Hello,

Based on below diagram , Is the confiuration correct in switch SW1  for policing 1mb data when communicate from 192.168.10.0/24 subnet to 192.168.20.0/24  ?

SW1 is purely L2 switch ( no routing). Distribution switch SW3 is having vlan interface for vlan 10 and 20 and ip  192.168.10.1 and 192.168.20.1 respectively, thanks.

Here is SW1 conf iguration:

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

vlan 10

!

!

class-map match-all Critical

match access-group name Critical

policy-map Policy-QoS

class Critical

  police 10000000 8000 exceed-action drop

  set dscp cs3

class class-default

  set dscp default

!

!

!

!

interface FastEthernet1/0/1

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Policy-QoS

!

interface FastEthernet1/0/2

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Policy-QoS

!

interface FastEthernet1/0/3

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Policy-QoS

!

interface FastEthernet1/0/4

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input Policy-QoS

interface GigabitEthernet1/0/1

description UPlink

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10

switchport mode trunk

mls qos trust cos

!

ip access-list extended Critical

deny   icmp 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

deny   ip any any