Catalyst 4500 IOS Police question

Unanswered Question
Apr 13th, 2007
User Badges:

Using police (because rate-limit doesn't work on a vlan) to control traffic in and out of a VLAN, but it isn't working. I want to limit traffic to 256k/386 Burst, but when I do a speed test I am getting FAR more than that.

here is my config:

class-map match-all GuestVLAN3-256k

match any

policy-map GuestVLAN3-256k

class GuestVLAN3-256k

police 256000 bps 3840 byte conform-action transmit exceed-action drop

interface Vlan3

description GuestVLAN (Internet Only at 256k)

ip address

ip access-group GuestVLAN3 in

ip helper-address x.x.x.x

ip helper-address x.x.x.x

no ip redirects

service-policy input GuestVLAN3-256k

service-policy output GuestVLAN3-256k

what am I doing wrong?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
b.henshaw Sat, 04/14/2007 - 22:13
User Badges:

If you have service policies attached to the physical interface receiving or sending packets for VLAN 3, you'll need to enable VLAN-based QoS on these physical interfaces.

Otherwise, instead of using the GuestVLAN3-256k class with match any, maybe you could refer to class-default in your policy-map instead:

policy-map GuestVLAN3-256k

class class-default

police 256000 bps 3840 byte conform-action transmit exceed-action drop


highontcp Tue, 04/17/2007 - 13:48
User Badges:

That didn't help either, still able to pass our full internet bandwidth across this vlan.

the reason I am using Police rather than rate-limit is because it isn't a physical interface, it is a vlan that I want to control traffic on.

Anyone else have any ideas?



This Discussion