Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setup Bandwidth Limit on V-Lans

Hi, I am wondering of how to setup the bandwidth limit on following V-LANS. We have 2 MBPS 1:1 lease line and the downloading speed comes max upto 180 to 200 KB.

1) NOC (192.168.12.0/24)

2) DEV (192.168.13.0/24)

3) QA (192.168.14.0/24)

4) Tech(192.168.15.0/24)

Now, Internet is on and when users downloading anything from any V-lans then it consumes higher bandwidth which could have resulted Network gets chowk and it affects buisness production activities. Now I want to setup a limited bandwidth for entire V-lan like assign only upto 30kb downloading for QA V-Lan and same for other except NOC V-LAN. Can anyone suggest is it possible as I know it can be done by QOS but I am not so much perfect in QOS commands so I would request to experts please expain briefly with commands, if possible.

Thanks

1)

12 REPLIES

Re: Setup Bandwidth Limit on V-Lans

I would suggest to do a QOS or Rate-limit would be the easy way to get this done.

If this is a router or switch. If ASA you will have to do QOS.

New Member

Re: Setup Bandwidth Limit on V-Lans

With this config, QA VLAN will get only 30KB, but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA.

access-list traffic_QA extended permit ip any 192.168.14.0 255.255.255.255

class-map traffic_QA

match access-list traffic_QA

policy-map limit_QA_out

class traffic_QA

police output 30000 60000

service-policy limit_QA_out interface VL_QA


Guido.

Please rate all the helpful comments.

New Member

Re: Setup Bandwidth Limit on V-Lans

Hi, Thank you for your responses.

"but the usage of WAN link may be bigger, because you can only limit traffic when egress from ASA"

I didn't understand the meaning of above sentence. Can you pls expain it briefly.

Thanks

New Member

Re: Setup Bandwidth Limit on V-Lans

QoS for inbound traffic

Ok, I review all and make some testing and finally found how this must be done.

Yes, you CAN throttle down inbound traffic.

The only consideration is that you must specify the outside address, so you must create a different pool for each VLAN.

global (outside) 1 200.1.1.2

global (outside) 2 200.1.1.3

nat (NOC) 1 192.168.12.0 255.255.255.0

nat (QA) 2 192.168.14.0 255.255.255.0

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.2

class-map class_wwwNOC

match access-list traffic_wwwNOC

class-map class_wwwQA

match access-list traffic_wwwQA

policy-map limit_outside

class class_wwwNOC

police input 1500000 60000

class class_wwwQA

police input 300000 30000

service-policy limit_outside interface outside

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/qos.html


Guido.

Please rate all the helpful comments.

New Member

Re: Setup Bandwidth Limit on V-Lans

Hi, If I am using below commands in my configuration:

global (outside) 1 interface outside

global (outside) 2 interface outside

What commands needs to be changed???

Pls explain.

New Member

Re: Setup Bandwidth Limit on V-Lans

You need a public address for each VLAN with a different policy shaping.

For instance, if your outside ip address is 200.1.1.2 255.255.255.248, you can use:

global (outside) 1 interface outside

global (outside) 2 200.1.1.3

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.3

You can use for the global pool, an address curently used for PAT. For example if you have something like that:

static (inside,outside) tcp 200.1.1.3 80 192.168.12.20 80 netmask 255.255.255.255

... this is not a problem.

Witch is the netmask of your public address?

Please note that I made a mistake in the acl of the previus post. Each acl must point to the correspondig public address of the global pool.


Guido.

Please rate all the helpful comments.

New Member

Re: Setup Bandwidth Limit on V-Lans

Hi,

We have 2mbps link and 4 vlans are placed on ASA FW.

1) NOC 192.168.12.0

2) QA 192.168.15.0

3) Tech 192.168.21.0

4) DEV 192.168.14.0

Now I want to set the download speed 30 kb for entire V-LAN. I want to allow 150 KB bandwith for QA V-lan for STS DC Tunnel. I want to allow 150 KB Bandwidth for Techsol V-LAN for 192.168.59.109 host which is placed Sterling STS Tunnel.

Pls. explain the commands. Thnaks

New Member

Re: Setup Bandwidth Limit on V-Lans

Pls. advice!

New Member

Re: Setup Bandwidth Limit on V-Lans

How many public IP addresses do you have?

You need a /28 at least. One public IP for each global nat pool.

Guido

New Member

Re: Setup Bandwidth Limit on V-Lans

Yes, we have 16 public IP

New Member

Re: Setup Bandwidth Limit on V-Lans

??

New Member

Re: Setup Bandwidth Limit on V-Lans

Do you have tested the previously posted commands?

(replace 200.1.1.x with you public address)

global (outside) 1 200.1.1.2

global (outside) 2 200.1.1.3

nat (NOC) 1 192.168.12.0 255.255.255.0

nat (QA) 2 192.168.14.0 255.255.255.0

access-list traffic_wwwNOC extended permit ip any host 200.1.1.2

access-list traffic_wwwQA extended permit ip any host 200.1.1.3

!identify traffic:

class-map class_wwwNOC

match access-list traffic_wwwNOC

class-map class_wwwQA

match access-list traffic_wwwQA

!apply different shaping to each class of traffic:

policy-map limit_outside

class class_wwwNOC

police input 1500000 60000

class class_wwwQA

police input 300000 30000

!enable service-policy on the interface:

service-policy limit_outside interface outside

256
Views
0
Helpful
12
Replies