Limit Bandwidth on 3750 switch to 2Mb

Unanswered Question
Feb 8th, 2010
User Badges:

I have a client in the same building that would like to purchase 2Mb internet connection. I am handing off ethernet to this client from a port on my 3750. I need to limit this connection to 2Mb. I tried configuring srr-queue bandwidth limit 20, changed the interface speed to 10Mb and ran an internet speed test. The download speed was 2Mb but the Upload speed was still the full 10Mb internet connection. I tried policing on the interface to limit the upload speed (from pc to internet) and that didn't seem to work.

Any ideas?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
habadr Mon, 02/08/2010 - 14:07
User Badges:
  • Cisco Employee,


"Srr-queue bandwidth limit" does not limit inbound traffic, It is used to limit the maximum bandwidth transmitted out of an interface. To limit the inbound traffic on an interface, you must use ingress policing.


Hatim Badr

Layer_Two Thu, 08/16/2012 - 02:20
User Badges:


I have the exact same challenge! 2mb up/down needed on a single port. Download speed works like a charm at 2mb with

#srr-queue bandwidth limit 20 (its a 10 mb line)

However, the upload speed is not limited.

Does anyone know the command to accomplish this?



Marwan ALshawi Sun, 08/19/2012 - 02:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

Have you tried to use bandwidth limit for outbound direction and policing for inbound direction as advised by Hatim above ?

Sent from Cisco Technical Support iPad App

Layer_Two Sun, 08/19/2012 - 02:57
User Badges:


I have tried to implement policing to inbound traffic but it didnt work.

Any suggestion for the appropriate commands to get this working?

Many thanks

Layer_Two Sun, 08/19/2012 - 11:08
User Badges:

Hi Samuel,

Many thanks for looking into this.  I have tried the commands on my 3550 at home and it only worked for download, not upload.

I think the 3550 is not fully compatible with this class mapping as I had to adapt the last command to

service-policy input BANDWIDTH-CUSTOMER_23-PM

If I use service-policy output BANDWIDTH-CUSTOMER_23-PM

it complaints the class is not compatible. Tomorrow I will try on the 3750 and post the outcome!

Many thanks!

Samuel Petrescu Sun, 08/19/2012 - 11:34
User Badges:

On Cisco 3750 policy works only in input direction.

If you want to police traffic Input and Output for a customer, you need two polices.
One applied to the interface where customer is directly connected (like preview one).
One applied to the uplink on the switch.
The customer has to have static IP, so you can identify the customer on ACL

Something like this:
If Uplink for the switch is Gi1/0/1 and IP address for Customer 23 is

ip access-list extended BANDWIDTH-CUSTOMER_23-DOWNLOAD-ACL
      permit ip any  host
       description --- Match traffic downloads for customer 23 --
       match access-group name BANDWIDTH-CUSTOMER_23-DOWNLOAD-ACL
     description --- Police all downloads, one custemer per class-map ---
        police 2048000 262144 exceed-action drop        

interface GigabitEthernet1/0/1
    description --- Upling to the Edge router ---
    service-policy input ALL-DOWNLOADS-PM


This example is from a production environment

Samuel Petrescu

Layer_Two Mon, 08/20/2012 - 07:05
User Badges:

Hi Samuel,

Brilliant! Kudos! It worked! Many thanks for your support!

Hello Samuel Petrescu.
Can you help me?
I need to restrict download and upload speed of one host of one vlan to 256 kb/s download and 256 kb/s upload.
The host is with static IP address.
The network topology is simple.
Host ->Cisco switch->Cisco Router.
I want to do this restriction on cisco router.

I will be happy to see example configuration.

Here I see clear example of  download restriction.
But for upload ?
And where exactly I have to apply these polices ?
Download policy ? Interface of what?
Upload policy? Interface of what?

I want to see clear example form beginning to end.
I am junior and to me is difficult to understand if the example is not clear like in cisco courses.
But in CISCO CCNA SECURITY in net academy I didn't see example of restriction of one host of vlan network.


Samuel Petrescu Sun, 08/19/2012 - 07:02
User Badges:

Good morning,

You can police upload traffic in this way:

mls qos
ip access-list extended BANDWIDTH-CUSTOMER_23-ACL
      permit ip any any
       description --- Match traffic upload for customer 23 --
       match access-group name BANDWIDTH-CUSTOMER_23-ACL
     description --- Customer 23 police upload traffic, burst is in byte/sec---

        police 2048000 262144 exceed-action drop        

interface GigabitEthernet1/0/23
    description --- Customer 23 upload 2 Mbps ---
    service-policy input BANDWIDTH-CUSTOMER_23-PM


Samuel Petrescu


This Discussion