Re: c3560 and traffic policing issue

Thanks Narbik!

Arghhh, "nice feature" :). I assume that the only way to check if the
police is really in place is to check the interface counters.

Cheers,
Calin

On 3/11/12 8:25 PM, Narbik Kocharians wrote:
> That is correct, the "Show policy-map interface" command on your switch
> will not show anything, basically that command does not work on switches.
>
> On Sun, Mar 11, 2012 at 12:04 PM, Calin Chiorean <calin_at_engineer.com> wrote:
>
>> Hello all,
>>
>> I have a QoS related issue with 3560 and I'm thinking that maybe you can
>> help me.
>>
>> The topology is something like:
>>
>> R1 - SW1 - SW2 - R3
>>
>> On R1 I have to mark all traffic with DSCP 10:
>>
>> policy-map OUT
>> class class-default
>> set ip dscp 10
>> !
>> int fa0/0
>> service-policy output OUT
>>
>> To prove that this is working (SW1 / SW2 mls qos disabled) I have on R3
>> a policy-map with a class-map matching on DSCP 10. I issue a ping from
>> R1 to R3 and:
>>
>> R3#sh policy-map int fa0/1
>> FastEthernet0/1
>>
>> Service-policy input: IN
>>
>> Class-map: D10 (match-all)
>> 5 packets, 570 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp af11 (10)
>>
>> Class-map: class-default (match-any)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: any
>>
>> Everything working.
>>
>> Now the issue. On SW2 I need to match on DSCP 10 traffic and to police
>> it to 1Mbps:
>>
>> !
>> no mls qos rewrite ip dscp
>> mls qos
>> !
>> class-map match-all D10
>> match ip dscp 10
>> !
>> policy-map POLICE
>> class D10
>> police 1000000 250000 exceed-action drop
>> !
>> int fa0/19
>> service-policy input POLICE
>>
>> For a test, I issue another ping from R1 to R3. I see the packets on R3,
>> but on SW2 there seems to be no packet matched:
>>
>>
>> SW2#sh policy-map int fa0/19
>> FastEthernet0/19
>>
>> Service-policy input: POLICE
>>
>> Class-map: D10 (match-all)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: ip dscp af11 (10)
>>
>> Class-map: class-default (match-any)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>> 0 packets, 0 bytes
>> 5 minute rate 0 bps
>>
>> It appear to match zero packets, but if I police very low to let's say
>> 10kbits and I look at the interface statistics of R3, the policing seems
>> to work
>>
>> The IOS image on the 3560 is:
>> SW2#sh ver | i image
>> System image file is "flash:c3560-advipservicesk9-mz.122-44.SE6.bin"
>>
>> Do you think it's a bug on 3560 (I could not find one on Cisco Bug
>> toolkit) and the police actually work but the output is wrong?
>>
>>
>> Thanks to all!
>>
>> Cheers,
>> Calin C.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Mar 11 2012 - 20:32:51 ART