How to apply policy on vlan in cisco switch
Applying policies (such as QoS or security) to a VLAN on a Cisco switch involves defining the policy map and applying it under the VLAN configuration mode or to the Switch Virtual Interface (SVI). Use service-policy type qos input <policy-name within vlan configuration <vlan-id or apply ACLs to the SVI for layer 3 control.
Key Steps and Commands:
- Define Class Map: Identify the traffic to be controlled
switch(config)# class-map match-all CLASS_NAME
switch(config-cmap)# match access-list
Create Policy Map: Define actions for the traffic.
switch(config)# policy-map POLICY_NAME
switch(config-pmap)# class CLASS_NAME
switch(config-pmap-c)# police conform-action exceed-actionswitch(config)# policy-map POLICY_NAME
switch(config-pmap)# class CLASS_NAME
switch(config-pmap-c)# police conform-action exceed-action
Apply to VLAN (Nexus/Specific Platforms):
switch(config)# vlan configuration
switch(config-vlan)# service-policy type qos input POLICY_NAME
Apply to SVI (Layer 3 Interface):
switch(config)# interface vlan
switch(config-if)# ip access-group in
Important Notes:
- Precedence: Interface policies take the highest precedence, followed by VLAN QoS policies, and then system QoS policies.
- Requirements: A VLAN must have at least one active member port for a service policy to be applied.
- Verification: Use
show policy-map interfaceto verify applied policies.
