Configuring QoS Policy Applications
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-51
-> policy condition ip_traffic2 source ip 10.10.5.3
-> policy action flowShape maximum bandwidth 1k
-> policy rule rule2 condition traffic2 action flowShape
Note that the bandwidth may be specified in abbreviated units, in this case, 1k.
The rule is not active on the switch until the qos apply command is entered. When the rule is activated,
any flows coming into the switch from source IP address 10.10.5.3 will be queued with no more than 1k of
bandwidth.
ICMP Policy Example
Policies may be configured for ICMP on a global basis on the switch. ICMP policies may be used for
security (for example, to drop traffic from the ICMP blaster virus).
In the following example, a condition called icmpCondition is created with no other condition parame-
ters:
-> policy condition icmpCondition ip protocol 1
-> policy action icmpAction disposition deny
-> policy rule icmpRule condition icmpCondition action icmpAction
This policy (icmpRule) drops all ICMP traffic. To limit the dropped traffic to ICMP echo requests
(pings), use the debug qos internal command with the pingonly keyword.
-> debug qos internal pingonly
The switch will now drop only ICMP echo requests. (This functionality is different from the OmniSwitch
7700/7800 and OmniSwitch 8800, which will drop both ICMP echo requests and replies.)
802.1p and ToS/DSCP Marking and Mapping
802.1p values may be mapped to different 802.lp values on an individual basis or by using a map group. In
addition, ToS or DSCP values may be mapped to 802.1p on a case-by-case basis or via a map group.
(Note that any other mapping combination is not supported.)
Marking is accomplished with the following commands:
policy action 802.1p
policy action tos
policy action dscp
Mapping is accomplished through the following commands:
policy map group
policy action map
Note the following:
• Priority for the flow is based on the policy action. The value specified for 802.1p, ToS, DSCP, or the
map group will determine how the flow is queued.
• The port on which the flow arrives (the ingress port) must be a trusted port. For more information
about trusted ports, see “Trusted and Untrusted Ports” on page 24-20.
• For Layer 2 flows, you cannot have more than one action that maps DSCP.
In this example, a policy rule (marking) is set up to mark flows from 10.10.3.0 with an 802.1p value of 5: