Policing bandwidth on a switchport

netservices · ‎05-22-2007

I've applied a simple service policy on a switchport to limit the bandwidth on the port to 2Mb using the following config:

class-map match-any Server_Limit

match access-group 10

!

policy-map 2MB_Limit

class Server_Limit

police 2000000 500000 exceed-action drop

!

interface FastEthernet0/46

service-policy input 2MB_Limit

!

access-list 10 permit any

!

This does seem to have had some effect as the inbound rate on the interface has dropped from around 6Mb to around 3Mb.

However, I was expecting the bandwidth to be capped at 2Mb and when I issue the show 'policy-map interface' command, i dont see any packets being matched at all:

FastEthernet0/46

Service-policy input: 2MB_Limit

Class-map: Server_Limit (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 10

0 packets, 0 bytes

5 minute rate 0 bps

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

Is this because the switch operates primarily at Layer 2? It does filter at Layer 3 and I would expect to see matches, especially when it does seem to be performing some level of throttling.

Also, does anyone have any ideas how to make the throttling more efficient and cap more accurately at 2Mb?

kerek · ‎05-22-2007

Hi,

I think it should work even if the port configured as switchport. Let's try to change the acl to:

access-list 10 permit ip any

Anyway I think the burst byte is too high. It is 500000 byte (not bits). Try to lower it. I have read in the 3550 qos docs that if the burst bytes exceed a particular value the policy map will not be applied on the interface. Nice isn't it? :)

The policing should be seen in the output of the show policy-map interface.

Hope it helps, rate if does

Krisztian