Rate limit on 3560 not functioning

Unanswered Question
Sep 10th, 2007
User Badges:


i done various reseaches within cisco.com and came out a very simplified cmd to correctly perform L2 port-based rate limiting. However when applied into my test switch, i couldnt't see any counters/result captured for 'show polic-map interface'. Can someone advise if this setup is done correctly.

mac access-list extended l2

permit any any

ip access-list extended l3

permit ip any any

class-map match-all L2-traffic

match access-group name l2

class-map match-all L3-traffic

match access-group name l3


policy-map Customer-1-policy-ingress

class L2-traffic

police aggregate Customer-1

class L3-traffic

police aggregate Customer-1

interface GigabitEthernet0/1

switchport access vlan 50

spanning-tree portfast

service-policy input Customer-1-policy-ingress

SW01#show policy-map interface


Service-policy input: Customer-1-policy-ingress

Class-map: L2-traffic (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name l2

Class-map: L3-traffic (match-all)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: access-group name l3

Class-map: class-default (match-any)

0 packets, 0 bytes

offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

rate 0 bps

Any help is greatly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
irisrios Mon, 09/17/2007 - 06:10
User Badges:
  • Silver, 250 points or more

Software feature thatcan help you accomplish what you want is QoS. Classify the traffic into class, configure policies applied to those traffic classes, then attach poiliies to interfaces

Joseph W. Doherty Mon, 09/17/2007 - 18:18
User Badges:
  • Super Bronze, 10000 points or more

Unlike a router, you won't see the stats with a show policy-map interface. Try "show mls qos interface statistics".

leon.mflai Tue, 10/23/2007 - 08:45
User Badges:

Unlike "router", for ordinary Catalyst switch (except ME series), you should apply "srr-queue" to rate limit the traffic on egress interface. If you really want "MQC" like setup, you should consider matching the flow (cef) the traffic instead of a class in the setup.

manav.joshi Mon, 11/12/2007 - 23:04
User Badges:

one cannot check policy-map on interfaces the same way as one checks the output on routers.

3500 series switches have there own way on check QOS.

1. Firstly, check qos in enabled on box

mls qos

2. To mark COS value while being part of policy-map that trusts( does not overwrite) the incoming DSCP value, then "mls qos cos policy-map" needs to be enabled.

3. Make a mls qos aggregate-policer & then call the policer in a policy-map on an interface through service-policy.

4. To verify the policer has got applied on a interface. Check show mls qos int <> policer.

5. QOS capability/attribute of above interface

show mls qos interface <>

6. Statistics values through show mls qos interface <> statistics


This Discussion