Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
1
Replies

Policing SVI on 3560 switches

Go to solution
cmdathp2010
Level 1
Level 1

‎03-21-2010 08:31 PM - edited ‎03-06-2019 10:14 AM

Anybody have tried policing SVI on 3560 switches?  Recently tried once but failed:

Topology:

---- G0/7(VLAN90) ---- 3560G ---- G0/8(VLAN91) ----

|                                                                        |

|                                                                        |

|                                                                        |

|                                                                        |

---------------------- Traffic Generator --------------------------

Configuration:

vlan 90-92

!

class-map match-all XVPN_Test_in
match access-group name XVPN_Test_in
class-map match-all XVPN_Test_in_INT
match input-interface  GigabitEthernet0/7

!

policy-map XVPN_Test_in_INT
class XVPN_Test_in_INT
  police 2000000 8000 exceed-action drop
policy-map XVPN_Test_in
class XVPN_Test_in
  trust dscp
  service-policy XVPN_Test_in_INT

!

interface GigabitEthernet0/7
switchport access vlan 90
switchport mode access
load-interval 30
!
interface GigabitEthernet0/8
switchport access vlan 91
switchport mode access
load-interval 30
!

interface Vlan90
ip address 100.1.1.1 255.255.255.0
ip access-group test in
service-policy input XVPN_Test_in
!
interface Vlan91
ip address 101.1.1.1 255.255.255.0
!

ip access-list extended XVPN_Test_in
permit ip 100.1.1.0 0.0.0.255 101.1.1.0 0.0.0.255
deny   ip any any

!

Traffic is gnerated at 400Mbps and the show commands does not show any traffic been policed:

EXTERNAL_SW#    sh policy-map int vlan 90
Vlan90

  Service-policy input: XVPN_Test_in

    Class-map: XVPN_Test_in (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name XVPN_Test_in

      Service-policy : XVPN_Test_in_INT

        Class-map: XVPN_Test_in_INT (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: input-interface  GigabitEthernet0/7

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
            0 packets, 0 bytes
            5 minute rate 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
EXTERNAL_SW#

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tharak Abraham
Level 3
Level 3

‎03-22-2010 07:09 AM

hmm...

are we missing "mls qos vlan-based" under the ports ? ie the input interface

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Tharak Abraham
Level 3
Level 3

‎03-22-2010 07:09 AM

hmm...

are we missing "mls qos vlan-based" under the ports ? ie the input interface

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card