09-08-2009 03:34 AM - edited 03-04-2019 05:58 AM
Hi Guys,
I have a firewall which is connected to a cisco 2960G switch which in turn is connecting to another device. Both the links of the switch are trunk links. The firewall segregates the traffic in different VLAN's. Each VLAN will be in a different pool of ip address.
Due to some restrictions I cannot apply any qos on the firewall. I want to use the Cisco 2960G to apply rate limit. Can I do that i.e. each VLAN will have a different rate limits. Can we do rate limiting per VLAN basis...
09-08-2009 04:45 AM
Hi Saurav,
Yes you can. You need to define separate traffic classe for each VLAN. Use separate ACL to define class which match particular VLAN and then apply policing separately for each of those classes. You may be already aware that Classify, marking and policing should be performed as close to the traffic-sources as possible so apply this policy map on the inside interface of the switch connected the firewall.
Refer this for configuration help:
09-08-2009 04:55 AM
I don't know how your network is setup but here is an idea.
Vlan100 is connected to port 1 and Vlan200 is connected to port 2. Port 3 is your trunk to Firewall.
Option 1: Police the traffic on port1 and port2 inbound.
Option2: Set a CoS for the Ports and do some Queuing on the outbound for the trunk.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide