Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1404
Views
0
Helpful
6
Replies

How to divise internet bandwidth between two vlan ??

Go to solution
djahid.nsi
Level 1
Level 1

‎04-06-2021 08:29 AM - edited ‎04-06-2021 12:09 PM

We need to divide an internet bandwidth 20 Mbps link between two LANs

 

-- I have a DSL modem connect to a cisco 2911 router through the gi0/0 ports  (Gateway: 192.168.1.1)
the second port of the gi0/1 router is connected to my switch with TRUNK

--

-- The two VLANs I created are on two different subnets (VLAN10:192.168.10.1/ VLAN20: 192.168.20.1 )

-- I created  ACL for each VLAN  to divide my bandwidth between this two VLANs

 

My  question is

1- which NAT command should I create because I have two ACLs and my internet public address are dynamic
2- Where should I put the POLICY that I created ? On each SUB-INTERFACE or on the INTERNET gi0/0 interface and what is the specific command to do that ?

 

This is my Cisco 2911 config

 

class-map match-any VLAN10
match access-group 100
class-map match-any VLAN20
match access-group 101

policy-map INTERNET
class VLAN10
bandwidth percent 50
class VLAN20
bandwidth percent 50
class class-default
shape average 4000000





interface Embedded-Service-Engine0/0
no ip address
shutdown

interface GigabitEthernet0/0
description " INTERFACE TO DSL MODEM "
ip address 192.168.0.254 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto

interface GigabitEthernet0/1.10
description " INTERFACE VLAN 10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/1.20
description " INTERFACE VLAN 20 "
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto

ip forward-protocol nd

no ip http server
no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.0.1

access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to djahid.nsi

‎04-08-2021 10:20 AM

Don't have a 2911 to verify on, so what follows isn't guaranteed.

Possibly something like:

class-map match-all Vlan10
match ip dscp 1

class-map match-all Vlan20
match ip dscp 3

policy-map TagVlan10
class class-default
set ip dscp 1

policy-map TagVlan20
class class-default
set ip dscp 2 !values 1..7, 9, 11, 13, ... are not defined in RFCs - beyond, I recall, except for internal usage

policy-map Shape20Mbps
class class-default
shape average 20000000 !you might need to set about 15% smaller, if platform doesn't account for L2 overhead
service-policy ManageEgressBandwidth

policy-map ManageEgressBandwidth
class Vlan10
bandwidth percent 40 !adjust percentages as desired, the 40:40 is an even split for the Vlans
!you should be able to reset ToS tag here, if desired
class Vlan20
bandwidth percent 40
class class-default !in case there's other traffic, if not this class allocation doesn't matter
bandwidth percent 10

interface GigabitEthernet0/0
service-policy out Shape20Mbps

interface GigabitEthernet0/1.10
service-policy in TagVlan10

interface GigabitEthernet0/1.20
service-policy in TagVlan120

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-06-2021 03:09 PM

What can be done with QoS depends on much on the platform's QoS features and where a QoS feature is applied.

On a software based router, like your 2911, you can do much to control bandwidth going to the Internet.  Unfortunately, controlling bandwidth from the Internet is much, much more problematic.  Sometimes, because often DSL is aDSL, offering more bandwidth from the Internet then to it, QoS from it might not be as critical.  If it is, though, again, managing ingress bandwidth can be difficult.  (NB: this is more due to the fact your management is "after" bandwidth consumption on your Internet link, rather than "before".)

In any case, for managing bandwidth to the Internet, in your case, I would suggest tagging packets from each VLAN differently, and then managing the egress, to the Internet, based on the different ToS tags (which can also be changed again, during egress, if desired).

Further, if your egress bandwidth is less than port speed, you generally want a shaper to limit your total egress to that amount.

If you need further example on how to accomplish the foregoing, please let me know.

0 Helpful

Go to solution
djahid.nsi
Level 1
Level 1
In response to Joseph W. Doherty

‎04-06-2021 03:37 PM - edited ‎04-06-2021 03:53 PM

thank's JOSEPH

can you show me how to  accomplish them ?

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to djahid.nsi

‎04-08-2021 10:20 AM

Don't have a 2911 to verify on, so what follows isn't guaranteed.

Possibly something like:

class-map match-all Vlan10
match ip dscp 1

class-map match-all Vlan20
match ip dscp 3

policy-map TagVlan10
class class-default
set ip dscp 1

policy-map TagVlan20
class class-default
set ip dscp 2 !values 1..7, 9, 11, 13, ... are not defined in RFCs - beyond, I recall, except for internal usage

policy-map Shape20Mbps
class class-default
shape average 20000000 !you might need to set about 15% smaller, if platform doesn't account for L2 overhead
service-policy ManageEgressBandwidth

policy-map ManageEgressBandwidth
class Vlan10
bandwidth percent 40 !adjust percentages as desired, the 40:40 is an even split for the Vlans
!you should be able to reset ToS tag here, if desired
class Vlan20
bandwidth percent 40
class class-default !in case there's other traffic, if not this class allocation doesn't matter
bandwidth percent 10

interface GigabitEthernet0/0
service-policy out Shape20Mbps

interface GigabitEthernet0/1.10
service-policy in TagVlan10

interface GigabitEthernet0/1.20
service-policy in TagVlan120

0 Helpful

Go to solution
djahid.nsi
Level 1
Level 1
In response to Joseph W. Doherty

‎04-09-2021 09:05 AM - edited ‎04-09-2021 09:27 AM

hI JOSEPH, Thank you very much for your help

With command

show policy-map interface gigabitethernet 0/1.10 ( 1 PC Connected to VLAN10)

 

Service-policy input: TagVlan10

Class-map: class-default (match-any)
1159 packets, 119255 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
dscp 1
Packets marked 1159

show policy-map interface gigabitethernet 0/1.20 ( NO PC Connected to VLAN20)

Service-policy input: TagVlan20

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
dscp 3
Packets marked 0

 

I got this too result's so i guess it works !!!

what do you thinks of this resulat or there is another method to verify it ?

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to djahid.nsi

‎04-09-2021 09:36 AM

Well, if you apply the egress policy and see similar packets counts, such should indicate correct matching, marking and processing.

0 Helpful

Go to solution
djahid.nsi
Level 1
Level 1
In response to Joseph W. Doherty

‎04-09-2021 10:15 AM

Mr,Joseph

Thanks a lot for your help

 

Regards.

 

DJAHID

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card