[c-nsp] 6500 policing

Jon Lewis jlewis at lewis.org
Mon Aug 2 16:52:11 EDT 2010


I was under the impression that the 6500 can only egress police layer 3 
interfaces...thus the output service-policy is on the SVI.

http://www.gossamer-threads.com/lists/cisco/nsp/59889

On Mon, 2 Aug 2010, Arie Vayner (avayner) wrote:

> Jon,
>
> Do you want to police the traffic on the physical port or on the vlan?
> If on the physical port, apply the policy on the port itself...
>
> There is a good chance that in that old IOS there would be a problem
> with VLAN counters...
>
> Arie
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Lewis
> Sent: Monday, August 02, 2010 20:39
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] 6500 policing
>
> I'm having some trouble with policing on a 6500 (sup720-3bxl) on a
> WS-X6416-GBIC port.  The port is supposed to be rate-limited to
> 40mbit/s.
> The physical port is configured as a layer 2 port tied to a single vlan
> (switchport access vlan ...).  Egress policing is applied to the SVI
> port
>
> interface Vlan2006
>  service-policy output 40mbit
>
> The policy-map is simply
>
> class-map match-any all
>   match ip dscp default
> policy-map 40mbit
>   class all
>      police 40000000 4000000 4000000 conform-action transmit
> exceed-action drop
>
> The interface counters really don't make much sense.  show int g...
> shows
> the physical port is doing 20-25mbit/s in each direction.  show int
> vl2006
> claims there's no input and 10mbit/s output traffic.  I can live with
> the
> vlan interface counters being bogus, but what I'm seeing is at
> 20-25mbit/s
> output traffic on the gig port, output packets are being dropped and sh
> mls qos ip g... shows policed packets incrementing at a pretty good
> rate.
>
> I'm tempted to reconfigure the physical ports as layer 3 ports to see if
>
> that makes any difference.
>
> I'm doing similar policing on other interfaces and can't recall ever
> seeing this behavior.
>
> ----------------------------------------------------------------------
>  Jon Lewis                   |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


More information about the cisco-nsp mailing list