traffic-shape adaptive command to specify the minimum bit rate to which the traffic is
shaped.
Examples The following example enables traffic that matches access list 101 to be shaped to a certain rate and
traffic matching access list 102 to be shaped to another rate on the interface:
interface serial 1
traffic-shape group 101 128000 16000 8000
traffic-shape group 102 130000 10000 1000
traffic-shape rate
To enable traffic shaping for outbound traffic on an interface, use the traffic-shape rate command in
interface configuration mode. To disable traffic shaping on the interface, use the no form of this
command.
no traffic-shape rate
Syntax Description bit-rate Bit rate that traffic is shaped to, in bits per second. This is the access bit rate
that you contract with your service provider, or the service levels you intend
to maintain. Bit rates can be in the range of 8000 to 100000000 bps.
burst-size (Optional) Sustained number of bits that can be sent per interval. On Frame
Relay interfaces, this is the Committed Burst size contracted with your
service provider. Valid entries are numbers in the range of 0 to 100000000.
excess-burst-size (Optional) Maximum number of bits that can exceed the burst size in the first
interval in a congestion event. On Frame Relay interfaces, this is the Excess
Burst size contracted with your service provider. Valid entries are numbers
in the range of 0 to 100000000. The default is equal to the burst-size
argument.
buffer-limit (Optional) Maximum buffer limit in bps. Valid entries are numbers in the
range of 0 to 4096.
Usage Guidelines Generic traffic shaping is not supported on ISDN and dialup interfaces. Is is also not supported on
nongeneric routing encapsulation tunnel interfaces. Traffic shaping is not supported with flow switching.
Traffic shaping uses queues to limit surges that can congest a network. Data is buffered and then sent
into the network in regulated amounts to ensure that traffic will fit within the promised traffic envelope
for the particular connection.
Use traffic shaping if you have a network with differing access rates or if you are offering a subrate
service. You can configure the values according to your contract with your service provider or the service
levels you intend to maintain.
An interval is calculated as follows:
• If the burst-size is not equal to zero, the interval is the burst-size divided by the bit-rate.
• If the burst-size is zero, the interval is the excess-burst-size divided by the bit-rate.
Traffic shaping is supported on all media and encapsulation types on the router. To perform traffic
shaping on Frame Relay virtual circuits, you can also use the frame-relay traffic-shaping command.
For more information on Frame Relay Traffic Shaping, refer to the “Configuring Frame Relay” chapter
in the Cisco IOS Wide-Area Networking Configuration Guide.
If traffic shaping is performed on a Frame Relay network with the traffic-shape rate command, you can
also use the traffic-shape adaptive command to specify the minimum bit rate to which the traffic is
shaped.
Examples The following example enables traffic shaping on serial interface 0 using the bandwidth required by the
service provider:
interface serial 0
traffic-shape rate 128000 16000 8000
tx-ring-limit
To limit the number of packets that can be used on a transmission ring on the digital subscriber line
(DSL) WAN interface card (WIC) or interface, use the tx-ring-limit command in ATM VC configuration
mode. To not limit the number of packets that can be used on a transmission ring on a DSL WIC or
interface, use the no form of this command.
tx-ring-limit ring-limit
no tx-ring-limit ring-limit
Syntax Description ring-limit Specifies the maximum number of allowable packets that can be placed on
the transmission ring. Valid entries can be numbers from 1 to 32767. The
default value is 60. On Cisco 1700 series routers, possible values are
2 through 60. On Cisco 2600 and 3600 series routers, possible values are
3 through 60.
Examples The following example configures the transmission ring limit to three packets on an ATM permanent
virtual circuit (PVC) subinterface:
Router(config)# interface atm1/0.1 point-to-point
Router(config-subif)# pvc 2/200
Router(config-if-atm-vc)# tx-ring-limit 3
vc-hold-queue
To configure the per-virtual circuit (VC) hold queue on an ATM adapter, use the vc-hold-queue
command in interface configuration mode. To return to the default value of the per-VC hold queue, use
the no form of this command.
vc-hold-queue number-of-packets
no vc-hold-queue number-of-packets
Syntax Description number-of-packets Specifies number of packets that can be configured for the per-VC hold
queue. Number of packets can be a minimum of 5 to a maximum of 1024.
Command Default The default value of the hold queue is set by the queueing mechanism in use.
Usage Guidelines This command can only be used on Cisco 7200 series routers and on Cisco 2600 and 3600 adapters that
support per-VC queueing.
This command is configurable at the VC level only.
Examples The following example sets the per-VC hold queue to 55:
interface atm2/0.1
pvc 1/101
vc-hold-queue 55