3750 - Partition bandwidth - VLAN

Unanswered Question
Sep 24th, 2008

Hi,


We have Site A and Site B interconnected via 1 Gb Ethernet terminating on Cisco 3750G switches. Our requirement


1. Data, Voice and Internet traffic to be on different L2 VLAN (security concern).


2. Data and Internet traffic capped to 100 Mbps max.


3. Voice to use all available BW (which includes any un utilized Data/internet under the 100 Mbps cap)



Note: Data and Voice traffic are from different subnets (meaning we have at least 5 X /24 for data and 3 X /24 for voice)


Please give some inputs on what is the best way of doing this.


Thanks in advance,

subra.


Diagram in the attachment with IOS details



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
u0087672js Wed, 09/24/2008 - 09:53

class-map match-all voice

description class for voice

match access-group name Voice


policy-map voice

class voice

priority percent 90

class class-default

fair-queue


ip access-list extended Voice permit ip x.x.x.x x.x.x.x (x being your telephony subnet)any


Just one way of doing it.

subra4u Thu, 09/25/2008 - 00:15

Hi,


Thanks for the input.


I am wondering how to get this implemented. Should I create 3 routed interfaces and implement policy maps on it or 3 SVI.


Any more ideas plz post.


Thanks

subra

Marwan ALshawi Thu, 09/25/2008 - 02:53

let consider this example


data 192.168.1.0/24

internet 172.168.1.0/24

voice 10.1.1.0/24


on Site A


access-list 100 permit ip 192.168.1.0 0.0.0.255 any


access-list 101 permit ip 172.16.1.0 0.0.0.255 any


access-list 102 permit ip 10.1.1.0 0.0.0.255 any


now let make class maps to match these ACLs


class-map data

match access-group 100


class-map internet

match access-group 101

class-map voice

match access-group 102


now lets make a policy for bandwdith management


plicy-map data

class data

police 100000 8000 exceed-action drop


plicy-map internet

class internet

police 100000 8000 exceed-action drop


now we gonna apply these polices on the inbound direction on the source ports not the uplink between switchs


so lets say the port that connected to data is fa0/1

and the port connected to internet is

fa0/5

this is on site A


interface fa0/1

service-policy input data


interface fa0/5

service-policy input internet


and leave the voice port wiout limitation


based on this config the traffic will be droped even befor it enter the switch f its above 100M


and the same idea on the site B

and if u want the communication be isolated between VLANs on L2 make the linke between the swithes as trunk and dont make SVIs to avoid routing between VLANs unless u make the routing with filtering

and keep the vlans span the upling as L2 vlans


and about the above ACLs if u have more subnest u can added to the ACLs eachwith it own class like data or internet


good luck


if helpful Rate





subra4u Thu, 09/25/2008 - 03:54

Hello Mate,


Thanks for your time and the informative Input.


I have a small doubt here regarding the network congestion. In a scenario where the Voice, Data and Internet all running full capacity i.e. 800+100+100 respectively. How will be the voice packet treated. Is it just like the Data and Internet. What could be done , if thatz the case.


Thanks

Subra





Marwan ALshawi Thu, 09/25/2008 - 04:00

in ur case

as the vlans in saparte interfaces and saparate vlans

and we have policed the trraffic exept voice then all other bandwidth will be for voice

if u gonna use trust boundaries and u have ur voice traffic already marked as COS 5 for example

then u can use the scheduling methoed and droping thrthould as an extra qos level on the uplink trunk between switches

this will help u service voice first

but as i mention the bamdwidth will be about 800 for voice as we policed the other two links to 100 each

hope this helpful

u0087672js Thu, 09/25/2008 - 06:30

The voice traffic will get priority up to 90% in this configuration. Everything else is best effort.

Actions

This Discussion