Cisco Router Close UpIf you followed my recent Cisco Catalyst rate-limiting post, you already know that policing traffic on a Cisco Catalyst switch requires a bit of thought. Mainly, you have to do a bit of calculating to determine the best bucket size for your application. The good news is that achieving the same affect on a Cisco IOS-based router is much easier.

You can enable shaping on an interface (or sub-interface) in three easy steps. Just remember: class, policy, interface.

Class

class-map match-any CLASS_SLAP
 match any 

On the router, we have the ability to tell the class map to match any traffic. This is in contrast to the Catalyst switch where we had to specify an access-list to match on. This saves us a step and achieves the exact same results. In this case, we are going to assign all traffic to the CLASS_SLAP class.

Policy

policy-map POLICY_SLAP
 class CLASS_SLAP
  shape average 8000000

Now it's time to define our policy map. In this case, we're going to take any traffic that matched the CLASS_SLAP class (which, as you remember, is all traffic) and apply a shaping policy to it. We use the shape average 8000000 configuration command to limit our speed (the CIR) to 8 Mbps. Another configuration command available for a policy map is bandwidth, which has a similar effect. Unfortunately, a policy map utilizing the bandwidth configuration command can not be applied to a sub-interface. This limitation may not be a problem for you, though.

Interface

interface GigabitEthernet0/3.429
 encapsulation dot1Q 429
 service-policy output POLICY_SLAP

Finally, we need to apply the policy map to an interface using the service-policy configuration command. In this example, I used a sub-interface to make the example a little more applicable to real word circumstances. I've also applied the policy map in the outbound direction. Thus, the users of VLAN 429 are only allowed to download at an aggregate of 8 Mbps.

Wasn't that easy? How do your own experiences compare?