User based rate limit

Similar Messages

• Per user bandwidth rate limit.

                     How to configure per user bandwidth rate limit for wireless guest client, authentication server is ISE 1.2 & wireless controller is 5760.

  The Cisco 5760 WLC supports better QoS than other c
  ontrollers, allowing prioritization of mission-crit
  ical
  applications:
  ●
  The Cisco 5760 WLC supports four wireless hardware
  queues and priority-based queuing compared to
  software-based queuing in existing controllers.
  ●
  The Cisco 5760 WLC follows MQC based commands, allo
  wing usage of exact commands for configuring
  QoS on different types of network devices.
  ●
  The Cisco 5760 WLC supports QoS policies to be appl
  ied in a hierarchical fashion with more granularity
  per SSID per radio, while on the current controller
  s granularity is per WLAN.
  ●
  The Cisco 5760 WLC supports approximate fair bandwi
  dth to make sure of fairness at client, SSID, and
  radio levels for Non-Real Time (NRT) traffic. There
  fore, if one user consumes excessive bandwidth, we
  can
  limit the amount of bandwidth that user receives an
  d thereby not deprive other users.

• WLC user rate limit on guest ssid anchor controller

  Hi,
  I have been looking through the forums & some cisco documents but not found a good example similar to what I am seeking to do so now I am turning to the expertise of my peers.
  We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ.
  Both the foreign and anchor controller are here at my location.
  I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid.
  As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
  We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
  I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
  So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
  Thanks guys!           
  Oh and here is my hardware & software levels.
  5508wlc - forgeign
  4402wlc - anchor
  Software Version
  7.0.230.0

  Amjad,
  Thank you for taking the time to respond as well as the document link.
  It was pretty clear on the steps and what it would impact.
  Two things that push me for a different solution (assuming their is one).
  Note The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point).
  As you can see from the above note taken out of the linked document the roll based rate limit doesnt really rate limit the T1 traffic any guest user consumes it only limits usage from the AP down to the client.
  #1 I am looking for a solution that limits the users up & down streams (if possible) & also before it leaves the AP for the T1.
  The idea is to limit WAN utilization.
  #2 I read in the forums here others asking about the "user role" and saw some comments saying it is not considered "best practice" to use user roles.
  Let me clarify that our guest ssid's are using the http webpage pass through for authentication and it is really only the tic mark to indicate they understand the terms and conditions of using our internet as a guest service. No actual user accounts are used on the guest ssid's.
  ***One last question about this and any other changes***
  Will any change I make be on the "Foreign, Anchor" or both Controllers?

• Per Wlan - Rate-Limit

  Hello, anyone know if its possible to set a maximum bandwidth for the entire wlan or for entire Vlan in the WLC 5508 ?
  Thanks

  This is a big desire for us too.
  You can do this multiple ways on the infrastructure:
  if using 6500s, you can use user-based rate limiting
  you can do this on various firewall products such as pfsense.
  You can use ingress & egress queuing on the switch, but it may not work as desired.
  We settled on using ip-nbar & policy routing for now to clamp down on file sharing protocols and also download urls with various extensions such as .iso, .dmg, .zip.....
  The challenge we found with per user limiting was that few solutions support the client count/demand that we see.
  If your environment is more spread out, you may have better luck with traffic policing and/or shaping at the switch level.
  As per wlan rate limiting, it will really depend on your infrastructure hardware & IOS supported functions.
  I agree about not shaping over the air, keep as much extraneous traffic off the air as possible.

• Policy-map based rate-limiting per vlan

  Hi
  I was thinking if someone could help me to come up with solution to a problem. Scenario as follow:
  I have a trunk interface with multiple vlans on:
  interface GigabitEthernet2/0/3
  description TRUNK-to-*********
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 415,416,610,1191-1193,1195
  switchport mode trunk
  duplex full
  storm-control broadcast level pps 1k
  storm-control multicast level pps 3k
  storm-control unicast level pps 250k
  storm-control action trap
  spanning-tree portfast trunk
  spanning-tree bpdufilter enable
  I'm trying to rate limit two of the vlans that are present on this trunk interface - vlan 415 and vlan 1192.
  So I'm putting the class-map (to be later applied under the policy-map which is not significant here):
  (config)#class-map match-any 120-mbps-class
  (config-cmap)#match input-interface vlan 415
  (config-cmap)#match input-interface vlan 1192
  Now, when you show the class-map I created, I can see this:
  sh class-map 120-mbps-class
  Class Map match-any 120-mbps-class (id 1)
     Match input-interface  Vlan415
     Match input-interface  FastEthernet0
  For some bizzare reason class-map is matching the Fa0. I have researched this, and this is most probably because you can only match 1 vlan instance under the class-map.
  And here's my problem - I can't police whole interface as the other vlans should not be policed - how can I police those two vlans ?
  Any thoughts ? All help appreciated as always.
  Rob.

