Policier on Layer 3 SVI

Unanswered Question
Sep 23rd, 2010
User Badges:

Hi all,


I am having some issue with doing policing on Layer 3 SVI.


This is my configuration


  Policy Map INGRESS-400M
    Class class-default
      police 400000000 bps 50000000 byte conform-action transmit exceed-action drop


  Policy Map EGRESS-400M
     Class class-default
       police 400000000 bps 50000000 byte conform-action transmit exceed-action drop


interface GigabitEthernet1/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100-300
switchport mode trunk
switchport nonegotiate
qos vlan-based


interface Vlan100
ip address 10.0.0.1 255.255.255.240

standby 7 ip 10.0.0.3
standby 7 priority 140
standby 7 preempt
service-policy input INGRESS-400M
service-policy output EGRESS-400M
end



show policy-map int vlan 100
Vlan100


  Service-policy input: INGRESS-400M


    Class-map: class-default (match-any)
      0 packets
      Match: any
        0 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes


  Service-policy output: EGRESS-400M


    Class-map: class-default (match-any)
      524952 packets
      Match: any
        524952 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes


As you can see there is not matching packets at the INGRESS policy map and on the EGRESS policy map the conform is : 0


Any idea why it is so?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lei Tian Thu, 09/23/2010 - 11:49
User Badges:
  • Cisco Employee,

Hi,


On what platform?


Regards,

Lei Tian

Lei Tian Fri, 09/24/2010 - 04:37
User Badges:
  • Cisco Employee,

Hi,


The configure looks fine to me. Did you have qos turn on globally? Do you see policing not working, or only the counter not working?


Another thing about vlan based policing is the policer will affect all traffic pass the vlan, not per port based. If you want to per-port per-vlan, you can do it on inteface using 'vlan range'.


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/qos.html#wp1338610


HTH,

Lei Tian

noobieee7 Fri, 09/24/2010 - 09:41
User Badges:

Hi Lei Tian,


Thanks for the information. But I do see a spike in the CPU utilisation once I enabled QOS. Is that a norm?

danrya Fri, 09/24/2010 - 11:17
User Badges:
  • Bronze, 100 points or more

I want to clarify one thing:

The policer is on the SVI, but the traffic that will be policed is L2 traffic on the switch ports.  It's not the same as policing on a L3 physical port.


Are there any ports on this switch that belong to VLAN100 besides the trunk?


Dan

Actions

This Discussion