Rate Limit Cisco 3550

Answered Question

Hi i'm trying to rate limit a port that connects to a guest wireless network (see config), any ideas where i'm going wrong? I've looked at all docs i could find and config does seem ok, however traffic is not limited

class-map match-all 1M

match access-group 100

policy-map GUEST_RATE

class 1M

police 1000000 32000 exceed-action drop

interface GigabitEthernet0/1

switchport access vlan 106

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 106

no ip address

service-policy input GUEST_RATE

access-list 100 permit ip any any

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 7 years 7 months ago

Can you specify the mode of the interface as trunk or access?

switchport mode trunk

As of now, it's set to dynamic trunking and the documentation states the following:

When configuring policing and policers, keep these items in mind:

•By default, no policers are configured.

•Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.

•Only one policer can be applied to a packet per direction.

•Only the average rate and committed burst parameters are configurable.

•Policing can occur on ingress and egress interfaces:

You can also modify the config as follow, by using the class-default:

policy-map GUEST_RATE

class class-default

police 1000000 32000 exceed-action drop

interface GigabitEthernet0/1

switchport access vlan 106

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 106

switchport mode trunk

no ip address

service-policy input GUEST_RATE

HTH,

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Edison Ortiz Tue, 04/07/2009 - 09:58

Can you specify the mode of the interface as trunk or access?

switchport mode trunk

As of now, it's set to dynamic trunking and the documentation states the following:

When configuring policing and policers, keep these items in mind:

•By default, no policers are configured.

•Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.

•Only one policer can be applied to a packet per direction.

•Only the average rate and committed burst parameters are configurable.

•Policing can occur on ingress and egress interfaces:

You can also modify the config as follow, by using the class-default:

policy-map GUEST_RATE

class class-default

police 1000000 32000 exceed-action drop

interface GigabitEthernet0/1

switchport access vlan 106

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 106

switchport mode trunk

no ip address

service-policy input GUEST_RATE

HTH,

__

Edison.

Actions

This Discussion