03-06-2008 08:27 AM - edited 03-05-2019 09:35 PM
Hello,
We are using Cat 3550.
We have tried to use the following config.
mac access-list extended MAClist
permit any any
class-map match-any MAC
match access-group name MAClist
policy-map 5Megatunnel
class MAC
police 5000000 32000 exceed-action drop
This only can be applied on inbound direction of a port.
We also tried:
policy-map 5Megatunnel
class class-default
police 5000000 32000 exceed-action
This had no effect at all.
Is there a way to shape outbound direction with switchport mode dot1q-tunnel configured on the port ?
Thanks in advance,
Armin
03-13-2008 07:12 AM
QoS policing in the Catalyst 3550 complies with this leaky bucket concept:
The number of tokens proportional to the incoming traffic packet sizes are placed into a token bucket; the number of tokens equals the size of the packet. At a regular interval, a defined number of tokens derived from the configured rate is removed from the bucket. If there is no place in the bucket to accommodate an incoming packet, the packet is considered out-of-profile and is dropped or marked down according to the configured policing action
03-13-2008 07:29 AM
The problem is that when class-map matches against mac access-list the service-policy can be applied only on inbound direction.
When class-map matches class-default or "everything" the policer has no effect at all. My question is that is it possible to police dot1q-tunnel traffic on a outbound direction of port.
03-13-2008 12:52 PM
You may have to police on the ingress port of the links coming into the switch. Another way of doing it on the 3400 (not sure if this is supported on 3560) is to use qos-group. You would set up a service-policy and match say a vlan and put it into the qos group. Then you can police on inbound. Note, this needs to be a child policy. I think cisco is missing the boat on this as many other vendors can do what your asking.
03-13-2008 01:02 PM
I said that wrong. You would mark the packets on the inbound of the inbound(upstream) ports and police on the outbound of the port your referring to. The policy would
interface GigabitEthernet0/2
service-policy output FLIP_OUT
policy-map FLIP_OUT
class QOS1
police cir 2000000
conform-action transmit
exceed-action drop
priority
class-map match-all QOS1
match qos-group 1
and on incoming ports:
interface GigabitEthernet0/4
description coming into your switch from the outside world
service-policy input DOWN
policy-map DOWN
class DLL
service-policy QOS_1
class-map match-all DLL
match vlan 13
policy-map QOS_1
class class-default
set qos-group 1
all their switches are different, but that is a way you can police.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: