Lesson Contents
If you are playing around with CBWFQ you might have discovered that it’s impossible to attach a policy-map to a sub-interface directly. There is a good reason for this and I’d like to show you why this occurs and how to fix it. This is the topology I will use to demonstrate this:
Just two routers connected to each other using frame-relay. We will try to configure CBWFQ on the Serial 0/0.1 sub-interface of R1.
Configuration
First, I’ll create a simple CBWFQ configuration:
R1(config)#class-map TELNET
R1(config-cmap)#match protocol telnet
R1(config)#class-map HTTP
R1(config-cmap)#match protocol http
R1(config)#policy-map CBWFQ
R1(config-pmap)#class TELNET
R1(config-pmap-c)#bandwidth percent 10
R1(config-pmap-c)#exit
R1(config-pmap)#class HTTP
R1(config-pmap-c)#bandwidth percent 20
R1(config-pmap-c)#exit
Nothing special here…just a simple CBWFQ configuration that gives 10% of the bandwidth to telnet and 20% to HTTP traffic. Let’s try to apply it to the sub-interface:
R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output CBWFQ
CBWFQ : Not supported on subinterfaces
Too bad, it’s not going to happen…IOS has a day off. There is a workaround, however…we can’t apply it directly, but if we use a hierarchical policy-map, it will work. Let me show you what I mean:
R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#service-policy CBWFQ
I’ll create a policy-map called PARENT that has our service-policy attached to the class-default class. Now let’s try to attach this to the sub-interface:
R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT
CBWFQ : Hierarchy supported only if shaping is configured in this class
IOS is still complaining. It only allows a hierarchical policy-map when shaping is configured. Let’s give it what it wants:
CBWFQ stands for Class-Based Weighted Fair Queuing
Class-Based Weighted Fair Queuing. It’s meant to give a certain bandwidth to traffic classes when an interface is congested.
Brilliant as ever Rene. Good post i was looking for it
Hi Rene,
I’ve been following your tutorials for quite a while now and they have helped my a lot. Thanks for them.
Two things I want to ask:
Using Class-map, is it possible to block something like Facebook. I am able to block http://www.facebook.com but https is a headache. Can’t seem to block only one https site. I don’t want to block all https category.
Do you have tutorials on different Switching stuffs like STP, RSTP, MST, VLAN etc?
Please share if ya have. Will be grateful.
rgds
BJ
Hi BJ,
You can use NBAR to block HTTP but not HTTPS, here’s why:
https://networklessons.com/quality-of-service/block-website-with-nbar-on-cisco-router
I have quite some switching tutorials but I’m going to add more, take a look here:
https://networklessons.com/switching
Rene