[c-nsp] 3550 Policing

Chris Riling criling at gmail.com
Thu May 8 14:16:28 EDT 2008 

Ah, if that's the case that makes sense...

Thanks!
Chris


On 5/8/08, Tassos Chatzithomaoglou <achatz at forthnet.gr> wrote:
>
> I guess the "match any" under your class is like the class-default which
> cannot be used for policing on the 3550.
>
> On the other hand, "dscp 0" refers to all traffic on untrusted ports, which
> might be ok for you.
>
>
> --
> Tassos
>
>
> Chris Riling wrote on 8/5/2008 8:23 μμ:
>
>> I had heard of that before as well, but now that I changed the class map
>> to
>> match-all on dscp 0 it *seems* to work. hmrph. I guess I'll just keep an
>> eye
>> on the MRTG graphs... :
>>
>> FastEthernet0/11
>> Ingress
>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>> Others: 3537826000 2791863566 745962434  0          2467793
>> Egress
>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>> Others: 676669051     n/a       n/a      0          1975855
>>
>>
>> Thanks!
>> Chris
>>
>>
>> On 5/8/08, Jeff Cartier <jcartier at acs.on.ca> wrote:
>>
>>>  I've come into issues before where the counters don't actually 'count'
>>> per say...It's working, but from looking at show commands...you wouldn't
>>> guess it.  IOS bug.
>>>
>>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net on behalf of Daniel Hooper
>>> Sent: Thu 5/8/2008 1:08 PM
>>> To: Chris Riling; cisco-nsp at puck.nether.net
>>> Subject: Re: [c-nsp] 3550 Policing
>>>
>>>
>>>
>>>  -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp- <cisco-nsp->
>>>> bounces at puck.nether.net] On Behalf Of Chris Riling
>>>> Sent: Thursday, 8 May 2008 11:33 PM
>>>> To: cisco-nsp at puck.nether.net
>>>> Subject: [c-nsp] 3550 Policing
>>>>
>>>> Hi All,
>>>>
>>>>     I'm having an issue with policing on the 3550;
>>>>
>>>> mls qos
>>>>
>>>> class-map match-any Match-Any-Rate-Limit
>>>>  match any
>>>>
>>>> policy-map 10Mbps-Rate-Limit
>>>>  class Match-Any-Rate-Limit
>>>>    police 10000000 2000000 exceed-action drop
>>>>
>>>> interface FastEthernet0/11
>>>>  description XXXX
>>>>  switchport access vlan XXX
>>>>  switchport mode access
>>>>  no ip address
>>>>  service-policy input 10Mbps-Rate-Limit
>>>>  service-policy output 10Mbps-Rate-Limit
>>>> end
>>>>
>>>> FastEthernet0/11
>>>> Ingress
>>>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>>>> Others: 4109200271 3363237923 745962348  0          0
>>>> Egress
>>>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>>>> Others: 1755089285    n/a       n/a      0          0
>>>>
>>>>
>>>> Any ideas? It seems to be working to some extent, although the
>>>> "policed"
>>>> counter is 0 and they're bursting a bit higher than they should be. I
>>>> have
>>>> similar policers on some 4948's and it works fine, is there something
>>>> on the
>>>> 3550 I should know about?
>>>>
>>>> Thanks!
>>>> Chris
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>> Here's what I'm using on a 3550 which is working:
>>>
>>> class-map match-all 2MBIT
>>>  match ip dscp default
>>>
>>> policy-map 2MBIT
>>>  class 2MBIT
>>>    police 2000000 512000 exceed-action drop
>>>
>>> !
>>> interface FastEthernet0/1
>>>  switchport access vlan 606
>>>  switchport mode access
>>>  service-policy input 2MBIT
>>>  speed 100
>>>  duplex full
>>>  no cdp enable
>>>  spanning-tree bpdufilter enable
>>>
>>> switch#sh mls qos interface FastEthernet 0/1 statistics
>>> FastEthernet0/1
>>> Ingress
>>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>>> Others: 1859986733 1854120139 5866594    0          18280295
>>> Egress
>>>  dscp: incoming   no_change  classified policed    dropped (in bytes)
>>> Others: 1461309424    n/a       n/a      0          0
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>

More information about the cisco-nsp mailing list