Re: 3750X Rate Limit Backup Traffic on WAN

CNM88 · ‎08-31-2017

I've got a 3750X that I would like to rate limit backup traffic destined for a remote site. I've defined my source IP addresses using an ACL and class-map. The issue is that version 15.X doesn't seem to support the "shape average" commands. I've been looking into the "Police" command set but it apperas that my only option is to drop traffic. Is that what I want to do? The plan is to apply the policy map inbound to the SVI on the 3750X.

Georg Pauwen · ‎08-31-2017

Hello,

below is a sample config where you police traffic defined in access list 101 to 20Mbit. Adjust the values to fit your specifics.

On the 3750x, in order to apply the policy to an SVI, you need to have a hierarchical setup, that is why the parent policy is created. It doesn't do anything, as it just marks all traffic with a default dscp, but without the parent, it won't work.

Don't forget to apply 'mls qos vlan-based' to all physical ports belonging to the VLAN in question.

mls qos
!
interface GigabitEthernet1/0/3
switchport access vlan 20
switchport mode access
mls qos vlan-based
!
class-map match-all POLICE_BACKUP
match ip address 101
!
policy-map VLAN20_POLICE
class POLICE_BACKUP
police 20000000 1000000 exceed-action drop
!
policy-map VLAN20_PARENT
class class-default
set dscp default
service-policy VLAN20_POLICE
!
interface Vlan20
service-policy input VLAN20_PARENT
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255

CNM88 · ‎09-08-2017

Thanks all! I think you're spot on. This is exactly the information I needed.

bersoare · ‎08-31-2017

Have you tried applying it outbound?

Not all devices are capable of shaping in the inbound direction.