Generally speaking, Muhammad is correct. From personal experience, you are going to find a lot of limitations on the switching platform when you try to implement this, though. The switching platforms vary significantly in their abilities to classify traffic and police in different directions. Off the top of my head, I am not sure whether the 2960 supports policing at all. 3550 does, with significant limitations. I can share more specific experiences offline.
As an alternative, consider doing the straightforward "rate-limit input | output ..." on the subinterfaces on the 7200. Works like a champ (assuming the CPU can keep up of course) and is just 2 lines to set up vs the MQC on the switch. Sincerely, Michael Malitsky > Date: Wed, 8 Apr 2009 09:36:07 +0500 > From: Muhammad Salman Zahid <gregariouspe...@gmail.com> > Subject: Re: [c-nsp] rate limiting pointers? > To: Scott Granados <gsgrana...@comcast.net> > Cc: cisco-nsp@puck.nether.net > Message-ID: > <44c523750904072136u5c3c82c0scf20d47d5c2e3...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Dear Scott, > > Read & try the following: > > > Step 1: Define ACL for desired IP Pools > Step 2: Define a Packet classification criteria > Class-map match-all <traffic_class_name> > description Control plane normal traffic > match access-group name <Access_list_name> > > Step 3: Define a Service Policy > policy-map <service_policy_name> > class <traffic_class_name> > police cir <rate, bc(confirm burst) , be (excess burst)> > conform-action set-dscp-transmit default exceed-action drop violate- > action > drop > > Step 4: Enter service policy on control plane interface > service-policy input <service_policy_name> > service-policy output <service_policy_name> > > ip access-list extended [ABC] > ip access-list extended [XYZ] > class-map match-all [NAME1]=== NAME1=ABC (so easily remember) > match access-group name [ABC] > class-map match-all [NAME2]=== NAME2=XYZ (so easily remember) > match access-group name [XYZ] > policy-map [POLICY NAME] > class [ABC] > put rate limit > class [XYZ] > put rate limit > Regards, > MSZ > On Wed, Apr 8, 2009 at 6:36 AM, Scott Granados > <gsgrana...@comcast.net>wrote: > > > Since the topic of rate limiting came up... > > > > I have a 7206VXR NPE-300 and 2 switches (2960 and 3550). > > > > I plan on setting up a trunk from the 7206 to the 3500 and break out > via > > vlans as you'd expect. What are some good methods for rate limiting > the > > individual ports on the access switches? > > > > I'm open to other hardware but this is more of a lab / personal > environment > > so solutions for the listed hardware would be appreciated. Could > someone > > also suggest some good foundation type reading for rate limiting and > > practices? > > > > Thank you > > Scott > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > > -- > "Death is no the greatest loss in life .... > The greatest loss is what dies inside > you while U live...!" _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/