Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policing SVI on 3560 switches

Anybody have tried policing SVI on 3560 switches?  Recently tried once but failed:

Topology:

---- G0/7(VLAN90) ---- 3560G ---- G0/8(VLAN91) ----

|                                                                        |

|                                                                        |

|                                                                        |

|                                                                        |

---------------------- Traffic Generator --------------------------

Configuration:

vlan 90-92

!

class-map match-all XVPN_Test_in
match access-group name XVPN_Test_in
class-map match-all XVPN_Test_in_INT
match input-interface  GigabitEthernet0/7

!

policy-map XVPN_Test_in_INT
class XVPN_Test_in_INT
  police 2000000 8000 exceed-action drop
policy-map XVPN_Test_in
class XVPN_Test_in
  trust dscp
  service-policy XVPN_Test_in_INT

!

interface GigabitEthernet0/7
switchport access vlan 90
switchport mode access
load-interval 30
!
interface GigabitEthernet0/8
switchport access vlan 91
switchport mode access
load-interval 30
!

interface Vlan90
ip address 100.1.1.1 255.255.255.0
ip access-group test in
service-policy input XVPN_Test_in
!
interface Vlan91
ip address 101.1.1.1 255.255.255.0
!

ip access-list extended XVPN_Test_in
permit ip 100.1.1.0 0.0.0.255 101.1.1.0 0.0.0.255
deny   ip any any

!

Traffic is gnerated at 400Mbps and the show commands does not show any traffic been policed:

EXTERNAL_SW#    sh policy-map int vlan 90
Vlan90

  Service-policy input: XVPN_Test_in

    Class-map: XVPN_Test_in (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group name XVPN_Test_in

      Service-policy : XVPN_Test_in_INT

        Class-map: XVPN_Test_in_INT (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: input-interface  GigabitEthernet0/7

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
            0 packets, 0 bytes
            5 minute rate 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
EXTERNAL_SW#

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Policing SVI on 3560 switches

hmm...

are we missing "mls qos vlan-based" under the ports ? ie the input interface

1 REPLY

Re: Policing SVI on 3560 switches

hmm...

are we missing "mls qos vlan-based" under the ports ? ie the input interface

540
Views
0
Helpful
1
Replies
This widget could not be displayed.