3560 and Traffic shaping per vlan

Unanswered Question
Jul 10th, 2009
User Badges:


Is it possible to apply traffic shaping per vlan on a trunk link? We have 2 vlan's going out to our provider which is 40Mb, 10Mb is for Internet and 30Mb for WAN traffic both on different vlan's. Is it possible to shape these Vlan's seperatly? The ony way I have thought of doing it is to mark all Internet as dscp 1 and put it an egress queue of its own and shape that queue but wondered if there was a better way with "mls qos vlan-based"


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnspaulding Fri, 07/10/2009 - 05:57
User Badges:


On a 3560 you can apply the policy directly on the VLAN interface. on the 3550 you would use per-port-per vlan.

Edison Ortiz Fri, 07/10/2009 - 07:47
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

A 3560 switch isn't the right device to perform shaping. A regular design on 3560 calls for marking on ingress and let the WAN routers perform the shaping function at egress.

How about marking all internet bound traffic with a DSCP value and WAN bound traffic with a different DSCP value.

At the WAN router, match on the DSCP value and perform the necessary shaping with MQC.



Joseph W. Doherty Fri, 07/10/2009 - 09:06
User Badges:
  • Super Bronze, 10000 points or more

I think what you have in mind, tagging VLANs with a certain ToS such that such traffic can be directed to one of the 3560's four egress queues, and using shape mode for those queues, is about the only method to accomplish what you desire. (I'm also assuming you do want to shape, and not police.)

If you don't truly need to shape the two VLANs per VLAN, an alternative approach would be to, for instance, shape the egress port at 40% (of 100 Mbps using srr-queue bandwidth limit 40 - NB: only works in increments of 6) and set the shared (not shaped) ratios, perhaps, 25% and 75%. This would allow each traffic class to utilize available bandwidth of the other class yet not exceed the overall available bandwidth. (Here too I suspect you would need to tag the VLANs using ToS.)


This Discussion