cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
966
Views
0
Helpful
5
Replies

rate-limit on 3750 dosnt work

alex-zaytsev
Level 1
Level 1

i've 3750 with Version 12.2(25)SE IOS.

I want to limit the rate on routed interface Gi0/0/1 but its dosnt work. Whats the problem? May be I need add more global commands or options?

My conf:

GigabitEthernet1/0/3 ADAMANT

Input

matches: all traffic

params: 512000 bps, 128000 limit, 128000 extended limit

conformed 755 packets, 120486 bytes; action: continue

exceeded 0 packets, 0 bytes; action: drop

last packet: 84042419ms ago, current burst: 120 bytes

last cleared 23:31:42 ago, conformed 11 bps, exceeded 0 bps

Output

matches: all traffic

params: 1024000 bps, 128000 limit, 128000 extended limit

conformed 0 packets, 0 bytes; action: continue

exceeded 0 packets, 0 bytes; action: drop

last packet: 93004480ms ago, current burst: 0 bytes

last cleared 23:31:42 ago, conformed 0 bps, exceeded 0 bps

interface GigabitEthernet1/0/3

description ADAMANT

no switchport

ip address 1.1.1.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

rate-limit input 512000 128000 128000 conform-action continue exceed-action drop

rate-limit output 1024000 128000 128000 conform-action continue exceed-action drop

no cdp enable

IP fast switching is enabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF, Flow Cache

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Probe proxy name replies are disabled

Policy routing is disabled

Network address translation is disabled

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

BGP Policy Mapping is disabled

Input features: Ingress-NetFlow, CAR

Output features: Post-Ingress-NetFlow, CAR

Post encapsulation features: CAR

5 Replies 5

pflunkert
Level 4
Level 4

Hi Alex,

pleas try the following configuration:

mls qos

!

class-map match-all Traffic_incoming

match access-group 1

!

policy-map Traffic

class Traffic_incoming

police 1000000 10000 exceed-action drop

!

interface Gi1/0/3

service-policy input Traffic

!

access-list 1 permit 10.1.0.0 0.0.255.255

access-list 1 permit 192.168.20.0 0.0.0.255

As i remember you can't configure this on a routed interface, but i'am not sure!

But why you don't use vlans???

I hope my impression will help you.

Regards

Peter

This solutions not for me.

Ports on 3750 used by BGP-users, VLAN unsupported.

And I neet shape all traffic: incoming and outgoing. Command rate-limit is very suitable for me. But i dont understand why packets isnt accounted.

GigabitEthernet1/0/3 ADAMANT

Input

matches: all traffic

params: 512000 bps, 128000 limit, 128000 extended limit

conformed 0 packets, 0 bytes; action: continue

exceeded 0 packets, 0 bytes; action: drop

last packet: 97601052ms ago, current burst: 120 bytes

last cleared 03:18:54 ago, conformed 0 bps, exceeded 0 bps

Output

matches: all traffic

params: 1024000 bps, 128000 limit, 128000 extended limit

conformed 0 packets, 0 bytes; action: continue

exceeded 0 packets, 0 bytes; action: drop

last packet: 106563113ms ago, current burst: 0 bytes

last cleared 03:18:54 ago, conformed 0 bps, exceeded 0 bps

Thats because rate-limit is not supported in 3750. CLI might take the commands but it will not work. You will need to use policing as suggested in the earlier reply.

The Policy dosnt work. Look at my config, pls.

! Inbound interface from the net. I want to shape traffic for my client from Internet.

class-map match-all mist-limit-out

match access-group 104

! Inbound interface from user.

class-map match-all mist-limit-in

match access-group 111

!

!

policy-map mist-out

class mist-limit-out

police 512000 64000 exceed-action drop

!

policy-map mist-in

class mist-limit-in

police 512000 64000 exceed-action drop

!

access-list 111 permit ip any any

access-list 104 permit ip 1.1.1.0 0.0.0.255 any

access-list 104 permit ip 2.2.2.2 0.0.1.255 any

!

interface GigabitEthernet1/0/4

description My_User

service-policy input mist-in

!

interface GigabitEthernet1/0/24

description Internet

service-policy input mist-out

!

cat3750#sh int gi1/0/4

GigabitEthernet1/0/4 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet, address is 0013.1a97.83c4 (bia 0013.1a97.83c4)

Description: MIST

Internet address is 1.5.3.6/30

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 40/255, rxload 9/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 10Mb/s, media type is 10/100/1000BaseTX

Media-type configured as connector

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:11, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

30 second input rate 363000 bits/sec, 307 packets/sec

30 second output rate 1588000 bits/sec, 305 packets/sec

65767380 packets input, 2840565637 bytes, 0 no buffer

Received 5903 broadcasts (0 IP multicast)

0 runts, 9 giants, 0 throttles

9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 1164 multicast, 0 pause input

0 input packets with dribble condition detected

68456655 packets output, 2350244423 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

Hi,

first i missed the "mls qos" command, but i assume that you only forgot to wrote it here ;-))

Try the configuration with a any any acl. Only to the traffic you specify, the rate limit will works.

Regards

Peter