Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1470
Views
0
Helpful
3
Replies

Traffic Policing on access 3750 switch with based on IP address

Go to solution
jayshihlin
Level 1
Level 1

‎04-09-2009 03:40 PM - edited ‎03-06-2019 05:06 AM

Hi Everyone,

I have question about traffic policing and I am not sure where should I implement it. I have server (10.1.1.1.2) in the access gig switch (Cat-3750) want to limited to like 500MB only when it cross different vlan (192.168.1.2). We have 6513 is acting as Distribution/Core, and distribution is a layer 2 switching (Cat-3750). I want to apply the traffic policing (drop the traffic) on edge switch if possible. So I am wondering if I can use ext. acl in access switch with source 10.1.1.2 dest 192.168.1.2 and apply it to policy-map and drop if violation happens. I know I can use bandwidth limit but user may move to different port on the same switch. Maybe the only way to do this is on core? Any suggestions or opinions are appreciated.

Best Regards,

=J=

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
3 Replies 3

Go to solution
wgoulart
Level 1
Level 1

‎04-09-2009 05:59 PM

class-map match-all police

match access-group name police

policy-map rate-limit

class police

police cir 50000000 bc 25000

conform-action transmit

exceed-action drop

ip access-list extended police

permit ip host 10.1.1.2 host 192.168.1.2

I would apply this policy on the core inbound

0 Helpful

Go to solution
jayshihlin
Level 1
Level 1
In response to wgoulart

‎04-09-2009 09:23 PM

Hi wgoulart,

Thanks for detailed command. Just wondering do you have other suggestion in access switch as well? I really like to have these in access switch so at least traffic is not hitting distribution layer as well. I understand the core is handling the layer 3 so traffic policing with ip will only works on core. Is there any other policing method I can implement in access layer and is based on IP or Mac address of server as well?

Thanks,

=J=

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card