Catalyst 2950 / 2960 port bandwidth limit

Unanswered Question
Jun 11th, 2009

Hi all,

We have several layer2 2950/2960 switches, carrying very different versions of IOS (mainly 12.1(22)EA1 to 12.2(35)SE5).

We eventually need to limit bandwidth on a single port, (e.g. Fa x/y), independently of packet informations as source @,destination @, or protocol.

I haven't been able yet to find a simple and "any-IOS" command for that purpose.

"rate-limit" and "srr-queue bandwidth limit" seem fine but are not implemented in older IOS (e.g. 12.1) or on 2950.

And QoS cmd, like "wrr-queue" or "trafic-shaping", either are global (not interface-based), or need lots of other parameters to be operational.

Has anyone other "miracle" ideas ?

Thx,

Pellizzari

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Thu, 06/11/2009 - 05:06

You've touched on the problem, different platforms/IOSs support different features, and not always the ones we want.

If your really need a feature that's not available on your older platform, the usual path is to upgrade. However, if you only need the feature on one or a few ports, you can sometimes place another newer "inexpensive" device in-line. For instance, the 8 port 2960 or 8 port 3560 can sometimes be cleverly used with older switches.

gpellizzari Thu, 06/11/2009 - 07:03

Thank you for your reply.

The idea of placing an inexpensive device in between is not bad, but doesn't resolve my issue.

Which is what follows:

-> a suspect end host activity (e.g. big files downloading) causes abnormal bandwidth usage on the switch port, on which it is physically connected

-> an alert is given by nms (LMS or others)

-> immediate reaction is to remotely and quickly limit bandwidth on that switch port, in order to:

1. limit consequences on the whole network

2. take time to perform further investigations, to understand if the host traffic is legitimate or not.

Then, if traffic is not legitimate, further dispositions could be taken (e.g. an administrative shutdown on the switch port, eventually informing the end user and forbidding some kind of software, and so on).

If traffic is legitimate, then finer traffic filtering and control measures could be put in place (eventually by QoS implementation).

Joseph W. Doherty Thu, 06/11/2009 - 07:22

Ah, so the issue is really you want to be able to control any port. For that, you're correct, an inline device won't be a cure. I was thinking more about "known" problem ports and/or uplinks.

Without doing a complete hardware upgrade, on a LAN, due to QoS limitations of most LAN devices, an alternative solution might be better bandwidth ratio management. If a single host can disrupt your network by its bandwidth demand, perhaps you need to be proactive rather than reactive. Change the oversubscription ratios. Normally we think of increasing uplink bandwidths, but decreasing host bandwidth might work too. For instance, if hosts are allowed 100 or gig, drop them back a notch.

Actions

This Discussion