[c-nsp] Policing on 6500/SUP32
Alexandre Snarskii
snar at paranoia.ru
Sun Dec 17 12:45:49 EST 2006
On Sun, Dec 17, 2006 at 04:13:54PM +0100, Robert Hass wrote:
> Hi
>
> Currently my network looks like that:
>
> customer1 customer2
> | |
> 2960G 2960G
> | |
> 3750G--------3750G------7206VXR---ISP3
> \ /
> \ /
> \ /
> 6500/Sup32
> | |
> ISP1 ISP2
>
> All customers and upstreams ISPs are terminated on 6500 (SVIs - 1 VLAN
> for 1 Customer). There is also SVI between 6500 and 7200, 7200 have
> connection to 3rd ISP (due it's POS STM-1).
>
> And I have to provide shaping/policing for few customers. So I configured:
>
> mls qos
> policy-map Customer1-10Mb
> class class-default
> police cir 10000000 pir 10000000 conform-action transmit
> exceed-action drop
> !
> interface Vlan740
> description Customer1 (DC1, rack 6, floor 3)
> ip address x.x.x.x 255.255.255.252
> no ip redirects
> no ip proxy-arp
> load-interval 30
> service-policy input Customer1-10Mb
> service-policy output Customer1-10Mb
> !
>
> And it's working for egress traffic (service-policy output), but it's
> not working for ingress traffic (service-policy input). Why ?
I suppose, you forgot to configure 'mls qos vlan-based' on interfaces
facing towards 3750G.
> BTW. Which one from below will be best for policing customers ?
>
> 1) police cir XX pir YY conform-action transmit exceed-action drop
> or
> 2) police cir XX bc NN be YY conform-action transmit exceed-action drop
> or
> 3) police XX NN conform-action transmit exceed-action drop
>
> Thanks,
> Robert
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list