I am trying to limit traffic entering and leaving a L3 int on my 4500 using the following config but it appears to do nothing..
class-map match-all test match access-group 100
policy-map limit-traffic class test police 400000 1000 exceed drop
int gi 3/1 service-policy input limit-traffic service-policy output limit-traffic
access-list 100 permit tcp host 10.0.0.1 any eq ftp-data access-list 100 permit tcp any eq ftp-data host 10.0.0.1
It sometimes shows me a match on the show policy-map int.. but nothing ever on the conform or drop -- no matter how much traffic I generate or what I set the limit to.. my ftp's whizz through at full speed.
I even set the ACL to permit ip any any and the behaviour was the same..
Thought I was maybe missing a global 'MLS qos' style command or an interface traffic-shapping - but no.
Any ideas anyone??