Bandwidth limit on VLANS using Cisco 3750 Layer 3 Switch

Unanswered Question
Apr 27th, 2013

Hi I have been trying to police bandwidth per VLAN on a 3750 Switch (ver 12.2 (44) SE5)

This is what i have:

- 40 Mbps Internet Service

- 10 VLANS

- I need each vlan to have assigned 4Mbps download and 1Mbps upload (that is, each workstation connected to a particular Vlan to download at 4Mbps and 1 Mbps upload).

So far i've only been able to control the upload using the following config (for testing purposes I'm limiting  only Vlan 7 as of now):

Gi 1/0/2 is connected to a Layer 2 Switch (2950) and every user woking in Vlan 7 in that switch (the 2950) is restricted to 1Mbps UPLOAD.

HOW can I restrict DOWNLOAD?, as of now if try to use the command:

LAYER_3(config-if)#service-policy output VLANs

It replies that the command is NOT supported.

* * * * * * * * * * * * * * * * * * * * * * * * * *

LAYER_3#sh run

Building configuration...

Current configuration : 8989 bytes

!

! Last configuration change at 07:56:23 UTC Mon Mar 8 1993

!

version 12.2

service config

!

hostname LAYER_3

!

boot-start-marker

boot-end-marker

!

!

ip routing

!

!

mls qos

!

!

vlan internal allocation policy ascending

!

!

class-map match-all VLAN7

  match access-group 7

class-map match-all PORTS

  match input-interface  GigabitEthernet1/0/2

!

policy-map PORT

class PORTS

  police 1024000 192000 exceed-action drop

policy-map VLANS

class VLAN7

   set dscp ef

   service-policy PORT

!

!

interface GigabitEthernet1/0/1

switchport access vlan 192

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

description LINK_SW_2_Floor

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos vlan-based

!

interface GigabitEthernet1/0/3

description INTERNET_LINK

no switchport

ip address 172.31.1.2 255.255.255.248

!

interface GigabitEthernet1/0/4

switchport access vlan 4

!

interface GigabitEthernet1/0/5

switchport access vlan 5

!

interface GigabitEthernet1/0/6

switchport access vlan 6

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 172.31.2.1 255.255.255.0

!

interface Vlan3

ip address 172.31.3.1 255.255.255.0

!

interface Vlan4

ip address 172.31.4.1 255.255.255.0

!

interface Vlan5

ip address 172.31.5.1 255.255.255.0

!

interface Vlan6

ip address 172.31.6.1 255.255.255.0

!

interface Vlan7

ip address 172.31.7.1 255.255.255.0

service-policy input VLANS

!

interface Vlan8

ip address 172.31.8.1 255.255.255.0

!

interface Vlan9

ip address 172.31.9.1 255.255.255.0

!

interface Vlan10

ip address 172.31.10.1 255.255.255.0

!

interface Vlan11

ip address 172.31.11.1 255.255.255.0

!

ip default-gateway 172.31.1.1

!

!

ip route 0.0.0.0 0.0.0.0 172.31.1.1

!

logging esm config

access-list 7 permit 172.31.7.0 0.0.0.255

!

!

!

* * * * * * * * * * * * * * * * * * * * * * * * * *

Thanks in advance for your time reading this

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3.5 (2 ratings)
cuartoarcangel Sat, 04/27/2013 - 20:54

Thanks Paolo,

By suggesting to use a router you mean i should re-design the VLAN Interfaces (move them to the router?)

or, use the actual Cisco 2821 router (i have on TOP of the L3 switch), to manage bandwidth for the VLAN interfaces created and managed in the Layer 3 sw? I don't have a clue, on how to do the latter.

