05-19-2008 03:53 PM - edited 03-05-2019 11:05 PM
Have a Network layed out like this:
3750
| (Trunk)
Dell Powerconnect
| (Access)
Server
The Powerconnect switch 18 VLANs on it. The server in question is connected to a switchport on the Powerconnect with setup as an access port with VLAN assignment. The uplink from the powerconnect to the 3750 is a trunk. My goal is to rate limit the bandwidth coming from the server going out to internet (connected to a L3 port on the 3750). From my reading a service policy should have been able to handle this (also read didn't work on egress interfaces). As such I setup an ACL:
ip access-list extended Rate_Limiter_ACL
permit ip host x.x.x.22 any
Setup a class map:
class-map match-all Rate_Limiter_Map
match access-group Rate_Limiter_ACL
Created policy map to rate-limit (Police):
policy-map Rate_Limited_Policy
class Rate_Limiter_Map
police 2400000 65536 exceed-action drop
Applied service-policy to the TRUNK interface connecting to the powerconnect as the outbound traffic from the server should be ingress to the trunk interface on the 3750.
interface GigabitEthernet1/0/20
service-policy input Rate_Limiter_Map
Problem is, rate is not limited often times spikes to 7+ Mbps.
Am I misunderstanding the way policing works? Is something configured wrong?
I tried switching the access-list's source and destination and that did not help either.
sho policy-map int g1/0/20 shows the policy and class applied to the interface but nothing is getting matched, not even in the "class-default". Does a class-default have to be configured even if it is for all other traffic for the policy map to work?
Any help is appreciated.
Solved! Go to Solution.
05-20-2008 07:11 AM
DO you have QOS enabled with the
mls qos
statement? Your config looks correct and similiar to one I've used.
05-19-2008 04:30 PM
policy-map Rate_Limited_Policy
class Rate_Limiter_Map
police 2400000 65536 exceed-action drop
....
Problem is, rate is not limited often times spikes to 7+ Mbps.
Your policed policy is set to 2.4Gbps which you aren't violating at 7Mbps, unless I'm missing something...
__
Edison.
05-20-2008 05:57 AM
Cisco IOS "help", indicates the speed should be in bps not kbps so the speed set should be 2.4 Mbps, unless you are trying to indicate that the "help" is incorrect. However a quick search for some examples all show the speed set in bps as well so I don't think that is the issue.
See below:
myhost(config-pmap-c)#polic ?
<8000-1000000000> Bits per second
aggregate Choose aggregate policer for current class
05-20-2008 06:14 AM
My mistake, you are correct.
Can you provide the output from typing
show policy-map interface
__
Edison.
05-20-2008 07:11 AM
DO you have QOS enabled with the
mls qos
statement? Your config looks correct and similiar to one I've used.
05-20-2008 07:43 AM
Well I thought that might have been it because I did forget to enable it.
However, sho policy-map int still showing all zeroes. At the same time traffic hasn't spiked on the interface in question, but it has only been 10 minutes of monitoring, but I will update the thread in an hour or so after reviewing the traffic.
I still have my doubts however, as like I said the service-policy is not catching any packets and I thought the class-default should catch everything not part of the access-list.
05-20-2008 09:35 AM
You are using a wrong policy map on the interface.
Check this :
interface GigabitEthernet1/0/20
service-policy input Rate_Limiter_Map <---- This is the class-map that you have defined.
Policy map that you have defined is -----> policy-map Rate_Limited_Policy
class Rate_Limiter_Map
The config should be :
interface GigabitEthernet1/0/20
service-policy input Rate_Limited_Policy
HTH, Please rate if it does.
-amit singh
05-20-2008 10:40 AM
Hi Amit,
Nice catch, however, all the names correctly match in the actual config. I simply made an error when copying over names for the post.
I think forgetting to enable Qos was the issue as it appears to be properly rate-limiting now. I would still be curious to any insight as to why despite it correctly limiting is "sho policy-map int" not showing any stats.
05-20-2008 12:49 PM
This is a known (and well documented) 'feature' of the standalone Catalysts (2960, 3560 & 3750) whereby none of the policy counters work. The best you are going to get is 'show mls qos interface statistics' - there is a 'in policy' and 'out policy' counter per interface.
It is very annoying not having this command though...
Andy
05-20-2008 01:15 PM
Nice feature, did I have to pay extra for that or was it standard equipment :-)?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: