Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Network for 600 users

I am currently managing a network for 600 users. I am using a 3750G-12S-E as the WAN switch/router. I have 13 X 2960 connected with the main switch in a ring topology using Fibre cable. I have a total of 10 meg of internet bandwidth. There are business and home users. A business users want their dedicated 2 meg bandwidth for 48 users. Another business user want 5 meg dedicated for their users. At night they want all the bandwidth to be aggregated and shared by home users.

Any idea how I can do that.

Much appreciated

OJ

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Network for 600 users

(NB: syntax might be incorrect)

Example for egress (on WAN facing interface)

time-range busHours

periodic weekdays 8:00 to 18:00

ip access-list extended busHoursNow

permit ip any any time-range busHours

ip access-line extended cusA

permit ip x.x.x.x y.y.y.y any

ip access-line extended cusB

permit ip x.x.x.x y.y.y.y any

class-map match-all cusA_busHours

match access-group busHoursNow

match access-group cusA

class-map match-all cusB_busHours

match access-group busHoursNow

match access-group cusB

policy-map WAN_shaper

class class-default

!if physical interface allows more than purchased bandwidth

shape average 10000000

service-policy allocateBandwidths

policy-map allocateBandwidths

class cusA_busHours

bandwidth 2000

(optional) shape average 2000000

class cusA_busHours

bandwidth 7000

(optional) shape average 7000000

interface gig of fast Ethernet #

service-policy output WAN_shaper

13 REPLIES
Gold

Re: Network for 600 users

how are these businesses logically and physically separated?

New Member

Re: Network for 600 users

Logically they are on a different vlan on the main switch. Physically they have a separate port.

Super Bronze

Re: Network for 600 users

The 2 and 5 meg you want to control is in reference to the 10 meg Internet bandwidth? If so, what about the other 3 meg?

You can, I believe, likely police rates to/from the internet. However, the 3750 series isn't the best platfrom for complex traffic management, and I don't recall whether it could integrate such control with timebased ACLs. You may want to consider adding a small router between 3750G and the Internet.

However, even with a router, alhough you can easily control amount of Internet bandwidth made available to different LAN hosts, there are Internet ingress issues unless you can manage the other side of the Internet's link to you.

New Member

Re: Network for 600 users

Yes, 2 and 5 meg is part of 10 meg bandwidth. The other 3 meg will be used by home users during day time.

What kind of router do you suggest? We use fiber cables.

I don't have any control on the ingress queue. However, I can ask my ISP if they could do anything.

Appreciate your response.

OJ

Super Bronze

Re: Network for 600 users

This is gig fiber? If so, any ISR that can use a HWIC-1GE-SFP and provide 10 Mbps forwarding. Any in table 3 in http://cisco.com/en/US/prod/collateral/routers/ps5854/product_data_sheet0900aecd8016be8d.html should do, including the 1841. (NB: Not 100% positive about IOS features on the 1841/1861, but believe they should be like the 2800/3800.)

However, looking a bit more over the 3560 (3750) IOS configuration guide, Time-Based ACLs are supported. This, with various class-map policing, might also satisify your requirement, although I'm not real keen on using rate limiters, and again, you might not obtain exactly the benefit hoped for, for inbound Internet traffic.

New Member

Re: Network for 600 users

Yes this is a gig fiber. I have a spare Cisco 2811 (does it have resources to support 600 users?). What you are saying is, use a HWIC-1GE-SFP on the router and use it in front of the 3750 Switch.

I have 13 VLANs configured on 3750 and it acts as a DHCP server as well. Should I configure VLANs on 2811 and use it as DHCP. My understanding is that keep the network wide open until it data reaches 2811 and then police/shape it there based on VLAN/IP addresses. Is that right?

Also, the 3750 I have now doesn't support service-policy output command. So the only option for me is to use rate limiters. You are absolutely right that rate limiters is not a very good option.

I am attaching a diagram with rate-limit config. Please take a look and let me know if I am going the right path.

Super Bronze

Re: Network for 600 users

"I have a spare Cisco 2811 (does it have resources to support 600 users?)."

It's not so much a question of uses but of supported bandwidth. If your Internet connection is 10 Mbps, the 2811 should be able to support that amount of bandwidth.