Thanks and Regards,

Luis

tobyarnett Sat, 04/27/2013 - 21:24

So a question to your design. Why would you want to potentailly allocate 40 Mbps combined usage across all of your VLAN's when your total bandwidth is 40 Mbps? You run the risk of maxing out your circuit and then you can lose your BGP peers because they cannot use the link to communicate with the neighbor. There is other data that needs to flow through there as well. Why not just create a single policy and apply it to the physical interface where all your VLAN's leave the switch from? The policy would give all VLAN's up to a designated bandwidth (i.e. 35 Mbps d/l, 5 Mbps u/l). Then you would reserve the other 5 Mbps for your other data traffic. Such as email, routing protocol messages, server FTP, server www, and other various data. Would this not serve the same goal?

As per the design you currently have I am looking up the specs on your code, but I don't think what you are trying to do is supported by that switch and IOS. You maybe able to do this with another IOS type, but as the previous post stated you may be at a hardware limitation as well. Moving those policy routes to your router would be the better option, or you could use a higher end switch. At this point, look at my first paragraph and see if that thought process may be beneficial to you. I will look for your code and see if your current design is supported.

-Toby

Please don't forget to rate any helpful post.

_____________________________________
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan

cuartoarcangel Sat, 04/27/2013 - 23:24

Thanks Toby,

Since we have 10 clients and each client has aproximetly 8-10 users, I wanted to deliver a dedicated bandwidth (i.e. 4Mbps) to each area/dept. so if a user starts utilizing more bandwidth it wouldnt affect other processes (vlans).

I found that utilizing hierarchycal policing i could have accomplish that, hence my code.

   "Why not just create a single policy and apply it to the physical interface where all your VLAN's leave the switch from?"

Is that possible? on a port configured for routing ( i.e. "no switchport) ???

Again, Thank you

Regards,

Luis

Bilal Nawaz Sat, 04/27/2013 - 23:18

Hello, you are already policing for download. Service policy input means anything coming in the interface (I.e. towards your vlan) is being policed. You cannot police on outbound.
The 3750 has limited qos features only for ingress.
Output means anything leaving the vlan that needs to be routed. This is the upload. This is egress, I.e. outbound.

I agree with Paolo, a router would be best to handle this kind of thing, I would configure shaping instead of policing too.

Hope this helps

Sent from Cisco Technical Support iPhone App

cuartoarcangel Sat, 04/27/2013 - 23:27

Thanks for the comment

Is output available in SHAPING for SVI's (VLan interfaces)???

Or will i face the same problem as policing? (only input traffic)?

Thanks,

Luis

Bilal Nawaz Sun, 04/28/2013 - 00:27

Hello, Shaping is not available on the 3750 I think. I have only been able to configure policing on inbound direction just like you. The switch is very limited in that aspect. A router could do this for you.

Good document for qos on 3750 outlines what we could do, but there's nothing here that can truly work for you.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml

Hope this helps

Sent from Cisco Technical Support iPhone App

cuartoarcangel Fri, 05/03/2013 - 11:12

Hi All,

Thank you all for your support.

I ended up redesigning it using a "Router on a Stick" solution and applying rate-limit on the router's subinterfaces instead of the SVI's in the Layer 3 (which i ended up using it as Layer 2)

With the following configuration I've limit the bandwidth for Vlan 7 (4Mbps fo downloading and 1Mbps upload - end-user point-of-view)


- I created the Vlans in the switch

- DHCP service for Vlans were made in the router

- Sub-interfaces were created in the router (1 sub-interface as gateway per Vlan).

- Rate limit command applied in the sub-interface

*********************************************************************

This was my final configuration for the 3750 switch

MIND_L3_SW#

MIND_L3_SW#sh run

Building configuration...

Current configuration : 4275 bytes

!

