Today, I was facing an issue with several users. These users were uploading big files on server (http). Unfortunately, they were using all available bandwidth. It's why, I have decided to police this specific traffic (any users to this server). With the following configuration, the bandwidth for users is limited at 3Mbps (configuration applied on a Layer 3 Switch):
- If the bandwidth exceeds 3Mbps, following packets are dropped:
access-list 100 permit tcp any 10.10.10.200 0.0.0.0 eq www
!
class-map match-all UserTraffic
match access-group 100
!
policy-map policeTraffic
class UserTraffic
police 3000000 conform-action transmit exceed-action drop
!
interface Vlan999
service-policy output policeTraffic
MYSWITCH#show policy-map interface vlan 999
Vlan999
Service-policy output: policeTraffic
Class-map:UserTraffic (match-all)
558663 packets, 827048161 bytes
5 minute offered rate 3643000 bps, drop rate 645000 bps
Match: access-group 100
police:
cir 3000000 bps, bc 93750 bytes
conformed 460702 packets, 679305595 bytes; actions:
transmit
exceeded 97962 packets, 147744080 bytes; actions:
drop
conformed 2994000 bps, exceed 669000 bps
Class-map: class-default (match-any)
1626596 packets, 568490144 bytes
5 minute offered rate 3555000 bps, drop rate 0 bps
Match: any