From: Ken.Farrington@barclayscapital.com
Date: Sat Oct 25 2003 - 09:07:16 GMT-3
All, it is working Just dont think the show policy int command is showing
it.
pc1-------------c3550---------------pc2
port 0/7 port0/1
sending receiving
POLICING JUST ON IP
-------------------
mls qos
!
interface FastEthernet0/7
switchport access vlan 222
no ip address
load-interval 30
service-policy input police1
spanning-tree portfast
!
!
class-map match-all police1
match access-group 10
!
policy-map police1
class police1
police 2000000 100000 exceed-action drop
!
access-list 10 permit any
!
Cat1_3550#sh int fa 0/7
FastEthernet0/7 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000d.2929.0907 (bia 000d.2929.0907)
Queueing strategy: fifo
Output queue :0/40 (size/max)
30 second input rate 3097000 bits/sec, 293 packets/sec
30 second ouxtput rate 0 bits/sec, 0 packets/sec
1554079 packets input, 1992103896 bytes, 0 no buffer
Cat1_3550#
Cat1_3550# sh int fa 0/1
FastEthernet0/1 is up, line protocol is up (connected)
Queueing strategy: fifo
Output queue :0/40 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 2001000 bits/sec, 194 packets/sec
40975 packets input, 20072774 bytes, 0 no buffer
Cat1_3550#
----------------------------------------------------------------------------
----------------------------------
POLICING JUST ON ALL TRAFFIC
----------------------------
mls qos
mls qos aggregate-policer All-2Meg 2000000 8000 exceed-action drop
!
class-map match-all port7-ip
match access-group name all-ip
class-map match-all port7-nonip
match access-group name all-nonip
!
!
policy-map POLICE
class port7-ip
police aggregate All-2Meg
class port7-nonip
police aggregate All-2Meg
!
!
interface FastEthernet0/7
switchport access vlan 222
no ip address
load-interval 30
service-policy input POLICE
spanning-tree portfast
! !
ip access-list standard all-ip
permit any
!
!
mac access-list extended all-nonip
permit any any
Cat1_3550# sh int fa 0/7
FastEthernet0/7 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000d.2929.0907 (bia 000d.2929.0907)
Queueing strategy: fifo
Output queue :0/40 (size/max)
30 second input rate 3065000 bits/sec, 293 packets/sec
30 second ouxtput rate 0 bits/sec, 0 packets/sec
1752544 packets input, 2247641089 bytes, 0 no buffer
Cat1_3550#sh int fa 0/1
FastEthernet0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 000d.2929.0901 (bia 000d.2929.0901)
Queueing strategy: fifo
Output queue :0/40 (size/max)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 1986000 bits/sec, 190 packets/sec
61830 packets input, 21619028 bytes, 0 no buffer
Cat1_3550#
JUST THINK THAT THE POLICY INFO IS NOT BEING LOGGED - THATS ALL :)
Cat1_3550#sh policy
Cat1_3550#sh policy-map
Policy Map POLICE
class port7-ip
police aggregate All-2Meg
class port7-nonip
police aggregate All-2Meg
Policy Map police1
class police1
police 2000000 100000 exceed-action drop
Cat1_3550#sh policy-map int
service-policy input: POLICE
class-map: port7-ip (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
match: access-group name all-ip
class-map: port7-nonip (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
match: access-group name all-nonip
class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
match: any
0 packets, 0 bytes
30 second rate 0 bps
Cat1_3550#
-----Original Message-----
From: Farrington, Ken: IT (LDN)
Sent: 23 October 2003 09:06
To: Farrington, Ken: IT (LDN); 'McCallum, Robert';
'ccielab@groupstudy.com'
Subject: RE: Rate Limiting on a switch port
Also, Please bear in mind, if this requirement was asked on the lab, i
would have to do for all IP and NON-IP traffic, so my config would look like
this. But I can get the basic IP working as yet :))
---------------------------------------------------------------------------
mls qos
mls qos aggregate-policer All-3.5Meg 3500000 8000 exceed-action drop
!
class-map match-all port13-ip
match access-group name all-ip
class-map match-all port13-nonip
match access-group name all-nonip
!
no policy-map POLICE
policy-map POLICE
class port13-ip
police aggregate All-3.5Meg
class port13-nonip
police aggregate All-3.5Meg
!
ip access-list standard all-ip
permit any
!
mac access-list extended all-nonip
permit any any
!
