1. I suppose you could police both directions if you felt like it, but since it referred to "any port" within the VLAN, I'd say an incoming measurement would be the most logically accurate.
2. For outbound-only purposes, shaping could be an option as well. Typically when the phrase involves words about "not exceeding", a policer is typically the desired response. You can't shape inbound though, and so we wouldn't be targeting the incoming traffic from hosts in that vlan though. 3. According to the doc CD, the standard policer follows the same format as the rate-limit command. normal burst is your target rate converted to bits then * 1.5. It's just the thinking of policers and their statistical measurements. 4. police cir works "a little" more like a shaper in terms of more specific measurements. The rate-limit/regular policer only measures once per second, and averages over a 5 second period. Personally, i never liked the use of "bc" or "be" here because it's NOT as accurate as the way a shaper measures. but that's just my little rant. :) 5. police # is the original/older version. Police cir is the newer method which can also involve a pir (dual bucket policing) 6. I'd have to lab that up, but I don't believe those two commands are functionally equivalent. HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Berger Sent: Saturday, November 10, 2007 10:00 AM To: [email protected] Subject: [OSL | CCIE_RS] CCIE R&S: QoS conversion (Workbook Section 17) Hi There, I would have a question regarding exercise 17.3 (well 6 questions actually :) ) We are asked to "Configure the 3550 such as any port of vlan 11 does not exceed 1 Mbps of transmission speed". There is only fa0/1 in vlan11, so the config will happen there and the solution applies the following policing policy-map aPol class class-default police 1000000 187500 exceed drop on int fa0/1 service-policy input aPol Q1: why is this applied on the *input* when we are asked to enforce the *transmission* speed? Why not applying this in "output"? Q2: we decide to use policing, ok but would shaping have been an option? Would have this policy made the trick: policy-map test class class-default shape average 1000000 ! and then apply it on the "output" of fa0/1? Q3: Where does this 187500 bytes burst value come from? It is equivalent to 1.5Mbps but why is it configured there? Q4: What is the difference between "burst bytes" and bc in the following output: R2(config-pmap-c)#police cir 1000000 ? <1000-512000000> Burst bytes bc Conform burst conform-action action when rate is less than conform burst pir Peak Information Rate <cr> Q5: What is the difference between policing the CIR or directly a bps value in the following output: R2(config-pmap-c)#police ? <8000-2000000000> Bits per second cir Committed information rate rate Specify police rate Q6: Would this command R2(config-pmap-c)#$police cir 1000000 bc 187500 conform-action tr exceed-action drop be equivalent to: R2(config-pmap-c)#$police 1000000 187500 conform-action tr exceed-action drop ? Thanks in advance! Michael
