Specifications
2-410
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.3.0XO(15.1(1)XO)
OL_28738 -01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
police
Traffic policing will not be executed for traffic that passes through an interface.
Specifying Multiple Actions
The police command allows you to specify multiple policing actions. When specifying multiple policing
actions when configuring the police command, note the following points:
• You can specify a maximum of four actions at one time.
• You canno t sp ecify contr adictory actions such as conform-action transmit and conform-action
drop.
Using the Police Command with the Traffic Policing Feature
The police command can be used with Traffic Policing feature. The Traffic Policing feature works with
a token bucket algo rithm. Two ty pes of toke n bucket a lgorithms a re a sing le-token buc ket algor ithm and
a two-token bucket algorithm. A singl e-token bucket syste m is used when the violate- action option is
not specified, and a two-token bucket system is used when the violat e-action option is specified.
Token Bucket Algorithm with One Token Bucket
The one token bucket algorithm is used when the violate-action option is not specified in the police
command of the command-line interface (CLI).
The conform bucket is initially set to the full size (the full size is the number of bytes specified as the
normal burst size).
When a packet of a given size (for example, “B” bytes) arrives at specific time ( time “T”) the following
actions occur:
• Tokens are updated in the conform bucket. If the previous arrival of the packe t was at T1 and the
current time is T, the bucket is updated with (T - T1) worth of bits based on the token arrival rate.
The token arrival rate is calculated as follows:
(time between packets <which is equal to T - T1> * policer rate)/8 bytes
• If the number of bytes in the conform bucket B is greater than or equal to 0, the packet conforms
and the conform actio n is take n on the packet. I f the packe t conforms, B bytes a re removed from the
conform bucket and the conform action is completed for the packet.
• If the number of bytes in the conform bucket B (minus the packet size to be limited) is fewer than 0,
the exceed action is taken.
Token Bucket Algorithm with Two Token Buckets (Refer to RFC 2697)
The two-token bucket algor ithm is us ed when the violate-actio n is specified in the pol ice command CLI.
The conform bucket is initially full (the full size is the number of bytes specified as the normal burst
size).
The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the
maximum burst size).
The tokens for both the conform an d exceed token buckets are upda ted based on the token arrival rate ,
or committed information rate (CIR).
When a packet of given size (for example, “B” bytes) arrives at specific time (time “T”) the following
actions occur:
• Tokens are updated in the conform bucket. If the previous arrival of the packe t was at T1 and the
current arrival of the packet is at t, the bucket is updated with T -T1 worth of bits based on the token
arrival rate. The refill tokens are pl aced in the conform bucket. If the tokens overflow the confor m
bucket, the overflow tokens are placed in the exceed bucket.