[nsp] Weird Problem - 6509 rate limiting

Paul Stewart pauls at nexicom.net
Wed Mar 17 18:17:10 EST 2004 

OK.. Here's the latest .. My apologies to the list if this is getting boring
but I'm sure others have "fought the same battle" I am so hopefully this
conversation is helpful...

I've gone back to policing as my best option.... Couldn't get rate-limiting
working even if I turned mls off (which I don't like but was willing to
accept)...

So, I've setup the following:

class-map match-all fiber
  match access-group 105
!
!
policy-map Paul
  class fiber
    bandwidth 256000
     police 256000 15000 15000 conform-action transmit exceed-action drop

access-list 105 permit ip any any

This should limit traffic to 256k (roughly) when applied as a service policy
correct?

So I try to apply the service policy to a Fe interface:

interface FastEthernet4/2
 bandwidth 10000000
 service-policy input Paul

It will only take it as "input" as explained in other replies (thank you).

Setting this port to a switchport I am able to verify that I can download at
whatever speed is available but only upload to a remote site at 256k.  So
(based on other feedback - again, thank you) I figure that I will "loop"
vlan's through two ports (out of one into the other and vice versa)
therefore applying the service-policy in both directions (in this case
256k).

I have played with many setups to try and force a vlan through two ports
*before* talking to the supervisor and am completely lost to be honest...

For testing purposes I have setup the following:

interface FastEthernet4/1
 bandwidth 10000000
 service-policy input Paul
 switchport
 switchport trunk encapsulation isl
 switchport trunk allowed vlan 500
 switchport mode trunk
 no cdp enable
!
interface FastEthernet4/2
 bandwidth 10000000
 service-policy input Paul
 switchport
 switchport trunk encapsulation isl
 switchport trunk allowed vlan 500
 switchport mode trunk
 no cdp enable

Joined the two of these ports via a crossover cable etc... But I know this
is blatantly wrong... I setup FastEthernet 4/3 as a switchport access vlan
500 port where I connected my notebook...

Also..

interface Vlan500
 ip address xxx.xxx.xxx.xxx 255.255.255.252

So where am I going wrong...? When I setup Fe4/3 as an access port the
traffic just flows through the system without crossing the two Fe4/1 and 4/2
ports where the policy would be applied.

Do I have to use stp priorities to make this happen?  That seems like a lot
of work to force traffic on vlan's to pass two ports etc.... I'm also trying
to figure out how to setup the ports so that a remote vlan (which would use
two ports) will work in this setup....?

Again, sorry if this is dumb questions but I'm in over my head on this job
now and am hoping for some friendly help from this wonderful list... Thanks
again to everyone for their replies (have received a lot of valuable
input)....

Take care,

Paul

More information about the cisco-nsp mailing list