Category:Cisco Systems -> Routing and Switching
Ingress
On most of the switches traffic policing is available only in the input direction.
Following is the example of rate-limiting the traffic down to 1Mbit/s done on Cisco Catalyst 2950/3750 series switch:
mls qos
policy-map RATE-LIMIT
class class-default
police 1024000 128000 exceed-action drop
interface FastEthernet0/1
service-policy input RATE-LIMIT
NOTE
Without mls qos command any qos rules won’t come into effect!
Implementing the same rules but with an access-list:
mls qos
ip access-list extended ANY-TRAFFIC
permit ip any any
class-map match-all ANY-TRAFFIC
match access-group name ANY-TRAFFIC
policy-map RATE-LIMIT
class ANY-TRAFFIC
police 1000000 80000 exceed-action drop
interface FastEthernet0/1
service-policy input RATE-LIMIT
Example of limiting SVI interface traffic on Cisco Catalyst 3750 switch (possible only with child sevice-policy and only with match input-interface command, there’s no way round):
class-map match-all VL04-PAR-CLASS
match access-group name IP
class-map match-all TRUNK
match input-interface FastEthernet1/0/1
!
!
policy-map VL04-CHILD
class TRUNK
police 1024000 128000 exceed-action drop
policy-map VL04-PAR
class VL04-PAR-CLASS
set precedence 3
service-policy VL04-CHILD
!
interface FastEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos vlan-based
!
interface Vlan4
no ip address
//even with vlan interface shutdown command the policy will still be working
service-policy input VL04-PAR
!
ip access-list extended IP
permit ip any any
Proof:
The other way with P-t-P SVI link (tested):
Keep in mind “no policy map can contain more than 64 class policies” as Cisco says. Although on Cisco 7200 people say the limit is 255 class-maps in a policer.
Egress
If you wish to police traffic in the output output direction, you shoud use shaped round-robin (srr) mechanics. On older switches (e.g. 2950), it is called weighted round-robin (wrr).
The most basic way to limit the bandwith on a switch port is to limit its bandwidth directly. The bandwith limit is set in percents from the speed of the port. It is set in increments of 6. So you can’t make it precise. For example, if you have to limit the traffic on a switch port down to 2Mbit/s. In practice you will only be able to limit it to 1.8 or 2.4Mbit/s. And it would be up to you to decide which of those numbers would suit you. To limit the bandwidh down to 1.8Mbit/s do the following on a 100Mbit/s switchport:
interface FastEthernet0/1
speed 10
srr-queue bandwidth limit 18
If you use srr-queue bandwidth limit 20 command, the switch will round it down to 18 automatically (although it won’t show you). Remember the increments of 6.
If you want to limit it to 2.4Mbit/s, the suitable commands would be:
interface FastEthernet0/1
speed 10
srr-queue bandwidth limit 24
