05-03-2006 06:27 AM - edited 03-03-2019 03:03 AM
I am using a switch to create multiple VLANs. Each network has a separate VLAN port on my 3550 configured. I want to control the bandwidth that port uses and restrict it. Is is there a simple command to do this or will I need QoS.
Basically Fast0/1 - max bandwidth out/in (300K/400K)and so on..
thanks in advance!
05-03-2006 11:09 AM
You need to configure Policing that will limit the rate users can use going through a particular port/vlan.
Policing involves creating a policer that specifies the bandwidth limits for the traffic. Packets that exceed the limits are out of profile or nonconforming. Each policer specifies the action to take for packets that are in or out of profile. These actions, carried out by the marker, include passing through the packet without modification or dropping the packet.
This example shows how to create a policy map and attach it to an ingress interface. In the configuration, the IP standard ACL permits traffic from network 10.1.0.0. For traffic matching this classification, the DSCP value in the incoming packet is trusted. If the matched traffic exceeds an average traffic rate of 48000 bps and a normal burst size of 8000 bytes, its DSCP is dropped:
Switch(config)# access-list 1 permit 10.1.0.0 0.0.255.255
Switch(config)# class-map ipclass1
Switch(config-cmap)# match access-group 1
Switch(config-cmap)# exit
Switch(config)# policy-map flow1t
Switch(config-pmap)# class ipclass1
Switch(config-pmap-c)# trust dscp
Switch(config-pmap-c)# police 48000 8000 exceed-action drop
Switch(config-pmap-c)# exit
Switch(config-pmap)# exit
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# service-policy input flow1t
There is also example on aggregate policing. Here is a link on QoS:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swqos.htm#wp1044737
Please rate helpful posts.
05-03-2006 02:13 PM
Hi thanks, I think this is what im looking for.
Will this also work for egress ie traffic coming from the switch with service-policy output?
Presumably the connection appears to be a certain speed to the VLAN users and dropped packets are resent?
05-04-2006 03:59 AM
Hi, I tried the config but it doesnt seem to stop me downloading via that port at rate for than 16K.
Am I missing something?
I include the config on the switch.
ip subnet-zero
access-list 1 permit any
class-map match-all ipclass1
match access-group 1
policy-map flow1t
class ipclass1
police 16000 10000 exceed-action drop
trust dscp
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
service-policy input flow1t
05-04-2006 04:55 AM
Downloading via that port would be an egress policy?
Is "mls qos" enabled?
On switches you usually have to enable QoS with the "mls qos" global config command. I think "show mls qos" will tell you.
But then again the switch probably wouldn't have let you get as far as you have without mls qos enabled... not sure.
05-04-2006 06:47 AM
Nope I had removed it after making the config change. I re-added but still I cannot restrict download speed.
I tried using "output" rather than input on the fastether0/1 but the command wont stick. Is there another way to make this an egress policy?
Thanks for the help, im very new to QoS.
05-05-2006 07:28 AM
Hi - I found out you cannot place the police-map as engress on 3550 if it contains a IP ACL.
I tries the following config but still I cannot get it to rate limit the switch port.
Is this the best tool for the job or am I going about it wrong?
!
mls qos aggregate-policer all-traffic 8000 8000 exceed-action drop
mls qos
!
class-map match-all ip
match any
!
!
policy-map police-all-traffic
class ip
police 8000 8000 exceed-action drop
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
service-policy input police-all-traffic
service-policy output police-all-traffic
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide