I've applied a simple service policy on a switchport to limit the bandwidth on the port to 2Mb using the following config:
class-map match-any Server_Limit
match access-group 10
!
!
policy-map 2MB_Limit
class Server_Limit
police 2000000 500000 exceed-action drop
!
!
interface FastEthernet0/46
service-policy input 2MB_Limit
!
access-list 10 permit any
!
This does seem to have had some effect as the inbound rate on the interface has dropped from around 6Mb to around 3Mb.
However, I was expecting the bandwidth to be capped at 2Mb and when I issue the show 'policy-map interface' command, i dont see any packets being matched at all:
FastEthernet0/46
Service-policy input: 2MB_Limit
Class-map: Server_Limit (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 10
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Is this because the switch operates primarily at Layer 2? It does filter at Layer 3 and I would expect to see matches, especially when it does seem to be performing some level of throttling.
Also, does anyone have any ideas how to make the throttling more efficient and cap more accurately at 2Mb?