12-12-2012 02:04 AM - edited 03-07-2019 10:33 AM
Guys,
dont seem to be able to get policing working inbound on a port 3750X v 15.0(2)
Config is below:
ip access-list extended SMB
permit tcp host 192.168.1.14 host 172.16.1.30
permit tcp host 192.168.1.14 host 172.16.1.31
class-map match-any SMB
match access-group name SMB
policy-map POLICE-SMB
class SMB
police 1000000 8000 exceed-action drop
interface GigabitEthernet1/0/16
service-policy input POLICE-SMB
192.168.1.14 - connected to the port
172.16.1.30 and 31 - destination servers across WAN
Anything wrong with the above
sh policy map interface - shows nothing matching at all and transfere rate of 10Mbps not being policed.
Cheers
Solved! Go to Solution.
12-13-2012 07:22 AM
Hi,
Thanks for the information supplied.
Will you please refrain from using the "show policy-map interface" command as according to the Cisco docs excerpt (for Cat3750X & 15.0(2)IOS):
Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Configuration Guide)
Note Though visible in the command-line help string, the control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Command Reference)
Best regards,
Antonin
12-13-2012 12:54 AM
Hi,
Have you enabled QoS globally via the "mls qos" command?
Best regards,
Antonin
12-13-2012 01:20 AM
SW01#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
Hi
Yes - its enabled globally.
Cheers
12-13-2012 01:26 AM
GigabitEthernet2/0/17
Service-policy input: POLICE-SMB
Class-map: SMB (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name SMB
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Dont see anything change in the "show policy-map int" command output.
12-13-2012 07:22 AM
Hi,
Thanks for the information supplied.
Will you please refrain from using the "show policy-map interface" command as according to the Cisco docs excerpt (for Cat3750X & 15.0(2)IOS):
Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Configuration Guide)
Note Though visible in the command-line help string, the control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Command Reference)
Best regards,
Antonin
12-13-2012 02:18 PM
Hi,
Further to my previous post I would like to let you know that I have set up the scenario in my lab using your configuration and it works perfectly OK. While indeed "show policy-map interface" command output shows just zero counts as in your post the "sh mls qos interface Gi1/0/16 statistics" output displays correct numbers for the policer for both InProfile and OutProfile counts (corresponding the policing parameters configured).
Best regards,
Antonin
12-13-2012 02:28 PM
Cheers for the info Antonin.
below is the interface - so yes it looks like its working:
GigabitEthernet1/0/9 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 311655693 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 478116148 0 42 0 6
5 - 9 : 0 0 0 69138759 0
10 - 14 : 5534 0 0 0 0
15 - 19 : 0 6645267 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 20983 0 1 0
30 - 34 : 434 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 68054 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 0 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 582153387 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 494011469 69112310 0 0 0
5 - 7 : 0 0 88092
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 4 0 0
queue 1: 196250618 163235 304665
queue 2: 0 0 0
queue 3: 0 0 366584251
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 23559 0 0
queue 2: 0 0 0
queue 3: 0 0 1858
Policer: Inprofile: 4714038 OutofProfile: 514707
Thanks for yout time and links etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide