Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18687
Views
0
Helpful
9
Replies

VLAN Rate-Limit

charles.hutchinsjr
Level 1
Level 1

‎12-26-2009 07:30 AM - edited ‎03-06-2019 09:05 AM

I have what should be an easy one, but the solution has evaded me.

I have 3 VLANs (lets say 1,2,3) and I am working with a 3560 switch. On VLAN 3 I have a WAN link to an ISP that is only 500k (satellite). I have a few users on the 3560 switch that are chewing up the entire 500k pipe and other users on VLAN 3 throughout the network are unable to utilize the Internet.

I want to limit the data rate of VLAN 3 on the 3560 switch to 100k without effecting VLAN 1 or 2.

I have tried several methods, VLAN rate-limit, and class-poicy policing, storm-control, ect... but it does not seem any have the desired affect.

What am I doing wrong?

Labels:
0 Helpful
9 Replies 9

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-26-2009 08:17 AM

Hi,

As you have tried all the thing to rate limit the bandwidth what i can suggest in cisco 3560 switch to rate limit is to go with policy map configuration in cisco 3560 swithces, check out the following sample configuration hope this helps out your query !!

Policy each whole physical port at some value. The regular policer will help you here.

policy-map each-port-limit
class class-default
police 1000000 125000 exceed-action drop

int fa0/5
service-policy input each-port-limit

int fa0/12
service-policy input each-port-limit

int fa0/15
service-policy input each-port-limit

With this configuration applied _each_ of three ports will be limited up to 1Mbps.

Policy all traffic together coming from all of the physical ports. The aggregate
policer will help you here.

mls qos aggregate-policer agg-policer 1000000 125000 exceed-action drop

policy-map agg-limit
class class-default
police aggregate agg-policer

int fa0/5
service-policy input agg-limit

int fa0/12
service-policy input agg-limit

int fa0/15
service-policy input agg-limit

Those, all the traffic coming from these three ports will be limited up to 1Mbps.

Hope this helps !!

Regards

Ganesh.H

0 Helpful

charles.hutchinsjr
Level 1
Level 1
In response to Ganesh Hariharan

‎12-26-2009 10:22 AM

Thanks for the reply Ganesh

.

I would like to stick with only limiting the VLAN. I guess I should have mentioned it in advance, each of the ports have a voice VLAN (lets say VLAN 2). So, any rate limiting to the physical port, affects the quality of the VOIP if the user is downloading. That is why I am focusing on the VLAN rate limiting/shaping so that the Voice VLAN is unaffected.

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to charles.hutchinsjr

‎12-26-2009 10:48 PM

as long as you are using 3560 you can implement per vlan policing as follwoing

you want to limit valn 3 to 100 k only

lets say you have the follwoing ports in vlan 3

0/1 and 0/2

access-list 100 permit ip any any

class-map IP_TRAFFIC

match access-group 100

class-map VLAN3_PORTS

match input-interface fa0/1 - 2

policy-map PORTS_POLICY

class VLAN_PORTS

police 100000

policy-map VLAN3_POLICY

class IP_TRAFFIC

service-policy PORTS_POLICY

interface vlan 3

service-policy input VLAN3_POLICY

last important step is :

on each trunk or interface in vlan 3 in our example 0/1 and 0/2

int  range fa0/1 - 2

mls qos vlan-based

good luck

if helpful Rate

0 Helpful

charles.hutchinsjr
Level 1
Level 1
In response to Marwan ALshawi

‎12-26-2009 11:33 PM

When attempting to config, I get the follow response when trying to assign the service-policy to vlan3

switch(config)#int vlan 3

switch(config-if)#service-policy input VLAN3_POLICY
%QoS: No action is configured in the policymap VLAN3_POLICY classmap IP_TRAFFIC,
or it is being modified.

===================================================================

What is currently in running config:

class-map match-all IP_TRAFFIC
  match access-group 100
class-map match-all VLAN3_PORTS
  match input-interface  FastEthernet0/23 (trunk port upstream)
  match input-interface  FastEthernet0/24 (trunk port downstream)
!
!
policy-map PORTS_POLICY
  class VLAN3_PORTS
    police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
  class IP_TRAFFIC
   service-policy PORTS_POLICY

!

!

interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast

!

!

interface Vlan3
no ip address
no ip route-cache
shutdown

==============================================================

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to charles.hutchinsjr

‎12-27-2009 01:02 AM

policy-map VLAN3_POLICY
  class IP_TRAFFIC

set dscp [ any value suit your network ]
   service-policy PORTS_POLICY

good luck

0 Helpful

charles.hutchinsjr
Level 1
Level 1
In response to Marwan ALshawi

‎12-27-2009 01:14 AM

New Error Response when attempting to apply service policy to vlan 3.

switch(config-if)#int vlan 3
switch(config-if)#service-policy input VLAN3_POLICY
Service Policy attachment failed

=================Config so far=================================

class-map match-all IP_TRAFFIC
  match access-group 100
class-map match-all VLAN3_PORTS
  match input-interface  FastEthernet0/24
  match input-interface  FastEthernet0/23
!
!
policy-map PORTS_POLICY
  class VLAN3_PORTS
    police 100000 8000 exceed-action drop
policy-map VLAN3_POLICY
  class IP_TRAFFIC
   set dscp default
   service-policy PORTS_POLICY
!

!

interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
load-interval 30
mls qos vlan-based
spanning-tree portfast
!

!

interface Vlan800
no ip address
no ip route-cache
shutdown

!

!

============================================================

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to charles.hutchinsjr

‎12-27-2009 01:22 AM

can change this

class-map match-all VLAN3_PORTS

to

class-map match-any VLAN3_PORTS

if its failed try to assign IP address to vlan3 interface

0 Helpful

charles.hutchinsjr
Level 1
Level 1
In response to Marwan ALshawi

‎12-27-2009 01:49 AM

Same error response.

"Service Policy attachment failed"

I can not assign an IP to the VLAN 3 interface, as it not the native. VLAN 1 has the IP to telnet, ect... Plus we are very limited on VLAN 3 IPs and can not afford to use on infrastucture.

I really do appriciate all of your assistance.

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to charles.hutchinsjr

‎12-27-2009 02:49 AM

you are welcome

but assure you this is the proper way to configure per vlan or vlan based qos in 3560

and i did configured it before !!

try to check if  qos enabled in your switch and search cisco.com for 3560 vlan based qos

good luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card