Limit bandwidth per port switch/VLANs?

rasoftware · ‎05-03-2006

I am using a switch to create multiple VLANs. Each network has a separate VLAN port on my 3550 configured. I want to control the bandwidth that port uses and restrict it. Is is there a simple command to do this or will I need QoS.

Basically Fast0/1 - max bandwidth out/in (300K/400K)and so on..

thanks in advance!

Roberto Salazar · ‎05-03-2006

You need to configure Policing that will limit the rate users can use going through a particular port/vlan.

Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are out of profile or nonconforming. Each policer specifies the action to take for packets that are in or out of profile. These actions, carried out by the marker, include passing through the packet without modification or dropping the packet.

This example shows how to create a policy map and attach it to an ingress interface. In the configuration, the IP standard ACL permits traffic from network 10.1.0.0. For traffic matching this classification, the DSCP value in the incoming packet is trusted. If the matched traffic exceeds an average traffic rate of 48000 bps and a normal burst size of 8000 bytes, its DSCP is dropped:

Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255

Switch(config)# class-map ipclass1

Switch(config-cmap)# match access-group 1

Switch(config-cmap)# exit

Switch(config)# policy-map flow1t

Switch(config-pmap)# class ipclass1

Switch(config-pmap-c)# trust dscp

Switch(config-pmap-c)# police 48000 8000 exceed-action drop

Switch(config-pmap-c)# exit

Switch(config-pmap)# exit

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# service-policy input flow1t

There is also example on aggregate policing. Here is a link on QoS:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swqos.htm#wp1044737

Please rate helpful posts.

rasoftware · ‎05-03-2006

Hi thanks, I think this is what im looking for.

Will this also work for egress ie traffic coming from the switch with service-policy output?

Presumably the connection appears to be a certain speed to the VLAN users and dropped packets are resent?

rasoftware · ‎05-04-2006

Hi, I tried the config but it doesnt seem to stop me downloading via that port at rate for than 16K.

Am I missing something?

I include the config on the switch.

ip subnet-zero

access-list 1 permit any

class-map match-all ipclass1

match access-group 1

policy-map flow1t

class ipclass1

police 16000 10000 exceed-action drop

trust dscp

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

service-policy input flow1t

GRAEME DANIELSON · ‎05-04-2006

Downloading via that port would be an egress policy?

Is "mls qos" enabled?

On switches you usually have to enable QoS with the "mls qos" global config command. I think "show mls qos" will tell you.

But then again the switch probably wouldn't have let you get as far as you have without mls qos enabled... not sure.

rasoftware · ‎05-04-2006

Nope I had removed it after making the config change. I re-added but still I cannot restrict download speed.

I tried using "output" rather than input on the fastether0/1 but the command wont stick. Is there another way to make this an egress policy?

Thanks for the help, im very new to QoS.

rasoftware · ‎05-05-2006

Hi - I found out you cannot place the police-map as engress on 3550 if it contains a IP ACL.

I tries the following config but still I cannot get it to rate limit the switch port.

Is this the best tool for the job or am I going about it wrong?

!

mls qos aggregate-policer all-traffic 8000 8000 exceed-action drop

mls qos

!

class-map match-all ip

match any

!

policy-map police-all-traffic

class ip

police 8000 8000 exceed-action drop

!

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

service-policy input police-all-traffic

service-policy output police-all-traffic

!