Cisco Support Community
Community Member

Can I Egress Rate Limit All Traffic (Cat 3550) (SOLVED!)

Hello All,


I tried to do egress rate limiting with this configuration below;


ip access-list extended RATE_LIMIT_ACL2
 permit ip any any

class-map match-all RATE_LIMIT_CLASS2
  match access-group name RATE_LIMIT_ACL2

    police 600000 8000 exceed-action drop





However the switch did not like the "permit ip any any" in the access list. It would not allow me to apply RATE_LIMIT_POLICY2 to the interface as an outbound service-policy. Is there any way to apply a rate limit to all egress traffic? I tried srr-queing on another switch, but when linked at Speed 10, i could only get 2mb download speed even though it was set to "srr-queing bandwidth limit 60". So i need it linked at 100 to do it with egress filtering i guess. 


Hey,Check this link, its a


Check this link, its a useful one on 3550 QoS:




Community Member

After reading that article i

After reading that article i was able to refine my searches a bit better and i found a site that helped me greatly. Here is what i did below.


Community Member

When doing egress rate

When doing egress rate limiting, the switch has to look at DSCP tagging, so logically we want to classify all traffic regardless of the DSCP tag. Here is how to create the class-maps.

class-map match-all dscp0-7
 match ip dscp default  1  2  3  4  5  6  7
class-map match-all dscp8-15
 match ip dscp cs1  9  af11  11  af12  13  af13  15
class-map match-all dscp16-23
 match ip dscp cs2  17  af21  19  af22  21  af23  23
class-map match-all dscp24-31
 match ip dscp cs3  25  af31  27  af32  29  af33  31
class-map match-all dscp32-39
 match ip dscp cs4  33  af41  35  af42  37  af43  39
class-map match-all dscp40-47
 match ip dscp cs5  41  42  43  44  45  ef  47
class-map match-all dscp48-55
 match ip dscp cs6  49  50  51  52  53  54  55
class-map match-all dscp56-63
 match ip dscp cs7  57  58  59  60  61  62  63
Then we want to set the amount that we need to limit, in this case were setting a 10meg connection, the policer is named "10M"
mls qos aggregate-policer 10M 10000000 250000 exceed-action drop
Now we want to take all of that classified traffic and make a policy that directs it all to use the same policer statement, we do so here.
policy-map 10M
 class dscp0-7
    police aggregate 10M
 class dscp8-15
    police aggregate 10M
 class dscp16-23
    police aggregate 10M
 class dscp24-31
    police aggregate 10M
 class dscp32-39
    police aggregate 10M
 class dscp40-47
    police aggregate 10M
 class dscp48-55
    police aggregate 10M
 class dscp56-63
    police aggregate 10M
Now apply that policy we just made to an interface.
interface GigabitEthernet0/1
 service-policy output 10M
And lastly, enable QoS globally using this command.
mls qos
Dont forget to rate if this helps!
CreatePlease to create content