Hi Giuseppe

Thanks for replying the post. The Internet Service Provider Ethernet Cable would terminate on a Cisco 2960 Layer 2 switch, from the same switch one cables goes to Dept1 and another Cable goes to Dept2.  Can we gurantee 5MB for Dept1 and 5MB for Dept2.

I would also like to consider if Dept1 usuage is 3MB and Dept2 are at peak i.e 5MB then Dept2 can use the available 2MB i.e total 7MB

When need of Dept1 is 5MB then both dept goes back to 5MB gurantee bandwidth

I hope I am clear in my requirement

Best Wishes

Anthony

Hello Anthony,

with the C2960 on the path to the WAN link I'm afraid you can only shape out of each interface going to the C2960 with no elasticity as each router should know how much traffic is left available by the other one.

However, C2960 QOS allows to shape out all traffic at a specified percentage of port speed and may be a starting point.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_52_se/configuration/guide/swqos.html#wp1253412

This example shows how to limit the bandwidth on a port to 80 percent:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# srr-queue bandwidth limit 80

otherwise, device(s) before C2960 can shape to a given rate but with no elasticity if 

the other department is not using all its BW quota.

You would need to use a single port on device before the C2960 to make something similar

to what I had suggested in my first post in this thread.

Hope to help

Giuseppe

Hello Giuseppe

Thanks again for replying.  I am still newbie,  If I understood you correctly on your first reply.

ISP***************My_Router******************Sw_2960

I configure one port on router with public ip of ISP and another port as trunk to the switch

I configure one port for Dept1 as one vlan and another port for Dept2 as another VLAN

Is it possible to do static NAT on Router i.e public to private and let the connection with dept1 be private IP

I got 2800 series router ; this is sample config

Interface fastethernet 0/0

ip address 75.200.168.112 255.255.255.248

# ISP provided public IP

Interface fastEthernet 0/1.11

encapsulation dot1q 11

ip address 192.168.100.10 255.255.255.0

interface FastEthernet 0/1.12

encapsulation dot1q 12

ip address 192.168.101.10 255.255.255.0

I would have default route pointing to ISP router.

On Switch 2960

interface fastethernet 0/24

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 11,12

interface fastethernet 0/1

switchport mode access

switchport access vlan 11

interface fasethernet 0/2

switchport mode access

swithport access vlan 12

Correct me if I am on wrong path, I would appreciate if you can help with config

Thanks

Anthony

Hello Anthony,

these forums are really public, anyone can read posts so  please change your public address or mask it partially for your own safety (unless it is false in this case ignore this advice)

The new setup is  the path to go the router will know how to handle traffic coming from both departments.

Your understanding is correct I had in mind a setup like this.

Hope to help

Giuseppe

Hi2All,

Thanks Giuseppe on replying the post. The public ip is fake. I thank you for your advice.

I am lost at the stage of applying the qos. which interface I should be applying. What other commands I need to get proper qos configured.

Can you please help in completing the configuration.  Having Private IP from Router to switch is exceptable config.

Best Wishes

Anthony

Hi2All,

Giuseppe can you help with configuration

Best Wishes

Anthony

Hi2All,

Giuseppe can you check if the configuration is ok, i combined the config

Interface fastethernet 0/0
ip address 5.5.5.5 255.255.255.248

service-policy out shape-all or service-policy out out_scheduler
# ISP provided public IP

Interface fastEthernet 0/1.11
encapsulation dot1q 11
ip address 192.168.100.10 255.255.255.0
# Dept1

interface FastEthernet 0/1.12
encapsulation dot1q 12
ip address 192.168.101.10 255.255.255.0
#Dept2

ip nat pool dep1 dep1-ip netmask 255.255.255.248
ip nat pool dep2 dep2-ip netmask 255.255.255.248

access-list 111 permit ip  host dep1-ip any
access-list 122 permit ip host dep2-ip any

class-map dep1
match access-group 111

class-map dep2
match access-group 122

policy out_scheduler
class dep1
bandwidth percent 45
class dep2
bandwidth percent 45
class class-default
bandwidth percent 1

access-list 112 deny ip 192.168.100.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 112 permit ip 192.168.100.0 0.0.0.255 any

access-list 123 deny ip 192.168.101.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 123 permit ip 192.168.100.0 0.0.0.255 any

ip nat inside source list 112 pool dep1 overload
ip nat inside source list 123 pool dep2 overload

policy-map shape-all
class class-default
shape average 10000000
service out_scheduler

How do I check which department is using how much bandwidth?

Can the admin get alert on full usage of bandwidth for Dept

Best Wishes

Anthony

Hi2All

Thank you Giuseppe for helping in the post.

Best Wishes

Anthony