05-09-2005 05:01 AM - edited 03-05-2019 11:32 AM
I have a 1-port VLAN that I wish to regulate the data rate on. So far, this is what I have:
-1 Permit-All ACL that is always on attached to the inbound and outbound of the VLAN (not the port)
-1 class matching on that ACL
-1 Aggregate policer configured at 8kbps with 8kb burst (set to min for testing; this is not the desired rate) with the exceed action set to drop
-1 policy with that class in it
When testing throughput, I am still getting data through at much higher rates. Is there an explanation for this or am I missing something in my configuration.
Thanks in advance!
05-09-2005 08:43 AM
Hello,
can you post your configuration ?
Regards,
GP
05-10-2005 04:44 AM
I posted once before but it doesn't appear to have made it. I had to trim out some of the "vanilla" ports to meet max-char posting requirements. In the config, each VLAN is, of course, a different net:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname xxxxxxxx
!
enable password xxxxxxxx
!
clock timezone EST 0
ip subnet-zero
ip routing
!
mls qos aggregate-policer 1MBRate 8000 8000 exceed-action drop
!
class-map match-all Tenant-41-Class
match access-group name Tenant-41-ACL
!
!
policy-map Tenant-41-1MB-Rate
class Tenant-41-Class
police aggregate 1MBRate
trust ip-precedence
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
!
interface FastEthernet1/0/1
description xxxxxxxx
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/2
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface FastEthernet1/0/3
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/4
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/13
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/14
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/15
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/16
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/40
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/41
switchport access vlan 41
switchport trunk encapsulation dot1q
switchport trunk native vlan 41
switchport mode access
no ip address
service-policy input Tenant-41-1MB-Rate
no mdix auto
!
interface FastEthernet1/0/42
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/43
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/44
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/45
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/46
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/47
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/48
no ip address
no mdix auto
spanning-tree portfast
!
interface GigabitEthernet1/0/1
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/2
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/3
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/4
no ip address
!
interface Vlan1
ip address 172.xxx.xxx.xxx 255.255.255.0
!
interface Vlan2
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan3
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan4
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan5
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan41
ip address 172.xxx.xxx.xxx 255.255.255.0
ip access-group Tenant-41-ACL in
ip access-group Tenant-41-ACL out
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.xxx.xxx.xxx
ip http server
!
ip access-list standard Tenant-41-ACL
permit any
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
time-range AllTime
periodic daily 0:00 to 23:59
!
end
05-09-2005 10:13 PM
What's the direction of your throughput test? Inbound or outbound of that VLAN?
What's the direction of your service-policy on the port or VLAN? Input or output?
Make sure they match or your test won't be valid.
05-10-2005 04:07 AM
The policy is on the VLAN, inbound and outbound.
My throughput test was outbound.
Thanks for your input!
05-10-2005 07:07 PM
interface FastEthernet1/0/41
switchport access vlan 41
switchport trunk encapsulation dot1q
switchport trunk native vlan 41
switchport mode access
no ip address
service-policy input Tenant-41-1MB-Rate
no mdix auto
You're doing an inbound service-policy so that all traffic coming into the port f1/0/41 will be policed.
So what about your throughput test? Is the "stress" coming into the port f1/0/41 or out of this port?
05-11-2005 04:22 AM
Sorry - I did forget to remove the policy from the actual interface. My intent was for the policy to only be applied to the VLAN. Instead, it appears to be attached to inbound and outbound on VLAN 41 and also inbound on the actual interface.
The stress was only tested outbound as that is the only portion i want to rate-limit for now.
05-11-2005 06:08 PM
But there is no "service-policy" configurations in the Interface VLAN41.
So can you post your most updated configuration? Just want to make sure that you're applying the rate-limit to the correct direction.
05-12-2005 05:10 AM
Thanks for taking a look. No changes except I removed the service-policy from interface 41.
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname xxxxxxxx
!
enable password xxxxxxxx
!
clock timezone EST 0
ip subnet-zero
ip routing
!
mls qos aggregate-policer 1MBRate 8000 8000 exceed-action drop
!
class-map match-all Tenant-41-Class
match access-group name Tenant-41-ACL
!
!
policy-map Tenant-41-1MB-Rate
class Tenant-41-Class
police aggregate 1MBRate
trust ip-precedence
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
!
interface FastEthernet1/0/1
description xxxxxxxx
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/2
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface FastEthernet1/0/3
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/4
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/13
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/14
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/15
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/16
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/40
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/41
switchport access vlan 41
switchport trunk encapsulation dot1q
switchport trunk native vlan 41
switchport mode access
no ip address
no mdix auto
!
interface FastEthernet1/0/42
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/43
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/44
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/45
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/46
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/47
no ip address
no mdix auto
spanning-tree portfast
!
interface FastEthernet1/0/48
no ip address
no mdix auto
spanning-tree portfast
!
interface GigabitEthernet1/0/1
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/2
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/3
description xxxxxxxx
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/4
no ip address
!
interface Vlan1
ip address 172.xxx.xxx.xxx 255.255.255.0
!
interface Vlan2
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan3
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan4
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan5
ip address 172.xxx.xxx.xxx 255.255.255.0
ip helper-address 172.xxx.xxx.xxx
!
interface Vlan41
ip address 172.xxx.xxx.xxx 255.255.255.0
ip access-group Tenant-41-ACL in
ip access-group Tenant-41-ACL out
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.xxx.xxx.xxx
ip http server
!
ip access-list standard Tenant-41-ACL
permit any
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
time-range AllTime
periodic daily 0:00 to 23:59
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide