[nsp] Example code of how to "rate limit" a port on a 3550

Jon Lewis jlewis at lewis.org
Fri Jul 2 11:23:06 EDT 2004 

On Fri, 2 Jul 2004, Matthew Crocker wrote:

> My new config which appears to be working for inbound (customer to me,
> customer to Internet) and outbound (me to customer, Internet to
> customer) uses dscp on both ingress and egress.
>
> class-map match-any everything
> 	match ip dscp 0
>
> policy-map 1mbps
>     class everything
>       police 1000000 8000 exceed-action drop
>
>
> int f0/5
>    service-policy input 1mbps
>    service-policy output 1mbps

Are you sure this is working?  I just copied this verbatim (other than the
interface number) and I find it polices egress (to the box on the
configured port) but not ingress.

#sh  mls qos interface fastEthernet 0/14 statistics
FastEthernet0/14
Ingress
  dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 22186896   385        22186511   0          0
Egress
  dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 1014364       n/a       n/a      0          138138

It does classify the ingress packets, but doesn't drop any.

> I'll beat on the server a bit to test it out some more.
>
> 3550-48# show mls qos interface f0/5
> FastEthernet0/5
> Attached policy-map for Ingress: 1mbps
> trust state: not trusted
> trust mode: not trusted
> COS override: dis
> Attached policy-map for Egress: 1mbps
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none

#show mls qos interface f0/14
FastEthernet0/14
Attached policy-map for Ingress: 1mbps
trust state: not trusted
trust mode: not trusted
COS override: dis
Attached policy-map for Egress: 1mbps
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
trust device: none

> 3550-48# show mls qos interface f0/5 statistics
> FastEthernet0/5
> Ingress
>    dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 38984265   38123202   861063     0          1252177044
> Egress
>    dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 2227787239    n/a       n/a      0          0

Did you clear mls qos interface f0/5 statistics before testing this new
config?  Those numbers look kind of big...so I'm guessing maybe not.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list