ingress egress rate limiting

Unanswered Question
Aug 4th, 2008
User Badges:


I want to limit bandwidth of ethernet routers connected to a 3560 switch. I want to configure ingress and egress bandwidth differently. So; ethernet routers will have X Mbits upload and 4X Mbps download limit. You can imagine it like ADSL. Is it possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Mon, 08/04/2008 - 13:10
User Badges:
  • Purple, 4500 points or more

In the configuration, the IP standard ACL permits traffic from network For traffic matching this classification, the DSCP value in the incoming packet is trusted. If the matched traffic exceeds an average traffic rate of 48000 bps and a normal burst size of 8000 bytes, its DSCP is marked down (based on the policed-DSCP map) and sent:

Switch(config)# access-list 1 permit

Switch(config)# class-map ipclass1

Switch(config-cmap)# match access-group 1

Switch(config-cmap)# exit

Switch(config)# policy-map flow1t

Switch(config-pmap)# class ipclass1

Switch(config-pmap-c)# trust dscp

Switch(config-pmap-c)# police 48000 8000 exceed-action policed-dscp-transmit

Switch(config-pmap-c)# exit

Switch(config-pmap)# exit

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# service-policy input flow1t

class-map match-all c_Outbound

match access-group 101

class-map match-all c_MarkDSCP

match access-group 102

class-map match-all c_Inbound

match ip dscp 60



policy-map p_Outbound

class c_Outbound

police 1528000 8000 exceed-action drop

policy-map p_MarkDSCP

class c_MarkDSCP

set dscp 60

policy-map p_Inbound

class c_Inbound

police 1528000 8000 exceed-action drop


interface FastEthernet0/11

switchport access vlan 110

switchport mode access

service-policy input p_MarkDSCP

spanning-tree portfast


interface FastEthernet0/12

switchport access vlan 12

switchport mode access

service-policy input p_Outbound

service-policy output p_Inbound

spanning-tree portfast

This was on a 3550 and you should double check and make sure it works!

Hope that helps.

yatisspor Mon, 08/04/2008 - 13:17
User Badges:

could you please explain this config shortly? I couldn't understand that it is the same that i was looking for:)

rajib_das Mon, 08/04/2008 - 20:46
User Badges:


You can do it by srr-queue command for egress b/w limit in 3560 switch .

Since the limitation of srr-queue is that it only limit b/w 90%(max) of port speed.

if u rusing 100 Mbps port then you should made the port speed 10 Mbps (by command speed 10)

then u apply command srr-queue bandwith limit 40 which gives exatly 4 mbps link ( say X- = 1 Mbps)

For Ingres B/w limiting you can follows the input by Collin.



Collin Clark Tue, 08/05/2008 - 05:52
User Badges:
  • Purple, 4500 points or more

In the simplest form, we mark the traffic, then police it. Using an ACL we mark all traffic to/from a source (in this case I use an ACL that matches a public IP I give a customer). Once the traffic is marked, I then police it to whatever speed they purchased. The QoS SRND is a very helpful guide.

Hope that helps

Marwan ALshawi Mon, 08/04/2008 - 21:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first of all i would say Collin config perfect and he has done professionaly from marking and policing prespectives


i may guess that Murat not so familier with Qos and Polices in depth

so what i could sugest for easier reasons not for any other reason


make a limiting on each router itself for all traffic regard less of the traffic type

as requested in the question there was no requirment for traffic types

so on each router to the same idea as follow

class-map map1

match any

policy-map input1

class map1

plice 10000 confirm-action transmit acced-action drop


policy-map output1

class map1

police 40000 confirm-action transmit acced-action drop

then go to the interface facing the switch

interface fa0/0

service-policy input input1

service-policy output output1

in this case u have policed and limited the all kind of traffic based on down or up stream

by the way the rates i have used for example u can put what ever limits u want 1Mb 5 MB as u want and u can follow the same idea for all routers

good luck

please, Rate if helpful


This Discussion