05-17-2011 05:39 PM - edited 03-06-2019 05:06 PM
Hi
I'm going limit the bandwidth for a specific server(10.5.2.2) with policer, which is a very typical senario:
Server(10.5.2.2)--------------(g0/5) C3560G (g0/2)----------------Firewall----------Internet
The download traffic to 10.5.2.2 will be limit to 2Mbps. So I applied the policy to port G0/2,but when I download the file from server, the speed is still over 6Mbps. Can somebody have a look whether I missed something? Thank you!
The configuration is as this:
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(46)SE, RELEA
SE SOFTWARE (fc2)
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 28 WS-C3560G-24TS 12.2(46)SE C3560-IPBASEK9-M
class-map match-any Library-Public-Users
match access-group 110
!
!
policy-map Bandwidth-Limit-PublicUsers
class Library-Public-Users
police 2000000 8000 exceed-action drop
!
access-list 110 permit ip any host 10.5.2.2
interface GigabitEthernet0/2
description Firewall
switchport access vlan 9
switchport mode access
spanning-tree portfast
service-policy input Bandwidth-Limit-PublicUsers
!
05-18-2011 06:20 AM
Hi,
can you post the output for the command show mls qos interface gigabitethernet0/2 statistics - here it would be interesting to see the last part of the output, where it displays the number of packets that are inprofile and outofprofile after you apply the policer - this would help understand if the policer is effectively working at all.
Regards,
ranraju
05-18-2011 05:02 PM
Hi ranraju
I just found in the other discussion that it seemed that I've missed a global command "mls qos". But this command is not related explicitly in Catalyst 3560 switch configuration Guide. So is it a must for policer on switch?
Then I've tried enable mls qos globally, and tested speed again. Now it seems working, i can see the increments of inprofile& outof profile statistics.
BUT the download speed is much less then 2mbps, it's about 320Kbps. Do I need to adjust burst size?
CORULUDCL1SW01#show mls qos int g0/2 sta
GigabitEthernet0/2 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 824062184 412345 823564 14064 3045800
5 - 9 : 8123 347155 170743 19645972 3719
10 - 14 : 563712 21 1423908 126608 3995
15 - 19 : 275866 3084759 85 229902 17
20 - 24 : 16779 149 5887 119 802155
25 - 29 : 0 1562301 75 1803 0
30 - 34 : 3557 23 27692 0 178215
35 - 39 : 86 29376 0 587295 3
40 - 44 : 42096 4529 88 0 1025378
45 - 49 : 0 552891 0 5812622 0
50 - 54 : 12 0 47 0 0
55 - 59 : 14 3222 0 13 0
60 - 64 : 453 1 33 378246
dscp: outgoing
-------------------------------
0 - 4 : 73981011 182 94 0 65902
5 - 9 : 0 19 0 826 0
10 - 14 : 30 0 3 0 0
15 - 19 : 0 57 0 53 0
20 - 24 : 0 3 0 0 668530
25 - 29 : 0 5 0 0 0
30 - 34 : 3 0 18 0 272
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 3419 0 260755 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 24 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 865283893 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 74956630 0 0 0 0
5 - 7 : 0 32103 726
Policer: Inprofile: 3966 OutofProfile: 1114
05-18-2011 05:17 PM
Hi Zheng,
Hope you are doing good!..
Well that was the first thing on my mind, I wanted to check if the mls qos was enabled on the switch or not. Thats the first thing to do before you apply any other configurations on the switch related to QoS. And the policer's configuration was also correct. And in regards to the speed, yes you can try changing the burst size and check if it works.
Regards,
ranraju
05-19-2011 04:07 AM
Thanks for your reply.
Since I don't have a test tool like Smartbits to test the speed, theoretically, once I set the policer to 2Mbps, 8000burst size, then I should be able get the bandwidth at this speed, am I right? I'm not quite familiar with 3560G, I'm just wondering if there're any Bugs or limititions at this version. I assume this is a very basic funtion for 3560.
05-18-2011 07:10 AM
For what I know, you can't limit/police at a rate lower than 10Mbps. A workaround would be to set the interface speed to 100Mbps and try your config again.
If no success we have to use srr-queue configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide