SHAPE/POLICE rate limit 3560/3750 on input and output
Two ways to look at limiting bandwidth, INPUT use policy_map to the switch,
OUTPUT use srr-queue shaped mode to limit traffic egress or out of the
switch, have to think in respect to the egress meaning out of the physical
switch port and ingress being into the switch-ring internals of the switchb&
interface GigabitEthernet0/2
switchport access vlan 100
speed 10
srr-queue bandwidth limit 10 o�� rate limit/shape on OUTPUT
interface GigabitEthernet0/2
switchport access vlan 100
speed 10
service-policy input ICMP_PM o�� rate limit/police on INPUT
class-map match-all ICMP_CM
match access-group name ICMP
!
policy-map ICMP_PM
class ICMP_CM
police 8000 8000 exceed-action drop
!
ip access-list extended ICMP
permit ip any any
THE SHOW service-policy interface command does not work either, so you have
to use b� show mls qosb� commands and look at dscp marking packet counts
and
IN/OUT of PROFILE:
SW2#sh mls qos interface g0/1 statistics
GigabitEthernet0/1
dscp: incoming
b�b�b�b�b�b�b�b�b�b�-
0 b� 4 : 95083 0 0 0 0
5 b� 9 : 0 0 0 0 0
10 b� 14 : 0 0 0 0 0
15 b� 19 : 0 0 0 0 0
20 b� 24 : 0 0 0 0 0
25 b� 29 : 0 0 0 0 0
30 b� 34 : 0 0 0 0 0
35 b� 39 : 0 0 0 0 0
40 b� 44 : 0 0 0 0 0
45 b� 49 : 0 0 0 201 0
50 b� 54 : 0 0 0 0 0
55 b� 59 : 0 0 0 0 0
60 b� 64 : 0 0 0 0
dscp: outgoing
b�b�b�b�b�b�b�b�b�b�-
0 b� 4 : 47321 0 0 0 0
5 b� 9 : 0 0 0 0 0
10 b� 14 : 0 0 0 0 0
15 b� 19 : 0 0 0 0 0
20 b� 24 : 0 0 0 0 0
25 b� 29 : 0 0 0 0 0
30 b� 34 : 0 0 0 0 0
35 b� 39 : 0 0 0 0 0
40 b� 44 : 0 0 0 0 0
45 b� 49 : 0 0 0 200 0
50 b� 54 : 0 0 0 0 0
55 b� 59 : 0 0 0 0 0
60 b� 64 : 0 0 0 0
cos: incoming
b�b�b�b�b�b�b�b�b�b�-
0 b� 4 : 96226 0 0 0 0
5 b� 7 : 0 167 1945
cos: outgoing
b�b�b�b�b�b�b�b�b�b�-
0 b� 4 : 47323 0 0 0 0
5 b� 7 : 0 16 185
Policer: Inprofile: 770 OutofProfile: 245757
--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com
On Mon, Oct 11, 2010 at 9:36 AM, Nathan Richie <nathanr_at_boice.net> wrote:
> Does anybody know if I need to change the SDM prefer on a 3750 in order to
> rate-limit or police (via service-policy) on a routed physical interface?
> I
> configured an ACL with a policy-map and applied it inbound on the interface
> but the conformed packet counters do not increment. I then tried
> rate-limit
> commands, with the same results.
>
> Regards,
>
> Nathan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 11 2010 - 17:20:38 ART