Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
1
Replies

Traffic Policing and Times ACL

Go to solution
mubi.malik
Level 1
Level 1

‎11-02-2017 04:32 PM - edited ‎03-08-2019 12:36 PM

Hi Everyone,

 

I'm trying to limit traffic to 80 mbps on and interface. I'm using the following configuration

 

 

 

 ip access-list extended FW-80mbps

  permit ip any any

 

  class-map match-all FW-80mbps

  match access-group FW-80mbps

  match access-group name FW-80mbps

 

  policy-map FW_Speed_80mbps

  class FW-80mbps

  police cir 81920000 bc 81920000 be 81920000

  conform-action transmit

  exceed-action drop

  violate-action drop

 

  int gi 0/1.300

  service-policy input FW_Speed_80mbps

  service-policy output FW_Speed_80mbps

  

 

when i use this configuration. still i see that the effective traffic is around 100mbps from the interface. when i convert to 40mbps then it ranges from 40-54 mbps. what could be my mistake?

Moreover, how can i implement this on timed basis. like i want this to be limiting traffic only in morning hours and not in night. I know i can use times ACL but i'm confused. it will allow everything in day time and then block everything in night because acl wont b effective in day time. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-02-2017 05:25 PM

Hi

First of all regarding you're policy-map, the cir value is fine because expressed in bits but bc and be are in bytes.
You need then to adjust the burst you want. If you don't want any, do just the police command without bc and be.
On some platform you'll need to define bc and be, in this case just set the minimum value.

For acl time range, you'll need to define the time profile:
time-range XXXX
periodic day_of_week xx:00 to xx:00

Then in your acl statement at the end, just add the keyword time-range with the name of your time profile



Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-02-2017 05:25 PM

Hi

First of all regarding you're policy-map, the cir value is fine because expressed in bits but bc and be are in bytes.
You need then to adjust the burst you want. If you don't want any, do just the police command without bc and be.
On some platform you'll need to define bc and be, in this case just set the minimum value.

For acl time range, you'll need to define the time profile:
time-range XXXX
periodic day_of_week xx:00 to xx:00

Then in your acl statement at the end, just add the keyword time-range with the name of your time profile



Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card