the required number of tokens are generated in the token bucket. Thus, traffic rate is restricted to the
rate for generating tokens, thus limiting traffic rate and allowing bursty traffic.
Line rate can only limit the total traffic rate on a physical port, while traffic policing can limit the rate of a
flow on a port. To limit the rate of all the packets on a port, using line rate is easier.
Configuring Traffic Policing
Configuration Procedure
Follow these steps to configure traffic policing:
To do...
Enter system view
Create a class and enter
class view
Configure the match
criteria
Exit class view
Create a behavior and
enter behavior view
Configure a traffic policing
action
Exit behavior view
Create a policy and enter
policy view
Associate the class with
the traffic behavior in the
QoS policy
Exit policy view
To an interface
To online
Apply the
users
QoS
policy
To a VLAN
Globally
Configuration Example
Configure traffic policing on GigabitEthernet 1/0/1 to limit the rate of received HTTP traffic to 512 kbps
and drop the exceeding traffic.
# Enter system view.
<Sysname> system-view
# Configure advanced ACL 3000 to match HTTP traffic.
[Sysname] acl number 3000
Use the command...
system-view
traffic classifier tcl-name [ operator
{ and | or } ]
if-match match-criteria
quit
traffic behavior behavior-name
car cir committed-information-rate
[ cbs committed-burst-size [ ebs
excess-burst-size ] ] [ pir
peak-information-rate ] [ green action ]
[ red action ] [ yellow action ]
quit
qos policy policy-name
classifier tcl-name behavior
behavior-name
quit
Applying the QoS policy to an interface
Applying the QoS policy to online
users
Applying the QoS policy to a VLAN
Applying the QoS policy globally
4-5
Remarks
—
—
—
—
—
Required
—
—
—
—
—
—
—
—