Can anyone recommend the best way to do traffic policing at layer 2? We have several models of switches, 450x 650x, 3500, 3400 and would like a method that is the same on all platforms.
On the 45/65xx's I use a vlan interface such as:
interface Vlan1234 bandwidth 10000 service-policy input 10MB
where the service policy is a policy map named 10MB, with a policer, which matches an access list, and the access list says permit ip any any. (problem is we arent using any layer 3)
the above method doesn't work on 3500's so on those I use:
mac access-list extended catch_all permit any any
class-map match-all Got-all match access-group name catch_all
policy-map 2MB class Got-all police 3000000 16384 exceed-action drop
interface fa0/5 service-policy input 2MB
which doesn't work on the 4500+
I know they work as I can do load testing on the ports. cisco don't seem to have a recommended way of doing this, does anyone have a preferred method?