Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

2950 Traffic Policing


I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:

class-map match-all ALL-TRAFFIC

match access-group 1


policy-map 10mbs


police 10000000 65536 exceed-action drop


access-list 1 permit any

Here's the interface config:

interface FastEthernet0/24

switchport access vlan 53

load-interval 30

service-policy input 10mbs

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree link-type point-to-point


What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.

I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.


Re: 2950 Traffic Policing

It may not be the policer that is the issue - what happens if you try the transfer without the policer applied ? What sort of rate do you get ?


New Member

Re: 2950 Traffic Policing

Without the policer, I can get between 50 to 60Mb/s transfer rates. If I boost the policer up to 25000000, I can get marginally better results, transferring around 2.5Mb/s.

Re: 2950 Traffic Policing

Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).

Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.



New Member

Re: 2950 Traffic Policing

Actually, I have tried this and I see quite the opposite occurring. I end up being able to push *more* than the 10Mb/s policer rate.

New Member

Re: 2950 Traffic Policing

An Ethereal capture shows with the policer applied, some out-of-order TCP segments, but not a lot. I do see a huge amount of retransmissions and duplicate ACKs, which would account for the slow throughput. However, I wouldn't expect the policer to be limiting at such a low rate, in effect, causing these retransmissions to constantly occur.

I even went so far as to limit the FTP transfer software to only upload at 2.4Mb/s, well under the 10Mb/s limit, but that didn't produce any different results.

CreatePlease to create content