Re: Policer not working on 3560G

walter1999 · ‎05-17-2011

Hi

I'm going limit the bandwidth for a specific server(10.5.2.2) with policer, which is a very typical senario:

Server(10.5.2.2)--------------(g0/5) C3560G (g0/2)----------------Firewall----------Internet

The download traffic to 10.5.2.2 will be limit to 2Mbps. So I applied the policy to port G0/2，but when I download the file from server, the speed is still over 6Mbps. Can somebody have a look whether I missed something? Thank you!

The configuration is as this:

Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(46)SE, RELEA
SE SOFTWARE (fc2)

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 28    WS-C3560G-24TS     12.2(46)SE            C3560-IPBASEK9-M

class-map match-any Library-Public-Users
match access-group 110
!
!
policy-map Bandwidth-Limit-PublicUsers
class Library-Public-Users
police 2000000 8000 exceed-action drop
!
access-list 110 permit ip any host 10.5.2.2

interface GigabitEthernet0/2
description Firewall
switchport access vlan 9
switchport mode access
spanning-tree portfast
service-policy input Bandwidth-Limit-PublicUsers
!

ranraju · ‎05-18-2011

Hi,

can you post the output for the command show mls qos interface gigabitethernet0/2 statistics - here it would be interesting to see the last part of the output, where it displays the number of packets that are inprofile and outofprofile after you apply the policer - this would help understand if the policer is effectively working at all.

Regards,

ranraju

walter1999 · ‎05-18-2011

Hi ranraju

I just found in the other discussion that it seemed that I've missed a global command "mls qos". But this command is not related explicitly in Catalyst 3560 switch configuration Guide. So is it a must for policer on switch?

Then I've tried enable mls qos globally, and tested speed again. Now it seems working, i can see the increments of inprofile& outof profile statistics.

BUT the download speed is much less then 2mbps, it's about 320Kbps. Do I need to adjust burst size?

CORULUDCL1SW01#show mls qos int g0/2 sta
GigabitEthernet0/2 (All statistics are in packets)

dscp: incoming
-------------------------------

0 - 4 :   824062184       412345       823564        14064      3045800
5 - 9 :        8123       347155       170743     19645972         3719
10 - 14 :      563712           21      1423908       126608         3995
15 - 19 :      275866      3084759           85       229902           17
20 - 24 :       16779          149         5887          119       802155
25 - 29 :           0      1562301           75         1803            0
30 - 34 :        3557           23        27692            0       178215
35 - 39 :          86        29376            0       587295            3
40 - 44 :       42096         4529           88            0      1025378
45 - 49 :           0       552891            0      5812622            0
50 - 54 :          12            0           47            0            0
55 - 59 :          14         3222            0           13            0
60 - 64 :         453            1           33       378246
dscp: outgoing
-------------------------------

0 - 4 :    73981011          182           94            0        65902
5 - 9 :           0           19            0          826            0
10 - 14 :          30            0            3            0            0
15 - 19 :           0           57            0           53            0
20 - 24 :           0            3            0            0       668530
25 - 29 :           0            5            0            0            0
30 - 34 :           3            0           18            0          272
35 - 39 :           0            0            0            0            0
40 - 44 :           0            0            0            0            0
45 - 49 :           0         3419            0       260755            0
50 - 54 :           0            0            0            0            0
55 - 59 :           0           24            0            0            0
60 - 64 :           0            0            0            0
cos: incoming
-------------------------------

0 - 4 : 865283893 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------

0 - 4 :    74956630            0            0            0            0
5 - 7 :           0        32103          726
Policer: Inprofile:         3966 OutofProfile:         1114

ranraju · ‎05-18-2011

Hi Zheng,

Hope you are doing good!..

Well that was the first thing on my mind, I wanted to check if the mls qos was enabled on the switch or not. Thats the first thing to do before you apply any other configurations on the switch related to QoS. And the policer's configuration was also correct. And in regards to the speed, yes you can try changing the burst size and check if it works.

Regards,

ranraju

walter1999 · ‎05-19-2011

Thanks for your reply.

Since I don't have a test tool like Smartbits to test the speed, theoretically, once I set the policer to 2Mbps, 8000burst size, then I should be able get the bandwidth at this speed, am I right? I'm not quite familiar with 3560G, I'm just wondering if there're any Bugs or limititions at this version. I assume this is a very basic funtion for 3560.

Florin Barhala · ‎05-18-2011

For what I know, you can't limit/police at a rate lower than 10Mbps. A workaround would be to set the interface speed to 100Mbps and try your config again.

If no success we have to use srr-queue configuration.