Rate-limiting on a switch

Answered Question

Hi,


is there an equivalent to the rate-limit command of a router interface for a 3550 switch (l2 port).


Let say I don't want a device to eat more then 2 mbps of traffic...


Thanks

Correct Answer by szahid about 11 years 7 months ago

There is no rate-limit command on 3550 , but you can rate limit traffic on a per port basis using policers. If you want the inbound traffic to be limited to 2 Mbps , you can do something as simple as following.


Define an acl classifying the traffic coming on this port.


access-lists 100 permit ip host x.y.z.w any


then define a class-map


class-map match-all ratelimit

match access-group 100


Define a policy map.


policy-map rate

class ratelimit

police 2000000 64000 exceed-action drop


and then apply this policy under the interface.


interface

service-policy input rate


3550 also supports egress policies , but you can not use acl based classification. Classification based only on dscp values can be used for egress policers.


For more information , please take a look here.



http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/swqos.htm


Hope this helps.


Salman Z.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
szahid Sat, 10/08/2005 - 20:41
User Badges:
  • Silver, 250 points or more

There is no rate-limit command on 3550 , but you can rate limit traffic on a per port basis using policers. If you want the inbound traffic to be limited to 2 Mbps , you can do something as simple as following.


Define an acl classifying the traffic coming on this port.


access-lists 100 permit ip host x.y.z.w any


then define a class-map


class-map match-all ratelimit

match access-group 100


Define a policy map.


policy-map rate

class ratelimit

police 2000000 64000 exceed-action drop


and then apply this policy under the interface.


interface

service-policy input rate


3550 also supports egress policies , but you can not use acl based classification. Classification based only on dscp values can be used for egress policers.


For more information , please take a look here.



http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550scg/swqos.htm


Hope this helps.


Salman Z.


pgasparovic Thu, 01/05/2006 - 09:12
User Badges:

Hello Salman,


I wonder about your statement that it's running the way you present.

1) First, you just use an IP ACL, what's untrue when compared to what this doc states :

http://www.cisco.com/en/US/customer/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml


saying that two ACLs, IP and MAC are needed to limit all port traffic.


2) It's not known which of EMI or SMI images is the "chosen one" to deliver the function, because the doc states that policing is available for either version.


It's probably a cheat, because we manage to run it only with EMI image.

Actions

This Discussion