Feedback
Table Of Contents
Traffic Policing Configuration Task List
Verifying the Traffic Policing Configuration
Monitoring and Maintaining Traffic Policing
Traffic Policing Configuration Examples
Traffic Policy that Includes Traffic Policing Example
Verifying the Configuration Example
Configuring Traffic Policing
This chapter describes the tasks for configuring the Traffic Policing feature.
For complete conceptual information, see the section "Traffic Policing" in the "Policing and Shaping Overview" chapter of this book.
For a complete description of the Traffic Policing commands mentioned in this chapter, refer to the Cisco IOS Quality of Service Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the "Identifying Supported Platforms" section in the "Using Cisco IOS Software" chapter in this book.
Traffic Policing Configuration Task List
To configure the Traffic Policing feature, perform the tasks described in the following sections. The task in the first section is required; the tasks in the remaining section are optional.
•
Configuring Traffic Policing (Required)
•
•
See the end of this chapter for the section "Traffic Policing Configuration Examples."
Configuring Traffic Policing
To successfully configure the Traffic Policing feature, a traffic class and a traffic policy must be created, and the traffic policy must be attached to a specified interface. These tasks are performed using the Modular QoS Command-Line Interface (CLI). For information on the Modular QoS CLI, see the chapter "Configuring the Modular Quality of Service Command-Line Interface" in this book.
The Traffic Policing feature is configured in the traffic policy. To configure the Traffic Policing feature, use the following command in policy-map class configuration mode:
The command syntax of the police command allows you to specify the action to be taken on a packet when you enable the action keyword. The resulting action corresponding to the keyword choices are listed in Table 12.
For more information about the police command, refer to the Cisco IOS Quality of Service Solutions Command Reference.
The Traffic Policing feature works with a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified.
For a description of a single token bucket algorithm and an explanation of how it works, see the "What Is a Token Bucket?" section of the"Policing and Shaping Overview" chapter of this book.
Verifying the Traffic Policing Configuration
To verify that the Traffic Policing feature is configured on your interface, use the following command in EXEC mode:
Router# show policy-map interface
Displays statistics and configurations of all input and output policies attached to an interface.
Monitoring and Maintaining Traffic Policing
To monitor and maintain the Traffic Policing feature, use the following commands in EXEC mode, as needed:
Traffic Policing Configuration Examples
The following sections provide Traffic Policing configuration examples:
•
•
For information on how to configure the Traffic Policing feature, see the section "Traffic Policing Configuration Task List" in this chapter.
Traffic Policy that Includes Traffic Policing Example
The following configuration example shows how to define a traffic class (with the class-map command) and associate that traffic class with a traffic policy (with the policy-map command). Traffic policing is applied in the traffic policy. The service-policy command is then used to attach the traffic policy to the interface.
For additional information on configuring traffic classes and traffic policies, see the chapter "Configuring the Modular Quality of Service Command-Line Interface" in this book.
In this particular example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 2000 bytes, and the excess burst size at 4000 bytes. Packets coming into Fast Ethernet interface 0/0 are evaluated by the token bucket algorithm to analyze whether packets conform exceed, or violate the specified parameters. Packets that conform are sent, packets that exceed are assigned a QoS group value of 4 and are sent, and packets that violate are dropped.
For a description of a token bucket and an explanation of how a token bucket works, see the "What Is a Token Bucket?" section of the "Policing and Shaping Overview" chapter of this book.
7200-uut(config)# class-map acgroup27200-uut(config-cmap)# match access-group 27200-uut(config-cmap)# exit7200-uut(config)# policy-map police7200-uut(config-pmap)# class acgroup27200-uut(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action set-qos-transmit 4 violate-action drop7200-uut(config-pmap-c)# exit7200-uut(config-pmap)# exit7200-uut(config)# interface fastethernet 0/07200-uut(config-if)# service-policy input policeVerifying the Configuration Example
The following example verifies that the Traffic Policing feature is configured on your interface. If the feature is configured on your interface, the show policy-map interface command output displays policing statistics.
Router# show policy-map interfaceEthernet1/7service-policy output: xclass-map: a (match-all)0 packets, 0 bytes5 minute rate 0 bpsmatch: ip precedence 0police:1000000 bps, 10000 limit, 10000 extended limitconformed 0 packets, 0 bytes; action: transmitexceeded 0 packets, 0 bytes; action: dropconformed 0 bps, exceed 0 bps, violate 0 bps