[c-nsp] Policing on 6500/SUP32
Robert Hass
robhass at gmail.com
Sun Dec 17 10:13:54 EST 2006
Hi
Currently my network looks like that:
customer1 customer2
| |
2960G 2960G
| |
3750G--------3750G------7206VXR---ISP3
\ /
\ /
\ /
6500/Sup32
| |
ISP1 ISP2
All customers and upstreams ISPs are terminated on 6500 (SVIs - 1 VLAN
for 1 Customer). There is also SVI between 6500 and 7200, 7200 have
connection to 3rd ISP (due it's POS STM-1).
And I have to provide shaping/policing for few customers. So I configured:
mls qos
policy-map Customer1-10Mb
class class-default
police cir 10000000 pir 10000000 conform-action transmit
exceed-action drop
!
interface Vlan740
description Customer1 (DC1, rack 6, floor 3)
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip proxy-arp
load-interval 30
service-policy input Customer1-10Mb
service-policy output Customer1-10Mb
!
And it's working for egress traffic (service-policy output), but it's
not working for ingress traffic (service-policy input). Why ?
BTW. Which one from below will be best for policing customers ?
1) police cir XX pir YY conform-action transmit exceed-action drop
or
2) police cir XX bc NN be YY conform-action transmit exceed-action drop
or
3) police XX NN conform-action transmit exceed-action drop
Thanks,
Robert
More information about the cisco-nsp
mailing list