----------------------------------------------------------------------------
-- -----Original Message----- From: Farrington, Ken: IT (LDN) Sent: 23 October 2003 09:02 To: 'McCallum, Robert'; Farrington, Ken: IT (LDN); 'ccielab@groupstudy.com' Subject: RE: Rate Limiting on a switch portI sure did. Even Csico gave me a simple example and I have now tried this on 2 3550s.
I am wondering if its IOS related but would be very interested to see if someone else can emulate this.
IOS ver at bottom of em and have tried on an SMI and EMI?????
I need to know if this is the way to go on the lab if they ask me to set an access rate for a switch port for a particular user/users? and at the moment, as I cant see this working, i would not use it in the LAB. It's next week and i am concerned ????
(ps, Cisco cant even spell output on the show int commands for the bit/sec rate haha)
Rob, any help you can give would be fantastic :))
mls qos ! class-map match-all port13-ip match access-group name all-ip ! ! policy-map POLICE class port13-ip police 3496000 8000 exceed-action drop ! ! interface FastEthernet0/7 switchport access vlan 21 no ip address load-interval 30 service-policy input POLICE ! ! ip access-list standard all-ip permit any !
RESULTS STILL
Cat2_3550#SH INT FA 0/7 FastEthernet0/7 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 000c.858f.0087 (bia 000c.858f.0087) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 13/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s input flow-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 30 second input rate 5164000 bits/sec, 495 packets/sec 30 second ouxtput rate 0 bits/sec, 0 packets/sec 706776 packets input, 910946637 bytes, 0 no buffer Received 343 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 28 multicast, 0 pause input 0 input packets with dribble condition detected 3579 packets output, 267645 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Cat2_3550# Cat2_3550#sh poli int
FastEthernet0/7
service-policy input: POLICE
class-map: port13-nonip (match-all) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps match: access-group name all-nonipqm_police_inform_feature: CLASS_SHOW
class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps match: any 0 packets, 0 bytes 30 second rate 0 bps Cat2_3550#
Cat2_3550# sh hard Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(13)EA1a, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Tue 25-Mar-03 23:42 by yenanh Image text-base: 0x00003000, data-base: 0x007C34B0
ROM: Bootstrap program is C3550 boot loader
Cat2_3550 uptime is 59 minutes System returned to ROM by power-on System image file is "flash:c3550-i5q3l2-mz.121-13.EA1a.bin"
cisco WS-C3550-24 (PowerPC) processor (revision H0) with 65526K/8192K bytes of m emory. Processor board ID CAT0714X0H9 Last reset from warm-reset Bridging software. Running Layer2/3 Switching Image
Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces
Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces
Ethernet-controller 3 has 1 Gigabit Ethernet/IEEE 802.3 interface
Ethernet-controller 4 has 1 Gigabit Ethernet/IEEE 802.3 interface
24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s)
The password-recovery mechanism is enabled. 384K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:0C:85:8F:00:80 Motherboard assembly number: 73-5700-10 Power supply part number: 34-0966-02 Motherboard serial number: CAT071302WE Power supply serial number: LIT0704001M Model revision number: H0 Motherboard revision number: A0 Model number: WS-C3550-24-SMI System serial number: CAT0714X0H9 Configuration register is 0x10F
Cat2_3550#
-----Original Message----- From: McCallum, Robert [mailto:robert.mccallum@thus.net] Sent: 23 October 2003 08:42 To: 'Ken.Farrington@barclayscapital.com'; 'ccielab@groupstudy.com' Subject: RE: Rate Limiting on a switch port
Ken, Did you configure mls qos globally when you tried it with the policy map?
