You are here: Home » Quality of Service

CBWFQ not supported on Sub-Interfaces

If you are playing around with CBWFQ you might have discovered that it’s impossible to attach a policy-map to a sub-interface directly. There is a good reason for this and I’d like to show you why this occurs and how to fix it. This is the topology I will use to demonstrate this:

Just two routers connected to teach other using frame-relay. We will try to configure CBWFQ on the Serial 0/0.1 sub-interface of R1.

Configuration

First i’ll create a simple CBWFQ configuration:

R1(config)#class-map TELNET
R1(config-cmap)#match protocol telnet

R1(config)#class-map HTTP
R1(config-cmap)#match protocol http 

R1(config)#policy-map CBWFQ
R1(config-pmap)#class TELNET
R1(config-pmap-c)#bandwidth percent 10
R1(config-pmap-c)#exit
R1(config-pmap)#class HTTP
R1(config-pmap-c)#bandwidth percent 20
R1(config-pmap-c)#exit

Nothing special here…just a simple CBWFQ configuration that gives 10% of the bandwidth to telnet and 20% to HTTP traffic. Let’s try to apply it to the sub-interface:

R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output CBWFQ
CBWFQ : Not supported on subinterfaces

Too bad, it’s not gonna happen…IOS has a day off. There is a workaround however…we can’t apply it directly, but if we use a hierarchical policy-map it will work. Let me show you what I mean:

R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#service-policy CBWFQ

I’ll create a policy-map called PARENT that has our service-policy attached to the class-default class. Now let’s try to attach this to the sub-interface:

R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT
CBWFQ : Hierarchy supported only if shaping is configured in this class

IOS is still complaining, it only allows a hierarchical policy-map when shaping is configured. Let’s give it what it wants:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
Full Access to our 643 Lessons. More Lessons Added Every Week!
Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

452 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Previous Lesson
LLQ (Low Latency Queuing)

Next Lesson
QoS on LAN Switches

Tags: Shaping

Forum Replies

system says:
Hi Rene,

I’ve been following your tutorials for quite a while now and they have helped my a lot. Thanks for them.

Two things I want to ask:
1. Using Class-map, is it possible to block something like Facebook. I am able to block http://www.facebook.com but https is a headache. Can’t seem to block only one https site. I don’t want to block all https category.
2. Do you have tutorials on different Switching stuffs like STP, RSTP, MST, VLAN etc?
Please share if ya have. Will be grateful.

rgds
BJ
ReneMolenaar says:

Hi BJ,

You can use NBAR to block HTTP but not HTTPS, here’s why:

https://networklessons.com/quality-of-service/block-website-with-nbar-on-cisco-router/

I have quite some switching tutorials but I’m going to add more, take a look here:

https://networklessons.com/switching/

Rene
ReneMolenaar says:

Hi Olaniyi,

QoS on the switches works a bit different. The configuration is different. Here’s an example:

https://networklessons.com/quality-of-service/how-to-configure-queuing-on-cisco-catalyst-3560-and-3750-switch/

I think the 4900/4500 QoS is similar but I’d have to check.

Rene
ReneMolenaar says:

Hi Filip,

That’s right and the same thing applies to the class-default class. The only difference is that the class-default class will have a much higher weight that any of the user defined classes so it will only get a small portion of the bandwidth, even if you don’t configure a bandwidth for it. I’d have to check how much exactly, on IOS 12.4 you could use the “show queueing” command to see the weights. Not sure you can still see them on IOS 15 since these commands have been deprecated but I could do a simple bandwidth test

Rene
sammiria801 says:

Hello,

I have router 3925 I configured subinterfaces on the Ethernet LAN for Assigning DSCP values for the input traffic, the configuration is made without nested policy map, do you think this configuration it’s different from router to router? or it’s because the policy only assigning DCSP?

9 more replies! Ask a question or join the discussion by visiting our Community Forum