cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2521
Views
0
Helpful
4
Replies

Rate-limit questions

Safar Safarov
Level 1
Level 1

Hello,

recently we replaced Cisco 2821 ISR w/Etherswitch module with Cisco 2921 and Cisco Catalyst 3560-X.

In previous configuration on Cisco 2821 ISR w/Etherswitch I had the following config to limit traffic to 2 Mbps:

!

policy-map 2Mbps

class class-default

    police 2000000 375000 750000 conform-action transmit  exceed-action drop  violate-action drop

!

!

interface FastEthernet1/5

switchport access vlan 204

!

!

interface Vlan204

ip address a.b.c.d x.x.x.y

service-policy input 2Mbps

service-policy output 2Mbps

!

That config worked for me great, but after replacement I cannot specify max-burst on Cisco Catalyst 3560-X and further more apply service policy to the interface:

!

policy-map 2Mbps

class class-default

  police 2000000 375000 exceed-action drop

!

!

interface GigabitEthernet0/5

switchport access vlan 204

switchport mode access

!

When I try to apply "service-policy input 2Mbps" I get the following error:

%QoS: policy-map with police action at parent level not supported on Vlan204 interface.

Okay that's clear... I tried to create a child policy and apply it. This time successfully, but... rate limiting didn't occured, even with service-policy applied, and also when I tried to apply "service-policy output 2Mbps" I got the following error:

police command is not supported for this interface

Configuration failed!

Ok. Then I thought to do it in other way:

!

interface Vlan204

ip address a.b.c.d x.x.x.y

rate-limit input 2000000 375000 750000 conform-action transmit exceed-action drop

rate-limit output 2000000 375000 750000 conform-action transmit exceed-action drop

!

Applied but... Again rate limiting is not working.

Below is "sh int vlan 204 rate-limit"

Vlan204

  Input

    matches: all traffic

      params:  2000000 bps, 375000 limit, 750000 extended limit

      conformed 0 packets, 0 bytes; action: transmit

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 1284690ms ago, current burst: 0 bytes

      last cleared 00:20:15 ago, conformed 0 bps, exceeded 0 bps

  Output

    matches: all traffic

      params:  2000000 bps, 375000 limit, 750000 extended limit

      conformed 1 packets, 54 bytes; action: transmit

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 1154692ms ago, current burst: 0 bytes

      last cleared 00:20:15 ago, conformed 0 bps, exceeded 0 bps

I cannot understand. That worked for me great on my etherswitch but doesn't on 3560-X.

Any help is appreciated.

1 Accepted Solution

Accepted Solutions

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

3560-X isn't an Etherswitch within an ISR.  The 3560-X has less features so it can offer wire rate performance, including its optional 10 gig ports.  The 3560-X does offer policers which can be attached to ports and/or your VLANs, athough they might only support ingress policing.  The child-policy it refers to needing, when you tried attaching to the VLAN interface, is a policy attached to the port(s), I believe.  Additional details can be found in your reference and usage guides for the IOS version you're running on your 3560-X.

View solution in original post

4 Replies 4

Nandan Mathure
Level 1
Level 1

You need to have a command "mls qos vlan-based" under all the ports/interfaces which are part of the VLAN where qos policy is be applied.

E.G If interfaces Fa0/1 - 10 are under vlan 204 then

int range fa0/1 - 10

mls qos vlan-based

Let me know is this helped.

Thanks for your reply. However didn't work.

I need a solution to limit ingress/egress traffic on VLAN interfaces.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

3560-X isn't an Etherswitch within an ISR.  The 3560-X has less features so it can offer wire rate performance, including its optional 10 gig ports.  The 3560-X does offer policers which can be attached to ports and/or your VLANs, athough they might only support ingress policing.  The child-policy it refers to needing, when you tried attaching to the VLAN interface, is a policy attached to the port(s), I believe.  Additional details can be found in your reference and usage guides for the IOS version you're running on your 3560-X.

Joseph,

you're great as always. I already understood that it's not the same. Now I need to find a solution. If you have really smth that may help me to configure what I need, then post it please. If it can help, IOS version is c3560e-universalk9-mz.122-58.SE2.bin, license is ipbase.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: