cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
281
Views
0
Helpful
2
Replies

Strange situation with "policer"

darkseducer
Level 1
Level 1

Hello

I have catalyst 4948 with two catalyst 2950 connected to it.I have 3 users in same vlan and policer for this "int vlan" on 4948.
If any of this user whant to reach Internet he have 2mb speed,if user 1 and 2 whant exchange data beetwen them they have 100 mb speed,but when users 1 and 2 what to exchange data with user 3 they have 2 mb speed.Maybe I dont understand how policer work ,but why speed in same vlan is limited by policer.

Question is how to provide full speed between all users in same vlan.


Thanks
Sorry for my english

------------------------------------------------

                  |---switch2---vlan5---(user3)
                  |      
                  Port G1/2
Router--Catalyst 4948
                  Port G1/1 
                  |      
                  |---switch1---vlan5---(user1-user2)


Config:

class-map match-all Vlan5
  match access-group 160
policy-map vlan5
  class vlan5
    police 2048000 bps 386000 byte conform-action transmit exceed-action drop

access-lists 160
permit ip any any

interface vlan5
service-policy input Vlan5
service-policy output Vlan5

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

darkseducer wrote:

Hello

I have catalyst 4948 with two catalyst 2950 connected to it.I have 3 users in same vlan and policer for this "int vlan" on 4948.
If any of this user whant to reach Internet he have 2mb speed,if user 1 and 2 whant exchange data beetwen them they have 100 mb speed,but when users 1 and 2 what to exchange data with user 3 they have 2 mb speed.Maybe I dont understand how policer work ,but why speed in same vlan is limited by policer.

Question is how to provide full speed between all users in same vlan.


Thanks
Sorry for my english

------------------------------------------------

                  |---switch2---vlan5---(user3)
                  |      
                  Port G1/2
Router--Catalyst 4948
                  Port G1/1 
                  |      
                  |---switch1---vlan5---(user1-user2)


Config:

class-map match-all Vlan5
  match access-group 160
policy-map vlan5
  class vlan5
    police 2048000 bps 386000 byte conform-action transmit exceed-action drop

access-lists 160
permit ip any any

interface vlan5
service-policy input Vlan5
service-policy output Vlan5

You have applied the policer to vlan 5 so all ports in vlan 5 will be subject to that policer. Users 1 and 2 never get to the 4948 switch when exchanging data between themselves so that is why you get full speed. However when they try and talk to user 3 they have to go through the 4948 switch and hence their traffic is policed because their traffic is within vlan 5.

If you want to only limit internet connectivity either -

1) apply the service policy on the individual port that is used to route traffic to the internet

or

2) in your acl 160 deny the traffic between your clients

Note with option 2 i have never done this so it would need testing

Jon

Thanks for answer,I did not know that policer uplied for "int vlan" (Layer3) working on all ports (Layer2), I will try something with ACL.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco