I had the same problem when trying to police L2 traffic and I've been told to use the dscp default to match all traffic You don't need to qualify it, it is already default, so why setting it again? This is what you should try based on what I use and it works fine:
! Don't forget to set this globally mls qos class-map match-all ALL match ip dscp 0 ! policy-map Re-color-BE description Police to 10Mbps CIR - Re-color ALL to BE class ALL police 10000000 8000 exceed-action drop ! not sure the following line is required ! set ip dscp default Hope this helps Ziv -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin Shore Sent: Tuesday, August 04, 2009 11:30 PM To: 'Cisco-nsp' Subject: [c-nsp] Policing on a 3560 I'm having a little trouble doing something that should be simple. I'm using a 3560 as a CPE to break up multiple services and bind them to unique switchports. I don't normally use 3560s for this. The port in question is for a 10Mbp PtP with no SLA across our backbone. What I currently have is apparently not doing anything and I fail to see the flaw in my logic: class-map match-all ALL ! ! policy-map Re-color-BE description Police to 10Mbps CIR - Re-color ALL to BE class ALL police 10000000 8000 exceed-action drop set ip dscp default This is my QoS trust boundary so I'm re-coloring to 0 and setting muy CIR to 10Mbps. The switch wouldn't let me define 'match any' in the class-map. I suspect that I'm not matching anything because of that. I want to match anything coming in that interface and police it to the CIR and drop everything else. I must be missing something but I'm not sure what it is. Is there something unique about this platform? The IOS is 12.2(50)SE1. Thanks Justin _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ __________ Information from ESET NOD32 Antivirus, version of virus signature database 4310 (20090805) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 4310 (20090805) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/