Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

3550 -> 3560 lost egress policer functionality

Unanswered Question
Apr 11th, 2006
User Badges:

Need some guidance here.

On a 3550 I normally set up rate-limiting on a per-port basis to provide internet service or other rate-based services to customers. As such I need to be able to apply ingress and egress service policies to an interface. In other words, I set the upload and download speeds that are then sold to customers as a service at that level.

Now that we are migrating to 3560s, I have hit a roadblock, in that the command that I used to use to assign a service policy to an interface on egress is no longer supported on the 3560 (and 3750) series of switches.

So, previously I might have defined something like the following:

mls qos aggregate-policer Out 5000000 2000000 exceed-action drop

mls qos aggregate-policer In 5000000 2000000 exceed-action drop

mls qos

class-map match-all DSCP

match ip dscp default

policy-map In

class DSCP

police aggregate In

policy-map Out

class DSCP

police aggregate Out

interface fastethernet0/1

service-policy input In

service-policy output Out

I can get as far as the last line on a 3560, where it states that:

Warning: Assigning a policy map to the output side of an interface not supported

I have looked around on Cisco's website and I see that some things have changed and that now "shaping" is how egress traffic is handled. I haven't been able to find a straightforward guide as to how to configure an equivalent for the command I used to do.

Any ideas or suggestions would be greatly appreciated! Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
globalnettech Wed, 04/12/2006 - 05:15
User Badges:
  • Silver, 250 points or more


the "service-policy output" is indeed not supported on the 3560/3750 switches due to an ASIC limitation. See if "srr-queue bandwidth limit" command will work for you, here is the link to the configuration details:

Limiting the Bandwidth on an Egress Interface




rasoftware Sun, 05/21/2006 - 15:56
User Badges:


we are having similar probelms with 3560. Looking at the srr commands it will only allow us to set a percentage (10) of max interface bandwidth ie 10Mbit or 1Mbit depending on port speed. Is it possible to assign a lower rate ie 512kbits?

etoman Fri, 05/19/2006 - 08:41
User Badges:

The Catalyst 2960/2970/3560/3750 switches support "SRR" instead of WRR. SRR is the ability to support shared or shaped round robin queuing. Sharing is like wrr i.e. a minium b/w guarantee but can get more if available. Shaping overrides sharing when configured, and rate limits traffic to not exceed the specified rate.

Example on a 3560

int fa0/1

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 4 0 0 0

This results in Queue #1 being shaped to 1/4 of the B/W of the interface i.e. it cannot exceed 1/4 of the B/W of the interface. Queue 2 gets 70/(70+25+5) percent of the b/w minimum, but can get more if available. Similarly Queue #3 gets 25(70+25+5) % of the B/W etc.

These are topics I address at length in the Advanced Cisco QoS course I put together for Global Knowledge and teach for them.

rasoftware Mon, 05/22/2006 - 10:53
User Badges:


Did you manage to get this working? We basically use the same policers as yourself in a similar situation. I am hoping to upgrade to 3560 but the egress rate limiting issues are concerning me. 3550 is now end of life.


This Discussion