Need to limit the amount of bandwidth a specific VLAN can use on a 802.1q trunk port.
Situation is that we have a pair of Catalyst 4506 switches which have 802.1q trunk ports into a Checkpoint Firewall, this in turn is connected to a managed WAN router (to which I can't apply a QoS policy).
If the 4506 was routing the traffic it would be easy to setup a class-map to match the IP traffic and then QoS the traffic, but the VLAN in question is trunked directly into the firewall (no L3/IP presence on the 4506 next hop for all clients on this VLAN is the firewall).
What I need to do is restrict any traffic from this specific VLAN to 10Mbps on the uplink to the Checkpoint Firewall so it cannot impact the onward WAN.
My original thought was to do a class map with "match vlan" then set a policy map to "police" the traffic to 10Mbps and then apply this as a service-policy to the uplink but the 4506 can't seem to do a class map with "match vlan" something like this:
match vlan 270
police 10240000 1920000 3840000 conform-action transmit exceed-action drop
service-policy input v270_bw_limit
service-policy output v270_bw_limit
Any ideas how to achieve this on a Catalyst 4506 with Supervisor IV running cat4500-entservicesk9-mz.122-46.SG.bin?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...