"What you are saying is, use a HWIC-1GE-SFP on the router and use it in front of the 3750 Switch. "

Correct.

"Should I configure VLANs on 2811 and use it as DHCP."

No good reason comes to my mind.

"My understanding is that keep the network wide open until it data reaches 2811 and then police/shape it there based on VLAN/IP addresses. Is that right? "

Yes, since you only need to control Internet bandwidth utilization. As for carrying VLANs to the 2811, you could, but I would just pass the data to/from the 3750 across a single transit subnet link. You can match traffic per subnet (I assume the VLANs have different subnets).

PS:

BTW, because of your LAN topology, you might also want to consider using QoS on the cross switch links.

New Member

Re: Network for 600 users

Thanks for your response.

Do you have an example of a similar config that would go on to 2811?

I am not sure, if I understood "BTW, because .......switch links". Could you please explain a bit.

Much appreciated

OJ

Super Bronze

Re: Network for 600 users

"Do you have an example of a similar config that would go on to 2811? "

To do exactly what? (I.e. ingress or egress, shape or police, time based or not, etc.) With what IOS?

"I am not sure, if I understood "BTW, because .......switch links". Could you please explain a bit. "

The disadvantage of your ring topology, hosts that need to communicate with other hosts on different switches need to share the connecting switch link bandwidth. If each VLAN's traffic stays per switch, then this shouldn't be much of an issue.

New Member

Re: Network for 600 users

Ingress, egress and timed based. c2800nm-advipservicesk9-mz.124-15.T1.bin

No hosts talk to other hosts in different vlan. The only traffic that goes out or comes in is the internet.

Thanks

OJ

Super Bronze

Re: Network for 600 users

(NB: syntax might be incorrect)

Example for egress (on WAN facing interface)

time-range busHours

periodic weekdays 8:00 to 18:00

ip access-list extended busHoursNow

permit ip any any time-range busHours

ip access-line extended cusA

permit ip x.x.x.x y.y.y.y any

ip access-line extended cusB

permit ip x.x.x.x y.y.y.y any

class-map match-all cusA_busHours

match access-group busHoursNow

match access-group cusA

class-map match-all cusB_busHours

match access-group busHoursNow

match access-group cusB

policy-map WAN_shaper

class class-default

!if physical interface allows more than purchased bandwidth

shape average 10000000

service-policy allocateBandwidths

policy-map allocateBandwidths

class cusA_busHours

bandwidth 2000

(optional) shape average 2000000

class cusA_busHours

bandwidth 7000

(optional) shape average 7000000

interface gig of fast Ethernet #

service-policy output WAN_shaper

New Member

Re: Network for 600 users

Wow...I can't thank you enough but THANK YOU. You are awesome.

One more question. While I have been sleeping on this issue, another idea came to my mind. Since my access switches are on different port on the main 3750, why don't I run routing between all the switches and use rate-limiter. Having said that, I tried doing that but my WS-C2960-48TC-L with c2960-lanbase-mz.122-25.SEE2.bin doesn't allow me to put an interface in routed mode.

Switch1config)#int fa 0/1

Switch1config-if)#no sw

Switch1config-if)#no switchport ?

access Set access mode characteristics of the interface

backup Set backup for the interface

block Disable forwarding of unknown uni/multi cast addresses

host Set port host

mode Set trunking mode of the interface

nonegotiate Device will not engage in negotiation protocol on this interface

port-security Security related command

priority Set appliance 802.1p priority

protected Configure an interface to be a protected port

trunk Set trunking characteristics of the interface

voice Voice appliance attributes

Not even the interface, the switch also doesn't allow me to configure IP routing on it.

Switch1(config)#ip rou?

% Unrecognized command

Do you think that upgrading the IOS would resolve this issue?

Once again, I really appreciate your efforts in helping me.

Thanks

OJ

Super Bronze

Re: Network for 600 users

re: routing on 2960

"Do you think that upgrading the IOS would resolve this issue? "

No, because routing not supported on 2960 series (as it is on your 3750).

PS:

BTW, forgot to mention, on your 2811, if you have maintenance, you might want to upgrade the IOS from c2800nm-advipservicesk9-mz.124-15.T1.bin an ED version to a MD version (T8, T9 or T10).

340
Views
11
Helpful
13
Replies
CreatePlease login to create content