Configuring Traffic Policing
First Published: December, 2007
Last Updated: March 21, 2011
Feature History
|
|
Cisco IOS |
For information about feature support in Cisco IOS software, use Cisco Feature Navigator. |
This module describes the tasks for configuring the Traffic Policing feature.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Traffic Policing Configuration Task List
To successfully configure the Traffic Policing feature, a traffic class and a traffic policy must be created, and the traffic policy must be attached to a specified interface. These tasks are performed using the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC).
To configure the Traffic Policing feature, perform the tasks described in the following sections.
•Configuring Traffic Policing (Required)
•Monitoring and Maintaining Traffic Policing (Optional)
Configuring Traffic Policing
|
|
Router(config-pmap-c)# police bps burst-normal burst-max conform-action action exceed-action action violate-action action |
Specifies a maximum bandwidth usage by a traffic class. Specifies the action to be taken on a packet when you enable the action keyword. Note The Traffic Policing feature works with a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified. |
Verifying the Traffic Policing Configuration
|
|
Router# show policy-map interface |
Displays statistics and configurations of all input and output policies attached to an interface. |
Monitoring and Maintaining Traffic Policing
|
|
Router# show policy-map |
Displays all configured traffic policies. |
Router# show policy-map policy-map-name |
Displays the user-specified traffic policy. |
Router# show policy-map interface |
Displays statistics and configurations of all input and output policies attached to an interface. |
Traffic Policing Configuration Examples
The following section provides an Traffic Policing configuration example:
•Example: Traffic Policy that Includes Traffic Policing
•Example: Verifying the Traffic Policing Configuration
Example: Traffic Policy that Includes Traffic Policing
The following example shows how to define a traffic class (with the class-map command) and associate that traffic class with a traffic policy (with the policy-map command). Traffic policing is applied in the traffic policy. The service-policy command is then used to attach the traffic policy to the interface.
In this example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 2000 bytes, and the excess burst size at 4000 bytes. Packets coming into Fast Ethernet interface 0/0 are evaluated by the token bucket algorithm to analyze whether packets conform exceed, or violate the specified parameters. Packets that conform are sent, packets that exceed are assigned a QoS group value of 4 and are sent, and packets that violate are dropped.
Router(config)# class-map acgroup2
Router(config-cmap)# match access-group 2
Router(config-cmap)# exit
Router(config)# policy-map police
Router(config-pmap)# class acgroup2
Router(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action
set-qos-transmit 4 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fastethernet 0/0
Router(config-if)# service-policy input police
Example: Verifying the Traffic Policing Configuration
The following example verifies that the Traffic Policing feature is configured on your interface. If the feature is configured on your interface, the show policy-map interface command output displays policing statistics.
Router# show policy-map interface
Service-policy input: police
Class-map: acgroup2 (match-all)
5 minute offered rate 0 bps, drop rate 0 bps
cir 8000 bps, bc 2000 bytes, be 4000 bytes
conformed 0 packets, 0 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
violated 0 packets, 0 bytes; actions:
conformed 0 bps, exceed 0 bps, violate 0 bps
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2011 Cisco Systems, Inc. All rights reserved.