In the context of a small hosting company we have a 7206VXR, a WS-3524-XL switch, and customers connected to access ports on the switch. I'd like to provide customerA on port Fa0/1 1mbpsx1mbps, customerB on port Fa0/2 3mbpsx3mbps etc.
Right now I'm running dot1q vlans over a trunk port from the switch to the router where I am doing basic rate-limit input and rate-limit output. However this doesn't scale well especially when considering redundancy, VRRP etc. So I'm looking to do all the rate limiting on the access switch.
I realize i can do input policing on the access port (upload from the customer perspective) but i'm not sure how to limit the customers donwload. Do i need a switch that does egress policing or can i ingress police a vlan, even on the trunk port?
Any ideas are welcome