[c-nsp] 3550 Policing
Tassos Chatzithomaoglou
achatz at forthnet.gr
Thu May 8 14:01:02 EDT 2008
I guess the "match any" under your class is like the class-default which cannot be used for policing
on the 3550.
On the other hand, "dscp 0" refers to all traffic on untrusted ports, which might be ok for you.
--
Tassos
Chris Riling wrote on 8/5/2008 8:23 μμ:
> I had heard of that before as well, but now that I changed the class map to
> match-all on dscp 0 it *seems* to work. hmrph. I guess I'll just keep an eye
> on the MRTG graphs... :
>
> FastEthernet0/11
> Ingress
> dscp: incoming no_change classified policed dropped (in bytes)
> Others: 3537826000 2791863566 745962434 0 2467793
> Egress
> dscp: incoming no_change classified policed dropped (in bytes)
> Others: 676669051 n/a n/a 0 1975855
>
>
> Thanks!
> Chris
>
>
> On 5/8/08, Jeff Cartier <jcartier at acs.on.ca> wrote:
>> I've come into issues before where the counters don't actually 'count'
>> per say...It's working, but from looking at show commands...you wouldn't
>> guess it. IOS bug.
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net on behalf of Daniel Hooper
>> Sent: Thu 5/8/2008 1:08 PM
>> To: Chris Riling; cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] 3550 Policing
>>
>>
>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp- <cisco-nsp->
>>> bounces at puck.nether.net] On Behalf Of Chris Riling
>>> Sent: Thursday, 8 May 2008 11:33 PM
>>> To: cisco-nsp at puck.nether.net
>>> Subject: [c-nsp] 3550 Policing
>>>
>>> Hi All,
>>>
>>> I'm having an issue with policing on the 3550;
>>>
>>> mls qos
>>>
>>> class-map match-any Match-Any-Rate-Limit
>>> match any
>>>
>>> policy-map 10Mbps-Rate-Limit
>>> class Match-Any-Rate-Limit
>>> police 10000000 2000000 exceed-action drop
>>>
>>> interface FastEthernet0/11
>>> description XXXX
>>> switchport access vlan XXX
>>> switchport mode access
>>> no ip address
>>> service-policy input 10Mbps-Rate-Limit
>>> service-policy output 10Mbps-Rate-Limit
>>> end
>>>
>>> FastEthernet0/11
>>> Ingress
>>> dscp: incoming no_change classified policed dropped (in bytes)
>>> Others: 4109200271 3363237923 745962348 0 0
>>> Egress
>>> dscp: incoming no_change classified policed dropped (in bytes)
>>> Others: 1755089285 n/a n/a 0 0
>>>
>>>
>>> Any ideas? It seems to be working to some extent, although the
>>> "policed"
>>> counter is 0 and they're bursting a bit higher than they should be. I
>>> have
>>> similar policers on some 4948's and it works fine, is there something
>>> on the
>>> 3550 I should know about?
>>>
>>> Thanks!
>>> Chris
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> Here's what I'm using on a 3550 which is working:
>>
>> class-map match-all 2MBIT
>> match ip dscp default
>>
>> policy-map 2MBIT
>> class 2MBIT
>> police 2000000 512000 exceed-action drop
>>
>> !
>> interface FastEthernet0/1
>> switchport access vlan 606
>> switchport mode access
>> service-policy input 2MBIT
>> speed 100
>> duplex full
>> no cdp enable
>> spanning-tree bpdufilter enable
>>
>> switch#sh mls qos interface FastEthernet 0/1 statistics
>> FastEthernet0/1
>> Ingress
>> dscp: incoming no_change classified policed dropped (in bytes)
>> Others: 1859986733 1854120139 5866594 0 18280295
>> Egress
>> dscp: incoming no_change classified policed dropped (in bytes)
>> Others: 1461309424 n/a n/a 0 0
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list