[c-nsp] Traffic policing on Catalyst 4503
Vincent De Keyzer
vincent at dekeyzer.net
Tue Jan 9 11:19:37 EST 2007
BTW, can you do traffic policing on a layer 2 interface as well? By 'layer 2
interface', I mean an interface that does not have an IP address and hence
could be carrying IPX traffic, or something else, that I still want to
traffic police.
Vincent
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Bostjan Fele
> Sent: mardi 9 janvier 2007 14:31
> To: Chinzee
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Traffic policing on Catalyst 4503
>
> Documentation
> (http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configura
> tion_guide_chapter09186a00804d78a7.html#wp1213649) states:
>
> When configuring policing and policers, keep these items in mind:
>
>
> .For IP packets, only the length of the IP payload (the total length
> field in the IP header) is used by the policer for policing computation.
> The Layer 2 header and trailer length are not taken into account. For
> example, for a 64-byte Ethernet II IP packet, only 46 bytes are taken
> into account for policing (64 bytes - 14 byte Ethernet Header - 4 bytes
> Ethernet CRC).
>
>
> Regards,
> Bostjan
>
> On Tue, 2007-01-09 at 01:28 -0800, Chinzee wrote:
> > Hi all,
> >
> > There is a problem on traffic shaping on Catalyst 4503. config is like
> this :
> > !
> > class-map match-all MatchAnyPacket
> > match any
> > !
> > !
> > policy-map 1Mbps
> > class MatchAnyPacket
> > police 1024000 bps 128000 byte conform-action transmit exceed-action
> drop
> > !
> > ............
> > interface GigabitEthernet2/44
> > no switchport
> > ip address 203.x.x.x 255.255.255.248
> > service-policy input 1Mbps
> > service-policy output 1Mbps
> > !
> > Then I saw how the effect is. The log is
> > ######################LOG START####################
> > Core_SW_4503#show policy-map inter giga 2/44
> > GigabitEthernet2/44
> >
> > Service-policy input: 1Mbps
> >
> > Class-map: MatchAnyPacket (match-all)
> > 387565 packets
> > Match: any
> > police: Per-interface
> > Conform: 128643858 bytes Exceed: 76123404 bytes
> >
> >
> > Class-map: class-default (match-any)
> > 0 packets
> > Match: any
> >
> > Service-policy output: 1Mbps
> >
> > Class-map: MatchAnyPacket (match-all)
> > 387604 packets
> > Match: any
> > police: Per-interface
> > Conform: 19499135 bytes Exceed: 2687511 bytes
> >
> >
> > Class-map: class-default (match-any)
> > 0 packets
> > Match: any
> > #################### LOG END#############
> >
> > I wanted to control both upload and download rate.
> > But on the MRTG, it shows about 1.5Mbps. Is there anything wrong with my
> config or other issues?
> > Please give some advice.
> >
> > Rgds,
> >
> > Chinzorig G.
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list