!

hostname MIND_L3_SW

!

no ip domain-lookup

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface GigabitEthernet1/0/1

description LINK_SW_1st_Floor

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

description LINK_SW_2nd_Floor

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/3

description I N T E R N E T _ L I N K

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/4

switchport access vlan 4

!

interface GigabitEthernet1/0/5

switchport access vlan 4

!

interface GigabitEthernet1/0/6

switchport access vlan 7

!

interface GigabitEthernet1/0/7

switchport access vlan 4

!

interface GigabitEthernet1/0/8

switchport access vlan 4

!

interface GigabitEthernet1/0/9

switchport access vlan 4

!

interface GigabitEthernet1/0/10

switchport access vlan 4

!

interface GigabitEthernet1/0/11

switchport access vlan 4

!

interface GigabitEthernet1/0/12

switchport access vlan 4

!

interface GigabitEthernet1/0/13

switchport access vlan 4

!

interface GigabitEthernet1/0/14

switchport access vlan 5

!

interface GigabitEthernet1/0/15

switchport access vlan 5

!

interface GigabitEthernet1/0/16

switchport access vlan 5

!

interface GigabitEthernet1/0/17

switchport access vlan 5

!

interface GigabitEthernet1/0/18

switchport access vlan 5

!

interface GigabitEthernet1/0/19

switchport access vlan 5

!

interface GigabitEthernet1/0/20

switchport access vlan 5

!

interface GigabitEthernet1/0/21

switchport access vlan 7

!

interface GigabitEthernet1/0/22

switchport access vlan 7

!

interface GigabitEthernet1/0/23

switchport access vlan 7

!

interface GigabitEthernet1/0/24

switchport access vlan 7

!

interface GigabitEthernet1/0/25

switchport access vlan 7

!

interface GigabitEthernet1/0/26

switchport access vlan 8

!

interface GigabitEthernet1/0/27

switchport access vlan 8

!

interface GigabitEthernet1/0/28

switchport access vlan 8

!

interface GigabitEthernet1/0/29

switchport access vlan 8

!

interface GigabitEthernet1/0/30

switchport access vlan 10

!

interface GigabitEthernet1/0/31

switchport access vlan 10

!

interface GigabitEthernet1/0/32

switchport access vlan 10

!

interface GigabitEthernet1/0/33

switchport access vlan 10

!

interface GigabitEthernet1/0/34

switchport access vlan 10

!

interface GigabitEthernet1/0/35

switchport access vlan 10

!

interface GigabitEthernet1/0/36

switchport access vlan 10

!

interface GigabitEthernet1/0/37

switchport access vlan 10

!

interface GigabitEthernet1/0/38

switchport access vlan 10

!

interface GigabitEthernet1/0/39

switchport access vlan 10

!

interface GigabitEthernet1/0/40

switchport access vlan 10

!

interface GigabitEthernet1/0/41

switchport access vlan 192

!

interface GigabitEthernet1/0/42

switchport access vlan 192

!

interface GigabitEthernet1/0/43

switchport access vlan 192

!

interface GigabitEthernet1/0/44

switchport access vlan 192

!

interface GigabitEthernet1/0/45

switchport access vlan 192

!

interface GigabitEthernet1/0/46

switchport access vlan 192

!

interface GigabitEthernet1/0/47

switchport access vlan 20

!

interface GigabitEthernet1/0/48

switchport access vlan 192

!

interface GigabitEthernet1/0/49

!

interface GigabitEthernet1/0/50

!

interface GigabitEthernet1/0/51

!

interface GigabitEthernet1/0/52

!

interface Vlan1

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface Vlan10

ip address 172.31.10.1 255.255.255.0

no ip route-cache cef

no ip route-cache

!

ip default-gateway 172.31.10.254

!

logging esm config

!

!

!

end

MIND_L3_SW#

*********************************************************************

This was my 2821 router final configuration:

ARKUS2821#

ARKUS2821#

ARKUS2821#

ARKUS2821#

ARKUS2821#

ARKUS2821#sh run

Building configuration...

