Police Traffic Help

Unanswered Question
Mar 22nd, 2007
User Badges:

I want to limit traffic that is comming from a computer connected to port g1/0/12 on a 3750G switch to 2 megabit but I keep getting an error. Please help.


I do this:


access-list 100 permit ip any any


class-map TRAFFIC

match access-group 100

policy-map limit-traffic

class TRAFFIC

police 2000000 1000000 exceed-action drop


int g1/0/12

service-policy output limit-traffic


I get this:


police command is not supported for this interface

Configuration failed!

Warning: Assigning a policy map to the output side of an interface not supported



If I do:


service-policy input limit-traffic


it does not police the traffic and goes way over 2 megabit


Help ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisconoobie Thu, 03/22/2007 - 15:53
User Badges:

show policy-map interface g1/0/12

GigabitEthernet1/0/12


Service-policy input: limit-traffic


Class-map: TRAFFIC (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group 100


Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps



This is what I get if I do INPUT instead of OUTPUT

royalblues Fri, 03/23/2007 - 00:49
User Badges:
  • Green, 3000 points or more

Hi Friend,


Cisco 3750 switches does not support the service-policy output command ans thats why you are getting the error


These outout and input commands may be confusing. it usually depends on the reference point from where you see it.


In your example if you use service-policy input, you are restricting the traffic to the upstream which seems to be ok.

Output would have been more sensible if configured on the upstream device towards your 3750.


HTH, rate if it does

Narayan

cisconoobie Mon, 03/26/2007 - 07:08
User Badges:

Ok but the input still does not work. I cannot police this traffic at all. Any help ?

cfolkerts Mon, 03/26/2007 - 07:24
User Badges:

Another option would be to use SRR queue on the 3750. It requires quite a bit of configuration but essentially you can mark the traffic with a certain DSCP value. Then attach that DSCP value to a queue (3750's have 4 outbound queues). Then you can shape the traffic per interface by each queue.


More information is below in the attached link.


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12235se/scg/swqos.htm#wp1162303

royalblues Mon, 03/26/2007 - 07:54
User Badges:
  • Green, 3000 points or more

What do you see when you issue the foll command


sh policy-map interface g1/0/X


Narayan

cisconoobie Mon, 03/26/2007 - 09:02
User Badges:

Here is my config:


Current configuration : 2941 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname 3750G-Outside

!

!

username xxx privilege 15 password 7 1446425A093C292325263430

no aaa new-model

switch 1 provision ws-c3750g-24ts-1u

ip subnet-zero

no ip domain-lookup

!

!

mls qos

!

!

!

!

no file verify auto

!

mac access-list extended mactraffic

permit any any

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

class-map match-any TRAFFIC

match access-group name mactraffic

!

!

policy-map p1

class TRAFFIC

police 2000000 8000 exceed-action drop

trust cos

!

!

interface GigabitEthernet1/0/1

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

description Backup LAN

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

description Backup-LAN

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/12

switchport mode access

service-policy input p1

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

switchport mode access

ip access-group deny-icmp in

spanning-tree portfast

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport mode access

ip access-group deny-icmp in

spanning-tree portfast

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

ip address 1.2.3.4 255.255.255.224

!

ip classless

no ip http server

no ip http secure-server

!

ip access-list standard TELNET_ACCESS

remark Allow telnet to these IPs Only

remark Allow Telnet for these hosts

permit x.x.x.x

!

ip access-list extended deny-icmp

permit icmp any any echo-reply

permit icmp any any unreachable

permit icmp any any time-exceeded

deny icmp any any

permit ip any any

ip access-list extended mytraffic

permit ip any any

!

no cdp run

!

control-plane

!

!

line con 0

privilege level 15

password 7 135447430E3407222A2A2F36

logging synchronous

login

line vty 0 4

access-class TELNET_ACCESS in

privilege level 15

password 7 06575F7049760A110419150E

login local

line vty 5 15

password 7 06575F7049760A110419150E

no login

!

end



I even created a MAC ACL and still nothing works.


____________


show policy-map int g1/0/12

GigabitEthernet1/0/12


Service-policy input: p1


Class-map: TRAFFIC (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name mactraffic

0 packets, 0 bytes

rate 0 bps


Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps


Actions

This Discussion