Allowing traffic on gig int of L3

Unanswered Question
Jul 3rd, 2007

Hi Experts ,

Is there any command to allow tarffic equal to half of the gig interfaces...

Assume that server is connected to g1/0/27 of 3750(L3) switch , it is generating tarffic which is equal to tera bits/sec.

if the traffic exceeds 512 Mbps on g1/0/27 then the port should be blocked automatically..or gig interfaces should not allow traffic more than 512 Mb.

any command or any policy which can do the trick ...

Cheers :)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jon Marshall Tue, 07/03/2007 - 03:32

Hi Satish

I would proabbly test this but you could allocate 50% of the bandwidth to one of the ingress queues, map all incoming data to that queue and then police any traffic on that queue that goes over the limit.

This wouldn't shut the port down but it would stop excess traffic being sent.



smothuku Tue, 07/03/2007 - 03:39

Hi Jon ,

Thanks for u r quick reply...Can i have small example for my requirement...

Cheers :)


Jon Marshall Tue, 07/03/2007 - 03:55


Did say it would need to testing !!

Had a quick read of 3750 docs


SRR Shaping and Sharing

Both the ingress and egress queues are serviced by SRR, which controls the rate at which packets are sent. On the ingress queues, SRR sends packets to the stack ring. On the egress queues, SRR sends packets to the egress port.

You can configure SRR on egress queues for sharing or for shaping. However, for ingress queues, sharing is the default mode, and it is the only mode supported.

In shaped mode, the egress queues are guaranteed a percentage of the bandwidth, and they are rate-limited to that amount. Shaped traffic does not use more than the allocated bandwidth even if the link is idle. Shaping provides a more even flow of traffic over time and reduces the peaks and valleys of bursty traffic. With shaping, the absolute value of each weight is used to compute the bandwidth available for the queues.

In shared mode, the queues share the bandwidth among them according to the configured weights. The bandwidth is guaranteed at this level but not limited to it. For example, if a queue is empty and no longer requires a share of the link, the remaining queues can expand into the unused bandwidth and share it among them. With sharing, the ratio of the weights controls the frequency of dequeuing; the absolute values are meaningless.


IN essence you can only do shaping on egress and not ingress queues so you cannot police the traffic coming into the switch port from the server. You can ploice it going back out from the switch to the server but that is not what you require.



jkillion Tue, 07/03/2007 - 05:54

You can certainly police on the ingress port. SRR Queues and policing are two separate things.

You only need to involve the SRR queues if you are using QOS and need some traffic from the server to be guaranteed different levels of bw.

Here's an example of the policing you're looking for and a link for you...

policy-map police

class class-default

police 512000000 512000 exceed-action drop

interface GigabitEthernet0/1

switchport mode dynamic desirable

service-policy input police


Jay Killion, CCIE #17873

Jon Marshall Tue, 07/03/2007 - 06:35

Hi Jay

Thanks for this, deserves rating, I got so wrapped up in QOS i missed the more obvious solution.

My mistake

Satish, very sorry to mislead you, thanks for rating evne though not sure it was deserved !!


jkillion Tue, 07/03/2007 - 06:42

If I had a nickle for every time I missed the obvious... ;)


This Discussion