Current configuration : 11821 bytes

!

version 12.4

hostname ARKUS2821

!

boot-start-marker

boot system flash c2800nm-adventerprisek9-mz.124-22.T5.bin

boot-end-marker

!

logging message-counter syslog

logging buffered 51200 warnings

!

no aaa new-model

!

ip cef

ip dhcp excluded-address 172.31.2.1

ip dhcp excluded-address 172.31.3.1

ip dhcp excluded-address 172.31.4.1

ip dhcp excluded-address 172.31.5.1

ip dhcp excluded-address 172.31.6.1

ip dhcp excluded-address 172.31.7.1

ip dhcp excluded-address 172.31.8.1

ip dhcp excluded-address 172.31.9.1

ip dhcp excluded-address 172.31.11.1

ip dhcp excluded-address 172.31.12.1

ip dhcp excluded-address 172.31.13.1

ip dhcp excluded-address 172.31.14.1

ip dhcp excluded-address 172.31.15.1

ip dhcp excluded-address 172.31.16.1

ip dhcp excluded-address 172.31.17.1

ip dhcp excluded-address 172.31.18.1

ip dhcp excluded-address 172.31.19.1

ip dhcp excluded-address 172.31.20.1

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool VLAN21

   network 172.31.21.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.21.1

!

ip dhcp pool VLAN2

   network 172.31.2.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.2.1

!

ip dhcp pool VLAN3

   network 172.31.3.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.3.1

!

ip dhcp pool VLAN4

   network 172.31.4.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.4.1

!

ip dhcp pool VLAN5

   network 172.31.5.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.5.1

!

ip dhcp pool VLAN6

   network 172.31.6.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.6.1

!

ip dhcp pool VLAN7

   network 172.31.7.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.7.1

!

ip dhcp pool VLAN8

   network 172.31.8.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.8.1

!

ip dhcp pool VLAN9

   network 172.31.9.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.9.1

!

ip dhcp pool VLAN11

   network 172.31.11.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.11.1

!

ip dhcp pool VLAN12

   network 172.31.12.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.12.1

!

ip dhcp pool VLAN13

   network 172.31.13.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.13.1

!

ip dhcp pool VLAN14

   network 172.31.14.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.14.1

!

ip dhcp pool VLAN15

   network 172.31.15.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.15.1

!

ip dhcp pool VLAN16

   network 172.31.16.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.16.1

!

ip dhcp pool VLAN17

   network 172.31.17.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.17.1

!

ip dhcp pool VLAN18

   network 172.31.18.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.18.1

!

ip dhcp pool VLAN19

   network 172.31.19.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.19.1

!

ip dhcp pool VLAN20

   network 172.31.20.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 172.31.20.1

!

ip dhcp pool VLAN192

   network 192.168.1.0 255.255.255.0

   dns-server 200.38.100.210 207.83.200.201

   default-router 192.168.1.1

!

!

no ip domain lookup

!

!

!

!

!

interface GigabitEthernet0/0

description LOCAL_AREA_NETWORK

no ip address

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 2

ip address 172.31.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 3

ip address 172.31.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.4

encapsulation dot1Q 4

ip address 172.31.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.5

encapsulation dot1Q 5

ip address 172.31.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.6

encapsulation dot1Q 6

ip address 172.31.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.7

encapsulation dot1Q 7

ip address 172.31.7.1 255.255.255.0

ip nat inside

ip virtual-reassembly

rate-limit output 4096000 768000 1536000 conform-action transmit exceed-action drop

rate-limit input 1024000 192000 384000 conform-action transmit exceed-action drop

!

interface GigabitEthernet0/0.8

encapsulation dot1Q 8

ip address 172.31.8.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.9

encapsulation dot1Q 9

ip address 172.31.9.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip address 172.31.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.11

encapsulation dot1Q 11

ip address 172.31.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.12

encapsulation dot1Q 12

ip address 172.31.12.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.13

encapsulation dot1Q 13

ip address 172.31.13.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.14

encapsulation dot1Q 14

ip address 172.31.14.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.15

encapsulation dot1Q 15

ip address 172.31.15.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.16

encapsulation dot1Q 16

ip address 172.31.16.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.17

encapsulation dot1Q 17

ip address 172.31.17.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.18

encapsulation dot1Q 18

ip address 172.31.18.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.19

encapsulation dot1Q 19

ip address 172.31.19.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.20

encapsulation dot1Q 20

ip address 172.31.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.21

encapsulation dot1Q 21

ip address 172.31.21.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.192

encapsulation dot1Q 192

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

interface FastEthernet0/3/0

description INTERNET_ISP

ip address dhcp

ip access-group 111 in

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 172.31.2.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.3.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.4.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.5.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.6.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.7.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.8.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.9.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.10.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.11.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.12.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.13.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.14.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.15.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.16.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.17.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.18.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.19.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.20.0 255.255.255.0 GigabitEthernet0/0

ip route 172.31.21.0 255.255.255.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 dhcp

