Within our main Organization we got two divisions with separate LAN & WAN
Both these division are on the same floor. Internet Service Provider provided one Ethernet cable with 10MB and a public range /29
How do I gurante 5MB of bandwidth to each division.
ISP suggested to hook the ISP Ethernet cable to a Layer2Switch and then connect one cable each to division routers/switch.
Any suggestion and help in guranting bandwidth
dep1-ip and dep2-ip have to be something like 188.8.131.52 and 184.108.40.206 (going on with our fiction for public ip addresses)
you can check traffic classes with
show policy-map interface fas0/0
(there is also an SNMP MIB for modular QoS)
there is a section for each traffic class that provides counters and rates
if fas0/0 is running at 100 Mbps full and the contracted rate is 10 Mbps you need the shaper.
you can check this simply by using show interface fas0/0
in the ACLs you don't need to deny traffic within each IP subnet as this traffic does not hit the router subinterfaces (host will simply ARP for destination and destination answers to it)
rather you should deny traffic between subnets ( so that it is not natted) as this traffic is sent to the router.
second ACL will be like
access-list 123 deny ip 192.168.101.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 123 permit ip 192.168.101.0 0.0.0.255 any
access-list 112 deny ip 192.168.100.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 112 permit ip 192.168.100.0 0.0.0.255 any
Hope to help
>> I am lost at the stage of applying the qos. which interface I should be applying. What other commands I need to get proper qos configured.
you need to apply QOS on the WAN facing interface on the router, depending on its speed you apply directly the scheduler out_sched if access link speed = contracted rate.
if contracted rate < access link speed then you need to apply a shaper to contracted rate that invokes as a child policy the scheduler.
Another aspect to be considered is that if the link is used for public Internet access, then you need to perform NAT and my suggestion is to use two different NAT pools (each made of a single IP address taken from the /29 that ISP has assigned to your company), so that you can trace what traffic has been originated in department1 and what traffic is originated in department2 also after NAT operation.
By doing so all traffic with source = dep1 public ip address has been originated in department 1 and can be classified as a same traffic class from the point of view of WAN interface on router. The same happens for traffic with source dep2 address.
I hope my first post is more clear now
Hope to help