Re: service-policy input or output - Page 2

shaun.white · ‎02-23-2007

I have a 3750 switch, with 150MB internet coming into g1/0/1...i have 15 ports g1/0/2-15 that go out to customers, i want to put a policier on the ports to hold them at 10MB, my question is should i do a service-policy input or output here?

i want to limit them to 10MB download...would that be input since its coming IN from the internet, or is Input in from the switch port??

TIA

Danilo Dy · ‎02-26-2007

Oh yes, the ACL is the other way round. I was copying my config for upload :)

Revised example;

Customer1 Network = 192.168.1.0/24

Customer2 Network = 192.168.2.0/24

.

Customer14 Network = 192.168.14.0/24

!

mls qos

mls qos aggregate-policer DL_10.0M 10000000 64000 exceed-action drop

!

class-map match-all Customer1

match access-group 2101

class-map match-all Customer2

match access-group 2102

.

class-map match-all Customer14

match access-group 2114

!

policy-map DOWNLOAD

class Customer1

police aggregate DL_10.0M

class Customer2

police aggregate DL_10.0M

.

class Customer14

police aggregate DL_10.0M

!

interface gigabitethernet1/0/1

service-policy input DOWNLOAD

!

access-list 2101 remark Customer1

access-list 2101 permit ip any 192.168.1.0 0.0.0.255

access-list 2102 remark Customer2

access-list 2102 permit ip any 192.168.2.0 0.0.0.255

.

access-list 2114 remark Customer14

access-list 2114 permit ip any 192.168.14.0 0.0.0.255

NOTE: All subnet/networks should be in policy.

shaun.white · ‎02-26-2007

So i tried this in my lab...i did the following:

mls qos

mls qos aggregate-policer DL_10.0M 10000000 64000 exceed-action drop

class-map match-all Customer1

match access-group 2101

access-list 2101 remark Customer1

access-list 2101 permit ip any 192.168.13.0 0.0.0.255

policy-map DOWNLOAD

class Customer1

police aggregate DL_10.0M

int f0/23

service-policy input DOWNLOAD

then i tried to do a windows file transfer from a file server on a different subnet to simulate a large download...i was trying to download a 60MB ISO...the windows transfer wouldnt even start, it just hung...i deapplied the policy an it worked...

Any one have any ideas here??? TIA

Danilo Dy · ‎02-26-2007

You put 192.168.13.0/24 in the policy and you test another subnet to download? Do you have other policy in the switch, please remove them for the test.

Take note that 192.168.13.0/24 should be in the switch port other than f0/23. The other subnet should be in f0/23. For this test, you should not have any other Qos policy and you should have only two networks 192.168.13.0/24 and the other network which is connected to fa0/23 where you put the "service-policy input DOWNLOAD"

shaun.white · ‎02-26-2007

there are no QoS policies on my box other then what i have posted...f0/23 is a trunk from my dist switch to my core, the 192.168.13.0 subnet is on the dist switch, the 192.168.1.0 subnet (the "other" subnet) is on the core switch....