3750/3560 interface policing/shaping/bandwidth limiting

I assume, that QoS is set up as it is dscribed in my previous .
All traffic is sorted to two different queues: iptv(dscp32) is put into queue1, other traffic is put into queue2. I want to police customers traffic into 20mbps, except iptv packets going towards the customer.
Ingress policing
Create policy map:

policy-map shape-20
  class class-default
    police 20M 400000 exceed-action drop

Assign policy map to interface:

interface FastEthernet1/0/2
 service-policy input shape-20

Egress policing
Unfortunately, policy-map containing police action cannot be attached to interface in egress direction. Egress queue2 is shaped to 20mbps:

interface FastEthernet1/0/2
 srr-queue bandwidth shape  0  5  0  0

5 is bandwidth weight and is calculated this way: [interface speed]/[bw weight] = [policed speed]. 100mbps/5=20mbps.

There is another possibility to limit egress speed in the interface. It will limit all egress queues to 20% of interface speed:

interface FastEthernet1/0/2
 srr-queue bandwidth limit 20
 srr-queue bandwidth shape  0  0  0  0 

policing скорости на циске для определенных айпишинков

Есть задача ограничить скорость для определенных айпишников проходящих через L3 свич от циски. Вот как это делается с помощью полисинга.
Сначала создаем acl, включающий в себя ограничиваемые айпи адреса:

ip access-list extended user
permit ip host 10.111.111.154 any
permit ip any host 10.111.111.154

Continue reading →

QoS Policing in Cisco IOS

http://wiki.nil.com/QoS_Policing_in_Cisco_IOS
Хорошо с картинками рассказано про policing, shaping, rate-limiting.