Rate limit VLAN on Cisco 3560

Unanswered Question
Jun 30th, 2009
User Badges:


I`m trying to rate limit some specific traffic passing through a 3560 switch on some VLANs.

What I have done is create an access list:

access-list 101 permit icmp any any echo

access-list 101 permit icmp any any echo-reply

Then I set a rate limit on the VLAN interface:

rate-limit input access-group 101 128000 8000 8000 conform-action transmit exceed-action drop

rate-limit output access-group 101 128000 8000 8000 conform-action transmit exceed-action drop

CEF is enabled.

But this does not rate limit the traffic like it should, what am I missing here?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Joseph W. Doherty Wed, 07/01/2009 - 02:57
User Badges:
  • Super Bronze, 10000 points or more

From latest 3560 configuration guide:

Unsupported Interface Configuration Commands


You might want to consult configuration guide QoS chapter's section on "Policing on SVIs", e.g. http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swqos.html#wp1766801, for your IOS.

cisco_lad2004 Wed, 07/01/2009 - 04:19
User Badges:
  • Gold, 750 points or more

I recall having same issues on this platform. I used following workaround:

1-I know 3560 can police inbound, so I used a service policy on physical port. referring to a class map & ACLs.

2-for outbound, I used the upstream port ad policed its traffic inbound.



perpaal Thu, 07/02/2009 - 04:28
User Badges:

Thank you for quick reply.

I have done some VLAN filter, bot nothing like in the linked article.

How would I do this config for desired results?

lordsporkton Thu, 07/02/2009 - 08:42
User Badges:

I am a little fuzzy but I believe you have to turn on "mls qos" have you done this?


This Discussion