  Hi Daniel,
  I have labed it and unfortuantely it does not work as expected. I have put 1x 3750 and 1x 2960 trunk between them, each box had an access port for laptop to create some traffic across. All vlan-based qos has been applied on 3750G.
  3750G config
  Interface g1/0/20
  descriprion trunk
  swicthport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan 100,120
  Interface g1/0/1
  description access
  switchport mode access
  switchport access vlan 100
  Interface vlan 100
  ip address 192.168.100.254
  service-policy input PARENT-POLICER
  Interface vlan 120
  ip address 10.10.10.1
  Policy-map PARENT-POLICER
  class PERMIT-ANY-CLASS
  trust COS
  service-policy CHILD-POLICER
  class-map match-any PERMIT-ANY-CLASS
  match access-group name POLICY-LIST
  Extended IP access list POLICY-LIST
      10 permit ip any any
  Policy-map CHILD-POLICER
  class INTERFACE-POLICE-CLASS
    police 100000 8000 exceed-action drop
  Class Map match-any INTERFACE-POLICE-CLASS
  Match input-interface  GigabitEthernet1/0/20
  2960 config:
  interface g0/20
  switchport mode trunk
  switchport trunk allowed vlan 100,120
  interface g0/1
  switchport mode access
  switchport access vlan 100
  interface vlan 100
  ip address 192.168.100.253
  interface vlan 120
  ip address 10.10.10.2
  So as you can see vlan 100 is the one it need to be rate limited (I have only rate limited to 100kbps just to see if it's working) and vlan 120 is only on the trunk ports to confirm if the traffic  for this one is not affected.
  Unfortunately when the policing is applied on 3750 vlan 100 (and policing is working fine) then I can see the packet loss while pinging between switches on vlan 120 suggesting that the policy is affecting the other vlan as well. When I take the policy out of the vlan 100 I cannot observe the packet loss on vlan 120 meaning is no longer affected.
  Not sure if I have explained this clear enough so far, if not let me know.
  Do you have any suggestions ?
  Thanks!

• WLCS 3.5 on WebLogic 6.0 - Getting users based on a property

  Hello all,
  I am developing a web application atop WebLogic Commerce Server 3.5 and
  WebLogic 6.0. One of the features of the application shows users based on a
  property in the profile. For example, the profile has a property called
  "State", and the list would show all users from California.
  My questions are:
  1. Is there a way to get a list of usernames based on a property in a
  property set?
  2. Has anyone solved a similar problem? If so, how?
  Currently I can only see two options for solving this problem:
  1. Through the UserManager I can use:
  com.beasys.commerce.axiom.contact.UserManager
  getUserNamesForGroup(java.lang.String groupName, java.lang.String
  searchExpression, int limit)
  This would give me a list of users in the group. I would then have to
  iterate through each profile and check the property. This approach seems
  like it would be expensive and consume a lot of system resources.
  2. Alternatively, I could develop a data access object to query the database
  and return a result set of usernames. This approach seems like a better
  solution; however, if there is a way to accomplish what I need through the
  WLCS API I would prefer to use the API (I don't want to re-invent the
  wheel).
  Any assistance you can offer is much appreciated.
  Thanks,
  Erik

