Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
3
Replies

6509 can't apply oubound policy-maps to interface

miked
Level 1
Level 1

‎06-09-2015 11:22 AM - edited ‎03-08-2019 12:28 AM

I can apply inbound policy-maps/service-maps to the 6509's interfaces to manage the traffic but not outbound. Every time I try I get this error:

(config-if)#service-policy output serv50.0M-out
MQC features are not supported in output direction for this interface

The other options I found online are the common approach of creating a two-way access-list of specific IP's and "any", then pointing to it with a rate-limit statement under the interface. This is fine but for the amount of ports I want to limit (in my experience) it would eat the switch alive where TCAM's are concerned.

 

Any thoughts on a method/way of working around that error message?

 

This is an idea of the configuration I want in place:

policy-map serv50.0M-out
  class ipclass3
    shape average 50000000 200000 200000
    random-detect

!

policy-map serv50.0M-in
  class ipclass3
   police cir 50000000 bc 1562500 be 1562500 conform-action transmit exceed-action drop violate-action drop

!

interface FastEthernet6/35

service-policy input serv50.0M-in

service-policy output serv50.0M-out

 

 

Labels:
0 Helpful
3 Replies 3

Aninda Chatterjee
Cisco Employee
Cisco Employee

‎06-09-2015 07:23 PM

Hey Mike,

 

What type of card is installed in slot 6? Could you share the 'show module' output please?


Regards,

Aninda

0 Helpful

miked
Level 1
Level 1
In response to Aninda Chatterjee

‎06-10-2015 05:53 AM

This started years and years ago when I had to optimize for TCAM issues (I'd have to revisit my notes from back then regarding the details and commands used).

Once I did that I lost the ability to add inbound limiting using the "service-policy output" command. I've tried it across FE, GE, and vlan interfaces with no luck. I don't believe it's card specific since when it started I had different SUP cards, have replaced a couple line cards, etc... Plus it seems to be a common thing from what I've found. I'm just curious if anyone has gotten around it because there aren't any clear cut answers that I've.

Regardless, this is the output for this particular switch:

Mod Ports Card Type                              Model 
--- ----- -------------------------------------- ------------------
  1    2  Catalyst 6000 supervisor 2 (Active)    WS-X6K-S2U-MSFC2
  2    2  Catalyst 6000 supervisor 2 (Warm)      WS-X6K-S2U-MSFC2
  3    8  8 port 1000mb ethernet                 WS-X6408-GBIC
  4   48  48 port 10/100 mb RJ-45 ethernet       WS-X6248-RJ-45
  5   48  48 port 10/100 mb RJ-45 ethernet       WS-X6248-RJ-45
  6   48  48 port 10/100 mb RJ-45 ethernet       WS-X6248-RJ-45
  7   48  48 port 10/100/1000mb EtherModule      WS-X6148-GE-TX
  9    8  8 port 1000mb ethernet                 WS-X6408-GBIC

 

Thanks for the help!

0 Helpful

miked
Level 1
Level 1
In response to miked

‎06-25-2015 05:13 AM

Anybody have an idea how to resolve this or any workarounds?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card