Cisco Support Community
Community Member

Port Rate Limiting 3560G

I need to do some rate limiting on a Cisco 3560G-TS-S Switch.  This is just a shot in the dark to fix a pretty serious network issue.

I have port 33 connected to an older model of an ADC switch and was wondering if there was an easy way to rate limit the port that connects to the older network.  Most of the older network runs on thinwire....dont ask.  But basically I want to rate limit this port down to 5Mbps.

Thank you in advance.  As I post this I will be researching Cisco's site for more information.


Community Member

Re: Port Rate Limiting 3560G

Answering part of my own question I found the following:


This example shows how to configure a policer that drops packets if  traffic exceeds 1 Mb/s average rate with a burst size of 20 KB. The  DSCPs of incoming packets are trusted, and there is no packet  modification.

Switch(config)# policy-map policy1

Switch(config-pmap)# class class1

Switch(config-pmap-c)# trust dscp

Switch(config-pmap-c)# police 1000000 20000 exceed-action drop

Switch(config-pmap-c)# exit

This example shows how to configure a policer, which marks down the DSCP  values with the values defined in policed-DSCP map and sends the  packet:

Switch(config)# policy-map policy2

Switch(config-pmap)# class class2

Switch(config-pmap-c)# police 1000000 20000 exceed-action policed-dscp-transmit

Switch(config-pmap-c)# exit

So would I then apply the config to a particular port? I don't want the entire switch to do this.

From this link:

The simpler more straight forward config is #1 above.  Does anyone know a good rhyme/reason for the burst size?

Hall of Fame Super Blue

Re: Port Rate Limiting 3560G


The example you posted is for ingress policing ie. policing as traffic arrives at the 3560 port. The 3560 switch does not support egress policing unfortunately. You can use the "srr-queue bandwidth limit ..." command which allows you to limit the port to a percentage of it's actual bandwidth but you can only specify the percentage from 10% to 90% which would not get a 1Gbps port down to 5Mbps -

3560 limit egress

You could use policing on ingress if you knew which ports were responsible for the traffic going out on port 33 but it is messy and may affect inbound traffic other than traffic destined for port 33. This is unfortunately one of the limitations of the 3560 switch.


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Community Member

Re: Port Rate Limiting 3560G

Hmm, that does not sound good.

It is a 3750, and not a 3560.  The thing is in China so I just got confirmation.  Not that that makes a difference.

It will be a gigabit port so 1% of that would still be 10Mbps. I would/could just set the port to 10Mbps full duplex and away we go but I believe it has to be lower than that.  Like I said, the other side (all Layer 2----dont ask) is an old ADC/Kentrox 2Mbps thinwire network.  The interface between the Cisco 3750 and Kentrox is a 10Mbps ethernet link.  I will get access to the switch tomorrow to confirm speed/duplex settings.

When we turn on the new devices at 100/1000Mbps, the Kentrox goes nuts with the added network traffic.

Any other suggestions? Resubnetting and configuring the 3750 as layer 3 is not an option (at least not an easy one) at this point. Replacing the Kentrox equipment would actually be easier.


Cisco Employee

Hi,      Please refer the


      Please refer the topic configuring port based traffic control  - topic in below link for 3560 swtiches.


This example shows how to enable unicast storm control on a port with an 87-percent rising suppression level and a 65-percent falling suppression level:

Switch# configure terminal

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# storm-control unicast level 87 65

CreatePlease to create content