03-22-2007 01:42 PM - edited 03-03-2019 04:16 PM
I want to limit traffic that is comming from a computer connected to port g1/0/12 on a 3750G switch to 2 megabit but I keep getting an error. Please help.
I do this:
access-list 100 permit ip any any
class-map TRAFFIC
match access-group 100
policy-map limit-traffic
class TRAFFIC
police 2000000 1000000 exceed-action drop
int g1/0/12
service-policy output limit-traffic
I get this:
police command is not supported for this interface
Configuration failed!
Warning: Assigning a policy map to the output side of an interface not supported
If I do:
service-policy input limit-traffic
it does not police the traffic and goes way over 2 megabit
Help ?
03-22-2007 03:53 PM
show policy-map interface g1/0/12
GigabitEthernet1/0/12
Service-policy input: limit-traffic
Class-map: TRAFFIC (match-all)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: access-group 100
Class-map: class-default (match-any)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
rate 0 bps
This is what I get if I do INPUT instead of OUTPUT
03-23-2007 12:49 AM
Hi Friend,
Cisco 3750 switches does not support the service-policy output command ans thats why you are getting the error
These outout and input commands may be confusing. it usually depends on the reference point from where you see it.
In your example if you use service-policy input, you are restricting the traffic to the upstream which seems to be ok.
Output would have been more sensible if configured on the upstream device towards your 3750.
HTH, rate if it does
Narayan
03-26-2007 07:08 AM
Ok but the input still does not work. I cannot police this traffic at all. Any help ?
03-26-2007 07:24 AM
Another option would be to use SRR queue on the 3750. It requires quite a bit of configuration but essentially you can mark the traffic with a certain DSCP value. Then attach that DSCP value to a queue (3750's have 4 outbound queues). Then you can shape the traffic per interface by each queue.
More information is below in the attached link.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12235se/scg/swqos.htm#wp1162303
03-26-2007 07:54 AM
What do you see when you issue the foll command
sh policy-map interface g1/0/X
Narayan
03-26-2007 09:02 AM
Here is my config:
Current configuration : 2941 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3750G-Outside
!
!
username xxx privilege 15 password 7 1446425A093C292325263430
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
ip subnet-zero
no ip domain-lookup
!
!
mls qos
!
!
!
!
no file verify auto
!
mac access-list extended mactraffic
permit any any
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
class-map match-any TRAFFIC
match access-group name mactraffic
!
!
policy-map p1
class TRAFFIC
police 2000000 8000 exceed-action drop
trust cos
!
!
interface GigabitEthernet1/0/1
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
description Backup LAN
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
description Backup-LAN
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport mode access
service-policy input p1
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
switchport mode access
ip access-group deny-icmp in
spanning-tree portfast
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
switchport mode access
ip access-group deny-icmp in
spanning-tree portfast
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 1.2.3.4 255.255.255.224
!
ip classless
no ip http server
no ip http secure-server
!
ip access-list standard TELNET_ACCESS
remark Allow telnet to these IPs Only
remark Allow Telnet for these hosts
permit x.x.x.x
!
ip access-list extended deny-icmp
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
deny icmp any any
permit ip any any
ip access-list extended mytraffic
permit ip any any
!
no cdp run
!
control-plane
!
!
line con 0
privilege level 15
password 7 135447430E3407222A2A2F36
logging synchronous
login
line vty 0 4
access-class TELNET_ACCESS in
privilege level 15
password 7 06575F7049760A110419150E
login local
line vty 5 15
password 7 06575F7049760A110419150E
no login
!
end
I even created a MAC ACL and still nothing works.
____________
show policy-map int g1/0/12
GigabitEthernet1/0/12
Service-policy input: p1
Class-map: TRAFFIC (match-any)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: access-group name mactraffic
0 packets, 0 bytes
rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
rate 0 bps
03-28-2007 08:16 AM
I suggest a simpler solution. Implement Storm Control on the workstation port.
Storm control can control bandwidth on unicast, broadcast and multicast packets.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/cr/cli3.htm#wp2278213
Please rate this post if it helps.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide