Policing on 3750

Unanswered Question
Jun 19th, 2009
User Badges:


i have 40mbps metro link terminating on 3750 switch.the link is between 2 office and carries data & voice traffic. i want to restrict my data traffic to 20 mbps.i am defining the access list to match my data traffic and calling the same in class map,class map is called in policy map where 20 mbps policer is defined .The wan port has L3 interface for data traffic and l2 interface for voice traffic.(wan port defined as trunk part for carrying data & voice traffic and for data vlan interafce vlan is defined and ip address is given and for voice vlan only ports defined in that vlan without configuring any ip interface.policy map applied to interafce which is defined for data vlan)during test it is observed that data traffic is exceeding 20 mbps.pl suggest

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Joseph W. Doherty Fri, 06/19/2009 - 08:35
User Badges:
  • Super Bronze, 10000 points or more

So your concern is the policer might not be working correctly? If so, that's possible, although I would first wonder if there's an issue with your configuration and/or how you "know" the policed value is being exceeded.

As a suggestion, you might post the details, such as actual configuration, 3750 model involved, IOS being used, how you "see" 20 Mbps being exceeded, etc.


BTW, I'm curious why you're limiting data traffic to half your WAN capacity. From what you descibe, I would use all the WAN capacity, but just priorize voice over data when there's congestion.

sameermunj Fri, 06/19/2009 - 10:04
User Badges:


the reason i feel my policer is nt working is i can see the traffic on trunk port as 40 mbps with traffic on voice vlan port as 16 mbps which means data traffic is exceeding 20 mbps.

will post the config/ios details asap.

now regarding limiting data traffic,data traffic is equally important in the network but it should not cross certain limit so if i prioritize voice without defining any limit my voice traffic can congest my data traffc beyond the expected limit.In our scenario voice can use all available bandwidth at point when data nt available but when data enters is should get 20.hope it clears

sameermunj Sun, 06/21/2009 - 23:59
User Badges:


Any input on the same ???? awaiting the reply..

coolprinki Mon, 06/22/2009 - 01:58
User Badges:

Try to check out the exceed action in the policing command...it should be set to drop.

however, i think, the service-policy will effectively work only once congestion starts occurring in your network. If there's congestion then only will it limit the traffic to the configured level...otherwise it will continue to use the available bandwidth as much possible.

also, you could try to check out mls-qos

Joseph W. Doherty Mon, 06/22/2009 - 03:15
User Badges:
  • Super Bronze, 10000 points or more

"Any input on the same ???? awaiting the reply.."

Well . . .

"will post the config/ios details asap. "

sameermunj Mon, 06/22/2009 - 04:00
User Badges:


by mistake the service policy was applied as input and that config now deleted because it should be out, but problem is when i apply the service policy output command on the interface i am getting the follwoing error

Configuration failed!

Warning: Assigning a policy map to the output side of an interface not supported.

------------------ show version ------------------

Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5

steps followed

1=create access list to match traffic

2==create class map and traffic matched in class map

3==create policy map,called class map in same and defined the policer

4==created service policy which calls policy map.

when tried service-policy out on out interface it gives the error..does 3750 only supports service policy input ???

francisco_1 Mon, 06/22/2009 - 04:17
User Badges:
  • Gold, 750 points or more

On the Cisco Catalyst 3750 Switch, policing can only be configured on the ingress port. Policing can only be configured through MQC. This means there is no interface specific command to police the traffic. You can configure policing in the policy-map and you can apply the policy-map using only the service-policy input command. You cannot apply any policy-map to the output side of an interface or else you get the error below

Distribution1(config-if)#service-policy output test

police command is not supported for this interface

Configuration failed!

Warning: Assigning a policy map to the output side of an interface not supported

sameermunj Mon, 06/22/2009 - 04:45
User Badges:


thanks for the confirmation.Can you share some example regarding policing through MQC.my requirement is i want to restrict my certain traffic to say 20 mbps over the metro link connected between 2 offices.i can define the traffic by defining the access list but want to know how to proceed further.(If service policy output nt supported then class map/policy map wont do)..pl suggest

sameermunj Mon, 06/22/2009 - 06:51
User Badges:


seen the aggregate policer.it seems if i have 24 ports switch with 10 ports each in 2 data vlans and 2 ports in voice and trunk port will have metro link connected,aggregate policer will ensure that entire data traffic wont cross 20 mbps. i am little confused on application of this policer.weather it should be on trunk port or the actula data vlan ports


This Discussion