Setting up policer using IOS

- R
- rbn
  
  Contact options for registered users
posted
18 years ago

Tue, Jul 19, 2005 9:45 AM

Hello there,

I'm a newbie in the cisco IOS area and have a question about setting up a policer on a 24-ported Catalyst 3750 Switch using CLI.

I'd like to allow all traffic on port 23 up to a certain rate (say

500000 bps) using a certain level (say 20000 bytes) after which the packets should be dropped. I tried the following:

enable configure terminal policy-map policy1 class class-default police 500000 20000 exceed-action drop exit configure interface GigabitEthernet1/0/23 service-policy input policy1 end

But this doesn't seem to work. Any ideas?

Thx. René Bøje Nielsen

- R
- rbn
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Jul 19, 2005 10:59 AM

Thanks for the reply.

When I said "all traffic", I really meant "all ingress traffic no matter its type", so I guess I really need the policer, since it's the ingress traffic on the port I wish to limit, not the egress.

I have gigabit NICs connected to two ports and when I try to send traffic (loads of traffic) into the policed port, I would expect a decrease in traffic rate when using the code mentioned above, but that doesn't happen. The rate is the same (high) whether or not the policer is enabled.

Also, if I do a "show policy-map interface" I can see the input policy on port 23, but the "5 minute offered rate" shows 0 bps and no drops.

I'm still puzzled.

/René

- D
- David West
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Jul 19, 2005 1:38 PM

Policing only works on ingress traffic, so you can only police traffic coming INTO that port. A (semi-crude but effective) way to do it is to use the storm-control command like this:

storm-control unicast level bps 500000

which drop all unicast traffic over the bps rate you specify. Note that this will not affect broadcast or multicast.

Check out

formatting link

-DW

rbn wrote: