L2 policing on cat6500 L2 interface

Answered Question
Mar 20th, 2009
User Badges:

I need to police ingress traffic on a layer2 ("switchport") interface.

Traffic is raw ethernet, so only L2 policying is usable.


Sup 720

Native mode

IOS 12.2(18)SXF13 adv enterprise

Already read config guides, but it takes a while to understand all concepts.


Any sample config, to make me understand better the concepts?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)

From the URL:-

This is the modified IPPHONE-PC policy map, which includes the police command:

policy-map IPPHONE-PC


police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop

These are the police command parameters:

•The 50000000 parameter defines the committed information rate (CIR) for traffic allowed in this traffic class. This example configures the CIR to be 50 Mbps.

•The 1562500 parameter defines the CIR burst size for traffic in this traffic class; this example uses a default maximum burst size. Set the CIR burst size to the maximum TCP window size used on the network.

•The conform action keywords define what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is below the 50-Mbps rate. In this example, set-dscp-transmit default applies DSCP 0 to those packets.

•The exceed action defines what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is above the 50 Mbps CIR. In this example, exceed action drop drops those packets.

ibrunello Fri, 03/20/2009 - 08:46
User Badges:

The MQC is quite clear, and I used to apply on routed traffic.

My problem is with definition of class-map.

How can I set "match everything" clause?

the outlined class use an acl matching "IP any any", but I'm not sure the traffic is all pure IPv4 (maybe some IPv6, or some pure ether frames).

any hint?

ibrunello Fri, 03/20/2009 - 09:08
User Badges:

then, using the standard MQC syntax:

policy-map IPPHONE-PC

class class-default

police 50000000 1562500 conform-action transmit exceed-action drop

and then apply to interface.


ibrunello Fri, 03/20/2009 - 09:24
User Badges:


this is a good start.

will play with the aggregate policers at later stage.

Thank you.


ibrunello Mon, 03/23/2009 - 08:50
User Badges:

according to Cisco docs, the second parameter is in bytes, not bits.

as a rule of the thumb, I usually set the burst BYTE value as 1.5 bits value, so I have a quite big burst cache.


This Discussion