RE: OT:3750 and Policing | Rate-limiting from Nathan Richie on 2010-10-11 (Ccielab archives 10/2010)

From: Nathan Richie <nathanr_at_boice.net>
Date: Mon, 11 Oct 2010 22:14:26 -0400

Thanks Garry!

From: garry baker [mailto:baker.garry_at_gmail.com]
Sent: Monday, October 11, 2010 6:21 PM
To: Nathan Richie
Cc: Cisco certification
Subject: Re: OT:3750 and Policing | Rate-limiting

SHAPE/POLICE rate limit 3560/3750 on input and output

Two ways to look at limiting bandwidth, INPUT use policy_map to the switch, OUTPUT use srr-queue shaped mode to limit traffic egress or out of the switch, have to think in respect to the egress meaning out of the physical switch port and ingress being into the switch-ring internals of the switchb&

interface GigabitEthernet0/2
switchport access vlan 100
speed 10
srr-queue bandwidth limit 10 b" rate limit/shape on OUTPUT

interface GigabitEthernet0/2
switchport access vlan 100
speed 10
service-policy input ICMP_PM b" rate limit/police on INPUT

class-map match-all ICMP_CM
match access-group name ICMP
!
policy-map ICMP_PM
class ICMP_CM
police 8000 8000 exceed-action drop
!
ip access-list extended ICMP
permit ip any any

THE SHOW service-policy interface command does not work either, so you have to use b show mls qosb commands and look at dscp marking packet counts and IN/OUT of PROFILE:

SW2#sh mls qos interface g0/1 statistics
GigabitEthernet0/1

dscp: incoming
bbbbbbbbbb-

0 b 4 : 95083 0 0 0 0
5 b 9 : 0 0 0 0 0
10 b 14 : 0 0 0 0 0
15 b 19 : 0 0 0 0 0
20 b 24 : 0 0 0 0 0
25 b 29 : 0 0 0 0 0
30 b 34 : 0 0 0 0 0
35 b 39 : 0 0 0 0 0
40 b 44 : 0 0 0 0 0
45 b 49 : 0 0 0 201 0
50 b 54 : 0 0 0 0 0
55 b 59 : 0 0 0 0 0
60 b 64 : 0 0 0 0
dscp: outgoing
bbbbbbbbbb-

0 b 4 : 47321 0 0 0 0
5 b 9 : 0 0 0 0 0
10 b 14 : 0 0 0 0 0
15 b 19 : 0 0 0 0 0
20 b 24 : 0 0 0 0 0
25 b 29 : 0 0 0 0 0
30 b 34 : 0 0 0 0 0
35 b 39 : 0 0 0 0 0
40 b 44 : 0 0 0 0 0
45 b 49 : 0 0 0 200 0
50 b 54 : 0 0 0 0 0
55 b 59 : 0 0 0 0 0
60 b 64 : 0 0 0 0
cos: incoming
bbbbbbbbbb-

0 b 4 : 96226 0 0 0 0
5 b 7 : 0 167 1945
cos: outgoing
bbbbbbbbbb-

0 b 4 : 47323 0 0 0 0
5 b 7 : 0 16 185
Policer: Inprofile: 770 OutofProfile: 245757

--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com<http://www.sqlsecurity.com>
On Mon, Oct 11, 2010 at 9:36 AM, Nathan Richie <nathanr_at_boice.net<mailto:nathanr_at_boice.net>> wrote:
Does anybody know if I need to change the SDM prefer on a 3750 in order to
rate-limit or police (via service-policy) on a routed physical interface?  I
configured an ACL with a policy-map and applied it inbound on the interface
but the conformed packet counters do not increment.  I then tried rate-limit
commands, with the same results.
Regards,
Nathan
Blogs and organic groups at http://www.ccie.net

Received on Mon Oct 11 2010 - 22:14:26 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:06 ART