Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3750 Rate Limiting Not Working

Have a Network layed out like this:

3750

| (Trunk)

Dell Powerconnect

| (Access)

Server

The Powerconnect switch 18 VLANs on it. The server in question is connected to a switchport on the Powerconnect with setup as an access port with VLAN assignment. The uplink from the powerconnect to the 3750 is a trunk. My goal is to rate limit the bandwidth coming from the server going out to internet (connected to a L3 port on the 3750). From my reading a service policy should have been able to handle this (also read didn't work on egress interfaces). As such I setup an ACL:

ip access-list extended Rate_Limiter_ACL

permit ip host x.x.x.22 any

Setup a class map:

class-map match-all Rate_Limiter_Map

match access-group Rate_Limiter_ACL

Created policy map to rate-limit (Police):

policy-map Rate_Limited_Policy

class Rate_Limiter_Map

police 2400000 65536 exceed-action drop

Applied service-policy to the TRUNK interface connecting to the powerconnect as the outbound traffic from the server should be ingress to the trunk interface on the 3750.

interface GigabitEthernet1/0/20

service-policy input Rate_Limiter_Map

Problem is, rate is not limited often times spikes to 7+ Mbps.

Am I misunderstanding the way policing works? Is something configured wrong?

I tried switching the access-list's source and destination and that did not help either.

sho policy-map int g1/0/20 shows the policy and class applied to the interface but nothing is getting matched, not even in the "class-default". Does a class-default have to be configured even if it is for all other traffic for the policy map to work?

Any help is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: 3750 Rate Limiting Not Working

DO you have QOS enabled with the

mls qos

statement? Your config looks correct and similiar to one I've used.

9 REPLIES
Hall of Fame Super Bronze

Re: 3750 Rate Limiting Not Working

policy-map Rate_Limited_Policy

class Rate_Limiter_Map

police 2400000 65536 exceed-action drop

....

Problem is, rate is not limited often times spikes to 7+ Mbps.

Your policed policy is set to 2.4Gbps which you aren't violating at 7Mbps, unless I'm missing something...

__

Edison.

New Member

Re: 3750 Rate Limiting Not Working

Cisco IOS "help", indicates the speed should be in bps not kbps so the speed set should be 2.4 Mbps, unless you are trying to indicate that the "help" is incorrect. However a quick search for some examples all show the speed set in bps as well so I don't think that is the issue.

See below:

myhost(config-pmap-c)#polic ?

<8000-1000000000> Bits per second

aggregate Choose aggregate policer for current class

Hall of Fame Super Bronze

Re: 3750 Rate Limiting Not Working

My mistake, you are correct.

Can you provide the output from typing

show policy-map interface

__

Edison.

New Member

Re: 3750 Rate Limiting Not Working

DO you have QOS enabled with the

mls qos

statement? Your config looks correct and similiar to one I've used.

New Member

Re: 3750 Rate Limiting Not Working

Well I thought that might have been it because I did forget to enable it.

However, sho policy-map int still showing all zeroes. At the same time traffic hasn't spiked on the interface in question, but it has only been 10 minutes of monitoring, but I will update the thread in an hour or so after reviewing the traffic.

I still have my doubts however, as like I said the service-policy is not catching any packets and I thought the class-default should catch everything not part of the access-list.

Cisco Employee

Re: 3750 Rate Limiting Not Working

You are using a wrong policy map on the interface.

Check this :

interface GigabitEthernet1/0/20

service-policy input Rate_Limiter_Map <---- This is the class-map that you have defined.

Policy map that you have defined is -----> policy-map Rate_Limited_Policy

class Rate_Limiter_Map

The config should be :

interface GigabitEthernet1/0/20

service-policy input Rate_Limited_Policy

HTH, Please rate if it does.

-amit singh

New Member

Re: 3750 Rate Limiting Not Working

Hi Amit,

Nice catch, however, all the names correctly match in the actual config. I simply made an error when copying over names for the post.

I think forgetting to enable Qos was the issue as it appears to be properly rate-limiting now. I would still be curious to any insight as to why despite it correctly limiting is "sho policy-map int" not showing any stats.

Re: 3750 Rate Limiting Not Working

This is a known (and well documented) 'feature' of the standalone Catalysts (2960, 3560 & 3750) whereby none of the policy counters work. The best you are going to get is 'show mls qos interface statistics' - there is a 'in policy' and 'out policy' counter per interface.

It is very annoying not having this command though...

Andy

New Member

Re: 3750 Rate Limiting Not Working

Nice feature, did I have to pay extra for that or was it standard equipment :-)?

321
Views
5
Helpful
9
Replies