Rate limiting:QoS

saurav.khanna · ‎09-08-2009

Hi Guys,

I have a firewall which is connected to a cisco 2960G switch which in turn is connecting to another device. Both the links of the switch are trunk links. The firewall segregates the traffic in different VLAN's. Each VLAN will be in a different pool of ip address.

Due to some restrictions I cannot apply any qos on the firewall. I want to use the Cisco 2960G to apply rate limit. Can I do that i.e. each VLAN will have a different rate limits. Can we do rate limiting per VLAN basis...

yagnesh_tel · ‎09-08-2009

Hi Saurav,

Yes you can. You need to define separate traffic classe for each VLAN. Use separate ACL to define class which match particular VLAN and then apply policing separately for each of those classes. You may be already aware that Classify, marking and policing should be performed as close to the traffic-sources as possible so apply this policy map on the inside interface of the switch connected the firewall.

Refer this for configuration help:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swqos.html#wp1044737

ralphcarter · ‎09-08-2009

I don't know how your network is setup but here is an idea.

Vlan100 is connected to port 1 and Vlan200 is connected to port 2. Port 3 is your trunk to Firewall.

Option 1: Police the traffic on port1 and port2 inbound.

Option2: Set a CoS for the Ports and do some Queuing on the outbound for the trunk.

CCIE 26175
www.techsnips.com