Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
970
Views
0
Helpful
6
Replies

Policier on Layer 3 SVI

noobieee7
Level 1
Level 1

‎09-23-2010 07:13 AM - edited ‎03-06-2019 01:09 PM

Hi all,

I am having some issue with doing policing on Layer 3 SVI.

This is my configuration

  Policy Map INGRESS-400M
    Class class-default
      police 400000000 bps 50000000 byte conform-action transmit exceed-action drop

  Policy Map EGRESS-400M
     Class class-default
       police 400000000 bps 50000000 byte conform-action transmit exceed-action drop

interface GigabitEthernet1/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100-300
switchport mode trunk
switchport nonegotiate
qos vlan-based

interface Vlan100
ip address 10.0.0.1 255.255.255.240

standby 7 ip 10.0.0.3
standby 7 priority 140
standby 7 preempt
service-policy input INGRESS-400M
service-policy output EGRESS-400M
end


show policy-map int vlan 100
Vlan100

  Service-policy input: INGRESS-400M

    Class-map: class-default (match-any)
      0 packets
      Match: any
        0 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes

  Service-policy output: EGRESS-400M

    Class-map: class-default (match-any)
      524952 packets
      Match: any
        524952 packets
      police: Per-interface
        Conform: 0 bytes Exceed: 0 bytes

As you can see there is not matching packets at the INGRESS policy map and on the EGRESS policy map the conform is : 0

Any idea why it is so?

Labels:
0 Helpful
6 Replies 6

Lei Tian
Cisco Employee
Cisco Employee

‎09-23-2010 11:49 AM

Hi,

On what platform?

Regards,

Lei Tian

0 Helpful

noobieee7
Level 1
Level 1
In response to Lei Tian

‎09-23-2010 06:17 PM

Hi Lei Tian,

It's on a cisco 4510

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to noobieee7

‎09-24-2010 04:37 AM

Hi,

The configure looks fine to me. Did you have qos turn on globally? Do you see policing not working, or only the counter not working?

Another thing about vlan based policing is the policer will affect all traffic pass the vlan, not per port based. If you want to per-port per-vlan, you can do it on inteface using 'vlan range'.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/qos.html#wp1338610

HTH,

Lei Tian

0 Helpful

noobieee7
Level 1
Level 1
In response to Lei Tian

‎09-24-2010 09:41 AM

Hi Lei Tian,

Thanks for the information. But I do see a spike in the CPU utilisation once I enabled QOS. Is that a norm?

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to noobieee7

‎09-24-2010 11:25 AM

Hi,

Policing is handled by hardware, you shouldn't see high cpu after enable qos.

Check this link to troubleshooting high cpuon 4500

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml

HTH,

Lei Tian

0 Helpful

danrya
Level 1
Level 1

‎09-24-2010 11:17 AM

I want to clarify one thing:

The policer is on the SVI, but the traffic that will be policed is L2 traffic on the switch ports.  It's not the same as policing on a L3 physical port.

Are there any ports on this switch that belong to VLAN100 besides the trunk?

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card