  Eric,
  There is no way of doing this through the API that I am aware of. We are
  actually considering adding this feature for 8.0.
  Sincerely,
  Daniel Selman
  "Erik Pilz" <[email protected]> wrote in message
  news:[email protected]..
  Hello all,
  I am developing a web application atop WebLogic Commerce Server 3.5 and
  WebLogic 6.0. One of the features of the application shows users based ona
  property in the profile. For example, the profile has a property called
  "State", and the list would show all users from California.
  My questions are:
  1. Is there a way to get a list of usernames based on a property in a
  property set?
  2. Has anyone solved a similar problem? If so, how?
  Currently I can only see two options for solving this problem:
  1. Through the UserManager I can use:
  com.beasys.commerce.axiom.contact.UserManager
  getUserNamesForGroup(java.lang.String groupName, java.lang.String
  searchExpression, int limit)
  This would give me a list of users in the group. I would then have to
  iterate through each profile and check the property. This approach seems
  like it would be expensive and consume a lot of system resources.
  2. Alternatively, I could develop a data access object to query thedatabase
  and return a result set of usernames. This approach seems like a better
  solution; however, if there is a way to accomplish what I need through the
  WLCS API I would prefer to use the API (I don't want to re-invent the
  wheel).
  Any assistance you can offer is much appreciated.
  Thanks,
  Erik

• User based block the pricing field in the sale order

  HI FRIEND
  We have requirement user based block the pricing field in the sale order
  pls suggest me the configuration steps
  with regards
  dinesh

  hi friend
  when create a sale orde,r price and exchange rate is triigger from the master record.
  head department want not require to End user to change the price in the sale order .
  so head department only have authorisation to change price.
  selected user is not allow the change the price.
  so i need the configuration
  with regards
  dinesh

• Bandwidth Management(Rate Limit) Using QoS Policies

  Hello,
  I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
  Need input please,
  Thanks,
  D

  Hello,
  That's a question that you as the network admin of that organization could answer.
  How much traffic for business purposes must travel via HTTP/HTTPS?
  How much bandwith are you willing to provide to this 2 protocols?
  Those are the kind of answers you need to answer before setting the number
  Regards
  Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
  Julio

• Cisco SG300 VLAN rate-limit

  I have a Cisco SG300 small business switch and 541 APs. There are 2 VLANs in our network. One must be limited by bandwidth. Does anyone have an idea for configure vlan rate-limiting on SG300? And please describe CIR & CBS for me. Thanks.

  http://www.cisco.com/en/US/partner/products/ps10898/prod_command_reference_list.html
  Cisco Small Business 300 Series Managed Switches Command Line Interface Guide Release 1.3
  Select CIR and CBS according to your design. You can use a larger CBS when performance is not ideal.
  49.23 rate-limit (VLAN)
  Use the Layer 2 rate-limit (VLAN) Global Configuration mode command to limit the
  incoming traffic rate for a VLAN. Use the no form of this command to disable the
  rate limit.
  Syntax
  rate-limit vlan-id committed-rate committed-burst
  no rate-limit vlan
  Parameters
  • vlan-id—Specifies the VLAN ID.
  • committed-rate—Specifies the average traffic rate (CIR) in kbits per second
  (kbps). (Range: 3-57982058)
  • committed-burst—Specifies the maximum burst size (CBS) in bytes.
  (Range: 3000-19173960)
  Default Configuration
  Rate limiting is disabled.
  Committed-burst-bytes is 128K.
  Command Mode
  Global Configuration mode
  User Guidelines
  Traffic policing in a policy map takes precedence over VLAN rate limiting. If a
  packet is subject to traffic policing in a policy map and is associated with a VLAN
  that is rate limited, the packet is counted only in the traffic policing of the policy
  map.
  This command does not work in Layer 3 mode. It does not work in conjunction with
  IP Source Guard.
  Example
  The following example limits the rate on VLAN 11 to 150000 kbps or the normal
  burst size to 9600 bytes.
  switchxxxxxx(config)# rate-limit 11 150000 9600

• FD32 restrict users based on a schedule of authority

  All,
  I have a requirement within FD32 to restrict users based on a schedule of authority.  For example, only allowing credit limits to be changed in a user's authorized dollar range.  I was able to restrict the Credit Limit field (change/display) by using field groups, but I have an extension of the requirement for a schedule of authority.  Can someone please  help?

