[c-nsp] Policing Confusion

Aaron Riemer ariemer at wesenergy.com.au
Mon Jan 5 01:45:52 EST 2009


Hi guys,
 
I am hoping you can help me out with some confusion I am having with
policing. I am testing policing at a remote site with a 512kb WAN
connection. What I am trying to achieve is to police virus updates from
our server so that this traffic can only obtain 128Kbps of the remote
sites bandwidth. I am policing in the outbound direction of the serial
WAN interface at the remote site. My question is how does this affect
traffic coming 'in' to the WAN interface from the outside? i.e. will
this configuration only police traffic going outbound rather than
inbound? It seems the policing isn't working as the virus updates are
still choking the link. 
 
class-map match-all virus-traffic
  match access-group 181
class-map match-any mission-critical
  match access-group 180
!
policy-map mission-critical
  class mission-critical
   bandwidth 256
  class virus-traffic
   police cir 128000
     conform-action transmit 
     exceed-action drop 
     violate-action drop 
  class class-default
   fair-queue
   random-detect
!
Interface Serial0/0
ip address x.x.x.x/x
service-policy output mission-critical
 
 
I hope this makes sense.
 
Thanks in advance.
 
Aaron.
 

LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.


More information about the cisco-nsp mailing list