cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
620
Views
0
Helpful
6
Replies

How to divise internet bandwidth between two vlan ??

djahid.nsi
Beginner
Beginner

We need to divide an internet bandwidth 20 Mbps link between two LANs

 

-- I have a DSL modem connect to a cisco 2911 router through the gi0/0 ports  (Gateway: 192.168.1.1)
the second port of the gi0/1 router is connected to my switch with TRUNK

--

-- The two VLANs I created are on two different subnets (VLAN10:192.168.10.1/ VLAN20: 192.168.20.1 )

-- I created  ACL for each VLAN  to divide my bandwidth between this two VLANs

 

My  question is

1- which NAT command should I create because I have two ACLs and my internet public address are dynamic
2- Where should I put the POLICY that I created ? On each SUB-INTERFACE or on the INTERNET gi0/0 interface and what is the specific command to do that ?

 

This is my Cisco 2911 config

 

class-map match-any VLAN10
match access-group 100
class-map match-any VLAN20
match access-group 101

policy-map INTERNET
class VLAN10
bandwidth percent 50
class VLAN20
bandwidth percent 50
class class-default
shape average 4000000





interface Embedded-Service-Engine0/0
no ip address
shutdown

interface GigabitEthernet0/0
description " INTERFACE TO DSL MODEM "
ip address 192.168.0.254 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto

interface GigabitEthernet0/1.10
description " INTERFACE VLAN 10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/1.20
description " INTERFACE VLAN 20 "
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto

ip forward-protocol nd

no ip http server
no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.0.1

access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any

1 Accepted Solution

Accepted Solutions

Don't have a 2911 to verify on, so what follows isn't guaranteed.

Possibly something like:

class-map match-all Vlan10
match ip dscp 1

class-map match-all Vlan20
match ip dscp 3

policy-map TagVlan10
class class-default
set ip dscp 1

policy-map TagVlan20
class class-default
set ip dscp 2 !values 1..7, 9, 11, 13, ... are not defined in RFCs - beyond, I recall, except for internal usage

policy-map Shape20Mbps
class class-default
shape average 20000000 !you might need to set about 15% smaller, if platform doesn't account for L2 overhead
service-policy ManageEgressBandwidth

policy-map ManageEgressBandwidth
class Vlan10
bandwidth percent 40 !adjust percentages as desired, the 40:40 is an even split for the Vlans
!you should be able to reset ToS tag here, if desired
class Vlan20
bandwidth percent 40
class class-default !in case there's other traffic, if not this class allocation doesn't matter
bandwidth percent 10

interface GigabitEthernet0/0
service-policy out Shape20Mbps

interface GigabitEthernet0/1.10
service-policy in TagVlan10

interface GigabitEthernet0/1.20
service-policy in TagVlan120

View solution in original post

6 Replies 6

Joseph W. Doherty
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

What can be done with QoS depends on much on the platform's QoS features and where a QoS feature is applied.

On a software based router, like your 2911, you can do much to control bandwidth going to the Internet.  Unfortunately, controlling bandwidth from the Internet is much, much more problematic.  Sometimes, because often DSL is aDSL, offering more bandwidth from the Internet then to it, QoS from it might not be as critical.  If it is, though, again, managing ingress bandwidth can be difficult.  (NB: this is more due to the fact your management is "after" bandwidth consumption on your Internet link, rather than "before".)

In any case, for managing bandwidth to the Internet, in your case, I would suggest tagging packets from each VLAN differently, and then managing the egress, to the Internet, based on the different ToS tags (which can also be changed again, during egress, if desired).

Further, if your egress bandwidth is less than port speed, you generally want a shaper to limit your total egress to that amount.

If you need further example on how to accomplish the foregoing, please let me know.

thank's JOSEPH

can you show me how to  accomplish them ?

 

Don't have a 2911 to verify on, so what follows isn't guaranteed.

Possibly something like:

class-map match-all Vlan10
match ip dscp 1

class-map match-all Vlan20
match ip dscp 3

policy-map TagVlan10
class class-default
set ip dscp 1

policy-map TagVlan20
class class-default
set ip dscp 2 !values 1..7, 9, 11, 13, ... are not defined in RFCs - beyond, I recall, except for internal usage

policy-map Shape20Mbps
class class-default
shape average 20000000 !you might need to set about 15% smaller, if platform doesn't account for L2 overhead
service-policy ManageEgressBandwidth

policy-map ManageEgressBandwidth
class Vlan10
bandwidth percent 40 !adjust percentages as desired, the 40:40 is an even split for the Vlans
!you should be able to reset ToS tag here, if desired
class Vlan20
bandwidth percent 40
class class-default !in case there's other traffic, if not this class allocation doesn't matter
bandwidth percent 10

interface GigabitEthernet0/0
service-policy out Shape20Mbps

interface GigabitEthernet0/1.10
service-policy in TagVlan10

interface GigabitEthernet0/1.20
service-policy in TagVlan120

hI JOSEPH, Thank you very much for your help

With command

show policy-map interface gigabitethernet 0/1.10 ( 1 PC Connected to VLAN10)

 

Service-policy input: TagVlan10

Class-map: class-default (match-any)
1159 packets, 119255 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
dscp 1
Packets marked 1159

show policy-map interface gigabitethernet 0/1.20 ( NO PC Connected to VLAN20)

Service-policy input: TagVlan20

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
dscp 3
Packets marked 0

 

I got this too result's so i guess it works !!!

what do you thinks of this resulat or there is another method to verify it ?

 

Well, if you apply the egress policy and see similar packets counts, such should indicate correct matching, marking and processing.

Mr,Joseph

Thanks a lot for your help

 

Regards.

 

DJAHID

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers