04-09-2009 03:40 PM - edited 03-06-2019 05:06 AM
Hi Everyone,
I have question about traffic policing and I am not sure where should I implement it. I have server (10.1.1.1.2) in the access gig switch (Cat-3750) want to limited to like 500MB only when it cross different vlan (192.168.1.2). We have 6513 is acting as Distribution/Core, and distribution is a layer 2 switching (Cat-3750). I want to apply the traffic policing (drop the traffic) on edge switch if possible. So I am wondering if I can use ext. acl in access switch with source 10.1.1.2 dest 192.168.1.2 and apply it to policy-map and drop if violation happens. I know I can use bandwidth limit but user may move to different port on the same switch. Maybe the only way to do this is on core? Any suggestions or opinions are appreciated.
Best Regards,
=J=
Solved! Go to Solution.
04-10-2009 07:45 PM
Here is a good link that should help you:
04-09-2009 05:59 PM
class-map match-all police
match access-group name police
policy-map rate-limit
class police
police cir 50000000 bc 25000
conform-action transmit
exceed-action drop
ip access-list extended police
permit ip host 10.1.1.2 host 192.168.1.2
I would apply this policy on the core inbound
04-09-2009 09:23 PM
Hi wgoulart,
Thanks for detailed command. Just wondering do you have other suggestion in access switch as well? I really like to have these in access switch so at least traffic is not hitting distribution layer as well. I understand the core is handling the layer 3 so traffic policing with ip will only works on core. Is there any other policing method I can implement in access layer and is based on IP or Mac address of server as well?
Thanks,
=J=
04-10-2009 07:45 PM
Here is a good link that should help you:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide