rate-limiting on 3560 switch not working

Answered Question
Oct 31st, 2011
User Badges:

I am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full.  So I downloaded some big

files over this link and I'm able to see 30-40Mbps or more.  You can see from the show int - rate-limit command that parameters

are never showing exceented so nothing has been dropped.  What am I missing?  Thanks.


interface GigabitEthernet0/48

description ATT Link 100Mbps

no switchport

ip address 10.10.7.2 255.255.255.252

rate-limit input 10000000 10000 10000 conform-action continue exceed-action drop

speed 100    

duplex full



c3560-1#sho int gi 0/48 rate-limit

GigabitEthernet0/48 ATT Link 100Mbps

  Input

    matches: all traffic

      params:  10000000 bps, 10000 limit, 10000 extended limit

      conformed 0 packets, 0 bytes; action: continue

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 2167248835ms ago, current burst: 0 bytes

      last cleared 00:04:41 ago, conformed 0 bps, exceeded 0 bps


mccx-c3560-1#show int gig 0/48

GigabitEthernet0/48 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is 30e4.db3c.08c5 (bia 30e4.db3c.08c5)

  Description: ATT Link to Herakles 100Mbps

  Internet address is 10.10.7.2/30

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 31/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:01, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 12487000 bits/sec, 1110 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     12137264 packets input, 3932863552 bytes, 0 no buffer

     Received 18 broadcasts (0 IP multicasts)

     0 runts, 0 giants, 0 throttles

Correct Answer by Alexander Maroukian about 5 years 9 months ago

Hi,


Try this:

ip access-list extended 101

permit ip any any

!

class-map match-all SHTRAFFIC

match access-group 101

!

policy-map POLTRAF

class SHTRAFFIC

police 10000000 10000 exceed-action drop

!

interface GigabitEthernet0/48

service-policy input POLTRAF


Best regards,

Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Alexander Maroukian Mon, 10/31/2011 - 13:49
User Badges:
  • Bronze, 100 points or more

Hi,


Try this:

ip access-list extended 101

permit ip any any

!

class-map match-all SHTRAFFIC

match access-group 101

!

policy-map POLTRAF

class SHTRAFFIC

police 10000000 10000 exceed-action drop

!

interface GigabitEthernet0/48

service-policy input POLTRAF


Best regards,

Alex

Actions

This Discussion