[c-nsp] Cat 4948 policer is greedy?

Rick Ernst cnsp at shreddedmail.com
Wed Feb 3 12:49:36 EST 2010

I'm using a Catalyst 4948 as a bump in the cable between another network
operator and a metro-ether backhaul to our POP.   We land some IP on the
4948 as SVIs for the trunk facing the other operator.  Other VLANs are
provisioned as "pass-through" for out-of-band circuits.

It was my previous experience that unless the policer was attached to the
layer-2 interface, or that the traffic landed on the device, that a policer
would not affect traffic.  I've run into a situation where a policer on a
shutdown interface is affecting traffic.  Modifying the service-policy on
Vlan3017 has an immediate effect on traffic passing across the VLAN.

Should this be happening?  It doesn't make sense to me based on the
configuration and previous experience with policing.



policy-map BW_5M
 class class-default
    police 5 mbps 0.125 mbyte conform-action transmit exceed-action drop

interface GigabitEthernet1/44
 description X-Connect to POP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan
 switchport trunk allowed vlan add 3025,3027-3029,3036-3039,3041-3099
 switchport mode trunk

interface GigabitEthernet1/45
 description Trunk to WiMAX
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 3000-3099
 switchport mode trunk
 spanning-tree bpdufilter enable

interface Vlan3017
 description Customer OOB VLAN
 no ip address
 no ip redirects
 no ip proxy-arp
! service-policy was not removed when service was changed from
! access to OOB
 service-policy input BW_5M
 service-policy output BW_5M

#show policy-map interface vlan3017

  Service-policy input: BW_5M

    Class-map: class-default (match-any)
      2097190676 packets
      Match: any
        2097190676 packets
      police: Per-interface
        Conform: 26477941465 bytes Exceed: 221088686 bytes

  Service-policy output: BW_5M

    Class-map: class-default (match-any)
      1991735528 packets
      Match: any
        1991735528 packets
      police: Per-interface
        Conform: 26477412954 bytes Exceed: 0 bytes

More information about the cisco-nsp mailing list