Problem with QoS Policing on 3750 switch

Unanswered Question
Sep 10th, 2007


I have a Cisco 3750 switch that I need to provide different bandwidth to each VLAN.

I am using policy maps on each VLAN and using the vlan-based command on the interfaces in question.

I have two questions.

1. I would prefer not to have to nominate each interface but I cannot see a way of attaching policing to the root policy-map.

2. When I apply the QoS policy to the VLAN it does not appear to rate limit the traffic (i.e. traffic seems to pass thru at wire speed)

I have attached a patial config below.

class-map match-all cm-int-test

match input-interface GigabitEthernet1/0/1



policy-map port-test

class cm-int-test

police 256000 48000 exceed-action drop

policy-map vlan-test

class class-default

service-policy port-test


interface GigabitEthernet1/0/1

switchport access vlan 10

switchport mode access

mls qos vlan-based

no mdix auto

spanning-tree portfast


interface Vlan10

ip address

service-policy input vlan-test


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lgijssel Mon, 09/10/2007 - 02:25

Are you running Enhanced Image on the 3750?

Many QoS-related configs require EI, the one thing that is annoying about this is that you can configure everything perfectly, it just doesn't work.

Most applications will require the policy to be on a physical interface to control the data-flow through it. Using them on a vlan would appply to all interfaces in the subnet and may produce undesired effects such as allowing a large amount of traffic between interfaces in the vlan.



dbroomfield Mon, 09/10/2007 - 02:48

I belive it is Standard image (I assume you refer to the switch model number which in this case is a Cisco 3750G-24T-S)

Can you point me in the direction of a document that confirms what you are saying?

lgijssel Mon, 09/10/2007 - 03:41

Sorry, I assumed this would be easy to find but it seems that my statement does not apply to the 3750.

The datasheet gives no clear difference between SI and EI regarding QoS features, the only diffs being extended support for IP routing protocols.

Here you can read the following:

The Cisco Catalyst 3750 Series can be purchased with the IP Base license or IP Services license preinstalled. The IP Base license (formerly called the Standard Multilayer Image, or SMI) offers advanced QoS, rate limiting, ACLs, and basic static and Routing Information Protocol (RIP) routing functions. The IP Services license (formerly called the Enhanced Multilayer Image, or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The Advanced IP Services license, although not available as a preinstalled option, upgrades Cisco Catalyst 3750 Series switches to include IPv6 routing and IPv6 ACL support. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license or Advanced IP Services license as well as from the IP Services license to the Advanced IP Service license.



Joseph W. Doherty Mon, 09/10/2007 - 03:43

When you note "does not appear to rate limit the traffic", how so, are you going by show policy-map interface? If so, you need to look at the MLS stats to see the policing drops. Try "show mls qos interface statistics".

dbroomfield Mon, 09/10/2007 - 03:57

ah.. The switch is running an advanced IP image as we can software upgrade it.

The goal of the rate limiting is to ristrict the speed of each VLAN to the Internet.

I am using an Internet Speed Test site to get rough results and notice that I get the full Internet bandwidth regardless what I configure on the switch


This Discussion