Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
535
Views
0
Helpful
5
Replies

Limit traffic on port - Cisco 3750

whiteford
Level 1
Level 1

‎04-01-2008 02:40 AM - edited ‎03-03-2019 09:21 PM

Hi,

On one of the ports on my Cisco 3750 I have an ftp server which the inside Lan and internet users have access to.

The problem is I don't have an QoS on the Internet pipe, so bandwidth can be eaten up. Just had an external user put a 1.5gb file onto it and my Internet pipe flatlined almost.

The Cisco 3750 has multiple vlans which are setup as sub interfaces via my Cisco ASA.

The Internet router is controlled only by our ISP and said unless we upgrade to their MPLS service they can't do anything!

Any other ideas would be most welcome, I just don't like ftp taking priority over VPN's and email etc.

Labels:
0 Helpful
5 Replies 5

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-01-2008 07:44 AM

"The Internet router is controlled only by our ISP and said unless we upgrade to their MPLS service they can't do anything!"

Normally what this means is:

"The Internet router is controlled only by our ISP and said unless we upgrade to their MPLS service they won't do anything!"

Unclear how using MPLS would be of much benefit since you did mention Internet.

That aside, on the 3750, I believe you can at least police traffic rates, so it may be possible to limit how fast the FTP server can push data to other hosts. Ideally, such a restriction only toward bandwidth constrained paths. Better yet would be a shaper, might not be possible on a normal 3750. (Either, as a solution is far from perfect since the FTP server can't just use excess available bandwidth, and whatever you limit it to, outbound, can at times, still be too much.)

Traffic being received by the FTP server is going to continue to be an issue. Reason being, controls downstream of the congestion point, usually aren't very effective unless very severe.

What you really want to control is the (QoS) queuing policy at the congestion points, for instance the two ends of your Internet connection. If your ISP is unwilling to take any action beyond using MPLS (or the other "popular" ISP solution, "you need more bandwidth"), you might shop for a more cooperative ISP (they're hard to find in this regard). Sometimes it's of benefit to mention to the current ISP you're doing so.

You're long term solution are either additional bandwidth and/or better bandwidth management. Besides whatever your local ISPs offer, you might also investigate whether there's a local Internet peering exchange.

0 Helpful

whiteford
Level 1
Level 1
In response to Joseph W. Doherty

‎04-01-2008 07:49 AM

I was thinking or getting a DSL line just for the ftp server, it has 2 nics, so I could have one nic into the ASA and the other into an 877 or something?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to whiteford

‎04-01-2008 05:25 PM

An interesting idea. One problem would be how would VPN users get to the server? Ideally, you don't want them to push/pull via the VPN or they will fill your Internet link.

0 Helpful

Rick Morris
Level 6
Level 6

‎04-02-2008 09:22 AM

Have not done it, but in the ASA you are using sub-interfaces, would it be possible to rate limit there?

Don't have an ASA to test with, just wonder if the option is even there.

0 Helpful

mattcalderon
Level 4
Level 4

‎04-02-2008 09:28 AM

On your interface vlan on your 3750 you can look into applying a policy map and matching based on an access list with the FTP server as the host. Then proceed to rate limit or police traffic based on destination.

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpoli_ps1835_TSD_Products_Configuration_Guide_Chapter.html#wp1006389

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card