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip flow-cache timeout active 1

ip flow-export source FastEthernet0/3/0

ip flow-export version 5

!

ip nat inside source list 1 interface FastEthernet0/3/0 overload

!

access-list 1 permit 172.31.1.0 0.0.0.255

access-list 1 permit 172.31.2.0 0.0.0.255

access-list 1 permit 172.31.3.0 0.0.0.255

access-list 1 permit 172.31.4.0 0.0.0.255

access-list 1 permit 172.31.5.0 0.0.0.255

access-list 1 permit 172.31.6.0 0.0.0.255

access-list 1 permit 172.31.7.0 0.0.0.255

access-list 1 permit 172.31.8.0 0.0.0.255

access-list 1 permit 172.31.9.0 0.0.0.255

access-list 1 permit 172.31.10.0 0.0.0.255

access-list 1 permit 172.31.11.0 0.0.0.255

access-list 1 permit 172.31.12.0 0.0.0.255

access-list 1 permit 172.31.13.0 0.0.0.255

access-list 1 permit 172.31.14.0 0.0.0.255

access-list 1 permit 172.31.15.0 0.0.0.255

access-list 1 permit 172.31.16.0 0.0.0.255

access-list 1 permit 172.31.17.0 0.0.0.255

access-list 1 permit 172.31.18.0 0.0.0.255

access-list 1 permit 172.31.19.0 0.0.0.255

access-list 1 permit 172.31.20.0 0.0.0.255

access-list 1 permit 172.31.21.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

!

end

ARKUS2821#

*********************************************************************

amir_slash Thu, 02/06/2014 - 06:04

Hi Luis
I think your solution has a negative point! Because with using rate-limit command, your traffic from VLAN 7 to other VLANs is also limited to 4Mbps download and 1Mbps upload!

-Amir

cuartoarcangel Mon, 03/03/2014 - 23:06

Hi Amir,

I think you are completely right.

Nonetheless i haven't been able to figure out any other possible config to accomplish this:

Bandwidth Shaping/policing per Vlan for external traffic without affecting inter-Vlan speeds.

any suggestion is greatly appreciated.

regards,

Luis

JosephDoherty Tue, 03/04/2014 - 02:48

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Bilal Nawaz wrote:

Hello, Shaping is not available on the 3750 I think.

BTW, "shaping" is availalbe on the egress port and also available, per QoS enabled egress queue.

JosephDoherty Tue, 03/04/2014 - 03:00

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

On the 3750, you could apply a ingress policy and look for non-internal destination IPs.  For those, you could police that traffic.  That would limit your outbound, to the Internet, to some bandwidth per VLAN.

Conversely, if you apply an ingress policy on the port connected toward the Internet, you can policy can match against each VLAN block address and police the rate to it.  This would limit the maximum bandwidth consumption, from the Internet, per VLAN.

Note policing Internet after its already come down you Internet connection doesn't fully guarantee actual bandwidth consumption won't be higher than the policed value.  This because your policer is "downstream" of the link.

You can do similar on a router, but on a router, you would also be able to shape your VLAN traffic to the Internet.  This is a little less "brutal" and the 1 Mbps outbound would work a bit better.

If you outbound bandwidth is less than the physical interface bandwidth, you can "shape" for the aggregate outbound bandwidth limit.

Actions

Login or Register to take actions

This Discussion

Posted April 27, 2013 at 8:40 AM
Stats:
Replies:12 Avg. Rating:3.5
Views:5846 Votes:0
Shares:0

Related Content

Discussions Leaderboard