[c-nsp] Policing on a 3560

Ziv Leyes zivl at gilat.net
Thu Aug 6 03:27:19 EDT 2009


I had the same problem when trying to police L2 traffic and I've been told to use the dscp default to match all traffic
You don't need to qualify it, it is already default, so why setting it again?
This is what you should try based on what I use and it works fine:

! Don't forget to set this globally
mls qos

class-map match-all ALL
  match ip dscp 0
!
policy-map Re-color-BE
  description Police to 10Mbps CIR - Re-color ALL to BE
  class ALL
   police 10000000 8000 exceed-action drop
! not sure the following line is required
!   set ip dscp default

Hope this helps
Ziv


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Tuesday, August 04, 2009 11:30 PM
To: 'Cisco-nsp'
Subject: [c-nsp] Policing on a 3560

I'm having a little trouble doing something that should be simple.  I'm
using a 3560 as a CPE to break up multiple services and bind them to
unique switchports.  I don't normally use 3560s for this.  The port in
question is for a 10Mbp PtP with no SLA across our backbone.

What I currently have is apparently not doing anything and I fail to see
the flaw in my logic:


class-map match-all ALL
!
!
policy-map Re-color-BE
  description Police to 10Mbps CIR - Re-color ALL to BE
  class ALL
   police 10000000 8000 exceed-action drop
   set ip dscp default


This is my QoS trust boundary so I'm re-coloring to 0 and setting muy
CIR to 10Mbps.  The switch wouldn't let me define 'match any' in the
class-map.  I suspect that I'm not matching anything because of that.  I
want to match anything coming in that interface and police it to the CIR
and drop everything else.  I must be missing something but I'm not sure
what it is.  Is there something unique about this platform?  The IOS is
12.2(50)SE1.

Thanks
  Justin




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





__________ Information from ESET NOD32 Antivirus, version of virus signature database 4310 (20090805) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4310 (20090805) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************





More information about the cisco-nsp mailing list