Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
3
Helpful
3
Replies

unable to policy switchport interface of CISCO861

christian.pinedo
Level 1
Level 1

‎07-25-2012 04:24 AM - edited ‎03-07-2019 07:58 AM

Hello,

I'm unable to apply a policing limit in a switchport of the CISCO861 router. This is my configuration:

interface FastEthernet0

service-policy input wired-input

service-policy output wired-output

end

policy-map wired-input

class class-default

   police cir 1000000 bc 187500 be 250000

     conform-action transmit

     exceed-action transmit

     violate-action drop

policy-map wired-output

class class-default

   police cir 2000000 bc 375000 be 500000

     conform-action transmit

     exceed-action transmit

     violate-action drop

The switchport uses more than 2/1 Mbps and I don't know why. This port is routed through the WAN interface (Fa4). I must be doing somethig bad...

Thanks in advance,

Christian

Labels:
0 Helpful
3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

‎07-25-2012 05:13 AM

Hi,

I think you should apply the policy to the WAN interface or the SVI(BVI).

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

christian.pinedo
Level 1
Level 1
In response to cadet alain

‎07-25-2012 06:48 AM

Hi,

I can't apply the service-policy to the SVI Interface, I get an error every time I try it.

And If I apply the service-policy to the WAN interface I don't know if I will be able to apply different policies for private networks because the WAN interface is NATed and I think the source-nat is done before the QoS.

Am I wrong??

Christian

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to christian.pinedo

‎07-25-2012 07:15 AM

Hi,

if you set dscp for different networks inbound and policeoutbound  according to these dscp values then it should work as NAT is only replacing the src IP address but not the Tos byte to my best knowledge.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card