Bandwidth Control

Unanswered Question
Nov 9th, 2009
User Badges:


I get 8MB Bandwidth from service-provider and need to distribute to different departments on the floor. All departments are on different VLAN.






service-provider >>> Internet_RTR >>> Switch

On Switch I create 5VLANS, what more steps is needed to restrict bandwidth

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagendra Kumar ... Mon, 11/09/2009 - 02:49
User Badges:
  • Cisco Employee,


You can use Hiererichal QoS to acheive the same.

Configure a parent policy to shape the total traffic to 8 Mbps as below,


class class-default

shape average 8Mbps

Now configure the child policy with bandwidth for each department as below,

class-map DEPARTMENT1

match access-group name

class-map DEPARTMENT2

match access-group name

policy-map TRAFFIC_CLASS





Now apply the child policy to parent policy as below,


class class-default

service-policy TRAFFIC_CLASS



Joseph W. Doherty Mon, 11/09/2009 - 03:49
User Badges:
  • Super Bronze, 10000 points or more

If your concern is allocation of inbound bandwidth (re: "service-provider >>> Internet_RTR >>> Switch"), you might define a CBWFQ policy with policers that limits the traffic to each department. However, although such a policy will indeed limit the traffic that can reach any one dept., it may not truly regulate inbound bandwidth utilization since the policer would be downstream of the 8 Mbps link's bandwidth. Such a policy (or perhaps one using shaping or minimum class guarantees) generally work better when placed upstream of the bandwidth congested point (i.e. the ISP's side of the link).

For outbound, I too would suggest something similar to Nagendra's post although per dept. shaping or policing might also be used. (NB: Nagendra's post is also similar to what I would suggest for ISP egress [to you]. [One possible major improvement, if using 12.4.20T or later, would be to also add FQ to each class.])


BTW, I believe both Nagendra and I assume you control the "Internet_RTR". If not, depending on the switch features, you might implement policing there too but syntax and feature support usually much different.

saquib.tandel Mon, 11/09/2009 - 05:30
User Badges:


Internet Router is controlled by us.

IOS version is 12.4 on Router

IOS version on L2Switch is 12.2

Internet Router is terminated to a L2Switch and then connected to department switches.

what configuration changes are needed on L2switch to restrict Bandwidth.

saquib.tandel Mon, 11/09/2009 - 07:26
User Badges:


My concern is inbound and outbound traffic restriction. can this be achieved on L2Switch

Joseph W. Doherty Mon, 11/09/2009 - 17:34
User Badges:
  • Super Bronze, 10000 points or more

Depends on the capabilites of the switch. Most that could might only offer policing and usually not as well featured as the router. Also, again, for inbound, routers and switches QoS features are not overly useful for regulating bandwidth on the inbound link (except, again, amount of bandwidth that reaches ends hosts - not exactly the same thing).


With TCP traffic, there are some 3rd traffic shaping appliances that can do more with inbound traffic regulation (generally by spoofing a host's RWIN and/or shaping ACKs).


This Discussion