Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1416
Views
0
Helpful
6
Replies

3750x inbound port policing

Go to solution
robert.d.gandy
Level 1
Level 1

‎12-12-2012 02:04 AM - edited ‎03-07-2019 10:33 AM

Guys,

dont seem to be able to get policing working inbound on a port 3750X v 15.0(2)

Config is below:

ip access-list extended SMB

permit tcp host 192.168.1.14 host 172.16.1.30

permit tcp host 192.168.1.14 host 172.16.1.31

class-map match-any SMB

match access-group name SMB

policy-map POLICE-SMB

class SMB

police 1000000 8000 exceed-action drop

interface GigabitEthernet1/0/16

service-policy input POLICE-SMB

192.168.1.14 - connected to the port

172.16.1.30 and 31 - destination servers across WAN

Anything wrong with the above

sh policy map interface - shows nothing matching at all and transfere rate of 10Mbps not being policed.

Cheers

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
amikat
Level 7
Level 7
In response to robert.d.gandy

‎12-13-2012 07:22 AM

Hi,

Thanks for the information supplied.

Will you please refrain from using the "show policy-map interface" command as according to the Cisco docs excerpt (for Cat3750X & 15.0(2)IOS):

Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Configuration Guide)

Note Though visible in the command-line help string, the control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Command Reference)

Best regards,

Antonin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
amikat
Level 7
Level 7

‎12-13-2012 12:54 AM

Hi,

Have you enabled QoS globally via the "mls qos" command?

Best regards,

Antonin

0 Helpful

Go to solution
robert.d.gandy
Level 1
Level 1
In response to amikat

‎12-13-2012 01:20 AM

SW01#sh mls qos

QoS is enabled

QoS ip packet dscp rewrite is enabled

Hi

Yes - its enabled globally.

Cheers

0 Helpful

Go to solution
robert.d.gandy
Level 1
Level 1
In response to amikat

‎12-13-2012 01:26 AM

GigabitEthernet2/0/17

  Service-policy input: POLICE-SMB

    Class-map: SMB (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: access-group name SMB

        0 packets, 0 bytes

        5 minute rate 0 bps

    Class-map: class-default (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: any

        0 packets, 0 bytes

        5 minute rate 0 bps

Dont see anything change in the "show policy-map int" command output.

0 Helpful

Go to solution
amikat
Level 7
Level 7
In response to robert.d.gandy

‎12-13-2012 07:22 AM

Hi,

Thanks for the information supplied.

Will you please refrain from using the "show policy-map interface" command as according to the Cisco docs excerpt (for Cat3750X & 15.0(2)IOS):

Note Do not use the show policy-map interface privileged EXEC command to display classification information for incoming traffic. The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Configuration Guide)

Note Though visible in the command-line help string, the control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored.(Command Reference)

Best regards,

Antonin

0 Helpful

Go to solution
amikat
Level 7
Level 7

‎12-13-2012 02:18 PM

Hi,

Further to my previous post I would like to let you know that I have set up the scenario in my lab using your configuration and it works perfectly OK. While indeed "show policy-map interface" command output shows just zero counts as in your post the "sh mls qos interface Gi1/0/16 statistics" output displays correct numbers for the policer for both InProfile and OutProfile counts (corresponding the policing parameters configured).

Best regards,

Antonin

0 Helpful

Go to solution
robert.d.gandy
Level 1
Level 1
In response to amikat

‎12-13-2012 02:28 PM

Cheers for the info Antonin.

below is the interface - so yes it looks like its working:

GigabitEthernet1/0/9 (All statistics are in packets)

  dscp: incoming

-------------------------------

  0 -  4 :   311655693            0            0            0            0

  5 -  9 :           0            0            0            0            0

10 - 14 :           0            0            0            0            0

15 - 19 :           0            0            0            0            0

20 - 24 :           0            0            0            0            0

25 - 29 :           0            0            0            0            0

30 - 34 :           0            0            0            0            0

35 - 39 :           0            0            0            0            0

40 - 44 :           0            0            0            0            0

45 - 49 :           0            0            0            0            0

50 - 54 :           0            0            0            0            0

55 - 59 :           0            0            0            0            0

60 - 64 :           0            0            0            0

  dscp: outgoing

-------------------------------

  0 -  4 :   478116148            0           42            0            6

  5 -  9 :           0            0            0     69138759            0

10 - 14 :        5534            0            0            0            0

15 - 19 :           0      6645267            0            0            0

20 - 24 :           0            0            0            0            0

25 - 29 :           0        20983            0            1            0

30 - 34 :         434            0            0            0            0

35 - 39 :           0            0            0            0            0

40 - 44 :           0            0            0            0            0

45 - 49 :           0            0            0        68054            0

50 - 54 :           0            0            0            0            0

55 - 59 :           0            0            0            0            0

60 - 64 :           0            0            0            0

  cos: incoming

-------------------------------

  0 -  4 :   582153387            0            0            0            0

  5 -  7 :           0            0            0

  cos: outgoing

-------------------------------

  0 -  4 :   494011469     69112310            0            0            0

  5 -  7 :           0            0        88092

  output queues enqueued:

queue:    threshold1   threshold2   threshold3

-----------------------------------------------

queue 0:           4           0           0

queue 1:   196250618      163235      304665

queue 2:           0           0           0

queue 3:           0           0   366584251

  output queues dropped:

queue:    threshold1   threshold2   threshold3

-----------------------------------------------

queue 0:           0           0           0

queue 1:       23559           0           0

queue 2:           0           0           0

queue 3:           0           0        1858

Policer: Inprofile:      4714038 OutofProfile:       514707

Thanks for yout time and links etc

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card