[c-nsp] Ingress policing on a 3560
Tom Storey
tom at snnap.net
Sun May 31 22:38:50 EDT 2009
Hi all.
What I'm trying to do is police ingress on a port, using a MAC ACL to
match traffic to police (just a "permit any any" to match all traffic).
But what I'm getting is that the switch doesnt appear to be matching any
traffic at all.
sw2#sh int gi0/14 | inc put rate
30 second input rate 20449000 bits/sec, 1688 packets/sec
30 second output rate 2620000 bits/sec, 1690 packets/sec
sw2#sh policy-map int gi0/14
GigabitEthernet0/14
Service-policy input: police-10mbit-in
Class-map: mac-any-any (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name mac-any-any
0 packets, 0 bytes
30 second rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Does anyone have any pointers as to what I'm doing wrong? Below is my config.
mac access-list extended mac-any-any
permit any any
!
class-map match-any mac-any-any
match access-group name mac-any-any
!
policy-map police-10mbit-in
class mac-any-any
police 10000000 1000000 exceed-action drop
!
interface GigabitEthernet0/14
service-policy input police-10mbit-in
!
Ive also tried with just class-default, but got the same result.
I am currently using the "vlan" SDM profile, if that makes any difference.
Cheers,
Tom
More information about the cisco-nsp
mailing list