Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Rate limit: Police bandwidth

Hi friends

I have some questions:

equipment: 7609

IOS: s72033-pk9sv-mz.122-18.SXD7.bin

i need create one police with 4200000000, but the police only support 4000000000.

Router(config-pmap-c)# police ?

<32000-4000000000> Bits per second

aggregate Choose aggregate policer for current class

flow police each flow

how can i limit 4.2 Giga, any idea?

do you know a good reference aboute it?



Re: Rate limit: Police bandwidth


as the IOS already states: you can not.

But do the 5% difference matter so much to you?

Regards, Martin

New Member

Re: Rate limit: Police bandwidth


Yes, the 5% is very inportant, the equipment belongs to a ISP.

you have some idea of how I can solve it?

thank in advance.


Re: Rate limit: Police bandwidth

Hi there,

If this were me, then I would create 2 class maps and match the traffic you have 50/50. Then in the policy map have 2 x 2.1 gig throughputs.

You could even have the class maps the same so they match the same traffic, then have a throughput of 2.1 gig (or even 4 gig) and then if the policy is exceeded, move to the next line which gives you the rest that you need.

Please rate if this helps!


New Member

Re: Rate limit: Police bandwidth

I proved in laboratory this:

class-map match-any 1_any

match access-group 125

class-map match-any 2_any2

match access-group 125


policy-map 1_in

class 1_any

police 4000000000 31250000 31250000 conform-action transmit exceed-action transmit

class 2_any2

police 200000 6250 6250 conform-action transmit exceed-action drop


access-list 125 permit ip any any

the traffics is processed by class 1_any only and it never passes to class 2_any2.

The solution does not work. you have any idea?

Thanks in any case.

Re: Rate limit: Police bandwidth

Hi there,

It seems a bit trickier than I thought!

I've not got a router near me, but have a go with a 2 rate policer. Here you have CIR and PIR. You can send at the PIR rate - which is higher than the CIR rate. Have a look at this link for some config tips:

Next, I would have a go at marking the access-list 125 traffic on ingress with a qos value currently not in use (e.g af11) using shaping for the first 4gig. Then in the 1st map class - match the af11 traffic. Then on the second, match the rest of the traffic that was no marked using the access-list.

Let me know !


CreatePlease to create content