Robert McCallum CCIE #8757 R&S 01415663448 07818002241
> -----Original Message----- > From: Ken.Farrington@barclayscapital.com > [mailto:Ken.Farrington@barclayscapital.com] > Sent: 22 October 2003 20:37 > To: ccielab@groupstudy.com > Subject: RE: Rate Limiting on a switch port > > > !!!Storm control is working.!!! Would still be nice to know > why policing does not work with a policy-map ?? > > PC----------switch-----------R6 > fa0/13 > > > PC Sends a 5 meg stream > ------------------------ > ! > interface FastEthernet0/13 > switchport access vlan 21 > load-interval 30 > storm-control unicast level 6.00 > > Cat1_3550#sh int fa 0/13 > FastEthernet0/13 is up, line protocol is up (connected) > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 5135000 bits/sec, 494 packets/sec > 30 second ouxtput rate 0 bits/sec, 0 packets/sec > 10779515 packets input, 2081525294 bytes, 0 no buffer > > R6>sh int e0 > Ethernet0 is up, line protocol is up > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 5121000 bits/sec, 499 packets/sec > 30 second output rate 1000 bits/sec, 2 packets/sec > 4078365 packets input, 1011489606 bytes, 0 no buffer > > Cat1_3550#sh storm-control uni > Interface Filter State Level Current > --------- ------------- ------- ------- > Fa0/12 inactive 100.00% N/A > Fa0/13 Forwarding 6.00% 5.28% > Fa0/14 inactive 100.00% N/A > > > PC Sends a 7 meg stream > ------------------------ > > Cat1_3550# sh int fa 0/13 > FastEthernet0/13 is up, line protocol is up (connected) > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 7186000 bits/sec, 591 packets/sec > 30 second ouxtput rate 0 bits/sec, 0 packets/sec > 10907549 packets input, 2267617892 bytes, 0 no buffer > > R6>sh int e 0 > Ethernet0 is up, line protocol is up > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 2000 bits/sec, 1 packets/sec > 30 second output rate 0 bits/sec, 0 packets/sec > 4226435 packets input, 1201867001 bytes, 0 no buffer > > Cat1_3550#sh storm-control uni > Interface Filter State Level Current > --------- ------------- ------- ------- > Fa0/12 inactive 100.00% N/A > Fa0/13 Blocking 6.00% 7.28% > Fa0/14 inactive 100.00% N/A > > > > > > -----Original Message----- > From: Ken.Farrington@barclayscapital.com > [mailto:Ken.Farrington@barclayscapital.com] > Sent: 22 October 2003 17:25 > To: ccielab@groupstudy.com > Subject: RE: Rate Limiting on a switch port > > > UMMM. this kinda gives me an idication that no packets are > being matched > :) dont know why tho as yet. i will keep plodding on .... > > Tried a new policy map matchine an ACL.... > > > ! > class-map match-all port13 > match access-group 10 > ! > access-list 10 permit any > ! > policy-map POLICE > class port13 > police 3496000 8000 exceed-action drop > ! > ! > interface FastEthernet0/13 > switchport access vlan 21 > no ip address > load-interval 30 > service-policy input POLICE > spanning-tree portfast > ! > > Cat1_3550#sh policy-map int > > service-policy input: POLICE > > class-map: port13 (match-all) > 0 packets, 0 bytes > 30 second offered rate 0 bps, drop rate 0 bps > match: access-group 10qm_police_inform_feature: CLASS_SHOW > > > class-map: class-default (match-any) > 0 packets, 0 bytes > 30 second offered rate 0 bps, drop rate 0 bps > match: any > 0 packets, 0 bytes > 30 second rate 0 bps > Cat1_3550# > > > -----Original Message----- > From: Ken.Farrington@barclayscapital.com > [mailto:Ken.Farrington@barclayscapital.com] > Sent: 22 October 2003 16:43 > To: ccielab@groupstudy.com > Subject: Rate Limiting on a switch port > > > One more question for the day. > > I have just been asked to limit a switch port to a max rate > of 2,000,000. SO I think, right, this is not so bad. > > I try the following Police, and unicast supression, cant use > CAR or TS on 3550 so it looks) with the following results :- > when sending a 5MB stream from an attached PC. > > Any ideas? - Sorry, its my second post today :) QoS day! > > > > POLICING > -------- > ! > > class-map match-all port13 > match any > ! > ! > policy-map POLICE > class port13 > police 2000000 8000 exceed-action drop > ! > ! > interface FastEthernet0/13 > switchport access vlan 21 > no ip address > load-interval 30 > service-policy input POLICE > spanning-tree portfast > ! > > > > Cat1_3550#sh int fa 0/13 > FastEthernet0/13 is up, line protocol is up (connected) > Hardware is Fast