Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
2
Replies

Policing not working on 6509 port.

jkeeffe
Level 2
Level 2

‎03-01-2007 10:56 AM - edited ‎03-05-2019 02:39 PM

I'm trying to police traffic from a source to 1.5mbps going out of a gig port on a 6509 sup720 IOS 2.2(18)SXE.

Here is the class map and policy map:

class-map match-any DVR

match access-group 130

!

!

policy-map DVR-test

class DVR

police cir 1544000 bc 48250 be 48250 conform-action transmit exceed-action drop

access-list 130 permit IP host 172.26.1.5 any

Here is the interface config:

interface GigabitEthernet2/5

description B138 .43.146

ip address xxx.xxx.xxx.xxx 255.255.255.128

ip helper-address xxx.xxx.xxx.xxx

load-interval 30

mls qos trust dscp

service-policy output DVR-test

Here is the output of 'sh policy-map int':

ROC-6509-DU-B#sh policy-map int

GigabitEthernet2/5

Service-policy output: DVR-test

Class-map: DVR (match-any)

1490981 packets, 202422171 bytes

30 second offered rate 4549000 bps, drop rate 0 bps

Match: access-group 130

1490559 packets, 202276188 bytes

30 second rate 4547000 bps

Class-map: class-default (match-any)

64767 packets, 44867028 bytes

30 second offered rate 647000 bps, drop rate 0 bps

Match: any

There is no reference to policing in the 'show policy-map int' and the output of 'sh mls qos ip int g2/5' doesn't show any policed packets:

ROC-6509-DU-B#sh mls qos ip g2/5

[In] Default. [Out] Policy map is DVR-test

QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)

Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By

Id Id

-------------------------------------------------------------------------------

Gi2/5 5 In Default 0 0* No 0 323360701600 0

Is my policy-map incorrect?

Labels:
0 Helpful
2 Replies 2

Prashanth Krishnappa
Cisco Employee
Cisco Employee

‎03-01-2007 05:16 PM

CIR is not supported on ethernet interfaces. Use an aggregate or individual policer

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/qos.htm

0 Helpful

jkeeffe
Level 2
Level 2
In response to Prashanth Krishnappa

‎03-02-2007 07:24 AM

Thanks for the link. But check out the chapter starting on page 42-120 almost at the end of the document, where it gives an example of a policy map for an ethernet interface with policing:

policy-map IPPHONE-PC

class CLASSIFY-OTHER

police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop

It states that "This example configures the CIR to be 50 Mbps."

Just below that it states: "This is a basic example of a single rate per-interface aggregate policer. The Supervisor Engine 2 and Supervisor Engine 720 forwarding engines also support a dual-rate policer for providing both CIR and peak information rate (PIR) granularity."

So now I am confused. Any other insight into this?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card