RE: Can the 3560 police traffic outbound?

From: Scott Morris (swm@emanon.com)
Date: Sun Dec 03 2006 - 00:08:14 ART

• Next message: Victor Cappuccio: "RE: Can the 3560 police traffic outbound?"
• Previous message: KennyT: "Re: CCIE SP IOS for FRR"
• Maybe in reply to: Victor Cappuccio: "Can the 3560 police traffic outbound?"
• Next in thread: Victor Cappuccio: "RE: Can the 3560 police traffic outbound?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you are trying to lump the output of multiple phyical ports together
(that belong to a vlan) what I would focus on is an aggregate policer. In
the 3560, a single aggregate policer can be applied to multiple physical
ports.

And what you are looking at with your ISP, you would need to do "no
switchport" on your ethernet interface to them and then you have the ability
of outbound policing. Or the aggregate on all of your other inbound
ports/vlans.

Switches are indeed different beasts than actual routers. Even switches
with multilayer routing capability is still not quite the same!

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 

-----Original Message-----
From: Victor Cappuccio [mailto:vcappuccio@desca.com]
Sent: Saturday, December 02, 2006 9:53 PM
To: Scott Morris; VirtRack.com Mailing Lists; ccielab@groupstudy.com
Subject: RE: Can the 3560 police traffic outbound?

Hi Scott, I still do not get it, Say that I have a Outboud port in my switch
to a ISP that is providing me 8Mbps of Internet Access (wish to have that
connection at home, with a Complete Rack to just play all day long and
forget about 2morrow elections and a possible civil war)

If My logic is correct a static Route is going to be pointing out a Next
Hop, or a Local Interface port to send unknown IP traffic Destinations, why
then a 3560 does not apply the same MQC logic as a Normal Router, but for
this specific type of Situation?

Knowing the fact that all traffic in this scenario, is between several
Inside Vlans to a Public Vlan

Maybe I could warranty the traffic going out using SRR, in a shared manner??

Thanks
Victor.-
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Saturday, December 02, 2006 10:29 PM
To: 'VirtRack.com Mailing Lists'; ccielab@groupstudy.com
Subject: RE: Can the 3560 police traffic outbound?

You have to think about it from the logic of the switch. Things are really
inbound to a VLAN and then they're moved on a L2 basis deciding which
port(s) to exit. So an output policy is not a real good logical application
since (generically anyway) the switch won't have any concept of which port
or ports it is trying to deal with.

HTH,

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
VirtRack.com Mailing Lists
Sent: Saturday, December 02, 2006 9:19 PM
To: ccielab@groupstudy.com
Subject: Re: Can the 3560 police traffic outbound?

I'd have to agree, not supported outbound:
(SVI)
SW1(config-if)#service-policy output marking
QoS: policymap is not supported on virtual interfaces

('switchport' physical interface)
SW1(config-if)#service-policy output marking
Warning: Assigning a policy map to the output side of an interface not
supported

On 12/2/06, Bob Sinclair <bob@bobsinclair.net> wrote:
>
> Victor,
>
> From everything I can see, the 3560 supports only the "service-policy
> input"
> command on a physical port or an SVI. The Doc CD is pretty clear about

> it, and I get nothing but errors when I try a service-policy out on an
SVI.
>
> HTH,
>
>
> Bob Sinclair
> CCIE 10427 CCSI 30427
> www.netmasterclass.net
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Victor Cappuccio
> Sent: Saturday, December 02, 2006 7:42 PM
> To: ccielab@groupstudy.com
> Subject: Can the 3560 police traffic outbound?
>
> I mean many different SVIs routing to a Vlan 2 Internet Access, can I
> do a service policy outbound to this SVI?
>
> Or this must be done inbound?
>
>
>
> Thanks for the clarification in advance
>
> Victor.-
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
Online rack rental and CCIE Forums at http://www.virtrack.com

• Next message: Victor Cappuccio: "RE: Can the 3560 police traffic outbound?"
• Previous message: KennyT: "Re: CCIE SP IOS for FRR"
• Maybe in reply to: Victor Cappuccio: "Can the 3560 police traffic outbound?"
• Next in thread: Victor Cappuccio: "RE: Can the 3560 police traffic outbound?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART