Catalyst 4500 IOS Police question

Unanswered Question
Apr 13th, 2007

Using police (because rate-limit doesn't work on a vlan) to control traffic in and out of a VLAN, but it isn't working. I want to limit traffic to 256k/386 Burst, but when I do a speed test I am getting FAR more than that.


here is my config:



class-map match-all GuestVLAN3-256k

match any


policy-map GuestVLAN3-256k

class GuestVLAN3-256k

police 256000 bps 3840 byte conform-action transmit exceed-action drop



interface Vlan3

description GuestVLAN (Internet Only at 256k)

ip address 10.146.3.1 255.255.255.0

ip access-group GuestVLAN3 in

ip helper-address x.x.x.x

ip helper-address x.x.x.x

no ip redirects

service-policy input GuestVLAN3-256k

service-policy output GuestVLAN3-256k



what am I doing wrong?


thanks,


Erik


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
b.henshaw Sat, 04/14/2007 - 22:13

If you have service policies attached to the physical interface receiving or sending packets for VLAN 3, you'll need to enable VLAN-based QoS on these physical interfaces.


Otherwise, instead of using the GuestVLAN3-256k class with match any, maybe you could refer to class-default in your policy-map instead:


policy-map GuestVLAN3-256k

class class-default

police 256000 bps 3840 byte conform-action transmit exceed-action drop


HTH

highontcp Tue, 04/17/2007 - 13:48

That didn't help either, still able to pass our full internet bandwidth across this vlan.


the reason I am using Police rather than rate-limit is because it isn't a physical interface, it is a vlan that I want to control traffic on.


Anyone else have any ideas?


Erik



Actions

This Discussion