3750 - Partition bandwidth - VLAN

subra4u · ‎09-24-2008

Hi,

We have Site A and Site B interconnected via 1 Gb Ethernet terminating on Cisco 3750G switches. Our requirement

1. Data, Voice and Internet traffic to be on different L2 VLAN (security concern).

2. Data and Internet traffic capped to 100 Mbps max.

3. Voice to use all available BW (which includes any un utilized Data/internet under the 100 Mbps cap)

Note: Data and Voice traffic are from different subnets (meaning we have at least 5 X /24 for data and 3 X /24 for voice)

Please give some inputs on what is the best way of doing this.

Thanks in advance,

subra.

Diagram in the attachment with IOS details

u0087672js · ‎09-24-2008

class-map match-all voice

description class for voice

match access-group name Voice

policy-map voice

class voice

priority percent 90

class class-default

fair-queue

ip access-list extended Voice permit ip x.x.x.x x.x.x.x (x being your telephony subnet)any

Just one way of doing it.

subra4u · ‎09-25-2008

Hi,

Thanks for the input.

I am wondering how to get this implemented. Should I create 3 routed interfaces and implement policy maps on it or 3 SVI.

Any more ideas plz post.

Thanks

subra

Marwan ALshawi · ‎09-25-2008

let consider this example

data 192.168.1.0/24

internet 172.168.1.0/24

voice 10.1.1.0/24

on Site A

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 172.16.1.0 0.0.0.255 any

access-list 102 permit ip 10.1.1.0 0.0.0.255 any

now let make class maps to match these ACLs

class-map data

match access-group 100

class-map internet

match access-group 101

class-map voice

match access-group 102

now lets make a policy for bandwdith management

plicy-map data

class data

police 100000 8000 exceed-action drop

plicy-map internet

class internet

police 100000 8000 exceed-action drop

now we gonna apply these polices on the inbound direction on the source ports not the uplink between switchs

so lets say the port that connected to data is fa0/1

and the port connected to internet is

fa0/5

this is on site A

interface fa0/1

service-policy input data

interface fa0/5

service-policy input internet

and leave the voice port wiout limitation

based on this config the traffic will be droped even befor it enter the switch f its above 100M

and the same idea on the site B

and if u want the communication be isolated between VLANs on L2 make the linke between the swithes as trunk and dont make SVIs to avoid routing between VLANs unless u make the routing with filtering

and keep the vlans span the upling as L2 vlans

and about the above ACLs if u have more subnest u can added to the ACLs eachwith it own class like data or internet

good luck

if helpful Rate

subra4u · ‎09-25-2008

Hello Mate,

Thanks for your time and the informative Input.

I have a small doubt here regarding the network congestion. In a scenario where the Voice, Data and Internet all running full capacity i.e. 800+100+100 respectively. How will be the voice packet treated. Is it just like the Data and Internet. What could be done , if thatz the case.

Thanks

Subra

Marwan ALshawi · ‎09-25-2008

in ur case

as the vlans in saparte interfaces and saparate vlans

and we have policed the trraffic exept voice then all other bandwidth will be for voice

if u gonna use trust boundaries and u have ur voice traffic already marked as COS 5 for example

then u can use the scheduling methoed and droping thrthould as an extra qos level on the uplink trunk between switches

this will help u service voice first

but as i mention the bamdwidth will be about 800 for voice as we policed the other two links to 100 each

hope this helpful

u0087672js · ‎09-25-2008

The voice traffic will get priority up to 90% in this configuration. Everything else is best effort.