  You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
  It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
  Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
  Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM

• Upstream traffic rate limit

  Hi all,
  Upstream traffic rate limit is not supported by WLC . It will be done by AP.
  We have setup of Auto anchor for both corporate and guest(but authentication mechanism is diffrent) . They wont access any internal resouce .Only interner traffic is permitted.
  So can we limit the internet traffic for guest users .? If we limiting the upstream traffic at the AP level what would be the concerns we may face?
  Kindly help on this.
  Thanks,
  Regards,
  Vijay

  Hello Vijay,
  As per your query i can suggest you the following solution-
  Please refer table 1 of the given link-
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3900.shtml
  Hope this will help you.

• Configuring rate-limit in switch 6500

  Good morning gentlemen
  Consider a 6509E (supervisor 720 3B) switch with many interface VLANs configured, one of each related to each customer. Each interface VLAN had configured a rate-limit input and output configured representing the maximum bandwidth permitted for the customer.
  I could configured that way using the old IOS s72033-ipservicesk9_wan-mz.122-18.SXF7.
  Last weekend I had to upgrade that IOS to s72033-ipservicesk9_wan-mz.122-33.SXJ7. All rate-limits in VLAN interfaces disappeared, probably not supported in this new version.
  Now, what's you recommendation to perform the same in this IOS version?...I only found the policy-map/service-policy way.
  Follow my questions:
  1 - "mls qos" is globally disabled. Should I configure globally or by interface VLAN?... Expected any impact?
  I believe that only need "police" for QOS. No need for any other kind of QOS.
  2 - Should I enable "mls qos vlan-based" for each physical layer 2 port connected to that switch related to each interface vlan with police?
  Expected only one physical port (or port-channel) for each customer (and each VLAN) connected to a switch.
  Thank you and regards
  Christian

  Interesting that I have just upgraded the IOS to the last version 12 release.
  I think that for the reason that we are facing high CPU usage for "IP Input" process, something related to mls/cef is not tunned.
  Anyone has any idea regarding the configuration presented?
  Regards
  Christian

• 6500 hardware rate-limit drops

  Hi,
  I'm a bit new on 6509s - could anyone tell me how to show if any packets are dropped on a 6509 due to hardware rate-limiting such as
  mls rate-limit layer2 pdu 1000 100
  I've tried show mls rate-limit and  sh mls rate-limit usage.
  Hardware is sup720, software is 12.2(33)SXJ9
  Thank you.

  I've been doing some more digging and probably answered my own question in that I found a document which states:
  "There are no counters associated with the special-cases hardware-based rate-limiters, and these mechanisms cannot be monitored."

• Prevalence between service policy and rate limit

  Hi,
  I have a question, on the wan interface on my router I have configured two QoS configuration: one is based on rate-limit pointing to a an specified traffic but also I have a configuration with a service policy that include the same traffic with a restriction of bandwidth . I do not know what policy has prevalence if the service policy or the rate limit.
  Regards.

  Hi Rajan ,
  Thanks for teh reply.
  I'm but confused with your answer....
  We have SRM 5 implemented at our place and I see that service carts  created in the system using the link "ORDER" when converted to PO's in Sourcing create Purchase orders with HIERARCHY structure i.e. 1 header and 1 item(with the actual service line) but when they are replicated to ECC,we have done an enheancement to create LIMIT PO's for service orders.
  Hence I wanted to know when do we need to create SERVICE HIRERACHY based PO's in SRM and when we need to create LIMIT PO's directly in SRM?
  Also I understand that in SRM,for limit PO's,when the PO item is deleted in PROCESS PO trasnctions,the items are not returned back to sourcing.We dont want this to happen for all types of PO's(both material and Service).We want that when a PO item is deleted,the item should return back to sourcing.
  But other then above functionality,what are the advantages of creating SERVICE based HIERARHCY PO's v/s LIMIT PO's in SRM?
  Please advise.
  Any inputs from Experts on this forum will be appreciated.
  Thanks in advance.

