Re: Bandwidth limit on VLANS using Cisco 3750 Layer 3 Switch - Page 2

cuartoarcangel · ‎04-27-2013

Hi I have been trying to police bandwidth per VLAN on a 3750 Switch (ver 12.2 (44) SE5)

This is what i have:

- 40 Mbps Internet Service

- 10 VLANS

- I need each vlan to have assigned 4Mbps download and 1Mbps upload (that is, each workstation connected to a particular Vlan to download at 4Mbps and 1 Mbps upload).

So far i've only been able to control the upload using the following config (for testing purposes I'm limiting only Vlan 7 as of now):

Gi 1/0/2 is connected to a Layer 2 Switch (2950) and every user woking in Vlan 7 in that switch (the 2950) is restricted to 1Mbps UPLOAD.

HOW can I restrict DOWNLOAD?, as of now if try to use the command:

LAYER_3(config-if)#service-policy output VLANs

It replies that the command is NOT supported.

* * * * * * * * * * * * * * * * * * * * * * * * * *

LAYER_3#sh run

Building configuration...

Current configuration : 8989 bytes

!

! Last configuration change at 07:56:23 UTC Mon Mar 8 1993

!

version 12.2

service config

!

hostname LAYER_3

!

boot-start-marker

boot-end-marker

!

ip routing

!

mls qos

!

vlan internal allocation policy ascending

!

class-map match-all VLAN7

match access-group 7

class-map match-all PORTS

match input-interface GigabitEthernet1/0/2

!

policy-map PORT

class PORTS

police 1024000 192000 exceed-action drop

policy-map VLANS

class VLAN7

set dscp ef

service-policy PORT

!

interface GigabitEthernet1/0/1

switchport access vlan 192

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

description LINK_SW_2_Floor

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos vlan-based

!

interface GigabitEthernet1/0/3

description INTERNET_LINK

no switchport

ip address 172.31.1.2 255.255.255.248

!

interface GigabitEthernet1/0/4

switchport access vlan 4

!

interface GigabitEthernet1/0/5

switchport access vlan 5

!

interface GigabitEthernet1/0/6

switchport access vlan 6

interface Vlan1

no ip address

shutdown

!

interface Vlan2

ip address 172.31.2.1 255.255.255.0

!

interface Vlan3

ip address 172.31.3.1 255.255.255.0

!

interface Vlan4

ip address 172.31.4.1 255.255.255.0

!

interface Vlan5

ip address 172.31.5.1 255.255.255.0

!

interface Vlan6

ip address 172.31.6.1 255.255.255.0

!

interface Vlan7

ip address 172.31.7.1 255.255.255.0

service-policy input VLANS

!

interface Vlan8

ip address 172.31.8.1 255.255.255.0

!

interface Vlan9

ip address 172.31.9.1 255.255.255.0

!

interface Vlan10

ip address 172.31.10.1 255.255.255.0

!

interface Vlan11

ip address 172.31.11.1 255.255.255.0

!

ip default-gateway 172.31.1.1

!

ip route 0.0.0.0 0.0.0.0 172.31.1.1

!

logging esm config

access-list 7 permit 172.31.7.0 0.0.0.255

!

* * * * * * * * * * * * * * * * * * * * * * * * * *

Thanks in advance for your time reading this

Joseph W. Doherty · ‎03-04-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Bilal Nawaz wrote:

Hello, Shaping is not available on the 3750 I think.

BTW, "shaping" is availalbe on the egress port and also available, per QoS enabled egress queue.

Joseph W. Doherty · ‎03-04-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

On the 3750, you could apply a ingress policy and look for non-internal destination IPs. For those, you could police that traffic. That would limit your outbound, to the Internet, to some bandwidth per VLAN.

Conversely, if you apply an ingress policy on the port connected toward the Internet, you can policy can match against each VLAN block address and police the rate to it. This would limit the maximum bandwidth consumption, from the Internet, per VLAN.

Note policing Internet after its already come down you Internet connection doesn't fully guarantee actual bandwidth consumption won't be higher than the policed value. This because your policer is "downstream" of the link.

You can do similar on a router, but on a router, you would also be able to shape your VLAN traffic to the Internet. This is a little less "brutal" and the 1 Mbps outbound would work a bit better.

If you outbound bandwidth is less than the physical interface bandwidth, you can "shape" for the aggregate outbound bandwidth limit.