Hi

If you are already having policies applied onto the egress interface then you can better opt for one more class permitting the access to the particular syslog server.

You can do the same by using ACL permitting the traffic destined to your syslog server.

Configure a separate class map for this new requirement and policy allocation.

Once the same is done configure the bandwidth required to be allocated for that particular class under the newly created class map.

Or else you can do a class based policing using police commands under the class map.

If you dont want to make use of the existing policies or modify them then you can look out for ACL based CAR(rate-limit) feature which you can apply onto your egress interface allocating the minimum bandwidth which it can make use of..

you can refer the following links for more info..

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080760d90.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00804a27c4.html

regds

My existing policy is as follows

class-map match-all voip

match ip precedence 5

class-map match-all signalling

match ip precedence 3

policy-map VOIP

class voip

priority 1024

class signalling

priority 200

class class-default

fair-queue

So if add one more class to that as

Class-map match-all logserver

match access-group 111

class log server

police 16000 conform-action transmit exceed-action drop

access-list 111 permit ip any host 172.20.36.9

int fa 0/0

service policy output VOIP

Will it work

Most of the police config examples were applied inbound and hence i was a bit confused

Thanks

If this is applied to the outbound interface on all the routers that are remote to the site that has address 172.20.36.9 it will work.

Policing is normally applied inbound to avoid the traffic even entering the data path. In your case it make little difference if you were to apply it inbound on the ethernet port at all the remote location. Just depends which is easier since on some routers you could have 1 input interface and 100 output ones.

I am confused by this last response.

The second example you give is almost exactly what he proposed. You don't need to configure the excess burst action unless you plan to do something different than the commited burst.

The first option you propose using "priority" does not work in a MPLS environment. This Guarentees bandwidth not limits it. There is a policer built into the priority command but it only take effect during contention.

Look at this link and see the section discussing use of excessive bandwidth.

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080103eae.shtml

His problem is he is saturating the link at the server location. Say all the remote sites are running at 90% utilization and all they are doing is sending to this server. The priority statement will have no limiting effect and all the remote sites will overload the sever's link.

If i just give Bc in Police & dont specify Be, how will it police the excess burst.

Doesnt Priority command have inbuilt Policer, which would police any excess traffic beyond the assigned priority rate.

Those fields are really called burst normal and burst-max. It really only uses both if you are using the violate-action. If your exceed action is drop them it should never see the second one even if you were to configure it.

Yes the Priority command has a built in policer but it is only active in times of conjestion. If there is no conjestion there is no limit. Read the link in my previous post