Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policier on Layer 3 SVI

Hi all,

I am having some issue with doing policing on Layer 3 SVI.

This is my configuration

  Policy Map INGRESS-400M
    Class class-default
      police 400000000 bps 50000000 byte conform-action transmit exceed-action drop

  Policy Map EGRESS-400M
     Class class-default
       police 400000000 bps 50000000 byte conform-action transmit exceed-action drop

interface GigabitEthernet1/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100-300
switchport mode trunk
switchport nonegotiate
qos vlan-based

interface Vlan100
ip address 10.0.0.1 255.255.255.240

standby 7 ip 10.0.0.3
standby 7 priority 140
standby 7 preempt
service-policy input INGRESS-400M
service-policy output EGRESS-400M
end


show policy-map int vlan 100
Vlan100

  Service-policy input: INGRESS-400M

    Class-map: class-default (match-any)
      0 packets
      Match: any
        0 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes

  Service-policy output: EGRESS-400M

    Class-map: class-default (match-any)
      524952 packets
      Match: any
        524952 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes

As you can see there is not matching packets at the INGRESS policy map and on the EGRESS policy map the conform is : 0

Any idea why it is so?

6 REPLIES
Cisco Employee

Re: Policier on Layer 3 SVI

Hi,

On what platform?

Regards,

Lei Tian

New Member

Re: Policier on Layer 3 SVI

Hi Lei Tian,

It's on a cisco 4510

Cisco Employee

Re: Policier on Layer 3 SVI

Hi,

The configure looks fine to me. Did you have qos turn on globally? Do you see policing not working, or only the counter not working?

Another thing about vlan based policing is the policer will affect all traffic pass the vlan, not per port based. If you want to per-port per-vlan, you can do it on inteface using 'vlan range'.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/qos.html#wp1338610

HTH,

Lei Tian

New Member

Re: Policier on Layer 3 SVI

Hi Lei Tian,

Thanks for the information. But I do see a spike in the CPU utilisation once I enabled QOS. Is that a norm?

Cisco Employee

Re: Policier on Layer 3 SVI

Hi,

Policing is handled by hardware, you shouldn't see high cpu after enable qos.

Check this link to troubleshooting high cpuon 4500

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml

HTH,

Lei Tian

Bronze

Re: Policier on Layer 3 SVI

I want to clarify one thing:

The policer is on the SVI, but the traffic that will be policed is L2 traffic on the switch ports.  It's not the same as policing on a L3 physical port.

Are there any ports on this switch that belong to VLAN100 besides the trunk?

Dan

480
Views
0
Helpful
6
Replies