[nsp] Example code of how to "rate limit" a port on a 3550

sam_ml at spacething.org sam_ml at spacething.org
Fri Jul 2 08:55:13 EDT 2004 

This is irrelevant. You can use the "match any" statement in the class-map 
and rate-limit inbound about outbound.

Sam

On Thu, 1 Jul 2004, Jon Lewis wrote:

> Part of why I posted was I wasn't 100% sure about this, so I wanted to see
> if someone would suggest it was wrong.  It worked 'in the lab', but I made
> no effort to mess with DSCP.  My understanding was that without
> configuring interfaces to trust DSCP, DSCP is always 0.
> 
> http://www.cisco.com/en/US/customer/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
> 
>  When an interface is not trusted (this is the default state when QoS is
>  enabled), the internal DSCP will be derived from the configurable default
>  CoS for the corresponding interface. If no default CoS is configured, the
>  default value will be zero.
> 
> 
> On Thu, 1 Jul 2004, Warren Kumari, PhD, CCIE#9190 wrote:
> 
> > Well, yeah, but only on dscp 0 traffic. Traffic with other DSCP bits
> > wont get policed (and it seems that more and more virii and DoS are
> > setting DSCP). You will need to match all of hte DSCP bits for police
> > this way.
> >
> > Warren
> > On Jul 1, 2004, at 3:57 PM, Jon Lewis wrote:
> >
> > > On Thu, 1 Jul 2004, Matthew Crocker wrote:
> > >
> > >> This is what I use,  works pretty well for me.
> > >> !
> > >> class-map match-all allip
> > >> 	match access-group 100
> > >> !
> > >> policy-map 2mbps
> > >> 	class allip
> > >> 	  police 2000000 32000 exceed-action drop
> > >> !
> > >> int f0/1
> > >>   service-policy input 1mbps
> > >> !
> > >> access-list 100 permit ip any any
> > >>
> > >> This only works to police packets as they enter the switch port.   You
> > >> can't use 'match access-group' in a output service-policy on the 3550.
> > >
> > > If, in the class map, you match ip dscp 0, instead of an access-group,
> > > you
> > > can police in both directions.
> > >
> > > ----------------------------------------------------------------------
> > >  Jon Lewis                   |  I route
> > >  Senior Network Engineer     |  therefore you are
> > >  Atlantic Net                |
> > > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> > --
> > Outside of a dog, a book is your best friend, and inside of a dog, it's
> > too dark to read
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> ----------------------------------------------------------------------
>  Jon Lewis                   |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list