Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Rate Limit traffic in Cisco 3560

Arshad Khan
Beginner
Beginner

‎10-20-2011 11:49 PM - edited ‎03-07-2019 02:57 AM

Hey all,

I am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.

Here bellow is my scanrio.

access-list 120 permit tcp any any eq 445 log

access-list 120 permit tcp any eq 445 any log

Gi0/1

rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop

But its not working. Kindly guide me on this issue as it is very critical to me.

Labels:
0 Helpful
25 REPLIES 25

Latchum Naidu
Engager
Engager

‎10-21-2011 12:58 AM

Hi,

Why dont you apply rate-limit or policy map feature to the vlan which you want and to which the gi0/1 belongs to.


See the below two individual steps may help in your scenario.


STEP-1:

Apply rate-limit on each L3 vlan interface in your 2851
Example (for 1024kbits for vlan 2):

Router# conf t
Router(config)# int vlan 2
Router(config-if)#rate-limit input 1000000 187500 375000 conform-action transmit exceed-action drop
Router(config-if)#rate-limit output 1000000 187500 375000 conform-action transmit exceed-action drop


STEP-2:

Policy a specific VLAN number on VLAN interface.

class-map vlan5
match vlan 5
match class-map class-default

policy-map vlan5-limit
class vlan5
police 2000000 250000 exceed-action drop

int vlan5
service-policy input vlan5-limit


After you apply this configuration, the traffic with VLAN 5 coming from any will be policed at 2Mbps.


Hope this will help you.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Arshad Khan
Beginner
Beginner
In response to Latchum Naidu

‎10-21-2011 01:07 AM

Thanks for the reply ..

I have around 64 vlans on distribution switch and i also need to apply rate limit on core switch (3750) which not carry any vlan configered.

Kindly provide the way to control on 3560 and 3750 Gig ports (layer 3 ports).

0 Helpful

smitesh kharecha
Contributor
Contributor
In response to Arshad Khan

‎10-21-2011 01:09 AM

Hi Arshad,

Why are you not using NBAR and MQC for the same ??

Regards,

Smitesh

0 Helpful

Latchum Naidu
Engager
Engager
In response to smitesh kharecha

‎10-21-2011 01:26 AM

Hi,

Try this:
police 90000000 11250000 exceed-action drop
police 30000000 3750000 exceed-action drop

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

Arshad Khan
Beginner
Beginner
In response to Latchum Naidu

‎10-21-2011 02:17 AM

Hey Naidu,

If i am apply

police 90000000 11250000 exceed-action drop

police 30000000 3750000 exceed-action drop

on Gi0/1 so how its control said access-list (access-list 120) to control port 445 traffic?

Regards,

Arshad Ahmed

0 Helpful