[nsp] Example code of how to "rate limit" a port on a 3550

Matthew Crocker matthew at crocker.com
Thu Jul 1 12:04:50 EDT 2004 

On Jul 1, 2004, at 10:36 AM, Skeeve Stevens wrote:

> No way to control the speed someone can send out huh?
>
> Darn... We just had someone get a worm and massacre out upstream  
> network
> with 20mb of sustained traffic... What a pain!
>
> You rock Mat ;-)
>

Uh..  This is on the switch port.  input on the customer switch port is  
their output.  You can use the config below to rate-limit how much data  
enters your network at the point it enters the switch (customer switch  
port).  You can also rate limit outbound but not using an access-group  
class match.  You'll need to use DCSP macthing or some other method to  
mark packets then build a policy-map/policer with that class-map.


> ...Skeeve
>
>
> -----Original Message-----
> From: Matthew Crocker [mailto:matthew at crocker.com]
> Sent: Friday, 2 July 2004 12:20 AM
> To: skeeve at skeeve.org
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [nsp] Example code of how to "rate limit" a port on a 3550
>
>
>
> This is what I use,  works pretty well for me.
> !
> !
> mls qos
> !
> class-map match-all allip
> 	match access-group 100
> !
> policy-map 1mbps
> 	class allip
> 	  police 1000000 32000 exceed-action drop
> policy-map 2mbps
> 	class allip
> 	  police 2000000 32000 exceed-action drop
> !
> int f0/1
>   service-policy input 1mbps
> !
> !
> access-list 100 permit ip any any
> !
> !
>
>
> This only works to police packets as they enter the switch port.   You
> can't use 'match access-group' in a output service-policy on the 3550.
>
> -Matt
>
> On Jul 1, 2004, at 9:52 AM, Skeeve Stevens wrote:
>
>>
>> Ok.  I have a 3550 with layer 2 and 3 ports running.
>>
>> I want to do a very simple thing and rate limit some layer 3 ports to
>> the amount of bandwidth they can use.
>>
>> I don't particularly want any fancy QoS or anything like that, but
>> simply want to limit a port, for example to 4MB inbound and 10MB
>> outbound.
>>
>> If anyone knows how to do this as the rate-limit command isn't on the
>> 3550.
>> Example code would be nice as I know absolutely nothing about QoS.
>> Thanx.
>>
>>
>> .Skeeve
>>
>>
>> _______________________________________________________
>> Skeeve Stevens, RHCE     Email: skeeve at skeeve.org
>> Website: www.skeeve.org  - Telephone: (0414) 753 383
>> Address: P.O Box 1035, Epping, NSW, 1710, Australia
>>
>> eIntellego - skeeve at eintellego.net - www.eintellego.net
>> _______________________________________________________
>> Si vis pacem, para bellum
>>
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
> ======================================================================= 
> =
>  Pain free spam & virus protection by:          www.mailsecurity.net.au
>  Forward undetected SPAM to:                   spam at mailsecurity.net.au
> ======================================================================= 
> =
>

More information about the cisco-nsp mailing list