Ethernet, address is 000d.2929.090d (bia > 000d.2929.090d) > MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, > reliability 255/255, txload 1/255, rxload 13/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > Full-duplex, 100Mb/s > input flow-control is off, output flow-control is off > ARP type: ARPA, ARP Timeout 04:00:00 > Last input never, output 00:00:01, output hang never > Last clearing of "show interface" counters never > Input queue: 0/75/0/0 (size/max/drops/flushes); Total > output drops: 0 > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 5131000 bits/sec, 494 packets/sec > 30 second ouxtput rate 0 bits/sec, 0 packets/sec > 264773 packets input, 329039511 bytes, 0 no buffer > Received 10796 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 watchdog, 2760 multicast, 0 pause input > 0 input packets with dribble condition detected > 84759 packets output, 7794521 bytes, 0 underruns > 0 output errors, 0 collisions, 3 interface resets > 0 babbles, 0 late collision, 0 deferred > 0 lost carrier, 0 no carrier, 0 PAUSE output > 0 output buffer failures, 0 output buffers swapped out Cat1_3550# > > > > STORM CONTROL > ------------- > > ! > ! > interface FastEthernet0/13 > switchport access vlan 21 > no ip address > load-interval 30 > storm-control unicast level 2.00 > spanning-tree portfast > ! > Cat1_3550#sh int fa0/13 > FastEthernet0/13 is up, line protocol is up (connected) > Hardware is Fast Ethernet, address is 000d.2929.090d (bia > 000d.2929.090d) > MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, > reliability 255/255, txload 1/255, rxload 12/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > Full-duplex, 100Mb/s > input flow-control is off, output flow-control is off > ARP type: ARPA, ARP Timeout 04:00:00 > Last input never, output 00:00:01, output hang never > Last clearing of "show interface" counters never > Input queue: 0/75/0/0 (size/max/drops/flushes); Total > output drops: 0 > Queueing strategy: fifo > Output queue :0/40 (size/max) > 30 second input rate 5019000 bits/sec, 483 packets/sec > 30 second ouxtput rate 0 bits/sec, 0 packets/sec > 375128 packets input, 471259605 bytes, 0 no buffer > Received 10838 broadcasts, 0 runts, 0 giants, 0 throttles > 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored > 0 watchdog, 2770 multicast, 0 pause input > 0 input packets with dribble condition detected > 85778 packets output, 7871879 bytes, 0 underruns > 0 output errors, 0 collisions, 3 interface resets > 0 babbles, 0 late collision, 0 deferred > 0 lost carrier, 0 no carrier, 0 PAUSE output > 0 output buffer failures, 0 output buffers swapped out > Cat1_3550# > > > > > COMMITEDD ACCESS RATE > --------------------- > Can use the rate-limit command on my 3550. > > > TRAFFIC SHAPING > --------------- > Only works for outbound traffic > > > > > > > > > > -------------------------------------------------------------- > ---------- > For more information about Barclays Capital, please > visit our web site at http://www.barcap.com. > > > Internet communications are not secure and therefore the Barclays > Group does not accept legal responsibility for the contents of this > message. Although the Barclays Group operates anti-virus programmes, > it does not accept responsibility for any damage whatsoever that is > caused by viruses being passed. Any views or opinions presented are > solely those of the author and do not necessarily represent > those of the > Barclays Group. Replies to this email may be monitored by > the Barclays > Group for operational or business reasons. > > -------------------------------------------------------------- > ---------- > > ______________________________________________________________ > _________ > Please help support GroupStudy by purchasing your study > materials from: http://shop.groupstudy.com > > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > ______________________________________________________________ > _________ > Please help support GroupStudy by purchasing your study > materials from: http://shop.groupstudy.com > > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > ______________________________________________________________ > _________ > Please help support GroupStudy by purchasing your study > materials from: http://shop.groupstudy.com > > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:53:08 GMT-3