• 3750X rate-limit (QoS)

  Hello,
  I'm trying to configure a rate-limit in a 3750X but I'm not seeing any result... 
  These are my configurations:
  RF#show run 
  Building configuration...
  Current configuration : 23410 bytes
  ! Last configuration change at 08:53:35 UTC Sun Mar 14 1993
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname RF
  boot-start-marker
  boot-end-marker
  no aaa new-model
  switch 1 provision ws-c3750x-48p
  system mtu routing 1500
  ip routing
  ip domain-name erf.carco.com.mx
  rep admin vlan 100
  mls qos
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  vlan 2
  vlan 4 
  vlan 6
  vlan 8
  vlan 10
  vlan 20
  vlan 21   
  vlan 22
  vlan 23
  vlan 25 
  vlan 26
  vlan 30
  vlan 50
  vlan 53
  vlan 70
  vlan 81
  vlan 91
  vlan 92
  vlan 93
  vlan 95
  vlan 96
  vlan 99
  vlan 100
  vlan 102
  vlan 110
  vlan 122
  vlan 129
  vlan 200
  vlan 213
  vlan 227
  vlan 333
  vlan 357
  vlan 417
  vlan 444
  vlan 500
  vlan 502
  vlan 555
  vlan 700
  vlan 712
  vlan 910
  vlan 911
  vlan 951
  vlan 1105
  vlan 1508
  vlan 1830
  vlan 1870
  vlan 1890
  vlan 1891
  vlan 1892
  class-map match-any test
    match access-group 100
  policy-map test
   class test
    police 150000000 512000 exceed-action drop
  interface Loopback0
   ip address 10.20.40.106 255.255.255.0
  interface Port-channel22
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport mode trunk
   bandwidth 10000000
   rep segment 10
  interface Port-channel24
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport mode trunk
   bandwidth 10000000
   rep segment 10
  interface FastEthernet0
   no ip address
   no ip route-cache
   shutdown
  interface GigabitEthernet1/0/1
  interface GigabitEthernet1/0/2
  interface GigabitEthernet1/0/3
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
   switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   no logging event link-status
   shutdown
   speed 1000
   duplex full
  interface GigabitEthernet1/0/4
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,8,10,20,50,53,70,91-93,95,96,99,100,110,213
   switchport trunk allowed vlan add 227,500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   shutdown
   speed 1000
   duplex full
  interface GigabitEthernet1/0/5
  interface GigabitEthernet1/0/6
  interface GigabitEthernet1/0/7
  interface GigabitEthernet1/0/8
  interface GigabitEthernet1/0/9
  interface GigabitEthernet1/0/10
   switchport access vlan 91
   switchport mode access
   logging event link-status
  interface GigabitEthernet1/0/11
  interface GigabitEthernet1/0/12
  interface GigabitEthernet1/0/13
  interface GigabitEthernet1/0/14
  interface GigabitEthernet1/0/15
   switchport access vlan 91
   switchport mode access
   logging event link-status
  interface GigabitEthernet1/0/16
  interface GigabitEthernet1/0/17
  interface GigabitEthernet1/0/18
  interface GigabitEthernet1/0/19
  interface GigabitEthernet1/0/20
   switchport access vlan 91
   switchport mode access
   logging event link-status
  interface GigabitEthernet1/0/21
  interface GigabitEthernet1/0/22
  interface GigabitEthernet1/0/23
  interface GigabitEthernet1/0/24
  interface GigabitEthernet1/0/25
   switchport access vlan 910
   switchport mode access
  interface GigabitEthernet1/0/26
  interface GigabitEthernet1/0/27
  interface GigabitEthernet1/0/28
  interface GigabitEthernet1/0/29
  interface GigabitEthernet1/0/30
  interface GigabitEthernet1/0/31
  interface GigabitEthernet1/0/32
  interface GigabitEthernet1/0/33
  interface GigabitEthernet1/0/34
  interface GigabitEthernet1/0/35
  interface GigabitEthernet1/0/36
  interface GigabitEthernet1/0/37
   no switchport
   bandwidth 150000
   ip address 10.20.103.13 255.255.255.252
   rate-limit output access-group 100 24000000 3000000 3000000 conform-action transmit exceed-action drop
   logging event link-status
  interface GigabitEthernet1/0/38
  interface GigabitEthernet1/0/39
  interface GigabitEthernet1/0/40
  interface GigabitEthernet1/0/41
  interface GigabitEthernet1/0/42
  interface GigabitEthernet1/0/43
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport mode trunk
   bandwidth 10000000
   channel-group 24 mode on
  interface GigabitEthernet1/0/44
  interface GigabitEthernet1/0/45
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
   switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   shutdown
  interface GigabitEthernet1/0/46
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
   switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   shutdown
  interface GigabitEthernet1/0/47
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport mode trunk
   bandwidth 10000000
   channel-group 22 mode on
  interface GigabitEthernet1/0/48
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 6
