cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
729
Views
5
Helpful
4
Replies

Traffic Policing to avoid log message %CERM-4-RX_BW_LIMIT: Maximum Rx

quadrabe
Level 1
Level 1

Hi

We're trying to implement traffic policing to avoid following log message:

 

 

%CERM-4-RX_BW_LIMIT: Maximum Rx Bandwidth limit of 85000 Kbps reached for Crypto functionality with securityk9 technology package license.

 

Following the whitepages https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/118746-technote-isr-00.html#anc4 and this https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/19645-policevsshape.html

However we still get the log message, does anyone know what we did wrong?
This is our config.

 

interface GigabitEthernet0/0
 description UPLINK WAN
 ip address dhcp
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto map CRYPTO_MAP
 service-policy input PM-Policing
Policy Map PM-Policing
    Class CL-Policing
     police rate 80000000 
       conform-action transmit 
       exceed-action drop 

Class Map match-all CL-Policing (id 1)
   Match any 
sh policy-map interface gi0/0
 GigabitEthernet0/0 

  Service-policy input: PM-Policing

    Class-map: CL-Policing (match-all)  
      870906 packets, 1119424862 bytes
      5 minute offered rate 63000 bps, drop rate 0000 bps
      Match: any 
      police:
          rate 80000000 bps, burst 2500000 bytes
        conformed 869659 packets, 1040884091 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          drop 
        conformed 49000 bps, exceeded 0000 bps

    Class-map: class-default (match-any)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any 

 

4 Replies 4

@quadrabe use shaping, here is an example of the exact same scenario. You'd probably want to purchase the HSEC license, rather than rely on this workaround.

quadrabe