04-07-2009 08:03 AM - edited 03-06-2019 05:02 AM
Hi i'm trying to rate limit a port that connects to a guest wireless network (see config), any ideas where i'm going wrong? I've looked at all docs i could find and config does seem ok, however traffic is not limited
class-map match-all 1M
match access-group 100
policy-map GUEST_RATE
class 1M
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
no ip address
service-policy input GUEST_RATE
access-list 100 permit ip any any
Solved! Go to Solution.
04-07-2009 09:58 AM
Can you specify the mode of the interface as trunk or access?
switchport mode trunk
As of now, it's set to dynamic trunking and the documentation states the following:
When configuring policing and policers, keep these items in mind:
â¢By default, no policers are configured.
â¢Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.
â¢Only one policer can be applied to a packet per direction.
â¢Only the average rate and committed burst parameters are configurable.
â¢Policing can occur on ingress and egress interfaces:
You can also modify the config as follow, by using the class-default:
policy-map GUEST_RATE
class class-default
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
switchport mode trunk
no ip address
service-policy input GUEST_RATE
HTH,
__
Edison.
04-07-2009 09:58 AM
Can you specify the mode of the interface as trunk or access?
switchport mode trunk
As of now, it's set to dynamic trunking and the documentation states the following:
When configuring policing and policers, keep these items in mind:
â¢By default, no policers are configured.
â¢Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port.
â¢Only one policer can be applied to a packet per direction.
â¢Only the average rate and committed burst parameters are configurable.
â¢Policing can occur on ingress and egress interfaces:
You can also modify the config as follow, by using the class-default:
policy-map GUEST_RATE
class class-default
police 1000000 32000 exceed-action drop
interface GigabitEthernet0/1
switchport access vlan 106
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 106
switchport mode trunk
no ip address
service-policy input GUEST_RATE
HTH,
__
Edison.
04-08-2009 12:32 AM
Changed to match as above making the interface an access port only and it now works a treat
thank you very much for your quick reply and help sorting
regards
Jonathan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: