04-07-2009 08:03 AM - edited 03-06-2019 05:02 AM
Hi i'm trying to rate limit a port that connects to a guest wireless network (see config), any ideas where i'm going wrong? I've looked at all docs i could find and config does seem ok, however traffic is not limited
class-map match-all 1M
match access-group 100
policy-map GUEST_RATE
class 1M
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
no ip address
service-policy input GUEST_RATE
access-list 100 permit ip any any
Solved! Go to Solution.
04-07-2009 09:58 AM
Can you specify the mode of the interface as trunk or access?
switchport mode trunk
As of now, it's set to dynamic trunking and the documentation states the following:
When configuring policing and policers, keep these items in mind:
â¢By default, no policers are configured.
â¢Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.
â¢Only one policer can be applied to a packet per direction.
â¢Only the average rate and committed burst parameters are configurable.
â¢Policing can occur on ingress and egress interfaces:
You can also modify the config as follow, by using the class-default:
policy-map GUEST_RATE
class class-default
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
switchport mode trunk
no ip address
service-policy input GUEST_RATE
HTH,
__
Edison.
04-07-2009 09:58 AM
Can you specify the mode of the interface as trunk or access?
switchport mode trunk
As of now, it's set to dynamic trunking and the documentation states the following:
When configuring policing and policers, keep these items in mind:
â¢By default, no policers are configured.
â¢Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.
â¢Only one policer can be applied to a packet per direction.
â¢Only the average rate and committed burst parameters are configurable.
â¢Policing can occur on ingress and egress interfaces:
You can also modify the config as follow, by using the class-default:
policy-map GUEST_RATE
class class-default
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
switchport mode trunk
no ip address
service-policy input GUEST_RATE
HTH,
__
Edison.
04-08-2009 12:32 AM
Changed to match as above making the interface an access port only and it now works a treat
thank you very much for your quick reply and help sorting
regards
Jonathan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide