Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

policer

policy policer—Configure or apply a policer to be used for data traffic. For centralized data policy, you can police unicast traffic. For localized data policy (ACLs), you can police unicast and multicast traffic.

vManage Feature Template

For vEdge routers and vSmart controllers:

Configuration ► Policies
Configuration ► Templates ► VPN Interface Cellular (for vEdge cellular wireless routers only)
Configuration ► Templates ► VPN Interface Ethernet (for vEdge routers only)
Configuration ► Templates ► VPN Interface GRE (for vEdge routers only)
Configuration ► Templates ► VPN Interface PPP (for vEdge routers only)
Configuration ► Templates ► VPN Interface PPP Ethernet (for vEdge routers only)

Command Hierarchy

Configure a Policer

policy
  policer policer-name
    burst bytes
    exceed action
    rate bps

Apply a Policer in Centralized Data Policy

On vSmart controllers only.

policy
  data-policy policy-name
    vpn-list list-name
      sequence number
        action accept
          set policer policer-name

​Apply a Policer via an Access List

On vEdge routers only.

policy
  access-list list-name
    sequence number
      action accept
        policer policer-name

Apply a Policer Directly to an Interface

On vEdge routers only.

vpn vpn-id
  interface interface-name
    policer policer-name (in | out)

Options

Policer Name
policer-name
Name of the policer. It can be a text string from 1 to 32 characters long. When you include a policer in the action portion of an access list or when you apply a policer directly to an interface, the name must match that which you specified when you created the policer with the policy policer configuration command.
Policer Parameters
burst bytes
exceed action
rate bps
Define the policing parameters:
burst is the maximum traffic burst size. bytes can be a value from 15000 to 10000000.
exceed is the action to take when the burst size or traffic rate is exceeded. action can be drop (the default) or remark. The drop action is equivalent to setting the packet loss priority (PLP) to low. The remark action sets the PLP to high. In centralized data policy, access lists, and application-aware routing policy, you can match the PLP with the match plp option.
rate is the maximum traffic rate, in bits per second. bps can be value from 0 through 264 – 1.
Apply a Policer Conditionally to an Interface, via an Access List
policy access-list access-list sequence number action accept policer policer-name
vpn interface access-list list-name (in | out)
To apply a policer via an access list, first configure the name of the policer in the action portion of the access list. Then apply that access list to the interface, specifying the direction in which to apply it. Applying it in the inbound direction (in) affects packets being received on the interface. Applying it in the outbound direction (out) affects packets being transmitted on the interface. Enabling a policer via an access lists applies the policing parameters conditionally, only to traffic transiting the interface in the specified direction that matches the parameters in the access list.
Apply a Policer Unconditionally to an Interface
vpn interface policer policer-name (in | out)
Apply a policer directly to an interface, specifying the direction in which to apply it. Applying it in the inbound direction (in) affects packets being received on the interface. Applying it in the outbound direction (out) affects packets being transmitted on the interface. Applying a policer directly to an interface applies the policing parameters unconditionally, to all traffic transiting the interface in the specified direction.

Example

Create a policer, and apply it conditionally to outbound traffic on an interface in VPN 1:

policy
 policer p1
  rate   1000000
  burst  15000
  exceed drop
 !
 access-list acl1
  sequence 1
   match
    source-ip        2.2.0.0/16
    destination-ip   10.1.1.0/24 100.1.1.0/24
    destination-port 20 30
    protocol         6 17 23
   !
   action accept
    policer p1
   !
  !
  default-action drop
 !
!
vpn 1
 interface ge0/4
  ip address 10.20.24.15/24
  no shutdown
  access-list acl1 out
 !
!

Apply the same policer unconditionally to outbound traffic on the same interface:

policy
 policer p1
  rate   1000000
  burst  15000
  exceed drop
 !
 vpn 1
 interface ge0/4
  ip address 10.20.24.15/24
  no shutdown
  policer p1
 !
!

Release Information

Command introduced in Viptela Software Release 14.1.​
In Release 16.3, add support for multicast traffic.

  • Was this article helpful?