[c-nsp] 6500 policing

Arie Vayner (avayner) avayner at cisco.com
Mon Aug 2 16:43:03 EDT 2010 

Jon,

Do you want to police the traffic on the physical port or on the vlan?
If on the physical port, apply the policy on the port itself...

There is a good chance that in that old IOS there would be a problem
with VLAN counters...

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Lewis
Sent: Monday, August 02, 2010 20:39
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 6500 policing

I'm having some trouble with policing on a 6500 (sup720-3bxl) on a 
WS-X6416-GBIC port.  The port is supposed to be rate-limited to
40mbit/s. 
The physical port is configured as a layer 2 port tied to a single vlan 
(switchport access vlan ...).  Egress policing is applied to the SVI
port

interface Vlan2006
  service-policy output 40mbit

The policy-map is simply

class-map match-any all
   match ip dscp default
policy-map 40mbit
   class all
      police 40000000 4000000 4000000 conform-action transmit
exceed-action drop

The interface counters really don't make much sense.  show int g...
shows 
the physical port is doing 20-25mbit/s in each direction.  show int
vl2006 
claims there's no input and 10mbit/s output traffic.  I can live with
the 
vlan interface counters being bogus, but what I'm seeing is at
20-25mbit/s 
output traffic on the gig port, output packets are being dropped and sh 
mls qos ip g... shows policed packets incrementing at a pretty good
rate.

I'm tempted to reconfigure the physical ports as layer 3 ports to see if

that makes any difference.

I'm doing similar policing on other interfaces and can't recall ever 
seeing this behavior.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list