   switchport trunk allowed vlan 2,7,10,20,50,53,70,91-93,95,96,99,100,110,213
   switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   logging event link-status
   shutdown
  interface GigabitEthernet1/1/1
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
   switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   shutdown
  interface GigabitEthernet1/1/2
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 100
   switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
   switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   shutdown
  interface GigabitEthernet1/1/3
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 6
   switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
   switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
   logging event link-status
   shutdown
  interface GigabitEthernet1/1/4
   switchport trunk encapsulation dot1q
   switchport trunk native vlan 6
   switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
   switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
   switchport mode trunk
   logging event link-status
   shutdown
  interface TenGigabitEthernet1/1/1
  interface TenGigabitEthernet1/1/2
  interface Vlan1
   no ip address
   shutdown
  interface Vlan6
   description ***LANERF**
   ip address 10.20.6.106 255.255.255.0
   no ip redirects
  interface Vlan23
   description < TRANSITO MUR >
   no ip address
   no ip redirects
  interface Vlan100
   description < VLAN MAN >
   ip address 10.20.100.106 255.255.255.0
   no ip redirects
   ip ospf authentication message-digest
   ip ospf message-digest-key 1 md5 7 032368342B2F0F
   ip ospf dead-interval minimal hello-multiplier 4
  router ospf 1
   router-id 10.20.40.106
   auto-cost reference-bandwidth 100000
   area 0.0.0.0 authentication message-digest
   area 1.80.1.1 authentication message-digest
   redistribute connected subnets
   redistribute static subnets
   passive-interface default
   no passive-interface Vlan23
   no passive-interface Vlan100
   no passive-interface GigabitEthernet1/0/37
   network 10.20.6.0 0.0.0.0 area 0.0.0.0
   network 10.20.40.106 0.0.0.0 area 0.0.0.0
   network 10.20.91.6 0.0.0.0 area 0.0.0.0
   network 10.20.100.106 0.0.0.0 area 0.0.0.0
   default-information originate
  ip http server
  ip http secure-server
  access-list 100 permit ip 10.50.80.0 0.0.0.255 10.80.80.0 0.0.0.255
  access-list 100 permit ip 10.80.80.0 0.0.0.255 10.50.80.0 0.0.0.255
  snmp-server community ASComRO RO
  line con 0
  line vty 0 4
   login
  line vty 5 15
   login
  event manager applet track_qos_down authorization bypass
   event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Up->Down"
   action 1 cli command "enable"
   action 2 cli command "configure terminal"
   action 3 cli command "interface giga1/0/37"
   action 4 cli command "rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
   action 5 cli command "end"
  event manager applet track_qos_up authorization bypass
   event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Down->Up"
   action 1 cli command "enable"
   action 2 cli command "configure terminal"
   action 3 cli command "interface giga1/0/37"
   action 4 cli command "no rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
   action 5 cli command "end"
  end
  ERF#     
  ERF#show mls qos 
  QoS is enabled 
  QoS ip packet dscp rewrite is enabled 
  ERF#show mls qos inter gigabitEthernet 1/0/37 
  GigabitEthernet1/0/37 
  trust state: not trusted 
  trust mode: not trusted 
  trust enabled flag: ena 
  COS override: dis 
  default COS: 0 
  DSCP Mutation Map: Default DSCP Mutation Map 
  Trust device: none 
  qos mode: port-based 
  When I apply the command I'm seeing a gauge using a 3rd party but I'm not seeing that the traffic will be truncated @ 50Mbps.
  Any thoughts??? 

  Hi
  Bandwidth commands allocates the particular amount of bandwidth you mention or configure over there.
  Basically you have the liberty to configure upto 75% of the available interface bandwidth to different classes.
  most widelys used with CBWFQ technique..
  so while configuring up the same better to watch out for the exact bandwidth value keyed in on the interface to have your alloocation work properly.
  policing basically used for limiting the traffic or to control the bursts by dropping them or marking them with different ip precedence or DSCP values.
  its very much similar to the rate-limit command applied on the interface level which again uses token bucket system either single or dual based on the configuration parameters.
  for more info on above mentioned clis do check these links..
  http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html
  http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html
  regds