Traffic Policing on access 3750 switch with based on IP address

Answered Question
Apr 9th, 2009

Hi Everyone,

I have question about traffic policing and I am not sure where should I implement it. I have server (10.1.1.1.2) in the access gig switch (Cat-3750) want to limited to like 500MB only when it cross different vlan (192.168.1.2). We have 6513 is acting as Distribution/Core, and distribution is a layer 2 switching (Cat-3750). I want to apply the traffic policing (drop the traffic) on edge switch if possible. So I am wondering if I can use ext. acl in access switch with source 10.1.1.2 dest 192.168.1.2 and apply it to policy-map and drop if violation happens. I know I can use bandwidth limit but user may move to different port on the same switch. Maybe the only way to do this is on core? Any suggestions or opinions are appreciated.

Best Regards,

=J=

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
wgoulart Thu, 04/09/2009 - 17:59

class-map match-all police

match access-group name police

policy-map rate-limit

class police

police cir 50000000 bc 25000

conform-action transmit

exceed-action drop

ip access-list extended police

permit ip host 10.1.1.2 host 192.168.1.2

I would apply this policy on the core inbound

jayshihlin Thu, 04/09/2009 - 21:23

Hi wgoulart,

Thanks for detailed command. Just wondering do you have other suggestion in access switch as well? I really like to have these in access switch so at least traffic is not hitting distribution layer as well. I understand the core is handling the layer 3 so traffic policing with ip will only works on core. Is there any other policing method I can implement in access layer and is based on IP or Mac address of server as well?

Thanks,

=J=

Actions

This Discussion