Difference between Rate-limit and Policy-map

Unanswered Question
Oct 1st, 2008

Ok, after much frustration with the funky way Cisco implements policy-maps and policing on the 3750 I stumbled upon the rate-limit command and want to know if there is a difference in what I am doing.

Basically I have a 3X3750 stack. I want to police traffic on a guest vlan down to 1Mbs. When configuring policing I have found that you have to do the policing in a child policy-map and the only way to do a match that is legal is by input-interface. So the first attempt was to add gi1/0/1-gi3/0/12 but it says they are mismatched ports even though the switches are exactly the same. Then I was able to do multiple classes and add the policing under each class(3 classes for 3 switches matching the interfaces for each switch). This took but did not seem to police the bandwidth, viewing the vlan interface policy-map it showed match-all on the classes so I am guessing that may be why it was failing to match, although I am not sure, and there was no way to change it to match any.

To make a long story short either you have to be very creative or just lucky to get policies to work in this instance.

So while looking for stats on the vln interface a came across rate-limit stats and went to the interface and aplied a rate-limit directly on the vlan interface. It took and I am in the process of testing it now.

Now for the question, in this instance I just want to police trafic to 1 Mbs and I do not need to set dscp values for outgoing packets and such. Is there a reason not to use rate-limit here?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Wed, 10/01/2008 - 13:08

According to the 3750 documentation:


rate-limit is not a supported interface command.

Policing in the 3750 is only available on ingress traffic, not egress. Policing can only be configured through MQC. This means there is no interface specific command to police the traffic. It's a limitation in the hardware.

For more information on QoS in the 3750, please see:





blittrell Wed, 10/01/2008 - 13:14

So are you saying that it should not have taken or that it just won't work? Because the vlan interface does show the rate-limit command in there when I do a show run but I have not had a chance to actually test that it works.

You would think that will all the errors I get with doing standard Policy maps there would at least be an error when I applied the rate-limit.


Edison Ortiz Wed, 10/01/2008 - 14:05

A lot of these commands will be taken by the CLI and you will think they would work.

The reason those commands are available are due to sharing the code with IOS routers and 3750 Metro switches.

Once you start testing, you will see the command does absolutely nothing. I have shown you the documentation so if it doesn't work, you can't say that it's documented to work :)

Best of luck.



blittrell Wed, 10/01/2008 - 14:10

It's not that I did not believe you, it is just wacky the way Cisco will throw an error for some things and not for others.

I will see if there is anything I can do to get this accomplished from the docs you posted. Worst comes to worst I police closer to the core if I have to.


blittrell Wed, 10/01/2008 - 14:21

So I did have another question on this.

You say it is on input interface and only in hardware so does that mean applying it on a vlan interface instead of a physical port will not work as well?



This Discussion