Here's a few quick methods for rate-limit traffic . It requires applying this under the class-default class or by using a class-map.
1: e.g ( rate limit traffic on a 1gig interfaces eth 1/1 to 1/3 to not exceed 10mbps )
config t
policy-map type qos 10mbps-RATE_limter
description rate-limit of 10mbps
class class-default
police cir percent 1 bc 200 ms conform transmit violate drop
interface Ethernet1/1-3
description1GIGE access to my server
switchport access vlan 1001
spanning-tree port type edge
spanning-tree bpduguard enable
speed 1000
storm-control broadcast level 1.50
storm-control multicast level 5.00
service -policy in 10mbps-RATE_limter
end
copy running start
Another option could be to match a class-map with the match dscp options
2: e.g ( by defining a class-map and a rate limiter of 50mbps )
class-map type qos match-any QOS_class
match dscp 0-7
policy-map type qos SOCPUP01
description rate-limit of 50mbps
class QOS_class
police cir percent
5 bc 200 ms conform transmit violate drop
For the bc value you need to determine what burst-commit value you want the time measurement.
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/ \
ReplyDeleteHi Ken, i came across this article, but seems it's not policing my ingress traffic on N3548 as expected. Also opened TAC case with Cisco, and they claim it's not available on this platform, are you sure you were able to implement it? Thanks -Baolong
I am also having this issue and currently have a TAC case as the below quote is from the cisco document
ReplyDeleteGuidelines and Limitations
Policing has the following configuration guidelines and limitations:
Starting with Release 7.0(3)I2(1), ingress and egress policing is supported only on the Cisco Nexus 3100 Series platforms and it is not supported on the Cisco Nexus 3000 Series platforms.
But there must be a work around.
I will post if i get anywhere