I was trying to rate limit WS-C3560V2-48PS-S a vlan and found
this works a ltitle different than a normal port. The vlan connections are still able to get
full bandwidth bypassing this policer.
I'm not sure why.
class-map match-all BYOD-Accesslist
match access-group 100
class-map match-all BYOD-Interface
match input-interface
GigabitEthernet1/0/6
!
policy-map BYOD-InterfaceMap
class BYOD-Interface
police 3145500 8000 exceed-action drop
policy-map BYOD-Vlan
class BYOD-Accesslist
set dscp default
service-policy BYOD-InterfaceMap
interface Vlan2
description BYOD Network
ip address 10.8.0 .1
255.255.0.0
ip access-group 100 in
ip access-group 101 out
service-policy input BYOD-Vlan
access-list 100 permit ip any host 10.3.3 .254
access-list 100 permit ip any host 10.3.3 .253
access-list 100 permit ip any host 10.8.0 .1
access-list 100 deny ip any 10.0.0 .0
0.255.255.255
access-list 100 permit ip any any
access-list 101 permit ip host 10.3.3 .254
any
access-list 101 permit ip host 10.3.3 .253
any
access-list 101 permit ip host 10.8.0 .1
any
access-list 101 deny ip 10.0.0 .0
0.255.255.255 any
access-list 101 permit ip any any
interface GigabitEthernet1/0/6
description Ruckus ZD3000
switchport trunk encapsulation dot1q
switchport mode trunk
Everything Vlan related works and the access
list also work correctly. However when I
use a bandwidth testing site, it shows that this is not getting policed.
The supplier 3Anetwork.com can help but
their technical support charge is a bit high, so I would prefer to WS-C3560X-48PF-L do by
myself.
Thanks for your help.
没有评论:
发表评论