Setting up policer using IOS

Discussion in 'Cisco' started by rbn, Jul 19, 2005.

  1. rbn

    rbn Guest

    Hello there,

    I'm a newbie in the cisco IOS area and have a question about setting up
    a policer on a 24-ported Catalyst 3750 Switch using CLI.

    I'd like to allow all traffic on port 23 up to a certain rate (say
    500000 bps) using a certain level (say 20000 bytes) after which the
    packets should be dropped. I tried the following:

    enable
    configure terminal
    policy-map policy1
    class class-default
    police 500000 20000 exceed-action drop
    exit
    configure
    interface GigabitEthernet1/0/23
    service-policy input policy1
    end

    But this doesn't seem to work. Any ideas?

    Thx.
    René Bøje Nielsen
    rbn, Jul 19, 2005
    #1
    1. Advertising

  2. rbn

    David West Guest

    Policing only works on ingress traffic, so you can only police traffic
    coming INTO that port. A (semi-crude but effective) way to do it is to
    use the storm-control command like this:

    storm-control unicast level bps 500000

    which drop all unicast traffic over the bps rate you specify. Note that
    this will not affect broadcast or multicast.

    Check out

    http://www.cisco.com/en/US/products...erence_chapter09186a0080395b62.html#wp2278213

    -DW

    rbn wrote:
    > Hello there,
    >
    > I'm a newbie in the cisco IOS area and have a question about setting up
    > a policer on a 24-ported Catalyst 3750 Switch using CLI.
    >
    > I'd like to allow all traffic on port 23 up to a certain rate (say
    > 500000 bps) using a certain level (say 20000 bytes) after which the
    > packets should be dropped. I tried the following:
    >
    > enable
    > configure terminal
    > policy-map policy1
    > class class-default
    > police 500000 20000 exceed-action drop
    > exit
    > configure
    > interface GigabitEthernet1/0/23
    > service-policy input policy1
    > end
    >
    > But this doesn't seem to work. Any ideas?
    >
    > Thx.
    > René Bøje Nielsen
    >
    David West, Jul 19, 2005
    #2
    1. Advertising

  3. rbn

    rbn Guest

    Thanks for the reply.

    When I said "all traffic", I really meant "all ingress traffic no
    matter its type", so I guess I really need the policer, since it's the
    ingress traffic on the port I wish to limit, not the egress.

    I have gigabit NICs connected to two ports and when I try to send
    traffic (loads of traffic) into the policed port, I would expect a
    decrease in traffic rate when using the code mentioned above, but that
    doesn't happen. The rate is the same (high) whether or not the policer
    is enabled.

    Also, if I do a "show policy-map interface" I can see the input policy
    on port 23, but the "5 minute offered rate" shows 0 bps and no drops.

    I'm still puzzled.

    /René
    rbn, Jul 19, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Evan Mann

    IOS to IOS VPN Problem

    Evan Mann, Feb 11, 2004, in forum: Cisco
    Replies:
    0
    Views:
    1,227
    Evan Mann
    Feb 11, 2004
  2. rbn

    Policer configuration

    rbn, Jul 22, 2005, in forum: Cisco
    Replies:
    1
    Views:
    554
  3. Harv
    Replies:
    4
    Views:
    7,285
  4. SW

    Catalyst IOS policer

    SW, Mar 2, 2007, in forum: Cisco
    Replies:
    3
    Views:
    449
    response3
    Mar 21, 2007
  5. Mike Rahl
    Replies:
    1
    Views:
    1,227
    Trendkill
    May 30, 2007
Loading...

Share This Page