04-13-2007 01:59 PM - edited 03-05-2019 03:27 PM
Using police (because rate-limit doesn't work on a vlan) to control traffic in and out of a VLAN, but it isn't working. I want to limit traffic to 256k/386 Burst, but when I do a speed test I am getting FAR more than that.
here is my config:
class-map match-all GuestVLAN3-256k
match any
policy-map GuestVLAN3-256k
class GuestVLAN3-256k
police 256000 bps 3840 byte conform-action transmit exceed-action drop
interface Vlan3
description GuestVLAN (Internet Only at 256k)
ip address 10.146.3.1 255.255.255.0
ip access-group GuestVLAN3 in
ip helper-address x.x.x.x
ip helper-address x.x.x.x
no ip redirects
service-policy input GuestVLAN3-256k
service-policy output GuestVLAN3-256k
what am I doing wrong?
thanks,
Erik
04-14-2007 10:13 PM
If you have service policies attached to the physical interface receiving or sending packets for VLAN 3, you'll need to enable VLAN-based QoS on these physical interfaces.
Otherwise, instead of using the GuestVLAN3-256k class with match any, maybe you could refer to class-default in your policy-map instead:
policy-map GuestVLAN3-256k
class class-default
police 256000 bps 3840 byte conform-action transmit exceed-action drop
HTH
04-17-2007 01:48 PM
That didn't help either, still able to pass our full internet bandwidth across this vlan.
the reason I am using Police rather than rate-limit is because it isn't a physical interface, it is a vlan that I want to control traffic on.
Anyone else have any ideas?
Erik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide