04-13-2007 01:59 PM - edited 03-05-2019 03:27 PM
Using police (because rate-limit doesn't work on a vlan) to control traffic in and out of a VLAN, but it isn't working. I want to limit traffic to 256k/386 Burst, but when I do a speed test I am getting FAR more than that.
here is my config:
class-map match-all GuestVLAN3-256k
match any
policy-map GuestVLAN3-256k
class GuestVLAN3-256k
police 256000 bps 3840 byte conform-action transmit exceed-action drop
interface Vlan3
description GuestVLAN (Internet Only at 256k)
ip address 10.146.3.1 255.255.255.0
ip access-group GuestVLAN3 in
ip helper-address x.x.x.x
ip helper-address x.x.x.x
no ip redirects
service-policy input GuestVLAN3-256k
service-policy output GuestVLAN3-256k
what am I doing wrong?
thanks,
Erik
04-14-2007 10:13 PM
If you have service policies attached to the physical interface receiving or sending packets for VLAN 3, you'll need to enable VLAN-based QoS on these physical interfaces.
Otherwise, instead of using the GuestVLAN3-256k class with match any, maybe you could refer to class-default in your policy-map instead:
policy-map GuestVLAN3-256k
class class-default
police 256000 bps 3840 byte conform-action transmit exceed-action drop
HTH
04-17-2007 01:48 PM
That didn't help either, still able to pass our full internet bandwidth across this vlan.
the reason I am using Police rather than rate-limit is because it isn't a physical interface, it is a vlan that I want to control traffic on.
Anyone else have any ideas?
Erik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: