05-22-2009 01:22 PM - edited 03-06-2019 05:53 AM
We have a Catalyst 3560 that connects to a metro E circuit. It also has 1 uplink into each of our core L3 switches. All ports are layer 2.
We are trying to police bandwidth on a per-client basis. We have setup the following, but it doesn't seem to be working. We're seeing clients spike above the limits we have configured. Any ideas?
class-map match-any ClientA_CM
match access-group 109
class-map match-any ClientB_CM
match access-group 105
policy-map Rate_Limit_Clients
class ClientA_CM
police 5000000 48000 exceed-action drop
class ClientB_CM
police 3000000 24000 exceed-action drop
access-list 105 permit ip any 209.X.X.120 0.0.0.7
access-list 105 permit ip 209.X.X.120 0.0.0.7 any
access-list 110 permit ip any 66.X.X.160 0.0.0.2
access-list 110 permit ip 66.X.X.160 0.0.0.2 any
Then, we have this applied on both the metro E interface and the 2 uplinks to our core L3 switches:
service-policy input Rate_Limit_Clients
Here is the VLAN interface on our core for the client we're trying to rate-limit:
interface Vlan24
ip address 66.X.X.162 255.255.255.252
load-interval 30
05-22-2009 01:37 PM
Also, "show policy-map interface gig 0/24" shows 0 on all counters.
05-23-2009 01:18 PM
Jordan,
Policing on 3560 is not straight forward. for starters you can see any counters on "show policy-map interface X/Y".
I also do not recall that policing works OUTBOUND.
I had a similar scenario recently, I and this is how I resolved it:
Each customer was assigned either a VLAN out of a single port or had a Layer 3 port. I was able to police INBOUND Only.
For OUTBOUND, I had to police uplink (inbound) since traffic IN is the traffic OUT to customers. my class maps had to match each customer allocated IP range.
I validated my config by using a traffic generator.
Remember to enable QOS globally "mls qos"...and in which case you might want to also remark inbound traffic from customers.
HTH
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide