We have a dilemma. We have 3560 that provides two access ports to the customer (Vlan 10, port3 and Vlan12 port5). We rate limit them at 10mbps each.
Customer is going to use two firewalls (active-passive mode), so they will need now 2 more ports turned up (additional port 4 and port 6 for fail over) on our 3560, so each of his firewalls will have one port going to port3 and 5 and other firewall going to port 4 and 6 (for fail over)
Problem is if we turn two more ports, then how we going to rate limit customer to 10mbps per fail over basis? Customer can easily make his two firewalls in active-active mode (using all ports) and use full 40mbps.
Is there any way to rate limit on 3560 per instance basis. I would like to keep ports(4 and 6) that his passive firewall is using off unless active firewall (ports 3 and 5 ) goes down while keeping rate limiting.
Any help is appreciated