[nsp] traffic policing on a 3550-48-EMI

Matthew Crocker matthew at crocker.com
Thu Jun 17 12:53:05 EDT 2004 

Hey,

  I'm trying to configure some traffic policing on my 3550-EMI switch.   
Here is what I have...

  I have a machine which is currently spitting 30 mbps of web traffic at 
the switch (If I let it).    I want to police it down to a reasonable 
value (1mbps or so).

This is what I have configured so far.  What am I missing?

3550-48#show version
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(12c)EA1, RELEASE 
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 25-Nov-02 00:07 by antonino
Image text-base: 0x00003000, data-base: 0x0075FE48

ROM: Bootstrap program is C3550 boot loader

3550-48 uptime is 39 weeks, 6 days, 21 hours, 5 minutes
System returned to ROM by power-on
System image file is 
"flash:c3550-i5q3l2-mz.121-12c.EA1/c3550-i5q3l2-mz.121-12c.EA1.bin"

cisco WS-C3550-48 (PowerPC) processor (revision H0) with 65526K/8192K 
bytes of memory.

Model revision number: H0
Motherboard revision number: A0
Model number: WS-C3550-48-EMI

mls qos
!
class-map match-all class_everything
   match any
!
!
policy-map 1mbps
   class class_everything
     police 1000000 8000 exceed-action drop
!
!
interface FastEthernet0/5
  switchport access vlan 60
  switchport mode access
  bandwidth 1000
  speed 10
  no ip address
  service-policy input 1mbps
  service-policy output 1mbps
  spanning-tree portfast
!

The port is still cranking out 4 mbps (I forced it to 10mbps mode to 
save my upstream a bit)

3550-48#show int f0/5
FastEthernet0/5 is up, line protocol is up
   Hardware is Fast Ethernet, address is 000b.fd67.9e85 (bia 
000b.fd67.9e85)
   Description: x
   MTU 1500 bytes, BW 1000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 18/255, rxload 162/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex, 10Mb/s
   input flow-control is off, output flow-control is off
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input never, output 00:00:00, output hang never
   Last clearing of "show interface" counters 00:05:30
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue :0/40 (size/max)
   5 minute input rate 4448000 bits/sec, 327 packets/sec
   5 minute output rate 73000 bits/sec, 186 packets/sec
      124198 packets input, 184633146 bytes, 0 no buffer
      Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
      1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 0 multicast, 0 pause input
      0 input packets with dribble condition detected
      73558 packets output, 5124380 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

3550-48#show mls qos interface f0/5
FastEthernet0/5
Attached policy-map for Ingress: 1mbps
trust state: not trusted
trust mode: not trusted
COS override: dis
Attached policy-map for Egress: 1mbps
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
trust device: none

3550-48#show mls qos interface f0/5 statistics
FastEthernet0/5
Ingress
   dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 2045584460 1978428161 67156299   0          27069088
Egress
   dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 2584029791    n/a       n/a      0          0

More information about the cisco-nsp mailing list