Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst 4500 IOS Police question

Using police (because rate-limit doesn't work on a vlan) to control traffic in and out of a VLAN, but it isn't working. I want to limit traffic to 256k/386 Burst, but when I do a speed test I am getting FAR more than that.

here is my config:

class-map match-all GuestVLAN3-256k

match any

policy-map GuestVLAN3-256k

class GuestVLAN3-256k

police 256000 bps 3840 byte conform-action transmit exceed-action drop

interface Vlan3

description GuestVLAN (Internet Only at 256k)

ip address 10.146.3.1 255.255.255.0

ip access-group GuestVLAN3 in

ip helper-address x.x.x.x

ip helper-address x.x.x.x

no ip redirects

service-policy input GuestVLAN3-256k

service-policy output GuestVLAN3-256k

what am I doing wrong?

thanks,

Erik

2 REPLIES
New Member

Re: Catalyst 4500 IOS Police question

If you have service policies attached to the physical interface receiving or sending packets for VLAN 3, you'll need to enable VLAN-based QoS on these physical interfaces.

Otherwise, instead of using the GuestVLAN3-256k class with match any, maybe you could refer to class-default in your policy-map instead:

policy-map GuestVLAN3-256k

class class-default

police 256000 bps 3840 byte conform-action transmit exceed-action drop

HTH

New Member

Re: Catalyst 4500 IOS Police question

That didn't help either, still able to pass our full internet bandwidth across this vlan.

the reason I am using Police rather than rate-limit is because it isn't a physical interface, it is a vlan that I want to control traffic on.

Anyone else have any ideas?

Erik

132
Views
1
Helpful
2
Replies
CreatePlease login to create content