[nsp] traffic policing on a 3550-48-EMI

rwcrowe at comcast.net rwcrowe at comcast.net
Thu Jun 17 14:14:13 EDT 2004 

Try this instead of using the "match any" in the class-map:

mls qos
!
class-map match-all class_everything
   match access-group 101
!
!
policy-map 1mbps
   class class_everything
     police 1000000 8000 exceed-action drop
!
!
interface FastEthernet0/5
  switchport access vlan 60
  switchport mode access
  bandwidth 1000
  speed 10
  no ip address
  service-policy input 1mbps
  service-policy output 1mbps
  spanning-tree portfast
!
access-list 101 permit tcp any any eq www (to limit just port 80)

or

access-list 101 permit ip any any (if you want to limit all traffic)  


> 
> Hey,
> 
>   I'm trying to configure some traffic policing on my 3550-EMI switch.   
> Here is what I have...
> 
>   I have a machine which is currently spitting 30 mbps of web traffic at 
> the switch (If I let it).    I want to police it down to a reasonable 
> value (1mbps or so).
> 
> This is what I have configured so far.  What am I missing?
> 
> 3550-48#show version
> Cisco Internetwork Operating System Software
> IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(12c)EA1, RELEASE 
> SOFTWARE (fc1)
> Copyright (c) 1986-2002 by cisco Systems, Inc.
> Compiled Mon 25-Nov-02 00:07 by antonino
> Image text-base: 0x00003000, data-base: 0x0075FE48
> 
> ROM: Bootstrap program is C3550 boot loader
> 
> 3550-48 uptime is 39 weeks, 6 days, 21 hours, 5 minutes
> System returned to ROM by power-on
> System image file is 
> "flash:c3550-i5q3l2-mz.121-12c.EA1/c3550-i5q3l2-mz.121-12c.EA1.bin"
> 
> cisco WS-C3550-48 (PowerPC) processor (revision H0) with 65526K/8192K 
> bytes of memory.
> 
> Model revision number: H0
> Motherboard revision number: A0
> Model number: WS-C3550-48-EMI
> 
> mls qos
> !
> class-map match-all class_everything
>    match any
> !
> !
> policy-map 1mbps
>    class class_everything
>      police 1000000 8000 exceed-action drop
> !
> !
> interface FastEthernet0/5
>   switchport access vlan 60
>   switchport mode access
>   bandwidth 1000
>   speed 10
>   no ip address
>   service-policy input 1mbps
>   service-policy output 1mbps
>   spanning-tree portfast
> !
> 
> The port is still cranking out 4 mbps (I forced it to 10mbps mode to 
> save my upstream a bit)
> 
> 3550-48#show int f0/5
> FastEthernet0/5 is up, line protocol is up
>    Hardware is Fast Ethernet, address is 000b.fd67.9e85 (bia 
> 000b.fd67.9e85)
>    Description: x
>    MTU 1500 bytes, BW 1000 Kbit, DLY 1000 usec,
>       reliability 255/255, txload 18/255, rxload 162/255
>    Encapsulation ARPA, loopback not set
>    Keepalive set (10 sec)
>    Full-duplex, 10Mb/s
>    input flow-control is off, output flow-control is off
>    ARP type: ARPA, ARP Timeout 04:00:00
>    Last input never, output 00:00:00, output hang never
>    Last clearing of "show interface" counters 00:05:30
>    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>    Queueing strategy: fifo
>    Output queue :0/40 (size/max)
>    5 minute input rate 4448000 bits/sec, 327 packets/sec
>    5 minute output rate 73000 bits/sec, 186 packets/sec
>       124198 packets input, 184633146 bytes, 0 no buffer
>       Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
>       1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored
>       0 watchdog, 0 multicast, 0 pause input
>       0 input packets with dribble condition detected
>       73558 packets output, 5124380 bytes, 0 underruns
>       0 output errors, 0 collisions, 0 interface resets
>       0 babbles, 0 late collision, 0 deferred
>       0 lost carrier, 0 no carrier, 0 PAUSE output
>       0 output buffer failures, 0 output buffers swapped out
> 
> 3550-48#show mls qos interface f0/5
> FastEthernet0/5
> Attached policy-map for Ingress: 1mbps
> trust state: not trusted
> trust mode: not trusted
> COS override: dis
> Attached policy-map for Egress: 1mbps
> default COS: 0
> DSCP Mutation Map: Default DSCP Mutation Map
> trust device: none
> 
> 3550-48#show mls qos interface f0/5 statistics
> FastEthernet0/5
> Ingress
>    dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 2045584460 1978428161 67156299   0          27069088
> Egress
>    dscp: incoming   no_change  classified policed    dropped (in bytes)
> Others: 2584029791    n/a       n/a      0          0
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list