Cisco Support Community
Community Member




We have total 8Mbps Cir Connection for Internet.

We want to limit the internet connection per user to 100KBps.

L3 core switch (WS-C3750X-24S) connected to Access Layer Switches L2, (  WS-C2960G-48TC-L) User is connected to Access layer switch.

L3 connected to L2 through Trunk. Running VTP server and clients mode.

We done this configuration on Core Switch but did not work. any suggestion i am waiting........?

Layer 3 switch  WS-C3750X-24S

access-list 151 permit tcp host any eq 80

class-map match-all vlan300
  match access-group 151

policy-map QOS_Policy
  class vlan300
   police cir 800000 bc 100000
   conform-action transmit
   exceed-action drop

interface vlan 300
service policy input QOS_Policy


Layer 3 switch  WS-C3750X-24S

Mls qos

interface GigabitEthernet1/0/2

description LINK_SW_2_Floor

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos vlan-based


access-list 151 permit tcp host any eq 80


class-map match-all VLAN300 

  match access-group  151

class-map match-all PORTS

  match input-interface  GigabitEthernet1/0/2


policy-map PORT

class PORTS

  police 800000 100000 exceed-action drop

policy-map VLANS

class  VLAN300

   set dscp ef

   service-policy PORT


interface Vlan300

ip address

service-policy input VLANS


I am waiting for your kind response.






Super Bronze

DisclaimerThe Author of this


The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of   the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.


For the individual per user 100K restriction (outbound to Internet), you'll need/want an ingress policy applied to user ports that polices their Internet destined traffic.  I think the 2960 will support such.

For the 8M CIR, you want an egress shaper.  How that's done (and if it can be done), varies per platform.  What kind of device actually has hosts the Internet connection?

BTW, realize LAN switches are often "weak" in their QoS feature support (this because there's often ample bandwidth).

For the individual per user 100K restriction (inbound from Internet), reread prior sentence.  (NB: few ordinary routers or switches can deal with this, and even those that can, results may not be as desired because control is below point of congestion.  Ideally you want control at point of congestion.)

CreatePlease to create content