03-01-2007 10:56 AM - edited 03-05-2019 02:39 PM
I'm trying to police traffic from a source to 1.5mbps going out of a gig port on a 6509 sup720 IOS 2.2(18)SXE.
Here is the class map and policy map:
class-map match-any DVR
match access-group 130
!
!
policy-map DVR-test
class DVR
police cir 1544000 bc 48250 be 48250 conform-action transmit exceed-action drop
access-list 130 permit IP host 172.26.1.5 any
Here is the interface config:
interface GigabitEthernet2/5
description B138 .43.146
ip address xxx.xxx.xxx.xxx 255.255.255.128
ip helper-address xxx.xxx.xxx.xxx
load-interval 30
mls qos trust dscp
service-policy output DVR-test
Here is the output of 'sh policy-map int':
ROC-6509-DU-B#sh policy-map int
GigabitEthernet2/5
Service-policy output: DVR-test
Class-map: DVR (match-any)
1490981 packets, 202422171 bytes
30 second offered rate 4549000 bps, drop rate 0 bps
Match: access-group 130
1490559 packets, 202276188 bytes
30 second rate 4547000 bps
Class-map: class-default (match-any)
64767 packets, 44867028 bytes
30 second offered rate 647000 bps, drop rate 0 bps
Match: any
There is no reference to policing in the 'show policy-map int' and the output of 'sh mls qos ip int g2/5' doesn't show any policed packets:
ROC-6509-DU-B#sh mls qos ip g2/5
[In] Default. [Out] Policy map is DVR-test
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By
Id Id
-------------------------------------------------------------------------------
Gi2/5 5 In Default 0 0* No 0 323360701600 0
Is my policy-map incorrect?
03-01-2007 05:16 PM
CIR is not supported on ethernet interfaces. Use an aggregate or individual policer
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/qos.htm
03-02-2007 07:24 AM
Thanks for the link. But check out the chapter starting on page 42-120 almost at the end of the document, where it gives an example of a policy map for an ethernet interface with policing:
policy-map IPPHONE-PC
class CLASSIFY-OTHER
police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop
It states that "This example configures the CIR to be 50 Mbps."
Just below that it states: "This is a basic example of a single rate per-interface aggregate policer. The Supervisor Engine 2 and Supervisor Engine 720 forwarding engines also support a dual-rate policer for providing both CIR and peak information rate (PIR) granularity."
So now I am confused. Any other insight into this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide