Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
2
Replies

Bandwidth policing by IP

Go to solution
Epiccloud
Level 1
Level 1

‎01-18-2017 01:01 PM - edited ‎03-08-2019 08:57 AM

We are trying to setup QoS Bandwidth policing by subnet but the policies we've defined aren't getting any hits. Only the default policy is applying.

All of our /24 subnets terminate on the 3850 stack, we are trying to police bandwidth inbound/outbound via interfaces tied to VLAN 2 and VLAN 3 to our edge routers.





class-map match-any GOLD
 match access-group name GOLD_staff
class-map match-any BRONZE
 match access-group name BRONZE_staff
class-map match-any PLATINUM
 match access-group name PLATINUM_staff
class-map match-any SILVER
 match access-group name SILVER_staff

policy-map PoliceBandwidth
 class BRONZE
  police cir 10240000 bc 312500 conform-action transmit  exceed-action drop
 class SILVER
  police cir 25600000 bc 312500 conform-action transmit  exceed-action drop
 class GOLD
  police cir 51200000 bc 312500 conform-action transmit  exceed-action drop
 class PLATINUM
  police cir 102400000 bc 312500 conform-action transmit  exceed-action drop
 class class-default
  police cir 10240000 bc 312500 conform-action transmit  exceed-action drop


interface GigabitEthernet1/0/1
 switchport access vlan 2
 switchport mode access
 service-policy input PoliceBandwidth
 service-policy output PoliceBandwidth
!
interface GigabitEthernet1/0/2
 switchport access vlan 3
 switchport mode access
  service-policy input PoliceBandwidth
 service-policy output PoliceBandwidth

ip access-list extended BRONZE_staff
 permit ip 192.168.100.0 0.0.0.255 any

ip access-list extended SILVER_staff
 permit ip 192.168.101.0 0.0.0.255 any

ip access-list extended GOLD_staff
 permit ip 192.168.102.0 0.0.0.255 any

ip access-list extended PLATINUM_staff
 permit ip 192.168.103.0 0.0.0.255 any

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-19-2017 06:34 PM

If you want to police in both directions, your access lists are going to have to match in both directions.  e,g.

ip access-list extended BRONZE_staff
 permit ip 192.168.100.0 0.0.0.255 any
 permit ip any 192.168.100.0 0.0.0.255

Try putting the service policy on the actual VLAN interfaces if you don't make progress.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-19-2017 06:34 PM

If you want to police in both directions, your access lists are going to have to match in both directions.  e,g.

ip access-list extended BRONZE_staff
 permit ip 192.168.100.0 0.0.0.255 any
 permit ip any 192.168.100.0 0.0.0.255

Try putting the service policy on the actual VLAN interfaces if you don't make progress.

0 Helpful

Go to solution
Epiccloud
Level 1
Level 1
In response to Philip D'Ath

‎01-23-2017 09:19 AM

Adding the reciprocal path to the access-list seems to be working, thanks!



When I try to add;

service-policy input PoliceBandwidth
service-policy output PoliceBandwidth

to the vlan interface the commands don't stick and don't show up in the configuration?
I can only assume this switch doesn't support service policies on VLAN interfaces

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card