12-30-2005 10:49 PM - edited 03-03-2019 01:17 AM
Hi every body,
I have a high speed internet connection which is distributed to four users of the IT department, as all of us are from IT department I can't force them to have a connection from ISA, they r connected directly from the 3550 series switch with real ips, some of them are using softwares like kaaza, bit torrent, bear share for their downloads which is consuming more bandwidth which limits the browsing and download speed, I did tried to limit their bandwidth from their respective interfaces with following command
Interface fast Ethernet 0/1
Bandwidth 1
But no use is there any ways to block those softwares and to limit the bandwidth usage for individual user, as I can use any bandwidth limiting softwares. The only option I have to control them from the switch. So please let me know the solution.
Thanks
Yasir
12-30-2005 11:45 PM
Hi
you can't configure bandwidth limitation with Bandwidth
command.
The Bandwidth command is informational command.
now we are going to configure bandwidth limitation for your clients.
first assign static IPs to your clients.
then change the 3550 to layer 3 switching with :
3550#configure terminal
3550(config)#ip routing
then assign a valid ip to a vlan
example :
3550#vlan 2 name internet
3550(vlan)#exit
3550#configure terminal
3550(config)#interface vlan 2
3550(config)#ip address 10.1.1.1 255.255.255.0
3550(config)#no shut
assign the clients ports to the vlan:
3550(config)#interface fast0/1
3550(config-if)#switchport mode access
3550(config-if)#switchport access vlan 2
and so on ....
then
we should create an access-list to involve our clients ip addresses.
-------------------
this is for recive
3550(config)#ip access-list extended recive
3550(config-ext-nacl)#permit ip any host "your client 1 ip address"
3550(config-ext-nacl)#permit ip any host "your client 2 ip address"
------------------------------
this is for send
3550(config)#ip access-list standard send
3550(config-std-nacl)#permit host "your client1 ip address"
3550(config-std-nacl)#permit host "your client2 ip address"
and so on...
3550(config-std-nacl)#deny any
ok now we should create a class map to assign our filter.
3550(config)#class-map recive
3550(config-cmap)#match access-group name recive
3550(config-cmap)#exit
3550(config)#class-map send
3550(config-cmap)#match access-group name send
3550(config-cmap)#exit
now its time to create policy:
now enable multilayer switching qos
3550(config-ext-nacl)#deny ip any any
3550(config)#policy-map send
3550(config-pmap)#class send
3550(config-pmap-)#police "send bandwidth" "burst" coniform-action transmit exceed drop
---------------
police 8000 4000 coniform-action transmit exceed drop
---------------
3550(config)#policy-map recive
3550(config-pmap)#class recive
3550(config-pmap-)#police "recive bandwidth" "burst" coniform-action transmit exceed drop
---------------
police 64000 8000 coniform-action transmit exceed drop
---------------
enable qos
3550(config)#mls qos
---------------
3550(config)#int vlan 1
3550(config-vlan)#service-policy input send
3550(config-vlan)#service-policy output recive
Thats All.
Regards
Bahman Mozaffari.
12-31-2005 04:58 AM
Ho Bahman
Some of the command you gave are not working with 3550 switch
DCINET(config-if)#service-policy input send
QoS: policymap is not supported on virtual interfaces
Service Policy attachment failed
and these comands to are not working
3550(config-pmap-)#police "recive bandwidth" "burst" coniform-action transmit exceed drop
if u have some more details that would be great
12-31-2005 12:34 AM
Hello Yasir,
you cold also try and configure storm control on the ports where your users are connected to. In this example, you would limit unicats traffic for the user on port FastEthernet0/1 to 1 percent, which effectively is 1MB:
interface FastEthernet0/1
storm-control unicast level 1.00
Regards,
GP
12-31-2005 02:46 AM
thanks a lot let me try this one already i did used the storm-control command
01-03-2006 07:33 AM
Hi,
when you say "limit bandwidth utilization" you will need a policer or shaper. The command "bandwidth 1" does not do it.
Have a look at
"Understanding QoS Policing and Marking on the Catalyst 3550"
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
Hope this helps
Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide