[c-nsp] 3550 Policing

Chris Riling criling at gmail.com
Thu May 8 13:23:20 EDT 2008 

I had heard of that before as well, but now that I changed the class map to
match-all on dscp 0 it *seems* to work. hmrph. I guess I'll just keep an eye
on the MRTG graphs... :

FastEthernet0/11
Ingress
  dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 3537826000 2791863566 745962434  0          2467793
Egress
  dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 676669051     n/a       n/a      0          1975855


Thanks!
Chris


On 5/8/08, Jeff Cartier <jcartier at acs.on.ca> wrote:
>
>  I've come into issues before where the counters don't actually 'count'
> per say...It's working, but from looking at show commands...you wouldn't
> guess it.  IOS bug.
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net on behalf of Daniel Hooper
> Sent: Thu 5/8/2008 1:08 PM
> To: Chris Riling; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 3550 Policing
>
>
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp- <cisco-nsp->
> > bounces at puck.nether.net] On Behalf Of Chris Riling
> > Sent: Thursday, 8 May 2008 11:33 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] 3550 Policing
> >
> > Hi All,
> >
> >      I'm having an issue with policing on the 3550;
> >
> > mls qos
> >
> > class-map match-any Match-Any-Rate-Limit
> >   match any
> >
> > policy-map 10Mbps-Rate-Limit
> >   class Match-Any-Rate-Limit
> >     police 10000000 2000000 exceed-action drop
> >
> > interface FastEthernet0/11
> >  description XXXX
> >  switchport access vlan XXX
> >  switchport mode access
> >  no ip address
> >  service-policy input 10Mbps-Rate-Limit
> >  service-policy output 10Mbps-Rate-Limit
> > end
> >
> > FastEthernet0/11
> > Ingress
> >   dscp: incoming   no_change  classified policed    dropped (in bytes)
> > Others: 4109200271 3363237923 745962348  0          0
> > Egress
> >   dscp: incoming   no_change  classified policed    dropped (in bytes)
> > Others: 1755089285    n/a       n/a      0          0
> >
> >
> > Any ideas? It seems to be working to some extent, although the
> > "policed"
> > counter is 0 and they're bursting a bit higher than they should be. I
> > have
> > similar policers on some 4948's and it works fine, is there something
> > on the
> > 3550 I should know about?
> >
> > Thanks!
> > Chris
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> Here's what I'm using on a 3550 which is working:
>
> class-map match-all 2MBIT
>   match ip dscp default
>
> policy-map 2MBIT
>   class 2MBIT
>     police 2000000 512000 exceed-action drop
>
> !
> interface FastEthernet0/1
>  switchport access vlan 606
>  switchport mode access
>  service-policy input 2MBIT
>  speed 100
>  duplex full
>  no cdp enable
>  spanning-tree bpdufilter enable
>
> switch#sh mls qos interface FastEthernet 0/1 statistics
> FastEthernet0/1
> Ingress
>   dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 1859986733 1854120139 5866594    0          18280295
> Egress
>   dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 1461309424    n/a       n/a      0          0
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list