Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Limit bandwidth per user/computer using Catalyst 3560 switch

Hi -

Can someone help me getting started (if at all possible...) with enabling controll of used bandwidth at a "per-user"-level.

I wonder if it possible to do this dynamicly with respect to the overall demand from other users.

I've searching a lot, but I'm missing the terminology :) 



Cisco Employee

Hi,      Please refer the


      Please refer the topic configuring port based traffic control  - topic in below link for 3560 swtiches.


This example shows how to enable unicast storm control on a port with an 87-percent rising suppression level and a 65-percent falling suppression level:

Switch# configure terminal

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# storm-control unicast level 87 65


adantu, I'm reading away on

adantu, I'm reading away on that link :)

I can see, it will help me get some limiting so that one single user cannot take it all, but I hoped there was some feature that could enable to "share" the bandwidth in equal portions, with respect to the number of current active sessions/links/???, down to fixed minumum of, say 2 Mb/s, so that 50 users could share a 50 Mb/s band, without any single user using more than, in this case, 2 Mb/s.

But it's possible to get some way with storm-control, I guess, and it will probably be usefull anyway :)


New Member

Do you have mobile users in

Do you have mobile users in your network? I mean, do they connect from different places (switch ports)? If not, then there's no need to restrict bandwidth share by user, and Storm Control is enough, since each user is assigned a switch port.

Super Bronze

DisclaimerThe Author of this


The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.


To my knowledge, what you want to accomplish isn't possible on a 3560.


You can police at ingress, and if you use a policy map, you can police different "known" IPs.


What you could do, is police user ports ingress at some nomimal bandwidth, and if exceeded, mark the packets.  Then on egress, you could direct those packets to an different egress queue with a lower bandwidth guarantee than the normal queue.

Hi Joseph -Thank you for the

Hi Joseph -

Thank you for the idea - I will investigate very soon.

Do you not think, it's possible through either SRR (Shared Round Robin) or (Shaped Round Robin) to achieve some of the "limiting"?



CreatePlease to create content