10-31-2011 12:39 PM - edited 03-07-2019 03:08 AM
I am trying to limit traffic inbound to 10Mbps on a gig interface 0/48 set to 100/full. So I downloaded some big
files over this link and I'm able to see 30-40Mbps or more. You can see from the show int - rate-limit command that parameters
are never showing exceented so nothing has been dropped. What am I missing? Thanks.
interface GigabitEthernet0/48
description ATT Link 100Mbps
no switchport
ip address 10.10.7.2 255.255.255.252
rate-limit input 10000000 10000 10000 conform-action continue exceed-action drop
speed 100
duplex full
c3560-1#sho int gi 0/48 rate-limit
GigabitEthernet0/48 ATT Link 100Mbps
Input
matches: all traffic
params: 10000000 bps, 10000 limit, 10000 extended limit
conformed 0 packets, 0 bytes; action: continue
exceeded 0 packets, 0 bytes; action: drop
last packet: 2167248835ms ago, current burst: 0 bytes
last cleared 00:04:41 ago, conformed 0 bps, exceeded 0 bps
mccx-c3560-1#show int gig 0/48
GigabitEthernet0/48 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 30e4.db3c.08c5 (bia 30e4.db3c.08c5)
Description: ATT Link to Herakles 100Mbps
Internet address is 10.10.7.2/30
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 31/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 12487000 bits/sec, 1110 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
12137264 packets input, 3932863552 bytes, 0 no buffer
Received 18 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
Solved! Go to Solution.
10-31-2011 01:49 PM
Hi,
Try this:
ip access-list extended 101
permit ip any any
!
class-map match-all SHTRAFFIC
match access-group 101
!
policy-map POLTRAF
class SHTRAFFIC
police 10000000 10000 exceed-action drop
!
interface GigabitEthernet0/48
service-policy input POLTRAF
Best regards,
Alex
10-31-2011 01:49 PM
Hi,
Try this:
ip access-list extended 101
permit ip any any
!
class-map match-all SHTRAFFIC
match access-group 101
!
policy-map POLTRAF
class SHTRAFFIC
police 10000000 10000 exceed-action drop
!
interface GigabitEthernet0/48
service-policy input POLTRAF
Best regards,
Alex
10-31-2011 01:57 PM
That did it. Thank you Alexander!
10-31-2011 02:02 PM
I am glad that I can help you.
Best regards,
Alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: