Thanks Mikhailovsky but when i tried to make rmdirer flash:/c3750e-universalk9-mz.150-2.SE4 an error appear as below

Switch#rmdir flash:/c3750e-universalk9-mz.150-2.SE4

Remove directory filename [c3750e-universalk9-mz.150-2.SE4]?

Delete flash:/c3750e-universalk9-mz.150-2.SE4? [confirm]

%Error Removing dir flash:/c3750e-universalk9-mz.150-2.SE4 (Directory not empty)

regarding to the configurations you will find it as you see.

1- using policy map:

class-map match-all TEST

  match access-group 101

!

policy-map TEST

class TEST

  police 1024000 131072 exceed-action drop

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

under the interface:

service-policy input TEST

2- using rate limit:

same access list

under interface

rate-limit input access-group 101 1048000 131072 147072 conform-action transmit exceed-action drop

rate-limit input access-group 101 1048000 131072 147072 conform-action transmit exceed-action drop

3- Traffic Shape under interface:

traffic-shape group 101 1024000 131072 147072

4- Normal Command under inteface

bandwidth 1024.

Ayman,

How are you testing to find out that the configuration above is useless?

Dear John,

     I enabled STG monitoring on the Switch then i initiate a high ping pancket destinated to another interface Vlan50  with IP 83.101.149.57 sourced from my PC 10.10.10.10

interface g1/0/2

ip address 10.10.10.1 255.255.255.0

service-policy input TEST

interface Vlan50

ip address 83.101.149.57 255.255.255.0

then monitor the Traffic on the link although i policed it by 1M it pass 2M.

If you do 'show policy-map' and can you clear the results and then try another test, and past the 'show policy-map' results here for this specific policy?

And just to make sure, you configured a bandwidth of 1024 on his GigabitEthernet1/0/2 interface?

Also, you are only policing inbound and not outbound. So it should be policd to that amount at this port, but outbound traffic will not be policied.

Also can you clear the ACL counters, and paste the results of the 'show access-list' for that specific access list 101 I believe.

thanks for your note regarding to inpount and outbound but they are the same and the limitation didn't apply .

i again tried it and again failed as you ca see from the results it reaches 3 M:

Switch#sh policy-map

  Policy Map TEST

    Class TEST

      police 1024000 131072 exceed-action drop

Switch#sh acce

Switch#sh access-lists

Extended IP access list 101

    10 permit ip 10.10.10.0 0.0.0.255 any

Switch#

This looks like it is taken in 5 minute intervals. Can you clear all counters/stats on the switch, and then run another test, post the results from 'show policy-map , and 'show int as well?

ok i did as below

Switch#clear access-list counters

Switch#

Switch#clear counters            

Clear "show interface" counters on all interfaces [confirm]

Switch#

then make the test and got the same results as pic.

then make the Show you asked for.

Switch#sh policy-map TEST        

  Policy Map TEST

    Class TEST

      police 1024000 131072 exceed-action drop

Switch#

interface GigabitEthernet1/0/2

no switchport

ip address 10.10.10.1 255.255.255.0

service-policy input TEST

end

Switch#

Switch#sh access-lists

Extended IP access list 101

    10 permit ip 10.10.10.0 0.0.0.255 any

Switch#

Switch#sh policy-map

Switch#sh policy-map

  Policy Map TEST

    Class TEST

      police 1024000 131072 exceed-action drop

Switch#sh int g1/0/2

GigabitEthernet1/0/2 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is f872.ea57.45c5 (bia f872.ea57.45c5)

  Internet address is 10.10.10.1/24

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters 00:03:02

  Input queue: 11/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 1804000 bits/sec, 181 packets/sec

  5 minute output rate 1740000 bits/sec, 159 packets/sec

     30442 packets input, 39463480 bytes, 0 no buffer

     Received 328 broadcasts (0 IP multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 21 multicast, 0 pause input

     0 input packets with dribble condition detected

     26878 packets output, 38555350 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

Switch#sh run int g1/0/2

If you ook at the below values

5 minute input rate 1804000 bits/sec, 181 packets/sec

5 minute output rate 1740000 bits/sec, 159 packets/sec

Input - 1804000/8 = 225500 bytes = 0.215 Mbps

Output - 1740000 = 217500 bytes = 0.207 Mbps.

This is in a 5 minute sliding window.

Hello

For vlan based mls qos try this:

Class-map TEST
Match input interface gig1/0/2
Match access-group 101

interface g1/0/2
Mls qos vlan-based

interface Vlan50
Load interval 30
service-policy input TEST


Tes
Paul


Sent from Cisco Technical Support iPad App