VLAN Rate-Limit

Unanswered Question
Dec 26th, 2009
User Badges:

I have what should be an easy one, but the solution has evaded me.



I have 3 VLANs (lets say 1,2,3) and I am working with a 3560 switch. On VLAN 3 I have a WAN link to an ISP that is only 500k (satellite). I have a few users on the 3560 switch that are chewing up the entire 500k pipe and other users on VLAN 3 throughout the network are unable to utilize the Internet.


I want to limit the data rate of VLAN 3 on the 3560 switch to 100k without effecting VLAN 1 or 2.


I have tried several methods, VLAN rate-limit, and class-poicy policing, storm-control, ect... but it does not seem any have the desired affect.



What am I doing wrong?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Sat, 12/26/2009 - 08:17
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


As you have tried all the thing to rate limit the bandwidth what i can suggest in cisco 3560 switch to rate limit is to go with policy map configuration in cisco 3560 swithces, check out the following sample configuration hope this helps out your query !!


Policy each whole physical port at some value. The regular policer will help you here.


policy-map each-port-limit
class class-default
police 1000000 125000 exceed-action drop


int fa0/5
service-policy input each-port-limit


int fa0/12
service-policy input each-port-limit


int fa0/15
service-policy input each-port-limit


With this configuration applied _each_ of three ports will be limited up to 1Mbps.


Policy all traffic together coming from all of the physical ports. The aggregate
policer will help you here.


mls qos aggregate-policer agg-policer 1000000 125000 exceed-action drop


policy-map agg-limit
class class-default
police aggregate agg-policer


int fa0/5
service-policy input agg-limit


int fa0/12
service-policy input agg-limit


int fa0/15
service-policy input agg-limit


Those, all the traffic coming from these three ports will be limited up to 1Mbps.


Hope this helps !!


Regards

Ganesh.H

charles.hutchin... Sat, 12/26/2009 - 10:22
User Badges:

Thanks for the reply Ganesh

.

I would like to stick with only limiting the VLAN. I guess I should have mentioned it in advance, each of the ports have a voice VLAN (lets say VLAN 2). So, any rate limiting to the physical port, affects the quality of the VOIP if the user is downloading. That is why I am focusing on the VLAN rate limiting/shaping so that the Voice VLAN is unaffected.

Marwan ALshawi Sat, 12/26/2009 - 22:48
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

as long as you are using 3560 you can implement per vlan policing as follwoing


you want to limit valn 3 to 100 k only


lets say you have the follwoing ports in vlan 3


0/1 and 0/2


access-list 100 permit ip any any


class-map IP_TRAFFIC

match access-group 100


class-map VLAN3_PORTS

match input-interface fa0/1 - 2


policy-map PORTS_POLICY

class VLAN_PORTS

police 100000


policy-map VLAN3_POLICY

class IP_TRAFFIC

service-policy PORTS_POLICY


interface vlan 3

service-policy input VLAN3_POLICY



last important step is :


on each trunk or interface in vlan 3 in our example 0/1 and 0/2


int  range fa0/1 - 2

mls qos vlan-based


good luck

if helpful Rate

charles.hutchin... Sat, 12/26/2009 - 23:33
User Badges:

When attempting to config, I get the follow response when trying to assign the service-policy to vlan3


switch(config)#int vlan 3

switch(config-if)#service-policy input VLAN3_POLICY
%QoS: No action is configured in the policymap VLAN3_POLICY classmap IP_TRAFFIC,
or it is being modified.


===================================================================

What is currently in running config:



class-map match-all IP_TRAFFIC
  match access-group 100
class-map match-all VLAN3_PORTS
  match input-interface  FastEthernet0/23 (trunk port upstream)
  match input-interface  FastEthernet0/24 (trunk port downstream)
!
!
policy-map PORTS_POLICY
  class VLAN3_PORTS
    police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
  class IP_TRAFFIC
   service-policy PORTS_POLICY

!

!

interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast

!

!

interface Vlan3
no ip address
no ip route-cache
shutdown


==============================================================

Marwan ALshawi Sun, 12/27/2009 - 01:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

policy-map VLAN3_POLICY
  class IP_TRAFFIC

set dscp [ any value suit your network ]
   service-policy PORTS_POLICY



good luck

charles.hutchin... Sun, 12/27/2009 - 01:14
User Badges:

New Error Response when attempting to apply service policy to vlan 3.


switch(config-if)#int vlan 3
switch(config-if)#service-policy input VLAN3_POLICY
Service Policy attachment failed


=================Config so far=================================


class-map match-all IP_TRAFFIC
  match access-group 100
class-map match-all VLAN3_PORTS
  match input-interface  FastEthernet0/24
  match input-interface  FastEthernet0/23
!
!
policy-map PORTS_POLICY
  class VLAN3_PORTS
    police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
  class IP_TRAFFIC
   set dscp default
   service-policy PORTS_POLICY
!

!

interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!

!

interface Vlan800
no ip address
no ip route-cache
shutdown

!

!

============================================================

Marwan ALshawi Sun, 12/27/2009 - 01:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

can change this

class-map match-all VLAN3_PORTS


to

class-map match-any VLAN3_PORTS


if its failed try to assign IP address to vlan3 interface

charles.hutchin... Sun, 12/27/2009 - 01:49
User Badges:

Same error response.


"Service Policy attachment failed"



I can not assign an IP to the VLAN 3 interface, as it not the native. VLAN 1 has the IP to telnet, ect... Plus we are very limited on VLAN 3 IPs and can not afford to use on infrastucture.


I really do appriciate all of your assistance.

Marwan ALshawi Sun, 12/27/2009 - 02:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

you are welcome

but assure you this is the proper way to configure per vlan or vlan based qos in 3560

and i did configured it before !!

try to check if  qos enabled in your switch and search cisco.com for 3560 vlan based qos


good luck

Actions

This Discussion