Hi,
We're experiencing a somewhat bizarre issue. I'll try to lay it out as clearly as possible.
We have a 8-member PowerConnect 5548 stack - 4 PoE units and 4 non-PoE units. This stack is uplinked to two Cisco ISR routers - a 3900 as primary and a 2900 as secondary with HSRP configured between them. We have five Meraki WAPs connected to one of the PoE stack members, configured in bridge mode. This is a multi-tenant environment with around 70 active VLANs.
We are performing traffic policing at the router level on a per-VLAN basis by matching against ACLs and input interfaces, which allows us to apply a single policy to the switch-facing interface and the WAN-facing interface without having to apply a separate policy to every single VLAN subinterface.
Everything works fine, mostly. What isn't working correctly is the upload policing. While this may sound like a router issue which should be posted over in Cisco land, what's strange about it is that upload policing works as expected when a client connects via WiFi. It is only when a client connects physically to a switchport on any of the PowerConnect units that the upload policing does not work. If I create a SSID for a given VLAN and try there, policing works fine. Download policing works fine either way.
I certainly reserve the right to be wrong, but from what we're seeing it seems like our policing configuration at the router level is correct and there is something with the switchports here which is impacting upstream traffic. We played around with speed, duplex, and flow control settings but none made any notable difference.
Any ideas? I can provide configs at request.